Update Linux to v5.4.2
Change-Id: Idf6911045d9d382da2cfe01b1edff026404ac8fd
diff --git a/crypto/842.c b/crypto/842.c
index bc26dc9..e59e54d 100644
--- a/crypto/842.c
+++ b/crypto/842.c
@@ -1,16 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API for the 842 software compression algorithm.
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
* Copyright (C) IBM Corporation, 2011-2015
*
* Original Authors: Robert Jennings <rcj@linux.vnet.ibm.com>
@@ -144,7 +135,7 @@
return ret;
}
-module_init(crypto842_mod_init);
+subsys_initcall(crypto842_mod_init);
static void __exit crypto842_mod_exit(void)
{
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 59e3262..9e52404 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -27,8 +27,8 @@
depends on (CRYPTO_ANSI_CPRNG || CRYPTO_DRBG) && !CRYPTO_MANAGER_DISABLE_TESTS
depends on (MODULE_SIG || !MODULES)
help
- This options enables the fips boot option which is
- required if you want to system to operate in a FIPS 200
+ This option enables the fips boot option which is
+ required if you want the system to operate in a FIPS 200
certification. You should say no unless you know what
this is.
@@ -61,7 +61,6 @@
tristate
select CRYPTO_ALGAPI2
select CRYPTO_RNG2
- select CRYPTO_WORKQUEUE
config CRYPTO_HASH
tristate
@@ -113,29 +112,6 @@
select CRYPTO_ALGAPI
select CRYPTO_ACOMP2
-config CRYPTO_RSA
- tristate "RSA algorithm"
- select CRYPTO_AKCIPHER
- select CRYPTO_MANAGER
- select MPILIB
- select ASN1
- help
- Generic implementation of the RSA public key algorithm.
-
-config CRYPTO_DH
- tristate "Diffie-Hellman algorithm"
- select CRYPTO_KPP
- select MPILIB
- help
- Generic implementation of the Diffie-Hellman algorithm.
-
-config CRYPTO_ECDH
- tristate "ECDH algorithm"
- select CRYPTO_KPP
- select CRYPTO_RNG_DEFAULT
- help
- Generic implementation of the ECDH algorithm
-
config CRYPTO_MANAGER
tristate "Cryptographic algorithm manager"
select CRYPTO_MANAGER2
@@ -160,22 +136,29 @@
Userspace configuration for cryptographic instantiations such as
cbc(aes).
+if CRYPTO_MANAGER2
+
config CRYPTO_MANAGER_DISABLE_TESTS
bool "Disable run-time self tests"
default y
- depends on CRYPTO_MANAGER2
help
Disable run-time self tests that normally take place at
algorithm registration.
-config CRYPTO_GF128MUL
- tristate "GF(2^128) multiplication functions"
+config CRYPTO_MANAGER_EXTRA_TESTS
+ bool "Enable extra run-time crypto self tests"
+ depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS
help
- Efficient table driven implementation of multiplications in the
- field GF(2^128). This is needed by some cypher modes. This
- option will be selected automatically if you select such a
- cipher mode. Only select this option by hand if you expect to load
- an external module that requires these functions.
+ Enable extra run-time self tests of registered crypto algorithms,
+ including randomized fuzz tests.
+
+ This is intended for developer use only, as these tests take much
+ longer to run than the normal self tests.
+
+endif # if CRYPTO_MANAGER2
+
+config CRYPTO_GF128MUL
+ tristate
config CRYPTO_NULL
tristate "Null algorithms"
@@ -199,34 +182,16 @@
This converts an arbitrary crypto algorithm into a parallel
algorithm that executes in kernel threads.
-config CRYPTO_WORKQUEUE
- tristate
-
config CRYPTO_CRYPTD
tristate "Software async crypto daemon"
select CRYPTO_BLKCIPHER
select CRYPTO_HASH
select CRYPTO_MANAGER
- select CRYPTO_WORKQUEUE
help
This is a generic software asynchronous crypto daemon that
converts an arbitrary synchronous software crypto algorithm
into an asynchronous algorithm that executes in a kernel thread.
-config CRYPTO_MCRYPTD
- tristate "Software async multi-buffer crypto daemon"
- select CRYPTO_BLKCIPHER
- select CRYPTO_HASH
- select CRYPTO_MANAGER
- select CRYPTO_WORKQUEUE
- help
- This is a generic software asynchronous crypto daemon that
- provides the kernel thread to assist multi-buffer crypto
- algorithms for submitting jobs and flushing jobs in multi-buffer
- crypto algorithms. Multi-buffer crypto algorithms are executed
- in the context of this kernel thread and drivers can post
- their crypto request asynchronously to be processed by this daemon.
-
config CRYPTO_AUTHENC
tristate "Authenc support"
select CRYPTO_AEAD
@@ -257,6 +222,48 @@
config CRYPTO_ENGINE
tristate
+comment "Public-key cryptography"
+
+config CRYPTO_RSA
+ tristate "RSA algorithm"
+ select CRYPTO_AKCIPHER
+ select CRYPTO_MANAGER
+ select MPILIB
+ select ASN1
+ help
+ Generic implementation of the RSA public key algorithm.
+
+config CRYPTO_DH
+ tristate "Diffie-Hellman algorithm"
+ select CRYPTO_KPP
+ select MPILIB
+ help
+ Generic implementation of the Diffie-Hellman algorithm.
+
+config CRYPTO_ECC
+ tristate
+
+config CRYPTO_ECDH
+ tristate "ECDH algorithm"
+ select CRYPTO_ECC
+ select CRYPTO_KPP
+ select CRYPTO_RNG_DEFAULT
+ help
+ Generic implementation of the ECDH algorithm
+
+config CRYPTO_ECRDSA
+ tristate "EC-RDSA (GOST 34.10) algorithm"
+ select CRYPTO_ECC
+ select CRYPTO_AKCIPHER
+ select CRYPTO_STREEBOG
+ select OID_REGISTRY
+ select ASN1
+ help
+ Elliptic Curve Russian Digital Signature Algorithm (GOST R 34.10-2012,
+ RFC 7091, ISO/IEC 14888-3:2018) is one of the Russian cryptographic
+ standard algorithms (called GOST algorithms). Only signature verification
+ is implemented.
+
comment "Authenticated Encryption with Associated Data"
config CRYPTO_CCM
@@ -264,6 +271,7 @@
select CRYPTO_CTR
select CRYPTO_HASH
select CRYPTO_AEAD
+ select CRYPTO_MANAGER
help
Support for Counter with CBC MAC. Required for IPsec.
@@ -273,6 +281,7 @@
select CRYPTO_AEAD
select CRYPTO_GHASH
select CRYPTO_NULL
+ select CRYPTO_MANAGER
help
Support for Galois/Counter Mode (GCM) and Galois Message
Authentication Code (GMAC). Required for IPSec.
@@ -282,6 +291,7 @@
select CRYPTO_CHACHA20
select CRYPTO_POLY1305
select CRYPTO_AEAD
+ select CRYPTO_MANAGER
help
ChaCha20-Poly1305 AEAD support, RFC7539.
@@ -296,99 +306,18 @@
help
Support for the AEGIS-128 dedicated AEAD algorithm.
-config CRYPTO_AEGIS128L
- tristate "AEGIS-128L AEAD algorithm"
- select CRYPTO_AEAD
- select CRYPTO_AES # for AES S-box tables
- help
- Support for the AEGIS-128L dedicated AEAD algorithm.
-
-config CRYPTO_AEGIS256
- tristate "AEGIS-256 AEAD algorithm"
- select CRYPTO_AEAD
- select CRYPTO_AES # for AES S-box tables
- help
- Support for the AEGIS-256 dedicated AEAD algorithm.
+config CRYPTO_AEGIS128_SIMD
+ bool "Support SIMD acceleration for AEGIS-128"
+ depends on CRYPTO_AEGIS128 && ((ARM || ARM64) && KERNEL_MODE_NEON)
+ default y
config CRYPTO_AEGIS128_AESNI_SSE2
tristate "AEGIS-128 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
depends on X86 && 64BIT
select CRYPTO_AEAD
- select CRYPTO_CRYPTD
+ select CRYPTO_SIMD
help
- AESNI+SSE2 implementation of the AEGSI-128 dedicated AEAD algorithm.
-
-config CRYPTO_AEGIS128L_AESNI_SSE2
- tristate "AEGIS-128L AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_CRYPTD
- help
- AESNI+SSE2 implementation of the AEGSI-128L dedicated AEAD algorithm.
-
-config CRYPTO_AEGIS256_AESNI_SSE2
- tristate "AEGIS-256 AEAD algorithm (x86_64 AESNI+SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_CRYPTD
- help
- AESNI+SSE2 implementation of the AEGSI-256 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS640
- tristate "MORUS-640 AEAD algorithm"
- select CRYPTO_AEAD
- help
- Support for the MORUS-640 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS640_GLUE
- tristate
- depends on X86
- select CRYPTO_AEAD
- select CRYPTO_CRYPTD
- help
- Common glue for SIMD optimizations of the MORUS-640 dedicated AEAD
- algorithm.
-
-config CRYPTO_MORUS640_SSE2
- tristate "MORUS-640 AEAD algorithm (x86_64 SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_MORUS640_GLUE
- help
- SSE2 implementation of the MORUS-640 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS1280
- tristate "MORUS-1280 AEAD algorithm"
- select CRYPTO_AEAD
- help
- Support for the MORUS-1280 dedicated AEAD algorithm.
-
-config CRYPTO_MORUS1280_GLUE
- tristate
- depends on X86
- select CRYPTO_AEAD
- select CRYPTO_CRYPTD
- help
- Common glue for SIMD optimizations of the MORUS-1280 dedicated AEAD
- algorithm.
-
-config CRYPTO_MORUS1280_SSE2
- tristate "MORUS-1280 AEAD algorithm (x86_64 SSE2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_MORUS1280_GLUE
- help
- SSE2 optimizedimplementation of the MORUS-1280 dedicated AEAD
- algorithm.
-
-config CRYPTO_MORUS1280_AVX2
- tristate "MORUS-1280 AEAD algorithm (x86_64 AVX2 implementation)"
- depends on X86 && 64BIT
- select CRYPTO_AEAD
- select CRYPTO_MORUS1280_GLUE
- help
- AVX2 optimized implementation of the MORUS-1280 dedicated AEAD
- algorithm.
+ AESNI+SSE2 implementation of the AEGIS-128 dedicated AEAD algorithm.
config CRYPTO_SEQIV
tristate "Sequence Number IV Generator"
@@ -396,6 +325,7 @@
select CRYPTO_BLKCIPHER
select CRYPTO_NULL
select CRYPTO_RNG_DEFAULT
+ select CRYPTO_MANAGER
help
This IV generator generates an IV based on a sequence number by
xoring it with a salt. This algorithm is mainly useful for CTR
@@ -405,7 +335,7 @@
select CRYPTO_AEAD
select CRYPTO_NULL
select CRYPTO_RNG_DEFAULT
- default m
+ select CRYPTO_MANAGER
help
This IV generator generates an IV based on the encryption of
a sequence number xored with a salt. This is the default
@@ -441,14 +371,18 @@
config CRYPTO_CTS
tristate "CTS support"
select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
help
CTS: Cipher Text Stealing
This is the Cipher Text Stealing mode as described by
- Section 8 of rfc2040 and referenced by rfc3962.
- (rfc3962 includes errata information in its Appendix A)
+ Section 8 of rfc2040 and referenced by rfc3962
+ (rfc3962 includes errata information in its Appendix A) or
+ CBC-CS3 as defined by NIST in Sp800-38A addendum from Oct 2010.
This mode is required for Kerberos gss mechanism support
for AES encryption.
+ See: https://csrc.nist.gov/publications/detail/sp/800-38a/addendum/final
+
config CRYPTO_ECB
tristate "ECB support"
select CRYPTO_BLKCIPHER
@@ -470,6 +404,18 @@
The first 128, 192 or 256 bits in the key are used for AES and the
rest is used to tie each cipher block to its logical position.
+config CRYPTO_OFB
+ tristate "OFB support"
+ select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
+ help
+ OFB: the Output Feedback mode makes a block cipher into a synchronous
+ stream cipher. It generates keystream blocks, which are then XORed
+ with the plaintext blocks to get the ciphertext. Flipping a bit in the
+ ciphertext produces a flipped bit in the plaintext at the same
+ location. This property allows many error correcting codes to function
+ normally even when applied before encryption.
+
config CRYPTO_PCBC
tristate "PCBC support"
select CRYPTO_BLKCIPHER
@@ -491,10 +437,84 @@
config CRYPTO_KEYWRAP
tristate "Key wrapping support"
select CRYPTO_BLKCIPHER
+ select CRYPTO_MANAGER
help
Support for key wrapping (NIST SP800-38F / RFC3394) without
padding.
+config CRYPTO_NHPOLY1305
+ tristate
+ select CRYPTO_HASH
+ select CRYPTO_POLY1305
+
+config CRYPTO_NHPOLY1305_SSE2
+ tristate "NHPoly1305 hash function (x86_64 SSE2 implementation)"
+ depends on X86 && 64BIT
+ select CRYPTO_NHPOLY1305
+ help
+ SSE2 optimized implementation of the hash function used by the
+ Adiantum encryption mode.
+
+config CRYPTO_NHPOLY1305_AVX2
+ tristate "NHPoly1305 hash function (x86_64 AVX2 implementation)"
+ depends on X86 && 64BIT
+ select CRYPTO_NHPOLY1305
+ help
+ AVX2 optimized implementation of the hash function used by the
+ Adiantum encryption mode.
+
+config CRYPTO_ADIANTUM
+ tristate "Adiantum support"
+ select CRYPTO_CHACHA20
+ select CRYPTO_POLY1305
+ select CRYPTO_NHPOLY1305
+ select CRYPTO_MANAGER
+ help
+ Adiantum is a tweakable, length-preserving encryption mode
+ designed for fast and secure disk encryption, especially on
+ CPUs without dedicated crypto instructions. It encrypts
+ each sector using the XChaCha12 stream cipher, two passes of
+ an ε-almost-∆-universal hash function, and an invocation of
+ the AES-256 block cipher on a single 16-byte block. On CPUs
+ without AES instructions, Adiantum is much faster than
+ AES-XTS.
+
+ Adiantum's security is provably reducible to that of its
+ underlying stream and block ciphers, subject to a security
+ bound. Unlike XTS, Adiantum is a true wide-block encryption
+ mode, so it actually provides an even stronger notion of
+ security than XTS, subject to the security bound.
+
+ If unsure, say N.
+
+config CRYPTO_ESSIV
+ tristate "ESSIV support for block encryption"
+ select CRYPTO_AUTHENC
+ help
+ Encrypted salt-sector initialization vector (ESSIV) is an IV
+ generation method that is used in some cases by fscrypt and/or
+ dm-crypt. It uses the hash of the block encryption key as the
+ symmetric key for a block encryption pass applied to the input
+ IV, making low entropy IV sources more suitable for block
+ encryption.
+
+ This driver implements a crypto API template that can be
+ instantiated either as a skcipher or as a aead (depending on the
+ type of the first template argument), and which defers encryption
+ and decryption requests to the encapsulated cipher after applying
+ ESSIV to the input IV. Note that in the aead case, it is assumed
+ that the keys are presented in the same format used by the authenc
+ template, and that the IV appears at the end of the authenticated
+ associated data (AAD) region (which is how dm-crypt uses it.)
+
+ Note that the use of ESSIV is not recommended for new deployments,
+ and so this only needs to be enabled when interoperability with
+ existing encrypted volumes of filesystems is required, or when
+ building for a particular system that requires it (e.g., when
+ the SoC in question has accelerated CBC but not XTS, making CBC
+ combined with ESSIV the only feasible mode for h/w accelerated
+ block encryption)
+
comment "Hash modes"
config CRYPTO_CMAC
@@ -597,7 +617,7 @@
From Intel Westmere and AMD Bulldozer processor with SSE4.2
and PCLMULQDQ supported, the processor will support
CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ
- instruction. This option will create 'crc32-plcmul' module,
+ instruction. This option will create 'crc32-pclmul' module,
which will enable any routine to use the CRC-32-IEEE 802.3 checksum
and gain better performance as compared with the table implementation.
@@ -610,6 +630,14 @@
instructions, when available.
+config CRYPTO_XXHASH
+ tristate "xxHash hash algorithm"
+ select CRYPTO_HASH
+ select XXHASH
+ help
+ xxHash non-cryptographic hash algorithm. Extremely fast, working at
+ speeds close to RAM limits.
+
config CRYPTO_CRCT10DIF
tristate "CRCT10DIF algorithm"
select CRYPTO_HASH
@@ -626,7 +654,7 @@
For x86_64 processors with SSE4.2 and PCLMULQDQ supported,
CRC T10 DIF PCLMULQDQ computation can be hardware
accelerated PCLMULQDQ instruction. This option will create
- 'crct10dif-plcmul' module, which is faster when computing the
+ 'crct10dif-pclmul' module, which is faster when computing the
crct10dif checksum as compared with the generic table implementation.
config CRYPTO_CRCT10DIF_VPMSUM
@@ -647,11 +675,12 @@
Unless you are testing these algorithms, you don't need this.
config CRYPTO_GHASH
- tristate "GHASH digest algorithm"
+ tristate "GHASH hash function"
select CRYPTO_GF128MUL
select CRYPTO_HASH
help
- GHASH is message digest algorithm for GCM (Galois/Counter Mode).
+ GHASH is the hash function used in GCM (Galois/Counter Mode).
+ It is not a general-purpose cryptographic hash function.
config CRYPTO_POLY1305
tristate "Poly1305 authenticator algorithm"
@@ -848,57 +877,13 @@
SHA-1 secure hash standard (DFIPS 180-4) implemented
using powerpc SPE SIMD instruction set.
-config CRYPTO_SHA1_MB
- tristate "SHA1 digest algorithm (x86_64 Multi-Buffer, Experimental)"
- depends on X86 && 64BIT
- select CRYPTO_SHA1
- select CRYPTO_HASH
- select CRYPTO_MCRYPTD
- help
- SHA-1 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
- using multi-buffer technique. This algorithm computes on
- multiple data lanes concurrently with SIMD instructions for
- better throughput. It should not be enabled by default but
- used when there is significant amount of work to keep the keep
- the data lanes filled to get performance benefit. If the data
- lanes remain unfilled, a flush operation will be initiated to
- process the crypto jobs, adding a slight latency.
-
-config CRYPTO_SHA256_MB
- tristate "SHA256 digest algorithm (x86_64 Multi-Buffer, Experimental)"
- depends on X86 && 64BIT
- select CRYPTO_SHA256
- select CRYPTO_HASH
- select CRYPTO_MCRYPTD
- help
- SHA-256 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
- using multi-buffer technique. This algorithm computes on
- multiple data lanes concurrently with SIMD instructions for
- better throughput. It should not be enabled by default but
- used when there is significant amount of work to keep the keep
- the data lanes filled to get performance benefit. If the data
- lanes remain unfilled, a flush operation will be initiated to
- process the crypto jobs, adding a slight latency.
-
-config CRYPTO_SHA512_MB
- tristate "SHA512 digest algorithm (x86_64 Multi-Buffer, Experimental)"
- depends on X86 && 64BIT
- select CRYPTO_SHA512
- select CRYPTO_HASH
- select CRYPTO_MCRYPTD
- help
- SHA-512 secure hash standard (FIPS 180-1/DFIPS 180-2) implemented
- using multi-buffer technique. This algorithm computes on
- multiple data lanes concurrently with SIMD instructions for
- better throughput. It should not be enabled by default but
- used when there is significant amount of work to keep the keep
- the data lanes filled to get performance benefit. If the data
- lanes remain unfilled, a flush operation will be initiated to
- process the crypto jobs, adding a slight latency.
+config CRYPTO_LIB_SHA256
+ tristate
config CRYPTO_SHA256
tristate "SHA224 and SHA256 digest algorithm"
select CRYPTO_HASH
+ select CRYPTO_LIB_SHA256
help
SHA256 secure hash standard (DFIPS 180-2).
@@ -986,6 +971,18 @@
http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
https://datatracker.ietf.org/doc/html/draft-shen-sm3-hash
+config CRYPTO_STREEBOG
+ tristate "Streebog Hash Function"
+ select CRYPTO_HASH
+ help
+ Streebog Hash Function (GOST R 34.11-2012, RFC 6986) is one of the Russian
+ cryptographic standard algorithms (called GOST algorithms).
+ This setting enables two hash algorithms with 256 and 512 bits output.
+
+ References:
+ https://tc26.ru/upload/iblock/fed/feddbb4d26b685903faa2ba11aea43f6.pdf
+ https://tools.ietf.org/html/rfc6986
+
config CRYPTO_TGR192
tristate "Tiger digest algorithms"
select CRYPTO_HASH
@@ -1012,18 +1009,22 @@
<http://www.larc.usp.br/~pbarreto/WhirlpoolPage.html>
config CRYPTO_GHASH_CLMUL_NI_INTEL
- tristate "GHASH digest algorithm (CLMUL-NI accelerated)"
+ tristate "GHASH hash function (CLMUL-NI accelerated)"
depends on X86 && 64BIT
select CRYPTO_CRYPTD
help
- GHASH is message digest algorithm for GCM (Galois/Counter Mode).
- The implementation is accelerated by CLMUL-NI of Intel.
+ This is the x86_64 CLMUL-NI accelerated implementation of
+ GHASH, the hash function used in GCM (Galois/Counter mode).
comment "Ciphers"
+config CRYPTO_LIB_AES
+ tristate
+
config CRYPTO_AES
tristate "AES cipher algorithms"
select CRYPTO_ALGAPI
+ select CRYPTO_LIB_AES
help
AES cipher algorithms (FIPS-197). AES uses the Rijndael
algorithm.
@@ -1044,6 +1045,7 @@
config CRYPTO_AES_TI
tristate "Fixed time AES cipher"
select CRYPTO_ALGAPI
+ select CRYPTO_LIB_AES
help
This is a generic implementation of AES that attempts to eliminate
data dependent latencies as much as possible without affecting
@@ -1056,58 +1058,14 @@
8 for decryption), this implementation only uses just two S-boxes of
256 bytes each, and attempts to eliminate data dependent latencies by
prefetching the entire table into the cache at the start of each
- block.
-
-config CRYPTO_AES_586
- tristate "AES cipher algorithms (i586)"
- depends on (X86 || UML_X86) && !64BIT
- select CRYPTO_ALGAPI
- select CRYPTO_AES
- help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
- algorithm.
-
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
-
-config CRYPTO_AES_X86_64
- tristate "AES cipher algorithms (x86_64)"
- depends on (X86 || UML_X86) && 64BIT
- select CRYPTO_ALGAPI
- select CRYPTO_AES
- help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
- algorithm.
-
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
+ block. Interrupts are also disabled to avoid races where cachelines
+ are evicted when the CPU is interrupted to do something else.
config CRYPTO_AES_NI_INTEL
tristate "AES cipher algorithms (AES-NI)"
depends on X86
select CRYPTO_AEAD
- select CRYPTO_AES_X86_64 if 64BIT
- select CRYPTO_AES_586 if !64BIT
+ select CRYPTO_LIB_AES
select CRYPTO_ALGAPI
select CRYPTO_BLKCIPHER
select CRYPTO_GLUE_HELPER_X86 if 64BIT
@@ -1133,7 +1091,7 @@
In addition to AES cipher algorithm support, the acceleration
for some popular block cipher mode is supported too, including
- ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
+ ECB, CBC, LRW, XTS. The 64 bit version has additional
acceleration for CTR.
config CRYPTO_AES_SPARC64
@@ -1191,9 +1149,13 @@
<https://www.cosic.esat.kuleuven.be/nessie/reports/>
<http://www.larc.usp.br/~pbarreto/AnubisPage.html>
+config CRYPTO_LIB_ARC4
+ tristate
+
config CRYPTO_ARC4
tristate "ARC4 cipher algorithm"
select CRYPTO_BLKCIPHER
+ select CRYPTO_LIB_ARC4
help
ARC4 cipher algorithm.
@@ -1376,9 +1338,13 @@
This module provides the Cast6 cipher algorithm that processes
eight blocks parallel using the AVX instruction set.
+config CRYPTO_LIB_DES
+ tristate
+
config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms"
select CRYPTO_ALGAPI
+ select CRYPTO_LIB_DES
help
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3).
@@ -1386,7 +1352,7 @@
tristate "DES and Triple DES EDE cipher algorithms (SPARC64)"
depends on SPARC64
select CRYPTO_ALGAPI
- select CRYPTO_DES
+ select CRYPTO_LIB_DES
help
DES cipher algorithm (FIPS 46-2), and Triple DES EDE (FIPS 46-3),
optimized using SPARC64 crypto opcodes.
@@ -1395,7 +1361,7 @@
tristate "Triple DES EDE cipher algorithm (x86-64)"
depends on X86 && 64BIT
select CRYPTO_BLKCIPHER
- select CRYPTO_DES
+ select CRYPTO_LIB_DES
help
Triple DES EDE (FIPS 46-3) algorithm.
@@ -1437,32 +1403,34 @@
Bernstein <djb@cr.yp.to>. See <http://cr.yp.to/snuffle.html>
config CRYPTO_CHACHA20
- tristate "ChaCha20 cipher algorithm"
+ tristate "ChaCha stream cipher algorithms"
select CRYPTO_BLKCIPHER
help
- ChaCha20 cipher algorithm, RFC7539.
+ The ChaCha20, XChaCha20, and XChaCha12 stream cipher algorithms.
ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
Bernstein and further specified in RFC7539 for use in IETF protocols.
- This is the portable C implementation of ChaCha20.
-
- See also:
+ This is the portable C implementation of ChaCha20. See also:
<http://cr.yp.to/chacha/chacha-20080128.pdf>
+ XChaCha20 is the application of the XSalsa20 construction to ChaCha20
+ rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length
+ from 64 bits (or 96 bits using the RFC7539 convention) to 192 bits,
+ while provably retaining ChaCha20's security. See also:
+ <https://cr.yp.to/snuffle/xsalsa-20081128.pdf>
+
+ XChaCha12 is XChaCha20 reduced to 12 rounds, with correspondingly
+ reduced security margin but increased performance. It can be needed
+ in some performance-sensitive scenarios.
+
config CRYPTO_CHACHA20_X86_64
- tristate "ChaCha20 cipher algorithm (x86_64/SSSE3/AVX2)"
+ tristate "ChaCha stream cipher algorithms (x86_64/SSSE3/AVX2/AVX-512VL)"
depends on X86 && 64BIT
select CRYPTO_BLKCIPHER
select CRYPTO_CHACHA20
help
- ChaCha20 cipher algorithm, RFC7539.
-
- ChaCha20 is a 256-bit high-speed stream cipher designed by Daniel J.
- Bernstein and further specified in RFC7539 for use in IETF protocols.
- This is the x86_64 assembler implementation using SIMD instructions.
-
- See also:
- <http://cr.yp.to/chacha/chacha-20080128.pdf>
+ SSSE3, AVX2, and AVX-512VL optimized implementations of the ChaCha20,
+ XChaCha20, and XChaCha12 stream ciphers.
config CRYPTO_SEED
tristate "SEED cipher algorithm"
@@ -1861,11 +1829,23 @@
This option enables the user-spaces interface for AEAD
cipher algorithms.
+config CRYPTO_STATS
+ bool "Crypto usage statistics for User-space"
+ depends on CRYPTO_USER
+ help
+ This option enables the gathering of crypto stats.
+ This will collect:
+ - encrypt/decrypt size and numbers of symmeric operations
+ - compress/decompress size and numbers of compress operations
+ - size and numbers of hash operations
+ - encrypt/decrypt/sign/verify numbers for asymmetric operations
+ - generate/seed numbers for rng operations
+
config CRYPTO_HASH_INFO
bool
source "drivers/crypto/Kconfig"
-source crypto/asymmetric_keys/Kconfig
-source certs/Kconfig
+source "crypto/asymmetric_keys/Kconfig"
+source "certs/Kconfig"
endif # if CRYPTO
diff --git a/crypto/Makefile b/crypto/Makefile
index f6a234d..fcb1ee6 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -6,8 +6,6 @@
obj-$(CONFIG_CRYPTO) += crypto.o
crypto-y := api.o cipher.o compress.o memneq.o
-obj-$(CONFIG_CRYPTO_WORKQUEUE) += crypto_wq.o
-
obj-$(CONFIG_CRYPTO_ENGINE) += crypto_engine.o
obj-$(CONFIG_CRYPTO_FIPS) += fips.o
@@ -54,6 +52,8 @@
obj-$(CONFIG_CRYPTO_MANAGER2) += cryptomgr.o
obj-$(CONFIG_CRYPTO_USER) += crypto_user.o
+crypto_user-y := crypto_user_base.o
+crypto_user-$(CONFIG_CRYPTO_STATS) += crypto_user_stat.o
obj-$(CONFIG_CRYPTO_CMAC) += cmac.o
obj-$(CONFIG_CRYPTO_HMAC) += hmac.o
obj-$(CONFIG_CRYPTO_VMAC) += vmac.o
@@ -70,6 +70,7 @@
obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
obj-$(CONFIG_CRYPTO_SHA3) += sha3_generic.o
obj-$(CONFIG_CRYPTO_SM3) += sm3_generic.o
+obj-$(CONFIG_CRYPTO_STREEBOG) += streebog_generic.o
obj-$(CONFIG_CRYPTO_WP512) += wp512.o
CFLAGS_wp512.o := $(call cc-option,-fno-schedule-insns) # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
@@ -83,17 +84,34 @@
obj-$(CONFIG_CRYPTO_XTS) += xts.o
obj-$(CONFIG_CRYPTO_CTR) += ctr.o
obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o
+obj-$(CONFIG_CRYPTO_ADIANTUM) += adiantum.o
+obj-$(CONFIG_CRYPTO_NHPOLY1305) += nhpoly1305.o
obj-$(CONFIG_CRYPTO_GCM) += gcm.o
obj-$(CONFIG_CRYPTO_CCM) += ccm.o
obj-$(CONFIG_CRYPTO_CHACHA20POLY1305) += chacha20poly1305.o
obj-$(CONFIG_CRYPTO_AEGIS128) += aegis128.o
-obj-$(CONFIG_CRYPTO_AEGIS128L) += aegis128l.o
-obj-$(CONFIG_CRYPTO_AEGIS256) += aegis256.o
-obj-$(CONFIG_CRYPTO_MORUS640) += morus640.o
-obj-$(CONFIG_CRYPTO_MORUS1280) += morus1280.o
+aegis128-y := aegis128-core.o
+
+ifeq ($(ARCH),arm)
+CFLAGS_aegis128-neon-inner.o += -ffreestanding -march=armv7-a -mfloat-abi=softfp
+CFLAGS_aegis128-neon-inner.o += -mfpu=crypto-neon-fp-armv8
+aegis128-$(CONFIG_CRYPTO_AEGIS128_SIMD) += aegis128-neon.o aegis128-neon-inner.o
+endif
+ifeq ($(ARCH),arm64)
+aegis128-cflags-y := -ffreestanding -mcpu=generic+crypto
+aegis128-cflags-$(CONFIG_CC_IS_GCC) += -ffixed-q16 -ffixed-q17 -ffixed-q18 \
+ -ffixed-q19 -ffixed-q20 -ffixed-q21 \
+ -ffixed-q22 -ffixed-q23 -ffixed-q24 \
+ -ffixed-q25 -ffixed-q26 -ffixed-q27 \
+ -ffixed-q28 -ffixed-q29 -ffixed-q30 \
+ -ffixed-q31
+CFLAGS_aegis128-neon-inner.o += $(aegis128-cflags-y)
+CFLAGS_REMOVE_aegis128-neon-inner.o += -mgeneral-regs-only
+aegis128-$(CONFIG_CRYPTO_AEGIS128_SIMD) += aegis128-neon.o aegis128-neon-inner.o
+endif
+
obj-$(CONFIG_CRYPTO_PCRYPT) += pcrypt.o
obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o
-obj-$(CONFIG_CRYPTO_MCRYPTD) += mcryptd.o
obj-$(CONFIG_CRYPTO_DES) += des_generic.o
obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o
obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish_generic.o
@@ -116,7 +134,7 @@
obj-$(CONFIG_CRYPTO_ANUBIS) += anubis.o
obj-$(CONFIG_CRYPTO_SEED) += seed.o
obj-$(CONFIG_CRYPTO_SALSA20) += salsa20_generic.o
-obj-$(CONFIG_CRYPTO_CHACHA20) += chacha20_generic.o
+obj-$(CONFIG_CRYPTO_CHACHA20) += chacha_generic.o
obj-$(CONFIG_CRYPTO_POLY1305) += poly1305_generic.o
obj-$(CONFIG_CRYPTO_DEFLATE) += deflate.o
obj-$(CONFIG_CRYPTO_MICHAEL_MIC) += michael_mic.o
@@ -124,15 +142,18 @@
obj-$(CONFIG_CRYPTO_CRC32) += crc32_generic.o
obj-$(CONFIG_CRYPTO_CRCT10DIF) += crct10dif_common.o crct10dif_generic.o
obj-$(CONFIG_CRYPTO_AUTHENC) += authenc.o authencesn.o
-obj-$(CONFIG_CRYPTO_LZO) += lzo.o
+obj-$(CONFIG_CRYPTO_LZO) += lzo.o lzo-rle.o
obj-$(CONFIG_CRYPTO_LZ4) += lz4.o
obj-$(CONFIG_CRYPTO_LZ4HC) += lz4hc.o
+obj-$(CONFIG_CRYPTO_XXHASH) += xxhash_generic.o
obj-$(CONFIG_CRYPTO_842) += 842.o
obj-$(CONFIG_CRYPTO_RNG2) += rng.o
obj-$(CONFIG_CRYPTO_ANSI_CPRNG) += ansi_cprng.o
obj-$(CONFIG_CRYPTO_DRBG) += drbg.o
obj-$(CONFIG_CRYPTO_JITTERENTROPY) += jitterentropy_rng.o
CFLAGS_jitterentropy.o = -O0
+KASAN_SANITIZE_jitterentropy.o = n
+UBSAN_SANITIZE_jitterentropy.o = n
jitterentropy_rng-y := jitterentropy.o jitterentropy-kcapi.o
obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o
obj-$(CONFIG_CRYPTO_GHASH) += ghash-generic.o
@@ -142,12 +163,22 @@
obj-$(CONFIG_CRYPTO_USER_API_RNG) += algif_rng.o
obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o
obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o
+obj-$(CONFIG_CRYPTO_OFB) += ofb.o
+obj-$(CONFIG_CRYPTO_ECC) += ecc.o
+obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o
-ecdh_generic-y := ecc.o
ecdh_generic-y += ecdh.o
ecdh_generic-y += ecdh_helper.o
obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o
+$(obj)/ecrdsa_params.asn1.o: $(obj)/ecrdsa_params.asn1.c $(obj)/ecrdsa_params.asn1.h
+$(obj)/ecrdsa_pub_key.asn1.o: $(obj)/ecrdsa_pub_key.asn1.c $(obj)/ecrdsa_pub_key.asn1.h
+$(obj)/ecrdsa.o: $(obj)/ecrdsa_params.asn1.h $(obj)/ecrdsa_pub_key.asn1.h
+ecrdsa_generic-y += ecrdsa.o
+ecrdsa_generic-y += ecrdsa_params.asn1.o
+ecrdsa_generic-y += ecrdsa_pub_key.asn1.o
+obj-$(CONFIG_CRYPTO_ECRDSA) += ecrdsa_generic.o
+
#
# generic algorithms and the async_tx api
#
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 8882e90..072b564 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Asynchronous block chaining cipher operations.
*
@@ -5,12 +6,6 @@
* via a callback.
*
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/skcipher.h>
@@ -365,23 +360,18 @@
{
struct crypto_report_blkcipher rblkcipher;
- strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));
- strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",
- sizeof(rblkcipher.geniv));
- rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
+ memset(&rblkcipher, 0, sizeof(rblkcipher));
+
+ strscpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));
+ strscpy(rblkcipher.geniv, "<default>", sizeof(rblkcipher.geniv));
rblkcipher.blocksize = alg->cra_blocksize;
rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;
rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
- sizeof(struct crypto_report_blkcipher), &rblkcipher))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
+ sizeof(rblkcipher), &rblkcipher);
}
#else
static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -403,7 +393,7 @@
seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
- seq_printf(m, "geniv : %s\n", ablkcipher->geniv ?: "<default>");
+ seq_printf(m, "geniv : <default>\n");
}
const struct crypto_type crypto_ablkcipher_type = {
@@ -415,78 +405,3 @@
.report = crypto_ablkcipher_report,
};
EXPORT_SYMBOL_GPL(crypto_ablkcipher_type);
-
-static int crypto_init_givcipher_ops(struct crypto_tfm *tfm, u32 type,
- u32 mask)
-{
- struct ablkcipher_alg *alg = &tfm->__crt_alg->cra_ablkcipher;
- struct ablkcipher_tfm *crt = &tfm->crt_ablkcipher;
-
- if (alg->ivsize > PAGE_SIZE / 8)
- return -EINVAL;
-
- crt->setkey = tfm->__crt_alg->cra_flags & CRYPTO_ALG_GENIV ?
- alg->setkey : setkey;
- crt->encrypt = alg->encrypt;
- crt->decrypt = alg->decrypt;
- crt->base = __crypto_ablkcipher_cast(tfm);
- crt->ivsize = alg->ivsize;
-
- return 0;
-}
-
-#ifdef CONFIG_NET
-static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
-{
- struct crypto_report_blkcipher rblkcipher;
-
- strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));
- strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",
- sizeof(rblkcipher.geniv));
- rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
-
- rblkcipher.blocksize = alg->cra_blocksize;
- rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
- rblkcipher.max_keysize = alg->cra_ablkcipher.max_keysize;
- rblkcipher.ivsize = alg->cra_ablkcipher.ivsize;
-
- if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
- sizeof(struct crypto_report_blkcipher), &rblkcipher))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
-}
-#else
-static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
-{
- return -ENOSYS;
-}
-#endif
-
-static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
- __maybe_unused;
-static void crypto_givcipher_show(struct seq_file *m, struct crypto_alg *alg)
-{
- struct ablkcipher_alg *ablkcipher = &alg->cra_ablkcipher;
-
- seq_printf(m, "type : givcipher\n");
- seq_printf(m, "async : %s\n", alg->cra_flags & CRYPTO_ALG_ASYNC ?
- "yes" : "no");
- seq_printf(m, "blocksize : %u\n", alg->cra_blocksize);
- seq_printf(m, "min keysize : %u\n", ablkcipher->min_keysize);
- seq_printf(m, "max keysize : %u\n", ablkcipher->max_keysize);
- seq_printf(m, "ivsize : %u\n", ablkcipher->ivsize);
- seq_printf(m, "geniv : %s\n", ablkcipher->geniv ?: "<built-in>");
-}
-
-const struct crypto_type crypto_givcipher_type = {
- .ctxsize = crypto_ablkcipher_ctxsize,
- .init = crypto_init_givcipher_ops,
-#ifdef CONFIG_PROC_FS
- .show = crypto_givcipher_show,
-#endif
- .report = crypto_givcipher_report,
-};
-EXPORT_SYMBOL_GPL(crypto_givcipher_type);
diff --git a/crypto/acompress.c b/crypto/acompress.c
index 1544b7c..abadcb0 100644
--- a/crypto/acompress.c
+++ b/crypto/acompress.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Asynchronous Compression operations
*
* Copyright (c) 2016, Intel Corporation
* Authors: Weigang Li <weigang.li@intel.com>
* Giovanni Cabiddu <giovanni.cabiddu@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/errno.h>
#include <linux/kernel.h>
@@ -33,15 +28,11 @@
{
struct crypto_report_acomp racomp;
- strncpy(racomp.type, "acomp", sizeof(racomp.type));
+ memset(&racomp, 0, sizeof(racomp));
- if (nla_put(skb, CRYPTOCFGA_REPORT_ACOMP,
- sizeof(struct crypto_report_acomp), &racomp))
- goto nla_put_failure;
- return 0;
+ strscpy(racomp.type, "acomp", sizeof(racomp.type));
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_ACOMP, sizeof(racomp), &racomp);
}
#else
static int crypto_acomp_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/adiantum.c b/crypto/adiantum.c
new file mode 100644
index 0000000..395a3dd
--- /dev/null
+++ b/crypto/adiantum.c
@@ -0,0 +1,667 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Adiantum length-preserving encryption mode
+ *
+ * Copyright 2018 Google LLC
+ */
+
+/*
+ * Adiantum is a tweakable, length-preserving encryption mode designed for fast
+ * and secure disk encryption, especially on CPUs without dedicated crypto
+ * instructions. Adiantum encrypts each sector using the XChaCha12 stream
+ * cipher, two passes of an ε-almost-∆-universal (ε-∆U) hash function based on
+ * NH and Poly1305, and an invocation of the AES-256 block cipher on a single
+ * 16-byte block. See the paper for details:
+ *
+ * Adiantum: length-preserving encryption for entry-level processors
+ * (https://eprint.iacr.org/2018/720.pdf)
+ *
+ * For flexibility, this implementation also allows other ciphers:
+ *
+ * - Stream cipher: XChaCha12 or XChaCha20
+ * - Block cipher: any with a 128-bit block size and 256-bit key
+ *
+ * This implementation doesn't currently allow other ε-∆U hash functions, i.e.
+ * HPolyC is not supported. This is because Adiantum is ~20% faster than HPolyC
+ * but still provably as secure, and also the ε-∆U hash function of HBSH is
+ * formally defined to take two inputs (tweak, message) which makes it difficult
+ * to wrap with the crypto_shash API. Rather, some details need to be handled
+ * here. Nevertheless, if needed in the future, support for other ε-∆U hash
+ * functions could be added here.
+ */
+
+#include <crypto/b128ops.h>
+#include <crypto/chacha.h>
+#include <crypto/internal/hash.h>
+#include <crypto/internal/skcipher.h>
+#include <crypto/nhpoly1305.h>
+#include <crypto/scatterwalk.h>
+#include <linux/module.h>
+
+#include "internal.h"
+
+/*
+ * Size of right-hand part of input data, in bytes; also the size of the block
+ * cipher's block size and the hash function's output.
+ */
+#define BLOCKCIPHER_BLOCK_SIZE 16
+
+/* Size of the block cipher key (K_E) in bytes */
+#define BLOCKCIPHER_KEY_SIZE 32
+
+/* Size of the hash key (K_H) in bytes */
+#define HASH_KEY_SIZE (POLY1305_BLOCK_SIZE + NHPOLY1305_KEY_SIZE)
+
+/*
+ * The specification allows variable-length tweaks, but Linux's crypto API
+ * currently only allows algorithms to support a single length. The "natural"
+ * tweak length for Adiantum is 16, since that fits into one Poly1305 block for
+ * the best performance. But longer tweaks are useful for fscrypt, to avoid
+ * needing to derive per-file keys. So instead we use two blocks, or 32 bytes.
+ */
+#define TWEAK_SIZE 32
+
+struct adiantum_instance_ctx {
+ struct crypto_skcipher_spawn streamcipher_spawn;
+ struct crypto_spawn blockcipher_spawn;
+ struct crypto_shash_spawn hash_spawn;
+};
+
+struct adiantum_tfm_ctx {
+ struct crypto_skcipher *streamcipher;
+ struct crypto_cipher *blockcipher;
+ struct crypto_shash *hash;
+ struct poly1305_key header_hash_key;
+};
+
+struct adiantum_request_ctx {
+
+ /*
+ * Buffer for right-hand part of data, i.e.
+ *
+ * P_L => P_M => C_M => C_R when encrypting, or
+ * C_R => C_M => P_M => P_L when decrypting.
+ *
+ * Also used to build the IV for the stream cipher.
+ */
+ union {
+ u8 bytes[XCHACHA_IV_SIZE];
+ __le32 words[XCHACHA_IV_SIZE / sizeof(__le32)];
+ le128 bignum; /* interpret as element of Z/(2^{128}Z) */
+ } rbuf;
+
+ bool enc; /* true if encrypting, false if decrypting */
+
+ /*
+ * The result of the Poly1305 ε-∆U hash function applied to
+ * (bulk length, tweak)
+ */
+ le128 header_hash;
+
+ /* Sub-requests, must be last */
+ union {
+ struct shash_desc hash_desc;
+ struct skcipher_request streamcipher_req;
+ } u;
+};
+
+/*
+ * Given the XChaCha stream key K_S, derive the block cipher key K_E and the
+ * hash key K_H as follows:
+ *
+ * K_E || K_H || ... = XChaCha(key=K_S, nonce=1||0^191)
+ *
+ * Note that this denotes using bits from the XChaCha keystream, which here we
+ * get indirectly by encrypting a buffer containing all 0's.
+ */
+static int adiantum_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct {
+ u8 iv[XCHACHA_IV_SIZE];
+ u8 derived_keys[BLOCKCIPHER_KEY_SIZE + HASH_KEY_SIZE];
+ struct scatterlist sg;
+ struct crypto_wait wait;
+ struct skcipher_request req; /* must be last */
+ } *data;
+ u8 *keyp;
+ int err;
+
+ /* Set the stream cipher key (K_S) */
+ crypto_skcipher_clear_flags(tctx->streamcipher, CRYPTO_TFM_REQ_MASK);
+ crypto_skcipher_set_flags(tctx->streamcipher,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_skcipher_setkey(tctx->streamcipher, key, keylen);
+ crypto_skcipher_set_flags(tfm,
+ crypto_skcipher_get_flags(tctx->streamcipher) &
+ CRYPTO_TFM_RES_MASK);
+ if (err)
+ return err;
+
+ /* Derive the subkeys */
+ data = kzalloc(sizeof(*data) +
+ crypto_skcipher_reqsize(tctx->streamcipher), GFP_KERNEL);
+ if (!data)
+ return -ENOMEM;
+ data->iv[0] = 1;
+ sg_init_one(&data->sg, data->derived_keys, sizeof(data->derived_keys));
+ crypto_init_wait(&data->wait);
+ skcipher_request_set_tfm(&data->req, tctx->streamcipher);
+ skcipher_request_set_callback(&data->req, CRYPTO_TFM_REQ_MAY_SLEEP |
+ CRYPTO_TFM_REQ_MAY_BACKLOG,
+ crypto_req_done, &data->wait);
+ skcipher_request_set_crypt(&data->req, &data->sg, &data->sg,
+ sizeof(data->derived_keys), data->iv);
+ err = crypto_wait_req(crypto_skcipher_encrypt(&data->req), &data->wait);
+ if (err)
+ goto out;
+ keyp = data->derived_keys;
+
+ /* Set the block cipher key (K_E) */
+ crypto_cipher_clear_flags(tctx->blockcipher, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(tctx->blockcipher,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_cipher_setkey(tctx->blockcipher, keyp,
+ BLOCKCIPHER_KEY_SIZE);
+ crypto_skcipher_set_flags(tfm,
+ crypto_cipher_get_flags(tctx->blockcipher) &
+ CRYPTO_TFM_RES_MASK);
+ if (err)
+ goto out;
+ keyp += BLOCKCIPHER_KEY_SIZE;
+
+ /* Set the hash key (K_H) */
+ poly1305_core_setkey(&tctx->header_hash_key, keyp);
+ keyp += POLY1305_BLOCK_SIZE;
+
+ crypto_shash_clear_flags(tctx->hash, CRYPTO_TFM_REQ_MASK);
+ crypto_shash_set_flags(tctx->hash, crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_shash_setkey(tctx->hash, keyp, NHPOLY1305_KEY_SIZE);
+ crypto_skcipher_set_flags(tfm, crypto_shash_get_flags(tctx->hash) &
+ CRYPTO_TFM_RES_MASK);
+ keyp += NHPOLY1305_KEY_SIZE;
+ WARN_ON(keyp != &data->derived_keys[ARRAY_SIZE(data->derived_keys)]);
+out:
+ kzfree(data);
+ return err;
+}
+
+/* Addition in Z/(2^{128}Z) */
+static inline void le128_add(le128 *r, const le128 *v1, const le128 *v2)
+{
+ u64 x = le64_to_cpu(v1->b);
+ u64 y = le64_to_cpu(v2->b);
+
+ r->b = cpu_to_le64(x + y);
+ r->a = cpu_to_le64(le64_to_cpu(v1->a) + le64_to_cpu(v2->a) +
+ (x + y < x));
+}
+
+/* Subtraction in Z/(2^{128}Z) */
+static inline void le128_sub(le128 *r, const le128 *v1, const le128 *v2)
+{
+ u64 x = le64_to_cpu(v1->b);
+ u64 y = le64_to_cpu(v2->b);
+
+ r->b = cpu_to_le64(x - y);
+ r->a = cpu_to_le64(le64_to_cpu(v1->a) - le64_to_cpu(v2->a) -
+ (x - y > x));
+}
+
+/*
+ * Apply the Poly1305 ε-∆U hash function to (bulk length, tweak) and save the
+ * result to rctx->header_hash. This is the calculation
+ *
+ * H_T ← Poly1305_{K_T}(bin_{128}(|L|) || T)
+ *
+ * from the procedure in section 6.4 of the Adiantum paper. The resulting value
+ * is reused in both the first and second hash steps. Specifically, it's added
+ * to the result of an independently keyed ε-∆U hash function (for equal length
+ * inputs only) taken over the left-hand part (the "bulk") of the message, to
+ * give the overall Adiantum hash of the (tweak, left-hand part) pair.
+ */
+static void adiantum_hash_header(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
+ const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
+ struct {
+ __le64 message_bits;
+ __le64 padding;
+ } header = {
+ .message_bits = cpu_to_le64((u64)bulk_len * 8)
+ };
+ struct poly1305_state state;
+
+ poly1305_core_init(&state);
+
+ BUILD_BUG_ON(sizeof(header) % POLY1305_BLOCK_SIZE != 0);
+ poly1305_core_blocks(&state, &tctx->header_hash_key,
+ &header, sizeof(header) / POLY1305_BLOCK_SIZE);
+
+ BUILD_BUG_ON(TWEAK_SIZE % POLY1305_BLOCK_SIZE != 0);
+ poly1305_core_blocks(&state, &tctx->header_hash_key, req->iv,
+ TWEAK_SIZE / POLY1305_BLOCK_SIZE);
+
+ poly1305_core_emit(&state, &rctx->header_hash);
+}
+
+/* Hash the left-hand part (the "bulk") of the message using NHPoly1305 */
+static int adiantum_hash_message(struct skcipher_request *req,
+ struct scatterlist *sgl, le128 *digest)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
+ const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
+ struct shash_desc *hash_desc = &rctx->u.hash_desc;
+ struct sg_mapping_iter miter;
+ unsigned int i, n;
+ int err;
+
+ hash_desc->tfm = tctx->hash;
+
+ err = crypto_shash_init(hash_desc);
+ if (err)
+ return err;
+
+ sg_miter_start(&miter, sgl, sg_nents(sgl),
+ SG_MITER_FROM_SG | SG_MITER_ATOMIC);
+ for (i = 0; i < bulk_len; i += n) {
+ sg_miter_next(&miter);
+ n = min_t(unsigned int, miter.length, bulk_len - i);
+ err = crypto_shash_update(hash_desc, miter.addr, n);
+ if (err)
+ break;
+ }
+ sg_miter_stop(&miter);
+ if (err)
+ return err;
+
+ return crypto_shash_final(hash_desc, (u8 *)digest);
+}
+
+/* Continue Adiantum encryption/decryption after the stream cipher step */
+static int adiantum_finish(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
+ const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
+ le128 digest;
+ int err;
+
+ /* If decrypting, decrypt C_M with the block cipher to get P_M */
+ if (!rctx->enc)
+ crypto_cipher_decrypt_one(tctx->blockcipher, rctx->rbuf.bytes,
+ rctx->rbuf.bytes);
+
+ /*
+ * Second hash step
+ * enc: C_R = C_M - H_{K_H}(T, C_L)
+ * dec: P_R = P_M - H_{K_H}(T, P_L)
+ */
+ err = adiantum_hash_message(req, req->dst, &digest);
+ if (err)
+ return err;
+ le128_add(&digest, &digest, &rctx->header_hash);
+ le128_sub(&rctx->rbuf.bignum, &rctx->rbuf.bignum, &digest);
+ scatterwalk_map_and_copy(&rctx->rbuf.bignum, req->dst,
+ bulk_len, BLOCKCIPHER_BLOCK_SIZE, 1);
+ return 0;
+}
+
+static void adiantum_streamcipher_done(struct crypto_async_request *areq,
+ int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ if (!err)
+ err = adiantum_finish(req);
+
+ skcipher_request_complete(req, err);
+}
+
+static int adiantum_crypt(struct skcipher_request *req, bool enc)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct adiantum_request_ctx *rctx = skcipher_request_ctx(req);
+ const unsigned int bulk_len = req->cryptlen - BLOCKCIPHER_BLOCK_SIZE;
+ unsigned int stream_len;
+ le128 digest;
+ int err;
+
+ if (req->cryptlen < BLOCKCIPHER_BLOCK_SIZE)
+ return -EINVAL;
+
+ rctx->enc = enc;
+
+ /*
+ * First hash step
+ * enc: P_M = P_R + H_{K_H}(T, P_L)
+ * dec: C_M = C_R + H_{K_H}(T, C_L)
+ */
+ adiantum_hash_header(req);
+ err = adiantum_hash_message(req, req->src, &digest);
+ if (err)
+ return err;
+ le128_add(&digest, &digest, &rctx->header_hash);
+ scatterwalk_map_and_copy(&rctx->rbuf.bignum, req->src,
+ bulk_len, BLOCKCIPHER_BLOCK_SIZE, 0);
+ le128_add(&rctx->rbuf.bignum, &rctx->rbuf.bignum, &digest);
+
+ /* If encrypting, encrypt P_M with the block cipher to get C_M */
+ if (enc)
+ crypto_cipher_encrypt_one(tctx->blockcipher, rctx->rbuf.bytes,
+ rctx->rbuf.bytes);
+
+ /* Initialize the rest of the XChaCha IV (first part is C_M) */
+ BUILD_BUG_ON(BLOCKCIPHER_BLOCK_SIZE != 16);
+ BUILD_BUG_ON(XCHACHA_IV_SIZE != 32); /* nonce || stream position */
+ rctx->rbuf.words[4] = cpu_to_le32(1);
+ rctx->rbuf.words[5] = 0;
+ rctx->rbuf.words[6] = 0;
+ rctx->rbuf.words[7] = 0;
+
+ /*
+ * XChaCha needs to be done on all the data except the last 16 bytes;
+ * for disk encryption that usually means 4080 or 496 bytes. But ChaCha
+ * implementations tend to be most efficient when passed a whole number
+ * of 64-byte ChaCha blocks, or sometimes even a multiple of 256 bytes.
+ * And here it doesn't matter whether the last 16 bytes are written to,
+ * as the second hash step will overwrite them. Thus, round the XChaCha
+ * length up to the next 64-byte boundary if possible.
+ */
+ stream_len = bulk_len;
+ if (round_up(stream_len, CHACHA_BLOCK_SIZE) <= req->cryptlen)
+ stream_len = round_up(stream_len, CHACHA_BLOCK_SIZE);
+
+ skcipher_request_set_tfm(&rctx->u.streamcipher_req, tctx->streamcipher);
+ skcipher_request_set_crypt(&rctx->u.streamcipher_req, req->src,
+ req->dst, stream_len, &rctx->rbuf);
+ skcipher_request_set_callback(&rctx->u.streamcipher_req,
+ req->base.flags,
+ adiantum_streamcipher_done, req);
+ return crypto_skcipher_encrypt(&rctx->u.streamcipher_req) ?:
+ adiantum_finish(req);
+}
+
+static int adiantum_encrypt(struct skcipher_request *req)
+{
+ return adiantum_crypt(req, true);
+}
+
+static int adiantum_decrypt(struct skcipher_request *req)
+{
+ return adiantum_crypt(req, false);
+}
+
+static int adiantum_init_tfm(struct crypto_skcipher *tfm)
+{
+ struct skcipher_instance *inst = skcipher_alg_instance(tfm);
+ struct adiantum_instance_ctx *ictx = skcipher_instance_ctx(inst);
+ struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct crypto_skcipher *streamcipher;
+ struct crypto_cipher *blockcipher;
+ struct crypto_shash *hash;
+ unsigned int subreq_size;
+ int err;
+
+ streamcipher = crypto_spawn_skcipher(&ictx->streamcipher_spawn);
+ if (IS_ERR(streamcipher))
+ return PTR_ERR(streamcipher);
+
+ blockcipher = crypto_spawn_cipher(&ictx->blockcipher_spawn);
+ if (IS_ERR(blockcipher)) {
+ err = PTR_ERR(blockcipher);
+ goto err_free_streamcipher;
+ }
+
+ hash = crypto_spawn_shash(&ictx->hash_spawn);
+ if (IS_ERR(hash)) {
+ err = PTR_ERR(hash);
+ goto err_free_blockcipher;
+ }
+
+ tctx->streamcipher = streamcipher;
+ tctx->blockcipher = blockcipher;
+ tctx->hash = hash;
+
+ BUILD_BUG_ON(offsetofend(struct adiantum_request_ctx, u) !=
+ sizeof(struct adiantum_request_ctx));
+ subreq_size = max(FIELD_SIZEOF(struct adiantum_request_ctx,
+ u.hash_desc) +
+ crypto_shash_descsize(hash),
+ FIELD_SIZEOF(struct adiantum_request_ctx,
+ u.streamcipher_req) +
+ crypto_skcipher_reqsize(streamcipher));
+
+ crypto_skcipher_set_reqsize(tfm,
+ offsetof(struct adiantum_request_ctx, u) +
+ subreq_size);
+ return 0;
+
+err_free_blockcipher:
+ crypto_free_cipher(blockcipher);
+err_free_streamcipher:
+ crypto_free_skcipher(streamcipher);
+ return err;
+}
+
+static void adiantum_exit_tfm(struct crypto_skcipher *tfm)
+{
+ struct adiantum_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+
+ crypto_free_skcipher(tctx->streamcipher);
+ crypto_free_cipher(tctx->blockcipher);
+ crypto_free_shash(tctx->hash);
+}
+
+static void adiantum_free_instance(struct skcipher_instance *inst)
+{
+ struct adiantum_instance_ctx *ictx = skcipher_instance_ctx(inst);
+
+ crypto_drop_skcipher(&ictx->streamcipher_spawn);
+ crypto_drop_spawn(&ictx->blockcipher_spawn);
+ crypto_drop_shash(&ictx->hash_spawn);
+ kfree(inst);
+}
+
+/*
+ * Check for a supported set of inner algorithms.
+ * See the comment at the beginning of this file.
+ */
+static bool adiantum_supported_algorithms(struct skcipher_alg *streamcipher_alg,
+ struct crypto_alg *blockcipher_alg,
+ struct shash_alg *hash_alg)
+{
+ if (strcmp(streamcipher_alg->base.cra_name, "xchacha12") != 0 &&
+ strcmp(streamcipher_alg->base.cra_name, "xchacha20") != 0)
+ return false;
+
+ if (blockcipher_alg->cra_cipher.cia_min_keysize > BLOCKCIPHER_KEY_SIZE ||
+ blockcipher_alg->cra_cipher.cia_max_keysize < BLOCKCIPHER_KEY_SIZE)
+ return false;
+ if (blockcipher_alg->cra_blocksize != BLOCKCIPHER_BLOCK_SIZE)
+ return false;
+
+ if (strcmp(hash_alg->base.cra_name, "nhpoly1305") != 0)
+ return false;
+
+ return true;
+}
+
+static int adiantum_create(struct crypto_template *tmpl, struct rtattr **tb)
+{
+ struct crypto_attr_type *algt;
+ const char *streamcipher_name;
+ const char *blockcipher_name;
+ const char *nhpoly1305_name;
+ struct skcipher_instance *inst;
+ struct adiantum_instance_ctx *ictx;
+ struct skcipher_alg *streamcipher_alg;
+ struct crypto_alg *blockcipher_alg;
+ struct crypto_alg *_hash_alg;
+ struct shash_alg *hash_alg;
+ int err;
+
+ algt = crypto_get_attr_type(tb);
+ if (IS_ERR(algt))
+ return PTR_ERR(algt);
+
+ if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask)
+ return -EINVAL;
+
+ streamcipher_name = crypto_attr_alg_name(tb[1]);
+ if (IS_ERR(streamcipher_name))
+ return PTR_ERR(streamcipher_name);
+
+ blockcipher_name = crypto_attr_alg_name(tb[2]);
+ if (IS_ERR(blockcipher_name))
+ return PTR_ERR(blockcipher_name);
+
+ nhpoly1305_name = crypto_attr_alg_name(tb[3]);
+ if (nhpoly1305_name == ERR_PTR(-ENOENT))
+ nhpoly1305_name = "nhpoly1305";
+ if (IS_ERR(nhpoly1305_name))
+ return PTR_ERR(nhpoly1305_name);
+
+ inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
+ if (!inst)
+ return -ENOMEM;
+ ictx = skcipher_instance_ctx(inst);
+
+ /* Stream cipher, e.g. "xchacha12" */
+ crypto_set_skcipher_spawn(&ictx->streamcipher_spawn,
+ skcipher_crypto_instance(inst));
+ err = crypto_grab_skcipher(&ictx->streamcipher_spawn, streamcipher_name,
+ 0, crypto_requires_sync(algt->type,
+ algt->mask));
+ if (err)
+ goto out_free_inst;
+ streamcipher_alg = crypto_spawn_skcipher_alg(&ictx->streamcipher_spawn);
+
+ /* Block cipher, e.g. "aes" */
+ crypto_set_spawn(&ictx->blockcipher_spawn,
+ skcipher_crypto_instance(inst));
+ err = crypto_grab_spawn(&ictx->blockcipher_spawn, blockcipher_name,
+ CRYPTO_ALG_TYPE_CIPHER, CRYPTO_ALG_TYPE_MASK);
+ if (err)
+ goto out_drop_streamcipher;
+ blockcipher_alg = ictx->blockcipher_spawn.alg;
+
+ /* NHPoly1305 ε-∆U hash function */
+ _hash_alg = crypto_alg_mod_lookup(nhpoly1305_name,
+ CRYPTO_ALG_TYPE_SHASH,
+ CRYPTO_ALG_TYPE_MASK);
+ if (IS_ERR(_hash_alg)) {
+ err = PTR_ERR(_hash_alg);
+ goto out_drop_blockcipher;
+ }
+ hash_alg = __crypto_shash_alg(_hash_alg);
+ err = crypto_init_shash_spawn(&ictx->hash_spawn, hash_alg,
+ skcipher_crypto_instance(inst));
+ if (err)
+ goto out_put_hash;
+
+ /* Check the set of algorithms */
+ if (!adiantum_supported_algorithms(streamcipher_alg, blockcipher_alg,
+ hash_alg)) {
+ pr_warn("Unsupported Adiantum instantiation: (%s,%s,%s)\n",
+ streamcipher_alg->base.cra_name,
+ blockcipher_alg->cra_name, hash_alg->base.cra_name);
+ err = -EINVAL;
+ goto out_drop_hash;
+ }
+
+ /* Instance fields */
+
+ err = -ENAMETOOLONG;
+ if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
+ "adiantum(%s,%s)", streamcipher_alg->base.cra_name,
+ blockcipher_alg->cra_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_drop_hash;
+ if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
+ "adiantum(%s,%s,%s)",
+ streamcipher_alg->base.cra_driver_name,
+ blockcipher_alg->cra_driver_name,
+ hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_drop_hash;
+
+ inst->alg.base.cra_flags = streamcipher_alg->base.cra_flags &
+ CRYPTO_ALG_ASYNC;
+ inst->alg.base.cra_blocksize = BLOCKCIPHER_BLOCK_SIZE;
+ inst->alg.base.cra_ctxsize = sizeof(struct adiantum_tfm_ctx);
+ inst->alg.base.cra_alignmask = streamcipher_alg->base.cra_alignmask |
+ hash_alg->base.cra_alignmask;
+ /*
+ * The block cipher is only invoked once per message, so for long
+ * messages (e.g. sectors for disk encryption) its performance doesn't
+ * matter as much as that of the stream cipher and hash function. Thus,
+ * weigh the block cipher's ->cra_priority less.
+ */
+ inst->alg.base.cra_priority = (4 * streamcipher_alg->base.cra_priority +
+ 2 * hash_alg->base.cra_priority +
+ blockcipher_alg->cra_priority) / 7;
+
+ inst->alg.setkey = adiantum_setkey;
+ inst->alg.encrypt = adiantum_encrypt;
+ inst->alg.decrypt = adiantum_decrypt;
+ inst->alg.init = adiantum_init_tfm;
+ inst->alg.exit = adiantum_exit_tfm;
+ inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(streamcipher_alg);
+ inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(streamcipher_alg);
+ inst->alg.ivsize = TWEAK_SIZE;
+
+ inst->free = adiantum_free_instance;
+
+ err = skcipher_register_instance(tmpl, inst);
+ if (err)
+ goto out_drop_hash;
+
+ crypto_mod_put(_hash_alg);
+ return 0;
+
+out_drop_hash:
+ crypto_drop_shash(&ictx->hash_spawn);
+out_put_hash:
+ crypto_mod_put(_hash_alg);
+out_drop_blockcipher:
+ crypto_drop_spawn(&ictx->blockcipher_spawn);
+out_drop_streamcipher:
+ crypto_drop_skcipher(&ictx->streamcipher_spawn);
+out_free_inst:
+ kfree(inst);
+ return err;
+}
+
+/* adiantum(streamcipher_name, blockcipher_name [, nhpoly1305_name]) */
+static struct crypto_template adiantum_tmpl = {
+ .name = "adiantum",
+ .create = adiantum_create,
+ .module = THIS_MODULE,
+};
+
+static int __init adiantum_module_init(void)
+{
+ return crypto_register_template(&adiantum_tmpl);
+}
+
+static void __exit adiantum_module_exit(void)
+{
+ crypto_unregister_template(&adiantum_tmpl);
+}
+
+subsys_initcall(adiantum_module_init);
+module_exit(adiantum_module_exit);
+
+MODULE_DESCRIPTION("Adiantum length-preserving encryption mode");
+MODULE_LICENSE("GPL v2");
+MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
+MODULE_ALIAS_CRYPTO("adiantum");
diff --git a/crypto/aead.c b/crypto/aead.c
index 60b3bbe..ce03558 100644
--- a/crypto/aead.c
+++ b/crypto/aead.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* AEAD: Authenticated Encryption with Associated Data
*
* This file provides API support for AEAD algorithms.
*
* Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/geniv.h>
@@ -61,8 +56,10 @@
else
err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen);
- if (err)
+ if (unlikely(err)) {
+ crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
return err;
+ }
crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
@@ -73,7 +70,8 @@
{
int err;
- if (authsize > crypto_aead_maxauthsize(tfm))
+ if ((!authsize && crypto_aead_maxauthsize(tfm)) ||
+ authsize > crypto_aead_maxauthsize(tfm))
return -EINVAL;
if (crypto_aead_alg(tfm)->setauthsize) {
@@ -87,6 +85,42 @@
}
EXPORT_SYMBOL_GPL(crypto_aead_setauthsize);
+int crypto_aead_encrypt(struct aead_request *req)
+{
+ struct crypto_aead *aead = crypto_aead_reqtfm(req);
+ struct crypto_alg *alg = aead->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else
+ ret = crypto_aead_alg(aead)->encrypt(req);
+ crypto_stats_aead_encrypt(cryptlen, alg, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_aead_encrypt);
+
+int crypto_aead_decrypt(struct aead_request *req)
+{
+ struct crypto_aead *aead = crypto_aead_reqtfm(req);
+ struct crypto_alg *alg = aead->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_aead_get_flags(aead) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else if (req->cryptlen < crypto_aead_authsize(aead))
+ ret = -EINVAL;
+ else
+ ret = crypto_aead_alg(aead)->decrypt(req);
+ crypto_stats_aead_decrypt(cryptlen, alg, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_aead_decrypt);
+
static void crypto_aead_exit_tfm(struct crypto_tfm *tfm)
{
struct crypto_aead *aead = __crypto_aead_cast(tfm);
@@ -119,20 +153,16 @@
struct crypto_report_aead raead;
struct aead_alg *aead = container_of(alg, struct aead_alg, base);
- strncpy(raead.type, "aead", sizeof(raead.type));
- strncpy(raead.geniv, "<none>", sizeof(raead.geniv));
+ memset(&raead, 0, sizeof(raead));
+
+ strscpy(raead.type, "aead", sizeof(raead.type));
+ strscpy(raead.geniv, "<none>", sizeof(raead.geniv));
raead.blocksize = alg->cra_blocksize;
raead.maxauthsize = aead->maxauthsize;
raead.ivsize = aead->ivsize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_AEAD,
- sizeof(struct crypto_report_aead), &raead))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_AEAD, sizeof(raead), &raead);
}
#else
static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/aegis.h b/crypto/aegis.h
index 405e025..6920ebe 100644
--- a/crypto/aegis.h
+++ b/crypto/aegis.h
@@ -1,20 +1,16 @@
-/* SPDX-License-Identifier: GPL-2.0 */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* AEGIS common definitions
*
* Copyright (c) 2018 Ondrej Mosnacek <omosnacek@gmail.com>
* Copyright (c) 2018 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
*/
#ifndef _CRYPTO_AEGIS_H
#define _CRYPTO_AEGIS_H
#include <crypto/aes.h>
+#include <linux/bitops.h>
#include <linux/types.h>
#define AEGIS_BLOCK_SIZE 16
@@ -28,46 +24,32 @@
#define AEGIS_BLOCK_ALIGN (__alignof__(union aegis_block))
#define AEGIS_ALIGNED(p) IS_ALIGNED((uintptr_t)p, AEGIS_BLOCK_ALIGN)
-static const union aegis_block crypto_aegis_const[2] = {
- { .words64 = {
- cpu_to_le64(U64_C(0x0d08050302010100)),
- cpu_to_le64(U64_C(0x6279e99059372215)),
- } },
- { .words64 = {
- cpu_to_le64(U64_C(0xf12fc26d55183ddb)),
- cpu_to_le64(U64_C(0xdd28b57342311120)),
- } },
-};
-
-static void crypto_aegis_block_xor(union aegis_block *dst,
- const union aegis_block *src)
+static __always_inline void crypto_aegis_block_xor(union aegis_block *dst,
+ const union aegis_block *src)
{
dst->words64[0] ^= src->words64[0];
dst->words64[1] ^= src->words64[1];
}
-static void crypto_aegis_block_and(union aegis_block *dst,
- const union aegis_block *src)
+static __always_inline void crypto_aegis_block_and(union aegis_block *dst,
+ const union aegis_block *src)
{
dst->words64[0] &= src->words64[0];
dst->words64[1] &= src->words64[1];
}
-static void crypto_aegis_aesenc(union aegis_block *dst,
- const union aegis_block *src,
- const union aegis_block *key)
+static __always_inline void crypto_aegis_aesenc(union aegis_block *dst,
+ const union aegis_block *src,
+ const union aegis_block *key)
{
const u8 *s = src->bytes;
- const u32 *t0 = crypto_ft_tab[0];
- const u32 *t1 = crypto_ft_tab[1];
- const u32 *t2 = crypto_ft_tab[2];
- const u32 *t3 = crypto_ft_tab[3];
+ const u32 *t = crypto_ft_tab[0];
u32 d0, d1, d2, d3;
- d0 = t0[s[ 0]] ^ t1[s[ 5]] ^ t2[s[10]] ^ t3[s[15]];
- d1 = t0[s[ 4]] ^ t1[s[ 9]] ^ t2[s[14]] ^ t3[s[ 3]];
- d2 = t0[s[ 8]] ^ t1[s[13]] ^ t2[s[ 2]] ^ t3[s[ 7]];
- d3 = t0[s[12]] ^ t1[s[ 1]] ^ t2[s[ 6]] ^ t3[s[11]];
+ d0 = t[s[ 0]] ^ rol32(t[s[ 5]], 8) ^ rol32(t[s[10]], 16) ^ rol32(t[s[15]], 24);
+ d1 = t[s[ 4]] ^ rol32(t[s[ 9]], 8) ^ rol32(t[s[14]], 16) ^ rol32(t[s[ 3]], 24);
+ d2 = t[s[ 8]] ^ rol32(t[s[13]], 8) ^ rol32(t[s[ 2]], 16) ^ rol32(t[s[ 7]], 24);
+ d3 = t[s[12]] ^ rol32(t[s[ 1]], 8) ^ rol32(t[s[ 6]], 16) ^ rol32(t[s[11]], 24);
dst->words32[0] = cpu_to_le32(d0) ^ key->words32[0];
dst->words32[1] = cpu_to_le32(d1) ^ key->words32[1];
diff --git a/crypto/aegis128.c b/crypto/aegis128-core.c
similarity index 84%
rename from crypto/aegis128.c
rename to crypto/aegis128-core.c
index c22f441..80e7361 100644
--- a/crypto/aegis128.c
+++ b/crypto/aegis128-core.c
@@ -1,17 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* The AEGIS-128 Authenticated-Encryption Algorithm
*
* Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
* Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
*/
#include <crypto/algapi.h>
#include <crypto/internal/aead.h>
+#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <crypto/scatterwalk.h>
#include <linux/err.h>
@@ -20,6 +17,8 @@
#include <linux/module.h>
#include <linux/scatterlist.h>
+#include <asm/simd.h>
+
#include "aegis.h"
#define AEGIS128_NONCE_SIZE 16
@@ -44,6 +43,35 @@
const u8 *src, unsigned int size);
};
+static bool have_simd;
+
+static const union aegis_block crypto_aegis_const[2] = {
+ { .words64 = {
+ cpu_to_le64(U64_C(0x0d08050302010100)),
+ cpu_to_le64(U64_C(0x6279e99059372215)),
+ } },
+ { .words64 = {
+ cpu_to_le64(U64_C(0xf12fc26d55183ddb)),
+ cpu_to_le64(U64_C(0xdd28b57342311120)),
+ } },
+};
+
+static bool aegis128_do_simd(void)
+{
+#ifdef CONFIG_CRYPTO_AEGIS128_SIMD
+ if (have_simd)
+ return crypto_simd_usable();
+#endif
+ return false;
+}
+
+bool crypto_aegis128_have_simd(void);
+void crypto_aegis128_update_simd(struct aegis_state *state, const void *msg);
+void crypto_aegis128_encrypt_chunk_simd(struct aegis_state *state, u8 *dst,
+ const u8 *src, unsigned int size);
+void crypto_aegis128_decrypt_chunk_simd(struct aegis_state *state, u8 *dst,
+ const u8 *src, unsigned int size);
+
static void crypto_aegis128_update(struct aegis_state *state)
{
union aegis_block tmp;
@@ -59,12 +87,22 @@
static void crypto_aegis128_update_a(struct aegis_state *state,
const union aegis_block *msg)
{
+ if (aegis128_do_simd()) {
+ crypto_aegis128_update_simd(state, msg);
+ return;
+ }
+
crypto_aegis128_update(state);
crypto_aegis_block_xor(&state->blocks[0], msg);
}
static void crypto_aegis128_update_u(struct aegis_state *state, const void *msg)
{
+ if (aegis128_do_simd()) {
+ crypto_aegis128_update_simd(state, msg);
+ return;
+ }
+
crypto_aegis128_update(state);
crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE);
}
@@ -290,19 +328,19 @@
const struct aegis128_ops *ops)
{
struct skcipher_walk walk;
- u8 *src, *dst;
- unsigned int chunksize;
ops->skcipher_walk_init(&walk, req, false);
while (walk.nbytes) {
- src = walk.src.virt.addr;
- dst = walk.dst.virt.addr;
- chunksize = walk.nbytes;
+ unsigned int nbytes = walk.nbytes;
- ops->crypt_chunk(state, dst, src, chunksize);
+ if (nbytes < walk.total)
+ nbytes = round_down(nbytes, walk.stride);
- skcipher_walk_done(&walk, 0);
+ ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr,
+ nbytes);
+
+ skcipher_walk_done(&walk, walk.nbytes - nbytes);
}
}
@@ -369,7 +407,7 @@
static int crypto_aegis128_encrypt(struct aead_request *req)
{
- static const struct aegis128_ops ops = {
+ const struct aegis128_ops *ops = &(struct aegis128_ops){
.skcipher_walk_init = skcipher_walk_aead_encrypt,
.crypt_chunk = crypto_aegis128_encrypt_chunk,
};
@@ -379,7 +417,12 @@
unsigned int authsize = crypto_aead_authsize(tfm);
unsigned int cryptlen = req->cryptlen;
- crypto_aegis128_crypt(req, &tag, cryptlen, &ops);
+ if (aegis128_do_simd())
+ ops = &(struct aegis128_ops){
+ .skcipher_walk_init = skcipher_walk_aead_encrypt,
+ .crypt_chunk = crypto_aegis128_encrypt_chunk_simd };
+
+ crypto_aegis128_crypt(req, &tag, cryptlen, ops);
scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
authsize, 1);
@@ -388,7 +431,7 @@
static int crypto_aegis128_decrypt(struct aead_request *req)
{
- static const struct aegis128_ops ops = {
+ const struct aegis128_ops *ops = &(struct aegis128_ops){
.skcipher_walk_init = skcipher_walk_aead_decrypt,
.crypt_chunk = crypto_aegis128_decrypt_chunk,
};
@@ -402,27 +445,21 @@
scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
authsize, 0);
- crypto_aegis128_crypt(req, &tag, cryptlen, &ops);
+ if (aegis128_do_simd())
+ ops = &(struct aegis128_ops){
+ .skcipher_walk_init = skcipher_walk_aead_decrypt,
+ .crypt_chunk = crypto_aegis128_decrypt_chunk_simd };
+
+ crypto_aegis128_crypt(req, &tag, cryptlen, ops);
return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
}
-static int crypto_aegis128_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_aegis128_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
static struct aead_alg crypto_aegis128_alg = {
.setkey = crypto_aegis128_setkey,
.setauthsize = crypto_aegis128_setauthsize,
.encrypt = crypto_aegis128_encrypt,
.decrypt = crypto_aegis128_decrypt,
- .init = crypto_aegis128_init_tfm,
- .exit = crypto_aegis128_exit_tfm,
.ivsize = AEGIS128_NONCE_SIZE,
.maxauthsize = AEGIS128_MAX_AUTH_SIZE,
@@ -444,6 +481,9 @@
static int __init crypto_aegis128_module_init(void)
{
+ if (IS_ENABLED(CONFIG_CRYPTO_AEGIS128_SIMD))
+ have_simd = crypto_aegis128_have_simd();
+
return crypto_register_aead(&crypto_aegis128_alg);
}
@@ -452,7 +492,7 @@
crypto_unregister_aead(&crypto_aegis128_alg);
}
-module_init(crypto_aegis128_module_init);
+subsys_initcall(crypto_aegis128_module_init);
module_exit(crypto_aegis128_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/aegis128-neon-inner.c b/crypto/aegis128-neon-inner.c
new file mode 100644
index 0000000..f05310c
--- /dev/null
+++ b/crypto/aegis128-neon-inner.c
@@ -0,0 +1,212 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
+ */
+
+#ifdef CONFIG_ARM64
+#include <asm/neon-intrinsics.h>
+
+#define AES_ROUND "aese %0.16b, %1.16b \n\t aesmc %0.16b, %0.16b"
+#else
+#include <arm_neon.h>
+
+#define AES_ROUND "aese.8 %q0, %q1 \n\t aesmc.8 %q0, %q0"
+#endif
+
+#define AEGIS_BLOCK_SIZE 16
+
+#include <stddef.h>
+
+extern int aegis128_have_aes_insn;
+
+void *memcpy(void *dest, const void *src, size_t n);
+void *memset(void *s, int c, size_t n);
+
+struct aegis128_state {
+ uint8x16_t v[5];
+};
+
+extern const uint8_t crypto_aes_sbox[];
+
+static struct aegis128_state aegis128_load_state_neon(const void *state)
+{
+ return (struct aegis128_state){ {
+ vld1q_u8(state),
+ vld1q_u8(state + 16),
+ vld1q_u8(state + 32),
+ vld1q_u8(state + 48),
+ vld1q_u8(state + 64)
+ } };
+}
+
+static void aegis128_save_state_neon(struct aegis128_state st, void *state)
+{
+ vst1q_u8(state, st.v[0]);
+ vst1q_u8(state + 16, st.v[1]);
+ vst1q_u8(state + 32, st.v[2]);
+ vst1q_u8(state + 48, st.v[3]);
+ vst1q_u8(state + 64, st.v[4]);
+}
+
+static inline __attribute__((always_inline))
+uint8x16_t aegis_aes_round(uint8x16_t w)
+{
+ uint8x16_t z = {};
+
+#ifdef CONFIG_ARM64
+ if (!__builtin_expect(aegis128_have_aes_insn, 1)) {
+ static const uint8_t shift_rows[] = {
+ 0x0, 0x5, 0xa, 0xf, 0x4, 0x9, 0xe, 0x3,
+ 0x8, 0xd, 0x2, 0x7, 0xc, 0x1, 0x6, 0xb,
+ };
+ static const uint8_t ror32by8[] = {
+ 0x1, 0x2, 0x3, 0x0, 0x5, 0x6, 0x7, 0x4,
+ 0x9, 0xa, 0xb, 0x8, 0xd, 0xe, 0xf, 0xc,
+ };
+ uint8x16_t v;
+
+ // shift rows
+ w = vqtbl1q_u8(w, vld1q_u8(shift_rows));
+
+ // sub bytes
+#ifndef CONFIG_CC_IS_GCC
+ v = vqtbl4q_u8(vld1q_u8_x4(crypto_aes_sbox), w);
+ v = vqtbx4q_u8(v, vld1q_u8_x4(crypto_aes_sbox + 0x40), w - 0x40);
+ v = vqtbx4q_u8(v, vld1q_u8_x4(crypto_aes_sbox + 0x80), w - 0x80);
+ v = vqtbx4q_u8(v, vld1q_u8_x4(crypto_aes_sbox + 0xc0), w - 0xc0);
+#else
+ asm("tbl %0.16b, {v16.16b-v19.16b}, %1.16b" : "=w"(v) : "w"(w));
+ w -= 0x40;
+ asm("tbx %0.16b, {v20.16b-v23.16b}, %1.16b" : "+w"(v) : "w"(w));
+ w -= 0x40;
+ asm("tbx %0.16b, {v24.16b-v27.16b}, %1.16b" : "+w"(v) : "w"(w));
+ w -= 0x40;
+ asm("tbx %0.16b, {v28.16b-v31.16b}, %1.16b" : "+w"(v) : "w"(w));
+#endif
+
+ // mix columns
+ w = (v << 1) ^ (uint8x16_t)(((int8x16_t)v >> 7) & 0x1b);
+ w ^= (uint8x16_t)vrev32q_u16((uint16x8_t)v);
+ w ^= vqtbl1q_u8(v ^ w, vld1q_u8(ror32by8));
+
+ return w;
+ }
+#endif
+
+ /*
+ * We use inline asm here instead of the vaeseq_u8/vaesmcq_u8 intrinsics
+ * to force the compiler to issue the aese/aesmc instructions in pairs.
+ * This is much faster on many cores, where the instruction pair can
+ * execute in a single cycle.
+ */
+ asm(AES_ROUND : "+w"(w) : "w"(z));
+ return w;
+}
+
+static inline __attribute__((always_inline))
+struct aegis128_state aegis128_update_neon(struct aegis128_state st,
+ uint8x16_t m)
+{
+ m ^= aegis_aes_round(st.v[4]);
+ st.v[4] ^= aegis_aes_round(st.v[3]);
+ st.v[3] ^= aegis_aes_round(st.v[2]);
+ st.v[2] ^= aegis_aes_round(st.v[1]);
+ st.v[1] ^= aegis_aes_round(st.v[0]);
+ st.v[0] ^= m;
+
+ return st;
+}
+
+static inline __attribute__((always_inline))
+void preload_sbox(void)
+{
+ if (!IS_ENABLED(CONFIG_ARM64) ||
+ !IS_ENABLED(CONFIG_CC_IS_GCC) ||
+ __builtin_expect(aegis128_have_aes_insn, 1))
+ return;
+
+ asm("ld1 {v16.16b-v19.16b}, [%0], #64 \n\t"
+ "ld1 {v20.16b-v23.16b}, [%0], #64 \n\t"
+ "ld1 {v24.16b-v27.16b}, [%0], #64 \n\t"
+ "ld1 {v28.16b-v31.16b}, [%0] \n\t"
+ :: "r"(crypto_aes_sbox));
+}
+
+void crypto_aegis128_update_neon(void *state, const void *msg)
+{
+ struct aegis128_state st = aegis128_load_state_neon(state);
+
+ preload_sbox();
+
+ st = aegis128_update_neon(st, vld1q_u8(msg));
+
+ aegis128_save_state_neon(st, state);
+}
+
+void crypto_aegis128_encrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size)
+{
+ struct aegis128_state st = aegis128_load_state_neon(state);
+ uint8x16_t msg;
+
+ preload_sbox();
+
+ while (size >= AEGIS_BLOCK_SIZE) {
+ uint8x16_t s = st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+
+ msg = vld1q_u8(src);
+ st = aegis128_update_neon(st, msg);
+ vst1q_u8(dst, msg ^ s);
+
+ size -= AEGIS_BLOCK_SIZE;
+ src += AEGIS_BLOCK_SIZE;
+ dst += AEGIS_BLOCK_SIZE;
+ }
+
+ if (size > 0) {
+ uint8x16_t s = st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+ uint8_t buf[AEGIS_BLOCK_SIZE] = {};
+
+ memcpy(buf, src, size);
+ msg = vld1q_u8(buf);
+ st = aegis128_update_neon(st, msg);
+ vst1q_u8(buf, msg ^ s);
+ memcpy(dst, buf, size);
+ }
+
+ aegis128_save_state_neon(st, state);
+}
+
+void crypto_aegis128_decrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size)
+{
+ struct aegis128_state st = aegis128_load_state_neon(state);
+ uint8x16_t msg;
+
+ preload_sbox();
+
+ while (size >= AEGIS_BLOCK_SIZE) {
+ msg = vld1q_u8(src) ^ st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+ st = aegis128_update_neon(st, msg);
+ vst1q_u8(dst, msg);
+
+ size -= AEGIS_BLOCK_SIZE;
+ src += AEGIS_BLOCK_SIZE;
+ dst += AEGIS_BLOCK_SIZE;
+ }
+
+ if (size > 0) {
+ uint8x16_t s = st.v[1] ^ (st.v[2] & st.v[3]) ^ st.v[4];
+ uint8_t buf[AEGIS_BLOCK_SIZE];
+
+ vst1q_u8(buf, s);
+ memcpy(buf, src, size);
+ msg = vld1q_u8(buf) ^ s;
+ vst1q_u8(buf, msg);
+ memcpy(dst, buf, size);
+
+ st = aegis128_update_neon(st, msg);
+ }
+
+ aegis128_save_state_neon(st, state);
+}
diff --git a/crypto/aegis128-neon.c b/crypto/aegis128-neon.c
new file mode 100644
index 0000000..751f9c1
--- /dev/null
+++ b/crypto/aegis128-neon.c
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * Copyright (C) 2019 Linaro Ltd <ard.biesheuvel@linaro.org>
+ */
+
+#include <asm/cpufeature.h>
+#include <asm/neon.h>
+
+#include "aegis.h"
+
+void crypto_aegis128_update_neon(void *state, const void *msg);
+void crypto_aegis128_encrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size);
+void crypto_aegis128_decrypt_chunk_neon(void *state, void *dst, const void *src,
+ unsigned int size);
+
+int aegis128_have_aes_insn __ro_after_init;
+
+bool crypto_aegis128_have_simd(void)
+{
+ if (cpu_have_feature(cpu_feature(AES))) {
+ aegis128_have_aes_insn = 1;
+ return true;
+ }
+ return IS_ENABLED(CONFIG_ARM64);
+}
+
+void crypto_aegis128_update_simd(union aegis_block *state, const void *msg)
+{
+ kernel_neon_begin();
+ crypto_aegis128_update_neon(state, msg);
+ kernel_neon_end();
+}
+
+void crypto_aegis128_encrypt_chunk_simd(union aegis_block *state, u8 *dst,
+ const u8 *src, unsigned int size)
+{
+ kernel_neon_begin();
+ crypto_aegis128_encrypt_chunk_neon(state, dst, src, size);
+ kernel_neon_end();
+}
+
+void crypto_aegis128_decrypt_chunk_simd(union aegis_block *state, u8 *dst,
+ const u8 *src, unsigned int size)
+{
+ kernel_neon_begin();
+ crypto_aegis128_decrypt_chunk_neon(state, dst, src, size);
+ kernel_neon_end();
+}
diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c
deleted file mode 100644
index b6fb21e..0000000
--- a/crypto/aegis128l.c
+++ /dev/null
@@ -1,526 +0,0 @@
-/*
- * The AEGIS-128L Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#include "aegis.h"
-
-#define AEGIS128L_CHUNK_BLOCKS 2
-#define AEGIS128L_CHUNK_SIZE (AEGIS128L_CHUNK_BLOCKS * AEGIS_BLOCK_SIZE)
-#define AEGIS128L_NONCE_SIZE 16
-#define AEGIS128L_STATE_BLOCKS 8
-#define AEGIS128L_KEY_SIZE 16
-#define AEGIS128L_MIN_AUTH_SIZE 8
-#define AEGIS128L_MAX_AUTH_SIZE 16
-
-union aegis_chunk {
- union aegis_block blocks[AEGIS128L_CHUNK_BLOCKS];
- u8 bytes[AEGIS128L_CHUNK_SIZE];
-};
-
-struct aegis_state {
- union aegis_block blocks[AEGIS128L_STATE_BLOCKS];
-};
-
-struct aegis_ctx {
- union aegis_block key;
-};
-
-struct aegis128l_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size);
-};
-
-static void crypto_aegis128l_update(struct aegis_state *state)
-{
- union aegis_block tmp;
- unsigned int i;
-
- tmp = state->blocks[AEGIS128L_STATE_BLOCKS - 1];
- for (i = AEGIS128L_STATE_BLOCKS - 1; i > 0; i--)
- crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1],
- &state->blocks[i]);
- crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]);
-}
-
-static void crypto_aegis128l_update_a(struct aegis_state *state,
- const union aegis_chunk *msg)
-{
- crypto_aegis128l_update(state);
- crypto_aegis_block_xor(&state->blocks[0], &msg->blocks[0]);
- crypto_aegis_block_xor(&state->blocks[4], &msg->blocks[1]);
-}
-
-static void crypto_aegis128l_update_u(struct aegis_state *state,
- const void *msg)
-{
- crypto_aegis128l_update(state);
- crypto_xor(state->blocks[0].bytes, msg + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
- crypto_xor(state->blocks[4].bytes, msg + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-}
-
-static void crypto_aegis128l_init(struct aegis_state *state,
- const union aegis_block *key,
- const u8 *iv)
-{
- union aegis_block key_iv;
- union aegis_chunk chunk;
- unsigned int i;
-
- memcpy(chunk.blocks[0].bytes, iv, AEGIS_BLOCK_SIZE);
- chunk.blocks[1] = *key;
-
- key_iv = *key;
- crypto_aegis_block_xor(&key_iv, &chunk.blocks[0]);
-
- state->blocks[0] = key_iv;
- state->blocks[1] = crypto_aegis_const[1];
- state->blocks[2] = crypto_aegis_const[0];
- state->blocks[3] = crypto_aegis_const[1];
- state->blocks[4] = key_iv;
- state->blocks[5] = *key;
- state->blocks[6] = *key;
- state->blocks[7] = *key;
-
- crypto_aegis_block_xor(&state->blocks[5], &crypto_aegis_const[0]);
- crypto_aegis_block_xor(&state->blocks[6], &crypto_aegis_const[1]);
- crypto_aegis_block_xor(&state->blocks[7], &crypto_aegis_const[0]);
-
- for (i = 0; i < 10; i++) {
- crypto_aegis128l_update_a(state, &chunk);
- }
-}
-
-static void crypto_aegis128l_ad(struct aegis_state *state,
- const u8 *src, unsigned int size)
-{
- if (AEGIS_ALIGNED(src)) {
- const union aegis_chunk *src_chunk =
- (const union aegis_chunk *)src;
-
- while (size >= AEGIS128L_CHUNK_SIZE) {
- crypto_aegis128l_update_a(state, src_chunk);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src_chunk += 1;
- }
- } else {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- crypto_aegis128l_update_u(state, src);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- }
- }
-}
-
-static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_chunk tmp;
- union aegis_block *tmp0 = &tmp.blocks[0];
- union aegis_block *tmp1 = &tmp.blocks[1];
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- union aegis_chunk *dst_blk =
- (union aegis_chunk *)dst;
- const union aegis_chunk *src_blk =
- (const union aegis_chunk *)src;
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_aegis_block_xor(tmp0, &src_blk->blocks[0]);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_aegis_block_xor(tmp1, &src_blk->blocks[1]);
-
- crypto_aegis128l_update_a(state, src_blk);
-
- *dst_blk = tmp;
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- } else {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_xor(tmp0->bytes, src + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_xor(tmp1->bytes, src + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- crypto_aegis128l_update_u(state, src);
-
- memcpy(dst, tmp.bytes, AEGIS128L_CHUNK_SIZE);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_chunk msg = {};
- memcpy(msg.bytes, src, size);
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
-
- crypto_aegis128l_update_a(state, &msg);
-
- crypto_aegis_block_xor(&msg.blocks[0], tmp0);
- crypto_aegis_block_xor(&msg.blocks[1], tmp1);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_chunk tmp;
- union aegis_block *tmp0 = &tmp.blocks[0];
- union aegis_block *tmp1 = &tmp.blocks[1];
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- union aegis_chunk *dst_blk =
- (union aegis_chunk *)dst;
- const union aegis_chunk *src_blk =
- (const union aegis_chunk *)src;
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_aegis_block_xor(tmp0, &src_blk->blocks[0]);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_aegis_block_xor(tmp1, &src_blk->blocks[1]);
-
- crypto_aegis128l_update_a(state, &tmp);
-
- *dst_blk = tmp;
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- } else {
- while (size >= AEGIS128L_CHUNK_SIZE) {
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_xor(tmp0->bytes, src + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_xor(tmp1->bytes, src + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- crypto_aegis128l_update_a(state, &tmp);
-
- memcpy(dst, tmp.bytes, AEGIS128L_CHUNK_SIZE);
-
- size -= AEGIS128L_CHUNK_SIZE;
- src += AEGIS128L_CHUNK_SIZE;
- dst += AEGIS128L_CHUNK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_chunk msg = {};
- memcpy(msg.bytes, src, size);
-
- *tmp0 = state->blocks[2];
- crypto_aegis_block_and(tmp0, &state->blocks[3]);
- crypto_aegis_block_xor(tmp0, &state->blocks[6]);
- crypto_aegis_block_xor(tmp0, &state->blocks[1]);
- crypto_aegis_block_xor(&msg.blocks[0], tmp0);
-
- *tmp1 = state->blocks[6];
- crypto_aegis_block_and(tmp1, &state->blocks[7]);
- crypto_aegis_block_xor(tmp1, &state->blocks[5]);
- crypto_aegis_block_xor(tmp1, &state->blocks[2]);
- crypto_aegis_block_xor(&msg.blocks[1], tmp1);
-
- memset(msg.bytes + size, 0, AEGIS128L_CHUNK_SIZE - size);
-
- crypto_aegis128l_update_a(state, &msg);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis128l_process_ad(struct aegis_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- union aegis_chunk buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= AEGIS128L_CHUNK_SIZE) {
- if (pos > 0) {
- unsigned int fill = AEGIS128L_CHUNK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
- crypto_aegis128l_update_a(state, &buf);
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_aegis128l_ad(state, src, left);
- src += left & ~(AEGIS128L_CHUNK_SIZE - 1);
- left &= AEGIS128L_CHUNK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, AEGIS128L_CHUNK_SIZE - pos);
- crypto_aegis128l_update_a(state, &buf);
- }
-}
-
-static void crypto_aegis128l_process_crypt(struct aegis_state *state,
- struct aead_request *req,
- const struct aegis128l_ops *ops)
-{
- struct skcipher_walk walk;
- u8 *src, *dst;
- unsigned int chunksize;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- src = walk.src.virt.addr;
- dst = walk.dst.virt.addr;
- chunksize = walk.nbytes;
-
- ops->crypt_chunk(state, dst, src, chunksize);
-
- skcipher_walk_done(&walk, 0);
- }
-}
-
-static void crypto_aegis128l_final(struct aegis_state *state,
- union aegis_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- u64 assocbits = assoclen * 8;
- u64 cryptbits = cryptlen * 8;
-
- union aegis_chunk tmp;
- unsigned int i;
-
- tmp.blocks[0].words64[0] = cpu_to_le64(assocbits);
- tmp.blocks[0].words64[1] = cpu_to_le64(cryptbits);
-
- crypto_aegis_block_xor(&tmp.blocks[0], &state->blocks[2]);
-
- tmp.blocks[1] = tmp.blocks[0];
- for (i = 0; i < 7; i++)
- crypto_aegis128l_update_a(state, &tmp);
-
- for (i = 0; i < 7; i++)
- crypto_aegis_block_xor(tag_xor, &state->blocks[i]);
-}
-
-static int crypto_aegis128l_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct aegis_ctx *ctx = crypto_aead_ctx(aead);
-
- if (keylen != AEGIS128L_KEY_SIZE) {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- memcpy(ctx->key.bytes, key, AEGIS128L_KEY_SIZE);
- return 0;
-}
-
-static int crypto_aegis128l_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- if (authsize > AEGIS128L_MAX_AUTH_SIZE)
- return -EINVAL;
- if (authsize < AEGIS128L_MIN_AUTH_SIZE)
- return -EINVAL;
- return 0;
-}
-
-static void crypto_aegis128l_crypt(struct aead_request *req,
- union aegis_block *tag_xor,
- unsigned int cryptlen,
- const struct aegis128l_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct aegis_ctx *ctx = crypto_aead_ctx(tfm);
- struct aegis_state state;
-
- crypto_aegis128l_init(&state, &ctx->key, req->iv);
- crypto_aegis128l_process_ad(&state, req->src, req->assoclen);
- crypto_aegis128l_process_crypt(&state, req, ops);
- crypto_aegis128l_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_aegis128l_encrypt(struct aead_request *req)
-{
- static const struct aegis128l_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_aegis128l_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag = {};
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_aegis128l_crypt(req, &tag, cryptlen, &ops);
-
- scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
- authsize, 1);
- return 0;
-}
-
-static int crypto_aegis128l_decrypt(struct aead_request *req)
-{
- static const struct aegis128l_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_aegis128l_decrypt_chunk,
- };
- static const u8 zeros[AEGIS128L_MAX_AUTH_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
- authsize, 0);
-
- crypto_aegis128l_crypt(req, &tag, cryptlen, &ops);
-
- return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_aegis128l_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_aegis128l_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_aegis128l_alg = {
- .setkey = crypto_aegis128l_setkey,
- .setauthsize = crypto_aegis128l_setauthsize,
- .encrypt = crypto_aegis128l_encrypt,
- .decrypt = crypto_aegis128l_decrypt,
- .init = crypto_aegis128l_init_tfm,
- .exit = crypto_aegis128l_exit_tfm,
-
- .ivsize = AEGIS128L_NONCE_SIZE,
- .maxauthsize = AEGIS128L_MAX_AUTH_SIZE,
- .chunksize = AEGIS128L_CHUNK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct aegis_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "aegis128l",
- .cra_driver_name = "aegis128l-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-static int __init crypto_aegis128l_module_init(void)
-{
- return crypto_register_aead(&crypto_aegis128l_alg);
-}
-
-static void __exit crypto_aegis128l_module_exit(void)
-{
- crypto_unregister_aead(&crypto_aegis128l_alg);
-}
-
-module_init(crypto_aegis128l_module_init);
-module_exit(crypto_aegis128l_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("AEGIS-128L AEAD algorithm");
-MODULE_ALIAS_CRYPTO("aegis128l");
-MODULE_ALIAS_CRYPTO("aegis128l-generic");
diff --git a/crypto/aegis256.c b/crypto/aegis256.c
deleted file mode 100644
index 11f0f8e..0000000
--- a/crypto/aegis256.c
+++ /dev/null
@@ -1,477 +0,0 @@
-/*
- * The AEGIS-256 Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2017-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#include "aegis.h"
-
-#define AEGIS256_NONCE_SIZE 32
-#define AEGIS256_STATE_BLOCKS 6
-#define AEGIS256_KEY_SIZE 32
-#define AEGIS256_MIN_AUTH_SIZE 8
-#define AEGIS256_MAX_AUTH_SIZE 16
-
-struct aegis_state {
- union aegis_block blocks[AEGIS256_STATE_BLOCKS];
-};
-
-struct aegis_ctx {
- union aegis_block key[AEGIS256_KEY_SIZE / AEGIS_BLOCK_SIZE];
-};
-
-struct aegis256_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size);
-};
-
-static void crypto_aegis256_update(struct aegis_state *state)
-{
- union aegis_block tmp;
- unsigned int i;
-
- tmp = state->blocks[AEGIS256_STATE_BLOCKS - 1];
- for (i = AEGIS256_STATE_BLOCKS - 1; i > 0; i--)
- crypto_aegis_aesenc(&state->blocks[i], &state->blocks[i - 1],
- &state->blocks[i]);
- crypto_aegis_aesenc(&state->blocks[0], &tmp, &state->blocks[0]);
-}
-
-static void crypto_aegis256_update_a(struct aegis_state *state,
- const union aegis_block *msg)
-{
- crypto_aegis256_update(state);
- crypto_aegis_block_xor(&state->blocks[0], msg);
-}
-
-static void crypto_aegis256_update_u(struct aegis_state *state, const void *msg)
-{
- crypto_aegis256_update(state);
- crypto_xor(state->blocks[0].bytes, msg, AEGIS_BLOCK_SIZE);
-}
-
-static void crypto_aegis256_init(struct aegis_state *state,
- const union aegis_block *key,
- const u8 *iv)
-{
- union aegis_block key_iv[2];
- unsigned int i;
-
- key_iv[0] = key[0];
- key_iv[1] = key[1];
- crypto_xor(key_iv[0].bytes, iv + 0 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
- crypto_xor(key_iv[1].bytes, iv + 1 * AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
-
- state->blocks[0] = key_iv[0];
- state->blocks[1] = key_iv[1];
- state->blocks[2] = crypto_aegis_const[1];
- state->blocks[3] = crypto_aegis_const[0];
- state->blocks[4] = key[0];
- state->blocks[5] = key[1];
-
- crypto_aegis_block_xor(&state->blocks[4], &crypto_aegis_const[0]);
- crypto_aegis_block_xor(&state->blocks[5], &crypto_aegis_const[1]);
-
- for (i = 0; i < 4; i++) {
- crypto_aegis256_update_a(state, &key[0]);
- crypto_aegis256_update_a(state, &key[1]);
- crypto_aegis256_update_a(state, &key_iv[0]);
- crypto_aegis256_update_a(state, &key_iv[1]);
- }
-}
-
-static void crypto_aegis256_ad(struct aegis_state *state,
- const u8 *src, unsigned int size)
-{
- if (AEGIS_ALIGNED(src)) {
- const union aegis_block *src_blk =
- (const union aegis_block *)src;
-
- while (size >= AEGIS_BLOCK_SIZE) {
- crypto_aegis256_update_a(state, src_blk);
-
- size -= AEGIS_BLOCK_SIZE;
- src_blk++;
- }
- } else {
- while (size >= AEGIS_BLOCK_SIZE) {
- crypto_aegis256_update_u(state, src);
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- }
- }
-}
-
-static void crypto_aegis256_encrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_block tmp;
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS_BLOCK_SIZE) {
- union aegis_block *dst_blk =
- (union aegis_block *)dst;
- const union aegis_block *src_blk =
- (const union aegis_block *)src;
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_aegis_block_xor(&tmp, src_blk);
-
- crypto_aegis256_update_a(state, src_blk);
-
- *dst_blk = tmp;
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- } else {
- while (size >= AEGIS_BLOCK_SIZE) {
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE);
-
- crypto_aegis256_update_u(state, src);
-
- memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE);
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_block msg = {};
- memcpy(msg.bytes, src, size);
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
-
- crypto_aegis256_update_a(state, &msg);
-
- crypto_aegis_block_xor(&msg, &tmp);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis256_decrypt_chunk(struct aegis_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- union aegis_block tmp;
-
- if (AEGIS_ALIGNED(src) && AEGIS_ALIGNED(dst)) {
- while (size >= AEGIS_BLOCK_SIZE) {
- union aegis_block *dst_blk =
- (union aegis_block *)dst;
- const union aegis_block *src_blk =
- (const union aegis_block *)src;
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_aegis_block_xor(&tmp, src_blk);
-
- crypto_aegis256_update_a(state, &tmp);
-
- *dst_blk = tmp;
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- } else {
- while (size >= AEGIS_BLOCK_SIZE) {
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_xor(tmp.bytes, src, AEGIS_BLOCK_SIZE);
-
- crypto_aegis256_update_a(state, &tmp);
-
- memcpy(dst, tmp.bytes, AEGIS_BLOCK_SIZE);
-
- size -= AEGIS_BLOCK_SIZE;
- src += AEGIS_BLOCK_SIZE;
- dst += AEGIS_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union aegis_block msg = {};
- memcpy(msg.bytes, src, size);
-
- tmp = state->blocks[2];
- crypto_aegis_block_and(&tmp, &state->blocks[3]);
- crypto_aegis_block_xor(&tmp, &state->blocks[5]);
- crypto_aegis_block_xor(&tmp, &state->blocks[4]);
- crypto_aegis_block_xor(&tmp, &state->blocks[1]);
- crypto_aegis_block_xor(&msg, &tmp);
-
- memset(msg.bytes + size, 0, AEGIS_BLOCK_SIZE - size);
-
- crypto_aegis256_update_a(state, &msg);
-
- memcpy(dst, msg.bytes, size);
- }
-}
-
-static void crypto_aegis256_process_ad(struct aegis_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- union aegis_block buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= AEGIS_BLOCK_SIZE) {
- if (pos > 0) {
- unsigned int fill = AEGIS_BLOCK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
- crypto_aegis256_update_a(state, &buf);
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_aegis256_ad(state, src, left);
- src += left & ~(AEGIS_BLOCK_SIZE - 1);
- left &= AEGIS_BLOCK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, AEGIS_BLOCK_SIZE - pos);
- crypto_aegis256_update_a(state, &buf);
- }
-}
-
-static void crypto_aegis256_process_crypt(struct aegis_state *state,
- struct aead_request *req,
- const struct aegis256_ops *ops)
-{
- struct skcipher_walk walk;
- u8 *src, *dst;
- unsigned int chunksize;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- src = walk.src.virt.addr;
- dst = walk.dst.virt.addr;
- chunksize = walk.nbytes;
-
- ops->crypt_chunk(state, dst, src, chunksize);
-
- skcipher_walk_done(&walk, 0);
- }
-}
-
-static void crypto_aegis256_final(struct aegis_state *state,
- union aegis_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- u64 assocbits = assoclen * 8;
- u64 cryptbits = cryptlen * 8;
-
- union aegis_block tmp;
- unsigned int i;
-
- tmp.words64[0] = cpu_to_le64(assocbits);
- tmp.words64[1] = cpu_to_le64(cryptbits);
-
- crypto_aegis_block_xor(&tmp, &state->blocks[3]);
-
- for (i = 0; i < 7; i++)
- crypto_aegis256_update_a(state, &tmp);
-
- for (i = 0; i < AEGIS256_STATE_BLOCKS; i++)
- crypto_aegis_block_xor(tag_xor, &state->blocks[i]);
-}
-
-static int crypto_aegis256_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct aegis_ctx *ctx = crypto_aead_ctx(aead);
-
- if (keylen != AEGIS256_KEY_SIZE) {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- memcpy(ctx->key[0].bytes, key, AEGIS_BLOCK_SIZE);
- memcpy(ctx->key[1].bytes, key + AEGIS_BLOCK_SIZE,
- AEGIS_BLOCK_SIZE);
- return 0;
-}
-
-static int crypto_aegis256_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- if (authsize > AEGIS256_MAX_AUTH_SIZE)
- return -EINVAL;
- if (authsize < AEGIS256_MIN_AUTH_SIZE)
- return -EINVAL;
- return 0;
-}
-
-static void crypto_aegis256_crypt(struct aead_request *req,
- union aegis_block *tag_xor,
- unsigned int cryptlen,
- const struct aegis256_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct aegis_ctx *ctx = crypto_aead_ctx(tfm);
- struct aegis_state state;
-
- crypto_aegis256_init(&state, ctx->key, req->iv);
- crypto_aegis256_process_ad(&state, req->src, req->assoclen);
- crypto_aegis256_process_crypt(&state, req, ops);
- crypto_aegis256_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_aegis256_encrypt(struct aead_request *req)
-{
- static const struct aegis256_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_aegis256_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag = {};
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_aegis256_crypt(req, &tag, cryptlen, &ops);
-
- scatterwalk_map_and_copy(tag.bytes, req->dst, req->assoclen + cryptlen,
- authsize, 1);
- return 0;
-}
-
-static int crypto_aegis256_decrypt(struct aead_request *req)
-{
- static const struct aegis256_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_aegis256_decrypt_chunk,
- };
- static const u8 zeros[AEGIS256_MAX_AUTH_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union aegis_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag.bytes, req->src, req->assoclen + cryptlen,
- authsize, 0);
-
- crypto_aegis256_crypt(req, &tag, cryptlen, &ops);
-
- return crypto_memneq(tag.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_aegis256_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_aegis256_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_aegis256_alg = {
- .setkey = crypto_aegis256_setkey,
- .setauthsize = crypto_aegis256_setauthsize,
- .encrypt = crypto_aegis256_encrypt,
- .decrypt = crypto_aegis256_decrypt,
- .init = crypto_aegis256_init_tfm,
- .exit = crypto_aegis256_exit_tfm,
-
- .ivsize = AEGIS256_NONCE_SIZE,
- .maxauthsize = AEGIS256_MAX_AUTH_SIZE,
- .chunksize = AEGIS_BLOCK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct aegis_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "aegis256",
- .cra_driver_name = "aegis256-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-static int __init crypto_aegis256_module_init(void)
-{
- return crypto_register_aead(&crypto_aegis256_alg);
-}
-
-static void __exit crypto_aegis256_module_exit(void)
-{
- crypto_unregister_aead(&crypto_aegis256_alg);
-}
-
-module_init(crypto_aegis256_module_init);
-module_exit(crypto_aegis256_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("AEGIS-256 AEAD algorithm");
-MODULE_ALIAS_CRYPTO("aegis256");
-MODULE_ALIAS_CRYPTO("aegis256-generic");
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index ca554d5..22e5867 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -61,9 +61,8 @@
return x >> (n << 3);
}
-static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
-
-__visible const u32 crypto_ft_tab[4][256] = {
+/* cacheline-aligned to facilitate prefetching into cache */
+__visible const u32 crypto_ft_tab[4][256] ____cacheline_aligned = {
{
0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
@@ -327,7 +326,7 @@
}
};
-__visible const u32 crypto_fl_tab[4][256] = {
+static const u32 crypto_fl_tab[4][256] ____cacheline_aligned = {
{
0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
@@ -591,7 +590,7 @@
}
};
-__visible const u32 crypto_it_tab[4][256] = {
+__visible const u32 crypto_it_tab[4][256] ____cacheline_aligned = {
{
0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
@@ -855,7 +854,7 @@
}
};
-__visible const u32 crypto_il_tab[4][256] = {
+static const u32 crypto_il_tab[4][256] ____cacheline_aligned = {
{
0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
0x00000030, 0x00000036, 0x000000a5, 0x00000038,
@@ -1120,158 +1119,7 @@
};
EXPORT_SYMBOL_GPL(crypto_ft_tab);
-EXPORT_SYMBOL_GPL(crypto_fl_tab);
EXPORT_SYMBOL_GPL(crypto_it_tab);
-EXPORT_SYMBOL_GPL(crypto_il_tab);
-
-/* initialise the key schedule from the user supplied key */
-
-#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
-
-#define imix_col(y, x) do { \
- u = star_x(x); \
- v = star_x(u); \
- w = star_x(v); \
- t = w ^ (x); \
- (y) = u ^ v ^ w; \
- (y) ^= ror32(u ^ t, 8) ^ \
- ror32(v ^ t, 16) ^ \
- ror32(t, 24); \
-} while (0)
-
-#define ls_box(x) \
- crypto_fl_tab[0][byte(x, 0)] ^ \
- crypto_fl_tab[1][byte(x, 1)] ^ \
- crypto_fl_tab[2][byte(x, 2)] ^ \
- crypto_fl_tab[3][byte(x, 3)]
-
-#define loop4(i) do { \
- t = ror32(t, 8); \
- t = ls_box(t) ^ rco_tab[i]; \
- t ^= ctx->key_enc[4 * i]; \
- ctx->key_enc[4 * i + 4] = t; \
- t ^= ctx->key_enc[4 * i + 1]; \
- ctx->key_enc[4 * i + 5] = t; \
- t ^= ctx->key_enc[4 * i + 2]; \
- ctx->key_enc[4 * i + 6] = t; \
- t ^= ctx->key_enc[4 * i + 3]; \
- ctx->key_enc[4 * i + 7] = t; \
-} while (0)
-
-#define loop6(i) do { \
- t = ror32(t, 8); \
- t = ls_box(t) ^ rco_tab[i]; \
- t ^= ctx->key_enc[6 * i]; \
- ctx->key_enc[6 * i + 6] = t; \
- t ^= ctx->key_enc[6 * i + 1]; \
- ctx->key_enc[6 * i + 7] = t; \
- t ^= ctx->key_enc[6 * i + 2]; \
- ctx->key_enc[6 * i + 8] = t; \
- t ^= ctx->key_enc[6 * i + 3]; \
- ctx->key_enc[6 * i + 9] = t; \
- t ^= ctx->key_enc[6 * i + 4]; \
- ctx->key_enc[6 * i + 10] = t; \
- t ^= ctx->key_enc[6 * i + 5]; \
- ctx->key_enc[6 * i + 11] = t; \
-} while (0)
-
-#define loop8tophalf(i) do { \
- t = ror32(t, 8); \
- t = ls_box(t) ^ rco_tab[i]; \
- t ^= ctx->key_enc[8 * i]; \
- ctx->key_enc[8 * i + 8] = t; \
- t ^= ctx->key_enc[8 * i + 1]; \
- ctx->key_enc[8 * i + 9] = t; \
- t ^= ctx->key_enc[8 * i + 2]; \
- ctx->key_enc[8 * i + 10] = t; \
- t ^= ctx->key_enc[8 * i + 3]; \
- ctx->key_enc[8 * i + 11] = t; \
-} while (0)
-
-#define loop8(i) do { \
- loop8tophalf(i); \
- t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \
- ctx->key_enc[8 * i + 12] = t; \
- t ^= ctx->key_enc[8 * i + 5]; \
- ctx->key_enc[8 * i + 13] = t; \
- t ^= ctx->key_enc[8 * i + 6]; \
- ctx->key_enc[8 * i + 14] = t; \
- t ^= ctx->key_enc[8 * i + 7]; \
- ctx->key_enc[8 * i + 15] = t; \
-} while (0)
-
-/**
- * crypto_aes_expand_key - Expands the AES key as described in FIPS-197
- * @ctx: The location where the computed key will be stored.
- * @in_key: The supplied key.
- * @key_len: The length of the supplied key.
- *
- * Returns 0 on success. The function fails only if an invalid key size (or
- * pointer) is supplied.
- * The expanded key size is 240 bytes (max of 14 rounds with a unique 16 bytes
- * key schedule plus a 16 bytes key which is used before the first round).
- * The decryption key is prepared for the "Equivalent Inverse Cipher" as
- * described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
- * for the initial combination, the second slot for the first round and so on.
- */
-int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
- unsigned int key_len)
-{
- u32 i, t, u, v, w, j;
-
- if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
- key_len != AES_KEYSIZE_256)
- return -EINVAL;
-
- ctx->key_length = key_len;
-
- ctx->key_enc[0] = get_unaligned_le32(in_key);
- ctx->key_enc[1] = get_unaligned_le32(in_key + 4);
- ctx->key_enc[2] = get_unaligned_le32(in_key + 8);
- ctx->key_enc[3] = get_unaligned_le32(in_key + 12);
-
- ctx->key_dec[key_len + 24] = ctx->key_enc[0];
- ctx->key_dec[key_len + 25] = ctx->key_enc[1];
- ctx->key_dec[key_len + 26] = ctx->key_enc[2];
- ctx->key_dec[key_len + 27] = ctx->key_enc[3];
-
- switch (key_len) {
- case AES_KEYSIZE_128:
- t = ctx->key_enc[3];
- for (i = 0; i < 10; ++i)
- loop4(i);
- break;
-
- case AES_KEYSIZE_192:
- ctx->key_enc[4] = get_unaligned_le32(in_key + 16);
- t = ctx->key_enc[5] = get_unaligned_le32(in_key + 20);
- for (i = 0; i < 8; ++i)
- loop6(i);
- break;
-
- case AES_KEYSIZE_256:
- ctx->key_enc[4] = get_unaligned_le32(in_key + 16);
- ctx->key_enc[5] = get_unaligned_le32(in_key + 20);
- ctx->key_enc[6] = get_unaligned_le32(in_key + 24);
- t = ctx->key_enc[7] = get_unaligned_le32(in_key + 28);
- for (i = 0; i < 6; ++i)
- loop8(i);
- loop8tophalf(i);
- break;
- }
-
- ctx->key_dec[0] = ctx->key_enc[key_len + 24];
- ctx->key_dec[1] = ctx->key_enc[key_len + 25];
- ctx->key_dec[2] = ctx->key_enc[key_len + 26];
- ctx->key_dec[3] = ctx->key_enc[key_len + 27];
-
- for (i = 4; i < key_len + 24; ++i) {
- j = key_len + 24 - (i & ~3) + (i & 3);
- imix_col(ctx->key_dec[j], ctx->key_enc[i]);
- }
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_aes_expand_key);
/**
* crypto_aes_set_key - Set the AES key.
@@ -1280,7 +1128,7 @@
* @key_len: The size of the key.
*
* Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
- * is set. The function uses crypto_aes_expand_key() to expand the key.
+ * is set. The function uses aes_expand_key() to expand the key.
* &crypto_aes_ctx _must_ be the private data embedded in @tfm which is
* retrieved with crypto_tfm_ctx().
*/
@@ -1291,7 +1139,7 @@
u32 *flags = &tfm->crt_flags;
int ret;
- ret = crypto_aes_expand_key(ctx, in_key, key_len);
+ ret = aes_expandkey(ctx, in_key, key_len);
if (!ret)
return 0;
@@ -1331,7 +1179,7 @@
f_rl(bo, bi, 3, k); \
} while (0)
-static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+static void crypto_aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
u32 b0[4], b1[4];
@@ -1401,7 +1249,7 @@
i_rl(bo, bi, 3, k); \
} while (0)
-static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+static void crypto_aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
u32 b0[4], b1[4];
@@ -1453,8 +1301,8 @@
.cia_min_keysize = AES_MIN_KEY_SIZE,
.cia_max_keysize = AES_MAX_KEY_SIZE,
.cia_setkey = crypto_aes_set_key,
- .cia_encrypt = aes_encrypt,
- .cia_decrypt = aes_decrypt
+ .cia_encrypt = crypto_aes_encrypt,
+ .cia_decrypt = crypto_aes_decrypt
}
}
};
@@ -1469,7 +1317,7 @@
crypto_unregister_alg(&aes_alg);
}
-module_init(aes_init);
+subsys_initcall(aes_init);
module_exit(aes_fini);
MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
diff --git a/crypto/aes_ti.c b/crypto/aes_ti.c
index 03023b2..205c2c2 100644
--- a/crypto/aes_ti.c
+++ b/crypto/aes_ti.c
@@ -1,344 +1,52 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Scalar fixed time AES core transform
*
* Copyright (C) 2017 Linaro Ltd <ard.biesheuvel@linaro.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
*/
#include <crypto/aes.h>
#include <linux/crypto.h>
#include <linux/module.h>
-#include <asm/unaligned.h>
-
-/*
- * Emit the sbox as volatile const to prevent the compiler from doing
- * constant folding on sbox references involving fixed indexes.
- */
-static volatile const u8 __cacheline_aligned __aesti_sbox[] = {
- 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
- 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
- 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
- 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
- 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
- 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
- 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
- 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
- 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
- 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
- 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
- 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
- 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
- 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
- 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
- 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
- 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
- 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
- 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
- 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
- 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
- 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
- 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
- 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
- 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
- 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
- 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
- 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
- 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
- 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
- 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
- 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
-};
-
-static volatile const u8 __cacheline_aligned __aesti_inv_sbox[] = {
- 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
- 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
- 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
- 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
- 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
- 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
- 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
- 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
- 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
- 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
- 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
- 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
- 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
- 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
- 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
- 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
- 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
- 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
- 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
- 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
- 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
- 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
- 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
- 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
- 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
- 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
- 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
- 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
- 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
- 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
- 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
- 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d,
-};
-
-static u32 mul_by_x(u32 w)
-{
- u32 x = w & 0x7f7f7f7f;
- u32 y = w & 0x80808080;
-
- /* multiply by polynomial 'x' (0b10) in GF(2^8) */
- return (x << 1) ^ (y >> 7) * 0x1b;
-}
-
-static u32 mul_by_x2(u32 w)
-{
- u32 x = w & 0x3f3f3f3f;
- u32 y = w & 0x80808080;
- u32 z = w & 0x40404040;
-
- /* multiply by polynomial 'x^2' (0b100) in GF(2^8) */
- return (x << 2) ^ (y >> 7) * 0x36 ^ (z >> 6) * 0x1b;
-}
-
-static u32 mix_columns(u32 x)
-{
- /*
- * Perform the following matrix multiplication in GF(2^8)
- *
- * | 0x2 0x3 0x1 0x1 | | x[0] |
- * | 0x1 0x2 0x3 0x1 | | x[1] |
- * | 0x1 0x1 0x2 0x3 | x | x[2] |
- * | 0x3 0x1 0x1 0x2 | | x[3] |
- */
- u32 y = mul_by_x(x) ^ ror32(x, 16);
-
- return y ^ ror32(x ^ y, 8);
-}
-
-static u32 inv_mix_columns(u32 x)
-{
- /*
- * Perform the following matrix multiplication in GF(2^8)
- *
- * | 0xe 0xb 0xd 0x9 | | x[0] |
- * | 0x9 0xe 0xb 0xd | | x[1] |
- * | 0xd 0x9 0xe 0xb | x | x[2] |
- * | 0xb 0xd 0x9 0xe | | x[3] |
- *
- * which can conveniently be reduced to
- *
- * | 0x2 0x3 0x1 0x1 | | 0x5 0x0 0x4 0x0 | | x[0] |
- * | 0x1 0x2 0x3 0x1 | | 0x0 0x5 0x0 0x4 | | x[1] |
- * | 0x1 0x1 0x2 0x3 | x | 0x4 0x0 0x5 0x0 | x | x[2] |
- * | 0x3 0x1 0x1 0x2 | | 0x0 0x4 0x0 0x5 | | x[3] |
- */
- u32 y = mul_by_x2(x);
-
- return mix_columns(x ^ y ^ ror32(y, 16));
-}
-
-static __always_inline u32 subshift(u32 in[], int pos)
-{
- return (__aesti_sbox[in[pos] & 0xff]) ^
- (__aesti_sbox[(in[(pos + 1) % 4] >> 8) & 0xff] << 8) ^
- (__aesti_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
- (__aesti_sbox[(in[(pos + 3) % 4] >> 24) & 0xff] << 24);
-}
-
-static __always_inline u32 inv_subshift(u32 in[], int pos)
-{
- return (__aesti_inv_sbox[in[pos] & 0xff]) ^
- (__aesti_inv_sbox[(in[(pos + 3) % 4] >> 8) & 0xff] << 8) ^
- (__aesti_inv_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
- (__aesti_inv_sbox[(in[(pos + 1) % 4] >> 24) & 0xff] << 24);
-}
-
-static u32 subw(u32 in)
-{
- return (__aesti_sbox[in & 0xff]) ^
- (__aesti_sbox[(in >> 8) & 0xff] << 8) ^
- (__aesti_sbox[(in >> 16) & 0xff] << 16) ^
- (__aesti_sbox[(in >> 24) & 0xff] << 24);
-}
-
-static int aesti_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
- unsigned int key_len)
-{
- u32 kwords = key_len / sizeof(u32);
- u32 rc, i, j;
-
- if (key_len != AES_KEYSIZE_128 &&
- key_len != AES_KEYSIZE_192 &&
- key_len != AES_KEYSIZE_256)
- return -EINVAL;
-
- ctx->key_length = key_len;
-
- for (i = 0; i < kwords; i++)
- ctx->key_enc[i] = get_unaligned_le32(in_key + i * sizeof(u32));
-
- for (i = 0, rc = 1; i < 10; i++, rc = mul_by_x(rc)) {
- u32 *rki = ctx->key_enc + (i * kwords);
- u32 *rko = rki + kwords;
-
- rko[0] = ror32(subw(rki[kwords - 1]), 8) ^ rc ^ rki[0];
- rko[1] = rko[0] ^ rki[1];
- rko[2] = rko[1] ^ rki[2];
- rko[3] = rko[2] ^ rki[3];
-
- if (key_len == 24) {
- if (i >= 7)
- break;
- rko[4] = rko[3] ^ rki[4];
- rko[5] = rko[4] ^ rki[5];
- } else if (key_len == 32) {
- if (i >= 6)
- break;
- rko[4] = subw(rko[3]) ^ rki[4];
- rko[5] = rko[4] ^ rki[5];
- rko[6] = rko[5] ^ rki[6];
- rko[7] = rko[6] ^ rki[7];
- }
- }
-
- /*
- * Generate the decryption keys for the Equivalent Inverse Cipher.
- * This involves reversing the order of the round keys, and applying
- * the Inverse Mix Columns transformation to all but the first and
- * the last one.
- */
- ctx->key_dec[0] = ctx->key_enc[key_len + 24];
- ctx->key_dec[1] = ctx->key_enc[key_len + 25];
- ctx->key_dec[2] = ctx->key_enc[key_len + 26];
- ctx->key_dec[3] = ctx->key_enc[key_len + 27];
-
- for (i = 4, j = key_len + 20; j > 0; i += 4, j -= 4) {
- ctx->key_dec[i] = inv_mix_columns(ctx->key_enc[j]);
- ctx->key_dec[i + 1] = inv_mix_columns(ctx->key_enc[j + 1]);
- ctx->key_dec[i + 2] = inv_mix_columns(ctx->key_enc[j + 2]);
- ctx->key_dec[i + 3] = inv_mix_columns(ctx->key_enc[j + 3]);
- }
-
- ctx->key_dec[i] = ctx->key_enc[0];
- ctx->key_dec[i + 1] = ctx->key_enc[1];
- ctx->key_dec[i + 2] = ctx->key_enc[2];
- ctx->key_dec[i + 3] = ctx->key_enc[3];
-
- return 0;
-}
static int aesti_set_key(struct crypto_tfm *tfm, const u8 *in_key,
unsigned int key_len)
{
struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
- int err;
- err = aesti_expand_key(ctx, in_key, key_len);
- if (err)
- return err;
-
- /*
- * In order to force the compiler to emit data independent Sbox lookups
- * at the start of each block, xor the first round key with values at
- * fixed indexes in the Sbox. This will need to be repeated each time
- * the key is used, which will pull the entire Sbox into the D-cache
- * before any data dependent Sbox lookups are performed.
- */
- ctx->key_enc[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
- ctx->key_enc[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
- ctx->key_enc[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
- ctx->key_enc[3] ^= __aesti_sbox[96] ^ __aesti_sbox[224];
-
- ctx->key_dec[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
- ctx->key_dec[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
- ctx->key_dec[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
- ctx->key_dec[3] ^= __aesti_inv_sbox[96] ^ __aesti_inv_sbox[224];
-
- return 0;
+ return aes_expandkey(ctx, in_key, key_len);
}
static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *rkp = ctx->key_enc + 4;
- int rounds = 6 + ctx->key_length / 4;
- u32 st0[4], st1[4];
- int round;
+ unsigned long flags;
- st0[0] = ctx->key_enc[0] ^ get_unaligned_le32(in);
- st0[1] = ctx->key_enc[1] ^ get_unaligned_le32(in + 4);
- st0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8);
- st0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12);
+ /*
+ * Temporarily disable interrupts to avoid races where cachelines are
+ * evicted when the CPU is interrupted to do something else.
+ */
+ local_irq_save(flags);
- st0[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
- st0[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
- st0[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
- st0[3] ^= __aesti_sbox[96] ^ __aesti_sbox[224];
+ aes_encrypt(ctx, out, in);
- for (round = 0;; round += 2, rkp += 8) {
- st1[0] = mix_columns(subshift(st0, 0)) ^ rkp[0];
- st1[1] = mix_columns(subshift(st0, 1)) ^ rkp[1];
- st1[2] = mix_columns(subshift(st0, 2)) ^ rkp[2];
- st1[3] = mix_columns(subshift(st0, 3)) ^ rkp[3];
-
- if (round == rounds - 2)
- break;
-
- st0[0] = mix_columns(subshift(st1, 0)) ^ rkp[4];
- st0[1] = mix_columns(subshift(st1, 1)) ^ rkp[5];
- st0[2] = mix_columns(subshift(st1, 2)) ^ rkp[6];
- st0[3] = mix_columns(subshift(st1, 3)) ^ rkp[7];
- }
-
- put_unaligned_le32(subshift(st1, 0) ^ rkp[4], out);
- put_unaligned_le32(subshift(st1, 1) ^ rkp[5], out + 4);
- put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8);
- put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12);
+ local_irq_restore(flags);
}
static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *rkp = ctx->key_dec + 4;
- int rounds = 6 + ctx->key_length / 4;
- u32 st0[4], st1[4];
- int round;
+ unsigned long flags;
- st0[0] = ctx->key_dec[0] ^ get_unaligned_le32(in);
- st0[1] = ctx->key_dec[1] ^ get_unaligned_le32(in + 4);
- st0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8);
- st0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12);
+ /*
+ * Temporarily disable interrupts to avoid races where cachelines are
+ * evicted when the CPU is interrupted to do something else.
+ */
+ local_irq_save(flags);
- st0[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
- st0[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
- st0[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
- st0[3] ^= __aesti_inv_sbox[96] ^ __aesti_inv_sbox[224];
+ aes_decrypt(ctx, out, in);
- for (round = 0;; round += 2, rkp += 8) {
- st1[0] = inv_mix_columns(inv_subshift(st0, 0)) ^ rkp[0];
- st1[1] = inv_mix_columns(inv_subshift(st0, 1)) ^ rkp[1];
- st1[2] = inv_mix_columns(inv_subshift(st0, 2)) ^ rkp[2];
- st1[3] = inv_mix_columns(inv_subshift(st0, 3)) ^ rkp[3];
-
- if (round == rounds - 2)
- break;
-
- st0[0] = inv_mix_columns(inv_subshift(st1, 0)) ^ rkp[4];
- st0[1] = inv_mix_columns(inv_subshift(st1, 1)) ^ rkp[5];
- st0[2] = inv_mix_columns(inv_subshift(st1, 2)) ^ rkp[6];
- st0[3] = inv_mix_columns(inv_subshift(st1, 3)) ^ rkp[7];
- }
-
- put_unaligned_le32(inv_subshift(st1, 0) ^ rkp[4], out);
- put_unaligned_le32(inv_subshift(st1, 1) ^ rkp[5], out + 4);
- put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8);
- put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12);
+ local_irq_restore(flags);
}
static struct crypto_alg aes_alg = {
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 17eb09d..879cf23 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* af_alg: User-space algorithm interface
*
* This file provides the user-space API for algorithms.
*
* Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/atomic.h>
@@ -122,8 +117,10 @@
int af_alg_release(struct socket *sock)
{
- if (sock->sk)
+ if (sock->sk) {
sock_put(sock->sk);
+ sock->sk = NULL;
+ }
return 0;
}
EXPORT_SYMBOL_GPL(af_alg_release);
@@ -302,8 +299,6 @@
if (err)
goto unlock;
- sk2->sk_family = PF_ALG;
-
if (nokey || !ask->refcnt++)
sock_hold(sk);
ask->nokey_refcnt += nokey;
@@ -380,7 +375,6 @@
sock->ops = &alg_proto_ops;
sock_init_data(sock, sk);
- sk->sk_family = PF_ALG;
sk->sk_destruct = alg_sock_destruct;
return 0;
@@ -425,12 +419,12 @@
}
EXPORT_SYMBOL_GPL(af_alg_make_sg);
-void af_alg_link_sg(struct af_alg_sgl *sgl_prev, struct af_alg_sgl *sgl_new)
+static void af_alg_link_sg(struct af_alg_sgl *sgl_prev,
+ struct af_alg_sgl *sgl_new)
{
sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1);
sg_chain(sgl_prev->sg, sgl_prev->npages + 1, sgl_new->sg);
}
-EXPORT_SYMBOL_GPL(af_alg_link_sg);
void af_alg_free_sg(struct af_alg_sgl *sgl)
{
@@ -441,7 +435,7 @@
}
EXPORT_SYMBOL_GPL(af_alg_free_sg);
-int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con)
+static int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con)
{
struct cmsghdr *cmsg;
@@ -480,7 +474,6 @@
return 0;
}
-EXPORT_SYMBOL_GPL(af_alg_cmsg_send);
/**
* af_alg_alloc_tsgl - allocate the TX SGL
@@ -488,7 +481,7 @@
* @sk socket of connection to user space
* @return: 0 upon success, < 0 upon error
*/
-int af_alg_alloc_tsgl(struct sock *sk)
+static int af_alg_alloc_tsgl(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct af_alg_ctx *ctx = ask->private;
@@ -517,7 +510,6 @@
return 0;
}
-EXPORT_SYMBOL_GPL(af_alg_alloc_tsgl);
/**
* aead_count_tsgl - Count number of TX SG entries
@@ -532,17 +524,17 @@
*/
unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset)
{
- struct alg_sock *ask = alg_sk(sk);
- struct af_alg_ctx *ctx = ask->private;
- struct af_alg_tsgl *sgl, *tmp;
+ const struct alg_sock *ask = alg_sk(sk);
+ const struct af_alg_ctx *ctx = ask->private;
+ const struct af_alg_tsgl *sgl;
unsigned int i;
unsigned int sgl_count = 0;
if (!bytes)
return 0;
- list_for_each_entry_safe(sgl, tmp, &ctx->tsgl_list, list) {
- struct scatterlist *sg = sgl->sg;
+ list_for_each_entry(sgl, &ctx->tsgl_list, list) {
+ const struct scatterlist *sg = sgl->sg;
for (i = 0; i < sgl->cur; i++) {
size_t bytes_count;
@@ -640,8 +632,7 @@
}
list_del(&sgl->list);
- sock_kfree_s(sk, sgl, sizeof(*sgl) + sizeof(sgl->sg[0]) *
- (MAX_SGL_ENTS + 1));
+ sock_kfree_s(sk, sgl, struct_size(sgl, sg, MAX_SGL_ENTS + 1));
}
if (!ctx->used)
@@ -654,7 +645,7 @@
*
* @areq Request holding the TX and RX SGL
*/
-void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
+static void af_alg_free_areq_sgls(struct af_alg_async_req *areq)
{
struct sock *sk = areq->sk;
struct alg_sock *ask = alg_sk(sk);
@@ -683,7 +674,6 @@
sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl));
}
}
-EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls);
/**
* af_alg_wait_for_wmem - wait for availability of writable memory
@@ -692,7 +682,7 @@
* @flags If MSG_DONTWAIT is set, then only report if function would sleep
* @return 0 when writable memory is available, < 0 upon error
*/
-int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags)
+static int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags)
{
DEFINE_WAIT_FUNC(wait, woken_wake_function);
int err = -ERESTARTSYS;
@@ -717,7 +707,6 @@
return err;
}
-EXPORT_SYMBOL_GPL(af_alg_wait_for_wmem);
/**
* af_alg_wmem_wakeup - wakeup caller when writable memory is available
@@ -786,8 +775,7 @@
*
* @sk socket of connection to user space
*/
-
-void af_alg_data_wakeup(struct sock *sk)
+static void af_alg_data_wakeup(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
struct af_alg_ctx *ctx = ask->private;
@@ -805,7 +793,6 @@
sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
rcu_read_unlock();
}
-EXPORT_SYMBOL_GPL(af_alg_data_wakeup);
/**
* af_alg_sendmsg - implementation of sendmsg system call handler
diff --git a/crypto/ahash.c b/crypto/ahash.c
index a64c143..3815b36 100644
--- a/crypto/ahash.c
+++ b/crypto/ahash.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Asynchronous Cryptographic Hash operations.
*
@@ -5,12 +6,6 @@
* completion via a callback.
*
* Copyright (c) 2008 Loc Ho <lho@amcc.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
@@ -86,17 +81,17 @@
int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err)
{
unsigned int alignmask = walk->alignmask;
- unsigned int nbytes = walk->entrylen;
walk->data -= walk->offset;
- if (nbytes && walk->offset & alignmask && !err) {
- walk->offset = ALIGN(walk->offset, alignmask + 1);
- nbytes = min(nbytes,
- ((unsigned int)(PAGE_SIZE)) - walk->offset);
- walk->entrylen -= nbytes;
+ if (walk->entrylen && (walk->offset & alignmask) && !err) {
+ unsigned int nbytes;
+ walk->offset = ALIGN(walk->offset, alignmask + 1);
+ nbytes = min(walk->entrylen,
+ (unsigned int)(PAGE_SIZE - walk->offset));
if (nbytes) {
+ walk->entrylen -= nbytes;
walk->data += walk->offset;
return nbytes;
}
@@ -116,7 +111,7 @@
if (err)
return err;
- if (nbytes) {
+ if (walk->entrylen) {
walk->offset = 0;
walk->pg++;
return hash_walk_next(walk);
@@ -190,6 +185,21 @@
return ret;
}
+static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ return -ENOSYS;
+}
+
+static void ahash_set_needkey(struct crypto_ahash *tfm)
+{
+ const struct hash_alg_common *alg = crypto_hash_alg_common(tfm);
+
+ if (tfm->setkey != ahash_nosetkey &&
+ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
+ crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
+}
+
int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key,
unsigned int keylen)
{
@@ -201,20 +211,16 @@
else
err = tfm->setkey(tfm, key, keylen);
- if (err)
+ if (unlikely(err)) {
+ ahash_set_needkey(tfm);
return err;
+ }
crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
EXPORT_SYMBOL_GPL(crypto_ahash_setkey);
-static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key,
- unsigned int keylen)
-{
- return -ENOSYS;
-}
-
static inline unsigned int ahash_align_buffer_size(unsigned len,
unsigned long mask)
{
@@ -364,24 +370,46 @@
int crypto_ahash_final(struct ahash_request *req)
{
- return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final);
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int nbytes = req->nbytes;
+ int ret;
+
+ crypto_stats_get(alg);
+ ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->final);
+ crypto_stats_ahash_final(nbytes, ret, alg);
+ return ret;
}
EXPORT_SYMBOL_GPL(crypto_ahash_final);
int crypto_ahash_finup(struct ahash_request *req)
{
- return crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup);
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int nbytes = req->nbytes;
+ int ret;
+
+ crypto_stats_get(alg);
+ ret = crypto_ahash_op(req, crypto_ahash_reqtfm(req)->finup);
+ crypto_stats_ahash_final(nbytes, ret, alg);
+ return ret;
}
EXPORT_SYMBOL_GPL(crypto_ahash_finup);
int crypto_ahash_digest(struct ahash_request *req)
{
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int nbytes = req->nbytes;
+ int ret;
+ crypto_stats_get(alg);
if (crypto_ahash_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
- return -ENOKEY;
-
- return crypto_ahash_op(req, tfm->digest);
+ ret = -ENOKEY;
+ else
+ ret = crypto_ahash_op(req, tfm->digest);
+ crypto_stats_ahash_final(nbytes, ret, alg);
+ return ret;
}
EXPORT_SYMBOL_GPL(crypto_ahash_digest);
@@ -467,8 +495,7 @@
if (alg->setkey) {
hash->setkey = alg->setkey;
- if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
- crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY);
+ ahash_set_needkey(hash);
}
return 0;
@@ -487,18 +514,14 @@
{
struct crypto_report_hash rhash;
- strncpy(rhash.type, "ahash", sizeof(rhash.type));
+ memset(&rhash, 0, sizeof(rhash));
+
+ strscpy(rhash.type, "ahash", sizeof(rhash.type));
rhash.blocksize = alg->cra_blocksize;
rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_HASH,
- sizeof(struct crypto_report_hash), &rhash))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
}
#else
static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -550,8 +573,8 @@
{
struct crypto_alg *base = &alg->halg.base;
- if (alg->halg.digestsize > PAGE_SIZE / 8 ||
- alg->halg.statesize > PAGE_SIZE / 8 ||
+ if (alg->halg.digestsize > HASH_MAX_DIGESTSIZE ||
+ alg->halg.statesize > HASH_MAX_STATESIZE ||
alg->halg.statesize == 0)
return -EINVAL;
diff --git a/crypto/akcipher.c b/crypto/akcipher.c
index cfbdb06..7d5cf49 100644
--- a/crypto/akcipher.c
+++ b/crypto/akcipher.c
@@ -1,14 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Public Key Encryption
*
* Copyright (c) 2015, Intel Corporation
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/errno.h>
#include <linux/kernel.h>
@@ -30,15 +25,12 @@
{
struct crypto_report_akcipher rakcipher;
- strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
+ memset(&rakcipher, 0, sizeof(rakcipher));
- if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
- sizeof(struct crypto_report_akcipher), &rakcipher))
- goto nla_put_failure;
- return 0;
+ strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
+ sizeof(rakcipher), &rakcipher);
}
#else
static int crypto_akcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -122,10 +114,24 @@
base->cra_flags |= CRYPTO_ALG_TYPE_AKCIPHER;
}
+static int akcipher_default_op(struct akcipher_request *req)
+{
+ return -ENOSYS;
+}
+
int crypto_register_akcipher(struct akcipher_alg *alg)
{
struct crypto_alg *base = &alg->base;
+ if (!alg->sign)
+ alg->sign = akcipher_default_op;
+ if (!alg->verify)
+ alg->verify = akcipher_default_op;
+ if (!alg->encrypt)
+ alg->encrypt = akcipher_default_op;
+ if (!alg->decrypt)
+ alg->decrypt = akcipher_default_op;
+
akcipher_prepare_alg(alg);
return crypto_register_alg(base);
}
diff --git a/crypto/algapi.c b/crypto/algapi.c
index c0755cf..de30ddc 100644
--- a/crypto/algapi.c
+++ b/crypto/algapi.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API for algorithms (i.e., low-level API).
*
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/algapi.h>
@@ -26,23 +21,6 @@
static LIST_HEAD(crypto_template_list);
-static inline int crypto_set_driver_name(struct crypto_alg *alg)
-{
- static const char suffix[] = "-generic";
- char *driver_name = alg->cra_driver_name;
- int len;
-
- if (*driver_name)
- return 0;
-
- len = strlcpy(driver_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
- if (len + sizeof(suffix) > CRYPTO_MAX_ALG_NAME)
- return -ENAMETOOLONG;
-
- memcpy(driver_name + len, suffix, sizeof(suffix));
- return 0;
-}
-
static inline void crypto_check_module_sig(struct module *mod)
{
if (fips_enabled && mod && !module_sig_ok(mod))
@@ -54,12 +32,20 @@
{
crypto_check_module_sig(alg->cra_module);
+ if (!alg->cra_name[0] || !alg->cra_driver_name[0])
+ return -EINVAL;
+
if (alg->cra_alignmask & (alg->cra_alignmask + 1))
return -EINVAL;
- if (alg->cra_blocksize > PAGE_SIZE / 8)
+ /* General maximums for all algs. */
+ if (alg->cra_alignmask > MAX_ALGAPI_ALIGNMASK)
return -EINVAL;
+ if (alg->cra_blocksize > MAX_ALGAPI_BLOCKSIZE)
+ return -EINVAL;
+
+ /* Lower maximums for specific alg types. */
if (!alg->cra_type && (alg->cra_flags & CRYPTO_ALG_TYPE_MASK) ==
CRYPTO_ALG_TYPE_CIPHER) {
if (alg->cra_alignmask > MAX_CIPHER_ALIGNMASK)
@@ -74,7 +60,7 @@
refcount_set(&alg->cra_refcnt, 1);
- return crypto_set_driver_name(alg);
+ return 0;
}
static void crypto_free_instance(struct crypto_instance *inst)
@@ -253,6 +239,8 @@
list_add(&alg->cra_list, &crypto_alg_list);
list_add(&larval->alg.cra_list, &crypto_alg_list);
+ crypto_stats_init(alg);
+
out:
return larval;
@@ -367,6 +355,8 @@
err = wait_for_completion_killable(&larval->completion);
WARN_ON(err);
+ if (!err)
+ crypto_probing_notify(CRYPTO_MSG_ALG_LOADED, larval);
out:
crypto_larval_kill(&larval->alg);
@@ -485,6 +475,24 @@
}
EXPORT_SYMBOL_GPL(crypto_register_template);
+int crypto_register_templates(struct crypto_template *tmpls, int count)
+{
+ int i, err;
+
+ for (i = 0; i < count; i++) {
+ err = crypto_register_template(&tmpls[i]);
+ if (err)
+ goto out;
+ }
+ return 0;
+
+out:
+ for (--i; i >= 0; --i)
+ crypto_unregister_template(&tmpls[i]);
+ return err;
+}
+EXPORT_SYMBOL_GPL(crypto_register_templates);
+
void crypto_unregister_template(struct crypto_template *tmpl)
{
struct crypto_instance *inst;
@@ -514,6 +522,15 @@
}
EXPORT_SYMBOL_GPL(crypto_unregister_template);
+void crypto_unregister_templates(struct crypto_template *tmpls, int count)
+{
+ int i;
+
+ for (i = count - 1; i >= 0; --i)
+ crypto_unregister_template(&tmpls[i]);
+}
+EXPORT_SYMBOL_GPL(crypto_unregister_templates);
+
static struct crypto_template *__crypto_lookup_template(const char *name)
{
struct crypto_template *q, *tmpl = NULL;
@@ -599,6 +616,9 @@
{
int err = -EAGAIN;
+ if (WARN_ON_ONCE(inst == NULL))
+ return -EINVAL;
+
spawn->inst = inst;
spawn->mask = mask;
@@ -836,8 +856,8 @@
}
EXPORT_SYMBOL_GPL(crypto_inst_setname);
-void *crypto_alloc_instance2(const char *name, struct crypto_alg *alg,
- unsigned int head)
+void *crypto_alloc_instance(const char *name, struct crypto_alg *alg,
+ unsigned int head)
{
struct crypto_instance *inst;
char *p;
@@ -860,35 +880,6 @@
kfree(p);
return ERR_PTR(err);
}
-EXPORT_SYMBOL_GPL(crypto_alloc_instance2);
-
-struct crypto_instance *crypto_alloc_instance(const char *name,
- struct crypto_alg *alg)
-{
- struct crypto_instance *inst;
- struct crypto_spawn *spawn;
- int err;
-
- inst = crypto_alloc_instance2(name, alg, 0);
- if (IS_ERR(inst))
- goto out;
-
- spawn = crypto_instance_ctx(inst);
- err = crypto_init_spawn(spawn, alg, inst,
- CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
-
- if (err)
- goto err_free_inst;
-
- return inst;
-
-err_free_inst:
- kfree(inst);
- inst = ERR_PTR(err);
-
-out:
- return inst;
-}
EXPORT_SYMBOL_GPL(crypto_alloc_instance);
void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen)
@@ -942,19 +933,6 @@
}
EXPORT_SYMBOL_GPL(crypto_dequeue_request);
-int crypto_tfm_in_queue(struct crypto_queue *queue, struct crypto_tfm *tfm)
-{
- struct crypto_async_request *req;
-
- list_for_each_entry(req, &queue->list, list) {
- if (req->tfm == tfm)
- return 1;
- }
-
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_tfm_in_queue);
-
static inline void crypto_inc_byte(u8 *a, unsigned int size)
{
u8 *b = (a + size);
@@ -1061,6 +1039,245 @@
}
EXPORT_SYMBOL_GPL(crypto_type_has_alg);
+#ifdef CONFIG_CRYPTO_STATS
+void crypto_stats_init(struct crypto_alg *alg)
+{
+ memset(&alg->stats, 0, sizeof(alg->stats));
+}
+EXPORT_SYMBOL_GPL(crypto_stats_init);
+
+void crypto_stats_get(struct crypto_alg *alg)
+{
+ crypto_alg_get(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_get);
+
+void crypto_stats_ablkcipher_encrypt(unsigned int nbytes, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.cipher.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.cipher.encrypt_cnt);
+ atomic64_add(nbytes, &alg->stats.cipher.encrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_ablkcipher_encrypt);
+
+void crypto_stats_ablkcipher_decrypt(unsigned int nbytes, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.cipher.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.cipher.decrypt_cnt);
+ atomic64_add(nbytes, &alg->stats.cipher.decrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_ablkcipher_decrypt);
+
+void crypto_stats_aead_encrypt(unsigned int cryptlen, struct crypto_alg *alg,
+ int ret)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.aead.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.aead.encrypt_cnt);
+ atomic64_add(cryptlen, &alg->stats.aead.encrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_aead_encrypt);
+
+void crypto_stats_aead_decrypt(unsigned int cryptlen, struct crypto_alg *alg,
+ int ret)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.aead.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.aead.decrypt_cnt);
+ atomic64_add(cryptlen, &alg->stats.aead.decrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_aead_decrypt);
+
+void crypto_stats_akcipher_encrypt(unsigned int src_len, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.akcipher.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.akcipher.encrypt_cnt);
+ atomic64_add(src_len, &alg->stats.akcipher.encrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_akcipher_encrypt);
+
+void crypto_stats_akcipher_decrypt(unsigned int src_len, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.akcipher.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.akcipher.decrypt_cnt);
+ atomic64_add(src_len, &alg->stats.akcipher.decrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_akcipher_decrypt);
+
+void crypto_stats_akcipher_sign(int ret, struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY)
+ atomic64_inc(&alg->stats.akcipher.err_cnt);
+ else
+ atomic64_inc(&alg->stats.akcipher.sign_cnt);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_akcipher_sign);
+
+void crypto_stats_akcipher_verify(int ret, struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY)
+ atomic64_inc(&alg->stats.akcipher.err_cnt);
+ else
+ atomic64_inc(&alg->stats.akcipher.verify_cnt);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_akcipher_verify);
+
+void crypto_stats_compress(unsigned int slen, int ret, struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.compress.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.compress.compress_cnt);
+ atomic64_add(slen, &alg->stats.compress.compress_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_compress);
+
+void crypto_stats_decompress(unsigned int slen, int ret, struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.compress.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.compress.decompress_cnt);
+ atomic64_add(slen, &alg->stats.compress.decompress_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_decompress);
+
+void crypto_stats_ahash_update(unsigned int nbytes, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY)
+ atomic64_inc(&alg->stats.hash.err_cnt);
+ else
+ atomic64_add(nbytes, &alg->stats.hash.hash_tlen);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_ahash_update);
+
+void crypto_stats_ahash_final(unsigned int nbytes, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.hash.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.hash.hash_cnt);
+ atomic64_add(nbytes, &alg->stats.hash.hash_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_ahash_final);
+
+void crypto_stats_kpp_set_secret(struct crypto_alg *alg, int ret)
+{
+ if (ret)
+ atomic64_inc(&alg->stats.kpp.err_cnt);
+ else
+ atomic64_inc(&alg->stats.kpp.setsecret_cnt);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_kpp_set_secret);
+
+void crypto_stats_kpp_generate_public_key(struct crypto_alg *alg, int ret)
+{
+ if (ret)
+ atomic64_inc(&alg->stats.kpp.err_cnt);
+ else
+ atomic64_inc(&alg->stats.kpp.generate_public_key_cnt);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_kpp_generate_public_key);
+
+void crypto_stats_kpp_compute_shared_secret(struct crypto_alg *alg, int ret)
+{
+ if (ret)
+ atomic64_inc(&alg->stats.kpp.err_cnt);
+ else
+ atomic64_inc(&alg->stats.kpp.compute_shared_secret_cnt);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_kpp_compute_shared_secret);
+
+void crypto_stats_rng_seed(struct crypto_alg *alg, int ret)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY)
+ atomic64_inc(&alg->stats.rng.err_cnt);
+ else
+ atomic64_inc(&alg->stats.rng.seed_cnt);
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_rng_seed);
+
+void crypto_stats_rng_generate(struct crypto_alg *alg, unsigned int dlen,
+ int ret)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.rng.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.rng.generate_cnt);
+ atomic64_add(dlen, &alg->stats.rng.generate_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_rng_generate);
+
+void crypto_stats_skcipher_encrypt(unsigned int cryptlen, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.cipher.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.cipher.encrypt_cnt);
+ atomic64_add(cryptlen, &alg->stats.cipher.encrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_skcipher_encrypt);
+
+void crypto_stats_skcipher_decrypt(unsigned int cryptlen, int ret,
+ struct crypto_alg *alg)
+{
+ if (ret && ret != -EINPROGRESS && ret != -EBUSY) {
+ atomic64_inc(&alg->stats.cipher.err_cnt);
+ } else {
+ atomic64_inc(&alg->stats.cipher.decrypt_cnt);
+ atomic64_add(cryptlen, &alg->stats.cipher.decrypt_tlen);
+ }
+ crypto_alg_put(alg);
+}
+EXPORT_SYMBOL_GPL(crypto_stats_skcipher_decrypt);
+#endif
+
static int __init crypto_algapi_init(void)
{
crypto_init_proc();
diff --git a/crypto/algboss.c b/crypto/algboss.c
index 5e6df2a..a62149d 100644
--- a/crypto/algboss.c
+++ b/crypto/algboss.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Create default crypto algorithm instances.
*
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/aead.h>
@@ -274,6 +269,8 @@
return cryptomgr_schedule_probe(data);
case CRYPTO_MSG_ALG_REGISTER:
return cryptomgr_schedule_test(data);
+ case CRYPTO_MSG_ALG_LOADED:
+ break;
}
return NOTIFY_DONE;
@@ -294,7 +291,13 @@
BUG_ON(err);
}
-subsys_initcall(cryptomgr_init);
+/*
+ * This is arch_initcall() so that the crypto self-tests are run on algorithms
+ * registered early by subsys_initcall(). subsys_initcall() is needed for
+ * generic implementations so that they're available for comparison tests when
+ * other implementations are registered later by module_init().
+ */
+arch_initcall(cryptomgr_init);
module_exit(cryptomgr_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/algif_aead.c b/crypto/algif_aead.c
index c40a8c7..eb1910b 100644
--- a/crypto/algif_aead.c
+++ b/crypto/algif_aead.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* algif_aead: User-space interface for AEAD algorithms
*
@@ -5,11 +6,6 @@
*
* This file provides the user-space API for AEAD ciphers.
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
* The following concept of the memory management is used:
*
* The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
@@ -42,7 +38,7 @@
struct aead_tfm {
struct crypto_aead *aead;
- struct crypto_skcipher *null_tfm;
+ struct crypto_sync_skcipher *null_tfm;
};
static inline bool aead_sufficient_data(struct sock *sk)
@@ -75,13 +71,13 @@
return af_alg_sendmsg(sock, msg, size, ivsize);
}
-static int crypto_aead_copy_sgl(struct crypto_skcipher *null_tfm,
+static int crypto_aead_copy_sgl(struct crypto_sync_skcipher *null_tfm,
struct scatterlist *src,
struct scatterlist *dst, unsigned int len)
{
- SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm);
+ SYNC_SKCIPHER_REQUEST_ON_STACK(skreq, null_tfm);
- skcipher_request_set_tfm(skreq, null_tfm);
+ skcipher_request_set_sync_tfm(skreq, null_tfm);
skcipher_request_set_callback(skreq, CRYPTO_TFM_REQ_MAY_BACKLOG,
NULL, NULL);
skcipher_request_set_crypt(skreq, src, dst, len, NULL);
@@ -99,7 +95,7 @@
struct af_alg_ctx *ctx = ask->private;
struct aead_tfm *aeadc = pask->private;
struct crypto_aead *tfm = aeadc->aead;
- struct crypto_skcipher *null_tfm = aeadc->null_tfm;
+ struct crypto_sync_skcipher *null_tfm = aeadc->null_tfm;
unsigned int i, as = crypto_aead_authsize(tfm);
struct af_alg_async_req *areq;
struct af_alg_tsgl *tsgl, *tmp;
@@ -478,7 +474,7 @@
{
struct aead_tfm *tfm;
struct crypto_aead *aead;
- struct crypto_skcipher *null_tfm;
+ struct crypto_sync_skcipher *null_tfm;
tfm = kzalloc(sizeof(*tfm), GFP_KERNEL);
if (!tfm)
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index bfcf595..178f4cd 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* algif_hash: User-space interface for hash algorithms
*
* This file provides the user-space API for hash algorithms.
*
* Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/hash.h>
@@ -239,7 +234,7 @@
struct alg_sock *ask = alg_sk(sk);
struct hash_ctx *ctx = ask->private;
struct ahash_request *req = &ctx->req;
- char state[crypto_ahash_statesize(crypto_ahash_reqtfm(req)) ? : 1];
+ char state[HASH_MAX_STATESIZE];
struct sock *sk2;
struct alg_sock *ask2;
struct hash_ctx *ctx2;
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index cfdaab2..c1601ed 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* algif_skcipher: User-space interface for skcipher algorithms
*
@@ -5,11 +6,6 @@
*
* Copyright (c) 2010 Herbert Xu <herbert@gondor.apana.org.au>
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
* The following concept of the memory management is used:
*
* The kernel maintains two SGLs, the TX SGL and the RX SGL. The TX SGL is
diff --git a/crypto/ansi_cprng.c b/crypto/ansi_cprng.c
index eff337c..c475c11 100644
--- a/crypto/ansi_cprng.c
+++ b/crypto/ansi_cprng.c
@@ -1,16 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* PRNG: Pseudo Random Number Generator
* Based on NIST Recommended PRNG From ANSI X9.31 Appendix A.2.4 using
* AES 128 cipher
*
* (C) Neil Horman <nhorman@tuxdriver.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * any later version.
- *
- *
*/
#include <crypto/internal/rng.h>
@@ -472,7 +466,7 @@
MODULE_AUTHOR("Neil Horman <nhorman@tuxdriver.com>");
module_param(dbg, int, 0);
MODULE_PARM_DESC(dbg, "Boolean to enable debugging (0/1 == off/on)");
-module_init(prng_mod_init);
+subsys_initcall(prng_mod_init);
module_exit(prng_mod_fini);
MODULE_ALIAS_CRYPTO("stdrng");
MODULE_ALIAS_CRYPTO("ansi_cprng");
diff --git a/crypto/anubis.c b/crypto/anubis.c
index 4bb187c..f9ce78f 100644
--- a/crypto/anubis.c
+++ b/crypto/anubis.c
@@ -673,6 +673,7 @@
static struct crypto_alg anubis_alg = {
.cra_name = "anubis",
+ .cra_driver_name = "anubis-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = ANUBIS_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct anubis_ctx),
@@ -699,7 +700,7 @@
crypto_unregister_alg(&anubis_alg);
}
-module_init(anubis_mod_init);
+subsys_initcall(anubis_mod_init);
module_exit(anubis_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/api.c b/crypto/api.c
index 7aca9f8..d8ba541 100644
--- a/crypto/api.c
+++ b/crypto/api.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Scatterlist Cryptographic API.
*
@@ -7,12 +8,6 @@
*
* Portions derived from Cryptoapi, by Alexander Kjeldaas <astor@fast.no>
* and Nettle, by Niels Möller.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/err.h>
diff --git a/crypto/arc4.c b/crypto/arc4.c
index f1a8192..aa79571 100644
--- a/crypto/arc4.c
+++ b/crypto/arc4.c
@@ -1,169 +1,76 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API
*
* ARC4 Cipher Algorithm
*
* Jon Oberheide <jon@oberheide.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/crypto.h>
#include <crypto/algapi.h>
+#include <crypto/arc4.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/init.h>
+#include <linux/module.h>
-#define ARC4_MIN_KEY_SIZE 1
-#define ARC4_MAX_KEY_SIZE 256
-#define ARC4_BLOCK_SIZE 1
-
-struct arc4_ctx {
- u32 S[256];
- u32 x, y;
-};
-
-static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key,
- unsigned int key_len)
+static int crypto_arc4_setkey(struct crypto_skcipher *tfm, const u8 *in_key,
+ unsigned int key_len)
{
- struct arc4_ctx *ctx = crypto_tfm_ctx(tfm);
- int i, j = 0, k = 0;
+ struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm);
- ctx->x = 1;
- ctx->y = 0;
-
- for (i = 0; i < 256; i++)
- ctx->S[i] = i;
-
- for (i = 0; i < 256; i++) {
- u32 a = ctx->S[i];
- j = (j + in_key[k] + a) & 0xff;
- ctx->S[i] = ctx->S[j];
- ctx->S[j] = a;
- if (++k >= key_len)
- k = 0;
- }
-
- return 0;
+ return arc4_setkey(ctx, in_key, key_len);
}
-static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in,
- unsigned int len)
+static int crypto_arc4_crypt(struct skcipher_request *req)
{
- u32 *const S = ctx->S;
- u32 x, y, a, b;
- u32 ty, ta, tb;
-
- if (len == 0)
- return;
-
- x = ctx->x;
- y = ctx->y;
-
- a = S[x];
- y = (y + a) & 0xff;
- b = S[y];
-
- do {
- S[y] = a;
- a = (a + b) & 0xff;
- S[x] = b;
- x = (x + 1) & 0xff;
- ta = S[x];
- ty = (y + ta) & 0xff;
- tb = S[ty];
- *out++ = *in++ ^ S[a];
- if (--len == 0)
- break;
- y = ty;
- a = ta;
- b = tb;
- } while (true);
-
- ctx->x = x;
- ctx->y = y;
-}
-
-static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
- arc4_crypt(crypto_tfm_ctx(tfm), out, in, 1);
-}
-
-static int ecb_arc4_crypt(struct blkcipher_desc *desc, struct scatterlist *dst,
- struct scatterlist *src, unsigned int nbytes)
-{
- struct arc4_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
- struct blkcipher_walk walk;
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm);
+ struct skcipher_walk walk;
int err;
- blkcipher_walk_init(&walk, dst, src, nbytes);
-
- err = blkcipher_walk_virt(desc, &walk);
+ err = skcipher_walk_virt(&walk, req, false);
while (walk.nbytes > 0) {
- u8 *wsrc = walk.src.virt.addr;
- u8 *wdst = walk.dst.virt.addr;
-
- arc4_crypt(ctx, wdst, wsrc, walk.nbytes);
-
- err = blkcipher_walk_done(desc, &walk, 0);
+ arc4_crypt(ctx, walk.dst.virt.addr, walk.src.virt.addr,
+ walk.nbytes);
+ err = skcipher_walk_done(&walk, 0);
}
return err;
}
-static struct crypto_alg arc4_algs[2] = { {
- .cra_name = "arc4",
- .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
- .cra_blocksize = ARC4_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct arc4_ctx),
- .cra_module = THIS_MODULE,
- .cra_u = {
- .cipher = {
- .cia_min_keysize = ARC4_MIN_KEY_SIZE,
- .cia_max_keysize = ARC4_MAX_KEY_SIZE,
- .cia_setkey = arc4_set_key,
- .cia_encrypt = arc4_crypt_one,
- .cia_decrypt = arc4_crypt_one,
- },
- },
-}, {
- .cra_name = "ecb(arc4)",
- .cra_priority = 100,
- .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
- .cra_blocksize = ARC4_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct arc4_ctx),
- .cra_alignmask = 0,
- .cra_type = &crypto_blkcipher_type,
- .cra_module = THIS_MODULE,
- .cra_u = {
- .blkcipher = {
- .min_keysize = ARC4_MIN_KEY_SIZE,
- .max_keysize = ARC4_MAX_KEY_SIZE,
- .setkey = arc4_set_key,
- .encrypt = ecb_arc4_crypt,
- .decrypt = ecb_arc4_crypt,
- },
- },
-} };
+static struct skcipher_alg arc4_alg = {
+ /*
+ * For legacy reasons, this is named "ecb(arc4)", not "arc4".
+ * Nevertheless it's actually a stream cipher, not a block cipher.
+ */
+ .base.cra_name = "ecb(arc4)",
+ .base.cra_driver_name = "ecb(arc4)-generic",
+ .base.cra_priority = 100,
+ .base.cra_blocksize = ARC4_BLOCK_SIZE,
+ .base.cra_ctxsize = sizeof(struct arc4_ctx),
+ .base.cra_module = THIS_MODULE,
+ .min_keysize = ARC4_MIN_KEY_SIZE,
+ .max_keysize = ARC4_MAX_KEY_SIZE,
+ .setkey = crypto_arc4_setkey,
+ .encrypt = crypto_arc4_crypt,
+ .decrypt = crypto_arc4_crypt,
+};
static int __init arc4_init(void)
{
- return crypto_register_algs(arc4_algs, ARRAY_SIZE(arc4_algs));
+ return crypto_register_skcipher(&arc4_alg);
}
static void __exit arc4_exit(void)
{
- crypto_unregister_algs(arc4_algs, ARRAY_SIZE(arc4_algs));
+ crypto_unregister_skcipher(&arc4_alg);
}
-module_init(arc4_init);
+subsys_initcall(arc4_init);
module_exit(arc4_exit);
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("ARC4 Cipher Algorithm");
MODULE_AUTHOR("Jon Oberheide <jon@oberheide.org>");
-MODULE_ALIAS_CRYPTO("arc4");
+MODULE_ALIAS_CRYPTO("ecb(arc4)");
diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig
index f3702e5..1f1f004 100644
--- a/crypto/asymmetric_keys/Kconfig
+++ b/crypto/asymmetric_keys/Kconfig
@@ -15,12 +15,25 @@
select MPILIB
select CRYPTO_HASH_INFO
select CRYPTO_AKCIPHER
+ select CRYPTO_HASH
help
This option provides support for asymmetric public key type handling.
If signature generation and/or verification are to be used,
appropriate hash algorithms (such as SHA-1) must be available.
ENOPKG will be reported if the requisite algorithm is unavailable.
+config ASYMMETRIC_TPM_KEY_SUBTYPE
+ tristate "Asymmetric TPM backed private key subtype"
+ depends on TCG_TPM
+ depends on TRUSTED_KEYS
+ select CRYPTO_HMAC
+ select CRYPTO_SHA1
+ select CRYPTO_HASH_INFO
+ help
+ This option provides support for TPM backed private key type handling.
+ Operations such as sign, verify, encrypt, decrypt are performed by
+ the TPM after the private key is loaded.
+
config X509_CERTIFICATE_PARSER
tristate "X.509 certificate parser"
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -31,9 +44,29 @@
data and provides the ability to instantiate a crypto key from a
public key packet found inside the certificate.
+config PKCS8_PRIVATE_KEY_PARSER
+ tristate "PKCS#8 private key parser"
+ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select ASN1
+ select OID_REGISTRY
+ help
+ This option provides support for parsing PKCS#8 format blobs for
+ private key data and provides the ability to instantiate a crypto key
+ from that data.
+
+config TPM_KEY_PARSER
+ tristate "TPM private key parser"
+ depends on ASYMMETRIC_TPM_KEY_SUBTYPE
+ select ASN1
+ help
+ This option provides support for parsing TPM format blobs for
+ private key data and provides the ability to instantiate a crypto key
+ from that data.
+
config PKCS7_MESSAGE_PARSER
tristate "PKCS#7 message parser"
depends on X509_CERTIFICATE_PARSER
+ select CRYPTO_HASH
select ASN1
select OID_REGISTRY
help
@@ -56,6 +89,7 @@
bool "Support for PE file signature verification"
depends on PKCS7_MESSAGE_PARSER=y
depends on SYSTEM_DATA_VERIFICATION
+ select CRYPTO_HASH
select ASN1
select OID_REGISTRY
help
diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile
index d4b2e1b..28b91ad 100644
--- a/crypto/asymmetric_keys/Makefile
+++ b/crypto/asymmetric_keys/Makefile
@@ -11,6 +11,7 @@
signature.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE) += asym_tpm.o
#
# X.509 Certificate handling
@@ -30,6 +31,19 @@
$(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h
#
+# PKCS#8 private key handling
+#
+obj-$(CONFIG_PKCS8_PRIVATE_KEY_PARSER) += pkcs8_key_parser.o
+pkcs8_key_parser-y := \
+ pkcs8.asn1.o \
+ pkcs8_parser.o
+
+$(obj)/pkcs8_parser.o: $(obj)/pkcs8.asn1.h
+$(obj)/pkcs8-asn1.o: $(obj)/pkcs8.asn1.c $(obj)/pkcs8.asn1.h
+
+clean-files += pkcs8.asn1.c pkcs8.asn1.h
+
+#
# PKCS#7 message handling
#
obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
@@ -61,3 +75,14 @@
$(obj)/mscode_parser.o: $(obj)/mscode.asn1.h $(obj)/mscode.asn1.h
$(obj)/mscode.asn1.o: $(obj)/mscode.asn1.c $(obj)/mscode.asn1.h
+
+#
+# TPM private key parsing
+#
+obj-$(CONFIG_TPM_KEY_PARSER) += tpm_key_parser.o
+tpm_key_parser-y := \
+ tpm.asn1.o \
+ tpm_parser.o
+
+$(obj)/tpm_parser.o: $(obj)/tpm.asn1.h
+$(obj)/tpm.asn1.o: $(obj)/tpm.asn1.c $(obj)/tpm.asn1.h
diff --git a/crypto/asymmetric_keys/asym_tpm.c b/crypto/asymmetric_keys/asym_tpm.c
new file mode 100644
index 0000000..76d2ce3
--- /dev/null
+++ b/crypto/asymmetric_keys/asym_tpm.c
@@ -0,0 +1,973 @@
+// SPDX-License-Identifier: GPL-2.0
+#define pr_fmt(fmt) "ASYM-TPM: "fmt
+#include <linux/slab.h>
+#include <linux/module.h>
+#include <linux/export.h>
+#include <linux/kernel.h>
+#include <linux/seq_file.h>
+#include <linux/scatterlist.h>
+#include <linux/tpm.h>
+#include <linux/tpm_command.h>
+#include <crypto/akcipher.h>
+#include <crypto/hash.h>
+#include <crypto/sha.h>
+#include <asm/unaligned.h>
+#include <keys/asymmetric-subtype.h>
+#include <keys/trusted.h>
+#include <crypto/asym_tpm_subtype.h>
+#include <crypto/public_key.h>
+
+#define TPM_ORD_FLUSHSPECIFIC 186
+#define TPM_ORD_LOADKEY2 65
+#define TPM_ORD_UNBIND 30
+#define TPM_ORD_SIGN 60
+#define TPM_LOADKEY2_SIZE 59
+#define TPM_FLUSHSPECIFIC_SIZE 18
+#define TPM_UNBIND_SIZE 63
+#define TPM_SIGN_SIZE 63
+
+#define TPM_RT_KEY 0x00000001
+
+/*
+ * Load a TPM key from the blob provided by userspace
+ */
+static int tpm_loadkey2(struct tpm_buf *tb,
+ uint32_t keyhandle, unsigned char *keyauth,
+ const unsigned char *keyblob, int keybloblen,
+ uint32_t *newhandle)
+{
+ unsigned char nonceodd[TPM_NONCE_SIZE];
+ unsigned char enonce[TPM_NONCE_SIZE];
+ unsigned char authdata[SHA1_DIGEST_SIZE];
+ uint32_t authhandle = 0;
+ unsigned char cont = 0;
+ uint32_t ordinal;
+ int ret;
+
+ ordinal = htonl(TPM_ORD_LOADKEY2);
+
+ /* session for loading the key */
+ ret = oiap(tb, &authhandle, enonce);
+ if (ret < 0) {
+ pr_info("oiap failed (%d)\n", ret);
+ return ret;
+ }
+
+ /* generate odd nonce */
+ ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+ if (ret < 0) {
+ pr_info("tpm_get_random failed (%d)\n", ret);
+ return ret;
+ }
+
+ /* calculate authorization HMAC value */
+ ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
+ nonceodd, cont, sizeof(uint32_t), &ordinal,
+ keybloblen, keyblob, 0, 0);
+ if (ret < 0)
+ return ret;
+
+ /* build the request buffer */
+ INIT_BUF(tb);
+ store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
+ store32(tb, TPM_LOADKEY2_SIZE + keybloblen);
+ store32(tb, TPM_ORD_LOADKEY2);
+ store32(tb, keyhandle);
+ storebytes(tb, keyblob, keybloblen);
+ store32(tb, authhandle);
+ storebytes(tb, nonceodd, TPM_NONCE_SIZE);
+ store8(tb, cont);
+ storebytes(tb, authdata, SHA1_DIGEST_SIZE);
+
+ ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ if (ret < 0) {
+ pr_info("authhmac failed (%d)\n", ret);
+ return ret;
+ }
+
+ ret = TSS_checkhmac1(tb->data, ordinal, nonceodd, keyauth,
+ SHA1_DIGEST_SIZE, 0, 0);
+ if (ret < 0) {
+ pr_info("TSS_checkhmac1 failed (%d)\n", ret);
+ return ret;
+ }
+
+ *newhandle = LOAD32(tb->data, TPM_DATA_OFFSET);
+ return 0;
+}
+
+/*
+ * Execute the FlushSpecific TPM command
+ */
+static int tpm_flushspecific(struct tpm_buf *tb, uint32_t handle)
+{
+ INIT_BUF(tb);
+ store16(tb, TPM_TAG_RQU_COMMAND);
+ store32(tb, TPM_FLUSHSPECIFIC_SIZE);
+ store32(tb, TPM_ORD_FLUSHSPECIFIC);
+ store32(tb, handle);
+ store32(tb, TPM_RT_KEY);
+
+ return trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+}
+
+/*
+ * Decrypt a blob provided by userspace using a specific key handle.
+ * The handle is a well known handle or previously loaded by e.g. LoadKey2
+ */
+static int tpm_unbind(struct tpm_buf *tb,
+ uint32_t keyhandle, unsigned char *keyauth,
+ const unsigned char *blob, uint32_t bloblen,
+ void *out, uint32_t outlen)
+{
+ unsigned char nonceodd[TPM_NONCE_SIZE];
+ unsigned char enonce[TPM_NONCE_SIZE];
+ unsigned char authdata[SHA1_DIGEST_SIZE];
+ uint32_t authhandle = 0;
+ unsigned char cont = 0;
+ uint32_t ordinal;
+ uint32_t datalen;
+ int ret;
+
+ ordinal = htonl(TPM_ORD_UNBIND);
+ datalen = htonl(bloblen);
+
+ /* session for loading the key */
+ ret = oiap(tb, &authhandle, enonce);
+ if (ret < 0) {
+ pr_info("oiap failed (%d)\n", ret);
+ return ret;
+ }
+
+ /* generate odd nonce */
+ ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+ if (ret < 0) {
+ pr_info("tpm_get_random failed (%d)\n", ret);
+ return ret;
+ }
+
+ /* calculate authorization HMAC value */
+ ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
+ nonceodd, cont, sizeof(uint32_t), &ordinal,
+ sizeof(uint32_t), &datalen,
+ bloblen, blob, 0, 0);
+ if (ret < 0)
+ return ret;
+
+ /* build the request buffer */
+ INIT_BUF(tb);
+ store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
+ store32(tb, TPM_UNBIND_SIZE + bloblen);
+ store32(tb, TPM_ORD_UNBIND);
+ store32(tb, keyhandle);
+ store32(tb, bloblen);
+ storebytes(tb, blob, bloblen);
+ store32(tb, authhandle);
+ storebytes(tb, nonceodd, TPM_NONCE_SIZE);
+ store8(tb, cont);
+ storebytes(tb, authdata, SHA1_DIGEST_SIZE);
+
+ ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ if (ret < 0) {
+ pr_info("authhmac failed (%d)\n", ret);
+ return ret;
+ }
+
+ datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
+
+ ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
+ keyauth, SHA1_DIGEST_SIZE,
+ sizeof(uint32_t), TPM_DATA_OFFSET,
+ datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
+ 0, 0);
+ if (ret < 0) {
+ pr_info("TSS_checkhmac1 failed (%d)\n", ret);
+ return ret;
+ }
+
+ memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
+ min(outlen, datalen));
+
+ return datalen;
+}
+
+/*
+ * Sign a blob provided by userspace (that has had the hash function applied)
+ * using a specific key handle. The handle is assumed to have been previously
+ * loaded by e.g. LoadKey2.
+ *
+ * Note that the key signature scheme of the used key should be set to
+ * TPM_SS_RSASSAPKCS1v15_DER. This allows the hashed input to be of any size
+ * up to key_length_in_bytes - 11 and not be limited to size 20 like the
+ * TPM_SS_RSASSAPKCS1v15_SHA1 signature scheme.
+ */
+static int tpm_sign(struct tpm_buf *tb,
+ uint32_t keyhandle, unsigned char *keyauth,
+ const unsigned char *blob, uint32_t bloblen,
+ void *out, uint32_t outlen)
+{
+ unsigned char nonceodd[TPM_NONCE_SIZE];
+ unsigned char enonce[TPM_NONCE_SIZE];
+ unsigned char authdata[SHA1_DIGEST_SIZE];
+ uint32_t authhandle = 0;
+ unsigned char cont = 0;
+ uint32_t ordinal;
+ uint32_t datalen;
+ int ret;
+
+ ordinal = htonl(TPM_ORD_SIGN);
+ datalen = htonl(bloblen);
+
+ /* session for loading the key */
+ ret = oiap(tb, &authhandle, enonce);
+ if (ret < 0) {
+ pr_info("oiap failed (%d)\n", ret);
+ return ret;
+ }
+
+ /* generate odd nonce */
+ ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
+ if (ret < 0) {
+ pr_info("tpm_get_random failed (%d)\n", ret);
+ return ret;
+ }
+
+ /* calculate authorization HMAC value */
+ ret = TSS_authhmac(authdata, keyauth, SHA1_DIGEST_SIZE, enonce,
+ nonceodd, cont, sizeof(uint32_t), &ordinal,
+ sizeof(uint32_t), &datalen,
+ bloblen, blob, 0, 0);
+ if (ret < 0)
+ return ret;
+
+ /* build the request buffer */
+ INIT_BUF(tb);
+ store16(tb, TPM_TAG_RQU_AUTH1_COMMAND);
+ store32(tb, TPM_SIGN_SIZE + bloblen);
+ store32(tb, TPM_ORD_SIGN);
+ store32(tb, keyhandle);
+ store32(tb, bloblen);
+ storebytes(tb, blob, bloblen);
+ store32(tb, authhandle);
+ storebytes(tb, nonceodd, TPM_NONCE_SIZE);
+ store8(tb, cont);
+ storebytes(tb, authdata, SHA1_DIGEST_SIZE);
+
+ ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
+ if (ret < 0) {
+ pr_info("authhmac failed (%d)\n", ret);
+ return ret;
+ }
+
+ datalen = LOAD32(tb->data, TPM_DATA_OFFSET);
+
+ ret = TSS_checkhmac1(tb->data, ordinal, nonceodd,
+ keyauth, SHA1_DIGEST_SIZE,
+ sizeof(uint32_t), TPM_DATA_OFFSET,
+ datalen, TPM_DATA_OFFSET + sizeof(uint32_t),
+ 0, 0);
+ if (ret < 0) {
+ pr_info("TSS_checkhmac1 failed (%d)\n", ret);
+ return ret;
+ }
+
+ memcpy(out, tb->data + TPM_DATA_OFFSET + sizeof(uint32_t),
+ min(datalen, outlen));
+
+ return datalen;
+}
+
+/* Room to fit two u32 zeros for algo id and parameters length. */
+#define SETKEY_PARAMS_SIZE (sizeof(u32) * 2)
+
+/*
+ * Maximum buffer size for the BER/DER encoded public key. The public key
+ * is of the form SEQUENCE { INTEGER n, INTEGER e } where n is a maximum 2048
+ * bit key and e is usually 65537
+ * The encoding overhead is:
+ * - max 4 bytes for SEQUENCE
+ * - max 4 bytes for INTEGER n type/length
+ * - 257 bytes of n
+ * - max 2 bytes for INTEGER e type/length
+ * - 3 bytes of e
+ * - 4+4 of zeros for set_pub_key parameters (SETKEY_PARAMS_SIZE)
+ */
+#define PUB_KEY_BUF_SIZE (4 + 4 + 257 + 2 + 3 + SETKEY_PARAMS_SIZE)
+
+/*
+ * Provide a part of a description of the key for /proc/keys.
+ */
+static void asym_tpm_describe(const struct key *asymmetric_key,
+ struct seq_file *m)
+{
+ struct tpm_key *tk = asymmetric_key->payload.data[asym_crypto];
+
+ if (!tk)
+ return;
+
+ seq_printf(m, "TPM1.2/Blob");
+}
+
+static void asym_tpm_destroy(void *payload0, void *payload3)
+{
+ struct tpm_key *tk = payload0;
+
+ if (!tk)
+ return;
+
+ kfree(tk->blob);
+ tk->blob_len = 0;
+
+ kfree(tk);
+}
+
+/* How many bytes will it take to encode the length */
+static inline uint32_t definite_length(uint32_t len)
+{
+ if (len <= 127)
+ return 1;
+ if (len <= 255)
+ return 2;
+ return 3;
+}
+
+static inline uint8_t *encode_tag_length(uint8_t *buf, uint8_t tag,
+ uint32_t len)
+{
+ *buf++ = tag;
+
+ if (len <= 127) {
+ buf[0] = len;
+ return buf + 1;
+ }
+
+ if (len <= 255) {
+ buf[0] = 0x81;
+ buf[1] = len;
+ return buf + 2;
+ }
+
+ buf[0] = 0x82;
+ put_unaligned_be16(len, buf + 1);
+ return buf + 3;
+}
+
+static uint32_t derive_pub_key(const void *pub_key, uint32_t len, uint8_t *buf)
+{
+ uint8_t *cur = buf;
+ uint32_t n_len = definite_length(len) + 1 + len + 1;
+ uint32_t e_len = definite_length(3) + 1 + 3;
+ uint8_t e[3] = { 0x01, 0x00, 0x01 };
+
+ /* SEQUENCE */
+ cur = encode_tag_length(cur, 0x30, n_len + e_len);
+ /* INTEGER n */
+ cur = encode_tag_length(cur, 0x02, len + 1);
+ cur[0] = 0x00;
+ memcpy(cur + 1, pub_key, len);
+ cur += len + 1;
+ cur = encode_tag_length(cur, 0x02, sizeof(e));
+ memcpy(cur, e, sizeof(e));
+ cur += sizeof(e);
+ /* Zero parameters to satisfy set_pub_key ABI. */
+ memset(cur, 0, SETKEY_PARAMS_SIZE);
+
+ return cur - buf;
+}
+
+/*
+ * Determine the crypto algorithm name.
+ */
+static int determine_akcipher(const char *encoding, const char *hash_algo,
+ char alg_name[CRYPTO_MAX_ALG_NAME])
+{
+ if (strcmp(encoding, "pkcs1") == 0) {
+ if (!hash_algo) {
+ strcpy(alg_name, "pkcs1pad(rsa)");
+ return 0;
+ }
+
+ if (snprintf(alg_name, CRYPTO_MAX_ALG_NAME, "pkcs1pad(rsa,%s)",
+ hash_algo) >= CRYPTO_MAX_ALG_NAME)
+ return -EINVAL;
+
+ return 0;
+ }
+
+ if (strcmp(encoding, "raw") == 0) {
+ strcpy(alg_name, "rsa");
+ return 0;
+ }
+
+ return -ENOPKG;
+}
+
+/*
+ * Query information about a key.
+ */
+static int tpm_key_query(const struct kernel_pkey_params *params,
+ struct kernel_pkey_query *info)
+{
+ struct tpm_key *tk = params->key->payload.data[asym_crypto];
+ int ret;
+ char alg_name[CRYPTO_MAX_ALG_NAME];
+ struct crypto_akcipher *tfm;
+ uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
+ uint32_t der_pub_key_len;
+ int len;
+
+ /* TPM only works on private keys, public keys still done in software */
+ ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
+ if (ret < 0)
+ return ret;
+
+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
+ der_pub_key);
+
+ ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
+ if (ret < 0)
+ goto error_free_tfm;
+
+ len = crypto_akcipher_maxsize(tfm);
+
+ info->key_size = tk->key_len;
+ info->max_data_size = tk->key_len / 8;
+ info->max_sig_size = len;
+ info->max_enc_size = len;
+ info->max_dec_size = tk->key_len / 8;
+
+ info->supported_ops = KEYCTL_SUPPORTS_ENCRYPT |
+ KEYCTL_SUPPORTS_DECRYPT |
+ KEYCTL_SUPPORTS_VERIFY |
+ KEYCTL_SUPPORTS_SIGN;
+
+ ret = 0;
+error_free_tfm:
+ crypto_free_akcipher(tfm);
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+
+/*
+ * Encryption operation is performed with the public key. Hence it is done
+ * in software
+ */
+static int tpm_key_encrypt(struct tpm_key *tk,
+ struct kernel_pkey_params *params,
+ const void *in, void *out)
+{
+ char alg_name[CRYPTO_MAX_ALG_NAME];
+ struct crypto_akcipher *tfm;
+ struct akcipher_request *req;
+ struct crypto_wait cwait;
+ struct scatterlist in_sg, out_sg;
+ uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
+ uint32_t der_pub_key_len;
+ int ret;
+
+ pr_devel("==>%s()\n", __func__);
+
+ ret = determine_akcipher(params->encoding, params->hash_algo, alg_name);
+ if (ret < 0)
+ return ret;
+
+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
+ der_pub_key);
+
+ ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
+ if (ret < 0)
+ goto error_free_tfm;
+
+ req = akcipher_request_alloc(tfm, GFP_KERNEL);
+ if (!req)
+ goto error_free_tfm;
+
+ sg_init_one(&in_sg, in, params->in_len);
+ sg_init_one(&out_sg, out, params->out_len);
+ akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
+ params->out_len);
+ crypto_init_wait(&cwait);
+ akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ crypto_req_done, &cwait);
+
+ ret = crypto_akcipher_encrypt(req);
+ ret = crypto_wait_req(ret, &cwait);
+
+ if (ret == 0)
+ ret = req->dst_len;
+
+ akcipher_request_free(req);
+error_free_tfm:
+ crypto_free_akcipher(tfm);
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+
+/*
+ * Decryption operation is performed with the private key in the TPM.
+ */
+static int tpm_key_decrypt(struct tpm_key *tk,
+ struct kernel_pkey_params *params,
+ const void *in, void *out)
+{
+ struct tpm_buf *tb;
+ uint32_t keyhandle;
+ uint8_t srkauth[SHA1_DIGEST_SIZE];
+ uint8_t keyauth[SHA1_DIGEST_SIZE];
+ int r;
+
+ pr_devel("==>%s()\n", __func__);
+
+ if (params->hash_algo)
+ return -ENOPKG;
+
+ if (strcmp(params->encoding, "pkcs1"))
+ return -ENOPKG;
+
+ tb = kzalloc(sizeof(*tb), GFP_KERNEL);
+ if (!tb)
+ return -ENOMEM;
+
+ /* TODO: Handle a non-all zero SRK authorization */
+ memset(srkauth, 0, sizeof(srkauth));
+
+ r = tpm_loadkey2(tb, SRKHANDLE, srkauth,
+ tk->blob, tk->blob_len, &keyhandle);
+ if (r < 0) {
+ pr_devel("loadkey2 failed (%d)\n", r);
+ goto error;
+ }
+
+ /* TODO: Handle a non-all zero key authorization */
+ memset(keyauth, 0, sizeof(keyauth));
+
+ r = tpm_unbind(tb, keyhandle, keyauth,
+ in, params->in_len, out, params->out_len);
+ if (r < 0)
+ pr_devel("tpm_unbind failed (%d)\n", r);
+
+ if (tpm_flushspecific(tb, keyhandle) < 0)
+ pr_devel("flushspecific failed (%d)\n", r);
+
+error:
+ kzfree(tb);
+ pr_devel("<==%s() = %d\n", __func__, r);
+ return r;
+}
+
+/*
+ * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
+ */
+static const u8 digest_info_md5[] = {
+ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
+ 0x05, 0x00, 0x04, 0x10
+};
+
+static const u8 digest_info_sha1[] = {
+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
+ 0x2b, 0x0e, 0x03, 0x02, 0x1a,
+ 0x05, 0x00, 0x04, 0x14
+};
+
+static const u8 digest_info_rmd160[] = {
+ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
+ 0x2b, 0x24, 0x03, 0x02, 0x01,
+ 0x05, 0x00, 0x04, 0x14
+};
+
+static const u8 digest_info_sha224[] = {
+ 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
+ 0x05, 0x00, 0x04, 0x1c
+};
+
+static const u8 digest_info_sha256[] = {
+ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
+ 0x05, 0x00, 0x04, 0x20
+};
+
+static const u8 digest_info_sha384[] = {
+ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
+ 0x05, 0x00, 0x04, 0x30
+};
+
+static const u8 digest_info_sha512[] = {
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
+ 0x05, 0x00, 0x04, 0x40
+};
+
+static const struct asn1_template {
+ const char *name;
+ const u8 *data;
+ size_t size;
+} asn1_templates[] = {
+#define _(X) { #X, digest_info_##X, sizeof(digest_info_##X) }
+ _(md5),
+ _(sha1),
+ _(rmd160),
+ _(sha256),
+ _(sha384),
+ _(sha512),
+ _(sha224),
+ { NULL }
+#undef _
+};
+
+static const struct asn1_template *lookup_asn1(const char *name)
+{
+ const struct asn1_template *p;
+
+ for (p = asn1_templates; p->name; p++)
+ if (strcmp(name, p->name) == 0)
+ return p;
+ return NULL;
+}
+
+/*
+ * Sign operation is performed with the private key in the TPM.
+ */
+static int tpm_key_sign(struct tpm_key *tk,
+ struct kernel_pkey_params *params,
+ const void *in, void *out)
+{
+ struct tpm_buf *tb;
+ uint32_t keyhandle;
+ uint8_t srkauth[SHA1_DIGEST_SIZE];
+ uint8_t keyauth[SHA1_DIGEST_SIZE];
+ void *asn1_wrapped = NULL;
+ uint32_t in_len = params->in_len;
+ int r;
+
+ pr_devel("==>%s()\n", __func__);
+
+ if (strcmp(params->encoding, "pkcs1"))
+ return -ENOPKG;
+
+ if (params->hash_algo) {
+ const struct asn1_template *asn1 =
+ lookup_asn1(params->hash_algo);
+
+ if (!asn1)
+ return -ENOPKG;
+
+ /* request enough space for the ASN.1 template + input hash */
+ asn1_wrapped = kzalloc(in_len + asn1->size, GFP_KERNEL);
+ if (!asn1_wrapped)
+ return -ENOMEM;
+
+ /* Copy ASN.1 template, then the input */
+ memcpy(asn1_wrapped, asn1->data, asn1->size);
+ memcpy(asn1_wrapped + asn1->size, in, in_len);
+
+ in = asn1_wrapped;
+ in_len += asn1->size;
+ }
+
+ if (in_len > tk->key_len / 8 - 11) {
+ r = -EOVERFLOW;
+ goto error_free_asn1_wrapped;
+ }
+
+ r = -ENOMEM;
+ tb = kzalloc(sizeof(*tb), GFP_KERNEL);
+ if (!tb)
+ goto error_free_asn1_wrapped;
+
+ /* TODO: Handle a non-all zero SRK authorization */
+ memset(srkauth, 0, sizeof(srkauth));
+
+ r = tpm_loadkey2(tb, SRKHANDLE, srkauth,
+ tk->blob, tk->blob_len, &keyhandle);
+ if (r < 0) {
+ pr_devel("loadkey2 failed (%d)\n", r);
+ goto error_free_tb;
+ }
+
+ /* TODO: Handle a non-all zero key authorization */
+ memset(keyauth, 0, sizeof(keyauth));
+
+ r = tpm_sign(tb, keyhandle, keyauth, in, in_len, out, params->out_len);
+ if (r < 0)
+ pr_devel("tpm_sign failed (%d)\n", r);
+
+ if (tpm_flushspecific(tb, keyhandle) < 0)
+ pr_devel("flushspecific failed (%d)\n", r);
+
+error_free_tb:
+ kzfree(tb);
+error_free_asn1_wrapped:
+ kfree(asn1_wrapped);
+ pr_devel("<==%s() = %d\n", __func__, r);
+ return r;
+}
+
+/*
+ * Do encryption, decryption and signing ops.
+ */
+static int tpm_key_eds_op(struct kernel_pkey_params *params,
+ const void *in, void *out)
+{
+ struct tpm_key *tk = params->key->payload.data[asym_crypto];
+ int ret = -EOPNOTSUPP;
+
+ /* Perform the encryption calculation. */
+ switch (params->op) {
+ case kernel_pkey_encrypt:
+ ret = tpm_key_encrypt(tk, params, in, out);
+ break;
+ case kernel_pkey_decrypt:
+ ret = tpm_key_decrypt(tk, params, in, out);
+ break;
+ case kernel_pkey_sign:
+ ret = tpm_key_sign(tk, params, in, out);
+ break;
+ default:
+ BUG();
+ }
+
+ return ret;
+}
+
+/*
+ * Verify a signature using a public key.
+ */
+static int tpm_key_verify_signature(const struct key *key,
+ const struct public_key_signature *sig)
+{
+ const struct tpm_key *tk = key->payload.data[asym_crypto];
+ struct crypto_wait cwait;
+ struct crypto_akcipher *tfm;
+ struct akcipher_request *req;
+ struct scatterlist src_sg[2];
+ char alg_name[CRYPTO_MAX_ALG_NAME];
+ uint8_t der_pub_key[PUB_KEY_BUF_SIZE];
+ uint32_t der_pub_key_len;
+ int ret;
+
+ pr_devel("==>%s()\n", __func__);
+
+ BUG_ON(!tk);
+ BUG_ON(!sig);
+ BUG_ON(!sig->s);
+
+ if (!sig->digest)
+ return -ENOPKG;
+
+ ret = determine_akcipher(sig->encoding, sig->hash_algo, alg_name);
+ if (ret < 0)
+ return ret;
+
+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ der_pub_key_len = derive_pub_key(tk->pub_key, tk->pub_key_len,
+ der_pub_key);
+
+ ret = crypto_akcipher_set_pub_key(tfm, der_pub_key, der_pub_key_len);
+ if (ret < 0)
+ goto error_free_tfm;
+
+ ret = -ENOMEM;
+ req = akcipher_request_alloc(tfm, GFP_KERNEL);
+ if (!req)
+ goto error_free_tfm;
+
+ sg_init_table(src_sg, 2);
+ sg_set_buf(&src_sg[0], sig->s, sig->s_size);
+ sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
+ akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
+ sig->digest_size);
+ crypto_init_wait(&cwait);
+ akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ crypto_req_done, &cwait);
+ ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
+
+ akcipher_request_free(req);
+error_free_tfm:
+ crypto_free_akcipher(tfm);
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ if (WARN_ON_ONCE(ret > 0))
+ ret = -EINVAL;
+ return ret;
+}
+
+/*
+ * Parse enough information out of TPM_KEY structure:
+ * TPM_STRUCT_VER -> 4 bytes
+ * TPM_KEY_USAGE -> 2 bytes
+ * TPM_KEY_FLAGS -> 4 bytes
+ * TPM_AUTH_DATA_USAGE -> 1 byte
+ * TPM_KEY_PARMS -> variable
+ * UINT32 PCRInfoSize -> 4 bytes
+ * BYTE* -> PCRInfoSize bytes
+ * TPM_STORE_PUBKEY
+ * UINT32 encDataSize;
+ * BYTE* -> encDataSize;
+ *
+ * TPM_KEY_PARMS:
+ * TPM_ALGORITHM_ID -> 4 bytes
+ * TPM_ENC_SCHEME -> 2 bytes
+ * TPM_SIG_SCHEME -> 2 bytes
+ * UINT32 parmSize -> 4 bytes
+ * BYTE* -> variable
+ */
+static int extract_key_parameters(struct tpm_key *tk)
+{
+ const void *cur = tk->blob;
+ uint32_t len = tk->blob_len;
+ const void *pub_key;
+ uint32_t sz;
+ uint32_t key_len;
+
+ if (len < 11)
+ return -EBADMSG;
+
+ /* Ensure this is a legacy key */
+ if (get_unaligned_be16(cur + 4) != 0x0015)
+ return -EBADMSG;
+
+ /* Skip to TPM_KEY_PARMS */
+ cur += 11;
+ len -= 11;
+
+ if (len < 12)
+ return -EBADMSG;
+
+ /* Make sure this is an RSA key */
+ if (get_unaligned_be32(cur) != 0x00000001)
+ return -EBADMSG;
+
+ /* Make sure this is TPM_ES_RSAESPKCSv15 encoding scheme */
+ if (get_unaligned_be16(cur + 4) != 0x0002)
+ return -EBADMSG;
+
+ /* Make sure this is TPM_SS_RSASSAPKCS1v15_DER signature scheme */
+ if (get_unaligned_be16(cur + 6) != 0x0003)
+ return -EBADMSG;
+
+ sz = get_unaligned_be32(cur + 8);
+ if (len < sz + 12)
+ return -EBADMSG;
+
+ /* Move to TPM_RSA_KEY_PARMS */
+ len -= 12;
+ cur += 12;
+
+ /* Grab the RSA key length */
+ key_len = get_unaligned_be32(cur);
+
+ switch (key_len) {
+ case 512:
+ case 1024:
+ case 1536:
+ case 2048:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ /* Move just past TPM_KEY_PARMS */
+ cur += sz;
+ len -= sz;
+
+ if (len < 4)
+ return -EBADMSG;
+
+ sz = get_unaligned_be32(cur);
+ if (len < 4 + sz)
+ return -EBADMSG;
+
+ /* Move to TPM_STORE_PUBKEY */
+ cur += 4 + sz;
+ len -= 4 + sz;
+
+ /* Grab the size of the public key, it should jive with the key size */
+ sz = get_unaligned_be32(cur);
+ if (sz > 256)
+ return -EINVAL;
+
+ pub_key = cur + 4;
+
+ tk->key_len = key_len;
+ tk->pub_key = pub_key;
+ tk->pub_key_len = sz;
+
+ return 0;
+}
+
+/* Given the blob, parse it and load it into the TPM */
+struct tpm_key *tpm_key_create(const void *blob, uint32_t blob_len)
+{
+ int r;
+ struct tpm_key *tk;
+
+ r = tpm_is_tpm2(NULL);
+ if (r < 0)
+ goto error;
+
+ /* We don't support TPM2 yet */
+ if (r > 0) {
+ r = -ENODEV;
+ goto error;
+ }
+
+ r = -ENOMEM;
+ tk = kzalloc(sizeof(struct tpm_key), GFP_KERNEL);
+ if (!tk)
+ goto error;
+
+ tk->blob = kmemdup(blob, blob_len, GFP_KERNEL);
+ if (!tk->blob)
+ goto error_memdup;
+
+ tk->blob_len = blob_len;
+
+ r = extract_key_parameters(tk);
+ if (r < 0)
+ goto error_extract;
+
+ return tk;
+
+error_extract:
+ kfree(tk->blob);
+ tk->blob_len = 0;
+error_memdup:
+ kfree(tk);
+error:
+ return ERR_PTR(r);
+}
+EXPORT_SYMBOL_GPL(tpm_key_create);
+
+/*
+ * TPM-based asymmetric key subtype
+ */
+struct asymmetric_key_subtype asym_tpm_subtype = {
+ .owner = THIS_MODULE,
+ .name = "asym_tpm",
+ .name_len = sizeof("asym_tpm") - 1,
+ .describe = asym_tpm_describe,
+ .destroy = asym_tpm_destroy,
+ .query = tpm_key_query,
+ .eds_op = tpm_key_eds_op,
+ .verify_signature = tpm_key_verify_signature,
+};
+EXPORT_SYMBOL_GPL(asym_tpm_subtype);
+
+MODULE_DESCRIPTION("TPM based asymmetric key subtype");
+MODULE_AUTHOR("Intel Corporation");
+MODULE_LICENSE("GPL v2");
diff --git a/crypto/asymmetric_keys/asymmetric_keys.h b/crypto/asymmetric_keys/asymmetric_keys.h
index ca8e9ac..dc854cb 100644
--- a/crypto/asymmetric_keys/asymmetric_keys.h
+++ b/crypto/asymmetric_keys/asymmetric_keys.h
@@ -1,12 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* Internal definitions for asymmetric key type
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#include <keys/asymmetric-type.h>
@@ -16,3 +12,6 @@
extern int __asymmetric_key_hex_to_key_id(const char *id,
struct asymmetric_key_id *match_id,
size_t hexlen);
+
+extern int asymmetric_key_eds_op(struct kernel_pkey_params *params,
+ const void *in, void *out);
diff --git a/crypto/asymmetric_keys/asymmetric_type.c b/crypto/asymmetric_keys/asymmetric_type.c
index 26539e9..6e5fc8e 100644
--- a/crypto/asymmetric_keys/asymmetric_type.c
+++ b/crypto/asymmetric_keys/asymmetric_type.c
@@ -1,14 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Asymmetric public-key cryptography key type
*
* See Documentation/crypto/asymmetric-keys.txt
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#include <keys/asymmetric-subtype.h>
#include <keys/asymmetric-parser.h>
@@ -18,6 +14,7 @@
#include <linux/slab.h>
#include <linux/ctype.h>
#include <keys/system_keyring.h>
+#include <keys/user-type.h>
#include "asymmetric_keys.h"
MODULE_LICENSE("GPL");
@@ -86,7 +83,7 @@
pr_debug("Look up: \"%s\"\n", req);
ref = keyring_search(make_key_ref(keyring, 1),
- &key_type_asymmetric, req);
+ &key_type_asymmetric, req, true);
if (IS_ERR(ref))
pr_debug("Request for key '%s' err %ld\n", req, PTR_ERR(ref));
kfree(req);
@@ -538,6 +535,45 @@
return ret;
}
+int asymmetric_key_eds_op(struct kernel_pkey_params *params,
+ const void *in, void *out)
+{
+ const struct asymmetric_key_subtype *subtype;
+ struct key *key = params->key;
+ int ret;
+
+ pr_devel("==>%s()\n", __func__);
+
+ if (key->type != &key_type_asymmetric)
+ return -EINVAL;
+ subtype = asymmetric_key_subtype(key);
+ if (!subtype ||
+ !key->payload.data[0])
+ return -EINVAL;
+ if (!subtype->eds_op)
+ return -ENOTSUPP;
+
+ ret = subtype->eds_op(params, in, out);
+
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+
+static int asymmetric_key_verify_signature(struct kernel_pkey_params *params,
+ const void *in, const void *in2)
+{
+ struct public_key_signature sig = {
+ .s_size = params->in2_len,
+ .digest_size = params->in_len,
+ .encoding = params->encoding,
+ .hash_algo = params->hash_algo,
+ .digest = (void *)in,
+ .s = (void *)in2,
+ };
+
+ return verify_signature(params->key, &sig);
+}
+
struct key_type key_type_asymmetric = {
.name = "asymmetric",
.preparse = asymmetric_key_preparse,
@@ -548,6 +584,9 @@
.destroy = asymmetric_key_destroy,
.describe = asymmetric_key_describe,
.lookup_restriction = asymmetric_lookup_restriction,
+ .asym_query = query_asymmetric_key,
+ .asym_eds_op = asymmetric_key_eds_op,
+ .asym_verify_signature = asymmetric_key_verify_signature,
};
EXPORT_SYMBOL_GPL(key_type_asymmetric);
diff --git a/crypto/asymmetric_keys/mscode_parser.c b/crypto/asymmetric_keys/mscode_parser.c
index 83d2e9b..839591a 100644
--- a/crypto/asymmetric_keys/mscode_parser.c
+++ b/crypto/asymmetric_keys/mscode_parser.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Parse a Microsoft Individual Code Signing blob
*
* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "MSCODE: "fmt
diff --git a/crypto/asymmetric_keys/pkcs7_key_type.c b/crypto/asymmetric_keys/pkcs7_key_type.c
index 5b2f6a2..b930d3b 100644
--- a/crypto/asymmetric_keys/pkcs7_key_type.c
+++ b/crypto/asymmetric_keys/pkcs7_key_type.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Testing module to load key from trusted PKCS#7 message
*
* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "PKCS7key: "fmt
diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
index 0f13416..967329e 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.c
+++ b/crypto/asymmetric_keys/pkcs7_parser.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* PKCS#7 parser
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "PKCS7: "fmt
@@ -271,6 +267,7 @@
switch (ctx->last_oid) {
case OID_rsaEncryption:
ctx->sinfo->sig->pkey_algo = "rsa";
+ ctx->sinfo->sig->encoding = "pkcs1";
break;
default:
printk("Unsupported pkey algo: %u\n", ctx->last_oid);
diff --git a/crypto/asymmetric_keys/pkcs7_parser.h b/crypto/asymmetric_keys/pkcs7_parser.h
index ac341e1..6565fdc 100644
--- a/crypto/asymmetric_keys/pkcs7_parser.h
+++ b/crypto/asymmetric_keys/pkcs7_parser.h
@@ -1,12 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* PKCS#7 crypto data parser internal definitions
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#include <linux/oid_registry.h>
diff --git a/crypto/asymmetric_keys/pkcs7_trust.c b/crypto/asymmetric_keys/pkcs7_trust.c
index 598906b..61af3c4 100644
--- a/crypto/asymmetric_keys/pkcs7_trust.c
+++ b/crypto/asymmetric_keys/pkcs7_trust.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Validate the trust chain of a PKCS#7 message.
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "PKCS7: "fmt
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c
index 97c77f6..ce49820 100644
--- a/crypto/asymmetric_keys/pkcs7_verify.c
+++ b/crypto/asymmetric_keys/pkcs7_verify.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Verify the signature on a PKCS#7 message.
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "PKCS7: "fmt
@@ -16,6 +12,7 @@
#include <linux/err.h>
#include <linux/asn1.h>
#include <crypto/hash.h>
+#include <crypto/hash_info.h>
#include <crypto/public_key.h>
#include "pkcs7_parser.h"
@@ -33,6 +30,10 @@
kenter(",%u,%s", sinfo->index, sinfo->sig->hash_algo);
+ /* The digest was calculated already. */
+ if (sig->digest)
+ return 0;
+
if (!sinfo->sig->hash_algo)
return -ENOPKG;
@@ -56,7 +57,6 @@
goto error_no_desc;
desc->tfm = tfm;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
/* Digest the message [RFC2315 9.3] */
ret = crypto_shash_digest(desc, pkcs7->data, pkcs7->data_len,
@@ -122,6 +122,34 @@
return ret;
}
+int pkcs7_get_digest(struct pkcs7_message *pkcs7, const u8 **buf, u32 *len,
+ enum hash_algo *hash_algo)
+{
+ struct pkcs7_signed_info *sinfo = pkcs7->signed_infos;
+ int i, ret;
+
+ /*
+ * This function doesn't support messages with more than one signature.
+ */
+ if (sinfo == NULL || sinfo->next != NULL)
+ return -EBADMSG;
+
+ ret = pkcs7_digest(pkcs7, sinfo);
+ if (ret)
+ return ret;
+
+ *buf = sinfo->sig->digest;
+ *len = sinfo->sig->digest_size;
+
+ for (i = 0; i < HASH_ALGO__LAST; i++)
+ if (!strcmp(hash_algo_name[i], sinfo->sig->hash_algo)) {
+ *hash_algo = i;
+ break;
+ }
+
+ return 0;
+}
+
/*
* Find the key (X.509 certificate) to use to verify a PKCS#7 message. PKCS#7
* uses the issuer's name and the issuing certificate serial number for
diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1
new file mode 100644
index 0000000..702c41a
--- /dev/null
+++ b/crypto/asymmetric_keys/pkcs8.asn1
@@ -0,0 +1,24 @@
+--
+-- This is the unencrypted variant
+--
+PrivateKeyInfo ::= SEQUENCE {
+ version Version,
+ privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ privateKey PrivateKey,
+ attributes [0] IMPLICIT Attributes OPTIONAL
+}
+
+Version ::= INTEGER ({ pkcs8_note_version })
+
+PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier ({ pkcs8_note_algo })
+
+PrivateKey ::= OCTET STRING ({ pkcs8_note_key })
+
+Attributes ::= SET OF Attribute
+
+Attribute ::= ANY
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER ({ pkcs8_note_OID }),
+ parameters ANY OPTIONAL
+}
diff --git a/crypto/asymmetric_keys/pkcs8_parser.c b/crypto/asymmetric_keys/pkcs8_parser.c
new file mode 100644
index 0000000..105dcce
--- /dev/null
+++ b/crypto/asymmetric_keys/pkcs8_parser.c
@@ -0,0 +1,180 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* PKCS#8 Private Key parser [RFC 5208].
+ *
+ * Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ */
+
+#define pr_fmt(fmt) "PKCS8: "fmt
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/slab.h>
+#include <linux/err.h>
+#include <linux/oid_registry.h>
+#include <keys/asymmetric-subtype.h>
+#include <keys/asymmetric-parser.h>
+#include <crypto/public_key.h>
+#include "pkcs8.asn1.h"
+
+struct pkcs8_parse_context {
+ struct public_key *pub;
+ unsigned long data; /* Start of data */
+ enum OID last_oid; /* Last OID encountered */
+ enum OID algo_oid; /* Algorithm OID */
+ u32 key_size;
+ const void *key;
+};
+
+/*
+ * Note an OID when we find one for later processing when we know how to
+ * interpret it.
+ */
+int pkcs8_note_OID(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct pkcs8_parse_context *ctx = context;
+
+ ctx->last_oid = look_up_OID(value, vlen);
+ if (ctx->last_oid == OID__NR) {
+ char buffer[50];
+
+ sprint_oid(value, vlen, buffer, sizeof(buffer));
+ pr_info("Unknown OID: [%lu] %s\n",
+ (unsigned long)value - ctx->data, buffer);
+ }
+ return 0;
+}
+
+/*
+ * Note the version number of the ASN.1 blob.
+ */
+int pkcs8_note_version(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ if (vlen != 1 || ((const u8 *)value)[0] != 0) {
+ pr_warn("Unsupported PKCS#8 version\n");
+ return -EBADMSG;
+ }
+ return 0;
+}
+
+/*
+ * Note the public algorithm.
+ */
+int pkcs8_note_algo(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct pkcs8_parse_context *ctx = context;
+
+ if (ctx->last_oid != OID_rsaEncryption)
+ return -ENOPKG;
+
+ ctx->pub->pkey_algo = "rsa";
+ return 0;
+}
+
+/*
+ * Note the key data of the ASN.1 blob.
+ */
+int pkcs8_note_key(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct pkcs8_parse_context *ctx = context;
+
+ ctx->key = value;
+ ctx->key_size = vlen;
+ return 0;
+}
+
+/*
+ * Parse a PKCS#8 private key blob.
+ */
+static struct public_key *pkcs8_parse(const void *data, size_t datalen)
+{
+ struct pkcs8_parse_context ctx;
+ struct public_key *pub;
+ long ret;
+
+ memset(&ctx, 0, sizeof(ctx));
+
+ ret = -ENOMEM;
+ ctx.pub = kzalloc(sizeof(struct public_key), GFP_KERNEL);
+ if (!ctx.pub)
+ goto error;
+
+ ctx.data = (unsigned long)data;
+
+ /* Attempt to decode the private key */
+ ret = asn1_ber_decoder(&pkcs8_decoder, &ctx, data, datalen);
+ if (ret < 0)
+ goto error_decode;
+
+ ret = -ENOMEM;
+ pub = ctx.pub;
+ pub->key = kmemdup(ctx.key, ctx.key_size, GFP_KERNEL);
+ if (!pub->key)
+ goto error_decode;
+
+ pub->keylen = ctx.key_size;
+ pub->key_is_private = true;
+ return pub;
+
+error_decode:
+ kfree(ctx.pub);
+error:
+ return ERR_PTR(ret);
+}
+
+/*
+ * Attempt to parse a data blob for a key as a PKCS#8 private key.
+ */
+static int pkcs8_key_preparse(struct key_preparsed_payload *prep)
+{
+ struct public_key *pub;
+
+ pub = pkcs8_parse(prep->data, prep->datalen);
+ if (IS_ERR(pub))
+ return PTR_ERR(pub);
+
+ pr_devel("Cert Key Algo: %s\n", pub->pkey_algo);
+ pub->id_type = "PKCS8";
+
+ /* We're pinning the module by being linked against it */
+ __module_get(public_key_subtype.owner);
+ prep->payload.data[asym_subtype] = &public_key_subtype;
+ prep->payload.data[asym_key_ids] = NULL;
+ prep->payload.data[asym_crypto] = pub;
+ prep->payload.data[asym_auth] = NULL;
+ prep->quotalen = 100;
+ return 0;
+}
+
+static struct asymmetric_key_parser pkcs8_key_parser = {
+ .owner = THIS_MODULE,
+ .name = "pkcs8",
+ .parse = pkcs8_key_preparse,
+};
+
+/*
+ * Module stuff
+ */
+static int __init pkcs8_key_init(void)
+{
+ return register_asymmetric_key_parser(&pkcs8_key_parser);
+}
+
+static void __exit pkcs8_key_exit(void)
+{
+ unregister_asymmetric_key_parser(&pkcs8_key_parser);
+}
+
+module_init(pkcs8_key_init);
+module_exit(pkcs8_key_exit);
+
+MODULE_DESCRIPTION("PKCS#8 certificate parser");
+MODULE_LICENSE("GPL");
diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c
index e929fe1..364b9df 100644
--- a/crypto/asymmetric_keys/public_key.c
+++ b/crypto/asymmetric_keys/public_key.c
@@ -1,14 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* In-software asymmetric public-key crypto subtype
*
* See Documentation/crypto/asymmetric-keys.txt
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "PKEY: "fmt
@@ -45,6 +41,7 @@
{
if (key) {
kfree(key->key);
+ kfree(key->params);
kfree(key);
}
}
@@ -60,6 +57,194 @@
}
/*
+ * Determine the crypto algorithm name.
+ */
+static
+int software_key_determine_akcipher(const char *encoding,
+ const char *hash_algo,
+ const struct public_key *pkey,
+ char alg_name[CRYPTO_MAX_ALG_NAME])
+{
+ int n;
+
+ if (strcmp(encoding, "pkcs1") == 0) {
+ /* The data wangled by the RSA algorithm is typically padded
+ * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
+ * sec 8.2].
+ */
+ if (!hash_algo)
+ n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
+ "pkcs1pad(%s)",
+ pkey->pkey_algo);
+ else
+ n = snprintf(alg_name, CRYPTO_MAX_ALG_NAME,
+ "pkcs1pad(%s,%s)",
+ pkey->pkey_algo, hash_algo);
+ return n >= CRYPTO_MAX_ALG_NAME ? -EINVAL : 0;
+ }
+
+ if (strcmp(encoding, "raw") == 0) {
+ strcpy(alg_name, pkey->pkey_algo);
+ return 0;
+ }
+
+ return -ENOPKG;
+}
+
+static u8 *pkey_pack_u32(u8 *dst, u32 val)
+{
+ memcpy(dst, &val, sizeof(val));
+ return dst + sizeof(val);
+}
+
+/*
+ * Query information about a key.
+ */
+static int software_key_query(const struct kernel_pkey_params *params,
+ struct kernel_pkey_query *info)
+{
+ struct crypto_akcipher *tfm;
+ struct public_key *pkey = params->key->payload.data[asym_crypto];
+ char alg_name[CRYPTO_MAX_ALG_NAME];
+ u8 *key, *ptr;
+ int ret, len;
+
+ ret = software_key_determine_akcipher(params->encoding,
+ params->hash_algo,
+ pkey, alg_name);
+ if (ret < 0)
+ return ret;
+
+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
+ GFP_KERNEL);
+ if (!key)
+ goto error_free_tfm;
+ memcpy(key, pkey->key, pkey->keylen);
+ ptr = key + pkey->keylen;
+ ptr = pkey_pack_u32(ptr, pkey->algo);
+ ptr = pkey_pack_u32(ptr, pkey->paramlen);
+ memcpy(ptr, pkey->params, pkey->paramlen);
+
+ if (pkey->key_is_private)
+ ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
+ else
+ ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
+ if (ret < 0)
+ goto error_free_key;
+
+ len = crypto_akcipher_maxsize(tfm);
+ info->key_size = len * 8;
+ info->max_data_size = len;
+ info->max_sig_size = len;
+ info->max_enc_size = len;
+ info->max_dec_size = len;
+ info->supported_ops = (KEYCTL_SUPPORTS_ENCRYPT |
+ KEYCTL_SUPPORTS_VERIFY);
+ if (pkey->key_is_private)
+ info->supported_ops |= (KEYCTL_SUPPORTS_DECRYPT |
+ KEYCTL_SUPPORTS_SIGN);
+ ret = 0;
+
+error_free_key:
+ kfree(key);
+error_free_tfm:
+ crypto_free_akcipher(tfm);
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+
+/*
+ * Do encryption, decryption and signing ops.
+ */
+static int software_key_eds_op(struct kernel_pkey_params *params,
+ const void *in, void *out)
+{
+ const struct public_key *pkey = params->key->payload.data[asym_crypto];
+ struct akcipher_request *req;
+ struct crypto_akcipher *tfm;
+ struct crypto_wait cwait;
+ struct scatterlist in_sg, out_sg;
+ char alg_name[CRYPTO_MAX_ALG_NAME];
+ char *key, *ptr;
+ int ret;
+
+ pr_devel("==>%s()\n", __func__);
+
+ ret = software_key_determine_akcipher(params->encoding,
+ params->hash_algo,
+ pkey, alg_name);
+ if (ret < 0)
+ return ret;
+
+ tfm = crypto_alloc_akcipher(alg_name, 0, 0);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ req = akcipher_request_alloc(tfm, GFP_KERNEL);
+ if (!req)
+ goto error_free_tfm;
+
+ key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
+ GFP_KERNEL);
+ if (!key)
+ goto error_free_req;
+
+ memcpy(key, pkey->key, pkey->keylen);
+ ptr = key + pkey->keylen;
+ ptr = pkey_pack_u32(ptr, pkey->algo);
+ ptr = pkey_pack_u32(ptr, pkey->paramlen);
+ memcpy(ptr, pkey->params, pkey->paramlen);
+
+ if (pkey->key_is_private)
+ ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
+ else
+ ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
+ if (ret)
+ goto error_free_key;
+
+ sg_init_one(&in_sg, in, params->in_len);
+ sg_init_one(&out_sg, out, params->out_len);
+ akcipher_request_set_crypt(req, &in_sg, &out_sg, params->in_len,
+ params->out_len);
+ crypto_init_wait(&cwait);
+ akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
+ CRYPTO_TFM_REQ_MAY_SLEEP,
+ crypto_req_done, &cwait);
+
+ /* Perform the encryption calculation. */
+ switch (params->op) {
+ case kernel_pkey_encrypt:
+ ret = crypto_akcipher_encrypt(req);
+ break;
+ case kernel_pkey_decrypt:
+ ret = crypto_akcipher_decrypt(req);
+ break;
+ case kernel_pkey_sign:
+ ret = crypto_akcipher_sign(req);
+ break;
+ default:
+ BUG();
+ }
+
+ ret = crypto_wait_req(ret, &cwait);
+ if (ret == 0)
+ ret = req->dst_len;
+
+error_free_key:
+ kfree(key);
+error_free_req:
+ akcipher_request_free(req);
+error_free_tfm:
+ crypto_free_akcipher(tfm);
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+
+/*
* Verify a signature using a public key.
*/
int public_key_verify_signature(const struct public_key *pkey,
@@ -68,11 +253,9 @@
struct crypto_wait cwait;
struct crypto_akcipher *tfm;
struct akcipher_request *req;
- struct scatterlist sig_sg, digest_sg;
- const char *alg_name;
- char alg_name_buf[CRYPTO_MAX_ALG_NAME];
- void *output;
- unsigned int outlen;
+ struct scatterlist src_sg[2];
+ char alg_name[CRYPTO_MAX_ALG_NAME];
+ char *key, *ptr;
int ret;
pr_devel("==>%s()\n", __func__);
@@ -81,21 +264,11 @@
BUG_ON(!sig);
BUG_ON(!sig->s);
- if (!sig->digest)
- return -ENOPKG;
-
- alg_name = sig->pkey_algo;
- if (strcmp(sig->pkey_algo, "rsa") == 0) {
- /* The data wangled by the RSA algorithm is typically padded
- * and encoded in some manner, such as EMSA-PKCS1-1_5 [RFC3447
- * sec 8.2].
- */
- if (snprintf(alg_name_buf, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(rsa,%s)", sig->hash_algo
- ) >= CRYPTO_MAX_ALG_NAME)
- return -EINVAL;
- alg_name = alg_name_buf;
- }
+ ret = software_key_determine_akcipher(sig->encoding,
+ sig->hash_algo,
+ pkey, alg_name);
+ if (ret < 0)
+ return ret;
tfm = crypto_alloc_akcipher(alg_name, 0, 0);
if (IS_ERR(tfm))
@@ -106,40 +279,37 @@
if (!req)
goto error_free_tfm;
- ret = crypto_akcipher_set_pub_key(tfm, pkey->key, pkey->keylen);
+ key = kmalloc(pkey->keylen + sizeof(u32) * 2 + pkey->paramlen,
+ GFP_KERNEL);
+ if (!key)
+ goto error_free_req;
+
+ memcpy(key, pkey->key, pkey->keylen);
+ ptr = key + pkey->keylen;
+ ptr = pkey_pack_u32(ptr, pkey->algo);
+ ptr = pkey_pack_u32(ptr, pkey->paramlen);
+ memcpy(ptr, pkey->params, pkey->paramlen);
+
+ if (pkey->key_is_private)
+ ret = crypto_akcipher_set_priv_key(tfm, key, pkey->keylen);
+ else
+ ret = crypto_akcipher_set_pub_key(tfm, key, pkey->keylen);
if (ret)
- goto error_free_req;
+ goto error_free_key;
- ret = -ENOMEM;
- outlen = crypto_akcipher_maxsize(tfm);
- output = kmalloc(outlen, GFP_KERNEL);
- if (!output)
- goto error_free_req;
-
- sg_init_one(&sig_sg, sig->s, sig->s_size);
- sg_init_one(&digest_sg, output, outlen);
- akcipher_request_set_crypt(req, &sig_sg, &digest_sg, sig->s_size,
- outlen);
+ sg_init_table(src_sg, 2);
+ sg_set_buf(&src_sg[0], sig->s, sig->s_size);
+ sg_set_buf(&src_sg[1], sig->digest, sig->digest_size);
+ akcipher_request_set_crypt(req, src_sg, NULL, sig->s_size,
+ sig->digest_size);
crypto_init_wait(&cwait);
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG |
CRYPTO_TFM_REQ_MAY_SLEEP,
crypto_req_done, &cwait);
-
- /* Perform the verification calculation. This doesn't actually do the
- * verification, but rather calculates the hash expected by the
- * signature and returns that to us.
- */
ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
- if (ret)
- goto out_free_output;
- /* Do the actual verification step. */
- if (req->dst_len != sig->digest_size ||
- memcmp(sig->digest, output, sig->digest_size) != 0)
- ret = -EKEYREJECTED;
-
-out_free_output:
- kfree(output);
+error_free_key:
+ kfree(key);
error_free_req:
akcipher_request_free(req);
error_free_tfm:
@@ -167,6 +337,8 @@
.name_len = sizeof("public_key") - 1,
.describe = public_key_describe,
.destroy = public_key_destroy,
+ .query = software_key_query,
+ .eds_op = software_key_eds_op,
.verify_signature = public_key_verify_signature_2,
};
EXPORT_SYMBOL_GPL(public_key_subtype);
diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c
index 7c93c77..77ebeba 100644
--- a/crypto/asymmetric_keys/restrict.c
+++ b/crypto/asymmetric_keys/restrict.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Instantiate a public key crypto key from an X.509 Certificate
*
* Copyright (C) 2012, 2016 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "ASYM: "fmt
diff --git a/crypto/asymmetric_keys/signature.c b/crypto/asymmetric_keys/signature.c
index 2819831..e24a031 100644
--- a/crypto/asymmetric_keys/signature.c
+++ b/crypto/asymmetric_keys/signature.c
@@ -1,14 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Signature verification with an asymmetric key
*
* See Documentation/crypto/asymmetric-keys.txt
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "SIG: "fmt
@@ -16,7 +12,9 @@
#include <linux/export.h>
#include <linux/err.h>
#include <linux/slab.h>
+#include <linux/keyctl.h>
#include <crypto/public_key.h>
+#include <keys/user-type.h>
#include "asymmetric_keys.h"
/*
@@ -37,6 +35,99 @@
EXPORT_SYMBOL_GPL(public_key_signature_free);
/**
+ * query_asymmetric_key - Get information about an aymmetric key.
+ * @params: Various parameters.
+ * @info: Where to put the information.
+ */
+int query_asymmetric_key(const struct kernel_pkey_params *params,
+ struct kernel_pkey_query *info)
+{
+ const struct asymmetric_key_subtype *subtype;
+ struct key *key = params->key;
+ int ret;
+
+ pr_devel("==>%s()\n", __func__);
+
+ if (key->type != &key_type_asymmetric)
+ return -EINVAL;
+ subtype = asymmetric_key_subtype(key);
+ if (!subtype ||
+ !key->payload.data[0])
+ return -EINVAL;
+ if (!subtype->query)
+ return -ENOTSUPP;
+
+ ret = subtype->query(params, info);
+
+ pr_devel("<==%s() = %d\n", __func__, ret);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(query_asymmetric_key);
+
+/**
+ * encrypt_blob - Encrypt data using an asymmetric key
+ * @params: Various parameters
+ * @data: Data blob to be encrypted, length params->data_len
+ * @enc: Encrypted data buffer, length params->enc_len
+ *
+ * Encrypt the specified data blob using the private key specified by
+ * params->key. The encrypted data is wrapped in an encoding if
+ * params->encoding is specified (eg. "pkcs1").
+ *
+ * Returns the length of the data placed in the encrypted data buffer or an
+ * error.
+ */
+int encrypt_blob(struct kernel_pkey_params *params,
+ const void *data, void *enc)
+{
+ params->op = kernel_pkey_encrypt;
+ return asymmetric_key_eds_op(params, data, enc);
+}
+EXPORT_SYMBOL_GPL(encrypt_blob);
+
+/**
+ * decrypt_blob - Decrypt data using an asymmetric key
+ * @params: Various parameters
+ * @enc: Encrypted data to be decrypted, length params->enc_len
+ * @data: Decrypted data buffer, length params->data_len
+ *
+ * Decrypt the specified data blob using the private key specified by
+ * params->key. The decrypted data is wrapped in an encoding if
+ * params->encoding is specified (eg. "pkcs1").
+ *
+ * Returns the length of the data placed in the decrypted data buffer or an
+ * error.
+ */
+int decrypt_blob(struct kernel_pkey_params *params,
+ const void *enc, void *data)
+{
+ params->op = kernel_pkey_decrypt;
+ return asymmetric_key_eds_op(params, enc, data);
+}
+EXPORT_SYMBOL_GPL(decrypt_blob);
+
+/**
+ * create_signature - Sign some data using an asymmetric key
+ * @params: Various parameters
+ * @data: Data blob to be signed, length params->data_len
+ * @enc: Signature buffer, length params->enc_len
+ *
+ * Sign the specified data blob using the private key specified by params->key.
+ * The signature is wrapped in an encoding if params->encoding is specified
+ * (eg. "pkcs1"). If the encoding needs to know the digest type, this can be
+ * passed through params->hash_algo (eg. "sha1").
+ *
+ * Returns the length of the data placed in the signature buffer or an error.
+ */
+int create_signature(struct kernel_pkey_params *params,
+ const void *data, void *enc)
+{
+ params->op = kernel_pkey_sign;
+ return asymmetric_key_eds_op(params, data, enc);
+}
+EXPORT_SYMBOL_GPL(create_signature);
+
+/**
* verify_signature - Initiate the use of an asymmetric key to verify a signature
* @key: The asymmetric key to verify against
* @sig: The signature to check
diff --git a/crypto/asymmetric_keys/tpm.asn1 b/crypto/asymmetric_keys/tpm.asn1
new file mode 100644
index 0000000..d7f1942
--- /dev/null
+++ b/crypto/asymmetric_keys/tpm.asn1
@@ -0,0 +1,5 @@
+--
+-- Unencryted TPM Blob. For details of the format, see:
+-- http://david.woodhou.se/draft-woodhouse-cert-best-practice.html#I-D.mavrogiannopoulos-tpmuri
+--
+PrivateKeyInfo ::= OCTET STRING ({ tpm_note_key })
diff --git a/crypto/asymmetric_keys/tpm_parser.c b/crypto/asymmetric_keys/tpm_parser.c
new file mode 100644
index 0000000..96405d8
--- /dev/null
+++ b/crypto/asymmetric_keys/tpm_parser.c
@@ -0,0 +1,102 @@
+// SPDX-License-Identifier: GPL-2.0
+#define pr_fmt(fmt) "TPM-PARSER: "fmt
+#include <linux/module.h>
+#include <linux/kernel.h>
+#include <linux/export.h>
+#include <linux/slab.h>
+#include <linux/err.h>
+#include <keys/asymmetric-subtype.h>
+#include <keys/asymmetric-parser.h>
+#include <crypto/asym_tpm_subtype.h>
+#include "tpm.asn1.h"
+
+struct tpm_parse_context {
+ const void *blob;
+ u32 blob_len;
+};
+
+/*
+ * Note the key data of the ASN.1 blob.
+ */
+int tpm_note_key(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct tpm_parse_context *ctx = context;
+
+ ctx->blob = value;
+ ctx->blob_len = vlen;
+
+ return 0;
+}
+
+/*
+ * Parse a TPM-encrypted private key blob.
+ */
+static struct tpm_key *tpm_parse(const void *data, size_t datalen)
+{
+ struct tpm_parse_context ctx;
+ long ret;
+
+ memset(&ctx, 0, sizeof(ctx));
+
+ /* Attempt to decode the private key */
+ ret = asn1_ber_decoder(&tpm_decoder, &ctx, data, datalen);
+ if (ret < 0)
+ goto error;
+
+ return tpm_key_create(ctx.blob, ctx.blob_len);
+
+error:
+ return ERR_PTR(ret);
+}
+/*
+ * Attempt to parse a data blob for a key as a TPM private key blob.
+ */
+static int tpm_key_preparse(struct key_preparsed_payload *prep)
+{
+ struct tpm_key *tk;
+
+ /*
+ * TPM 1.2 keys are max 2048 bits long, so assume the blob is no
+ * more than 4x that
+ */
+ if (prep->datalen > 256 * 4)
+ return -EMSGSIZE;
+
+ tk = tpm_parse(prep->data, prep->datalen);
+
+ if (IS_ERR(tk))
+ return PTR_ERR(tk);
+
+ /* We're pinning the module by being linked against it */
+ __module_get(asym_tpm_subtype.owner);
+ prep->payload.data[asym_subtype] = &asym_tpm_subtype;
+ prep->payload.data[asym_key_ids] = NULL;
+ prep->payload.data[asym_crypto] = tk;
+ prep->payload.data[asym_auth] = NULL;
+ prep->quotalen = 100;
+ return 0;
+}
+
+static struct asymmetric_key_parser tpm_key_parser = {
+ .owner = THIS_MODULE,
+ .name = "tpm_parser",
+ .parse = tpm_key_preparse,
+};
+
+static int __init tpm_key_init(void)
+{
+ return register_asymmetric_key_parser(&tpm_key_parser);
+}
+
+static void __exit tpm_key_exit(void)
+{
+ unregister_asymmetric_key_parser(&tpm_key_parser);
+}
+
+module_init(tpm_key_init);
+module_exit(tpm_key_exit);
+
+MODULE_DESCRIPTION("TPM private key-blob parser");
+MODULE_LICENSE("GPL v2");
diff --git a/crypto/asymmetric_keys/verify_pefile.c b/crypto/asymmetric_keys/verify_pefile.c
index d178650..cc9dbce 100644
--- a/crypto/asymmetric_keys/verify_pefile.c
+++ b/crypto/asymmetric_keys/verify_pefile.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Parse a signed PE binary
*
* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "PEFILE: "fmt
@@ -100,7 +96,7 @@
if (!ddir->certs.virtual_address || !ddir->certs.size) {
pr_debug("Unsigned PE binary\n");
- return -EKEYREJECTED;
+ return -ENODATA;
}
chkaddr(ctx->header_size, ddir->certs.virtual_address,
@@ -354,7 +350,6 @@
goto error_no_desc;
desc->tfm = tfm;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
ret = crypto_shash_init(desc);
if (ret < 0)
goto error;
@@ -408,6 +403,8 @@
* (*) 0 if at least one signature chain intersects with the keys in the trust
* keyring, or:
*
+ * (*) -ENODATA if there is no signature present.
+ *
* (*) -ENOPKG if a suitable crypto module couldn't be found for a check on a
* chain.
*
diff --git a/crypto/asymmetric_keys/verify_pefile.h b/crypto/asymmetric_keys/verify_pefile.h
index cd4d209..e1628e1 100644
--- a/crypto/asymmetric_keys/verify_pefile.h
+++ b/crypto/asymmetric_keys/verify_pefile.h
@@ -1,12 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* PE Binary parser bits
*
* Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#include <crypto/pkcs7.h>
diff --git a/crypto/asymmetric_keys/x509.asn1 b/crypto/asymmetric_keys/x509.asn1
index aae0cde..5c9f4e4 100644
--- a/crypto/asymmetric_keys/x509.asn1
+++ b/crypto/asymmetric_keys/x509.asn1
@@ -22,7 +22,7 @@
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER ({ x509_note_OID }),
- parameters ANY OPTIONAL
+ parameters ANY OPTIONAL ({ x509_note_params })
}
Name ::= SEQUENCE OF RelativeDistinguishedName
diff --git a/crypto/asymmetric_keys/x509_cert_parser.c b/crypto/asymmetric_keys/x509_cert_parser.c
index b6cabac..26ec20e 100644
--- a/crypto/asymmetric_keys/x509_cert_parser.c
+++ b/crypto/asymmetric_keys/x509_cert_parser.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* X.509 certificate parser
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "X.509: "fmt
@@ -26,6 +22,9 @@
const void *cert_start; /* Start of cert content */
const void *key; /* Key data */
size_t key_size; /* Size of key data */
+ const void *params; /* Key parameters */
+ size_t params_size; /* Size of key parameters */
+ enum OID key_algo; /* Public key algorithm */
enum OID last_oid; /* Last OID encountered */
enum OID algo_oid; /* Algorithm OID */
unsigned char nr_mpi; /* Number of MPIs stored */
@@ -109,6 +108,13 @@
cert->pub->keylen = ctx->key_size;
+ cert->pub->params = kmemdup(ctx->params, ctx->params_size, GFP_KERNEL);
+ if (!cert->pub->params)
+ goto error_decode;
+
+ cert->pub->paramlen = ctx->params_size;
+ cert->pub->algo = ctx->key_algo;
+
/* Grab the signature bits */
ret = x509_get_sig_params(cert);
if (ret < 0)
@@ -199,35 +205,45 @@
case OID_md4WithRSAEncryption:
ctx->cert->sig->hash_algo = "md4";
- ctx->cert->sig->pkey_algo = "rsa";
- break;
+ goto rsa_pkcs1;
case OID_sha1WithRSAEncryption:
ctx->cert->sig->hash_algo = "sha1";
- ctx->cert->sig->pkey_algo = "rsa";
- break;
+ goto rsa_pkcs1;
case OID_sha256WithRSAEncryption:
ctx->cert->sig->hash_algo = "sha256";
- ctx->cert->sig->pkey_algo = "rsa";
- break;
+ goto rsa_pkcs1;
case OID_sha384WithRSAEncryption:
ctx->cert->sig->hash_algo = "sha384";
- ctx->cert->sig->pkey_algo = "rsa";
- break;
+ goto rsa_pkcs1;
case OID_sha512WithRSAEncryption:
ctx->cert->sig->hash_algo = "sha512";
- ctx->cert->sig->pkey_algo = "rsa";
- break;
+ goto rsa_pkcs1;
case OID_sha224WithRSAEncryption:
ctx->cert->sig->hash_algo = "sha224";
- ctx->cert->sig->pkey_algo = "rsa";
- break;
+ goto rsa_pkcs1;
+
+ case OID_gost2012Signature256:
+ ctx->cert->sig->hash_algo = "streebog256";
+ goto ecrdsa;
+
+ case OID_gost2012Signature512:
+ ctx->cert->sig->hash_algo = "streebog512";
+ goto ecrdsa;
}
+rsa_pkcs1:
+ ctx->cert->sig->pkey_algo = "rsa";
+ ctx->cert->sig->encoding = "pkcs1";
+ ctx->algo_oid = ctx->last_oid;
+ return 0;
+ecrdsa:
+ ctx->cert->sig->pkey_algo = "ecrdsa";
+ ctx->cert->sig->encoding = "raw";
ctx->algo_oid = ctx->last_oid;
return 0;
}
@@ -249,7 +265,8 @@
return -EINVAL;
}
- if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0) {
+ if (strcmp(ctx->cert->sig->pkey_algo, "rsa") == 0 ||
+ strcmp(ctx->cert->sig->pkey_algo, "ecrdsa") == 0) {
/* Discard the BIT STRING metadata */
if (vlen < 1 || *(const u8 *)value != 0)
return -EBADMSG;
@@ -404,6 +421,27 @@
}
/*
+ * Extract the parameters for the public key
+ */
+int x509_note_params(void *context, size_t hdrlen,
+ unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct x509_parse_context *ctx = context;
+
+ /*
+ * AlgorithmIdentifier is used three times in the x509, we should skip
+ * first and ignore third, using second one which is after subject and
+ * before subjectPublicKey.
+ */
+ if (!ctx->cert->raw_subject || ctx->key)
+ return 0;
+ ctx->params = value - hdrlen;
+ ctx->params_size = vlen + hdrlen;
+ return 0;
+}
+
+/*
* Extract the data for the public key algorithm
*/
int x509_extract_key_data(void *context, size_t hdrlen,
@@ -412,11 +450,15 @@
{
struct x509_parse_context *ctx = context;
- if (ctx->last_oid != OID_rsaEncryption)
+ ctx->key_algo = ctx->last_oid;
+ if (ctx->last_oid == OID_rsaEncryption)
+ ctx->cert->pub->pkey_algo = "rsa";
+ else if (ctx->last_oid == OID_gost2012PKey256 ||
+ ctx->last_oid == OID_gost2012PKey512)
+ ctx->cert->pub->pkey_algo = "ecrdsa";
+ else
return -ENOPKG;
- ctx->cert->pub->pkey_algo = "rsa";
-
/* Discard the BIT STRING metadata */
if (vlen < 1 || *(const u8 *)value != 0)
return -EBADMSG;
diff --git a/crypto/asymmetric_keys/x509_parser.h b/crypto/asymmetric_keys/x509_parser.h
index e373e74..c233f13 100644
--- a/crypto/asymmetric_keys/x509_parser.h
+++ b/crypto/asymmetric_keys/x509_parser.h
@@ -1,12 +1,8 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* X.509 certificate parser internal definitions
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#include <linux/time.h>
diff --git a/crypto/asymmetric_keys/x509_public_key.c b/crypto/asymmetric_keys/x509_public_key.c
index 9338b45..d964cc8 100644
--- a/crypto/asymmetric_keys/x509_public_key.c
+++ b/crypto/asymmetric_keys/x509_public_key.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Instantiate a public key crypto key from an X.509 Certificate
*
* Copyright (C) 2012 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#define pr_fmt(fmt) "X.509: "fmt
@@ -77,7 +73,6 @@
goto error;
desc->tfm = tfm;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
ret = crypto_shash_digest(desc, cert->tbs, cert->tbs_size, sig->digest);
if (ret < 0)
diff --git a/crypto/async_tx/async_memcpy.c b/crypto/async_tx/async_memcpy.c
index 88bc8e6..c538e30 100644
--- a/crypto/async_tx/async_memcpy.c
+++ b/crypto/async_tx/async_memcpy.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* copy offload engine support
*
@@ -8,20 +9,6 @@
* with architecture considerations by:
* Neil Brown <neilb@suse.de>
* Jeff Garzik <jeff@garzik.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
*/
#include <linux/kernel.h>
#include <linux/highmem.h>
diff --git a/crypto/async_tx/async_pq.c b/crypto/async_tx/async_pq.c
index 80dc567..341ece6 100644
--- a/crypto/async_tx/async_pq.c
+++ b/crypto/async_tx/async_pq.c
@@ -1,23 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright(c) 2007 Yuri Tikhonov <yur@emcraft.com>
* Copyright(c) 2009 Intel Corporation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 59
- * Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- *
- * The full GNU General Public License is included in this distribution in the
- * file called COPYING.
*/
#include <linux/kernel.h>
#include <linux/interrupt.h>
diff --git a/crypto/async_tx/async_raid6_recov.c b/crypto/async_tx/async_raid6_recov.c
index 8fab627..f249142 100644
--- a/crypto/async_tx/async_raid6_recov.c
+++ b/crypto/async_tx/async_raid6_recov.c
@@ -1,24 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Asynchronous RAID-6 recovery calculations ASYNC_TX API.
* Copyright(c) 2009 Intel Corporation
*
* based on raid6recov.c:
* Copyright 2002 H. Peter Anvin
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
*/
#include <linux/kernel.h>
#include <linux/interrupt.h>
diff --git a/crypto/async_tx/async_tx.c b/crypto/async_tx/async_tx.c
index 39ea479..9256934 100644
--- a/crypto/async_tx/async_tx.c
+++ b/crypto/async_tx/async_tx.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* core routines for the asynchronous memory transfer/transform api
*
@@ -8,20 +9,6 @@
* with architecture considerations by:
* Neil Brown <neilb@suse.de>
* Jeff Garzik <jeff@garzik.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
*/
#include <linux/rculist.h>
#include <linux/module.h>
diff --git a/crypto/async_tx/async_xor.c b/crypto/async_tx/async_xor.c
index da75777..4e5eebe 100644
--- a/crypto/async_tx/async_xor.c
+++ b/crypto/async_tx/async_xor.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* xor offload engine api
*
@@ -8,20 +9,6 @@
* with architecture considerations by:
* Neil Brown <neilb@suse.de>
* Jeff Garzik <jeff@garzik.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
*/
#include <linux/kernel.h>
#include <linux/interrupt.h>
diff --git a/crypto/async_tx/raid6test.c b/crypto/async_tx/raid6test.c
index a5edaab..14e73dc 100644
--- a/crypto/async_tx/raid6test.c
+++ b/crypto/async_tx/raid6test.c
@@ -1,23 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* asynchronous raid6 recovery self test
* Copyright (c) 2009, Intel Corporation.
*
* based on drivers/md/raid6test/test.c:
* Copyright 2002-2007 H. Peter Anvin
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
- *
*/
#include <linux/async_tx.h>
#include <linux/gfp.h>
diff --git a/crypto/authenc.c b/crypto/authenc.c
index 4fa8d40..3f0ed94 100644
--- a/crypto/authenc.c
+++ b/crypto/authenc.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Authenc: Simple AEAD wrapper for IPsec
*
* Copyright (c) 2007-2015 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/aead.h>
@@ -33,7 +28,7 @@
struct crypto_authenc_ctx {
struct crypto_ahash *auth;
struct crypto_skcipher *enc;
- struct crypto_skcipher *null;
+ struct crypto_sync_skcipher *null;
};
struct authenc_request_ctx {
@@ -58,14 +53,22 @@
return -EINVAL;
if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM)
return -EINVAL;
- if (RTA_PAYLOAD(rta) < sizeof(*param))
+
+ /*
+ * RTA_OK() didn't align the rtattr's payload when validating that it
+ * fits in the buffer. Yet, the keys should start on the next 4-byte
+ * aligned boundary. To avoid confusion, require that the rtattr
+ * payload be exactly the param struct, which has a 4-byte aligned size.
+ */
+ if (RTA_PAYLOAD(rta) != sizeof(*param))
return -EINVAL;
+ BUILD_BUG_ON(sizeof(*param) % RTA_ALIGNTO);
param = RTA_DATA(rta);
keys->enckeylen = be32_to_cpu(param->enckeylen);
- key += RTA_ALIGN(rta->rta_len);
- keylen -= RTA_ALIGN(rta->rta_len);
+ key += rta->rta_len;
+ keylen -= rta->rta_len;
if (keylen < keys->enckeylen)
return -EINVAL;
@@ -185,9 +188,9 @@
{
struct crypto_aead *authenc = crypto_aead_reqtfm(req);
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(authenc);
- SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null);
+ SYNC_SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null);
- skcipher_request_set_tfm(skreq, ctx->null);
+ skcipher_request_set_sync_tfm(skreq, ctx->null);
skcipher_request_set_callback(skreq, aead_request_flags(req),
NULL, NULL);
skcipher_request_set_crypt(skreq, req->src, req->dst, req->assoclen,
@@ -318,7 +321,7 @@
struct crypto_authenc_ctx *ctx = crypto_aead_ctx(tfm);
struct crypto_ahash *auth;
struct crypto_skcipher *enc;
- struct crypto_skcipher *null;
+ struct crypto_sync_skcipher *null;
int err;
auth = crypto_spawn_ahash(&ictx->auth);
@@ -500,7 +503,7 @@
crypto_unregister_template(&crypto_authenc_tmpl);
}
-module_init(crypto_authenc_module_init);
+subsys_initcall(crypto_authenc_module_init);
module_exit(crypto_authenc_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/authencesn.c b/crypto/authencesn.c
index 50b8047..adb7554 100644
--- a/crypto/authencesn.c
+++ b/crypto/authencesn.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* authencesn.c - AEAD wrapper for IPsec with extended sequence numbers,
* derived from authenc.c
@@ -5,12 +6,6 @@
* Copyright (C) 2010 secunet Security Networks AG
* Copyright (C) 2010 Steffen Klassert <steffen.klassert@secunet.com>
* Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/aead.h>
@@ -36,7 +31,7 @@
unsigned int reqoff;
struct crypto_ahash *auth;
struct crypto_skcipher *enc;
- struct crypto_skcipher *null;
+ struct crypto_sync_skcipher *null;
};
struct authenc_esn_request_ctx {
@@ -183,9 +178,9 @@
{
struct crypto_aead *authenc_esn = crypto_aead_reqtfm(req);
struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn);
- SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null);
+ SYNC_SKCIPHER_REQUEST_ON_STACK(skreq, ctx->null);
- skcipher_request_set_tfm(skreq, ctx->null);
+ skcipher_request_set_sync_tfm(skreq, ctx->null);
skcipher_request_set_callback(skreq, aead_request_flags(req),
NULL, NULL);
skcipher_request_set_crypt(skreq, req->src, req->dst, len, NULL);
@@ -279,7 +274,7 @@
struct aead_request *req = areq->data;
err = err ?: crypto_authenc_esn_decrypt_tail(req, 0);
- aead_request_complete(req, err);
+ authenc_esn_request_complete(req, err);
}
static int crypto_authenc_esn_decrypt(struct aead_request *req)
@@ -341,7 +336,7 @@
struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(tfm);
struct crypto_ahash *auth;
struct crypto_skcipher *enc;
- struct crypto_skcipher *null;
+ struct crypto_sync_skcipher *null;
int err;
auth = crypto_spawn_ahash(&ictx->auth);
@@ -523,7 +518,7 @@
crypto_unregister_template(&crypto_authenc_esn_tmpl);
}
-module_init(crypto_authenc_esn_module_init);
+subsys_initcall(crypto_authenc_esn_module_init);
module_exit(crypto_authenc_esn_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index f93abf1..48a3381 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Block chaining cipher operations.
*
@@ -6,12 +7,6 @@
* the kernel is given a chance to schedule us once per page.
*
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/aead.h>
@@ -507,23 +502,18 @@
{
struct crypto_report_blkcipher rblkcipher;
- strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type));
- strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>",
- sizeof(rblkcipher.geniv));
- rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
+ memset(&rblkcipher, 0, sizeof(rblkcipher));
+
+ strscpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type));
+ strscpy(rblkcipher.geniv, "<default>", sizeof(rblkcipher.geniv));
rblkcipher.blocksize = alg->cra_blocksize;
rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
rblkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
rblkcipher.ivsize = alg->cra_blkcipher.ivsize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
- sizeof(struct crypto_report_blkcipher), &rblkcipher))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
+ sizeof(rblkcipher), &rblkcipher);
}
#else
static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -541,8 +531,7 @@
seq_printf(m, "min keysize : %u\n", alg->cra_blkcipher.min_keysize);
seq_printf(m, "max keysize : %u\n", alg->cra_blkcipher.max_keysize);
seq_printf(m, "ivsize : %u\n", alg->cra_blkcipher.ivsize);
- seq_printf(m, "geniv : %s\n", alg->cra_blkcipher.geniv ?:
- "<default>");
+ seq_printf(m, "geniv : <default>\n");
}
const struct crypto_type crypto_blkcipher_type = {
diff --git a/crypto/blowfish_common.c b/crypto/blowfish_common.c
index f636aab..1c07201 100644
--- a/crypto/blowfish_common.c
+++ b/crypto/blowfish_common.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -12,12 +13,6 @@
* Copyright (c) Herbert Valerio Riedel <hvr@hvrlab.org>
* Copyright (c) Kyle McMartin <kyle@debian.org>
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <linux/init.h>
#include <linux/module.h>
diff --git a/crypto/blowfish_generic.c b/crypto/blowfish_generic.c
index 87b392a..c3c2041 100644
--- a/crypto/blowfish_generic.c
+++ b/crypto/blowfish_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -9,12 +10,6 @@
* Copyright (c) Herbert Valerio Riedel <hvr@hvrlab.org>
* Copyright (c) Kyle McMartin <kyle@debian.org>
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <linux/init.h>
#include <linux/module.h>
@@ -133,7 +128,7 @@
crypto_unregister_alg(&alg);
}
-module_init(blowfish_mod_init);
+subsys_initcall(blowfish_mod_init);
module_exit(blowfish_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/camellia_generic.c b/crypto/camellia_generic.c
index 32ddd48..b6a1121 100644
--- a/crypto/camellia_generic.c
+++ b/crypto/camellia_generic.c
@@ -1,19 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (C) 2006
* NTT (Nippon Telegraph and Telephone Corporation).
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version 2
- * of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
@@ -1092,7 +1080,7 @@
crypto_unregister_alg(&camellia_alg);
}
-module_init(camellia_init);
+subsys_initcall(camellia_init);
module_exit(camellia_fini);
MODULE_DESCRIPTION("Camellia Cipher Algorithm");
diff --git a/crypto/cast5_generic.c b/crypto/cast5_generic.c
index 66169c1..4095085 100644
--- a/crypto/cast5_generic.c
+++ b/crypto/cast5_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Kernel cryptographic api.
* cast5.c - Cast5 cipher algorithm (rfc2144).
*
@@ -9,14 +10,6 @@
*
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
* Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
-*
-* This program is free software; you can redistribute it and/or modify it
-* under the terms of GNU General Public License as published by the Free
-* Software Foundation; either version 2 of the License, or (at your option)
-* any later version.
-*
-* You should have received a copy of the GNU General Public License
-* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -543,7 +536,7 @@
crypto_unregister_alg(&alg);
}
-module_init(cast5_mod_init);
+subsys_initcall(cast5_mod_init);
module_exit(cast5_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/cast6_generic.c b/crypto/cast6_generic.c
index c8e5ec6..a8248f8 100644
--- a/crypto/cast6_generic.c
+++ b/crypto/cast6_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Kernel cryptographic api.
* cast6.c - Cast6 cipher algorithm [rfc2612].
*
@@ -6,14 +7,6 @@
* algorithm.
*
* Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -285,7 +278,7 @@
crypto_unregister_alg(&alg);
}
-module_init(cast6_mod_init);
+subsys_initcall(cast6_mod_init);
module_exit(cast6_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/cast_common.c b/crypto/cast_common.c
index 117dd82..9b2f60f 100644
--- a/crypto/cast_common.c
+++ b/crypto/cast_common.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Common lookup tables for CAST-128 (cast5) and CAST-256 (cast6)
*
* Copyright © 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
* Copyright © 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>
* Copyright © 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/module.h>
diff --git a/crypto/cbc.c b/crypto/cbc.c
index dd5f332..dd96bcf 100644
--- a/crypto/cbc.c
+++ b/crypto/cbc.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* CBC: Cipher Block Chaining mode
*
* Copyright (c) 2006-2016 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/algapi.h>
@@ -18,34 +13,11 @@
#include <linux/kernel.h>
#include <linux/log2.h>
#include <linux/module.h>
-#include <linux/slab.h>
-
-struct crypto_cbc_ctx {
- struct crypto_cipher *child;
-};
-
-static int crypto_cbc_setkey(struct crypto_skcipher *parent, const u8 *key,
- unsigned int keylen)
-{
- struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(parent);
- struct crypto_cipher *child = ctx->child;
- int err;
-
- crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_cipher_setkey(child, key, keylen);
- crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
static inline void crypto_cbc_encrypt_one(struct crypto_skcipher *tfm,
const u8 *src, u8 *dst)
{
- struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- crypto_cipher_encrypt_one(ctx->child, dst, src);
+ crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src);
}
static int crypto_cbc_encrypt(struct skcipher_request *req)
@@ -56,9 +28,7 @@
static inline void crypto_cbc_decrypt_one(struct crypto_skcipher *tfm,
const u8 *src, u8 *dst)
{
- struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- crypto_cipher_decrypt_one(ctx->child, dst, src);
+ crypto_cipher_decrypt_one(skcipher_cipher_simple(tfm), dst, src);
}
static int crypto_cbc_decrypt(struct skcipher_request *req)
@@ -78,113 +48,33 @@
return err;
}
-static int crypto_cbc_init_tfm(struct crypto_skcipher *tfm)
-{
- struct skcipher_instance *inst = skcipher_alg_instance(tfm);
- struct crypto_spawn *spawn = skcipher_instance_ctx(inst);
- struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_spawn_cipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
- return 0;
-}
-
-static void crypto_cbc_exit_tfm(struct crypto_skcipher *tfm)
-{
- struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- crypto_free_cipher(ctx->child);
-}
-
-static void crypto_cbc_free(struct skcipher_instance *inst)
-{
- crypto_drop_skcipher(skcipher_instance_ctx(inst));
- kfree(inst);
-}
-
static int crypto_cbc_create(struct crypto_template *tmpl, struct rtattr **tb)
{
struct skcipher_instance *inst;
- struct crypto_attr_type *algt;
- struct crypto_spawn *spawn;
struct crypto_alg *alg;
- u32 mask;
int err;
- err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER);
- if (err)
- return err;
-
- inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
- if (!inst)
- return -ENOMEM;
-
- algt = crypto_get_attr_type(tb);
- err = PTR_ERR(algt);
- if (IS_ERR(algt))
- goto err_free_inst;
-
- mask = CRYPTO_ALG_TYPE_MASK |
- crypto_requires_off(algt->type, algt->mask,
- CRYPTO_ALG_NEED_FALLBACK);
-
- alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask);
- err = PTR_ERR(alg);
- if (IS_ERR(alg))
- goto err_free_inst;
-
- spawn = skcipher_instance_ctx(inst);
- err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst),
- CRYPTO_ALG_TYPE_MASK);
- if (err)
- goto err_put_alg;
-
- err = crypto_inst_setname(skcipher_crypto_instance(inst), "cbc", alg);
- if (err)
- goto err_drop_spawn;
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
+ if (IS_ERR(inst))
+ return PTR_ERR(inst);
err = -EINVAL;
if (!is_power_of_2(alg->cra_blocksize))
- goto err_drop_spawn;
+ goto out_free_inst;
- inst->alg.base.cra_priority = alg->cra_priority;
- inst->alg.base.cra_blocksize = alg->cra_blocksize;
- inst->alg.base.cra_alignmask = alg->cra_alignmask;
-
- inst->alg.ivsize = alg->cra_blocksize;
- inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize;
- inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize;
-
- inst->alg.base.cra_ctxsize = sizeof(struct crypto_cbc_ctx);
-
- inst->alg.init = crypto_cbc_init_tfm;
- inst->alg.exit = crypto_cbc_exit_tfm;
-
- inst->alg.setkey = crypto_cbc_setkey;
inst->alg.encrypt = crypto_cbc_encrypt;
inst->alg.decrypt = crypto_cbc_decrypt;
- inst->free = crypto_cbc_free;
-
err = skcipher_register_instance(tmpl, inst);
if (err)
- goto err_drop_spawn;
- crypto_mod_put(alg);
+ goto out_free_inst;
+ goto out_put_alg;
-out:
+out_free_inst:
+ inst->free(inst);
+out_put_alg:
+ crypto_mod_put(alg);
return err;
-
-err_drop_spawn:
- crypto_drop_spawn(spawn);
-err_put_alg:
- crypto_mod_put(alg);
-err_free_inst:
- kfree(inst);
- goto out;
}
static struct crypto_template crypto_cbc_tmpl = {
@@ -203,9 +93,9 @@
crypto_unregister_template(&crypto_cbc_tmpl);
}
-module_init(crypto_cbc_module_init);
+subsys_initcall(crypto_cbc_module_init);
module_exit(crypto_cbc_module_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("CBC block cipher algorithm");
+MODULE_DESCRIPTION("CBC block cipher mode of operation");
MODULE_ALIAS_CRYPTO("cbc");
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 0a08334..380eb61 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* CCM: Counter with CBC-MAC
*
* (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/aead.h>
@@ -50,7 +45,10 @@
u32 flags;
struct scatterlist src[3];
struct scatterlist dst[3];
- struct skcipher_request skreq;
+ union {
+ struct ahash_request ahreq;
+ struct skcipher_request skreq;
+ };
};
struct cbcmac_tfm_ctx {
@@ -181,7 +179,7 @@
struct crypto_ccm_req_priv_ctx *pctx = crypto_ccm_reqctx(req);
struct crypto_aead *aead = crypto_aead_reqtfm(req);
struct crypto_ccm_ctx *ctx = crypto_aead_ctx(aead);
- AHASH_REQUEST_ON_STACK(ahreq, ctx->mac);
+ struct ahash_request *ahreq = &pctx->ahreq;
unsigned int assoclen = req->assoclen;
struct scatterlist sg[3];
u8 *odata = pctx->odata;
@@ -427,7 +425,7 @@
crypto_aead_set_reqsize(
tfm,
align + sizeof(struct crypto_ccm_req_priv_ctx) +
- crypto_skcipher_reqsize(ctr));
+ max(crypto_ahash_reqsize(mac), crypto_skcipher_reqsize(ctr)));
return 0;
@@ -455,7 +453,6 @@
static int crypto_ccm_create_common(struct crypto_template *tmpl,
struct rtattr **tb,
- const char *full_name,
const char *ctr_name,
const char *mac_name)
{
@@ -483,7 +480,8 @@
mac = __crypto_hash_alg_common(mac_alg);
err = -EINVAL;
- if (mac->digestsize != 16)
+ if (strncmp(mac->base.cra_name, "cbcmac(", 7) != 0 ||
+ mac->digestsize != 16)
goto out_put_mac;
inst = kzalloc(sizeof(*inst) + sizeof(*ictx), GFP_KERNEL);
@@ -506,23 +504,27 @@
ctr = crypto_spawn_skcipher_alg(&ictx->ctr);
- /* Not a stream cipher? */
+ /* The skcipher algorithm must be CTR mode, using 16-byte blocks. */
err = -EINVAL;
- if (ctr->base.cra_blocksize != 1)
+ if (strncmp(ctr->base.cra_name, "ctr(", 4) != 0 ||
+ crypto_skcipher_alg_ivsize(ctr) != 16 ||
+ ctr->base.cra_blocksize != 1)
goto err_drop_ctr;
- /* We want the real thing! */
- if (crypto_skcipher_alg_ivsize(ctr) != 16)
+ /* ctr and cbcmac must use the same underlying block cipher. */
+ if (strcmp(ctr->base.cra_name + 4, mac->base.cra_name + 7) != 0)
goto err_drop_ctr;
err = -ENAMETOOLONG;
+ if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
+ "ccm(%s", ctr->base.cra_name + 4) >= CRYPTO_MAX_ALG_NAME)
+ goto err_drop_ctr;
+
if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
"ccm_base(%s,%s)", ctr->base.cra_driver_name,
mac->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
goto err_drop_ctr;
- memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME);
-
inst->alg.base.cra_flags = ctr->base.cra_flags & CRYPTO_ALG_ASYNC;
inst->alg.base.cra_priority = (mac->base.cra_priority +
ctr->base.cra_priority) / 2;
@@ -564,7 +566,6 @@
const char *cipher_name;
char ctr_name[CRYPTO_MAX_ALG_NAME];
char mac_name[CRYPTO_MAX_ALG_NAME];
- char full_name[CRYPTO_MAX_ALG_NAME];
cipher_name = crypto_attr_alg_name(tb[1]);
if (IS_ERR(cipher_name))
@@ -578,49 +579,26 @@
cipher_name) >= CRYPTO_MAX_ALG_NAME)
return -ENAMETOOLONG;
- if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "ccm(%s)", cipher_name) >=
- CRYPTO_MAX_ALG_NAME)
- return -ENAMETOOLONG;
-
- return crypto_ccm_create_common(tmpl, tb, full_name, ctr_name,
- mac_name);
+ return crypto_ccm_create_common(tmpl, tb, ctr_name, mac_name);
}
-static struct crypto_template crypto_ccm_tmpl = {
- .name = "ccm",
- .create = crypto_ccm_create,
- .module = THIS_MODULE,
-};
-
static int crypto_ccm_base_create(struct crypto_template *tmpl,
struct rtattr **tb)
{
const char *ctr_name;
- const char *cipher_name;
- char full_name[CRYPTO_MAX_ALG_NAME];
+ const char *mac_name;
ctr_name = crypto_attr_alg_name(tb[1]);
if (IS_ERR(ctr_name))
return PTR_ERR(ctr_name);
- cipher_name = crypto_attr_alg_name(tb[2]);
- if (IS_ERR(cipher_name))
- return PTR_ERR(cipher_name);
+ mac_name = crypto_attr_alg_name(tb[2]);
+ if (IS_ERR(mac_name))
+ return PTR_ERR(mac_name);
- if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "ccm_base(%s,%s)",
- ctr_name, cipher_name) >= CRYPTO_MAX_ALG_NAME)
- return -ENAMETOOLONG;
-
- return crypto_ccm_create_common(tmpl, tb, full_name, ctr_name,
- cipher_name);
+ return crypto_ccm_create_common(tmpl, tb, ctr_name, mac_name);
}
-static struct crypto_template crypto_ccm_base_tmpl = {
- .name = "ccm_base",
- .create = crypto_ccm_base_create,
- .module = THIS_MODULE,
-};
-
static int crypto_rfc4309_setkey(struct crypto_aead *parent, const u8 *key,
unsigned int keylen)
{
@@ -851,12 +829,6 @@
goto out;
}
-static struct crypto_template crypto_rfc4309_tmpl = {
- .name = "rfc4309",
- .create = crypto_rfc4309_create,
- .module = THIS_MODULE,
-};
-
static int crypto_cbcmac_digest_setkey(struct crypto_shash *parent,
const u8 *inkey, unsigned int keylen)
{
@@ -996,54 +968,40 @@
return err;
}
-static struct crypto_template crypto_cbcmac_tmpl = {
- .name = "cbcmac",
- .create = cbcmac_create,
- .free = shash_free_instance,
- .module = THIS_MODULE,
+static struct crypto_template crypto_ccm_tmpls[] = {
+ {
+ .name = "cbcmac",
+ .create = cbcmac_create,
+ .free = shash_free_instance,
+ .module = THIS_MODULE,
+ }, {
+ .name = "ccm_base",
+ .create = crypto_ccm_base_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "ccm",
+ .create = crypto_ccm_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "rfc4309",
+ .create = crypto_rfc4309_create,
+ .module = THIS_MODULE,
+ },
};
static int __init crypto_ccm_module_init(void)
{
- int err;
-
- err = crypto_register_template(&crypto_cbcmac_tmpl);
- if (err)
- goto out;
-
- err = crypto_register_template(&crypto_ccm_base_tmpl);
- if (err)
- goto out_undo_cbcmac;
-
- err = crypto_register_template(&crypto_ccm_tmpl);
- if (err)
- goto out_undo_base;
-
- err = crypto_register_template(&crypto_rfc4309_tmpl);
- if (err)
- goto out_undo_ccm;
-
-out:
- return err;
-
-out_undo_ccm:
- crypto_unregister_template(&crypto_ccm_tmpl);
-out_undo_base:
- crypto_unregister_template(&crypto_ccm_base_tmpl);
-out_undo_cbcmac:
- crypto_register_template(&crypto_cbcmac_tmpl);
- goto out;
+ return crypto_register_templates(crypto_ccm_tmpls,
+ ARRAY_SIZE(crypto_ccm_tmpls));
}
static void __exit crypto_ccm_module_exit(void)
{
- crypto_unregister_template(&crypto_rfc4309_tmpl);
- crypto_unregister_template(&crypto_ccm_tmpl);
- crypto_unregister_template(&crypto_ccm_base_tmpl);
- crypto_unregister_template(&crypto_cbcmac_tmpl);
+ crypto_unregister_templates(crypto_ccm_tmpls,
+ ARRAY_SIZE(crypto_ccm_tmpls));
}
-module_init(crypto_ccm_module_init);
+subsys_initcall(crypto_ccm_module_init);
module_exit(crypto_ccm_module_exit);
MODULE_LICENSE("GPL");
@@ -1051,3 +1009,4 @@
MODULE_ALIAS_CRYPTO("ccm_base");
MODULE_ALIAS_CRYPTO("rfc4309");
MODULE_ALIAS_CRYPTO("ccm");
+MODULE_ALIAS_CRYPTO("cbcmac");
diff --git a/crypto/cfb.c b/crypto/cfb.c
index 20987d0..7b68fbb 100644
--- a/crypto/cfb.c
+++ b/crypto/cfb.c
@@ -25,28 +25,17 @@
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
-#include <linux/slab.h>
#include <linux/string.h>
-#include <linux/types.h>
-
-struct crypto_cfb_ctx {
- struct crypto_cipher *child;
-};
static unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm)
{
- struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
-
- return crypto_cipher_blocksize(child);
+ return crypto_cipher_blocksize(skcipher_cipher_simple(tfm));
}
static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm,
const u8 *src, u8 *dst)
{
- struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- crypto_cipher_encrypt_one(ctx->child, dst, src);
+ crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src);
}
/* final encrypt and decrypt is the same */
@@ -77,12 +66,14 @@
do {
crypto_cfb_encrypt_one(tfm, iv, dst);
crypto_xor(dst, src, bsize);
- memcpy(iv, dst, bsize);
+ iv = dst;
src += bsize;
dst += bsize;
} while ((nbytes -= bsize) >= bsize);
+ memcpy(walk->iv, iv, bsize);
+
return nbytes;
}
@@ -144,7 +135,7 @@
do {
crypto_cfb_encrypt_one(tfm, iv, dst);
- crypto_xor(dst, iv, bsize);
+ crypto_xor(dst, src, bsize);
iv = src;
src += bsize;
@@ -162,7 +153,7 @@
const unsigned int bsize = crypto_cfb_bsize(tfm);
unsigned int nbytes = walk->nbytes;
u8 *src = walk->src.virt.addr;
- u8 *iv = walk->iv;
+ u8 * const iv = walk->iv;
u8 tmp[MAX_CIPHER_BLOCKSIZE];
do {
@@ -172,8 +163,6 @@
src += bsize;
} while ((nbytes -= bsize) >= bsize);
- memcpy(walk->iv, iv, bsize);
-
return nbytes;
}
@@ -186,22 +175,6 @@
return crypto_cfb_decrypt_segment(walk, tfm);
}
-static int crypto_cfb_setkey(struct crypto_skcipher *parent, const u8 *key,
- unsigned int keylen)
-{
- struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(parent);
- struct crypto_cipher *child = ctx->child;
- int err;
-
- crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_cipher_setkey(child, key, keylen);
- crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
-
static int crypto_cfb_decrypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
@@ -224,110 +197,34 @@
return err;
}
-static int crypto_cfb_init_tfm(struct crypto_skcipher *tfm)
-{
- struct skcipher_instance *inst = skcipher_alg_instance(tfm);
- struct crypto_spawn *spawn = skcipher_instance_ctx(inst);
- struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_spawn_cipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
- return 0;
-}
-
-static void crypto_cfb_exit_tfm(struct crypto_skcipher *tfm)
-{
- struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- crypto_free_cipher(ctx->child);
-}
-
-static void crypto_cfb_free(struct skcipher_instance *inst)
-{
- crypto_drop_skcipher(skcipher_instance_ctx(inst));
- kfree(inst);
-}
-
static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb)
{
struct skcipher_instance *inst;
- struct crypto_attr_type *algt;
- struct crypto_spawn *spawn;
struct crypto_alg *alg;
- u32 mask;
int err;
- err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER);
- if (err)
- return err;
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
+ if (IS_ERR(inst))
+ return PTR_ERR(inst);
- inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
- if (!inst)
- return -ENOMEM;
-
- algt = crypto_get_attr_type(tb);
- err = PTR_ERR(algt);
- if (IS_ERR(algt))
- goto err_free_inst;
-
- mask = CRYPTO_ALG_TYPE_MASK |
- crypto_requires_off(algt->type, algt->mask,
- CRYPTO_ALG_NEED_FALLBACK);
-
- alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask);
- err = PTR_ERR(alg);
- if (IS_ERR(alg))
- goto err_free_inst;
-
- spawn = skcipher_instance_ctx(inst);
- err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst),
- CRYPTO_ALG_TYPE_MASK);
- if (err)
- goto err_put_alg;
-
- err = crypto_inst_setname(skcipher_crypto_instance(inst), "cfb", alg);
- if (err)
- goto err_drop_spawn;
-
- inst->alg.base.cra_priority = alg->cra_priority;
- /* we're a stream cipher independend of the crypto cra_blocksize */
+ /* CFB mode is a stream cipher. */
inst->alg.base.cra_blocksize = 1;
- inst->alg.base.cra_alignmask = alg->cra_alignmask;
- inst->alg.ivsize = alg->cra_blocksize;
- inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize;
- inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize;
+ /*
+ * To simplify the implementation, configure the skcipher walk to only
+ * give a partial block at the very end, never earlier.
+ */
+ inst->alg.chunksize = alg->cra_blocksize;
- inst->alg.base.cra_ctxsize = sizeof(struct crypto_cfb_ctx);
-
- inst->alg.init = crypto_cfb_init_tfm;
- inst->alg.exit = crypto_cfb_exit_tfm;
-
- inst->alg.setkey = crypto_cfb_setkey;
inst->alg.encrypt = crypto_cfb_encrypt;
inst->alg.decrypt = crypto_cfb_decrypt;
- inst->free = crypto_cfb_free;
-
err = skcipher_register_instance(tmpl, inst);
if (err)
- goto err_drop_spawn;
- crypto_mod_put(alg);
+ inst->free(inst);
-out:
+ crypto_mod_put(alg);
return err;
-
-err_drop_spawn:
- crypto_drop_spawn(spawn);
-err_put_alg:
- crypto_mod_put(alg);
-err_free_inst:
- kfree(inst);
- goto out;
}
static struct crypto_template crypto_cfb_tmpl = {
@@ -346,9 +243,9 @@
crypto_unregister_template(&crypto_cfb_tmpl);
}
-module_init(crypto_cfb_module_init);
+subsys_initcall(crypto_cfb_module_init);
module_exit(crypto_cfb_module_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("CFB block cipher algorithm");
+MODULE_DESCRIPTION("CFB block cipher mode of operation");
MODULE_ALIAS_CRYPTO("cfb");
diff --git a/crypto/chacha20_generic.c b/crypto/chacha20_generic.c
deleted file mode 100644
index e451c3c..0000000
--- a/crypto/chacha20_generic.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * ChaCha20 256-bit cipher algorithm, RFC7539
- *
- * Copyright (C) 2015 Martin Willi
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- */
-
-#include <asm/unaligned.h>
-#include <crypto/algapi.h>
-#include <crypto/chacha20.h>
-#include <crypto/internal/skcipher.h>
-#include <linux/module.h>
-
-static void chacha20_docrypt(u32 *state, u8 *dst, const u8 *src,
- unsigned int bytes)
-{
- u32 stream[CHACHA20_BLOCK_WORDS];
-
- if (dst != src)
- memcpy(dst, src, bytes);
-
- while (bytes >= CHACHA20_BLOCK_SIZE) {
- chacha20_block(state, stream);
- crypto_xor(dst, (const u8 *)stream, CHACHA20_BLOCK_SIZE);
- bytes -= CHACHA20_BLOCK_SIZE;
- dst += CHACHA20_BLOCK_SIZE;
- }
- if (bytes) {
- chacha20_block(state, stream);
- crypto_xor(dst, (const u8 *)stream, bytes);
- }
-}
-
-void crypto_chacha20_init(u32 *state, struct chacha20_ctx *ctx, u8 *iv)
-{
- state[0] = 0x61707865; /* "expa" */
- state[1] = 0x3320646e; /* "nd 3" */
- state[2] = 0x79622d32; /* "2-by" */
- state[3] = 0x6b206574; /* "te k" */
- state[4] = ctx->key[0];
- state[5] = ctx->key[1];
- state[6] = ctx->key[2];
- state[7] = ctx->key[3];
- state[8] = ctx->key[4];
- state[9] = ctx->key[5];
- state[10] = ctx->key[6];
- state[11] = ctx->key[7];
- state[12] = get_unaligned_le32(iv + 0);
- state[13] = get_unaligned_le32(iv + 4);
- state[14] = get_unaligned_le32(iv + 8);
- state[15] = get_unaligned_le32(iv + 12);
-}
-EXPORT_SYMBOL_GPL(crypto_chacha20_init);
-
-int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
- unsigned int keysize)
-{
- struct chacha20_ctx *ctx = crypto_skcipher_ctx(tfm);
- int i;
-
- if (keysize != CHACHA20_KEY_SIZE)
- return -EINVAL;
-
- for (i = 0; i < ARRAY_SIZE(ctx->key); i++)
- ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
-
- return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_chacha20_setkey);
-
-int crypto_chacha20_crypt(struct skcipher_request *req)
-{
- struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct chacha20_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct skcipher_walk walk;
- u32 state[16];
- int err;
-
- err = skcipher_walk_virt(&walk, req, true);
-
- crypto_chacha20_init(state, ctx, walk.iv);
-
- while (walk.nbytes > 0) {
- unsigned int nbytes = walk.nbytes;
-
- if (nbytes < walk.total)
- nbytes = round_down(nbytes, walk.stride);
-
- chacha20_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,
- nbytes);
- err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
- }
-
- return err;
-}
-EXPORT_SYMBOL_GPL(crypto_chacha20_crypt);
-
-static struct skcipher_alg alg = {
- .base.cra_name = "chacha20",
- .base.cra_driver_name = "chacha20-generic",
- .base.cra_priority = 100,
- .base.cra_blocksize = 1,
- .base.cra_ctxsize = sizeof(struct chacha20_ctx),
- .base.cra_module = THIS_MODULE,
-
- .min_keysize = CHACHA20_KEY_SIZE,
- .max_keysize = CHACHA20_KEY_SIZE,
- .ivsize = CHACHA20_IV_SIZE,
- .chunksize = CHACHA20_BLOCK_SIZE,
- .setkey = crypto_chacha20_setkey,
- .encrypt = crypto_chacha20_crypt,
- .decrypt = crypto_chacha20_crypt,
-};
-
-static int __init chacha20_generic_mod_init(void)
-{
- return crypto_register_skcipher(&alg);
-}
-
-static void __exit chacha20_generic_mod_fini(void)
-{
- crypto_unregister_skcipher(&alg);
-}
-
-module_init(chacha20_generic_mod_init);
-module_exit(chacha20_generic_mod_fini);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
-MODULE_DESCRIPTION("chacha20 cipher algorithm");
-MODULE_ALIAS_CRYPTO("chacha20");
-MODULE_ALIAS_CRYPTO("chacha20-generic");
diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c
index 600afa9..74e824e 100644
--- a/crypto/chacha20poly1305.c
+++ b/crypto/chacha20poly1305.c
@@ -1,19 +1,15 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* ChaCha20-Poly1305 AEAD, RFC7539
*
* Copyright (C) 2015 Martin Willi
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
*/
#include <crypto/internal/aead.h>
#include <crypto/internal/hash.h>
#include <crypto/internal/skcipher.h>
#include <crypto/scatterwalk.h>
-#include <crypto/chacha20.h>
+#include <crypto/chacha.h>
#include <crypto/poly1305.h>
#include <linux/err.h>
#include <linux/init.h>
@@ -22,8 +18,6 @@
#include "internal.h"
-#define CHACHAPOLY_IV_SIZE 12
-
struct chachapoly_instance_ctx {
struct crypto_skcipher_spawn chacha;
struct crypto_ahash_spawn poly;
@@ -51,7 +45,7 @@
};
struct chacha_req {
- u8 iv[CHACHA20_IV_SIZE];
+ u8 iv[CHACHA_IV_SIZE];
struct scatterlist src[1];
struct skcipher_request req; /* must be last member */
};
@@ -67,6 +61,8 @@
unsigned int cryptlen;
/* Actual AD, excluding IV */
unsigned int assoclen;
+ /* request flags, with MAY_SLEEP cleared if needed */
+ u32 flags;
union {
struct poly_req poly;
struct chacha_req chacha;
@@ -76,8 +72,12 @@
static inline void async_done_continue(struct aead_request *req, int err,
int (*cont)(struct aead_request *))
{
- if (!err)
+ if (!err) {
+ struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
+
+ rctx->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
err = cont(req);
+ }
if (err != -EINPROGRESS && err != -EBUSY)
aead_request_complete(req, err);
@@ -91,7 +91,7 @@
memcpy(iv, &leicb, sizeof(leicb));
memcpy(iv + sizeof(leicb), ctx->salt, ctx->saltlen);
memcpy(iv + sizeof(leicb) + ctx->saltlen, req->iv,
- CHACHA20_IV_SIZE - sizeof(leicb) - ctx->saltlen);
+ CHACHA_IV_SIZE - sizeof(leicb) - ctx->saltlen);
}
static int poly_verify_tag(struct aead_request *req)
@@ -135,16 +135,12 @@
chacha_iv(creq->iv, req, 1);
- sg_init_table(rctx->src, 2);
src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
dst = src;
-
- if (req->src != req->dst) {
- sg_init_table(rctx->dst, 2);
+ if (req->src != req->dst)
dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
- }
- skcipher_request_set_callback(&creq->req, aead_request_flags(req),
+ skcipher_request_set_callback(&creq->req, rctx->flags,
chacha_decrypt_done, req);
skcipher_request_set_tfm(&creq->req, ctx->chacha);
skcipher_request_set_crypt(&creq->req, src, dst,
@@ -178,17 +174,13 @@
struct chachapoly_ctx *ctx = crypto_aead_ctx(tfm);
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
struct poly_req *preq = &rctx->u.poly;
- __le64 len;
int err;
- sg_init_table(preq->src, 1);
- len = cpu_to_le64(rctx->assoclen);
- memcpy(&preq->tail.assoclen, &len, sizeof(len));
- len = cpu_to_le64(rctx->cryptlen);
- memcpy(&preq->tail.cryptlen, &len, sizeof(len));
- sg_set_buf(preq->src, &preq->tail, sizeof(preq->tail));
+ preq->tail.assoclen = cpu_to_le64(rctx->assoclen);
+ preq->tail.cryptlen = cpu_to_le64(rctx->cryptlen);
+ sg_init_one(preq->src, &preq->tail, sizeof(preq->tail));
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_tail_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
ahash_request_set_crypt(&preq->req, preq->src,
@@ -211,15 +203,14 @@
struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
struct poly_req *preq = &rctx->u.poly;
- unsigned int padlen, bs = POLY1305_BLOCK_SIZE;
+ unsigned int padlen;
int err;
- padlen = (bs - (rctx->cryptlen % bs)) % bs;
+ padlen = -rctx->cryptlen % POLY1305_BLOCK_SIZE;
memset(preq->pad, 0, sizeof(preq->pad));
- sg_init_table(preq->src, 1);
- sg_set_buf(preq->src, &preq->pad, padlen);
+ sg_init_one(preq->src, preq->pad, padlen);
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_cipherpad_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
ahash_request_set_crypt(&preq->req, preq->src, NULL, padlen);
@@ -247,10 +238,9 @@
if (rctx->cryptlen == req->cryptlen) /* encrypting */
crypt = req->dst;
- sg_init_table(rctx->src, 2);
crypt = scatterwalk_ffwd(rctx->src, crypt, req->assoclen);
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_cipher_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
ahash_request_set_crypt(&preq->req, crypt, NULL, rctx->cryptlen);
@@ -272,15 +262,14 @@
struct chachapoly_ctx *ctx = crypto_aead_ctx(crypto_aead_reqtfm(req));
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
struct poly_req *preq = &rctx->u.poly;
- unsigned int padlen, bs = POLY1305_BLOCK_SIZE;
+ unsigned int padlen;
int err;
- padlen = (bs - (rctx->assoclen % bs)) % bs;
+ padlen = -rctx->assoclen % POLY1305_BLOCK_SIZE;
memset(preq->pad, 0, sizeof(preq->pad));
- sg_init_table(preq->src, 1);
- sg_set_buf(preq->src, preq->pad, padlen);
+ sg_init_one(preq->src, preq->pad, padlen);
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_adpad_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
ahash_request_set_crypt(&preq->req, preq->src, NULL, padlen);
@@ -304,7 +293,7 @@
struct poly_req *preq = &rctx->u.poly;
int err;
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_ad_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
ahash_request_set_crypt(&preq->req, req->src, NULL, rctx->assoclen);
@@ -328,10 +317,9 @@
struct poly_req *preq = &rctx->u.poly;
int err;
- sg_init_table(preq->src, 1);
- sg_set_buf(preq->src, rctx->key, sizeof(rctx->key));
+ sg_init_one(preq->src, rctx->key, sizeof(rctx->key));
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_setkey_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
ahash_request_set_crypt(&preq->req, preq->src, NULL, sizeof(rctx->key));
@@ -355,7 +343,7 @@
struct poly_req *preq = &rctx->u.poly;
int err;
- ahash_request_set_callback(&preq->req, aead_request_flags(req),
+ ahash_request_set_callback(&preq->req, rctx->flags,
poly_init_done, req);
ahash_request_set_tfm(&preq->req, ctx->poly);
@@ -387,13 +375,12 @@
rctx->assoclen -= 8;
}
- sg_init_table(creq->src, 1);
memset(rctx->key, 0, sizeof(rctx->key));
- sg_set_buf(creq->src, rctx->key, sizeof(rctx->key));
+ sg_init_one(creq->src, rctx->key, sizeof(rctx->key));
chacha_iv(creq->iv, req, 0);
- skcipher_request_set_callback(&creq->req, aead_request_flags(req),
+ skcipher_request_set_callback(&creq->req, rctx->flags,
poly_genkey_done, req);
skcipher_request_set_tfm(&creq->req, ctx->chacha);
skcipher_request_set_crypt(&creq->req, creq->src, creq->src,
@@ -424,16 +411,12 @@
chacha_iv(creq->iv, req, 1);
- sg_init_table(rctx->src, 2);
src = scatterwalk_ffwd(rctx->src, req->src, req->assoclen);
dst = src;
-
- if (req->src != req->dst) {
- sg_init_table(rctx->dst, 2);
+ if (req->src != req->dst)
dst = scatterwalk_ffwd(rctx->dst, req->dst, req->assoclen);
- }
- skcipher_request_set_callback(&creq->req, aead_request_flags(req),
+ skcipher_request_set_callback(&creq->req, rctx->flags,
chacha_encrypt_done, req);
skcipher_request_set_tfm(&creq->req, ctx->chacha);
skcipher_request_set_crypt(&creq->req, src, dst,
@@ -451,6 +434,7 @@
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
rctx->cryptlen = req->cryptlen;
+ rctx->flags = aead_request_flags(req);
/* encrypt call chain:
* - chacha_encrypt/done()
@@ -472,6 +456,7 @@
struct chachapoly_req_ctx *rctx = aead_request_ctx(req);
rctx->cryptlen = req->cryptlen - POLY1305_DIGEST_SIZE;
+ rctx->flags = aead_request_flags(req);
/* decrypt call chain:
* - poly_genkey/done()
@@ -494,7 +479,7 @@
struct chachapoly_ctx *ctx = crypto_aead_ctx(aead);
int err;
- if (keylen != ctx->saltlen + CHACHA20_KEY_SIZE)
+ if (keylen != ctx->saltlen + CHACHA_KEY_SIZE)
return -EINVAL;
keylen -= ctx->saltlen;
@@ -639,7 +624,7 @@
err = -EINVAL;
/* Need 16-byte IV size, including Initial Block Counter value */
- if (crypto_skcipher_alg_ivsize(chacha) != CHACHA20_IV_SIZE)
+ if (crypto_skcipher_alg_ivsize(chacha) != CHACHA_IV_SIZE)
goto out_drop_chacha;
/* Not a stream cipher? */
if (chacha->base.cra_blocksize != 1)
@@ -647,8 +632,8 @@
err = -ENAMETOOLONG;
if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
- "%s(%s,%s)", name, chacha_name,
- poly_name) >= CRYPTO_MAX_ALG_NAME)
+ "%s(%s,%s)", name, chacha->base.cra_name,
+ poly->cra_name) >= CRYPTO_MAX_ALG_NAME)
goto out_drop_chacha;
if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
"%s(%s,%s)", name, chacha->base.cra_driver_name,
@@ -703,40 +688,31 @@
return chachapoly_create(tmpl, tb, "rfc7539esp", 8);
}
-static struct crypto_template rfc7539_tmpl = {
- .name = "rfc7539",
- .create = rfc7539_create,
- .module = THIS_MODULE,
-};
-
-static struct crypto_template rfc7539esp_tmpl = {
- .name = "rfc7539esp",
- .create = rfc7539esp_create,
- .module = THIS_MODULE,
+static struct crypto_template rfc7539_tmpls[] = {
+ {
+ .name = "rfc7539",
+ .create = rfc7539_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "rfc7539esp",
+ .create = rfc7539esp_create,
+ .module = THIS_MODULE,
+ },
};
static int __init chacha20poly1305_module_init(void)
{
- int err;
-
- err = crypto_register_template(&rfc7539_tmpl);
- if (err)
- return err;
-
- err = crypto_register_template(&rfc7539esp_tmpl);
- if (err)
- crypto_unregister_template(&rfc7539_tmpl);
-
- return err;
+ return crypto_register_templates(rfc7539_tmpls,
+ ARRAY_SIZE(rfc7539_tmpls));
}
static void __exit chacha20poly1305_module_exit(void)
{
- crypto_unregister_template(&rfc7539esp_tmpl);
- crypto_unregister_template(&rfc7539_tmpl);
+ crypto_unregister_templates(rfc7539_tmpls,
+ ARRAY_SIZE(rfc7539_tmpls));
}
-module_init(chacha20poly1305_module_init);
+subsys_initcall(chacha20poly1305_module_init);
module_exit(chacha20poly1305_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/chacha_generic.c b/crypto/chacha_generic.c
new file mode 100644
index 0000000..085d8d2
--- /dev/null
+++ b/crypto/chacha_generic.c
@@ -0,0 +1,211 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * ChaCha and XChaCha stream ciphers, including ChaCha20 (RFC7539)
+ *
+ * Copyright (C) 2015 Martin Willi
+ * Copyright (C) 2018 Google LLC
+ */
+
+#include <asm/unaligned.h>
+#include <crypto/algapi.h>
+#include <crypto/chacha.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/module.h>
+
+static void chacha_docrypt(u32 *state, u8 *dst, const u8 *src,
+ unsigned int bytes, int nrounds)
+{
+ /* aligned to potentially speed up crypto_xor() */
+ u8 stream[CHACHA_BLOCK_SIZE] __aligned(sizeof(long));
+
+ while (bytes >= CHACHA_BLOCK_SIZE) {
+ chacha_block(state, stream, nrounds);
+ crypto_xor_cpy(dst, src, stream, CHACHA_BLOCK_SIZE);
+ bytes -= CHACHA_BLOCK_SIZE;
+ dst += CHACHA_BLOCK_SIZE;
+ src += CHACHA_BLOCK_SIZE;
+ }
+ if (bytes) {
+ chacha_block(state, stream, nrounds);
+ crypto_xor_cpy(dst, src, stream, bytes);
+ }
+}
+
+static int chacha_stream_xor(struct skcipher_request *req,
+ const struct chacha_ctx *ctx, const u8 *iv)
+{
+ struct skcipher_walk walk;
+ u32 state[16];
+ int err;
+
+ err = skcipher_walk_virt(&walk, req, false);
+
+ crypto_chacha_init(state, ctx, iv);
+
+ while (walk.nbytes > 0) {
+ unsigned int nbytes = walk.nbytes;
+
+ if (nbytes < walk.total)
+ nbytes = round_down(nbytes, CHACHA_BLOCK_SIZE);
+
+ chacha_docrypt(state, walk.dst.virt.addr, walk.src.virt.addr,
+ nbytes, ctx->nrounds);
+ err = skcipher_walk_done(&walk, walk.nbytes - nbytes);
+ }
+
+ return err;
+}
+
+void crypto_chacha_init(u32 *state, const struct chacha_ctx *ctx, const u8 *iv)
+{
+ state[0] = 0x61707865; /* "expa" */
+ state[1] = 0x3320646e; /* "nd 3" */
+ state[2] = 0x79622d32; /* "2-by" */
+ state[3] = 0x6b206574; /* "te k" */
+ state[4] = ctx->key[0];
+ state[5] = ctx->key[1];
+ state[6] = ctx->key[2];
+ state[7] = ctx->key[3];
+ state[8] = ctx->key[4];
+ state[9] = ctx->key[5];
+ state[10] = ctx->key[6];
+ state[11] = ctx->key[7];
+ state[12] = get_unaligned_le32(iv + 0);
+ state[13] = get_unaligned_le32(iv + 4);
+ state[14] = get_unaligned_le32(iv + 8);
+ state[15] = get_unaligned_le32(iv + 12);
+}
+EXPORT_SYMBOL_GPL(crypto_chacha_init);
+
+static int chacha_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize, int nrounds)
+{
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+ int i;
+
+ if (keysize != CHACHA_KEY_SIZE)
+ return -EINVAL;
+
+ for (i = 0; i < ARRAY_SIZE(ctx->key); i++)
+ ctx->key[i] = get_unaligned_le32(key + i * sizeof(u32));
+
+ ctx->nrounds = nrounds;
+ return 0;
+}
+
+int crypto_chacha20_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize)
+{
+ return chacha_setkey(tfm, key, keysize, 20);
+}
+EXPORT_SYMBOL_GPL(crypto_chacha20_setkey);
+
+int crypto_chacha12_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keysize)
+{
+ return chacha_setkey(tfm, key, keysize, 12);
+}
+EXPORT_SYMBOL_GPL(crypto_chacha12_setkey);
+
+int crypto_chacha_crypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+
+ return chacha_stream_xor(req, ctx, req->iv);
+}
+EXPORT_SYMBOL_GPL(crypto_chacha_crypt);
+
+int crypto_xchacha_crypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct chacha_ctx *ctx = crypto_skcipher_ctx(tfm);
+ struct chacha_ctx subctx;
+ u32 state[16];
+ u8 real_iv[16];
+
+ /* Compute the subkey given the original key and first 128 nonce bits */
+ crypto_chacha_init(state, ctx, req->iv);
+ hchacha_block(state, subctx.key, ctx->nrounds);
+ subctx.nrounds = ctx->nrounds;
+
+ /* Build the real IV */
+ memcpy(&real_iv[0], req->iv + 24, 8); /* stream position */
+ memcpy(&real_iv[8], req->iv + 16, 8); /* remaining 64 nonce bits */
+
+ /* Generate the stream and XOR it with the data */
+ return chacha_stream_xor(req, &subctx, real_iv);
+}
+EXPORT_SYMBOL_GPL(crypto_xchacha_crypt);
+
+static struct skcipher_alg algs[] = {
+ {
+ .base.cra_name = "chacha20",
+ .base.cra_driver_name = "chacha20-generic",
+ .base.cra_priority = 100,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = CHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = crypto_chacha20_setkey,
+ .encrypt = crypto_chacha_crypt,
+ .decrypt = crypto_chacha_crypt,
+ }, {
+ .base.cra_name = "xchacha20",
+ .base.cra_driver_name = "xchacha20-generic",
+ .base.cra_priority = 100,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = crypto_chacha20_setkey,
+ .encrypt = crypto_xchacha_crypt,
+ .decrypt = crypto_xchacha_crypt,
+ }, {
+ .base.cra_name = "xchacha12",
+ .base.cra_driver_name = "xchacha12-generic",
+ .base.cra_priority = 100,
+ .base.cra_blocksize = 1,
+ .base.cra_ctxsize = sizeof(struct chacha_ctx),
+ .base.cra_module = THIS_MODULE,
+
+ .min_keysize = CHACHA_KEY_SIZE,
+ .max_keysize = CHACHA_KEY_SIZE,
+ .ivsize = XCHACHA_IV_SIZE,
+ .chunksize = CHACHA_BLOCK_SIZE,
+ .setkey = crypto_chacha12_setkey,
+ .encrypt = crypto_xchacha_crypt,
+ .decrypt = crypto_xchacha_crypt,
+ }
+};
+
+static int __init chacha_generic_mod_init(void)
+{
+ return crypto_register_skciphers(algs, ARRAY_SIZE(algs));
+}
+
+static void __exit chacha_generic_mod_fini(void)
+{
+ crypto_unregister_skciphers(algs, ARRAY_SIZE(algs));
+}
+
+subsys_initcall(chacha_generic_mod_init);
+module_exit(chacha_generic_mod_fini);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Martin Willi <martin@strongswan.org>");
+MODULE_DESCRIPTION("ChaCha and XChaCha stream ciphers (generic)");
+MODULE_ALIAS_CRYPTO("chacha20");
+MODULE_ALIAS_CRYPTO("chacha20-generic");
+MODULE_ALIAS_CRYPTO("xchacha20");
+MODULE_ALIAS_CRYPTO("xchacha20-generic");
+MODULE_ALIAS_CRYPTO("xchacha12");
+MODULE_ALIAS_CRYPTO("xchacha12-generic");
diff --git a/crypto/cipher.c b/crypto/cipher.c
index 57836c3..1084270 100644
--- a/crypto/cipher.c
+++ b/crypto/cipher.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -5,12 +6,6 @@
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* Copyright (c) 2005 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/algapi.h>
diff --git a/crypto/cmac.c b/crypto/cmac.c
index 16301f5..0928aeb 100644
--- a/crypto/cmac.c
+++ b/crypto/cmac.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* CMAC: Cipher Block Mode for Authentication
*
@@ -8,12 +9,6 @@
* Based on crypto/xcbc.c:
* Copyright © 2006 USAGI/WIDE Project,
* Author: Kazunori Miyazawa <miyazawa@linux-ipv6.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <crypto/internal/hash.h>
@@ -313,7 +308,7 @@
crypto_unregister_template(&crypto_cmac_tmpl);
}
-module_init(crypto_cmac_module_init);
+subsys_initcall(crypto_cmac_module_init);
module_exit(crypto_cmac_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/compress.c b/crypto/compress.c
index f2d5229..e9edf85 100644
--- a/crypto/compress.c
+++ b/crypto/compress.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
* Compression operations.
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/types.h>
#include <linux/crypto.h>
diff --git a/crypto/crc32_generic.c b/crypto/crc32_generic.c
index 00facd2..9e97912 100644
--- a/crypto/crc32_generic.c
+++ b/crypto/crc32_generic.c
@@ -146,7 +146,7 @@
crypto_unregister_shash(&alg);
}
-module_init(crc32_mod_init);
+subsys_initcall(crc32_mod_init);
module_exit(crc32_mod_fini);
MODULE_AUTHOR("Alexander Boyko <alexander_boyko@xyratex.com>");
diff --git a/crypto/crc32c_generic.c b/crypto/crc32c_generic.c
index 7283066..7b25fe8 100644
--- a/crypto/crc32c_generic.c
+++ b/crypto/crc32c_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -27,12 +28,6 @@
*
* Copyright (c) 2004 Cisco Systems, Inc.
* Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <asm/unaligned.h>
@@ -165,7 +160,7 @@
crypto_unregister_shash(&alg);
}
-module_init(crc32c_mod_init);
+subsys_initcall(crc32c_mod_init);
module_exit(crc32c_mod_fini);
MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
diff --git a/crypto/crct10dif_generic.c b/crypto/crct10dif_generic.c
index 8e94e29..d90c007 100644
--- a/crypto/crct10dif_generic.c
+++ b/crypto/crct10dif_generic.c
@@ -65,10 +65,9 @@
return 0;
}
-static int __chksum_finup(__u16 *crcp, const u8 *data, unsigned int len,
- u8 *out)
+static int __chksum_finup(__u16 crc, const u8 *data, unsigned int len, u8 *out)
{
- *(__u16 *)out = crc_t10dif_generic(*crcp, data, len);
+ *(__u16 *)out = crc_t10dif_generic(crc, data, len);
return 0;
}
@@ -77,15 +76,13 @@
{
struct chksum_desc_ctx *ctx = shash_desc_ctx(desc);
- return __chksum_finup(&ctx->crc, data, len, out);
+ return __chksum_finup(ctx->crc, data, len, out);
}
static int chksum_digest(struct shash_desc *desc, const u8 *data,
unsigned int length, u8 *out)
{
- struct chksum_desc_ctx *ctx = shash_desc_ctx(desc);
-
- return __chksum_finup(&ctx->crc, data, length, out);
+ return __chksum_finup(0, data, length, out);
}
static struct shash_alg alg = {
@@ -115,7 +112,7 @@
crypto_unregister_shash(&alg);
}
-module_init(crct10dif_mod_init);
+subsys_initcall(crct10dif_mod_init);
module_exit(crct10dif_mod_fini);
MODULE_AUTHOR("Tim Chen <tim.c.chen@linux.intel.com>");
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index addca7b..927760b 100644
--- a/crypto/cryptd.c
+++ b/crypto/cryptd.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Software async crypto daemon.
*
@@ -9,20 +10,13 @@
* Gabriele Paoloni <gabriele.paoloni@intel.com>
* Aidan O'Mahony (aidan.o.mahony@intel.com)
* Copyright (c) 2010, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <crypto/internal/aead.h>
#include <crypto/internal/skcipher.h>
#include <crypto/cryptd.h>
-#include <crypto/crypto_wq.h>
-#include <linux/atomic.h>
+#include <linux/refcount.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
@@ -31,11 +25,14 @@
#include <linux/scatterlist.h>
#include <linux/sched.h>
#include <linux/slab.h>
+#include <linux/workqueue.h>
static unsigned int cryptd_max_cpu_qlen = 1000;
module_param(cryptd_max_cpu_qlen, uint, 0);
MODULE_PARM_DESC(cryptd_max_cpu_qlen, "Set cryptd Max queue depth");
+static struct workqueue_struct *cryptd_wq;
+
struct cryptd_cpu_queue {
struct crypto_queue queue;
struct work_struct work;
@@ -65,18 +62,9 @@
struct cryptd_queue *queue;
};
-struct cryptd_blkcipher_ctx {
- atomic_t refcnt;
- struct crypto_blkcipher *child;
-};
-
-struct cryptd_blkcipher_request_ctx {
- crypto_completion_t complete;
-};
-
struct cryptd_skcipher_ctx {
- atomic_t refcnt;
- struct crypto_skcipher *child;
+ refcount_t refcnt;
+ struct crypto_sync_skcipher *child;
};
struct cryptd_skcipher_request_ctx {
@@ -84,7 +72,7 @@
};
struct cryptd_hash_ctx {
- atomic_t refcnt;
+ refcount_t refcnt;
struct crypto_shash *child;
};
@@ -94,7 +82,7 @@
};
struct cryptd_aead_ctx {
- atomic_t refcnt;
+ refcount_t refcnt;
struct crypto_aead *child;
};
@@ -139,7 +127,7 @@
{
int cpu, err;
struct cryptd_cpu_queue *cpu_queue;
- atomic_t *refcnt;
+ refcount_t *refcnt;
cpu = get_cpu();
cpu_queue = this_cpu_ptr(queue->cpu_queue);
@@ -150,12 +138,12 @@
if (err == -ENOSPC)
goto out_put_cpu;
- queue_work_on(cpu, kcrypto_wq, &cpu_queue->work);
+ queue_work_on(cpu, cryptd_wq, &cpu_queue->work);
- if (!atomic_read(refcnt))
+ if (!refcount_read(refcnt))
goto out_put_cpu;
- atomic_inc(refcnt);
+ refcount_inc(refcnt);
out_put_cpu:
put_cpu();
@@ -193,7 +181,7 @@
req->complete(req, 0);
if (cpu_queue->queue.qlen)
- queue_work(kcrypto_wq, &cpu_queue->work);
+ queue_work(cryptd_wq, &cpu_queue->work);
}
static inline struct cryptd_queue *cryptd_get_queue(struct crypto_tfm *tfm)
@@ -216,129 +204,6 @@
*mask |= algt->mask & CRYPTO_ALG_INTERNAL;
}
-static int cryptd_blkcipher_setkey(struct crypto_ablkcipher *parent,
- const u8 *key, unsigned int keylen)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_ablkcipher_ctx(parent);
- struct crypto_blkcipher *child = ctx->child;
- int err;
-
- crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_blkcipher_set_flags(child, crypto_ablkcipher_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_blkcipher_setkey(child, key, keylen);
- crypto_ablkcipher_set_flags(parent, crypto_blkcipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
-
-static void cryptd_blkcipher_crypt(struct ablkcipher_request *req,
- struct crypto_blkcipher *child,
- int err,
- int (*crypt)(struct blkcipher_desc *desc,
- struct scatterlist *dst,
- struct scatterlist *src,
- unsigned int len))
-{
- struct cryptd_blkcipher_request_ctx *rctx;
- struct cryptd_blkcipher_ctx *ctx;
- struct crypto_ablkcipher *tfm;
- struct blkcipher_desc desc;
- int refcnt;
-
- rctx = ablkcipher_request_ctx(req);
-
- if (unlikely(err == -EINPROGRESS))
- goto out;
-
- desc.tfm = child;
- desc.info = req->info;
- desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP;
-
- err = crypt(&desc, req->dst, req->src, req->nbytes);
-
- req->base.complete = rctx->complete;
-
-out:
- tfm = crypto_ablkcipher_reqtfm(req);
- ctx = crypto_ablkcipher_ctx(tfm);
- refcnt = atomic_read(&ctx->refcnt);
-
- local_bh_disable();
- rctx->complete(&req->base, err);
- local_bh_enable();
-
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
- crypto_free_ablkcipher(tfm);
-}
-
-static void cryptd_blkcipher_encrypt(struct crypto_async_request *req, int err)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_tfm_ctx(req->tfm);
- struct crypto_blkcipher *child = ctx->child;
-
- cryptd_blkcipher_crypt(ablkcipher_request_cast(req), child, err,
- crypto_blkcipher_crt(child)->encrypt);
-}
-
-static void cryptd_blkcipher_decrypt(struct crypto_async_request *req, int err)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_tfm_ctx(req->tfm);
- struct crypto_blkcipher *child = ctx->child;
-
- cryptd_blkcipher_crypt(ablkcipher_request_cast(req), child, err,
- crypto_blkcipher_crt(child)->decrypt);
-}
-
-static int cryptd_blkcipher_enqueue(struct ablkcipher_request *req,
- crypto_completion_t compl)
-{
- struct cryptd_blkcipher_request_ctx *rctx = ablkcipher_request_ctx(req);
- struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req);
- struct cryptd_queue *queue;
-
- queue = cryptd_get_queue(crypto_ablkcipher_tfm(tfm));
- rctx->complete = req->base.complete;
- req->base.complete = compl;
-
- return cryptd_enqueue_request(queue, &req->base);
-}
-
-static int cryptd_blkcipher_encrypt_enqueue(struct ablkcipher_request *req)
-{
- return cryptd_blkcipher_enqueue(req, cryptd_blkcipher_encrypt);
-}
-
-static int cryptd_blkcipher_decrypt_enqueue(struct ablkcipher_request *req)
-{
- return cryptd_blkcipher_enqueue(req, cryptd_blkcipher_decrypt);
-}
-
-static int cryptd_blkcipher_init_tfm(struct crypto_tfm *tfm)
-{
- struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
- struct cryptd_instance_ctx *ictx = crypto_instance_ctx(inst);
- struct crypto_spawn *spawn = &ictx->spawn;
- struct cryptd_blkcipher_ctx *ctx = crypto_tfm_ctx(tfm);
- struct crypto_blkcipher *cipher;
-
- cipher = crypto_spawn_blkcipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
- tfm->crt_ablkcipher.reqsize =
- sizeof(struct cryptd_blkcipher_request_ctx);
- return 0;
-}
-
-static void cryptd_blkcipher_exit_tfm(struct crypto_tfm *tfm)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_tfm_ctx(tfm);
-
- crypto_free_blkcipher(ctx->child);
-}
-
static int cryptd_init_instance(struct crypto_instance *inst,
struct crypto_alg *alg)
{
@@ -382,81 +247,20 @@
goto out;
}
-static int cryptd_create_blkcipher(struct crypto_template *tmpl,
- struct rtattr **tb,
- struct cryptd_queue *queue)
-{
- struct cryptd_instance_ctx *ctx;
- struct crypto_instance *inst;
- struct crypto_alg *alg;
- u32 type = CRYPTO_ALG_TYPE_BLKCIPHER;
- u32 mask = CRYPTO_ALG_TYPE_MASK;
- int err;
-
- cryptd_check_internal(tb, &type, &mask);
-
- alg = crypto_get_attr_alg(tb, type, mask);
- if (IS_ERR(alg))
- return PTR_ERR(alg);
-
- inst = cryptd_alloc_instance(alg, 0, sizeof(*ctx));
- err = PTR_ERR(inst);
- if (IS_ERR(inst))
- goto out_put_alg;
-
- ctx = crypto_instance_ctx(inst);
- ctx->queue = queue;
-
- err = crypto_init_spawn(&ctx->spawn, alg, inst,
- CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
- if (err)
- goto out_free_inst;
-
- type = CRYPTO_ALG_TYPE_ABLKCIPHER | CRYPTO_ALG_ASYNC;
- if (alg->cra_flags & CRYPTO_ALG_INTERNAL)
- type |= CRYPTO_ALG_INTERNAL;
- inst->alg.cra_flags = type;
- inst->alg.cra_type = &crypto_ablkcipher_type;
-
- inst->alg.cra_ablkcipher.ivsize = alg->cra_blkcipher.ivsize;
- inst->alg.cra_ablkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
- inst->alg.cra_ablkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
-
- inst->alg.cra_ablkcipher.geniv = alg->cra_blkcipher.geniv;
-
- inst->alg.cra_ctxsize = sizeof(struct cryptd_blkcipher_ctx);
-
- inst->alg.cra_init = cryptd_blkcipher_init_tfm;
- inst->alg.cra_exit = cryptd_blkcipher_exit_tfm;
-
- inst->alg.cra_ablkcipher.setkey = cryptd_blkcipher_setkey;
- inst->alg.cra_ablkcipher.encrypt = cryptd_blkcipher_encrypt_enqueue;
- inst->alg.cra_ablkcipher.decrypt = cryptd_blkcipher_decrypt_enqueue;
-
- err = crypto_register_instance(tmpl, inst);
- if (err) {
- crypto_drop_spawn(&ctx->spawn);
-out_free_inst:
- kfree(inst);
- }
-
-out_put_alg:
- crypto_mod_put(alg);
- return err;
-}
-
static int cryptd_skcipher_setkey(struct crypto_skcipher *parent,
const u8 *key, unsigned int keylen)
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(parent);
- struct crypto_skcipher *child = ctx->child;
+ struct crypto_sync_skcipher *child = ctx->child;
int err;
- crypto_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_skcipher_set_flags(child, crypto_skcipher_get_flags(parent) &
+ crypto_sync_skcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+ crypto_sync_skcipher_set_flags(child,
+ crypto_skcipher_get_flags(parent) &
CRYPTO_TFM_REQ_MASK);
- err = crypto_skcipher_setkey(child, key, keylen);
- crypto_skcipher_set_flags(parent, crypto_skcipher_get_flags(child) &
+ err = crypto_sync_skcipher_setkey(child, key, keylen);
+ crypto_skcipher_set_flags(parent,
+ crypto_sync_skcipher_get_flags(child) &
CRYPTO_TFM_RES_MASK);
return err;
}
@@ -466,13 +270,13 @@
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
- int refcnt = atomic_read(&ctx->refcnt);
+ int refcnt = refcount_read(&ctx->refcnt);
local_bh_disable();
rctx->complete(&req->base, err);
local_bh_enable();
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
+ if (err != -EINPROGRESS && refcnt && refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(tfm);
}
@@ -483,13 +287,13 @@
struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_skcipher *child = ctx->child;
- SKCIPHER_REQUEST_ON_STACK(subreq, child);
+ struct crypto_sync_skcipher *child = ctx->child;
+ SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, child);
if (unlikely(err == -EINPROGRESS))
goto out;
- skcipher_request_set_tfm(subreq, child);
+ skcipher_request_set_sync_tfm(subreq, child);
skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL);
skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
@@ -511,13 +315,13 @@
struct cryptd_skcipher_request_ctx *rctx = skcipher_request_ctx(req);
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_skcipher *child = ctx->child;
- SKCIPHER_REQUEST_ON_STACK(subreq, child);
+ struct crypto_sync_skcipher *child = ctx->child;
+ SYNC_SKCIPHER_REQUEST_ON_STACK(subreq, child);
if (unlikely(err == -EINPROGRESS))
goto out;
- skcipher_request_set_tfm(subreq, child);
+ skcipher_request_set_sync_tfm(subreq, child);
skcipher_request_set_callback(subreq, CRYPTO_TFM_REQ_MAY_SLEEP,
NULL, NULL);
skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
@@ -568,7 +372,7 @@
if (IS_ERR(cipher))
return PTR_ERR(cipher);
- ctx->child = cipher;
+ ctx->child = (struct crypto_sync_skcipher *)cipher;
crypto_skcipher_set_reqsize(
tfm, sizeof(struct cryptd_skcipher_request_ctx));
return 0;
@@ -578,7 +382,7 @@
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(tfm);
- crypto_free_skcipher(ctx->child);
+ crypto_free_sync_skcipher(ctx->child);
}
static void cryptd_skcipher_free(struct skcipher_instance *inst)
@@ -586,6 +390,7 @@
struct skcipherd_instance_ctx *ctx = skcipher_instance_ctx(inst);
crypto_drop_skcipher(&ctx->spawn);
+ kfree(inst);
}
static int cryptd_create_skcipher(struct crypto_template *tmpl,
@@ -716,13 +521,13 @@
struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(tfm);
struct cryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
- int refcnt = atomic_read(&ctx->refcnt);
+ int refcnt = refcount_read(&ctx->refcnt);
local_bh_disable();
rctx->complete(&req->base, err);
local_bh_enable();
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
+ if (err != -EINPROGRESS && refcnt && refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(tfm);
}
@@ -738,7 +543,6 @@
goto out;
desc->tfm = child;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
err = crypto_shash_init(desc);
@@ -830,7 +634,6 @@
goto out;
desc->tfm = child;
- desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP;
err = shash_ahash_digest(req, desc);
@@ -859,7 +662,6 @@
struct shash_desc *desc = cryptd_shash_desc(req);
desc->tfm = ctx->child;
- desc->flags = req->base.flags;
return crypto_shash_import(desc, in);
}
@@ -970,13 +772,13 @@
out:
ctx = crypto_aead_ctx(tfm);
- refcnt = atomic_read(&ctx->refcnt);
+ refcnt = refcount_read(&ctx->refcnt);
local_bh_disable();
compl(&req->base, err);
local_bh_enable();
- if (err != -EINPROGRESS && refcnt && atomic_dec_and_test(&ctx->refcnt))
+ if (err != -EINPROGRESS && refcnt && refcount_dec_and_test(&ctx->refcnt))
crypto_free_aead(tfm);
}
@@ -1118,12 +920,8 @@
switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) {
case CRYPTO_ALG_TYPE_BLKCIPHER:
- if ((algt->type & CRYPTO_ALG_TYPE_MASK) ==
- CRYPTO_ALG_TYPE_BLKCIPHER)
- return cryptd_create_blkcipher(tmpl, tb, &queue);
-
return cryptd_create_skcipher(tmpl, tb, &queue);
- case CRYPTO_ALG_TYPE_DIGEST:
+ case CRYPTO_ALG_TYPE_HASH:
return cryptd_create_hash(tmpl, tb, &queue);
case CRYPTO_ALG_TYPE_AEAD:
return cryptd_create_aead(tmpl, tb, &queue);
@@ -1160,58 +958,6 @@
.module = THIS_MODULE,
};
-struct cryptd_ablkcipher *cryptd_alloc_ablkcipher(const char *alg_name,
- u32 type, u32 mask)
-{
- char cryptd_alg_name[CRYPTO_MAX_ALG_NAME];
- struct cryptd_blkcipher_ctx *ctx;
- struct crypto_tfm *tfm;
-
- if (snprintf(cryptd_alg_name, CRYPTO_MAX_ALG_NAME,
- "cryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
- return ERR_PTR(-EINVAL);
- type = crypto_skcipher_type(type);
- mask &= ~CRYPTO_ALG_TYPE_MASK;
- mask |= (CRYPTO_ALG_GENIV | CRYPTO_ALG_TYPE_BLKCIPHER_MASK);
- tfm = crypto_alloc_base(cryptd_alg_name, type, mask);
- if (IS_ERR(tfm))
- return ERR_CAST(tfm);
- if (tfm->__crt_alg->cra_module != THIS_MODULE) {
- crypto_free_tfm(tfm);
- return ERR_PTR(-EINVAL);
- }
-
- ctx = crypto_tfm_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
-
- return __cryptd_ablkcipher_cast(__crypto_ablkcipher_cast(tfm));
-}
-EXPORT_SYMBOL_GPL(cryptd_alloc_ablkcipher);
-
-struct crypto_blkcipher *cryptd_ablkcipher_child(struct cryptd_ablkcipher *tfm)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_ablkcipher_ctx(&tfm->base);
- return ctx->child;
-}
-EXPORT_SYMBOL_GPL(cryptd_ablkcipher_child);
-
-bool cryptd_ablkcipher_queued(struct cryptd_ablkcipher *tfm)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_ablkcipher_ctx(&tfm->base);
-
- return atomic_read(&ctx->refcnt) - 1;
-}
-EXPORT_SYMBOL_GPL(cryptd_ablkcipher_queued);
-
-void cryptd_free_ablkcipher(struct cryptd_ablkcipher *tfm)
-{
- struct cryptd_blkcipher_ctx *ctx = crypto_ablkcipher_ctx(&tfm->base);
-
- if (atomic_dec_and_test(&ctx->refcnt))
- crypto_free_ablkcipher(&tfm->base);
-}
-EXPORT_SYMBOL_GPL(cryptd_free_ablkcipher);
-
struct cryptd_skcipher *cryptd_alloc_skcipher(const char *alg_name,
u32 type, u32 mask)
{
@@ -1233,7 +979,7 @@
}
ctx = crypto_skcipher_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
+ refcount_set(&ctx->refcnt, 1);
return container_of(tfm, struct cryptd_skcipher, base);
}
@@ -1243,7 +989,7 @@
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
- return ctx->child;
+ return &ctx->child->base;
}
EXPORT_SYMBOL_GPL(cryptd_skcipher_child);
@@ -1251,7 +997,7 @@
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
- return atomic_read(&ctx->refcnt) - 1;
+ return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_skcipher_queued);
@@ -1259,7 +1005,7 @@
{
struct cryptd_skcipher_ctx *ctx = crypto_skcipher_ctx(&tfm->base);
- if (atomic_dec_and_test(&ctx->refcnt))
+ if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_skcipher(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_skcipher);
@@ -1283,7 +1029,7 @@
}
ctx = crypto_ahash_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
+ refcount_set(&ctx->refcnt, 1);
return __cryptd_ahash_cast(tfm);
}
@@ -1308,7 +1054,7 @@
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
- return atomic_read(&ctx->refcnt) - 1;
+ return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_ahash_queued);
@@ -1316,7 +1062,7 @@
{
struct cryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
- if (atomic_dec_and_test(&ctx->refcnt))
+ if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_ahash(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_ahash);
@@ -1340,7 +1086,7 @@
}
ctx = crypto_aead_ctx(tfm);
- atomic_set(&ctx->refcnt, 1);
+ refcount_set(&ctx->refcnt, 1);
return __cryptd_aead_cast(tfm);
}
@@ -1358,7 +1104,7 @@
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
- return atomic_read(&ctx->refcnt) - 1;
+ return refcount_read(&ctx->refcnt) - 1;
}
EXPORT_SYMBOL_GPL(cryptd_aead_queued);
@@ -1366,7 +1112,7 @@
{
struct cryptd_aead_ctx *ctx = crypto_aead_ctx(&tfm->base);
- if (atomic_dec_and_test(&ctx->refcnt))
+ if (refcount_dec_and_test(&ctx->refcnt))
crypto_free_aead(&tfm->base);
}
EXPORT_SYMBOL_GPL(cryptd_free_aead);
@@ -1375,19 +1121,31 @@
{
int err;
+ cryptd_wq = alloc_workqueue("cryptd", WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE,
+ 1);
+ if (!cryptd_wq)
+ return -ENOMEM;
+
err = cryptd_init_queue(&queue, cryptd_max_cpu_qlen);
if (err)
- return err;
+ goto err_destroy_wq;
err = crypto_register_template(&cryptd_tmpl);
if (err)
- cryptd_fini_queue(&queue);
+ goto err_fini_queue;
+ return 0;
+
+err_fini_queue:
+ cryptd_fini_queue(&queue);
+err_destroy_wq:
+ destroy_workqueue(cryptd_wq);
return err;
}
static void __exit cryptd_exit(void)
{
+ destroy_workqueue(cryptd_wq);
cryptd_fini_queue(&queue);
crypto_unregister_template(&cryptd_tmpl);
}
diff --git a/crypto/crypto_engine.c b/crypto/crypto_engine.c
index 992e8d8..055d179 100644
--- a/crypto/crypto_engine.c
+++ b/crypto/crypto_engine.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Handle async block request by crypto hardware engine.
*
* Copyright (C) 2016 Linaro, Inc.
*
* Author: Baolin Wang <baolin.wang@linaro.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/err.h>
@@ -430,7 +425,7 @@
*/
struct crypto_engine *crypto_engine_alloc_init(struct device *dev, bool rt)
{
- struct sched_param param = { .sched_priority = MAX_RT_PRIO - 1 };
+ struct sched_param param = { .sched_priority = MAX_RT_PRIO / 2 };
struct crypto_engine *engine;
if (!dev)
diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c
index 0959b26..5b84b0f 100644
--- a/crypto/crypto_null.c
+++ b/crypto/crypto_null.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -9,12 +10,6 @@
* The null cipher is compliant with RFC2410.
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <crypto/null.h>
@@ -26,7 +21,7 @@
#include <linux/string.h>
static DEFINE_MUTEX(crypto_default_null_skcipher_lock);
-static struct crypto_skcipher *crypto_default_null_skcipher;
+static struct crypto_sync_skcipher *crypto_default_null_skcipher;
static int crypto_default_null_skcipher_refcnt;
static int null_compress(struct crypto_tfm *tfm, const u8 *src,
@@ -65,6 +60,10 @@
unsigned int keylen)
{ return 0; }
+static int null_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keylen)
+{ return 0; }
+
static int null_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{ return 0; }
@@ -74,21 +73,18 @@
memcpy(dst, src, NULL_BLOCK_SIZE);
}
-static int skcipher_null_crypt(struct blkcipher_desc *desc,
- struct scatterlist *dst,
- struct scatterlist *src, unsigned int nbytes)
+static int null_skcipher_crypt(struct skcipher_request *req)
{
- struct blkcipher_walk walk;
+ struct skcipher_walk walk;
int err;
- blkcipher_walk_init(&walk, dst, src, nbytes);
- err = blkcipher_walk_virt(desc, &walk);
+ err = skcipher_walk_virt(&walk, req, false);
while (walk.nbytes) {
if (walk.src.virt.addr != walk.dst.virt.addr)
memcpy(walk.dst.virt.addr, walk.src.virt.addr,
walk.nbytes);
- err = blkcipher_walk_done(desc, &walk, 0);
+ err = skcipher_walk_done(&walk, 0);
}
return err;
@@ -104,13 +100,30 @@
.final = null_final,
.base = {
.cra_name = "digest_null",
+ .cra_driver_name = "digest_null-generic",
.cra_blocksize = NULL_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
};
-static struct crypto_alg null_algs[3] = { {
+static struct skcipher_alg skcipher_null = {
+ .base.cra_name = "ecb(cipher_null)",
+ .base.cra_driver_name = "ecb-cipher_null",
+ .base.cra_priority = 100,
+ .base.cra_blocksize = NULL_BLOCK_SIZE,
+ .base.cra_ctxsize = 0,
+ .base.cra_module = THIS_MODULE,
+ .min_keysize = NULL_KEY_SIZE,
+ .max_keysize = NULL_KEY_SIZE,
+ .ivsize = NULL_IV_SIZE,
+ .setkey = null_skcipher_setkey,
+ .encrypt = null_skcipher_crypt,
+ .decrypt = null_skcipher_crypt,
+};
+
+static struct crypto_alg null_algs[] = { {
.cra_name = "cipher_null",
+ .cra_driver_name = "cipher_null-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = NULL_BLOCK_SIZE,
.cra_ctxsize = 0,
@@ -122,23 +135,8 @@
.cia_encrypt = null_crypt,
.cia_decrypt = null_crypt } }
}, {
- .cra_name = "ecb(cipher_null)",
- .cra_driver_name = "ecb-cipher_null",
- .cra_priority = 100,
- .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER,
- .cra_blocksize = NULL_BLOCK_SIZE,
- .cra_type = &crypto_blkcipher_type,
- .cra_ctxsize = 0,
- .cra_module = THIS_MODULE,
- .cra_u = { .blkcipher = {
- .min_keysize = NULL_KEY_SIZE,
- .max_keysize = NULL_KEY_SIZE,
- .ivsize = NULL_IV_SIZE,
- .setkey = null_setkey,
- .encrypt = skcipher_null_crypt,
- .decrypt = skcipher_null_crypt } }
-}, {
.cra_name = "compress_null",
+ .cra_driver_name = "compress_null-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_blocksize = NULL_BLOCK_SIZE,
.cra_ctxsize = 0,
@@ -152,16 +150,15 @@
MODULE_ALIAS_CRYPTO("digest_null");
MODULE_ALIAS_CRYPTO("cipher_null");
-struct crypto_skcipher *crypto_get_default_null_skcipher(void)
+struct crypto_sync_skcipher *crypto_get_default_null_skcipher(void)
{
- struct crypto_skcipher *tfm;
+ struct crypto_sync_skcipher *tfm;
mutex_lock(&crypto_default_null_skcipher_lock);
tfm = crypto_default_null_skcipher;
if (!tfm) {
- tfm = crypto_alloc_skcipher("ecb(cipher_null)",
- 0, CRYPTO_ALG_ASYNC);
+ tfm = crypto_alloc_sync_skcipher("ecb(cipher_null)", 0, 0);
if (IS_ERR(tfm))
goto unlock;
@@ -181,7 +178,7 @@
{
mutex_lock(&crypto_default_null_skcipher_lock);
if (!--crypto_default_null_skcipher_refcnt) {
- crypto_free_skcipher(crypto_default_null_skcipher);
+ crypto_free_sync_skcipher(crypto_default_null_skcipher);
crypto_default_null_skcipher = NULL;
}
mutex_unlock(&crypto_default_null_skcipher_lock);
@@ -200,8 +197,14 @@
if (ret < 0)
goto out_unregister_algs;
+ ret = crypto_register_skcipher(&skcipher_null);
+ if (ret < 0)
+ goto out_unregister_shash;
+
return 0;
+out_unregister_shash:
+ crypto_unregister_shash(&digest_null);
out_unregister_algs:
crypto_unregister_algs(null_algs, ARRAY_SIZE(null_algs));
out:
@@ -210,11 +213,12 @@
static void __exit crypto_null_mod_fini(void)
{
- crypto_unregister_shash(&digest_null);
crypto_unregister_algs(null_algs, ARRAY_SIZE(null_algs));
+ crypto_unregister_shash(&digest_null);
+ crypto_unregister_skcipher(&skcipher_null);
}
-module_init(crypto_null_mod_init);
+subsys_initcall(crypto_null_mod_init);
module_exit(crypto_null_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/crypto_user.c b/crypto/crypto_user_base.c
similarity index 73%
rename from crypto/crypto_user.c
rename to crypto/crypto_user_base.c
index ceeb2ea..910e0b4 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user_base.c
@@ -1,34 +1,24 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Crypto user configuration API.
*
* Copyright (C) 2011 secunet Security Networks AG
* Copyright (C) 2011 Steffen Klassert <steffen.klassert@secunet.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <linux/module.h>
#include <linux/crypto.h>
#include <linux/cryptouser.h>
#include <linux/sched.h>
-#include <net/netlink.h>
#include <linux/security.h>
+#include <net/netlink.h>
#include <net/net_namespace.h>
+#include <net/sock.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/rng.h>
#include <crypto/akcipher.h>
#include <crypto/kpp.h>
+#include <crypto/internal/cryptouser.h>
#include "internal.h"
@@ -36,9 +26,6 @@
static DEFINE_MUTEX(crypto_cfg_mutex);
-/* The crypto netlink socket */
-static struct sock *crypto_nlsk;
-
struct crypto_dump_info {
struct sk_buff *in_skb;
struct sk_buff *out_skb;
@@ -46,7 +33,7 @@
u16 nlmsg_flags;
};
-static struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact)
+struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact)
{
struct crypto_alg *q, *alg = NULL;
@@ -55,6 +42,9 @@
list_for_each_entry(q, &crypto_alg_list, cra_list) {
int match = 0;
+ if (crypto_is_larval(q))
+ continue;
+
if ((q->cra_flags ^ p->cru_type) & p->cru_mask)
continue;
@@ -83,87 +73,38 @@
{
struct crypto_report_cipher rcipher;
- strncpy(rcipher.type, "cipher", sizeof(rcipher.type));
+ memset(&rcipher, 0, sizeof(rcipher));
+
+ strscpy(rcipher.type, "cipher", sizeof(rcipher.type));
rcipher.blocksize = alg->cra_blocksize;
rcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
rcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_CIPHER,
- sizeof(struct crypto_report_cipher), &rcipher))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_CIPHER,
+ sizeof(rcipher), &rcipher);
}
static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
{
struct crypto_report_comp rcomp;
- strncpy(rcomp.type, "compression", sizeof(rcomp.type));
- if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
- sizeof(struct crypto_report_comp), &rcomp))
- goto nla_put_failure;
- return 0;
+ memset(&rcomp, 0, sizeof(rcomp));
-nla_put_failure:
- return -EMSGSIZE;
-}
+ strscpy(rcomp.type, "compression", sizeof(rcomp.type));
-static int crypto_report_acomp(struct sk_buff *skb, struct crypto_alg *alg)
-{
- struct crypto_report_acomp racomp;
-
- strncpy(racomp.type, "acomp", sizeof(racomp.type));
-
- if (nla_put(skb, CRYPTOCFGA_REPORT_ACOMP,
- sizeof(struct crypto_report_acomp), &racomp))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
-}
-
-static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
-{
- struct crypto_report_akcipher rakcipher;
-
- strncpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
-
- if (nla_put(skb, CRYPTOCFGA_REPORT_AKCIPHER,
- sizeof(struct crypto_report_akcipher), &rakcipher))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
-}
-
-static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg)
-{
- struct crypto_report_kpp rkpp;
-
- strncpy(rkpp.type, "kpp", sizeof(rkpp.type));
-
- if (nla_put(skb, CRYPTOCFGA_REPORT_KPP,
- sizeof(struct crypto_report_kpp), &rkpp))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, sizeof(rcomp), &rcomp);
}
static int crypto_report_one(struct crypto_alg *alg,
struct crypto_user_alg *ualg, struct sk_buff *skb)
{
- strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
- strncpy(ualg->cru_driver_name, alg->cra_driver_name,
+ memset(ualg, 0, sizeof(*ualg));
+
+ strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
+ strscpy(ualg->cru_driver_name, alg->cra_driver_name,
sizeof(ualg->cru_driver_name));
- strncpy(ualg->cru_module_name, module_name(alg->cra_module),
+ strscpy(ualg->cru_module_name, module_name(alg->cra_module),
sizeof(ualg->cru_module_name));
ualg->cru_type = 0;
@@ -176,9 +117,9 @@
if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
struct crypto_report_larval rl;
- strncpy(rl.type, "larval", sizeof(rl.type));
- if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL,
- sizeof(struct crypto_report_larval), &rl))
+ memset(&rl, 0, sizeof(rl));
+ strscpy(rl.type, "larval", sizeof(rl.type));
+ if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, sizeof(rl), &rl))
goto nla_put_failure;
goto out;
}
@@ -201,20 +142,6 @@
goto nla_put_failure;
break;
- case CRYPTO_ALG_TYPE_ACOMPRESS:
- if (crypto_report_acomp(skb, alg))
- goto nla_put_failure;
-
- break;
- case CRYPTO_ALG_TYPE_AKCIPHER:
- if (crypto_report_akcipher(skb, alg))
- goto nla_put_failure;
-
- break;
- case CRYPTO_ALG_TYPE_KPP:
- if (crypto_report_kpp(skb, alg))
- goto nla_put_failure;
- break;
}
out:
@@ -257,6 +184,7 @@
static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
struct nlattr **attrs)
{
+ struct net *net = sock_net(in_skb->sk);
struct crypto_user_alg *p = nlmsg_data(in_nlh);
struct crypto_alg *alg;
struct sk_buff *skb;
@@ -288,35 +216,38 @@
if (err)
return err;
- return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
+ return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
}
static int crypto_dump_report(struct sk_buff *skb, struct netlink_callback *cb)
{
- struct crypto_alg *alg;
+ const size_t start_pos = cb->args[0];
+ size_t pos = 0;
struct crypto_dump_info info;
- int err;
-
- if (cb->args[0])
- goto out;
-
- cb->args[0] = 1;
+ struct crypto_alg *alg;
+ int res;
info.in_skb = cb->skb;
info.out_skb = skb;
info.nlmsg_seq = cb->nlh->nlmsg_seq;
info.nlmsg_flags = NLM_F_MULTI;
+ down_read(&crypto_alg_sem);
list_for_each_entry(alg, &crypto_alg_list, cra_list) {
- err = crypto_report_alg(alg, &info);
- if (err)
- goto out_err;
+ if (pos >= start_pos) {
+ res = crypto_report_alg(alg, &info);
+ if (res == -EMSGSIZE)
+ break;
+ if (res)
+ goto out;
+ }
+ pos++;
}
-
+ cb->args[0] = pos;
+ res = skb->len;
out:
- return skb->len;
-out_err:
- return err;
+ up_read(&crypto_alg_sem);
+ return res;
}
static int crypto_dump_report_done(struct netlink_callback *cb)
@@ -461,6 +392,7 @@
[CRYPTO_MSG_UPDATEALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
[CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
[CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = 0,
+ [CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = MSGSIZE(crypto_user_alg),
};
static const struct nla_policy crypto_policy[CRYPTOCFGA_MAX+1] = {
@@ -481,11 +413,13 @@
.dump = crypto_dump_report,
.done = crypto_dump_report_done},
[CRYPTO_MSG_DELRNG - CRYPTO_MSG_BASE] = { .doit = crypto_del_rng },
+ [CRYPTO_MSG_GETSTAT - CRYPTO_MSG_BASE] = { .doit = crypto_reportstat},
};
static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
+ struct net *net = sock_net(skb->sk);
struct nlattr *attrs[CRYPTOCFGA_MAX+1];
const struct crypto_link *link;
int type, err;
@@ -500,7 +434,7 @@
if ((type == (CRYPTO_MSG_GETALG - CRYPTO_MSG_BASE) &&
(nlh->nlmsg_flags & NLM_F_DUMP))) {
struct crypto_alg *alg;
- u16 dump_alloc = 0;
+ unsigned long dump_alloc = 0;
if (link->dump == NULL)
return -EINVAL;
@@ -508,22 +442,22 @@
down_read(&crypto_alg_sem);
list_for_each_entry(alg, &crypto_alg_list, cra_list)
dump_alloc += CRYPTO_REPORT_MAXSIZE;
+ up_read(&crypto_alg_sem);
{
struct netlink_dump_control c = {
.dump = link->dump,
.done = link->done,
- .min_dump_alloc = dump_alloc,
+ .min_dump_alloc = min(dump_alloc, 65535UL),
};
- err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
+ err = netlink_dump_start(net->crypto_nlsk, skb, nlh, &c);
}
- up_read(&crypto_alg_sem);
return err;
}
- err = nlmsg_parse(nlh, crypto_msg_min[type], attrs, CRYPTOCFGA_MAX,
- crypto_policy, extack);
+ err = nlmsg_parse_deprecated(nlh, crypto_msg_min[type], attrs,
+ CRYPTOCFGA_MAX, crypto_policy, extack);
if (err < 0)
return err;
@@ -540,22 +474,35 @@
mutex_unlock(&crypto_cfg_mutex);
}
-static int __init crypto_user_init(void)
+static int __net_init crypto_netlink_init(struct net *net)
{
struct netlink_kernel_cfg cfg = {
.input = crypto_netlink_rcv,
};
- crypto_nlsk = netlink_kernel_create(&init_net, NETLINK_CRYPTO, &cfg);
- if (!crypto_nlsk)
- return -ENOMEM;
+ net->crypto_nlsk = netlink_kernel_create(net, NETLINK_CRYPTO, &cfg);
+ return net->crypto_nlsk == NULL ? -ENOMEM : 0;
+}
- return 0;
+static void __net_exit crypto_netlink_exit(struct net *net)
+{
+ netlink_kernel_release(net->crypto_nlsk);
+ net->crypto_nlsk = NULL;
+}
+
+static struct pernet_operations crypto_netlink_net_ops = {
+ .init = crypto_netlink_init,
+ .exit = crypto_netlink_exit,
+};
+
+static int __init crypto_user_init(void)
+{
+ return register_pernet_subsys(&crypto_netlink_net_ops);
}
static void __exit crypto_user_exit(void)
{
- netlink_kernel_release(crypto_nlsk);
+ unregister_pernet_subsys(&crypto_netlink_net_ops);
}
module_init(crypto_user_init);
diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c
new file mode 100644
index 0000000..8bad884
--- /dev/null
+++ b/crypto/crypto_user_stat.c
@@ -0,0 +1,337 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * Crypto user configuration API.
+ *
+ * Copyright (C) 2017-2018 Corentin Labbe <clabbe@baylibre.com>
+ *
+ */
+
+#include <linux/crypto.h>
+#include <linux/cryptouser.h>
+#include <linux/sched.h>
+#include <net/netlink.h>
+#include <net/sock.h>
+#include <crypto/internal/skcipher.h>
+#include <crypto/internal/rng.h>
+#include <crypto/akcipher.h>
+#include <crypto/kpp.h>
+#include <crypto/internal/cryptouser.h>
+
+#include "internal.h"
+
+#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x))
+
+struct crypto_dump_info {
+ struct sk_buff *in_skb;
+ struct sk_buff *out_skb;
+ u32 nlmsg_seq;
+ u16 nlmsg_flags;
+};
+
+static int crypto_report_aead(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_aead raead;
+
+ memset(&raead, 0, sizeof(raead));
+
+ strscpy(raead.type, "aead", sizeof(raead.type));
+
+ raead.stat_encrypt_cnt = atomic64_read(&alg->stats.aead.encrypt_cnt);
+ raead.stat_encrypt_tlen = atomic64_read(&alg->stats.aead.encrypt_tlen);
+ raead.stat_decrypt_cnt = atomic64_read(&alg->stats.aead.decrypt_cnt);
+ raead.stat_decrypt_tlen = atomic64_read(&alg->stats.aead.decrypt_tlen);
+ raead.stat_err_cnt = atomic64_read(&alg->stats.aead.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_AEAD, sizeof(raead), &raead);
+}
+
+static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_cipher rcipher;
+
+ memset(&rcipher, 0, sizeof(rcipher));
+
+ strscpy(rcipher.type, "cipher", sizeof(rcipher.type));
+
+ rcipher.stat_encrypt_cnt = atomic64_read(&alg->stats.cipher.encrypt_cnt);
+ rcipher.stat_encrypt_tlen = atomic64_read(&alg->stats.cipher.encrypt_tlen);
+ rcipher.stat_decrypt_cnt = atomic64_read(&alg->stats.cipher.decrypt_cnt);
+ rcipher.stat_decrypt_tlen = atomic64_read(&alg->stats.cipher.decrypt_tlen);
+ rcipher.stat_err_cnt = atomic64_read(&alg->stats.cipher.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_CIPHER, sizeof(rcipher), &rcipher);
+}
+
+static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_compress rcomp;
+
+ memset(&rcomp, 0, sizeof(rcomp));
+
+ strscpy(rcomp.type, "compression", sizeof(rcomp.type));
+ rcomp.stat_compress_cnt = atomic64_read(&alg->stats.compress.compress_cnt);
+ rcomp.stat_compress_tlen = atomic64_read(&alg->stats.compress.compress_tlen);
+ rcomp.stat_decompress_cnt = atomic64_read(&alg->stats.compress.decompress_cnt);
+ rcomp.stat_decompress_tlen = atomic64_read(&alg->stats.compress.decompress_tlen);
+ rcomp.stat_err_cnt = atomic64_read(&alg->stats.compress.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_COMPRESS, sizeof(rcomp), &rcomp);
+}
+
+static int crypto_report_acomp(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_compress racomp;
+
+ memset(&racomp, 0, sizeof(racomp));
+
+ strscpy(racomp.type, "acomp", sizeof(racomp.type));
+ racomp.stat_compress_cnt = atomic64_read(&alg->stats.compress.compress_cnt);
+ racomp.stat_compress_tlen = atomic64_read(&alg->stats.compress.compress_tlen);
+ racomp.stat_decompress_cnt = atomic64_read(&alg->stats.compress.decompress_cnt);
+ racomp.stat_decompress_tlen = atomic64_read(&alg->stats.compress.decompress_tlen);
+ racomp.stat_err_cnt = atomic64_read(&alg->stats.compress.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_ACOMP, sizeof(racomp), &racomp);
+}
+
+static int crypto_report_akcipher(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_akcipher rakcipher;
+
+ memset(&rakcipher, 0, sizeof(rakcipher));
+
+ strscpy(rakcipher.type, "akcipher", sizeof(rakcipher.type));
+ rakcipher.stat_encrypt_cnt = atomic64_read(&alg->stats.akcipher.encrypt_cnt);
+ rakcipher.stat_encrypt_tlen = atomic64_read(&alg->stats.akcipher.encrypt_tlen);
+ rakcipher.stat_decrypt_cnt = atomic64_read(&alg->stats.akcipher.decrypt_cnt);
+ rakcipher.stat_decrypt_tlen = atomic64_read(&alg->stats.akcipher.decrypt_tlen);
+ rakcipher.stat_sign_cnt = atomic64_read(&alg->stats.akcipher.sign_cnt);
+ rakcipher.stat_verify_cnt = atomic64_read(&alg->stats.akcipher.verify_cnt);
+ rakcipher.stat_err_cnt = atomic64_read(&alg->stats.akcipher.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_AKCIPHER,
+ sizeof(rakcipher), &rakcipher);
+}
+
+static int crypto_report_kpp(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_kpp rkpp;
+
+ memset(&rkpp, 0, sizeof(rkpp));
+
+ strscpy(rkpp.type, "kpp", sizeof(rkpp.type));
+
+ rkpp.stat_setsecret_cnt = atomic64_read(&alg->stats.kpp.setsecret_cnt);
+ rkpp.stat_generate_public_key_cnt = atomic64_read(&alg->stats.kpp.generate_public_key_cnt);
+ rkpp.stat_compute_shared_secret_cnt = atomic64_read(&alg->stats.kpp.compute_shared_secret_cnt);
+ rkpp.stat_err_cnt = atomic64_read(&alg->stats.kpp.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_KPP, sizeof(rkpp), &rkpp);
+}
+
+static int crypto_report_ahash(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_hash rhash;
+
+ memset(&rhash, 0, sizeof(rhash));
+
+ strscpy(rhash.type, "ahash", sizeof(rhash.type));
+
+ rhash.stat_hash_cnt = atomic64_read(&alg->stats.hash.hash_cnt);
+ rhash.stat_hash_tlen = atomic64_read(&alg->stats.hash.hash_tlen);
+ rhash.stat_err_cnt = atomic64_read(&alg->stats.hash.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_HASH, sizeof(rhash), &rhash);
+}
+
+static int crypto_report_shash(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_hash rhash;
+
+ memset(&rhash, 0, sizeof(rhash));
+
+ strscpy(rhash.type, "shash", sizeof(rhash.type));
+
+ rhash.stat_hash_cnt = atomic64_read(&alg->stats.hash.hash_cnt);
+ rhash.stat_hash_tlen = atomic64_read(&alg->stats.hash.hash_tlen);
+ rhash.stat_err_cnt = atomic64_read(&alg->stats.hash.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_HASH, sizeof(rhash), &rhash);
+}
+
+static int crypto_report_rng(struct sk_buff *skb, struct crypto_alg *alg)
+{
+ struct crypto_stat_rng rrng;
+
+ memset(&rrng, 0, sizeof(rrng));
+
+ strscpy(rrng.type, "rng", sizeof(rrng.type));
+
+ rrng.stat_generate_cnt = atomic64_read(&alg->stats.rng.generate_cnt);
+ rrng.stat_generate_tlen = atomic64_read(&alg->stats.rng.generate_tlen);
+ rrng.stat_seed_cnt = atomic64_read(&alg->stats.rng.seed_cnt);
+ rrng.stat_err_cnt = atomic64_read(&alg->stats.rng.err_cnt);
+
+ return nla_put(skb, CRYPTOCFGA_STAT_RNG, sizeof(rrng), &rrng);
+}
+
+static int crypto_reportstat_one(struct crypto_alg *alg,
+ struct crypto_user_alg *ualg,
+ struct sk_buff *skb)
+{
+ memset(ualg, 0, sizeof(*ualg));
+
+ strscpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name));
+ strscpy(ualg->cru_driver_name, alg->cra_driver_name,
+ sizeof(ualg->cru_driver_name));
+ strscpy(ualg->cru_module_name, module_name(alg->cra_module),
+ sizeof(ualg->cru_module_name));
+
+ ualg->cru_type = 0;
+ ualg->cru_mask = 0;
+ ualg->cru_flags = alg->cra_flags;
+ ualg->cru_refcnt = refcount_read(&alg->cra_refcnt);
+
+ if (nla_put_u32(skb, CRYPTOCFGA_PRIORITY_VAL, alg->cra_priority))
+ goto nla_put_failure;
+ if (alg->cra_flags & CRYPTO_ALG_LARVAL) {
+ struct crypto_stat_larval rl;
+
+ memset(&rl, 0, sizeof(rl));
+ strscpy(rl.type, "larval", sizeof(rl.type));
+ if (nla_put(skb, CRYPTOCFGA_STAT_LARVAL, sizeof(rl), &rl))
+ goto nla_put_failure;
+ goto out;
+ }
+
+ switch (alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL)) {
+ case CRYPTO_ALG_TYPE_AEAD:
+ if (crypto_report_aead(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_SKCIPHER:
+ if (crypto_report_cipher(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_BLKCIPHER:
+ if (crypto_report_cipher(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_CIPHER:
+ if (crypto_report_cipher(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_COMPRESS:
+ if (crypto_report_comp(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_ACOMPRESS:
+ if (crypto_report_acomp(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_SCOMPRESS:
+ if (crypto_report_acomp(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_AKCIPHER:
+ if (crypto_report_akcipher(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_KPP:
+ if (crypto_report_kpp(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_AHASH:
+ if (crypto_report_ahash(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_HASH:
+ if (crypto_report_shash(skb, alg))
+ goto nla_put_failure;
+ break;
+ case CRYPTO_ALG_TYPE_RNG:
+ if (crypto_report_rng(skb, alg))
+ goto nla_put_failure;
+ break;
+ default:
+ pr_err("ERROR: Unhandled alg %d in %s\n",
+ alg->cra_flags & (CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_LARVAL),
+ __func__);
+ }
+
+out:
+ return 0;
+
+nla_put_failure:
+ return -EMSGSIZE;
+}
+
+static int crypto_reportstat_alg(struct crypto_alg *alg,
+ struct crypto_dump_info *info)
+{
+ struct sk_buff *in_skb = info->in_skb;
+ struct sk_buff *skb = info->out_skb;
+ struct nlmsghdr *nlh;
+ struct crypto_user_alg *ualg;
+ int err = 0;
+
+ nlh = nlmsg_put(skb, NETLINK_CB(in_skb).portid, info->nlmsg_seq,
+ CRYPTO_MSG_GETSTAT, sizeof(*ualg), info->nlmsg_flags);
+ if (!nlh) {
+ err = -EMSGSIZE;
+ goto out;
+ }
+
+ ualg = nlmsg_data(nlh);
+
+ err = crypto_reportstat_one(alg, ualg, skb);
+ if (err) {
+ nlmsg_cancel(skb, nlh);
+ goto out;
+ }
+
+ nlmsg_end(skb, nlh);
+
+out:
+ return err;
+}
+
+int crypto_reportstat(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
+ struct nlattr **attrs)
+{
+ struct net *net = sock_net(in_skb->sk);
+ struct crypto_user_alg *p = nlmsg_data(in_nlh);
+ struct crypto_alg *alg;
+ struct sk_buff *skb;
+ struct crypto_dump_info info;
+ int err;
+
+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name))
+ return -EINVAL;
+
+ alg = crypto_alg_match(p, 0);
+ if (!alg)
+ return -ENOENT;
+
+ err = -ENOMEM;
+ skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
+ if (!skb)
+ goto drop_alg;
+
+ info.in_skb = in_skb;
+ info.out_skb = skb;
+ info.nlmsg_seq = in_nlh->nlmsg_seq;
+ info.nlmsg_flags = 0;
+
+ err = crypto_reportstat_alg(alg, &info);
+
+drop_alg:
+ crypto_mod_put(alg);
+
+ if (err)
+ return err;
+
+ return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
+}
+
+MODULE_LICENSE("GPL");
diff --git a/crypto/crypto_wq.c b/crypto/crypto_wq.c
deleted file mode 100644
index 2f1b8d1..0000000
--- a/crypto/crypto_wq.c
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Workqueue for crypto subsystem
- *
- * Copyright (c) 2009 Intel Corp.
- * Author: Huang Ying <ying.huang@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- */
-
-#include <linux/workqueue.h>
-#include <linux/module.h>
-#include <crypto/algapi.h>
-#include <crypto/crypto_wq.h>
-
-struct workqueue_struct *kcrypto_wq;
-EXPORT_SYMBOL_GPL(kcrypto_wq);
-
-static int __init crypto_wq_init(void)
-{
- kcrypto_wq = alloc_workqueue("crypto",
- WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1);
- if (unlikely(!kcrypto_wq))
- return -ENOMEM;
- return 0;
-}
-
-static void __exit crypto_wq_exit(void)
-{
- destroy_workqueue(kcrypto_wq);
-}
-
-subsys_initcall(crypto_wq_init);
-module_exit(crypto_wq_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("Workqueue for crypto subsystem");
diff --git a/crypto/ctr.c b/crypto/ctr.c
index 435b75b..70a3fcc 100644
--- a/crypto/ctr.c
+++ b/crypto/ctr.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* CTR: Counter mode
*
* (C) Copyright IBM Corp. 2007 - Joy Latten <latten@us.ibm.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/algapi.h>
@@ -17,14 +12,8 @@
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
-#include <linux/random.h>
-#include <linux/scatterlist.h>
#include <linux/slab.h>
-struct crypto_ctr_ctx {
- struct crypto_cipher *child;
-};
-
struct crypto_rfc3686_ctx {
struct crypto_skcipher *child;
u8 nonce[CTR_RFC3686_NONCE_SIZE];
@@ -35,24 +24,7 @@
struct skcipher_request subreq CRYPTO_MINALIGN_ATTR;
};
-static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key,
- unsigned int keylen)
-{
- struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent);
- struct crypto_cipher *child = ctx->child;
- int err;
-
- crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_cipher_setkey(child, key, keylen);
- crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
-
- return err;
-}
-
-static void crypto_ctr_crypt_final(struct blkcipher_walk *walk,
+static void crypto_ctr_crypt_final(struct skcipher_walk *walk,
struct crypto_cipher *tfm)
{
unsigned int bsize = crypto_cipher_blocksize(tfm);
@@ -70,7 +42,7 @@
crypto_inc(ctrblk, bsize);
}
-static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk,
+static int crypto_ctr_crypt_segment(struct skcipher_walk *walk,
struct crypto_cipher *tfm)
{
void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
@@ -96,7 +68,7 @@
return nbytes;
}
-static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk,
+static int crypto_ctr_crypt_inplace(struct skcipher_walk *walk,
struct crypto_cipher *tfm)
{
void (*fn)(struct crypto_tfm *, u8 *, const u8 *) =
@@ -123,140 +95,77 @@
return nbytes;
}
-static int crypto_ctr_crypt(struct blkcipher_desc *desc,
- struct scatterlist *dst, struct scatterlist *src,
- unsigned int nbytes)
+static int crypto_ctr_crypt(struct skcipher_request *req)
{
- struct blkcipher_walk walk;
- struct crypto_blkcipher *tfm = desc->tfm;
- struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
- unsigned int bsize = crypto_cipher_blocksize(child);
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
+ const unsigned int bsize = crypto_cipher_blocksize(cipher);
+ struct skcipher_walk walk;
+ unsigned int nbytes;
int err;
- blkcipher_walk_init(&walk, dst, src, nbytes);
- err = blkcipher_walk_virt_block(desc, &walk, bsize);
+ err = skcipher_walk_virt(&walk, req, false);
while (walk.nbytes >= bsize) {
if (walk.src.virt.addr == walk.dst.virt.addr)
- nbytes = crypto_ctr_crypt_inplace(&walk, child);
+ nbytes = crypto_ctr_crypt_inplace(&walk, cipher);
else
- nbytes = crypto_ctr_crypt_segment(&walk, child);
+ nbytes = crypto_ctr_crypt_segment(&walk, cipher);
- err = blkcipher_walk_done(desc, &walk, nbytes);
+ err = skcipher_walk_done(&walk, nbytes);
}
if (walk.nbytes) {
- crypto_ctr_crypt_final(&walk, child);
- err = blkcipher_walk_done(desc, &walk, 0);
+ crypto_ctr_crypt_final(&walk, cipher);
+ err = skcipher_walk_done(&walk, 0);
}
return err;
}
-static int crypto_ctr_init_tfm(struct crypto_tfm *tfm)
+static int crypto_ctr_create(struct crypto_template *tmpl, struct rtattr **tb)
{
- struct crypto_instance *inst = (void *)tfm->__crt_alg;
- struct crypto_spawn *spawn = crypto_instance_ctx(inst);
- struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_spawn_cipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
-
- return 0;
-}
-
-static void crypto_ctr_exit_tfm(struct crypto_tfm *tfm)
-{
- struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm);
-
- crypto_free_cipher(ctx->child);
-}
-
-static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb)
-{
- struct crypto_instance *inst;
- struct crypto_attr_type *algt;
+ struct skcipher_instance *inst;
struct crypto_alg *alg;
- u32 mask;
int err;
- err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
- if (err)
- return ERR_PTR(err);
-
- algt = crypto_get_attr_type(tb);
- if (IS_ERR(algt))
- return ERR_CAST(algt);
-
- mask = CRYPTO_ALG_TYPE_MASK |
- crypto_requires_off(algt->type, algt->mask,
- CRYPTO_ALG_NEED_FALLBACK);
-
- alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER, mask);
- if (IS_ERR(alg))
- return ERR_CAST(alg);
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
+ if (IS_ERR(inst))
+ return PTR_ERR(inst);
/* Block size must be >= 4 bytes. */
err = -EINVAL;
if (alg->cra_blocksize < 4)
- goto out_put_alg;
+ goto out_free_inst;
/* If this is false we'd fail the alignment of crypto_inc. */
if (alg->cra_blocksize % 4)
- goto out_put_alg;
+ goto out_free_inst;
- inst = crypto_alloc_instance("ctr", alg);
- if (IS_ERR(inst))
- goto out;
+ /* CTR mode is a stream cipher. */
+ inst->alg.base.cra_blocksize = 1;
- inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
- inst->alg.cra_priority = alg->cra_priority;
- inst->alg.cra_blocksize = 1;
- inst->alg.cra_alignmask = alg->cra_alignmask;
- inst->alg.cra_type = &crypto_blkcipher_type;
+ /*
+ * To simplify the implementation, configure the skcipher walk to only
+ * give a partial block at the very end, never earlier.
+ */
+ inst->alg.chunksize = alg->cra_blocksize;
- inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
- inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
- inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
+ inst->alg.encrypt = crypto_ctr_crypt;
+ inst->alg.decrypt = crypto_ctr_crypt;
- inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx);
+ err = skcipher_register_instance(tmpl, inst);
+ if (err)
+ goto out_free_inst;
+ goto out_put_alg;
- inst->alg.cra_init = crypto_ctr_init_tfm;
- inst->alg.cra_exit = crypto_ctr_exit_tfm;
-
- inst->alg.cra_blkcipher.setkey = crypto_ctr_setkey;
- inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt;
- inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt;
-
- inst->alg.cra_blkcipher.geniv = "chainiv";
-
-out:
- crypto_mod_put(alg);
- return inst;
-
+out_free_inst:
+ inst->free(inst);
out_put_alg:
- inst = ERR_PTR(err);
- goto out;
+ crypto_mod_put(alg);
+ return err;
}
-static void crypto_ctr_free(struct crypto_instance *inst)
-{
- crypto_drop_spawn(crypto_instance_ctx(inst));
- kfree(inst);
-}
-
-static struct crypto_template crypto_ctr_tmpl = {
- .name = "ctr",
- .alloc = crypto_ctr_alloc,
- .free = crypto_ctr_free,
- .module = THIS_MODULE,
-};
-
static int crypto_rfc3686_setkey(struct crypto_skcipher *parent,
const u8 *key, unsigned int keylen)
{
@@ -446,42 +355,34 @@
goto out;
}
-static struct crypto_template crypto_rfc3686_tmpl = {
- .name = "rfc3686",
- .create = crypto_rfc3686_create,
- .module = THIS_MODULE,
+static struct crypto_template crypto_ctr_tmpls[] = {
+ {
+ .name = "ctr",
+ .create = crypto_ctr_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "rfc3686",
+ .create = crypto_rfc3686_create,
+ .module = THIS_MODULE,
+ },
};
static int __init crypto_ctr_module_init(void)
{
- int err;
-
- err = crypto_register_template(&crypto_ctr_tmpl);
- if (err)
- goto out;
-
- err = crypto_register_template(&crypto_rfc3686_tmpl);
- if (err)
- goto out_drop_ctr;
-
-out:
- return err;
-
-out_drop_ctr:
- crypto_unregister_template(&crypto_ctr_tmpl);
- goto out;
+ return crypto_register_templates(crypto_ctr_tmpls,
+ ARRAY_SIZE(crypto_ctr_tmpls));
}
static void __exit crypto_ctr_module_exit(void)
{
- crypto_unregister_template(&crypto_rfc3686_tmpl);
- crypto_unregister_template(&crypto_ctr_tmpl);
+ crypto_unregister_templates(crypto_ctr_tmpls,
+ ARRAY_SIZE(crypto_ctr_tmpls));
}
-module_init(crypto_ctr_module_init);
+subsys_initcall(crypto_ctr_module_init);
module_exit(crypto_ctr_module_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("CTR Counter block mode");
+MODULE_DESCRIPTION("CTR block cipher mode of operation");
MODULE_ALIAS_CRYPTO("rfc3686");
MODULE_ALIAS_CRYPTO("ctr");
diff --git a/crypto/cts.c b/crypto/cts.c
index 4e28d83..6b6087d 100644
--- a/crypto/cts.c
+++ b/crypto/cts.c
@@ -152,12 +152,14 @@
struct skcipher_request *subreq = &rctx->subreq;
int bsize = crypto_skcipher_blocksize(tfm);
unsigned int nbytes = req->cryptlen;
- int cbc_blocks = (nbytes + bsize - 1) / bsize - 1;
unsigned int offset;
skcipher_request_set_tfm(subreq, ctx->child);
- if (cbc_blocks <= 0) {
+ if (nbytes < bsize)
+ return -EINVAL;
+
+ if (nbytes == bsize) {
skcipher_request_set_callback(subreq, req->base.flags,
req->base.complete,
req->base.data);
@@ -166,7 +168,7 @@
return crypto_skcipher_encrypt(subreq);
}
- offset = cbc_blocks * bsize;
+ offset = rounddown(nbytes - 1, bsize);
rctx->offset = offset;
skcipher_request_set_callback(subreq, req->base.flags,
@@ -244,13 +246,15 @@
struct skcipher_request *subreq = &rctx->subreq;
int bsize = crypto_skcipher_blocksize(tfm);
unsigned int nbytes = req->cryptlen;
- int cbc_blocks = (nbytes + bsize - 1) / bsize - 1;
unsigned int offset;
u8 *space;
skcipher_request_set_tfm(subreq, ctx->child);
- if (cbc_blocks <= 0) {
+ if (nbytes < bsize)
+ return -EINVAL;
+
+ if (nbytes == bsize) {
skcipher_request_set_callback(subreq, req->base.flags,
req->base.complete,
req->base.data);
@@ -264,10 +268,10 @@
space = crypto_cts_reqctx_space(req);
- offset = cbc_blocks * bsize;
+ offset = rounddown(nbytes - 1, bsize);
rctx->offset = offset;
- if (cbc_blocks <= 1)
+ if (offset <= bsize)
memcpy(space, req->iv, bsize);
else
scatterwalk_map_and_copy(space, req->src, offset - 2 * bsize,
@@ -419,7 +423,7 @@
crypto_unregister_template(&crypto_cts_tmpl);
}
-module_init(crypto_cts_module_init);
+subsys_initcall(crypto_cts_module_init);
module_exit(crypto_cts_module_exit);
MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/deflate.c b/crypto/deflate.c
index 94ec3b3..4c0e6c9 100644
--- a/crypto/deflate.c
+++ b/crypto/deflate.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,11 +7,6 @@
*
* Copyright (c) 2003 James Morris <jmorris@intercode.com.au>
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
* FIXME: deflate transforms will require up to a total of about 436k of kernel
* memory on i386 (390k for compression, the rest for decompression), as the
* current zlib kernel code uses a worst case pre-allocation system by default.
@@ -279,6 +275,7 @@
static struct crypto_alg alg = {
.cra_name = "deflate",
+ .cra_driver_name = "deflate-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct deflate_ctx),
.cra_module = THIS_MODULE,
@@ -334,7 +331,7 @@
crypto_unregister_scomps(scomp, ARRAY_SIZE(scomp));
}
-module_init(deflate_mod_init);
+subsys_initcall(deflate_mod_init);
module_exit(deflate_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index a717205..6e13a4a 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
* DES & Triple DES EDE Cipher Algorithms.
*
* Copyright (c) 2005 Dag Arne Osvik <da@osvik.no>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <asm/byteorder.h>
@@ -18,937 +13,79 @@
#include <linux/module.h>
#include <linux/errno.h>
#include <linux/crypto.h>
-#include <linux/types.h>
-#include <crypto/des.h>
-
-#define ROL(x, r) ((x) = rol32((x), (r)))
-#define ROR(x, r) ((x) = ror32((x), (r)))
-
-struct des_ctx {
- u32 expkey[DES_EXPKEY_WORDS];
-};
-
-struct des3_ede_ctx {
- u32 expkey[DES3_EDE_EXPKEY_WORDS];
-};
-
-/* Lookup tables for key expansion */
-
-static const u8 pc1[256] = {
- 0x00, 0x00, 0x40, 0x04, 0x10, 0x10, 0x50, 0x14,
- 0x04, 0x40, 0x44, 0x44, 0x14, 0x50, 0x54, 0x54,
- 0x02, 0x02, 0x42, 0x06, 0x12, 0x12, 0x52, 0x16,
- 0x06, 0x42, 0x46, 0x46, 0x16, 0x52, 0x56, 0x56,
- 0x80, 0x08, 0xc0, 0x0c, 0x90, 0x18, 0xd0, 0x1c,
- 0x84, 0x48, 0xc4, 0x4c, 0x94, 0x58, 0xd4, 0x5c,
- 0x82, 0x0a, 0xc2, 0x0e, 0x92, 0x1a, 0xd2, 0x1e,
- 0x86, 0x4a, 0xc6, 0x4e, 0x96, 0x5a, 0xd6, 0x5e,
- 0x20, 0x20, 0x60, 0x24, 0x30, 0x30, 0x70, 0x34,
- 0x24, 0x60, 0x64, 0x64, 0x34, 0x70, 0x74, 0x74,
- 0x22, 0x22, 0x62, 0x26, 0x32, 0x32, 0x72, 0x36,
- 0x26, 0x62, 0x66, 0x66, 0x36, 0x72, 0x76, 0x76,
- 0xa0, 0x28, 0xe0, 0x2c, 0xb0, 0x38, 0xf0, 0x3c,
- 0xa4, 0x68, 0xe4, 0x6c, 0xb4, 0x78, 0xf4, 0x7c,
- 0xa2, 0x2a, 0xe2, 0x2e, 0xb2, 0x3a, 0xf2, 0x3e,
- 0xa6, 0x6a, 0xe6, 0x6e, 0xb6, 0x7a, 0xf6, 0x7e,
- 0x08, 0x80, 0x48, 0x84, 0x18, 0x90, 0x58, 0x94,
- 0x0c, 0xc0, 0x4c, 0xc4, 0x1c, 0xd0, 0x5c, 0xd4,
- 0x0a, 0x82, 0x4a, 0x86, 0x1a, 0x92, 0x5a, 0x96,
- 0x0e, 0xc2, 0x4e, 0xc6, 0x1e, 0xd2, 0x5e, 0xd6,
- 0x88, 0x88, 0xc8, 0x8c, 0x98, 0x98, 0xd8, 0x9c,
- 0x8c, 0xc8, 0xcc, 0xcc, 0x9c, 0xd8, 0xdc, 0xdc,
- 0x8a, 0x8a, 0xca, 0x8e, 0x9a, 0x9a, 0xda, 0x9e,
- 0x8e, 0xca, 0xce, 0xce, 0x9e, 0xda, 0xde, 0xde,
- 0x28, 0xa0, 0x68, 0xa4, 0x38, 0xb0, 0x78, 0xb4,
- 0x2c, 0xe0, 0x6c, 0xe4, 0x3c, 0xf0, 0x7c, 0xf4,
- 0x2a, 0xa2, 0x6a, 0xa6, 0x3a, 0xb2, 0x7a, 0xb6,
- 0x2e, 0xe2, 0x6e, 0xe6, 0x3e, 0xf2, 0x7e, 0xf6,
- 0xa8, 0xa8, 0xe8, 0xac, 0xb8, 0xb8, 0xf8, 0xbc,
- 0xac, 0xe8, 0xec, 0xec, 0xbc, 0xf8, 0xfc, 0xfc,
- 0xaa, 0xaa, 0xea, 0xae, 0xba, 0xba, 0xfa, 0xbe,
- 0xae, 0xea, 0xee, 0xee, 0xbe, 0xfa, 0xfe, 0xfe
-};
-
-static const u8 rs[256] = {
- 0x00, 0x00, 0x80, 0x80, 0x02, 0x02, 0x82, 0x82,
- 0x04, 0x04, 0x84, 0x84, 0x06, 0x06, 0x86, 0x86,
- 0x08, 0x08, 0x88, 0x88, 0x0a, 0x0a, 0x8a, 0x8a,
- 0x0c, 0x0c, 0x8c, 0x8c, 0x0e, 0x0e, 0x8e, 0x8e,
- 0x10, 0x10, 0x90, 0x90, 0x12, 0x12, 0x92, 0x92,
- 0x14, 0x14, 0x94, 0x94, 0x16, 0x16, 0x96, 0x96,
- 0x18, 0x18, 0x98, 0x98, 0x1a, 0x1a, 0x9a, 0x9a,
- 0x1c, 0x1c, 0x9c, 0x9c, 0x1e, 0x1e, 0x9e, 0x9e,
- 0x20, 0x20, 0xa0, 0xa0, 0x22, 0x22, 0xa2, 0xa2,
- 0x24, 0x24, 0xa4, 0xa4, 0x26, 0x26, 0xa6, 0xa6,
- 0x28, 0x28, 0xa8, 0xa8, 0x2a, 0x2a, 0xaa, 0xaa,
- 0x2c, 0x2c, 0xac, 0xac, 0x2e, 0x2e, 0xae, 0xae,
- 0x30, 0x30, 0xb0, 0xb0, 0x32, 0x32, 0xb2, 0xb2,
- 0x34, 0x34, 0xb4, 0xb4, 0x36, 0x36, 0xb6, 0xb6,
- 0x38, 0x38, 0xb8, 0xb8, 0x3a, 0x3a, 0xba, 0xba,
- 0x3c, 0x3c, 0xbc, 0xbc, 0x3e, 0x3e, 0xbe, 0xbe,
- 0x40, 0x40, 0xc0, 0xc0, 0x42, 0x42, 0xc2, 0xc2,
- 0x44, 0x44, 0xc4, 0xc4, 0x46, 0x46, 0xc6, 0xc6,
- 0x48, 0x48, 0xc8, 0xc8, 0x4a, 0x4a, 0xca, 0xca,
- 0x4c, 0x4c, 0xcc, 0xcc, 0x4e, 0x4e, 0xce, 0xce,
- 0x50, 0x50, 0xd0, 0xd0, 0x52, 0x52, 0xd2, 0xd2,
- 0x54, 0x54, 0xd4, 0xd4, 0x56, 0x56, 0xd6, 0xd6,
- 0x58, 0x58, 0xd8, 0xd8, 0x5a, 0x5a, 0xda, 0xda,
- 0x5c, 0x5c, 0xdc, 0xdc, 0x5e, 0x5e, 0xde, 0xde,
- 0x60, 0x60, 0xe0, 0xe0, 0x62, 0x62, 0xe2, 0xe2,
- 0x64, 0x64, 0xe4, 0xe4, 0x66, 0x66, 0xe6, 0xe6,
- 0x68, 0x68, 0xe8, 0xe8, 0x6a, 0x6a, 0xea, 0xea,
- 0x6c, 0x6c, 0xec, 0xec, 0x6e, 0x6e, 0xee, 0xee,
- 0x70, 0x70, 0xf0, 0xf0, 0x72, 0x72, 0xf2, 0xf2,
- 0x74, 0x74, 0xf4, 0xf4, 0x76, 0x76, 0xf6, 0xf6,
- 0x78, 0x78, 0xf8, 0xf8, 0x7a, 0x7a, 0xfa, 0xfa,
- 0x7c, 0x7c, 0xfc, 0xfc, 0x7e, 0x7e, 0xfe, 0xfe
-};
-
-static const u32 pc2[1024] = {
- 0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00040000, 0x00000000, 0x04000000, 0x00100000,
- 0x00400000, 0x00000008, 0x00000800, 0x40000000,
- 0x00440000, 0x00000008, 0x04000800, 0x40100000,
- 0x00000400, 0x00000020, 0x08000000, 0x00000100,
- 0x00040400, 0x00000020, 0x0c000000, 0x00100100,
- 0x00400400, 0x00000028, 0x08000800, 0x40000100,
- 0x00440400, 0x00000028, 0x0c000800, 0x40100100,
- 0x80000000, 0x00000010, 0x00000000, 0x00800000,
- 0x80040000, 0x00000010, 0x04000000, 0x00900000,
- 0x80400000, 0x00000018, 0x00000800, 0x40800000,
- 0x80440000, 0x00000018, 0x04000800, 0x40900000,
- 0x80000400, 0x00000030, 0x08000000, 0x00800100,
- 0x80040400, 0x00000030, 0x0c000000, 0x00900100,
- 0x80400400, 0x00000038, 0x08000800, 0x40800100,
- 0x80440400, 0x00000038, 0x0c000800, 0x40900100,
- 0x10000000, 0x00000000, 0x00200000, 0x00001000,
- 0x10040000, 0x00000000, 0x04200000, 0x00101000,
- 0x10400000, 0x00000008, 0x00200800, 0x40001000,
- 0x10440000, 0x00000008, 0x04200800, 0x40101000,
- 0x10000400, 0x00000020, 0x08200000, 0x00001100,
- 0x10040400, 0x00000020, 0x0c200000, 0x00101100,
- 0x10400400, 0x00000028, 0x08200800, 0x40001100,
- 0x10440400, 0x00000028, 0x0c200800, 0x40101100,
- 0x90000000, 0x00000010, 0x00200000, 0x00801000,
- 0x90040000, 0x00000010, 0x04200000, 0x00901000,
- 0x90400000, 0x00000018, 0x00200800, 0x40801000,
- 0x90440000, 0x00000018, 0x04200800, 0x40901000,
- 0x90000400, 0x00000030, 0x08200000, 0x00801100,
- 0x90040400, 0x00000030, 0x0c200000, 0x00901100,
- 0x90400400, 0x00000038, 0x08200800, 0x40801100,
- 0x90440400, 0x00000038, 0x0c200800, 0x40901100,
- 0x00000200, 0x00080000, 0x00000000, 0x00000004,
- 0x00040200, 0x00080000, 0x04000000, 0x00100004,
- 0x00400200, 0x00080008, 0x00000800, 0x40000004,
- 0x00440200, 0x00080008, 0x04000800, 0x40100004,
- 0x00000600, 0x00080020, 0x08000000, 0x00000104,
- 0x00040600, 0x00080020, 0x0c000000, 0x00100104,
- 0x00400600, 0x00080028, 0x08000800, 0x40000104,
- 0x00440600, 0x00080028, 0x0c000800, 0x40100104,
- 0x80000200, 0x00080010, 0x00000000, 0x00800004,
- 0x80040200, 0x00080010, 0x04000000, 0x00900004,
- 0x80400200, 0x00080018, 0x00000800, 0x40800004,
- 0x80440200, 0x00080018, 0x04000800, 0x40900004,
- 0x80000600, 0x00080030, 0x08000000, 0x00800104,
- 0x80040600, 0x00080030, 0x0c000000, 0x00900104,
- 0x80400600, 0x00080038, 0x08000800, 0x40800104,
- 0x80440600, 0x00080038, 0x0c000800, 0x40900104,
- 0x10000200, 0x00080000, 0x00200000, 0x00001004,
- 0x10040200, 0x00080000, 0x04200000, 0x00101004,
- 0x10400200, 0x00080008, 0x00200800, 0x40001004,
- 0x10440200, 0x00080008, 0x04200800, 0x40101004,
- 0x10000600, 0x00080020, 0x08200000, 0x00001104,
- 0x10040600, 0x00080020, 0x0c200000, 0x00101104,
- 0x10400600, 0x00080028, 0x08200800, 0x40001104,
- 0x10440600, 0x00080028, 0x0c200800, 0x40101104,
- 0x90000200, 0x00080010, 0x00200000, 0x00801004,
- 0x90040200, 0x00080010, 0x04200000, 0x00901004,
- 0x90400200, 0x00080018, 0x00200800, 0x40801004,
- 0x90440200, 0x00080018, 0x04200800, 0x40901004,
- 0x90000600, 0x00080030, 0x08200000, 0x00801104,
- 0x90040600, 0x00080030, 0x0c200000, 0x00901104,
- 0x90400600, 0x00080038, 0x08200800, 0x40801104,
- 0x90440600, 0x00080038, 0x0c200800, 0x40901104,
- 0x00000002, 0x00002000, 0x20000000, 0x00000001,
- 0x00040002, 0x00002000, 0x24000000, 0x00100001,
- 0x00400002, 0x00002008, 0x20000800, 0x40000001,
- 0x00440002, 0x00002008, 0x24000800, 0x40100001,
- 0x00000402, 0x00002020, 0x28000000, 0x00000101,
- 0x00040402, 0x00002020, 0x2c000000, 0x00100101,
- 0x00400402, 0x00002028, 0x28000800, 0x40000101,
- 0x00440402, 0x00002028, 0x2c000800, 0x40100101,
- 0x80000002, 0x00002010, 0x20000000, 0x00800001,
- 0x80040002, 0x00002010, 0x24000000, 0x00900001,
- 0x80400002, 0x00002018, 0x20000800, 0x40800001,
- 0x80440002, 0x00002018, 0x24000800, 0x40900001,
- 0x80000402, 0x00002030, 0x28000000, 0x00800101,
- 0x80040402, 0x00002030, 0x2c000000, 0x00900101,
- 0x80400402, 0x00002038, 0x28000800, 0x40800101,
- 0x80440402, 0x00002038, 0x2c000800, 0x40900101,
- 0x10000002, 0x00002000, 0x20200000, 0x00001001,
- 0x10040002, 0x00002000, 0x24200000, 0x00101001,
- 0x10400002, 0x00002008, 0x20200800, 0x40001001,
- 0x10440002, 0x00002008, 0x24200800, 0x40101001,
- 0x10000402, 0x00002020, 0x28200000, 0x00001101,
- 0x10040402, 0x00002020, 0x2c200000, 0x00101101,
- 0x10400402, 0x00002028, 0x28200800, 0x40001101,
- 0x10440402, 0x00002028, 0x2c200800, 0x40101101,
- 0x90000002, 0x00002010, 0x20200000, 0x00801001,
- 0x90040002, 0x00002010, 0x24200000, 0x00901001,
- 0x90400002, 0x00002018, 0x20200800, 0x40801001,
- 0x90440002, 0x00002018, 0x24200800, 0x40901001,
- 0x90000402, 0x00002030, 0x28200000, 0x00801101,
- 0x90040402, 0x00002030, 0x2c200000, 0x00901101,
- 0x90400402, 0x00002038, 0x28200800, 0x40801101,
- 0x90440402, 0x00002038, 0x2c200800, 0x40901101,
- 0x00000202, 0x00082000, 0x20000000, 0x00000005,
- 0x00040202, 0x00082000, 0x24000000, 0x00100005,
- 0x00400202, 0x00082008, 0x20000800, 0x40000005,
- 0x00440202, 0x00082008, 0x24000800, 0x40100005,
- 0x00000602, 0x00082020, 0x28000000, 0x00000105,
- 0x00040602, 0x00082020, 0x2c000000, 0x00100105,
- 0x00400602, 0x00082028, 0x28000800, 0x40000105,
- 0x00440602, 0x00082028, 0x2c000800, 0x40100105,
- 0x80000202, 0x00082010, 0x20000000, 0x00800005,
- 0x80040202, 0x00082010, 0x24000000, 0x00900005,
- 0x80400202, 0x00082018, 0x20000800, 0x40800005,
- 0x80440202, 0x00082018, 0x24000800, 0x40900005,
- 0x80000602, 0x00082030, 0x28000000, 0x00800105,
- 0x80040602, 0x00082030, 0x2c000000, 0x00900105,
- 0x80400602, 0x00082038, 0x28000800, 0x40800105,
- 0x80440602, 0x00082038, 0x2c000800, 0x40900105,
- 0x10000202, 0x00082000, 0x20200000, 0x00001005,
- 0x10040202, 0x00082000, 0x24200000, 0x00101005,
- 0x10400202, 0x00082008, 0x20200800, 0x40001005,
- 0x10440202, 0x00082008, 0x24200800, 0x40101005,
- 0x10000602, 0x00082020, 0x28200000, 0x00001105,
- 0x10040602, 0x00082020, 0x2c200000, 0x00101105,
- 0x10400602, 0x00082028, 0x28200800, 0x40001105,
- 0x10440602, 0x00082028, 0x2c200800, 0x40101105,
- 0x90000202, 0x00082010, 0x20200000, 0x00801005,
- 0x90040202, 0x00082010, 0x24200000, 0x00901005,
- 0x90400202, 0x00082018, 0x20200800, 0x40801005,
- 0x90440202, 0x00082018, 0x24200800, 0x40901005,
- 0x90000602, 0x00082030, 0x28200000, 0x00801105,
- 0x90040602, 0x00082030, 0x2c200000, 0x00901105,
- 0x90400602, 0x00082038, 0x28200800, 0x40801105,
- 0x90440602, 0x00082038, 0x2c200800, 0x40901105,
-
- 0x00000000, 0x00000000, 0x00000000, 0x00000000,
- 0x00000000, 0x00000008, 0x00080000, 0x10000000,
- 0x02000000, 0x00000000, 0x00000080, 0x00001000,
- 0x02000000, 0x00000008, 0x00080080, 0x10001000,
- 0x00004000, 0x00000000, 0x00000040, 0x00040000,
- 0x00004000, 0x00000008, 0x00080040, 0x10040000,
- 0x02004000, 0x00000000, 0x000000c0, 0x00041000,
- 0x02004000, 0x00000008, 0x000800c0, 0x10041000,
- 0x00020000, 0x00008000, 0x08000000, 0x00200000,
- 0x00020000, 0x00008008, 0x08080000, 0x10200000,
- 0x02020000, 0x00008000, 0x08000080, 0x00201000,
- 0x02020000, 0x00008008, 0x08080080, 0x10201000,
- 0x00024000, 0x00008000, 0x08000040, 0x00240000,
- 0x00024000, 0x00008008, 0x08080040, 0x10240000,
- 0x02024000, 0x00008000, 0x080000c0, 0x00241000,
- 0x02024000, 0x00008008, 0x080800c0, 0x10241000,
- 0x00000000, 0x01000000, 0x00002000, 0x00000020,
- 0x00000000, 0x01000008, 0x00082000, 0x10000020,
- 0x02000000, 0x01000000, 0x00002080, 0x00001020,
- 0x02000000, 0x01000008, 0x00082080, 0x10001020,
- 0x00004000, 0x01000000, 0x00002040, 0x00040020,
- 0x00004000, 0x01000008, 0x00082040, 0x10040020,
- 0x02004000, 0x01000000, 0x000020c0, 0x00041020,
- 0x02004000, 0x01000008, 0x000820c0, 0x10041020,
- 0x00020000, 0x01008000, 0x08002000, 0x00200020,
- 0x00020000, 0x01008008, 0x08082000, 0x10200020,
- 0x02020000, 0x01008000, 0x08002080, 0x00201020,
- 0x02020000, 0x01008008, 0x08082080, 0x10201020,
- 0x00024000, 0x01008000, 0x08002040, 0x00240020,
- 0x00024000, 0x01008008, 0x08082040, 0x10240020,
- 0x02024000, 0x01008000, 0x080020c0, 0x00241020,
- 0x02024000, 0x01008008, 0x080820c0, 0x10241020,
- 0x00000400, 0x04000000, 0x00100000, 0x00000004,
- 0x00000400, 0x04000008, 0x00180000, 0x10000004,
- 0x02000400, 0x04000000, 0x00100080, 0x00001004,
- 0x02000400, 0x04000008, 0x00180080, 0x10001004,
- 0x00004400, 0x04000000, 0x00100040, 0x00040004,
- 0x00004400, 0x04000008, 0x00180040, 0x10040004,
- 0x02004400, 0x04000000, 0x001000c0, 0x00041004,
- 0x02004400, 0x04000008, 0x001800c0, 0x10041004,
- 0x00020400, 0x04008000, 0x08100000, 0x00200004,
- 0x00020400, 0x04008008, 0x08180000, 0x10200004,
- 0x02020400, 0x04008000, 0x08100080, 0x00201004,
- 0x02020400, 0x04008008, 0x08180080, 0x10201004,
- 0x00024400, 0x04008000, 0x08100040, 0x00240004,
- 0x00024400, 0x04008008, 0x08180040, 0x10240004,
- 0x02024400, 0x04008000, 0x081000c0, 0x00241004,
- 0x02024400, 0x04008008, 0x081800c0, 0x10241004,
- 0x00000400, 0x05000000, 0x00102000, 0x00000024,
- 0x00000400, 0x05000008, 0x00182000, 0x10000024,
- 0x02000400, 0x05000000, 0x00102080, 0x00001024,
- 0x02000400, 0x05000008, 0x00182080, 0x10001024,
- 0x00004400, 0x05000000, 0x00102040, 0x00040024,
- 0x00004400, 0x05000008, 0x00182040, 0x10040024,
- 0x02004400, 0x05000000, 0x001020c0, 0x00041024,
- 0x02004400, 0x05000008, 0x001820c0, 0x10041024,
- 0x00020400, 0x05008000, 0x08102000, 0x00200024,
- 0x00020400, 0x05008008, 0x08182000, 0x10200024,
- 0x02020400, 0x05008000, 0x08102080, 0x00201024,
- 0x02020400, 0x05008008, 0x08182080, 0x10201024,
- 0x00024400, 0x05008000, 0x08102040, 0x00240024,
- 0x00024400, 0x05008008, 0x08182040, 0x10240024,
- 0x02024400, 0x05008000, 0x081020c0, 0x00241024,
- 0x02024400, 0x05008008, 0x081820c0, 0x10241024,
- 0x00000800, 0x00010000, 0x20000000, 0x00000010,
- 0x00000800, 0x00010008, 0x20080000, 0x10000010,
- 0x02000800, 0x00010000, 0x20000080, 0x00001010,
- 0x02000800, 0x00010008, 0x20080080, 0x10001010,
- 0x00004800, 0x00010000, 0x20000040, 0x00040010,
- 0x00004800, 0x00010008, 0x20080040, 0x10040010,
- 0x02004800, 0x00010000, 0x200000c0, 0x00041010,
- 0x02004800, 0x00010008, 0x200800c0, 0x10041010,
- 0x00020800, 0x00018000, 0x28000000, 0x00200010,
- 0x00020800, 0x00018008, 0x28080000, 0x10200010,
- 0x02020800, 0x00018000, 0x28000080, 0x00201010,
- 0x02020800, 0x00018008, 0x28080080, 0x10201010,
- 0x00024800, 0x00018000, 0x28000040, 0x00240010,
- 0x00024800, 0x00018008, 0x28080040, 0x10240010,
- 0x02024800, 0x00018000, 0x280000c0, 0x00241010,
- 0x02024800, 0x00018008, 0x280800c0, 0x10241010,
- 0x00000800, 0x01010000, 0x20002000, 0x00000030,
- 0x00000800, 0x01010008, 0x20082000, 0x10000030,
- 0x02000800, 0x01010000, 0x20002080, 0x00001030,
- 0x02000800, 0x01010008, 0x20082080, 0x10001030,
- 0x00004800, 0x01010000, 0x20002040, 0x00040030,
- 0x00004800, 0x01010008, 0x20082040, 0x10040030,
- 0x02004800, 0x01010000, 0x200020c0, 0x00041030,
- 0x02004800, 0x01010008, 0x200820c0, 0x10041030,
- 0x00020800, 0x01018000, 0x28002000, 0x00200030,
- 0x00020800, 0x01018008, 0x28082000, 0x10200030,
- 0x02020800, 0x01018000, 0x28002080, 0x00201030,
- 0x02020800, 0x01018008, 0x28082080, 0x10201030,
- 0x00024800, 0x01018000, 0x28002040, 0x00240030,
- 0x00024800, 0x01018008, 0x28082040, 0x10240030,
- 0x02024800, 0x01018000, 0x280020c0, 0x00241030,
- 0x02024800, 0x01018008, 0x280820c0, 0x10241030,
- 0x00000c00, 0x04010000, 0x20100000, 0x00000014,
- 0x00000c00, 0x04010008, 0x20180000, 0x10000014,
- 0x02000c00, 0x04010000, 0x20100080, 0x00001014,
- 0x02000c00, 0x04010008, 0x20180080, 0x10001014,
- 0x00004c00, 0x04010000, 0x20100040, 0x00040014,
- 0x00004c00, 0x04010008, 0x20180040, 0x10040014,
- 0x02004c00, 0x04010000, 0x201000c0, 0x00041014,
- 0x02004c00, 0x04010008, 0x201800c0, 0x10041014,
- 0x00020c00, 0x04018000, 0x28100000, 0x00200014,
- 0x00020c00, 0x04018008, 0x28180000, 0x10200014,
- 0x02020c00, 0x04018000, 0x28100080, 0x00201014,
- 0x02020c00, 0x04018008, 0x28180080, 0x10201014,
- 0x00024c00, 0x04018000, 0x28100040, 0x00240014,
- 0x00024c00, 0x04018008, 0x28180040, 0x10240014,
- 0x02024c00, 0x04018000, 0x281000c0, 0x00241014,
- 0x02024c00, 0x04018008, 0x281800c0, 0x10241014,
- 0x00000c00, 0x05010000, 0x20102000, 0x00000034,
- 0x00000c00, 0x05010008, 0x20182000, 0x10000034,
- 0x02000c00, 0x05010000, 0x20102080, 0x00001034,
- 0x02000c00, 0x05010008, 0x20182080, 0x10001034,
- 0x00004c00, 0x05010000, 0x20102040, 0x00040034,
- 0x00004c00, 0x05010008, 0x20182040, 0x10040034,
- 0x02004c00, 0x05010000, 0x201020c0, 0x00041034,
- 0x02004c00, 0x05010008, 0x201820c0, 0x10041034,
- 0x00020c00, 0x05018000, 0x28102000, 0x00200034,
- 0x00020c00, 0x05018008, 0x28182000, 0x10200034,
- 0x02020c00, 0x05018000, 0x28102080, 0x00201034,
- 0x02020c00, 0x05018008, 0x28182080, 0x10201034,
- 0x00024c00, 0x05018000, 0x28102040, 0x00240034,
- 0x00024c00, 0x05018008, 0x28182040, 0x10240034,
- 0x02024c00, 0x05018000, 0x281020c0, 0x00241034,
- 0x02024c00, 0x05018008, 0x281820c0, 0x10241034
-};
-
-/* S-box lookup tables */
-
-static const u32 S1[64] = {
- 0x01010400, 0x00000000, 0x00010000, 0x01010404,
- 0x01010004, 0x00010404, 0x00000004, 0x00010000,
- 0x00000400, 0x01010400, 0x01010404, 0x00000400,
- 0x01000404, 0x01010004, 0x01000000, 0x00000004,
- 0x00000404, 0x01000400, 0x01000400, 0x00010400,
- 0x00010400, 0x01010000, 0x01010000, 0x01000404,
- 0x00010004, 0x01000004, 0x01000004, 0x00010004,
- 0x00000000, 0x00000404, 0x00010404, 0x01000000,
- 0x00010000, 0x01010404, 0x00000004, 0x01010000,
- 0x01010400, 0x01000000, 0x01000000, 0x00000400,
- 0x01010004, 0x00010000, 0x00010400, 0x01000004,
- 0x00000400, 0x00000004, 0x01000404, 0x00010404,
- 0x01010404, 0x00010004, 0x01010000, 0x01000404,
- 0x01000004, 0x00000404, 0x00010404, 0x01010400,
- 0x00000404, 0x01000400, 0x01000400, 0x00000000,
- 0x00010004, 0x00010400, 0x00000000, 0x01010004
-};
-
-static const u32 S2[64] = {
- 0x80108020, 0x80008000, 0x00008000, 0x00108020,
- 0x00100000, 0x00000020, 0x80100020, 0x80008020,
- 0x80000020, 0x80108020, 0x80108000, 0x80000000,
- 0x80008000, 0x00100000, 0x00000020, 0x80100020,
- 0x00108000, 0x00100020, 0x80008020, 0x00000000,
- 0x80000000, 0x00008000, 0x00108020, 0x80100000,
- 0x00100020, 0x80000020, 0x00000000, 0x00108000,
- 0x00008020, 0x80108000, 0x80100000, 0x00008020,
- 0x00000000, 0x00108020, 0x80100020, 0x00100000,
- 0x80008020, 0x80100000, 0x80108000, 0x00008000,
- 0x80100000, 0x80008000, 0x00000020, 0x80108020,
- 0x00108020, 0x00000020, 0x00008000, 0x80000000,
- 0x00008020, 0x80108000, 0x00100000, 0x80000020,
- 0x00100020, 0x80008020, 0x80000020, 0x00100020,
- 0x00108000, 0x00000000, 0x80008000, 0x00008020,
- 0x80000000, 0x80100020, 0x80108020, 0x00108000
-};
-
-static const u32 S3[64] = {
- 0x00000208, 0x08020200, 0x00000000, 0x08020008,
- 0x08000200, 0x00000000, 0x00020208, 0x08000200,
- 0x00020008, 0x08000008, 0x08000008, 0x00020000,
- 0x08020208, 0x00020008, 0x08020000, 0x00000208,
- 0x08000000, 0x00000008, 0x08020200, 0x00000200,
- 0x00020200, 0x08020000, 0x08020008, 0x00020208,
- 0x08000208, 0x00020200, 0x00020000, 0x08000208,
- 0x00000008, 0x08020208, 0x00000200, 0x08000000,
- 0x08020200, 0x08000000, 0x00020008, 0x00000208,
- 0x00020000, 0x08020200, 0x08000200, 0x00000000,
- 0x00000200, 0x00020008, 0x08020208, 0x08000200,
- 0x08000008, 0x00000200, 0x00000000, 0x08020008,
- 0x08000208, 0x00020000, 0x08000000, 0x08020208,
- 0x00000008, 0x00020208, 0x00020200, 0x08000008,
- 0x08020000, 0x08000208, 0x00000208, 0x08020000,
- 0x00020208, 0x00000008, 0x08020008, 0x00020200
-};
-
-static const u32 S4[64] = {
- 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802080, 0x00800081, 0x00800001, 0x00002001,
- 0x00000000, 0x00802000, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00800080, 0x00800001,
- 0x00000001, 0x00002000, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002001, 0x00002080,
- 0x00800081, 0x00000001, 0x00002080, 0x00800080,
- 0x00002000, 0x00802080, 0x00802081, 0x00000081,
- 0x00800080, 0x00800001, 0x00802000, 0x00802081,
- 0x00000081, 0x00000000, 0x00000000, 0x00802000,
- 0x00002080, 0x00800080, 0x00800081, 0x00000001,
- 0x00802001, 0x00002081, 0x00002081, 0x00000080,
- 0x00802081, 0x00000081, 0x00000001, 0x00002000,
- 0x00800001, 0x00002001, 0x00802080, 0x00800081,
- 0x00002001, 0x00002080, 0x00800000, 0x00802001,
- 0x00000080, 0x00800000, 0x00002000, 0x00802080
-};
-
-static const u32 S5[64] = {
- 0x00000100, 0x02080100, 0x02080000, 0x42000100,
- 0x00080000, 0x00000100, 0x40000000, 0x02080000,
- 0x40080100, 0x00080000, 0x02000100, 0x40080100,
- 0x42000100, 0x42080000, 0x00080100, 0x40000000,
- 0x02000000, 0x40080000, 0x40080000, 0x00000000,
- 0x40000100, 0x42080100, 0x42080100, 0x02000100,
- 0x42080000, 0x40000100, 0x00000000, 0x42000000,
- 0x02080100, 0x02000000, 0x42000000, 0x00080100,
- 0x00080000, 0x42000100, 0x00000100, 0x02000000,
- 0x40000000, 0x02080000, 0x42000100, 0x40080100,
- 0x02000100, 0x40000000, 0x42080000, 0x02080100,
- 0x40080100, 0x00000100, 0x02000000, 0x42080000,
- 0x42080100, 0x00080100, 0x42000000, 0x42080100,
- 0x02080000, 0x00000000, 0x40080000, 0x42000000,
- 0x00080100, 0x02000100, 0x40000100, 0x00080000,
- 0x00000000, 0x40080000, 0x02080100, 0x40000100
-};
-
-static const u32 S6[64] = {
- 0x20000010, 0x20400000, 0x00004000, 0x20404010,
- 0x20400000, 0x00000010, 0x20404010, 0x00400000,
- 0x20004000, 0x00404010, 0x00400000, 0x20000010,
- 0x00400010, 0x20004000, 0x20000000, 0x00004010,
- 0x00000000, 0x00400010, 0x20004010, 0x00004000,
- 0x00404000, 0x20004010, 0x00000010, 0x20400010,
- 0x20400010, 0x00000000, 0x00404010, 0x20404000,
- 0x00004010, 0x00404000, 0x20404000, 0x20000000,
- 0x20004000, 0x00000010, 0x20400010, 0x00404000,
- 0x20404010, 0x00400000, 0x00004010, 0x20000010,
- 0x00400000, 0x20004000, 0x20000000, 0x00004010,
- 0x20000010, 0x20404010, 0x00404000, 0x20400000,
- 0x00404010, 0x20404000, 0x00000000, 0x20400010,
- 0x00000010, 0x00004000, 0x20400000, 0x00404010,
- 0x00004000, 0x00400010, 0x20004010, 0x00000000,
- 0x20404000, 0x20000000, 0x00400010, 0x20004010
-};
-
-static const u32 S7[64] = {
- 0x00200000, 0x04200002, 0x04000802, 0x00000000,
- 0x00000800, 0x04000802, 0x00200802, 0x04200800,
- 0x04200802, 0x00200000, 0x00000000, 0x04000002,
- 0x00000002, 0x04000000, 0x04200002, 0x00000802,
- 0x04000800, 0x00200802, 0x00200002, 0x04000800,
- 0x04000002, 0x04200000, 0x04200800, 0x00200002,
- 0x04200000, 0x00000800, 0x00000802, 0x04200802,
- 0x00200800, 0x00000002, 0x04000000, 0x00200800,
- 0x04000000, 0x00200800, 0x00200000, 0x04000802,
- 0x04000802, 0x04200002, 0x04200002, 0x00000002,
- 0x00200002, 0x04000000, 0x04000800, 0x00200000,
- 0x04200800, 0x00000802, 0x00200802, 0x04200800,
- 0x00000802, 0x04000002, 0x04200802, 0x04200000,
- 0x00200800, 0x00000000, 0x00000002, 0x04200802,
- 0x00000000, 0x00200802, 0x04200000, 0x00000800,
- 0x04000002, 0x04000800, 0x00000800, 0x00200002
-};
-
-static const u32 S8[64] = {
- 0x10001040, 0x00001000, 0x00040000, 0x10041040,
- 0x10000000, 0x10001040, 0x00000040, 0x10000000,
- 0x00040040, 0x10040000, 0x10041040, 0x00041000,
- 0x10041000, 0x00041040, 0x00001000, 0x00000040,
- 0x10040000, 0x10000040, 0x10001000, 0x00001040,
- 0x00041000, 0x00040040, 0x10040040, 0x10041000,
- 0x00001040, 0x00000000, 0x00000000, 0x10040040,
- 0x10000040, 0x10001000, 0x00041040, 0x00040000,
- 0x00041040, 0x00040000, 0x10041000, 0x00001000,
- 0x00000040, 0x10040040, 0x00001000, 0x00041040,
- 0x10001000, 0x00000040, 0x10000040, 0x10040000,
- 0x10040040, 0x10000000, 0x00040000, 0x10001040,
- 0x00000000, 0x10041040, 0x00040040, 0x10000040,
- 0x10040000, 0x10001000, 0x10001040, 0x00000000,
- 0x10041040, 0x00041000, 0x00041000, 0x00001040,
- 0x00001040, 0x00040040, 0x10000000, 0x10041000
-};
-
-/* Encryption components: IP, FP, and round function */
-
-#define IP(L, R, T) \
- ROL(R, 4); \
- T = L; \
- L ^= R; \
- L &= 0xf0f0f0f0; \
- R ^= L; \
- L ^= T; \
- ROL(R, 12); \
- T = L; \
- L ^= R; \
- L &= 0xffff0000; \
- R ^= L; \
- L ^= T; \
- ROR(R, 14); \
- T = L; \
- L ^= R; \
- L &= 0xcccccccc; \
- R ^= L; \
- L ^= T; \
- ROL(R, 6); \
- T = L; \
- L ^= R; \
- L &= 0xff00ff00; \
- R ^= L; \
- L ^= T; \
- ROR(R, 7); \
- T = L; \
- L ^= R; \
- L &= 0xaaaaaaaa; \
- R ^= L; \
- L ^= T; \
- ROL(L, 1);
-
-#define FP(L, R, T) \
- ROR(L, 1); \
- T = L; \
- L ^= R; \
- L &= 0xaaaaaaaa; \
- R ^= L; \
- L ^= T; \
- ROL(R, 7); \
- T = L; \
- L ^= R; \
- L &= 0xff00ff00; \
- R ^= L; \
- L ^= T; \
- ROR(R, 6); \
- T = L; \
- L ^= R; \
- L &= 0xcccccccc; \
- R ^= L; \
- L ^= T; \
- ROL(R, 14); \
- T = L; \
- L ^= R; \
- L &= 0xffff0000; \
- R ^= L; \
- L ^= T; \
- ROR(R, 12); \
- T = L; \
- L ^= R; \
- L &= 0xf0f0f0f0; \
- R ^= L; \
- L ^= T; \
- ROR(R, 4);
-
-#define ROUND(L, R, A, B, K, d) \
- B = K[0]; A = K[1]; K += d; \
- B ^= R; A ^= R; \
- B &= 0x3f3f3f3f; ROR(A, 4); \
- L ^= S8[0xff & B]; A &= 0x3f3f3f3f; \
- L ^= S6[0xff & (B >> 8)]; B >>= 16; \
- L ^= S7[0xff & A]; \
- L ^= S5[0xff & (A >> 8)]; A >>= 16; \
- L ^= S4[0xff & B]; \
- L ^= S2[0xff & (B >> 8)]; \
- L ^= S3[0xff & A]; \
- L ^= S1[0xff & (A >> 8)];
-
-/*
- * PC2 lookup tables are organized as 2 consecutive sets of 4 interleaved
- * tables of 128 elements. One set is for C_i and the other for D_i, while
- * the 4 interleaved tables correspond to four 7-bit subsets of C_i or D_i.
- *
- * After PC1 each of the variables a,b,c,d contains a 7 bit subset of C_i
- * or D_i in bits 7-1 (bit 0 being the least significant).
- */
-
-#define T1(x) pt[2 * (x) + 0]
-#define T2(x) pt[2 * (x) + 1]
-#define T3(x) pt[2 * (x) + 2]
-#define T4(x) pt[2 * (x) + 3]
-
-#define DES_PC2(a, b, c, d) (T4(d) | T3(c) | T2(b) | T1(a))
-
-/*
- * Encryption key expansion
- *
- * RFC2451: Weak key checks SHOULD be performed.
- *
- * FIPS 74:
- *
- * Keys having duals are keys which produce all zeros, all ones, or
- * alternating zero-one patterns in the C and D registers after Permuted
- * Choice 1 has operated on the key.
- *
- */
-unsigned long des_ekey(u32 *pe, const u8 *k)
-{
- /* K&R: long is at least 32 bits */
- unsigned long a, b, c, d, w;
- const u32 *pt = pc2;
-
- d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
- c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
- b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
- a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
-
- pe[15 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d];
- pe[14 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[13 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[12 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[11 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[10 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 9 * 2 + 0] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 8 * 2 + 0] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 7 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 6 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 5 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 4 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 3 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 2 * 2 + 0] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 1 * 2 + 0] = DES_PC2(c, d, a, b); b = rs[b];
- pe[ 0 * 2 + 0] = DES_PC2(b, c, d, a);
-
- /* Check if first half is weak */
- w = (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
-
- /* Skip to next table set */
- pt += 512;
-
- d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
- c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
- b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
- a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
-
- /* Check if second half is weak */
- w |= (a ^ c) | (b ^ d) | (rs[a] ^ c) | (b ^ rs[d]);
-
- pe[15 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
- pe[14 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[13 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[12 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[11 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[10 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 9 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 8 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 7 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 6 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 5 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 4 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 3 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 2 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[ 1 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
- pe[ 0 * 2 + 1] = DES_PC2(b, c, d, a);
-
- /* Fixup: 2413 5768 -> 1357 2468 */
- for (d = 0; d < 16; ++d) {
- a = pe[2 * d];
- b = pe[2 * d + 1];
- c = a ^ b;
- c &= 0xffff0000;
- a ^= c;
- b ^= c;
- ROL(b, 18);
- pe[2 * d] = a;
- pe[2 * d + 1] = b;
- }
-
- /* Zero if weak key */
- return w;
-}
-EXPORT_SYMBOL_GPL(des_ekey);
-
-/*
- * Decryption key expansion
- *
- * No weak key checking is performed, as this is only used by triple DES
- *
- */
-static void dkey(u32 *pe, const u8 *k)
-{
- /* K&R: long is at least 32 bits */
- unsigned long a, b, c, d;
- const u32 *pt = pc2;
-
- d = k[4]; d &= 0x0e; d <<= 4; d |= k[0] & 0x1e; d = pc1[d];
- c = k[5]; c &= 0x0e; c <<= 4; c |= k[1] & 0x1e; c = pc1[c];
- b = k[6]; b &= 0x0e; b <<= 4; b |= k[2] & 0x1e; b = pc1[b];
- a = k[7]; a &= 0x0e; a <<= 4; a |= k[3] & 0x1e; a = pc1[a];
-
- pe[ 0 * 2] = DES_PC2(a, b, c, d); d = rs[d];
- pe[ 1 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 2 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 3 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 4 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 5 * 2] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 6 * 2] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 7 * 2] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 8 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 9 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[10 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[11 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[12 * 2] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[13 * 2] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[14 * 2] = DES_PC2(c, d, a, b); b = rs[b];
- pe[15 * 2] = DES_PC2(b, c, d, a);
-
- /* Skip to next table set */
- pt += 512;
-
- d = k[0]; d &= 0xe0; d >>= 4; d |= k[4] & 0xf0; d = pc1[d + 1];
- c = k[1]; c &= 0xe0; c >>= 4; c |= k[5] & 0xf0; c = pc1[c + 1];
- b = k[2]; b &= 0xe0; b >>= 4; b |= k[6] & 0xf0; b = pc1[b + 1];
- a = k[3]; a &= 0xe0; a >>= 4; a |= k[7] & 0xf0; a = pc1[a + 1];
-
- pe[ 0 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d];
- pe[ 1 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 2 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 3 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 4 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 5 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c]; b = rs[b];
- pe[ 6 * 2 + 1] = DES_PC2(b, c, d, a); a = rs[a]; d = rs[d];
- pe[ 7 * 2 + 1] = DES_PC2(d, a, b, c); c = rs[c];
- pe[ 8 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[ 9 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[10 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[11 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[12 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b]; a = rs[a];
- pe[13 * 2 + 1] = DES_PC2(a, b, c, d); d = rs[d]; c = rs[c];
- pe[14 * 2 + 1] = DES_PC2(c, d, a, b); b = rs[b];
- pe[15 * 2 + 1] = DES_PC2(b, c, d, a);
-
- /* Fixup: 2413 5768 -> 1357 2468 */
- for (d = 0; d < 16; ++d) {
- a = pe[2 * d];
- b = pe[2 * d + 1];
- c = a ^ b;
- c &= 0xffff0000;
- a ^= c;
- b ^= c;
- ROL(b, 18);
- pe[2 * d] = a;
- pe[2 * d + 1] = b;
- }
-}
+#include <crypto/internal/des.h>
static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
struct des_ctx *dctx = crypto_tfm_ctx(tfm);
- u32 *flags = &tfm->crt_flags;
- u32 tmp[DES_EXPKEY_WORDS];
- int ret;
+ int err;
- /* Expand to tmp */
- ret = des_ekey(tmp, key);
-
- if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
- *flags |= CRYPTO_TFM_RES_WEAK_KEY;
- return -EINVAL;
+ err = des_expand_key(dctx, key, keylen);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
}
- /* Copy to output */
- memcpy(dctx->expkey, tmp, sizeof(dctx->expkey));
-
- return 0;
+ if (err) {
+ memset(dctx, 0, sizeof(*dctx));
+ crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
+ }
+ return err;
}
-static void des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+static void crypto_des_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
- struct des_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *K = ctx->expkey;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
+ const struct des_ctx *dctx = crypto_tfm_ctx(tfm);
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
-
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, 2);
- ROUND(R, L, A, B, K, 2);
- }
- FP(R, L, A);
-
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ des_encrypt(dctx, dst, src);
}
-static void des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+static void crypto_des_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
{
- struct des_ctx *ctx = crypto_tfm_ctx(tfm);
- const u32 *K = ctx->expkey + DES_EXPKEY_WORDS - 2;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
+ const struct des_ctx *dctx = crypto_tfm_ctx(tfm);
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
-
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, -2);
- ROUND(R, L, A, B, K, -2);
- }
- FP(R, L, A);
-
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ des_decrypt(dctx, dst, src);
}
-/*
- * RFC2451:
- *
- * For DES-EDE3, there is no known need to reject weak or
- * complementation keys. Any weakness is obviated by the use of
- * multiple keys.
- *
- * However, if the first two or last two independent 64-bit keys are
- * equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
- * same as DES. Implementers MUST reject keys that exhibit this
- * property.
- *
- */
-int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
- unsigned int keylen)
-{
- const u32 *K = (const u32 *)key;
-
- if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
- !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
- (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) {
- *flags |= CRYPTO_TFM_RES_WEAK_KEY;
- return -EINVAL;
- }
-
- des_ekey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
- dkey(expkey, key); expkey += DES_EXPKEY_WORDS; key += DES_KEY_SIZE;
- des_ekey(expkey, key);
-
- return 0;
-}
-EXPORT_SYMBOL_GPL(__des3_ede_setkey);
-
static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
unsigned int keylen)
{
struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- u32 *flags = &tfm->crt_flags;
- u32 *expkey = dctx->expkey;
+ int err;
- return __des3_ede_setkey(expkey, flags, key, keylen);
+ err = des3_ede_expand_key(dctx, key, keylen);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
+ }
+
+ if (err) {
+ memset(dctx, 0, sizeof(*dctx));
+ crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
+ }
+ return err;
}
-static void des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+static void crypto_des3_ede_encrypt(struct crypto_tfm *tfm, u8 *dst,
+ const u8 *src)
{
- struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- const u32 *K = dctx->expkey;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
+ const struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
-
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, 2);
- ROUND(R, L, A, B, K, 2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(R, L, A, B, K, 2);
- ROUND(L, R, A, B, K, 2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, 2);
- ROUND(R, L, A, B, K, 2);
- }
- FP(R, L, A);
-
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ des3_ede_encrypt(dctx, dst, src);
}
-static void des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
+static void crypto_des3_ede_decrypt(struct crypto_tfm *tfm, u8 *dst,
+ const u8 *src)
{
- struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- const u32 *K = dctx->expkey + DES3_EDE_EXPKEY_WORDS - 2;
- const __le32 *s = (const __le32 *)src;
- __le32 *d = (__le32 *)dst;
- u32 L, R, A, B;
- int i;
+ const struct des3_ede_ctx *dctx = crypto_tfm_ctx(tfm);
- L = le32_to_cpu(s[0]);
- R = le32_to_cpu(s[1]);
-
- IP(L, R, A);
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, -2);
- ROUND(R, L, A, B, K, -2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(R, L, A, B, K, -2);
- ROUND(L, R, A, B, K, -2);
- }
- for (i = 0; i < 8; i++) {
- ROUND(L, R, A, B, K, -2);
- ROUND(R, L, A, B, K, -2);
- }
- FP(R, L, A);
-
- d[0] = cpu_to_le32(R);
- d[1] = cpu_to_le32(L);
+ des3_ede_decrypt(dctx, dst, src);
}
static struct crypto_alg des_algs[2] = { {
@@ -959,13 +96,12 @@
.cra_blocksize = DES_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct des_ctx),
.cra_module = THIS_MODULE,
- .cra_alignmask = 3,
.cra_u = { .cipher = {
.cia_min_keysize = DES_KEY_SIZE,
.cia_max_keysize = DES_KEY_SIZE,
.cia_setkey = des_setkey,
- .cia_encrypt = des_encrypt,
- .cia_decrypt = des_decrypt } }
+ .cia_encrypt = crypto_des_encrypt,
+ .cia_decrypt = crypto_des_decrypt } }
}, {
.cra_name = "des3_ede",
.cra_driver_name = "des3_ede-generic",
@@ -974,13 +110,12 @@
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct des3_ede_ctx),
.cra_module = THIS_MODULE,
- .cra_alignmask = 3,
.cra_u = { .cipher = {
.cia_min_keysize = DES3_EDE_KEY_SIZE,
.cia_max_keysize = DES3_EDE_KEY_SIZE,
.cia_setkey = des3_ede_setkey,
- .cia_encrypt = des3_ede_encrypt,
- .cia_decrypt = des3_ede_decrypt } }
+ .cia_encrypt = crypto_des3_ede_encrypt,
+ .cia_decrypt = crypto_des3_ede_decrypt } }
} };
static int __init des_generic_mod_init(void)
@@ -993,7 +128,7 @@
crypto_unregister_algs(des_algs, ARRAY_SIZE(des_algs));
}
-module_init(des_generic_mod_init);
+subsys_initcall(des_generic_mod_init);
module_exit(des_generic_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/dh.c b/crypto/dh.c
index 09a44de..566f624 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* Diffie-Hellman Key Agreement Method [RFC2631]
*
* Copyright (c) 2016, Intel Corporation
* Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
*/
#include <linux/module.h>
@@ -236,7 +232,7 @@
crypto_unregister_kpp(&dh);
}
-module_init(dh_init);
+subsys_initcall(dh_init);
module_exit(dh_exit);
MODULE_ALIAS_CRYPTO("dh");
MODULE_LICENSE("GPL");
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index edacda5..9fd5a42 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -1,11 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) 2016, Intel Corporation
* Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
*/
#include <linux/kernel.h>
#include <linux/export.h>
diff --git a/crypto/drbg.c b/crypto/drbg.c
index bc52d95..b6929eb 100644
--- a/crypto/drbg.c
+++ b/crypto/drbg.c
@@ -220,6 +220,57 @@
}
/*
+ * FIPS 140-2 continuous self test for the noise source
+ * The test is performed on the noise source input data. Thus, the function
+ * implicitly knows the size of the buffer to be equal to the security
+ * strength.
+ *
+ * Note, this function disregards the nonce trailing the entropy data during
+ * initial seeding.
+ *
+ * drbg->drbg_mutex must have been taken.
+ *
+ * @drbg DRBG handle
+ * @entropy buffer of seed data to be checked
+ *
+ * return:
+ * 0 on success
+ * -EAGAIN on when the CTRNG is not yet primed
+ * < 0 on error
+ */
+static int drbg_fips_continuous_test(struct drbg_state *drbg,
+ const unsigned char *entropy)
+{
+ unsigned short entropylen = drbg_sec_strength(drbg->core->flags);
+ int ret = 0;
+
+ if (!IS_ENABLED(CONFIG_CRYPTO_FIPS))
+ return 0;
+
+ /* skip test if we test the overall system */
+ if (list_empty(&drbg->test_data.list))
+ return 0;
+ /* only perform test in FIPS mode */
+ if (!fips_enabled)
+ return 0;
+
+ if (!drbg->fips_primed) {
+ /* Priming of FIPS test */
+ memcpy(drbg->prev, entropy, entropylen);
+ drbg->fips_primed = true;
+ /* priming: another round is needed */
+ return -EAGAIN;
+ }
+ ret = memcmp(drbg->prev, entropy, entropylen);
+ if (!ret)
+ panic("DRBG continuous self test failed\n");
+ memcpy(drbg->prev, entropy, entropylen);
+
+ /* the test shall pass when the two values are not equal */
+ return 0;
+}
+
+/*
* Convert an integer into a byte representation of this integer.
* The byte representation is big-endian
*
@@ -998,6 +1049,22 @@
return ret;
}
+static inline int drbg_get_random_bytes(struct drbg_state *drbg,
+ unsigned char *entropy,
+ unsigned int entropylen)
+{
+ int ret;
+
+ do {
+ get_random_bytes(entropy, entropylen);
+ ret = drbg_fips_continuous_test(drbg, entropy);
+ if (ret && ret != -EAGAIN)
+ return ret;
+ } while (ret);
+
+ return 0;
+}
+
static void drbg_async_seed(struct work_struct *work)
{
struct drbg_string data;
@@ -1006,16 +1073,20 @@
seed_work);
unsigned int entropylen = drbg_sec_strength(drbg->core->flags);
unsigned char entropy[32];
+ int ret;
BUG_ON(!entropylen);
BUG_ON(entropylen > sizeof(entropy));
- get_random_bytes(entropy, entropylen);
drbg_string_fill(&data, entropy, entropylen);
list_add_tail(&data.list, &seedlist);
mutex_lock(&drbg->drbg_mutex);
+ ret = drbg_get_random_bytes(drbg, entropy, entropylen);
+ if (ret)
+ goto unlock;
+
/* If nonblocking pool is initialized, deactivate Jitter RNG */
crypto_free_rng(drbg->jent);
drbg->jent = NULL;
@@ -1030,6 +1101,7 @@
if (drbg->seeded)
drbg->reseed_threshold = drbg_max_requests(drbg);
+unlock:
mutex_unlock(&drbg->drbg_mutex);
memzero_explicit(entropy, entropylen);
@@ -1081,7 +1153,9 @@
BUG_ON((entropylen * 2) > sizeof(entropy));
/* Get seed from in-kernel /dev/urandom */
- get_random_bytes(entropy, entropylen);
+ ret = drbg_get_random_bytes(drbg, entropy, entropylen);
+ if (ret)
+ goto out;
if (!drbg->jent) {
drbg_string_fill(&data1, entropy, entropylen);
@@ -1094,7 +1168,7 @@
entropylen);
if (ret) {
pr_devel("DRBG: jent failed with %d\n", ret);
- return ret;
+ goto out;
}
drbg_string_fill(&data1, entropy, entropylen * 2);
@@ -1121,6 +1195,7 @@
ret = __drbg_seed(drbg, &seedlist, reseed);
+out:
memzero_explicit(entropy, entropylen * 2);
return ret;
@@ -1142,6 +1217,11 @@
drbg->reseed_ctr = 0;
drbg->d_ops = NULL;
drbg->core = NULL;
+ if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
+ kzfree(drbg->prev);
+ drbg->prev = NULL;
+ drbg->fips_primed = false;
+ }
}
/*
@@ -1211,6 +1291,14 @@
drbg->scratchpad = PTR_ALIGN(drbg->scratchpadbuf, ret + 1);
}
+ if (IS_ENABLED(CONFIG_CRYPTO_FIPS)) {
+ drbg->prev = kzalloc(drbg_sec_strength(drbg->core->flags),
+ GFP_KERNEL);
+ if (!drbg->prev)
+ goto fini;
+ drbg->fips_primed = false;
+ }
+
return 0;
fini:
@@ -1587,7 +1675,6 @@
}
sdesc->shash.tfm = tfm;
- sdesc->shash.flags = 0;
drbg->priv_data = sdesc;
return crypto_shash_alignmask(tfm);
@@ -2039,7 +2126,7 @@
crypto_unregister_rngs(drbg_algs, (ARRAY_SIZE(drbg_cores) * 2));
}
-module_init(drbg_init);
+subsys_initcall(drbg_init);
module_exit(drbg_exit);
#ifndef CRYPTO_DRBG_HASH_STRING
#define CRYPTO_DRBG_HASH_STRING ""
diff --git a/crypto/ecb.c b/crypto/ecb.c
index 12011af..9d6981c 100644
--- a/crypto/ecb.c
+++ b/crypto/ecb.c
@@ -1,172 +1,88 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* ECB: Electronic CodeBook mode
*
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/algapi.h>
+#include <crypto/internal/skcipher.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
-#include <linux/scatterlist.h>
-#include <linux/slab.h>
-struct crypto_ecb_ctx {
- struct crypto_cipher *child;
-};
-
-static int crypto_ecb_setkey(struct crypto_tfm *parent, const u8 *key,
- unsigned int keylen)
-{
- struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(parent);
- struct crypto_cipher *child = ctx->child;
- int err;
-
- crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_cipher_setkey(child, key, keylen);
- crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
-
-static int crypto_ecb_crypt(struct blkcipher_desc *desc,
- struct blkcipher_walk *walk,
- struct crypto_cipher *tfm,
+static int crypto_ecb_crypt(struct skcipher_request *req,
+ struct crypto_cipher *cipher,
void (*fn)(struct crypto_tfm *, u8 *, const u8 *))
{
- int bsize = crypto_cipher_blocksize(tfm);
+ const unsigned int bsize = crypto_cipher_blocksize(cipher);
+ struct skcipher_walk walk;
unsigned int nbytes;
int err;
- err = blkcipher_walk_virt(desc, walk);
+ err = skcipher_walk_virt(&walk, req, false);
- while ((nbytes = walk->nbytes)) {
- u8 *wsrc = walk->src.virt.addr;
- u8 *wdst = walk->dst.virt.addr;
+ while ((nbytes = walk.nbytes) != 0) {
+ const u8 *src = walk.src.virt.addr;
+ u8 *dst = walk.dst.virt.addr;
do {
- fn(crypto_cipher_tfm(tfm), wdst, wsrc);
+ fn(crypto_cipher_tfm(cipher), dst, src);
- wsrc += bsize;
- wdst += bsize;
+ src += bsize;
+ dst += bsize;
} while ((nbytes -= bsize) >= bsize);
- err = blkcipher_walk_done(desc, walk, nbytes);
+ err = skcipher_walk_done(&walk, nbytes);
}
return err;
}
-static int crypto_ecb_encrypt(struct blkcipher_desc *desc,
- struct scatterlist *dst, struct scatterlist *src,
- unsigned int nbytes)
+static int crypto_ecb_encrypt(struct skcipher_request *req)
{
- struct blkcipher_walk walk;
- struct crypto_blkcipher *tfm = desc->tfm;
- struct crypto_ecb_ctx *ctx = crypto_blkcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
- blkcipher_walk_init(&walk, dst, src, nbytes);
- return crypto_ecb_crypt(desc, &walk, child,
- crypto_cipher_alg(child)->cia_encrypt);
+ return crypto_ecb_crypt(req, cipher,
+ crypto_cipher_alg(cipher)->cia_encrypt);
}
-static int crypto_ecb_decrypt(struct blkcipher_desc *desc,
- struct scatterlist *dst, struct scatterlist *src,
- unsigned int nbytes)
+static int crypto_ecb_decrypt(struct skcipher_request *req)
{
- struct blkcipher_walk walk;
- struct crypto_blkcipher *tfm = desc->tfm;
- struct crypto_ecb_ctx *ctx = crypto_blkcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
- blkcipher_walk_init(&walk, dst, src, nbytes);
- return crypto_ecb_crypt(desc, &walk, child,
- crypto_cipher_alg(child)->cia_decrypt);
+ return crypto_ecb_crypt(req, cipher,
+ crypto_cipher_alg(cipher)->cia_decrypt);
}
-static int crypto_ecb_init_tfm(struct crypto_tfm *tfm)
+static int crypto_ecb_create(struct crypto_template *tmpl, struct rtattr **tb)
{
- struct crypto_instance *inst = (void *)tfm->__crt_alg;
- struct crypto_spawn *spawn = crypto_instance_ctx(inst);
- struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_spawn_cipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
- return 0;
-}
-
-static void crypto_ecb_exit_tfm(struct crypto_tfm *tfm)
-{
- struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm);
- crypto_free_cipher(ctx->child);
-}
-
-static struct crypto_instance *crypto_ecb_alloc(struct rtattr **tb)
-{
- struct crypto_instance *inst;
+ struct skcipher_instance *inst;
struct crypto_alg *alg;
int err;
- err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
- if (err)
- return ERR_PTR(err);
-
- alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER,
- CRYPTO_ALG_TYPE_MASK);
- if (IS_ERR(alg))
- return ERR_CAST(alg);
-
- inst = crypto_alloc_instance("ecb", alg);
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
if (IS_ERR(inst))
- goto out_put_alg;
+ return PTR_ERR(inst);
- inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
- inst->alg.cra_priority = alg->cra_priority;
- inst->alg.cra_blocksize = alg->cra_blocksize;
- inst->alg.cra_alignmask = alg->cra_alignmask;
- inst->alg.cra_type = &crypto_blkcipher_type;
+ inst->alg.ivsize = 0; /* ECB mode doesn't take an IV */
- inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
- inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
+ inst->alg.encrypt = crypto_ecb_encrypt;
+ inst->alg.decrypt = crypto_ecb_decrypt;
- inst->alg.cra_ctxsize = sizeof(struct crypto_ecb_ctx);
-
- inst->alg.cra_init = crypto_ecb_init_tfm;
- inst->alg.cra_exit = crypto_ecb_exit_tfm;
-
- inst->alg.cra_blkcipher.setkey = crypto_ecb_setkey;
- inst->alg.cra_blkcipher.encrypt = crypto_ecb_encrypt;
- inst->alg.cra_blkcipher.decrypt = crypto_ecb_decrypt;
-
-out_put_alg:
+ err = skcipher_register_instance(tmpl, inst);
+ if (err)
+ inst->free(inst);
crypto_mod_put(alg);
- return inst;
-}
-
-static void crypto_ecb_free(struct crypto_instance *inst)
-{
- crypto_drop_spawn(crypto_instance_ctx(inst));
- kfree(inst);
+ return err;
}
static struct crypto_template crypto_ecb_tmpl = {
.name = "ecb",
- .alloc = crypto_ecb_alloc,
- .free = crypto_ecb_free,
+ .create = crypto_ecb_create,
.module = THIS_MODULE,
};
@@ -180,9 +96,9 @@
crypto_unregister_template(&crypto_ecb_tmpl);
}
-module_init(crypto_ecb_module_init);
+subsys_initcall(crypto_ecb_module_init);
module_exit(crypto_ecb_module_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("ECB block cipher algorithm");
+MODULE_DESCRIPTION("ECB block cipher mode of operation");
MODULE_ALIAS_CRYPTO("ecb");
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 8facafd..dfe114b 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1,6 +1,6 @@
/*
- * Copyright (c) 2013, Kenneth MacKay
- * All rights reserved.
+ * Copyright (c) 2013, 2014 Kenneth MacKay. All rights reserved.
+ * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@@ -24,12 +24,15 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include <linux/module.h>
#include <linux/random.h>
#include <linux/slab.h>
#include <linux/swab.h>
#include <linux/fips.h>
#include <crypto/ecdh.h>
#include <crypto/rng.h>
+#include <asm/unaligned.h>
+#include <linux/ratelimit.h>
#include "ecc.h"
#include "ecc_curve_defs.h"
@@ -112,7 +115,7 @@
}
/* Returns true if vli == 0, false otherwise. */
-static bool vli_is_zero(const u64 *vli, unsigned int ndigits)
+bool vli_is_zero(const u64 *vli, unsigned int ndigits)
{
int i;
@@ -123,6 +126,7 @@
return true;
}
+EXPORT_SYMBOL(vli_is_zero);
/* Returns nonzero if bit bit of vli is set. */
static u64 vli_test_bit(const u64 *vli, unsigned int bit)
@@ -130,6 +134,11 @@
return (vli[bit / 64] & ((u64)1 << (bit % 64)));
}
+static bool vli_is_negative(const u64 *vli, unsigned int ndigits)
+{
+ return vli_test_bit(vli, ndigits * 64 - 1);
+}
+
/* Counts the number of 64-bit "digits" in vli. */
static unsigned int vli_num_digits(const u64 *vli, unsigned int ndigits)
{
@@ -161,6 +170,27 @@
return ((num_digits - 1) * 64 + i);
}
+/* Set dest from unaligned bit string src. */
+void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits)
+{
+ int i;
+ const u64 *from = src;
+
+ for (i = 0; i < ndigits; i++)
+ dest[i] = get_unaligned_be64(&from[ndigits - 1 - i]);
+}
+EXPORT_SYMBOL(vli_from_be64);
+
+void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits)
+{
+ int i;
+ const u64 *from = src;
+
+ for (i = 0; i < ndigits; i++)
+ dest[i] = get_unaligned_le64(&from[i]);
+}
+EXPORT_SYMBOL(vli_from_le64);
+
/* Sets dest = src. */
static void vli_set(u64 *dest, const u64 *src, unsigned int ndigits)
{
@@ -171,7 +201,7 @@
}
/* Returns sign of left - right. */
-static int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits)
+int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits)
{
int i;
@@ -184,6 +214,7 @@
return 0;
}
+EXPORT_SYMBOL(vli_cmp);
/* Computes result = in << c, returning carry. Can modify in place
* (if result == in). 0 < shift < 64.
@@ -239,8 +270,30 @@
return carry;
}
+/* Computes result = left + right, returning carry. Can modify in place. */
+static u64 vli_uadd(u64 *result, const u64 *left, u64 right,
+ unsigned int ndigits)
+{
+ u64 carry = right;
+ int i;
+
+ for (i = 0; i < ndigits; i++) {
+ u64 sum;
+
+ sum = left[i] + carry;
+ if (sum != left[i])
+ carry = (sum < left[i]);
+ else
+ carry = !!carry;
+
+ result[i] = sum;
+ }
+
+ return carry;
+}
+
/* Computes result = left - right, returning borrow. Can modify in place. */
-static u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
+u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
unsigned int ndigits)
{
u64 borrow = 0;
@@ -258,9 +311,37 @@
return borrow;
}
+EXPORT_SYMBOL(vli_sub);
+
+/* Computes result = left - right, returning borrow. Can modify in place. */
+static u64 vli_usub(u64 *result, const u64 *left, u64 right,
+ unsigned int ndigits)
+{
+ u64 borrow = right;
+ int i;
+
+ for (i = 0; i < ndigits; i++) {
+ u64 diff;
+
+ diff = left[i] - borrow;
+ if (diff != left[i])
+ borrow = (diff > left[i]);
+
+ result[i] = diff;
+ }
+
+ return borrow;
+}
static uint128_t mul_64_64(u64 left, u64 right)
{
+ uint128_t result;
+#if defined(CONFIG_ARCH_SUPPORTS_INT128) && defined(__SIZEOF_INT128__)
+ unsigned __int128 m = (unsigned __int128)left * right;
+
+ result.m_low = m;
+ result.m_high = m >> 64;
+#else
u64 a0 = left & 0xffffffffull;
u64 a1 = left >> 32;
u64 b0 = right & 0xffffffffull;
@@ -269,7 +350,6 @@
u64 m1 = a0 * b1;
u64 m2 = a1 * b0;
u64 m3 = a1 * b1;
- uint128_t result;
m2 += (m0 >> 32);
m2 += m1;
@@ -280,7 +360,7 @@
result.m_low = (m0 & 0xffffffffull) | (m2 << 32);
result.m_high = m3 + (m2 >> 32);
-
+#endif
return result;
}
@@ -330,6 +410,28 @@
result[ndigits * 2 - 1] = r01.m_low;
}
+/* Compute product = left * right, for a small right value. */
+static void vli_umult(u64 *result, const u64 *left, u32 right,
+ unsigned int ndigits)
+{
+ uint128_t r01 = { 0 };
+ unsigned int k;
+
+ for (k = 0; k < ndigits; k++) {
+ uint128_t product;
+
+ product = mul_64_64(left[k], right);
+ r01 = add_128_128(r01, product);
+ /* no carry */
+ result[k] = r01.m_low;
+ r01.m_low = r01.m_high;
+ r01.m_high = 0;
+ }
+ result[k] = r01.m_low;
+ for (++k; k < ndigits * 2; k++)
+ result[k] = 0;
+}
+
static void vli_square(u64 *result, const u64 *left, unsigned int ndigits)
{
uint128_t r01 = { 0, 0 };
@@ -402,6 +504,170 @@
vli_add(result, result, mod, ndigits);
}
+/*
+ * Computes result = product % mod
+ * for special form moduli: p = 2^k-c, for small c (note the minus sign)
+ *
+ * References:
+ * R. Crandall, C. Pomerance. Prime Numbers: A Computational Perspective.
+ * 9 Fast Algorithms for Large-Integer Arithmetic. 9.2.3 Moduli of special form
+ * Algorithm 9.2.13 (Fast mod operation for special-form moduli).
+ */
+static void vli_mmod_special(u64 *result, const u64 *product,
+ const u64 *mod, unsigned int ndigits)
+{
+ u64 c = -mod[0];
+ u64 t[ECC_MAX_DIGITS * 2];
+ u64 r[ECC_MAX_DIGITS * 2];
+
+ vli_set(r, product, ndigits * 2);
+ while (!vli_is_zero(r + ndigits, ndigits)) {
+ vli_umult(t, r + ndigits, c, ndigits);
+ vli_clear(r + ndigits, ndigits);
+ vli_add(r, r, t, ndigits * 2);
+ }
+ vli_set(t, mod, ndigits);
+ vli_clear(t + ndigits, ndigits);
+ while (vli_cmp(r, t, ndigits * 2) >= 0)
+ vli_sub(r, r, t, ndigits * 2);
+ vli_set(result, r, ndigits);
+}
+
+/*
+ * Computes result = product % mod
+ * for special form moduli: p = 2^{k-1}+c, for small c (note the plus sign)
+ * where k-1 does not fit into qword boundary by -1 bit (such as 255).
+
+ * References (loosely based on):
+ * A. Menezes, P. van Oorschot, S. Vanstone. Handbook of Applied Cryptography.
+ * 14.3.4 Reduction methods for moduli of special form. Algorithm 14.47.
+ * URL: http://cacr.uwaterloo.ca/hac/about/chap14.pdf
+ *
+ * H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, F. Vercauteren.
+ * Handbook of Elliptic and Hyperelliptic Curve Cryptography.
+ * Algorithm 10.25 Fast reduction for special form moduli
+ */
+static void vli_mmod_special2(u64 *result, const u64 *product,
+ const u64 *mod, unsigned int ndigits)
+{
+ u64 c2 = mod[0] * 2;
+ u64 q[ECC_MAX_DIGITS];
+ u64 r[ECC_MAX_DIGITS * 2];
+ u64 m[ECC_MAX_DIGITS * 2]; /* expanded mod */
+ int carry; /* last bit that doesn't fit into q */
+ int i;
+
+ vli_set(m, mod, ndigits);
+ vli_clear(m + ndigits, ndigits);
+
+ vli_set(r, product, ndigits);
+ /* q and carry are top bits */
+ vli_set(q, product + ndigits, ndigits);
+ vli_clear(r + ndigits, ndigits);
+ carry = vli_is_negative(r, ndigits);
+ if (carry)
+ r[ndigits - 1] &= (1ull << 63) - 1;
+ for (i = 1; carry || !vli_is_zero(q, ndigits); i++) {
+ u64 qc[ECC_MAX_DIGITS * 2];
+
+ vli_umult(qc, q, c2, ndigits);
+ if (carry)
+ vli_uadd(qc, qc, mod[0], ndigits * 2);
+ vli_set(q, qc + ndigits, ndigits);
+ vli_clear(qc + ndigits, ndigits);
+ carry = vli_is_negative(qc, ndigits);
+ if (carry)
+ qc[ndigits - 1] &= (1ull << 63) - 1;
+ if (i & 1)
+ vli_sub(r, r, qc, ndigits * 2);
+ else
+ vli_add(r, r, qc, ndigits * 2);
+ }
+ while (vli_is_negative(r, ndigits * 2))
+ vli_add(r, r, m, ndigits * 2);
+ while (vli_cmp(r, m, ndigits * 2) >= 0)
+ vli_sub(r, r, m, ndigits * 2);
+
+ vli_set(result, r, ndigits);
+}
+
+/*
+ * Computes result = product % mod, where product is 2N words long.
+ * Reference: Ken MacKay's micro-ecc.
+ * Currently only designed to work for curve_p or curve_n.
+ */
+static void vli_mmod_slow(u64 *result, u64 *product, const u64 *mod,
+ unsigned int ndigits)
+{
+ u64 mod_m[2 * ECC_MAX_DIGITS];
+ u64 tmp[2 * ECC_MAX_DIGITS];
+ u64 *v[2] = { tmp, product };
+ u64 carry = 0;
+ unsigned int i;
+ /* Shift mod so its highest set bit is at the maximum position. */
+ int shift = (ndigits * 2 * 64) - vli_num_bits(mod, ndigits);
+ int word_shift = shift / 64;
+ int bit_shift = shift % 64;
+
+ vli_clear(mod_m, word_shift);
+ if (bit_shift > 0) {
+ for (i = 0; i < ndigits; ++i) {
+ mod_m[word_shift + i] = (mod[i] << bit_shift) | carry;
+ carry = mod[i] >> (64 - bit_shift);
+ }
+ } else
+ vli_set(mod_m + word_shift, mod, ndigits);
+
+ for (i = 1; shift >= 0; --shift) {
+ u64 borrow = 0;
+ unsigned int j;
+
+ for (j = 0; j < ndigits * 2; ++j) {
+ u64 diff = v[i][j] - mod_m[j] - borrow;
+
+ if (diff != v[i][j])
+ borrow = (diff > v[i][j]);
+ v[1 - i][j] = diff;
+ }
+ i = !(i ^ borrow); /* Swap the index if there was no borrow */
+ vli_rshift1(mod_m, ndigits);
+ mod_m[ndigits - 1] |= mod_m[ndigits] << (64 - 1);
+ vli_rshift1(mod_m + ndigits, ndigits);
+ }
+ vli_set(result, v[i], ndigits);
+}
+
+/* Computes result = product % mod using Barrett's reduction with precomputed
+ * value mu appended to the mod after ndigits, mu = (2^{2w} / mod) and have
+ * length ndigits + 1, where mu * (2^w - 1) should not overflow ndigits
+ * boundary.
+ *
+ * Reference:
+ * R. Brent, P. Zimmermann. Modern Computer Arithmetic. 2010.
+ * 2.4.1 Barrett's algorithm. Algorithm 2.5.
+ */
+static void vli_mmod_barrett(u64 *result, u64 *product, const u64 *mod,
+ unsigned int ndigits)
+{
+ u64 q[ECC_MAX_DIGITS * 2];
+ u64 r[ECC_MAX_DIGITS * 2];
+ const u64 *mu = mod + ndigits;
+
+ vli_mult(q, product + ndigits, mu, ndigits);
+ if (mu[ndigits])
+ vli_add(q + ndigits, q + ndigits, product + ndigits, ndigits);
+ vli_mult(r, mod, q + ndigits, ndigits);
+ vli_sub(r, product, r, ndigits * 2);
+ while (!vli_is_zero(r + ndigits, ndigits) ||
+ vli_cmp(r, mod, ndigits) != -1) {
+ u64 carry;
+
+ carry = vli_sub(r, r, mod, ndigits);
+ vli_usub(r + ndigits, r + ndigits, carry, ndigits);
+ }
+ vli_set(result, r, ndigits);
+}
+
/* Computes p_result = p_product % curve_p.
* See algorithm 5 and 6 from
* http://www.isys.uni-klu.ac.at/PDF/2001-0126-MT.pdf
@@ -509,14 +775,33 @@
}
}
-/* Computes result = product % curve_prime
- * from http://www.nsa.gov/ia/_files/nist-routines.pdf
-*/
+/* Computes result = product % curve_prime for different curve_primes.
+ *
+ * Note that curve_primes are distinguished just by heuristic check and
+ * not by complete conformance check.
+ */
static bool vli_mmod_fast(u64 *result, u64 *product,
const u64 *curve_prime, unsigned int ndigits)
{
u64 tmp[2 * ECC_MAX_DIGITS];
+ /* Currently, both NIST primes have -1 in lowest qword. */
+ if (curve_prime[0] != -1ull) {
+ /* Try to handle Pseudo-Marsenne primes. */
+ if (curve_prime[ndigits - 1] == -1ull) {
+ vli_mmod_special(result, product, curve_prime,
+ ndigits);
+ return true;
+ } else if (curve_prime[ndigits - 1] == 1ull << 63 &&
+ curve_prime[ndigits - 2] == 0) {
+ vli_mmod_special2(result, product, curve_prime,
+ ndigits);
+ return true;
+ }
+ vli_mmod_barrett(result, product, curve_prime, ndigits);
+ return true;
+ }
+
switch (ndigits) {
case 3:
vli_mmod_fast_192(result, product, curve_prime, tmp);
@@ -525,13 +810,26 @@
vli_mmod_fast_256(result, product, curve_prime, tmp);
break;
default:
- pr_err("unsupports digits size!\n");
+ pr_err_ratelimited("ecc: unsupported digits size!\n");
return false;
}
return true;
}
+/* Computes result = (left * right) % mod.
+ * Assumes that mod is big enough curve order.
+ */
+void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
+ const u64 *mod, unsigned int ndigits)
+{
+ u64 product[ECC_MAX_DIGITS * 2];
+
+ vli_mult(product, left, right, ndigits);
+ vli_mmod_slow(result, product, mod, ndigits);
+}
+EXPORT_SYMBOL(vli_mod_mult_slow);
+
/* Computes result = (left * right) % curve_prime. */
static void vli_mod_mult_fast(u64 *result, const u64 *left, const u64 *right,
const u64 *curve_prime, unsigned int ndigits)
@@ -557,7 +855,7 @@
* See "From Euclid's GCD to Montgomery Multiplication to the Great Divide"
* https://labs.oracle.com/techrep/2001/smli_tr-2001-95.pdf
*/
-static void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
+void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
unsigned int ndigits)
{
u64 a[ECC_MAX_DIGITS], b[ECC_MAX_DIGITS];
@@ -630,6 +928,7 @@
vli_set(result, u, ndigits);
}
+EXPORT_SYMBOL(vli_mod_inv);
/* ------ Point operations ------ */
@@ -842,15 +1141,23 @@
static void ecc_point_mult(struct ecc_point *result,
const struct ecc_point *point, const u64 *scalar,
- u64 *initial_z, u64 *curve_prime,
+ u64 *initial_z, const struct ecc_curve *curve,
unsigned int ndigits)
{
/* R0 and R1 */
u64 rx[2][ECC_MAX_DIGITS];
u64 ry[2][ECC_MAX_DIGITS];
u64 z[ECC_MAX_DIGITS];
+ u64 sk[2][ECC_MAX_DIGITS];
+ u64 *curve_prime = curve->p;
int i, nb;
- int num_bits = vli_num_bits(scalar, ndigits);
+ int num_bits;
+ int carry;
+
+ carry = vli_add(sk[0], scalar, curve->n, ndigits);
+ vli_add(sk[1], sk[0], curve->n, ndigits);
+ scalar = sk[!carry];
+ num_bits = sizeof(u64) * ndigits * 8 + 1;
vli_set(rx[1], point->x, ndigits);
vli_set(ry[1], point->y, ndigits);
@@ -895,6 +1202,85 @@
vli_set(result->y, ry[0], ndigits);
}
+/* Computes R = P + Q mod p */
+static void ecc_point_add(const struct ecc_point *result,
+ const struct ecc_point *p, const struct ecc_point *q,
+ const struct ecc_curve *curve)
+{
+ u64 z[ECC_MAX_DIGITS];
+ u64 px[ECC_MAX_DIGITS];
+ u64 py[ECC_MAX_DIGITS];
+ unsigned int ndigits = curve->g.ndigits;
+
+ vli_set(result->x, q->x, ndigits);
+ vli_set(result->y, q->y, ndigits);
+ vli_mod_sub(z, result->x, p->x, curve->p, ndigits);
+ vli_set(px, p->x, ndigits);
+ vli_set(py, p->y, ndigits);
+ xycz_add(px, py, result->x, result->y, curve->p, ndigits);
+ vli_mod_inv(z, z, curve->p, ndigits);
+ apply_z(result->x, result->y, z, curve->p, ndigits);
+}
+
+/* Computes R = u1P + u2Q mod p using Shamir's trick.
+ * Based on: Kenneth MacKay's micro-ecc (2014).
+ */
+void ecc_point_mult_shamir(const struct ecc_point *result,
+ const u64 *u1, const struct ecc_point *p,
+ const u64 *u2, const struct ecc_point *q,
+ const struct ecc_curve *curve)
+{
+ u64 z[ECC_MAX_DIGITS];
+ u64 sump[2][ECC_MAX_DIGITS];
+ u64 *rx = result->x;
+ u64 *ry = result->y;
+ unsigned int ndigits = curve->g.ndigits;
+ unsigned int num_bits;
+ struct ecc_point sum = ECC_POINT_INIT(sump[0], sump[1], ndigits);
+ const struct ecc_point *points[4];
+ const struct ecc_point *point;
+ unsigned int idx;
+ int i;
+
+ ecc_point_add(&sum, p, q, curve);
+ points[0] = NULL;
+ points[1] = p;
+ points[2] = q;
+ points[3] = ∑
+
+ num_bits = max(vli_num_bits(u1, ndigits),
+ vli_num_bits(u2, ndigits));
+ i = num_bits - 1;
+ idx = (!!vli_test_bit(u1, i)) | ((!!vli_test_bit(u2, i)) << 1);
+ point = points[idx];
+
+ vli_set(rx, point->x, ndigits);
+ vli_set(ry, point->y, ndigits);
+ vli_clear(z + 1, ndigits - 1);
+ z[0] = 1;
+
+ for (--i; i >= 0; i--) {
+ ecc_point_double_jacobian(rx, ry, z, curve->p, ndigits);
+ idx = (!!vli_test_bit(u1, i)) | ((!!vli_test_bit(u2, i)) << 1);
+ point = points[idx];
+ if (point) {
+ u64 tx[ECC_MAX_DIGITS];
+ u64 ty[ECC_MAX_DIGITS];
+ u64 tz[ECC_MAX_DIGITS];
+
+ vli_set(tx, point->x, ndigits);
+ vli_set(ty, point->y, ndigits);
+ apply_z(tx, ty, z, curve->p, ndigits);
+ vli_mod_sub(tz, rx, tx, curve->p, ndigits);
+ xycz_add(tx, ty, rx, ry, curve->p, ndigits);
+ vli_mod_mult_fast(z, z, tz, curve->p, ndigits);
+ }
+ }
+ vli_mod_inv(z, z, curve->p, ndigits);
+ apply_z(rx, ry, z, curve->p, ndigits);
+}
+EXPORT_SYMBOL(ecc_point_mult_shamir);
+
static inline void ecc_swap_digits(const u64 *in, u64 *out,
unsigned int ndigits)
{
@@ -904,29 +1290,43 @@
out[i] = __swab64(in[ndigits - 1 - i]);
}
+static int __ecc_is_key_valid(const struct ecc_curve *curve,
+ const u64 *private_key, unsigned int ndigits)
+{
+ u64 one[ECC_MAX_DIGITS] = { 1, };
+ u64 res[ECC_MAX_DIGITS];
+
+ if (!private_key)
+ return -EINVAL;
+
+ if (curve->g.ndigits != ndigits)
+ return -EINVAL;
+
+ /* Make sure the private key is in the range [2, n-3]. */
+ if (vli_cmp(one, private_key, ndigits) != -1)
+ return -EINVAL;
+ vli_sub(res, curve->n, one, ndigits);
+ vli_sub(res, res, one, ndigits);
+ if (vli_cmp(res, private_key, ndigits) != 1)
+ return -EINVAL;
+
+ return 0;
+}
+
int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, unsigned int private_key_len)
{
int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id);
- if (!private_key)
- return -EINVAL;
-
nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
if (private_key_len != nbytes)
return -EINVAL;
- if (vli_is_zero(private_key, ndigits))
- return -EINVAL;
-
- /* Make sure the private key is in the range [1, n-1]. */
- if (vli_cmp(curve->n, private_key, ndigits) != 1)
- return -EINVAL;
-
- return 0;
+ return __ecc_is_key_valid(curve, private_key, ndigits);
}
+EXPORT_SYMBOL(ecc_is_key_valid);
/*
* ECC private keys are generated using the method of extra random bits,
@@ -971,17 +1371,15 @@
if (err)
return err;
- if (vli_is_zero(priv, ndigits))
- return -EINVAL;
-
- /* Make sure the private key is in the range [1, n-1]. */
- if (vli_cmp(curve->n, priv, ndigits) != 1)
+ /* Make sure the private key is in the valid range. */
+ if (__ecc_is_key_valid(curve, priv, ndigits))
return -EINVAL;
ecc_swap_digits(priv, privkey, ndigits);
return 0;
}
+EXPORT_SYMBOL(ecc_gen_privkey);
int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, u64 *public_key)
@@ -1004,7 +1402,7 @@
goto out;
}
- ecc_point_mult(pk, &curve->g, priv, NULL, curve->p, ndigits);
+ ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
if (ecc_point_is_zero(pk)) {
ret = -EAGAIN;
goto err_free_point;
@@ -1018,13 +1416,17 @@
out:
return ret;
}
+EXPORT_SYMBOL(ecc_make_pub_key);
/* SP800-56A section 5.6.2.3.4 partial verification: ephemeral keys only */
-static int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
- struct ecc_point *pk)
+int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
+ struct ecc_point *pk)
{
u64 yy[ECC_MAX_DIGITS], xxx[ECC_MAX_DIGITS], w[ECC_MAX_DIGITS];
+ if (WARN_ON(pk->ndigits != curve->g.ndigits))
+ return -EINVAL;
+
/* Check 1: Verify key is not the zero point. */
if (ecc_point_is_zero(pk))
return -EINVAL;
@@ -1046,8 +1448,8 @@
return -EINVAL;
return 0;
-
}
+EXPORT_SYMBOL(ecc_is_pubkey_valid_partial);
int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, const u64 *public_key,
@@ -1090,7 +1492,7 @@
goto err_alloc_product;
}
- ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits);
+ ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
ecc_swap_digits(product->x, secret, ndigits);
@@ -1103,3 +1505,6 @@
out:
return ret;
}
+EXPORT_SYMBOL(crypto_ecdh_shared_secret);
+
+MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/ecc.h b/crypto/ecc.h
index f75a86b..ab0eb70 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -26,13 +26,51 @@
#ifndef _CRYPTO_ECC_H
#define _CRYPTO_ECC_H
+/* One digit is u64 qword. */
#define ECC_CURVE_NIST_P192_DIGITS 3
#define ECC_CURVE_NIST_P256_DIGITS 4
-#define ECC_MAX_DIGITS ECC_CURVE_NIST_P256_DIGITS
+#define ECC_MAX_DIGITS (512 / 64)
#define ECC_DIGITS_TO_BYTES_SHIFT 3
/**
+ * struct ecc_point - elliptic curve point in affine coordinates
+ *
+ * @x: X coordinate in vli form.
+ * @y: Y coordinate in vli form.
+ * @ndigits: Length of vlis in u64 qwords.
+ */
+struct ecc_point {
+ u64 *x;
+ u64 *y;
+ u8 ndigits;
+};
+
+#define ECC_POINT_INIT(x, y, ndigits) (struct ecc_point) { x, y, ndigits }
+
+/**
+ * struct ecc_curve - definition of elliptic curve
+ *
+ * @name: Short name of the curve.
+ * @g: Generator point of the curve.
+ * @p: Prime number, if Barrett's reduction is used for this curve
+ * pre-calculated value 'mu' is appended to the @p after ndigits.
+ * Use of Barrett's reduction is heuristically determined in
+ * vli_mmod_fast().
+ * @n: Order of the curve group.
+ * @a: Curve parameter a.
+ * @b: Curve parameter b.
+ */
+struct ecc_curve {
+ char *name;
+ struct ecc_point g;
+ u64 *p;
+ u64 *n;
+ u64 *a;
+ u64 *b;
+};
+
+/**
* ecc_is_key_valid() - Validate a given ECDH private key
*
* @curve_id: id representing the curve to use
@@ -91,4 +129,117 @@
int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
const u64 *private_key, const u64 *public_key,
u64 *secret);
+
+/**
+ * ecc_is_pubkey_valid_partial() - Partial public key validation
+ *
+ * @curve: elliptic curve domain parameters
+ * @pk: public key as a point
+ *
+ * Valdiate public key according to SP800-56A section 5.6.2.3.4 ECC Partial
+ * Public-Key Validation Routine.
+ *
+ * Note: There is no check that the public key is in the correct elliptic curve
+ * subgroup.
+ *
+ * Return: 0 if validation is successful, -EINVAL if validation is failed.
+ */
+int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve,
+ struct ecc_point *pk);
+
+/**
+ * vli_is_zero() - Determine is vli is zero
+ *
+ * @vli: vli to check.
+ * @ndigits: length of the @vli
+ */
+bool vli_is_zero(const u64 *vli, unsigned int ndigits);
+
+/**
+ * vli_cmp() - compare left and right vlis
+ *
+ * @left: vli
+ * @right: vli
+ * @ndigits: length of both vlis
+ *
+ * Returns sign of @left - @right, i.e. -1 if @left < @right,
+ * 0 if @left == @right, 1 if @left > @right.
+ */
+int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits);
+
+/**
+ * vli_sub() - Subtracts right from left
+ *
+ * @result: where to write result
+ * @left: vli
+ * @right vli
+ * @ndigits: length of all vlis
+ *
+ * Note: can modify in-place.
+ *
+ * Return: carry bit.
+ */
+u64 vli_sub(u64 *result, const u64 *left, const u64 *right,
+ unsigned int ndigits);
+
+/**
+ * vli_from_be64() - Load vli from big-endian u64 array
+ *
+ * @dest: destination vli
+ * @src: source array of u64 BE values
+ * @ndigits: length of both vli and array
+ */
+void vli_from_be64(u64 *dest, const void *src, unsigned int ndigits);
+
+/**
+ * vli_from_le64() - Load vli from little-endian u64 array
+ *
+ * @dest: destination vli
+ * @src: source array of u64 LE values
+ * @ndigits: length of both vli and array
+ */
+void vli_from_le64(u64 *dest, const void *src, unsigned int ndigits);
+
+/**
+ * vli_mod_inv() - Modular inversion
+ *
+ * @result: where to write vli number
+ * @input: vli value to operate on
+ * @mod: modulus
+ * @ndigits: length of all vlis
+ */
+void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod,
+ unsigned int ndigits);
+
+/**
+ * vli_mod_mult_slow() - Modular multiplication
+ *
+ * @result: where to write result value
+ * @left: vli number to multiply with @right
+ * @right: vli number to multiply with @left
+ * @mod: modulus
+ * @ndigits: length of all vlis
+ *
+ * Note: Assumes that mod is big enough curve order.
+ */
+void vli_mod_mult_slow(u64 *result, const u64 *left, const u64 *right,
+ const u64 *mod, unsigned int ndigits);
+
+/**
+ * ecc_point_mult_shamir() - Add two points multiplied by scalars
+ *
+ * @result: resulting point
+ * @x: scalar to multiply with @p
+ * @p: point to multiply with @x
+ * @y: scalar to multiply with @q
+ * @q: point to multiply with @y
+ * @curve: curve
+ *
+ * Returns result = x * p + x * q over the curve.
+ * This works faster than two multiplications and addition.
+ */
+void ecc_point_mult_shamir(const struct ecc_point *result,
+ const u64 *x, const struct ecc_point *p,
+ const u64 *y, const struct ecc_point *q,
+ const struct ecc_curve *curve);
#endif
diff --git a/crypto/ecc_curve_defs.h b/crypto/ecc_curve_defs.h
index 336ab18..69be6c7 100644
--- a/crypto/ecc_curve_defs.h
+++ b/crypto/ecc_curve_defs.h
@@ -2,21 +2,6 @@
#ifndef _CRYTO_ECC_CURVE_DEFS_H
#define _CRYTO_ECC_CURVE_DEFS_H
-struct ecc_point {
- u64 *x;
- u64 *y;
- u8 ndigits;
-};
-
-struct ecc_curve {
- char *name;
- struct ecc_point g;
- u64 *p;
- u64 *n;
- u64 *a;
- u64 *b;
-};
-
/* NIST P-192: a = p - 3 */
static u64 nist_p192_g_x[] = { 0xF4FF0AFD82FF1012ull, 0x7CBF20EB43A18800ull,
0x188DA80EB03090F6ull };
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index bf63001..bd59905 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* ECDH key-agreement protocol
*
* Copyright (c) 2016, Intel Corporation
* Authors: Salvator Benedetto <salvatore.benedetto@intel.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
*/
#include <linux/module.h>
@@ -166,7 +162,7 @@
crypto_unregister_kpp(&ecdh);
}
-module_init(ecdh_init);
+subsys_initcall(ecdh_init);
module_exit(ecdh_exit);
MODULE_ALIAS_CRYPTO("ecdh");
MODULE_LICENSE("GPL");
diff --git a/crypto/ecdh_helper.c b/crypto/ecdh_helper.c
index d3af8e8..66fcb2e 100644
--- a/crypto/ecdh_helper.c
+++ b/crypto/ecdh_helper.c
@@ -1,11 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (c) 2016, Intel Corporation
* Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * as published by the Free Software Foundation; either version
- * 2 of the License, or (at your option) any later version.
*/
#include <linux/kernel.h>
#include <linux/export.h>
diff --git a/crypto/echainiv.c b/crypto/echainiv.c
index 45819e6..a49cbf7 100644
--- a/crypto/echainiv.c
+++ b/crypto/echainiv.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* echainiv: Encrypted Chain IV Generator
*
@@ -10,12 +11,6 @@
* is performed after encryption (i.e., authenc).
*
* Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/geniv.h>
@@ -47,9 +42,9 @@
info = req->iv;
if (req->src != req->dst) {
- SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull);
+ SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull);
- skcipher_request_set_tfm(nreq, ctx->sknull);
+ skcipher_request_set_sync_tfm(nreq, ctx->sknull);
skcipher_request_set_callback(nreq, req->base.flags,
NULL, NULL);
skcipher_request_set_crypt(nreq, req->src, req->dst,
@@ -174,7 +169,7 @@
crypto_unregister_template(&echainiv_tmpl);
}
-module_init(echainiv_module_init);
+subsys_initcall(echainiv_module_init);
module_exit(echainiv_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/ecrdsa.c b/crypto/ecrdsa.c
new file mode 100644
index 0000000..887ec21
--- /dev/null
+++ b/crypto/ecrdsa.c
@@ -0,0 +1,296 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Elliptic Curve (Russian) Digital Signature Algorithm for Cryptographic API
+ *
+ * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
+ *
+ * References:
+ * GOST 34.10-2018, GOST R 34.10-2012, RFC 7091, ISO/IEC 14888-3:2018.
+ *
+ * Historical references:
+ * GOST R 34.10-2001, RFC 4357, ISO/IEC 14888-3:2006/Amd 1:2010.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#include <linux/module.h>
+#include <linux/crypto.h>
+#include <crypto/streebog.h>
+#include <crypto/internal/akcipher.h>
+#include <crypto/akcipher.h>
+#include <linux/oid_registry.h>
+#include "ecrdsa_params.asn1.h"
+#include "ecrdsa_pub_key.asn1.h"
+#include "ecc.h"
+#include "ecrdsa_defs.h"
+
+#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)
+#define ECRDSA_MAX_DIGITS (512 / 64)
+
+struct ecrdsa_ctx {
+ enum OID algo_oid; /* overall public key oid */
+ enum OID curve_oid; /* parameter */
+ enum OID digest_oid; /* parameter */
+ const struct ecc_curve *curve; /* curve from oid */
+ unsigned int digest_len; /* parameter (bytes) */
+ const char *digest; /* digest name from oid */
+ unsigned int key_len; /* @key length (bytes) */
+ const char *key; /* raw public key */
+ struct ecc_point pub_key;
+ u64 _pubp[2][ECRDSA_MAX_DIGITS]; /* point storage for @pub_key */
+};
+
+static const struct ecc_curve *get_curve_by_oid(enum OID oid)
+{
+ switch (oid) {
+ case OID_gostCPSignA:
+ case OID_gostTC26Sign256B:
+ return &gost_cp256a;
+ case OID_gostCPSignB:
+ case OID_gostTC26Sign256C:
+ return &gost_cp256b;
+ case OID_gostCPSignC:
+ case OID_gostTC26Sign256D:
+ return &gost_cp256c;
+ case OID_gostTC26Sign512A:
+ return &gost_tc512a;
+ case OID_gostTC26Sign512B:
+ return &gost_tc512b;
+ /* The following two aren't implemented: */
+ case OID_gostTC26Sign256A:
+ case OID_gostTC26Sign512C:
+ default:
+ return NULL;
+ }
+}
+
+static int ecrdsa_verify(struct akcipher_request *req)
+{
+ struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
+ struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+ unsigned char sig[ECRDSA_MAX_SIG_SIZE];
+ unsigned char digest[STREEBOG512_DIGEST_SIZE];
+ unsigned int ndigits = req->dst_len / sizeof(u64);
+ u64 r[ECRDSA_MAX_DIGITS]; /* witness (r) */
+ u64 _r[ECRDSA_MAX_DIGITS]; /* -r */
+ u64 s[ECRDSA_MAX_DIGITS]; /* second part of sig (s) */
+ u64 e[ECRDSA_MAX_DIGITS]; /* h \mod q */
+ u64 *v = e; /* e^{-1} \mod q */
+ u64 z1[ECRDSA_MAX_DIGITS];
+ u64 *z2 = _r;
+ struct ecc_point cc = ECC_POINT_INIT(s, e, ndigits); /* reuse s, e */
+
+ /*
+ * Digest value, digest algorithm, and curve (modulus) should have the
+ * same length (256 or 512 bits), public key and signature should be
+ * twice bigger.
+ */
+ if (!ctx->curve ||
+ !ctx->digest ||
+ !req->src ||
+ !ctx->pub_key.x ||
+ req->dst_len != ctx->digest_len ||
+ req->dst_len != ctx->curve->g.ndigits * sizeof(u64) ||
+ ctx->pub_key.ndigits != ctx->curve->g.ndigits ||
+ req->dst_len * 2 != req->src_len ||
+ WARN_ON(req->src_len > sizeof(sig)) ||
+ WARN_ON(req->dst_len > sizeof(digest)))
+ return -EBADMSG;
+
+ sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len),
+ sig, req->src_len);
+ sg_pcopy_to_buffer(req->src,
+ sg_nents_for_len(req->src,
+ req->src_len + req->dst_len),
+ digest, req->dst_len, req->src_len);
+
+ vli_from_be64(s, sig, ndigits);
+ vli_from_be64(r, sig + ndigits * sizeof(u64), ndigits);
+
+ /* Step 1: verify that 0 < r < q, 0 < s < q */
+ if (vli_is_zero(r, ndigits) ||
+ vli_cmp(r, ctx->curve->n, ndigits) == 1 ||
+ vli_is_zero(s, ndigits) ||
+ vli_cmp(s, ctx->curve->n, ndigits) == 1)
+ return -EKEYREJECTED;
+
+ /* Step 2: calculate hash (h) of the message (passed as input) */
+ /* Step 3: calculate e = h \mod q */
+ vli_from_le64(e, digest, ndigits);
+ if (vli_cmp(e, ctx->curve->n, ndigits) == 1)
+ vli_sub(e, e, ctx->curve->n, ndigits);
+ if (vli_is_zero(e, ndigits))
+ e[0] = 1;
+
+ /* Step 4: calculate v = e^{-1} \mod q */
+ vli_mod_inv(v, e, ctx->curve->n, ndigits);
+
+ /* Step 5: calculate z_1 = sv \mod q, z_2 = -rv \mod q */
+ vli_mod_mult_slow(z1, s, v, ctx->curve->n, ndigits);
+ vli_sub(_r, ctx->curve->n, r, ndigits);
+ vli_mod_mult_slow(z2, _r, v, ctx->curve->n, ndigits);
+
+ /* Step 6: calculate point C = z_1P + z_2Q, and R = x_c \mod q */
+ ecc_point_mult_shamir(&cc, z1, &ctx->curve->g, z2, &ctx->pub_key,
+ ctx->curve);
+ if (vli_cmp(cc.x, ctx->curve->n, ndigits) == 1)
+ vli_sub(cc.x, cc.x, ctx->curve->n, ndigits);
+
+ /* Step 7: if R == r signature is valid */
+ if (!vli_cmp(cc.x, r, ndigits))
+ return 0;
+ else
+ return -EKEYREJECTED;
+}
+
+int ecrdsa_param_curve(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct ecrdsa_ctx *ctx = context;
+
+ ctx->curve_oid = look_up_OID(value, vlen);
+ if (!ctx->curve_oid)
+ return -EINVAL;
+ ctx->curve = get_curve_by_oid(ctx->curve_oid);
+ return 0;
+}
+
+/* Optional. If present should match expected digest algo OID. */
+int ecrdsa_param_digest(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct ecrdsa_ctx *ctx = context;
+ int digest_oid = look_up_OID(value, vlen);
+
+ if (digest_oid != ctx->digest_oid)
+ return -EINVAL;
+ return 0;
+}
+
+int ecrdsa_parse_pub_key(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct ecrdsa_ctx *ctx = context;
+
+ ctx->key = value;
+ ctx->key_len = vlen;
+ return 0;
+}
+
+static u8 *ecrdsa_unpack_u32(u32 *dst, void *src)
+{
+ memcpy(dst, src, sizeof(u32));
+ return src + sizeof(u32);
+}
+
+/* Parse BER encoded subjectPublicKey. */
+static int ecrdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
+ unsigned int keylen)
+{
+ struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+ unsigned int ndigits;
+ u32 algo, paramlen;
+ u8 *params;
+ int err;
+
+ err = asn1_ber_decoder(&ecrdsa_pub_key_decoder, ctx, key, keylen);
+ if (err < 0)
+ return err;
+
+ /* Key parameters is in the key after keylen. */
+ params = ecrdsa_unpack_u32(¶mlen,
+ ecrdsa_unpack_u32(&algo, (u8 *)key + keylen));
+
+ if (algo == OID_gost2012PKey256) {
+ ctx->digest = "streebog256";
+ ctx->digest_oid = OID_gost2012Digest256;
+ ctx->digest_len = 256 / 8;
+ } else if (algo == OID_gost2012PKey512) {
+ ctx->digest = "streebog512";
+ ctx->digest_oid = OID_gost2012Digest512;
+ ctx->digest_len = 512 / 8;
+ } else
+ return -ENOPKG;
+ ctx->algo_oid = algo;
+
+ /* Parse SubjectPublicKeyInfo.AlgorithmIdentifier.parameters. */
+ err = asn1_ber_decoder(&ecrdsa_params_decoder, ctx, params, paramlen);
+ if (err < 0)
+ return err;
+ /*
+ * Sizes of algo (set in digest_len) and curve should match
+ * each other.
+ */
+ if (!ctx->curve ||
+ ctx->curve->g.ndigits * sizeof(u64) != ctx->digest_len)
+ return -ENOPKG;
+ /*
+ * Key is two 256- or 512-bit coordinates which should match
+ * curve size.
+ */
+ if ((ctx->key_len != (2 * 256 / 8) &&
+ ctx->key_len != (2 * 512 / 8)) ||
+ ctx->key_len != ctx->curve->g.ndigits * sizeof(u64) * 2)
+ return -ENOPKG;
+
+ ndigits = ctx->key_len / sizeof(u64) / 2;
+ ctx->pub_key = ECC_POINT_INIT(ctx->_pubp[0], ctx->_pubp[1], ndigits);
+ vli_from_le64(ctx->pub_key.x, ctx->key, ndigits);
+ vli_from_le64(ctx->pub_key.y, ctx->key + ndigits * sizeof(u64),
+ ndigits);
+
+ if (ecc_is_pubkey_valid_partial(ctx->curve, &ctx->pub_key))
+ return -EKEYREJECTED;
+
+ return 0;
+}
+
+static unsigned int ecrdsa_max_size(struct crypto_akcipher *tfm)
+{
+ struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
+
+ /*
+ * Verify doesn't need any output, so it's just informational
+ * for keyctl to determine the key bit size.
+ */
+ return ctx->pub_key.ndigits * sizeof(u64);
+}
+
+static void ecrdsa_exit_tfm(struct crypto_akcipher *tfm)
+{
+}
+
+static struct akcipher_alg ecrdsa_alg = {
+ .verify = ecrdsa_verify,
+ .set_pub_key = ecrdsa_set_pub_key,
+ .max_size = ecrdsa_max_size,
+ .exit = ecrdsa_exit_tfm,
+ .base = {
+ .cra_name = "ecrdsa",
+ .cra_driver_name = "ecrdsa-generic",
+ .cra_priority = 100,
+ .cra_module = THIS_MODULE,
+ .cra_ctxsize = sizeof(struct ecrdsa_ctx),
+ },
+};
+
+static int __init ecrdsa_mod_init(void)
+{
+ return crypto_register_akcipher(&ecrdsa_alg);
+}
+
+static void __exit ecrdsa_mod_fini(void)
+{
+ crypto_unregister_akcipher(&ecrdsa_alg);
+}
+
+module_init(ecrdsa_mod_init);
+module_exit(ecrdsa_mod_fini);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Vitaly Chikunov <vt@altlinux.org>");
+MODULE_DESCRIPTION("EC-RDSA generic algorithm");
+MODULE_ALIAS_CRYPTO("ecrdsa-generic");
diff --git a/crypto/ecrdsa_defs.h b/crypto/ecrdsa_defs.h
new file mode 100644
index 0000000..170baf0
--- /dev/null
+++ b/crypto/ecrdsa_defs.h
@@ -0,0 +1,225 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Definitions of EC-RDSA Curve Parameters
+ *
+ * Copyright (c) 2019 Vitaly Chikunov <vt@altlinux.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#ifndef _CRYTO_ECRDSA_DEFS_H
+#define _CRYTO_ECRDSA_DEFS_H
+
+#include "ecc.h"
+
+#define ECRDSA_MAX_SIG_SIZE (2 * 512 / 8)
+#define ECRDSA_MAX_DIGITS (512 / 64)
+
+/*
+ * EC-RDSA uses its own set of curves.
+ *
+ * cp256{a,b,c} curves first defined for GOST R 34.10-2001 in RFC 4357 (as
+ * 256-bit {A,B,C}-ParamSet), but inherited for GOST R 34.10-2012 and
+ * proposed for use in R 50.1.114-2016 and RFC 7836 as the 256-bit curves.
+ */
+/* OID_gostCPSignA 1.2.643.2.2.35.1 */
+static u64 cp256a_g_x[] = {
+ 0x0000000000000001ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull, };
+static u64 cp256a_g_y[] = {
+ 0x22ACC99C9E9F1E14ull, 0x35294F2DDF23E3B1ull,
+ 0x27DF505A453F2B76ull, 0x8D91E471E0989CDAull, };
+static u64 cp256a_p[] = { /* p = 2^256 - 617 */
+ 0xFFFFFFFFFFFFFD97ull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
+static u64 cp256a_n[] = {
+ 0x45841B09B761B893ull, 0x6C611070995AD100ull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
+static u64 cp256a_a[] = { /* a = p - 3 */
+ 0xFFFFFFFFFFFFFD94ull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull };
+static u64 cp256a_b[] = {
+ 0x00000000000000a6ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull };
+
+static struct ecc_curve gost_cp256a = {
+ .name = "cp256a",
+ .g = {
+ .x = cp256a_g_x,
+ .y = cp256a_g_y,
+ .ndigits = 256 / 64,
+ },
+ .p = cp256a_p,
+ .n = cp256a_n,
+ .a = cp256a_a,
+ .b = cp256a_b
+};
+
+/* OID_gostCPSignB 1.2.643.2.2.35.2 */
+static u64 cp256b_g_x[] = {
+ 0x0000000000000001ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull, };
+static u64 cp256b_g_y[] = {
+ 0x744BF8D717717EFCull, 0xC545C9858D03ECFBull,
+ 0xB83D1C3EB2C070E5ull, 0x3FA8124359F96680ull, };
+static u64 cp256b_p[] = { /* p = 2^255 + 3225 */
+ 0x0000000000000C99ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x8000000000000000ull, };
+static u64 cp256b_n[] = {
+ 0xE497161BCC8A198Full, 0x5F700CFFF1A624E5ull,
+ 0x0000000000000001ull, 0x8000000000000000ull, };
+static u64 cp256b_a[] = { /* a = p - 3 */
+ 0x0000000000000C96ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x8000000000000000ull, };
+static u64 cp256b_b[] = {
+ 0x2F49D4CE7E1BBC8Bull, 0xE979259373FF2B18ull,
+ 0x66A7D3C25C3DF80Aull, 0x3E1AF419A269A5F8ull, };
+
+static struct ecc_curve gost_cp256b = {
+ .name = "cp256b",
+ .g = {
+ .x = cp256b_g_x,
+ .y = cp256b_g_y,
+ .ndigits = 256 / 64,
+ },
+ .p = cp256b_p,
+ .n = cp256b_n,
+ .a = cp256b_a,
+ .b = cp256b_b
+};
+
+/* OID_gostCPSignC 1.2.643.2.2.35.3 */
+static u64 cp256c_g_x[] = {
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull, };
+static u64 cp256c_g_y[] = {
+ 0x366E550DFDB3BB67ull, 0x4D4DC440D4641A8Full,
+ 0x3CBF3783CD08C0EEull, 0x41ECE55743711A8Cull, };
+static u64 cp256c_p[] = {
+ 0x7998F7B9022D759Bull, 0xCF846E86789051D3ull,
+ 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull,
+ /* pre-computed value for Barrett's reduction */
+ 0xedc283cdd217b5a2ull, 0xbac48fc06398ae59ull,
+ 0x405384d55f9f3b73ull, 0xa51f176161f1d734ull,
+ 0x0000000000000001ull, };
+static u64 cp256c_n[] = {
+ 0xF02F3A6598980BB9ull, 0x582CA3511EDDFB74ull,
+ 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, };
+static u64 cp256c_a[] = { /* a = p - 3 */
+ 0x7998F7B9022D7598ull, 0xCF846E86789051D3ull,
+ 0xAB1EC85E6B41C8AAull, 0x9B9F605F5A858107ull, };
+static u64 cp256c_b[] = {
+ 0x000000000000805aull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull, };
+
+static struct ecc_curve gost_cp256c = {
+ .name = "cp256c",
+ .g = {
+ .x = cp256c_g_x,
+ .y = cp256c_g_y,
+ .ndigits = 256 / 64,
+ },
+ .p = cp256c_p,
+ .n = cp256c_n,
+ .a = cp256c_a,
+ .b = cp256c_b
+};
+
+/* tc512{a,b} curves first recommended in 2013 and then standardized in
+ * R 50.1.114-2016 and RFC 7836 for use with GOST R 34.10-2012 (as TC26
+ * 512-bit ParamSet{A,B}).
+ */
+/* OID_gostTC26Sign512A 1.2.643.7.1.2.1.2.1 */
+static u64 tc512a_g_x[] = {
+ 0x0000000000000003ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull, };
+static u64 tc512a_g_y[] = {
+ 0x89A589CB5215F2A4ull, 0x8028FE5FC235F5B8ull,
+ 0x3D75E6A50E3A41E9ull, 0xDF1626BE4FD036E9ull,
+ 0x778064FDCBEFA921ull, 0xCE5E1C93ACF1ABC1ull,
+ 0xA61B8816E25450E6ull, 0x7503CFE87A836AE3ull, };
+static u64 tc512a_p[] = { /* p = 2^512 - 569 */
+ 0xFFFFFFFFFFFFFDC7ull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
+static u64 tc512a_n[] = {
+ 0xCACDB1411F10B275ull, 0x9B4B38ABFAD2B85Dull,
+ 0x6FF22B8D4E056060ull, 0x27E69532F48D8911ull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
+static u64 tc512a_a[] = { /* a = p - 3 */
+ 0xFFFFFFFFFFFFFDC4ull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull,
+ 0xFFFFFFFFFFFFFFFFull, 0xFFFFFFFFFFFFFFFFull, };
+static u64 tc512a_b[] = {
+ 0x503190785A71C760ull, 0x862EF9D4EBEE4761ull,
+ 0x4CB4574010DA90DDull, 0xEE3CB090F30D2761ull,
+ 0x79BD081CFD0B6265ull, 0x34B82574761CB0E8ull,
+ 0xC1BD0B2B6667F1DAull, 0xE8C2505DEDFC86DDull, };
+
+static struct ecc_curve gost_tc512a = {
+ .name = "tc512a",
+ .g = {
+ .x = tc512a_g_x,
+ .y = tc512a_g_y,
+ .ndigits = 512 / 64,
+ },
+ .p = tc512a_p,
+ .n = tc512a_n,
+ .a = tc512a_a,
+ .b = tc512a_b
+};
+
+/* OID_gostTC26Sign512B 1.2.643.7.1.2.1.2.2 */
+static u64 tc512b_g_x[] = {
+ 0x0000000000000002ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull, };
+static u64 tc512b_g_y[] = {
+ 0x7E21340780FE41BDull, 0x28041055F94CEEECull,
+ 0x152CBCAAF8C03988ull, 0xDCB228FD1EDF4A39ull,
+ 0xBE6DD9E6C8EC7335ull, 0x3C123B697578C213ull,
+ 0x2C071E3647A8940Full, 0x1A8F7EDA389B094Cull, };
+static u64 tc512b_p[] = { /* p = 2^511 + 111 */
+ 0x000000000000006Full, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x8000000000000000ull, };
+static u64 tc512b_n[] = {
+ 0xC6346C54374F25BDull, 0x8B996712101BEA0Eull,
+ 0xACFDB77BD9D40CFAull, 0x49A1EC142565A545ull,
+ 0x0000000000000001ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x8000000000000000ull, };
+static u64 tc512b_a[] = { /* a = p - 3 */
+ 0x000000000000006Cull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x0000000000000000ull,
+ 0x0000000000000000ull, 0x8000000000000000ull, };
+static u64 tc512b_b[] = {
+ 0xFB8CCBC7C5140116ull, 0x50F78BEE1FA3106Eull,
+ 0x7F8B276FAD1AB69Cull, 0x3E965D2DB1416D21ull,
+ 0xBF85DC806C4B289Full, 0xB97C7D614AF138BCull,
+ 0x7E3E06CF6F5E2517ull, 0x687D1B459DC84145ull, };
+
+static struct ecc_curve gost_tc512b = {
+ .name = "tc512b",
+ .g = {
+ .x = tc512b_g_x,
+ .y = tc512b_g_y,
+ .ndigits = 512 / 64,
+ },
+ .p = tc512b_p,
+ .n = tc512b_n,
+ .a = tc512b_a,
+ .b = tc512b_b
+};
+
+#endif
diff --git a/crypto/ecrdsa_params.asn1 b/crypto/ecrdsa_params.asn1
new file mode 100644
index 0000000..aba99c3
--- /dev/null
+++ b/crypto/ecrdsa_params.asn1
@@ -0,0 +1,4 @@
+EcrdsaParams ::= SEQUENCE {
+ curve OBJECT IDENTIFIER ({ ecrdsa_param_curve }),
+ digest OBJECT IDENTIFIER OPTIONAL ({ ecrdsa_param_digest })
+}
diff --git a/crypto/ecrdsa_pub_key.asn1 b/crypto/ecrdsa_pub_key.asn1
new file mode 100644
index 0000000..048cb64
--- /dev/null
+++ b/crypto/ecrdsa_pub_key.asn1
@@ -0,0 +1 @@
+EcrdsaPubKey ::= OCTET STRING ({ ecrdsa_parse_pub_key })
diff --git a/crypto/essiv.c b/crypto/essiv.c
new file mode 100644
index 0000000..a8befc8
--- /dev/null
+++ b/crypto/essiv.c
@@ -0,0 +1,663 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * ESSIV skcipher and aead template for block encryption
+ *
+ * This template encapsulates the ESSIV IV generation algorithm used by
+ * dm-crypt and fscrypt, which converts the initial vector for the skcipher
+ * used for block encryption, by encrypting it using the hash of the
+ * skcipher key as encryption key. Usually, the input IV is a 64-bit sector
+ * number in LE representation zero-padded to the size of the IV, but this
+ * is not assumed by this driver.
+ *
+ * The typical use of this template is to instantiate the skcipher
+ * 'essiv(cbc(aes),sha256)', which is the only instantiation used by
+ * fscrypt, and the most relevant one for dm-crypt. However, dm-crypt
+ * also permits ESSIV to be used in combination with the authenc template,
+ * e.g., 'essiv(authenc(hmac(sha256),cbc(aes)),sha256)', in which case
+ * we need to instantiate an aead that accepts the same special key format
+ * as the authenc template, and deals with the way the encrypted IV is
+ * embedded into the AAD area of the aead request. This means the AEAD
+ * flavor produced by this template is tightly coupled to the way dm-crypt
+ * happens to use it.
+ *
+ * Copyright (c) 2019 Linaro, Ltd. <ard.biesheuvel@linaro.org>
+ *
+ * Heavily based on:
+ * adiantum length-preserving encryption mode
+ *
+ * Copyright 2018 Google LLC
+ */
+
+#include <crypto/authenc.h>
+#include <crypto/internal/aead.h>
+#include <crypto/internal/hash.h>
+#include <crypto/internal/skcipher.h>
+#include <crypto/scatterwalk.h>
+#include <linux/module.h>
+
+#include "internal.h"
+
+struct essiv_instance_ctx {
+ union {
+ struct crypto_skcipher_spawn skcipher_spawn;
+ struct crypto_aead_spawn aead_spawn;
+ } u;
+ char essiv_cipher_name[CRYPTO_MAX_ALG_NAME];
+ char shash_driver_name[CRYPTO_MAX_ALG_NAME];
+};
+
+struct essiv_tfm_ctx {
+ union {
+ struct crypto_skcipher *skcipher;
+ struct crypto_aead *aead;
+ } u;
+ struct crypto_cipher *essiv_cipher;
+ struct crypto_shash *hash;
+ int ivoffset;
+};
+
+struct essiv_aead_request_ctx {
+ struct scatterlist sg[4];
+ u8 *assoc;
+ struct aead_request aead_req;
+};
+
+static int essiv_skcipher_setkey(struct crypto_skcipher *tfm,
+ const u8 *key, unsigned int keylen)
+{
+ struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ SHASH_DESC_ON_STACK(desc, tctx->hash);
+ u8 salt[HASH_MAX_DIGESTSIZE];
+ int err;
+
+ crypto_skcipher_clear_flags(tctx->u.skcipher, CRYPTO_TFM_REQ_MASK);
+ crypto_skcipher_set_flags(tctx->u.skcipher,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_skcipher_setkey(tctx->u.skcipher, key, keylen);
+ crypto_skcipher_set_flags(tfm,
+ crypto_skcipher_get_flags(tctx->u.skcipher) &
+ CRYPTO_TFM_RES_MASK);
+ if (err)
+ return err;
+
+ desc->tfm = tctx->hash;
+ err = crypto_shash_digest(desc, key, keylen, salt);
+ if (err)
+ return err;
+
+ crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(tctx->essiv_cipher,
+ crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_cipher_setkey(tctx->essiv_cipher, salt,
+ crypto_shash_digestsize(tctx->hash));
+ crypto_skcipher_set_flags(tfm,
+ crypto_cipher_get_flags(tctx->essiv_cipher) &
+ CRYPTO_TFM_RES_MASK);
+
+ return err;
+}
+
+static int essiv_aead_setkey(struct crypto_aead *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+ SHASH_DESC_ON_STACK(desc, tctx->hash);
+ struct crypto_authenc_keys keys;
+ u8 salt[HASH_MAX_DIGESTSIZE];
+ int err;
+
+ crypto_aead_clear_flags(tctx->u.aead, CRYPTO_TFM_REQ_MASK);
+ crypto_aead_set_flags(tctx->u.aead, crypto_aead_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_aead_setkey(tctx->u.aead, key, keylen);
+ crypto_aead_set_flags(tfm, crypto_aead_get_flags(tctx->u.aead) &
+ CRYPTO_TFM_RES_MASK);
+ if (err)
+ return err;
+
+ if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) {
+ crypto_aead_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+
+ desc->tfm = tctx->hash;
+ err = crypto_shash_init(desc) ?:
+ crypto_shash_update(desc, keys.enckey, keys.enckeylen) ?:
+ crypto_shash_finup(desc, keys.authkey, keys.authkeylen, salt);
+ if (err)
+ return err;
+
+ crypto_cipher_clear_flags(tctx->essiv_cipher, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(tctx->essiv_cipher, crypto_aead_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_cipher_setkey(tctx->essiv_cipher, salt,
+ crypto_shash_digestsize(tctx->hash));
+ crypto_aead_set_flags(tfm, crypto_cipher_get_flags(tctx->essiv_cipher) &
+ CRYPTO_TFM_RES_MASK);
+
+ return err;
+}
+
+static int essiv_aead_setauthsize(struct crypto_aead *tfm,
+ unsigned int authsize)
+{
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+
+ return crypto_aead_setauthsize(tctx->u.aead, authsize);
+}
+
+static void essiv_skcipher_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ skcipher_request_complete(req, err);
+}
+
+static int essiv_skcipher_crypt(struct skcipher_request *req, bool enc)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct skcipher_request *subreq = skcipher_request_ctx(req);
+
+ crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
+
+ skcipher_request_set_tfm(subreq, tctx->u.skcipher);
+ skcipher_request_set_crypt(subreq, req->src, req->dst, req->cryptlen,
+ req->iv);
+ skcipher_request_set_callback(subreq, skcipher_request_flags(req),
+ essiv_skcipher_done, req);
+
+ return enc ? crypto_skcipher_encrypt(subreq) :
+ crypto_skcipher_decrypt(subreq);
+}
+
+static int essiv_skcipher_encrypt(struct skcipher_request *req)
+{
+ return essiv_skcipher_crypt(req, true);
+}
+
+static int essiv_skcipher_decrypt(struct skcipher_request *req)
+{
+ return essiv_skcipher_crypt(req, false);
+}
+
+static void essiv_aead_done(struct crypto_async_request *areq, int err)
+{
+ struct aead_request *req = areq->data;
+ struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
+
+ if (rctx->assoc)
+ kfree(rctx->assoc);
+ aead_request_complete(req, err);
+}
+
+static int essiv_aead_crypt(struct aead_request *req, bool enc)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ const struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+ struct essiv_aead_request_ctx *rctx = aead_request_ctx(req);
+ struct aead_request *subreq = &rctx->aead_req;
+ struct scatterlist *src = req->src;
+ int err;
+
+ crypto_cipher_encrypt_one(tctx->essiv_cipher, req->iv, req->iv);
+
+ /*
+ * dm-crypt embeds the sector number and the IV in the AAD region, so
+ * we have to copy the converted IV into the right scatterlist before
+ * we pass it on.
+ */
+ rctx->assoc = NULL;
+ if (req->src == req->dst || !enc) {
+ scatterwalk_map_and_copy(req->iv, req->dst,
+ req->assoclen - crypto_aead_ivsize(tfm),
+ crypto_aead_ivsize(tfm), 1);
+ } else {
+ u8 *iv = (u8 *)aead_request_ctx(req) + tctx->ivoffset;
+ int ivsize = crypto_aead_ivsize(tfm);
+ int ssize = req->assoclen - ivsize;
+ struct scatterlist *sg;
+ int nents;
+
+ if (ssize < 0)
+ return -EINVAL;
+
+ nents = sg_nents_for_len(req->src, ssize);
+ if (nents < 0)
+ return -EINVAL;
+
+ memcpy(iv, req->iv, ivsize);
+ sg_init_table(rctx->sg, 4);
+
+ if (unlikely(nents > 1)) {
+ /*
+ * This is a case that rarely occurs in practice, but
+ * for correctness, we have to deal with it nonetheless.
+ */
+ rctx->assoc = kmalloc(ssize, GFP_ATOMIC);
+ if (!rctx->assoc)
+ return -ENOMEM;
+
+ scatterwalk_map_and_copy(rctx->assoc, req->src, 0,
+ ssize, 0);
+ sg_set_buf(rctx->sg, rctx->assoc, ssize);
+ } else {
+ sg_set_page(rctx->sg, sg_page(req->src), ssize,
+ req->src->offset);
+ }
+
+ sg_set_buf(rctx->sg + 1, iv, ivsize);
+ sg = scatterwalk_ffwd(rctx->sg + 2, req->src, req->assoclen);
+ if (sg != rctx->sg + 2)
+ sg_chain(rctx->sg, 3, sg);
+
+ src = rctx->sg;
+ }
+
+ aead_request_set_tfm(subreq, tctx->u.aead);
+ aead_request_set_ad(subreq, req->assoclen);
+ aead_request_set_callback(subreq, aead_request_flags(req),
+ essiv_aead_done, req);
+ aead_request_set_crypt(subreq, src, req->dst, req->cryptlen, req->iv);
+
+ err = enc ? crypto_aead_encrypt(subreq) :
+ crypto_aead_decrypt(subreq);
+
+ if (rctx->assoc && err != -EINPROGRESS)
+ kfree(rctx->assoc);
+ return err;
+}
+
+static int essiv_aead_encrypt(struct aead_request *req)
+{
+ return essiv_aead_crypt(req, true);
+}
+
+static int essiv_aead_decrypt(struct aead_request *req)
+{
+ return essiv_aead_crypt(req, false);
+}
+
+static int essiv_init_tfm(struct essiv_instance_ctx *ictx,
+ struct essiv_tfm_ctx *tctx)
+{
+ struct crypto_cipher *essiv_cipher;
+ struct crypto_shash *hash;
+ int err;
+
+ essiv_cipher = crypto_alloc_cipher(ictx->essiv_cipher_name, 0, 0);
+ if (IS_ERR(essiv_cipher))
+ return PTR_ERR(essiv_cipher);
+
+ hash = crypto_alloc_shash(ictx->shash_driver_name, 0, 0);
+ if (IS_ERR(hash)) {
+ err = PTR_ERR(hash);
+ goto err_free_essiv_cipher;
+ }
+
+ tctx->essiv_cipher = essiv_cipher;
+ tctx->hash = hash;
+
+ return 0;
+
+err_free_essiv_cipher:
+ crypto_free_cipher(essiv_cipher);
+ return err;
+}
+
+static int essiv_skcipher_init_tfm(struct crypto_skcipher *tfm)
+{
+ struct skcipher_instance *inst = skcipher_alg_instance(tfm);
+ struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst);
+ struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+ struct crypto_skcipher *skcipher;
+ int err;
+
+ skcipher = crypto_spawn_skcipher(&ictx->u.skcipher_spawn);
+ if (IS_ERR(skcipher))
+ return PTR_ERR(skcipher);
+
+ crypto_skcipher_set_reqsize(tfm, sizeof(struct skcipher_request) +
+ crypto_skcipher_reqsize(skcipher));
+
+ err = essiv_init_tfm(ictx, tctx);
+ if (err) {
+ crypto_free_skcipher(skcipher);
+ return err;
+ }
+
+ tctx->u.skcipher = skcipher;
+ return 0;
+}
+
+static int essiv_aead_init_tfm(struct crypto_aead *tfm)
+{
+ struct aead_instance *inst = aead_alg_instance(tfm);
+ struct essiv_instance_ctx *ictx = aead_instance_ctx(inst);
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+ struct crypto_aead *aead;
+ unsigned int subreq_size;
+ int err;
+
+ BUILD_BUG_ON(offsetofend(struct essiv_aead_request_ctx, aead_req) !=
+ sizeof(struct essiv_aead_request_ctx));
+
+ aead = crypto_spawn_aead(&ictx->u.aead_spawn);
+ if (IS_ERR(aead))
+ return PTR_ERR(aead);
+
+ subreq_size = FIELD_SIZEOF(struct essiv_aead_request_ctx, aead_req) +
+ crypto_aead_reqsize(aead);
+
+ tctx->ivoffset = offsetof(struct essiv_aead_request_ctx, aead_req) +
+ subreq_size;
+ crypto_aead_set_reqsize(tfm, tctx->ivoffset + crypto_aead_ivsize(aead));
+
+ err = essiv_init_tfm(ictx, tctx);
+ if (err) {
+ crypto_free_aead(aead);
+ return err;
+ }
+
+ tctx->u.aead = aead;
+ return 0;
+}
+
+static void essiv_skcipher_exit_tfm(struct crypto_skcipher *tfm)
+{
+ struct essiv_tfm_ctx *tctx = crypto_skcipher_ctx(tfm);
+
+ crypto_free_skcipher(tctx->u.skcipher);
+ crypto_free_cipher(tctx->essiv_cipher);
+ crypto_free_shash(tctx->hash);
+}
+
+static void essiv_aead_exit_tfm(struct crypto_aead *tfm)
+{
+ struct essiv_tfm_ctx *tctx = crypto_aead_ctx(tfm);
+
+ crypto_free_aead(tctx->u.aead);
+ crypto_free_cipher(tctx->essiv_cipher);
+ crypto_free_shash(tctx->hash);
+}
+
+static void essiv_skcipher_free_instance(struct skcipher_instance *inst)
+{
+ struct essiv_instance_ctx *ictx = skcipher_instance_ctx(inst);
+
+ crypto_drop_skcipher(&ictx->u.skcipher_spawn);
+ kfree(inst);
+}
+
+static void essiv_aead_free_instance(struct aead_instance *inst)
+{
+ struct essiv_instance_ctx *ictx = aead_instance_ctx(inst);
+
+ crypto_drop_aead(&ictx->u.aead_spawn);
+ kfree(inst);
+}
+
+static bool parse_cipher_name(char *essiv_cipher_name, const char *cra_name)
+{
+ const char *p, *q;
+ int len;
+
+ /* find the last opening parens */
+ p = strrchr(cra_name, '(');
+ if (!p++)
+ return false;
+
+ /* find the first closing parens in the tail of the string */
+ q = strchr(p, ')');
+ if (!q)
+ return false;
+
+ len = q - p;
+ if (len >= CRYPTO_MAX_ALG_NAME)
+ return false;
+
+ memcpy(essiv_cipher_name, p, len);
+ essiv_cipher_name[len] = '\0';
+ return true;
+}
+
+static bool essiv_supported_algorithms(const char *essiv_cipher_name,
+ struct shash_alg *hash_alg,
+ int ivsize)
+{
+ struct crypto_alg *alg;
+ bool ret = false;
+
+ alg = crypto_alg_mod_lookup(essiv_cipher_name,
+ CRYPTO_ALG_TYPE_CIPHER,
+ CRYPTO_ALG_TYPE_MASK);
+ if (IS_ERR(alg))
+ return false;
+
+ if (hash_alg->digestsize < alg->cra_cipher.cia_min_keysize ||
+ hash_alg->digestsize > alg->cra_cipher.cia_max_keysize)
+ goto out;
+
+ if (ivsize != alg->cra_blocksize)
+ goto out;
+
+ if (crypto_shash_alg_has_setkey(hash_alg))
+ goto out;
+
+ ret = true;
+
+out:
+ crypto_mod_put(alg);
+ return ret;
+}
+
+static int essiv_create(struct crypto_template *tmpl, struct rtattr **tb)
+{
+ struct crypto_attr_type *algt;
+ const char *inner_cipher_name;
+ const char *shash_name;
+ struct skcipher_instance *skcipher_inst = NULL;
+ struct aead_instance *aead_inst = NULL;
+ struct crypto_instance *inst;
+ struct crypto_alg *base, *block_base;
+ struct essiv_instance_ctx *ictx;
+ struct skcipher_alg *skcipher_alg = NULL;
+ struct aead_alg *aead_alg = NULL;
+ struct crypto_alg *_hash_alg;
+ struct shash_alg *hash_alg;
+ int ivsize;
+ u32 type;
+ int err;
+
+ algt = crypto_get_attr_type(tb);
+ if (IS_ERR(algt))
+ return PTR_ERR(algt);
+
+ inner_cipher_name = crypto_attr_alg_name(tb[1]);
+ if (IS_ERR(inner_cipher_name))
+ return PTR_ERR(inner_cipher_name);
+
+ shash_name = crypto_attr_alg_name(tb[2]);
+ if (IS_ERR(shash_name))
+ return PTR_ERR(shash_name);
+
+ type = algt->type & algt->mask;
+
+ switch (type) {
+ case CRYPTO_ALG_TYPE_BLKCIPHER:
+ skcipher_inst = kzalloc(sizeof(*skcipher_inst) +
+ sizeof(*ictx), GFP_KERNEL);
+ if (!skcipher_inst)
+ return -ENOMEM;
+ inst = skcipher_crypto_instance(skcipher_inst);
+ base = &skcipher_inst->alg.base;
+ ictx = crypto_instance_ctx(inst);
+
+ /* Symmetric cipher, e.g., "cbc(aes)" */
+ crypto_set_skcipher_spawn(&ictx->u.skcipher_spawn, inst);
+ err = crypto_grab_skcipher(&ictx->u.skcipher_spawn,
+ inner_cipher_name, 0,
+ crypto_requires_sync(algt->type,
+ algt->mask));
+ if (err)
+ goto out_free_inst;
+ skcipher_alg = crypto_spawn_skcipher_alg(&ictx->u.skcipher_spawn);
+ block_base = &skcipher_alg->base;
+ ivsize = crypto_skcipher_alg_ivsize(skcipher_alg);
+ break;
+
+ case CRYPTO_ALG_TYPE_AEAD:
+ aead_inst = kzalloc(sizeof(*aead_inst) +
+ sizeof(*ictx), GFP_KERNEL);
+ if (!aead_inst)
+ return -ENOMEM;
+ inst = aead_crypto_instance(aead_inst);
+ base = &aead_inst->alg.base;
+ ictx = crypto_instance_ctx(inst);
+
+ /* AEAD cipher, e.g., "authenc(hmac(sha256),cbc(aes))" */
+ crypto_set_aead_spawn(&ictx->u.aead_spawn, inst);
+ err = crypto_grab_aead(&ictx->u.aead_spawn,
+ inner_cipher_name, 0,
+ crypto_requires_sync(algt->type,
+ algt->mask));
+ if (err)
+ goto out_free_inst;
+ aead_alg = crypto_spawn_aead_alg(&ictx->u.aead_spawn);
+ block_base = &aead_alg->base;
+ if (!strstarts(block_base->cra_name, "authenc(")) {
+ pr_warn("Only authenc() type AEADs are supported by ESSIV\n");
+ err = -EINVAL;
+ goto out_drop_skcipher;
+ }
+ ivsize = aead_alg->ivsize;
+ break;
+
+ default:
+ return -EINVAL;
+ }
+
+ if (!parse_cipher_name(ictx->essiv_cipher_name, block_base->cra_name)) {
+ pr_warn("Failed to parse ESSIV cipher name from skcipher cra_name\n");
+ err = -EINVAL;
+ goto out_drop_skcipher;
+ }
+
+ /* Synchronous hash, e.g., "sha256" */
+ _hash_alg = crypto_alg_mod_lookup(shash_name,
+ CRYPTO_ALG_TYPE_SHASH,
+ CRYPTO_ALG_TYPE_MASK);
+ if (IS_ERR(_hash_alg)) {
+ err = PTR_ERR(_hash_alg);
+ goto out_drop_skcipher;
+ }
+ hash_alg = __crypto_shash_alg(_hash_alg);
+
+ /* Check the set of algorithms */
+ if (!essiv_supported_algorithms(ictx->essiv_cipher_name, hash_alg,
+ ivsize)) {
+ pr_warn("Unsupported essiv instantiation: essiv(%s,%s)\n",
+ block_base->cra_name, hash_alg->base.cra_name);
+ err = -EINVAL;
+ goto out_free_hash;
+ }
+
+ /* record the driver name so we can instantiate this exact algo later */
+ strlcpy(ictx->shash_driver_name, hash_alg->base.cra_driver_name,
+ CRYPTO_MAX_ALG_NAME);
+
+ /* Instance fields */
+
+ err = -ENAMETOOLONG;
+ if (snprintf(base->cra_name, CRYPTO_MAX_ALG_NAME,
+ "essiv(%s,%s)", block_base->cra_name,
+ hash_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_free_hash;
+ if (snprintf(base->cra_driver_name, CRYPTO_MAX_ALG_NAME,
+ "essiv(%s,%s)", block_base->cra_driver_name,
+ hash_alg->base.cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_free_hash;
+
+ base->cra_flags = block_base->cra_flags & CRYPTO_ALG_ASYNC;
+ base->cra_blocksize = block_base->cra_blocksize;
+ base->cra_ctxsize = sizeof(struct essiv_tfm_ctx);
+ base->cra_alignmask = block_base->cra_alignmask;
+ base->cra_priority = block_base->cra_priority;
+
+ if (type == CRYPTO_ALG_TYPE_BLKCIPHER) {
+ skcipher_inst->alg.setkey = essiv_skcipher_setkey;
+ skcipher_inst->alg.encrypt = essiv_skcipher_encrypt;
+ skcipher_inst->alg.decrypt = essiv_skcipher_decrypt;
+ skcipher_inst->alg.init = essiv_skcipher_init_tfm;
+ skcipher_inst->alg.exit = essiv_skcipher_exit_tfm;
+
+ skcipher_inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(skcipher_alg);
+ skcipher_inst->alg.max_keysize = crypto_skcipher_alg_max_keysize(skcipher_alg);
+ skcipher_inst->alg.ivsize = ivsize;
+ skcipher_inst->alg.chunksize = crypto_skcipher_alg_chunksize(skcipher_alg);
+ skcipher_inst->alg.walksize = crypto_skcipher_alg_walksize(skcipher_alg);
+
+ skcipher_inst->free = essiv_skcipher_free_instance;
+
+ err = skcipher_register_instance(tmpl, skcipher_inst);
+ } else {
+ aead_inst->alg.setkey = essiv_aead_setkey;
+ aead_inst->alg.setauthsize = essiv_aead_setauthsize;
+ aead_inst->alg.encrypt = essiv_aead_encrypt;
+ aead_inst->alg.decrypt = essiv_aead_decrypt;
+ aead_inst->alg.init = essiv_aead_init_tfm;
+ aead_inst->alg.exit = essiv_aead_exit_tfm;
+
+ aead_inst->alg.ivsize = ivsize;
+ aead_inst->alg.maxauthsize = crypto_aead_alg_maxauthsize(aead_alg);
+ aead_inst->alg.chunksize = crypto_aead_alg_chunksize(aead_alg);
+
+ aead_inst->free = essiv_aead_free_instance;
+
+ err = aead_register_instance(tmpl, aead_inst);
+ }
+
+ if (err)
+ goto out_free_hash;
+
+ crypto_mod_put(_hash_alg);
+ return 0;
+
+out_free_hash:
+ crypto_mod_put(_hash_alg);
+out_drop_skcipher:
+ if (type == CRYPTO_ALG_TYPE_BLKCIPHER)
+ crypto_drop_skcipher(&ictx->u.skcipher_spawn);
+ else
+ crypto_drop_aead(&ictx->u.aead_spawn);
+out_free_inst:
+ kfree(skcipher_inst);
+ kfree(aead_inst);
+ return err;
+}
+
+/* essiv(cipher_name, shash_name) */
+static struct crypto_template essiv_tmpl = {
+ .name = "essiv",
+ .create = essiv_create,
+ .module = THIS_MODULE,
+};
+
+static int __init essiv_module_init(void)
+{
+ return crypto_register_template(&essiv_tmpl);
+}
+
+static void __exit essiv_module_exit(void)
+{
+ crypto_unregister_template(&essiv_tmpl);
+}
+
+subsys_initcall(essiv_module_init);
+module_exit(essiv_module_exit);
+
+MODULE_DESCRIPTION("ESSIV skcipher/aead wrapper for block encryption");
+MODULE_LICENSE("GPL v2");
+MODULE_ALIAS_CRYPTO("essiv");
diff --git a/crypto/fcrypt.c b/crypto/fcrypt.c
index 77286ea..58f9353 100644
--- a/crypto/fcrypt.c
+++ b/crypto/fcrypt.c
@@ -391,6 +391,7 @@
static struct crypto_alg fcrypt_alg = {
.cra_name = "fcrypt",
+ .cra_driver_name = "fcrypt-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = 8,
.cra_ctxsize = sizeof(struct fcrypt_ctx),
@@ -414,7 +415,7 @@
crypto_unregister_alg(&fcrypt_alg);
}
-module_init(fcrypt_mod_init);
+subsys_initcall(fcrypt_mod_init);
module_exit(fcrypt_mod_fini);
MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/fips.c b/crypto/fips.c
index 9d627c1..7b1d8ca 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* FIPS 200 support.
*
* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/export.h>
@@ -16,10 +11,14 @@
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/sysctl.h>
+#include <linux/notifier.h>
int fips_enabled;
EXPORT_SYMBOL_GPL(fips_enabled);
+ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
+EXPORT_SYMBOL_GPL(fips_fail_notif_chain);
+
/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
static int fips_enable(char *str)
{
@@ -63,6 +62,13 @@
unregister_sysctl_table(crypto_sysctls);
}
+void fips_fail_notify(void)
+{
+ if (fips_enabled)
+ atomic_notifier_call_chain(&fips_fail_notif_chain, 0, NULL);
+}
+EXPORT_SYMBOL_GPL(fips_fail_notify);
+
static int __init fips_init(void)
{
crypto_proc_fips_init();
@@ -74,5 +80,5 @@
crypto_proc_fips_exit();
}
-module_init(fips_init);
+subsys_initcall(fips_init);
module_exit(fips_exit);
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 0ad879e..7388420 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -1,11 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* GCM: Galois/Counter Mode.
*
* Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published
- * by the Free Software Foundation.
*/
#include <crypto/gf128mul.h>
@@ -50,7 +47,7 @@
struct crypto_rfc4543_ctx {
struct crypto_aead *child;
- struct crypto_skcipher *null;
+ struct crypto_sync_skcipher *null;
u8 nonce[4];
};
@@ -155,20 +152,7 @@
static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
- switch (authsize) {
- case 4:
- case 8:
- case 12:
- case 13:
- case 14:
- case 15:
- case 16:
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
+ return crypto_gcm_check_authsize(authsize);
}
static void crypto_gcm_init_common(struct aead_request *req)
@@ -247,7 +231,7 @@
struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req);
struct ahash_request *ahreq = &pctx->u.ahreq;
struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx;
- u128 lengths;
+ be128 lengths;
lengths.a = cpu_to_be64(req->assoclen * 8);
lengths.b = cpu_to_be64(gctx->cryptlen * 8);
@@ -597,7 +581,6 @@
static int crypto_gcm_create_common(struct crypto_template *tmpl,
struct rtattr **tb,
- const char *full_name,
const char *ctr_name,
const char *ghash_name)
{
@@ -638,7 +621,8 @@
goto err_free_inst;
err = -EINVAL;
- if (ghash->digestsize != 16)
+ if (strcmp(ghash->base.cra_name, "ghash") != 0 ||
+ ghash->digestsize != 16)
goto err_drop_ghash;
crypto_set_skcipher_spawn(&ctx->ctr, aead_crypto_instance(inst));
@@ -650,24 +634,24 @@
ctr = crypto_spawn_skcipher_alg(&ctx->ctr);
- /* We only support 16-byte blocks. */
+ /* The skcipher algorithm must be CTR mode, using 16-byte blocks. */
err = -EINVAL;
- if (crypto_skcipher_alg_ivsize(ctr) != 16)
- goto out_put_ctr;
-
- /* Not a stream cipher? */
- if (ctr->base.cra_blocksize != 1)
+ if (strncmp(ctr->base.cra_name, "ctr(", 4) != 0 ||
+ crypto_skcipher_alg_ivsize(ctr) != 16 ||
+ ctr->base.cra_blocksize != 1)
goto out_put_ctr;
err = -ENAMETOOLONG;
+ if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
+ "gcm(%s", ctr->base.cra_name + 4) >= CRYPTO_MAX_ALG_NAME)
+ goto out_put_ctr;
+
if (snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
"gcm_base(%s,%s)", ctr->base.cra_driver_name,
ghash_alg->cra_driver_name) >=
CRYPTO_MAX_ALG_NAME)
goto out_put_ctr;
- memcpy(inst->alg.base.cra_name, full_name, CRYPTO_MAX_ALG_NAME);
-
inst->alg.base.cra_flags = (ghash->base.cra_flags |
ctr->base.cra_flags) & CRYPTO_ALG_ASYNC;
inst->alg.base.cra_priority = (ghash->base.cra_priority +
@@ -709,7 +693,6 @@
{
const char *cipher_name;
char ctr_name[CRYPTO_MAX_ALG_NAME];
- char full_name[CRYPTO_MAX_ALG_NAME];
cipher_name = crypto_attr_alg_name(tb[1]);
if (IS_ERR(cipher_name))
@@ -719,26 +702,14 @@
CRYPTO_MAX_ALG_NAME)
return -ENAMETOOLONG;
- if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm(%s)", cipher_name) >=
- CRYPTO_MAX_ALG_NAME)
- return -ENAMETOOLONG;
-
- return crypto_gcm_create_common(tmpl, tb, full_name,
- ctr_name, "ghash");
+ return crypto_gcm_create_common(tmpl, tb, ctr_name, "ghash");
}
-static struct crypto_template crypto_gcm_tmpl = {
- .name = "gcm",
- .create = crypto_gcm_create,
- .module = THIS_MODULE,
-};
-
static int crypto_gcm_base_create(struct crypto_template *tmpl,
struct rtattr **tb)
{
const char *ctr_name;
const char *ghash_name;
- char full_name[CRYPTO_MAX_ALG_NAME];
ctr_name = crypto_attr_alg_name(tb[1]);
if (IS_ERR(ctr_name))
@@ -748,20 +719,9 @@
if (IS_ERR(ghash_name))
return PTR_ERR(ghash_name);
- if (snprintf(full_name, CRYPTO_MAX_ALG_NAME, "gcm_base(%s,%s)",
- ctr_name, ghash_name) >= CRYPTO_MAX_ALG_NAME)
- return -ENAMETOOLONG;
-
- return crypto_gcm_create_common(tmpl, tb, full_name,
- ctr_name, ghash_name);
+ return crypto_gcm_create_common(tmpl, tb, ctr_name, ghash_name);
}
-static struct crypto_template crypto_gcm_base_tmpl = {
- .name = "gcm_base",
- .create = crypto_gcm_base_create,
- .module = THIS_MODULE,
-};
-
static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key,
unsigned int keylen)
{
@@ -789,15 +749,11 @@
unsigned int authsize)
{
struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
+ int err;
- switch (authsize) {
- case 8:
- case 12:
- case 16:
- break;
- default:
- return -EINVAL;
- }
+ err = crypto_rfc4106_check_authsize(authsize);
+ if (err)
+ return err;
return crypto_aead_setauthsize(ctx->child, authsize);
}
@@ -845,8 +801,11 @@
static int crypto_rfc4106_encrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = crypto_ipsec_check_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -855,8 +814,11 @@
static int crypto_rfc4106_decrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = crypto_ipsec_check_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -989,12 +951,6 @@
goto out;
}
-static struct crypto_template crypto_rfc4106_tmpl = {
- .name = "rfc4106",
- .create = crypto_rfc4106_create,
- .module = THIS_MODULE,
-};
-
static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key,
unsigned int keylen)
{
@@ -1067,9 +1023,9 @@
unsigned int authsize = crypto_aead_authsize(aead);
unsigned int nbytes = req->assoclen + req->cryptlen -
(enc ? 0 : authsize);
- SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null);
+ SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->null);
- skcipher_request_set_tfm(nreq, ctx->null);
+ skcipher_request_set_sync_tfm(nreq, ctx->null);
skcipher_request_set_callback(nreq, req->base.flags, NULL, NULL);
skcipher_request_set_crypt(nreq, req->src, req->dst, nbytes, NULL);
@@ -1078,12 +1034,14 @@
static int crypto_rfc4543_encrypt(struct aead_request *req)
{
- return crypto_rfc4543_crypt(req, true);
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ crypto_rfc4543_crypt(req, true);
}
static int crypto_rfc4543_decrypt(struct aead_request *req)
{
- return crypto_rfc4543_crypt(req, false);
+ return crypto_ipsec_check_assoclen(req->assoclen) ?:
+ crypto_rfc4543_crypt(req, false);
}
static int crypto_rfc4543_init_tfm(struct crypto_aead *tfm)
@@ -1093,7 +1051,7 @@
struct crypto_aead_spawn *spawn = &ictx->aead;
struct crypto_rfc4543_ctx *ctx = crypto_aead_ctx(tfm);
struct crypto_aead *aead;
- struct crypto_skcipher *null;
+ struct crypto_sync_skcipher *null;
unsigned long align;
int err = 0;
@@ -1231,10 +1189,24 @@
goto out;
}
-static struct crypto_template crypto_rfc4543_tmpl = {
- .name = "rfc4543",
- .create = crypto_rfc4543_create,
- .module = THIS_MODULE,
+static struct crypto_template crypto_gcm_tmpls[] = {
+ {
+ .name = "gcm_base",
+ .create = crypto_gcm_base_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "gcm",
+ .create = crypto_gcm_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "rfc4106",
+ .create = crypto_rfc4106_create,
+ .module = THIS_MODULE,
+ }, {
+ .name = "rfc4543",
+ .create = crypto_rfc4543_create,
+ .module = THIS_MODULE,
+ },
};
static int __init crypto_gcm_module_init(void)
@@ -1247,45 +1219,22 @@
sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf));
- err = crypto_register_template(&crypto_gcm_base_tmpl);
+ err = crypto_register_templates(crypto_gcm_tmpls,
+ ARRAY_SIZE(crypto_gcm_tmpls));
if (err)
- goto out;
+ kfree(gcm_zeroes);
- err = crypto_register_template(&crypto_gcm_tmpl);
- if (err)
- goto out_undo_base;
-
- err = crypto_register_template(&crypto_rfc4106_tmpl);
- if (err)
- goto out_undo_gcm;
-
- err = crypto_register_template(&crypto_rfc4543_tmpl);
- if (err)
- goto out_undo_rfc4106;
-
- return 0;
-
-out_undo_rfc4106:
- crypto_unregister_template(&crypto_rfc4106_tmpl);
-out_undo_gcm:
- crypto_unregister_template(&crypto_gcm_tmpl);
-out_undo_base:
- crypto_unregister_template(&crypto_gcm_base_tmpl);
-out:
- kfree(gcm_zeroes);
return err;
}
static void __exit crypto_gcm_module_exit(void)
{
kfree(gcm_zeroes);
- crypto_unregister_template(&crypto_rfc4543_tmpl);
- crypto_unregister_template(&crypto_rfc4106_tmpl);
- crypto_unregister_template(&crypto_gcm_tmpl);
- crypto_unregister_template(&crypto_gcm_base_tmpl);
+ crypto_unregister_templates(crypto_gcm_tmpls,
+ ARRAY_SIZE(crypto_gcm_tmpls));
}
-module_init(crypto_gcm_module_init);
+subsys_initcall(crypto_gcm_module_init);
module_exit(crypto_gcm_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/ghash-generic.c b/crypto/ghash-generic.c
index d9f192b..5027b34 100644
--- a/crypto/ghash-generic.c
+++ b/crypto/ghash-generic.c
@@ -1,15 +1,37 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
- * GHASH: digest algorithm for GCM (Galois/Counter Mode).
+ * GHASH: hash function for GCM (Galois/Counter Mode).
*
* Copyright (c) 2007 Nokia Siemens Networks - Mikko Herranen <mh1@iki.fi>
* Copyright (c) 2009 Intel Corp.
* Author: Huang Ying <ying.huang@intel.com>
+ */
+
+/*
+ * GHASH is a keyed hash function used in GCM authentication tag generation.
*
- * The algorithm implementation is copied from gcm.c.
+ * The original GCM paper [1] presents GHASH as a function GHASH(H, A, C) which
+ * takes a 16-byte hash key H, additional authenticated data A, and a ciphertext
+ * C. It formats A and C into a single byte string X, interprets X as a
+ * polynomial over GF(2^128), and evaluates this polynomial at the point H.
*
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published
- * by the Free Software Foundation.
+ * However, the NIST standard for GCM [2] presents GHASH as GHASH(H, X) where X
+ * is the already-formatted byte string containing both A and C.
+ *
+ * "ghash" in the Linux crypto API uses the 'X' (pre-formatted) convention,
+ * since the API supports only a single data stream per hash. Thus, the
+ * formatting of 'A' and 'C' is done in the "gcm" template, not in "ghash".
+ *
+ * The reason "ghash" is separate from "gcm" is to allow "gcm" to use an
+ * accelerated "ghash" when a standalone accelerated "gcm(aes)" is unavailable.
+ * It is generally inappropriate to use "ghash" for other purposes, since it is
+ * an "ε-almost-XOR-universal hash function", not a cryptographic hash function.
+ * It can only be used securely in crypto modes specially designed to use it.
+ *
+ * [1] The Galois/Counter Mode of Operation (GCM)
+ * (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.694.695&rep=rep1&type=pdf)
+ * [2] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
+ * (https://csrc.nist.gov/publications/detail/sp/800-38d/final)
*/
#include <crypto/algapi.h>
@@ -34,6 +56,7 @@
const u8 *key, unsigned int keylen)
{
struct ghash_ctx *ctx = crypto_shash_ctx(tfm);
+ be128 k;
if (keylen != GHASH_BLOCK_SIZE) {
crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
@@ -42,7 +65,12 @@
if (ctx->gf128)
gf128mul_free_4k(ctx->gf128);
- ctx->gf128 = gf128mul_init_4k_lle((be128 *)key);
+
+ BUILD_BUG_ON(sizeof(k) != GHASH_BLOCK_SIZE);
+ memcpy(&k, key, GHASH_BLOCK_SIZE); /* avoid violating alignment rules */
+ ctx->gf128 = gf128mul_init_4k_lle(&k);
+ memzero_explicit(&k, GHASH_BLOCK_SIZE);
+
if (!ctx->gf128)
return -ENOMEM;
@@ -149,10 +177,10 @@
crypto_unregister_shash(&ghash_alg);
}
-module_init(ghash_mod_init);
+subsys_initcall(ghash_mod_init);
module_exit(ghash_mod_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("GHASH Message Digest Algorithm");
+MODULE_DESCRIPTION("GHASH hash function");
MODULE_ALIAS_CRYPTO("ghash");
MODULE_ALIAS_CRYPTO("ghash-generic");
diff --git a/crypto/hash_info.c b/crypto/hash_info.c
index 7b1e0b1..c754cb7 100644
--- a/crypto/hash_info.c
+++ b/crypto/hash_info.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Hash Info: Hash algorithms information
*
* Copyright (c) 2013 Dmitry Kasatkin <d.kasatkin@samsung.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/export.h>
@@ -32,6 +27,8 @@
[HASH_ALGO_TGR_160] = "tgr160",
[HASH_ALGO_TGR_192] = "tgr192",
[HASH_ALGO_SM3_256] = "sm3-256",
+ [HASH_ALGO_STREEBOG_256] = "streebog256",
+ [HASH_ALGO_STREEBOG_512] = "streebog512",
};
EXPORT_SYMBOL_GPL(hash_algo_name);
@@ -54,5 +51,7 @@
[HASH_ALGO_TGR_160] = TGR160_DIGEST_SIZE,
[HASH_ALGO_TGR_192] = TGR192_DIGEST_SIZE,
[HASH_ALGO_SM3_256] = SM3256_DIGEST_SIZE,
+ [HASH_ALGO_STREEBOG_256] = STREEBOG256_DIGEST_SIZE,
+ [HASH_ALGO_STREEBOG_512] = STREEBOG512_DIGEST_SIZE,
};
EXPORT_SYMBOL_GPL(hash_digest_size);
diff --git a/crypto/hmac.c b/crypto/hmac.c
index e747302..8b2a212 100644
--- a/crypto/hmac.c
+++ b/crypto/hmac.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -8,12 +9,6 @@
*
* The HMAC implementation is derived from USAGI.
* Copyright (c) 2002 Kazunori Miyazawa <miyazawa@linux-ipv6.org> / USAGI
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/hmac.h>
@@ -57,8 +52,6 @@
unsigned int i;
shash->tfm = hash;
- shash->flags = crypto_shash_get_flags(parent)
- & CRYPTO_TFM_REQ_MAY_SLEEP;
if (keylen > bs) {
int err;
@@ -91,8 +84,6 @@
{
struct shash_desc *desc = shash_desc_ctx(pdesc);
- desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-
return crypto_shash_export(desc, out);
}
@@ -102,7 +93,6 @@
struct hmac_ctx *ctx = hmac_ctx(pdesc->tfm);
desc->tfm = ctx->hash;
- desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
return crypto_shash_import(desc, in);
}
@@ -117,8 +107,6 @@
{
struct shash_desc *desc = shash_desc_ctx(pdesc);
- desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-
return crypto_shash_update(desc, data, nbytes);
}
@@ -130,8 +118,6 @@
char *opad = crypto_shash_ctx_aligned(parent) + ss;
struct shash_desc *desc = shash_desc_ctx(pdesc);
- desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-
return crypto_shash_final(desc, out) ?:
crypto_shash_import(desc, opad) ?:
crypto_shash_finup(desc, out, ds, out);
@@ -147,8 +133,6 @@
char *opad = crypto_shash_ctx_aligned(parent) + ss;
struct shash_desc *desc = shash_desc_ctx(pdesc);
- desc->flags = pdesc->flags & CRYPTO_TFM_REQ_MAY_SLEEP;
-
return crypto_shash_finup(desc, data, nbytes, out) ?:
crypto_shash_import(desc, opad) ?:
crypto_shash_finup(desc, out, ds, out);
@@ -168,6 +152,10 @@
parent->descsize = sizeof(struct shash_desc) +
crypto_shash_descsize(hash);
+ if (WARN_ON(parent->descsize > HASH_MAX_DESCSIZE)) {
+ crypto_free_shash(hash);
+ return -EINVAL;
+ }
ctx->hash = hash;
return 0;
@@ -268,7 +256,7 @@
crypto_unregister_template(&hmac_tmpl);
}
-module_init(hmac_module_init);
+subsys_initcall(hmac_module_init);
module_exit(hmac_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/internal.h b/crypto/internal.h
index 9a3f399..93df7be 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -1,14 +1,9 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Cryptographic API.
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* Copyright (c) 2005 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#ifndef _CRYPTO_INTERNAL_H
#define _CRYPTO_INTERNAL_H
@@ -26,12 +21,6 @@
#include <linux/rwsem.h>
#include <linux/slab.h>
-/* Crypto notification events. */
-enum {
- CRYPTO_MSG_ALG_REQUEST,
- CRYPTO_MSG_ALG_REGISTER,
-};
-
struct crypto_instance;
struct crypto_template;
@@ -90,8 +79,6 @@
void *crypto_alloc_tfm(const char *alg_name,
const struct crypto_type *frontend, u32 type, u32 mask);
-int crypto_register_notifier(struct notifier_block *nb);
-int crypto_unregister_notifier(struct notifier_block *nb);
int crypto_probing_notify(unsigned long val, void *v);
unsigned int crypto_alg_extsize(struct crypto_alg *alg);
diff --git a/crypto/jitterentropy-kcapi.c b/crypto/jitterentropy-kcapi.c
index 787dccc..701b8d8 100644
--- a/crypto/jitterentropy-kcapi.c
+++ b/crypto/jitterentropy-kcapi.c
@@ -56,11 +56,6 @@
* Helper function
***************************************************************************/
-__u64 jent_rol64(__u64 word, unsigned int shift)
-{
- return rol64(word, shift);
-}
-
void *jent_zalloc(unsigned int len)
{
return kzalloc(len, GFP_KERNEL);
diff --git a/crypto/jitterentropy.c b/crypto/jitterentropy.c
index acf44b2..77fa212 100644
--- a/crypto/jitterentropy.c
+++ b/crypto/jitterentropy.c
@@ -2,7 +2,7 @@
* Non-physical true random number generator based on timing jitter --
* Jitter RNG standalone code.
*
- * Copyright Stephan Mueller <smueller@chronox.de>, 2015
+ * Copyright Stephan Mueller <smueller@chronox.de>, 2015 - 2019
*
* Design
* ======
@@ -47,7 +47,7 @@
/*
* This Jitterentropy RNG is based on the jitterentropy library
- * version 1.1.0 provided at http://www.chronox.de/jent.html
+ * version 2.1.2 provided at http://www.chronox.de/jent.html
*/
#ifdef __OPTIMIZE__
@@ -71,10 +71,7 @@
#define DATA_SIZE_BITS ((sizeof(__u64)) * 8)
__u64 last_delta; /* SENSITIVE stuck test */
__s64 last_delta2; /* SENSITIVE stuck test */
- unsigned int stuck:1; /* Time measurement stuck */
unsigned int osr; /* Oversample rate */
- unsigned int stir:1; /* Post-processing stirring */
- unsigned int disable_unbias:1; /* Deactivate Von-Neuman unbias */
#define JENT_MEMORY_BLOCKS 64
#define JENT_MEMORY_BLOCKSIZE 32
#define JENT_MEMORY_ACCESSLOOPS 128
@@ -89,8 +86,6 @@
};
/* Flags that can be used to initialize the RNG */
-#define JENT_DISABLE_STIR (1<<0) /* Disable stirring the entropy pool */
-#define JENT_DISABLE_UNBIAS (1<<1) /* Disable the Von-Neuman Unbiaser */
#define JENT_DISABLE_MEMORY_ACCESS (1<<2) /* Disable memory access for more
* entropy, saves MEMORY_SIZE RAM for
* entropy collector */
@@ -99,19 +94,16 @@
#define JENT_ENOTIME 1 /* Timer service not available */
#define JENT_ECOARSETIME 2 /* Timer too coarse for RNG */
#define JENT_ENOMONOTONIC 3 /* Timer is not monotonic increasing */
-#define JENT_EMINVARIATION 4 /* Timer variations too small for RNG */
#define JENT_EVARVAR 5 /* Timer does not produce variations of
* variations (2nd derivation of time is
* zero). */
-#define JENT_EMINVARVAR 6 /* Timer variations of variations is tooi
- * small. */
+#define JENT_ESTUCK 8 /* Too many stuck results during init. */
/***************************************************************************
* Helper functions
***************************************************************************/
void jent_get_nstime(__u64 *out);
-__u64 jent_rol64(__u64 word, unsigned int shift);
void *jent_zalloc(unsigned int len);
void jent_zfree(void *ptr);
int jent_fips_enabled(void);
@@ -140,16 +132,16 @@
jent_get_nstime(&time);
/*
- * mix the current state of the random number into the shuffle
- * calculation to balance that shuffle a bit more
+ * Mix the current state of the random number into the shuffle
+ * calculation to balance that shuffle a bit more.
*/
if (ec)
time ^= ec->data;
/*
- * we fold the time value as much as possible to ensure that as many
- * bits of the time stamp are included as possible
+ * We fold the time value as much as possible to ensure that as many
+ * bits of the time stamp are included as possible.
*/
- for (i = 0; (DATA_SIZE_BITS / bits) > i; i++) {
+ for (i = 0; ((DATA_SIZE_BITS + bits - 1) / bits) > i; i++) {
shuffle ^= time & mask;
time = time >> bits;
}
@@ -169,38 +161,28 @@
* CPU Jitter noise source -- this is the noise source based on the CPU
* execution time jitter
*
- * This function folds the time into one bit units by iterating
- * through the DATA_SIZE_BITS bit time value as follows: assume our time value
- * is 0xabcd
- * 1st loop, 1st shift generates 0xd000
- * 1st loop, 2nd shift generates 0x000d
- * 2nd loop, 1st shift generates 0xcd00
- * 2nd loop, 2nd shift generates 0x000c
- * 3rd loop, 1st shift generates 0xbcd0
- * 3rd loop, 2nd shift generates 0x000b
- * 4th loop, 1st shift generates 0xabcd
- * 4th loop, 2nd shift generates 0x000a
- * Now, the values at the end of the 2nd shifts are XORed together.
+ * This function injects the individual bits of the time value into the
+ * entropy pool using an LFSR.
*
- * The code is deliberately inefficient and shall stay that way. This function
- * is the root cause why the code shall be compiled without optimization. This
- * function not only acts as folding operation, but this function's execution
- * is used to measure the CPU execution time jitter. Any change to the loop in
- * this function implies that careful retesting must be done.
+ * The code is deliberately inefficient with respect to the bit shifting
+ * and shall stay that way. This function is the root cause why the code
+ * shall be compiled without optimization. This function not only acts as
+ * folding operation, but this function's execution is used to measure
+ * the CPU execution time jitter. Any change to the loop in this function
+ * implies that careful retesting must be done.
*
* Input:
* @ec entropy collector struct -- may be NULL
- * @time time stamp to be folded
+ * @time time stamp to be injected
* @loop_cnt if a value not equal to 0 is set, use the given value as number of
* loops to perform the folding
*
* Output:
- * @folded result of folding operation
+ * updated ec->data
*
* @return Number of loops the folding operation is performed
*/
-static __u64 jent_fold_time(struct rand_data *ec, __u64 time,
- __u64 *folded, __u64 loop_cnt)
+static __u64 jent_lfsr_time(struct rand_data *ec, __u64 time, __u64 loop_cnt)
{
unsigned int i;
__u64 j = 0;
@@ -217,15 +199,34 @@
if (loop_cnt)
fold_loop_cnt = loop_cnt;
for (j = 0; j < fold_loop_cnt; j++) {
- new = 0;
+ new = ec->data;
for (i = 1; (DATA_SIZE_BITS) >= i; i++) {
__u64 tmp = time << (DATA_SIZE_BITS - i);
tmp = tmp >> (DATA_SIZE_BITS - 1);
+
+ /*
+ * Fibonacci LSFR with polynomial of
+ * x^64 + x^61 + x^56 + x^31 + x^28 + x^23 + 1 which is
+ * primitive according to
+ * http://poincare.matf.bg.ac.rs/~ezivkovm/publications/primpol1.pdf
+ * (the shift values are the polynomial values minus one
+ * due to counting bits from 0 to 63). As the current
+ * position is always the LSB, the polynomial only needs
+ * to shift data in from the left without wrap.
+ */
+ tmp ^= ((new >> 63) & 1);
+ tmp ^= ((new >> 60) & 1);
+ tmp ^= ((new >> 55) & 1);
+ tmp ^= ((new >> 30) & 1);
+ tmp ^= ((new >> 27) & 1);
+ tmp ^= ((new >> 22) & 1);
+ new <<= 1;
new ^= tmp;
}
}
- *folded = new;
+ ec->data = new;
+
return fold_loop_cnt;
}
@@ -258,7 +259,6 @@
*/
static unsigned int jent_memaccess(struct rand_data *ec, __u64 loop_cnt)
{
- unsigned char *tmpval = NULL;
unsigned int wrap = 0;
__u64 i = 0;
#define MAX_ACC_LOOP_BIT 7
@@ -278,7 +278,7 @@
acc_loop_cnt = loop_cnt;
for (i = 0; i < (ec->memaccessloops + acc_loop_cnt); i++) {
- tmpval = ec->mem + ec->memlocation;
+ unsigned char *tmpval = ec->mem + ec->memlocation;
/*
* memory access: just add 1 to one byte,
* wrap at 255 -- memory access implies read
@@ -316,7 +316,7 @@
* 0 jitter measurement not stuck (good bit)
* 1 jitter measurement stuck (reject bit)
*/
-static void jent_stuck(struct rand_data *ec, __u64 current_delta)
+static int jent_stuck(struct rand_data *ec, __u64 current_delta)
{
__s64 delta2 = ec->last_delta - current_delta;
__s64 delta3 = delta2 - ec->last_delta2;
@@ -325,14 +325,15 @@
ec->last_delta2 = delta2;
if (!current_delta || !delta2 || !delta3)
- ec->stuck = 1;
+ return 1;
+
+ return 0;
}
/**
* This is the heart of the entropy generation: calculate time deltas and
- * use the CPU jitter in the time deltas. The jitter is folded into one
- * bit. You can call this function the "random bit generator" as it
- * produces one random bit per invocation.
+ * use the CPU jitter in the time deltas. The jitter is injected into the
+ * entropy pool.
*
* WARNING: ensure that ->prev_time is primed before using the output
* of this function! This can be done by calling this function
@@ -341,12 +342,11 @@
* Input:
* @entropy_collector Reference to entropy collector
*
- * @return One random bit
+ * @return result of stuck test
*/
-static __u64 jent_measure_jitter(struct rand_data *ec)
+static int jent_measure_jitter(struct rand_data *ec)
{
__u64 time = 0;
- __u64 data = 0;
__u64 current_delta = 0;
/* Invoke one noise source before time measurement to add variations */
@@ -360,109 +360,11 @@
current_delta = time - ec->prev_time;
ec->prev_time = time;
- /* Now call the next noise sources which also folds the data */
- jent_fold_time(ec, current_delta, &data, 0);
+ /* Now call the next noise sources which also injects the data */
+ jent_lfsr_time(ec, current_delta, 0);
- /*
- * Check whether we have a stuck measurement. The enforcement
- * is performed after the stuck value has been mixed into the
- * entropy pool.
- */
- jent_stuck(ec, current_delta);
-
- return data;
-}
-
-/**
- * Von Neuman unbias as explained in RFC 4086 section 4.2. As shown in the
- * documentation of that RNG, the bits from jent_measure_jitter are considered
- * independent which implies that the Von Neuman unbias operation is applicable.
- * A proof of the Von-Neumann unbias operation to remove skews is given in the
- * document "A proposal for: Functionality classes for random number
- * generators", version 2.0 by Werner Schindler, section 5.4.1.
- *
- * Input:
- * @entropy_collector Reference to entropy collector
- *
- * @return One random bit
- */
-static __u64 jent_unbiased_bit(struct rand_data *entropy_collector)
-{
- do {
- __u64 a = jent_measure_jitter(entropy_collector);
- __u64 b = jent_measure_jitter(entropy_collector);
-
- if (a == b)
- continue;
- if (1 == a)
- return 1;
- else
- return 0;
- } while (1);
-}
-
-/**
- * Shuffle the pool a bit by mixing some value with a bijective function (XOR)
- * into the pool.
- *
- * The function generates a mixer value that depends on the bits set and the
- * location of the set bits in the random number generated by the entropy
- * source. Therefore, based on the generated random number, this mixer value
- * can have 2**64 different values. That mixer value is initialized with the
- * first two SHA-1 constants. After obtaining the mixer value, it is XORed into
- * the random number.
- *
- * The mixer value is not assumed to contain any entropy. But due to the XOR
- * operation, it can also not destroy any entropy present in the entropy pool.
- *
- * Input:
- * @entropy_collector Reference to entropy collector
- */
-static void jent_stir_pool(struct rand_data *entropy_collector)
-{
- /*
- * to shut up GCC on 32 bit, we have to initialize the 64 variable
- * with two 32 bit variables
- */
- union c {
- __u64 u64;
- __u32 u32[2];
- };
- /*
- * This constant is derived from the first two 32 bit initialization
- * vectors of SHA-1 as defined in FIPS 180-4 section 5.3.1
- */
- union c constant;
- /*
- * The start value of the mixer variable is derived from the third
- * and fourth 32 bit initialization vector of SHA-1 as defined in
- * FIPS 180-4 section 5.3.1
- */
- union c mixer;
- unsigned int i = 0;
-
- /*
- * Store the SHA-1 constants in reverse order to make up the 64 bit
- * value -- this applies to a little endian system, on a big endian
- * system, it reverses as expected. But this really does not matter
- * as we do not rely on the specific numbers. We just pick the SHA-1
- * constants as they have a good mix of bit set and unset.
- */
- constant.u32[1] = 0x67452301;
- constant.u32[0] = 0xefcdab89;
- mixer.u32[1] = 0x98badcfe;
- mixer.u32[0] = 0x10325476;
-
- for (i = 0; i < DATA_SIZE_BITS; i++) {
- /*
- * get the i-th bit of the input random number and only XOR
- * the constant into the mixer value when that bit is set
- */
- if ((entropy_collector->data >> i) & 1)
- mixer.u64 ^= constant.u64;
- mixer.u64 = jent_rol64(mixer.u64, 1);
- }
- entropy_collector->data ^= mixer.u64;
+ /* Check whether we have a stuck measurement. */
+ return jent_stuck(ec, current_delta);
}
/**
@@ -480,48 +382,9 @@
jent_measure_jitter(ec);
while (1) {
- __u64 data = 0;
-
- if (ec->disable_unbias == 1)
- data = jent_measure_jitter(ec);
- else
- data = jent_unbiased_bit(ec);
-
- /* enforcement of the jent_stuck test */
- if (ec->stuck) {
- /*
- * We only mix in the bit considered not appropriate
- * without the LSFR. The reason is that if we apply
- * the LSFR and we do not rotate, the 2nd bit with LSFR
- * will cancel out the first LSFR application on the
- * bad bit.
- *
- * And we do not rotate as we apply the next bit to the
- * current bit location again.
- */
- ec->data ^= data;
- ec->stuck = 0;
+ /* If a stuck measurement is received, repeat measurement */
+ if (jent_measure_jitter(ec))
continue;
- }
-
- /*
- * Fibonacci LSFR with polynom of
- * x^64 + x^61 + x^56 + x^31 + x^28 + x^23 + 1 which is
- * primitive according to
- * http://poincare.matf.bg.ac.rs/~ezivkovm/publications/primpol1.pdf
- * (the shift values are the polynom values minus one
- * due to counting bits from 0 to 63). As the current
- * position is always the LSB, the polynom only needs
- * to shift data in from the left without wrap.
- */
- ec->data ^= data;
- ec->data ^= ((ec->data >> 63) & 1);
- ec->data ^= ((ec->data >> 60) & 1);
- ec->data ^= ((ec->data >> 55) & 1);
- ec->data ^= ((ec->data >> 30) & 1);
- ec->data ^= ((ec->data >> 27) & 1);
- ec->data ^= ((ec->data >> 22) & 1);
- ec->data = jent_rol64(ec->data, 1);
/*
* We multiply the loop value with ->osr to obtain the
@@ -530,8 +393,6 @@
if (++k >= (DATA_SIZE_BITS * ec->osr))
break;
}
- if (ec->stir)
- jent_stir_pool(ec);
}
/**
@@ -639,12 +500,6 @@
osr = 1; /* minimum sampling rate is 1 */
entropy_collector->osr = osr;
- entropy_collector->stir = 1;
- if (flags & JENT_DISABLE_STIR)
- entropy_collector->stir = 0;
- if (flags & JENT_DISABLE_UNBIAS)
- entropy_collector->disable_unbias = 1;
-
/* fill the data pad with non-zero values */
jent_gen_entropy(entropy_collector);
@@ -656,7 +511,6 @@
jent_zfree(entropy_collector->mem);
entropy_collector->mem = NULL;
jent_zfree(entropy_collector);
- entropy_collector = NULL;
}
int jent_entropy_init(void)
@@ -665,8 +519,9 @@
__u64 delta_sum = 0;
__u64 old_delta = 0;
int time_backwards = 0;
- int count_var = 0;
int count_mod = 0;
+ int count_stuck = 0;
+ struct rand_data ec = { 0 };
/* We could perform statistical tests here, but the problem is
* that we only have a few loop counts to do testing. These
@@ -695,12 +550,14 @@
for (i = 0; (TESTLOOPCOUNT + CLEARCACHE) > i; i++) {
__u64 time = 0;
__u64 time2 = 0;
- __u64 folded = 0;
__u64 delta = 0;
unsigned int lowdelta = 0;
+ int stuck;
+ /* Invoke core entropy collection logic */
jent_get_nstime(&time);
- jent_fold_time(NULL, time, &folded, 1<<MIN_FOLD_LOOP_BIT);
+ ec.prev_time = time;
+ jent_lfsr_time(&ec, time, 0);
jent_get_nstime(&time2);
/* test whether timer works */
@@ -715,6 +572,8 @@
if (!delta)
return JENT_ECOARSETIME;
+ stuck = jent_stuck(&ec, delta);
+
/*
* up to here we did not modify any variable that will be
* evaluated later, but we already performed some work. Thus we
@@ -725,14 +584,14 @@
if (CLEARCACHE > i)
continue;
+ if (stuck)
+ count_stuck++;
+
/* test whether we have an increasing timer */
if (!(time2 > time))
time_backwards++;
- /*
- * Avoid modulo of 64 bit integer to allow code to compile
- * on 32 bit architectures.
- */
+ /* use 32 bit value to ensure compilation on 32 bit arches */
lowdelta = time2 - time;
if (!(lowdelta % 100))
count_mod++;
@@ -743,14 +602,10 @@
* only after the first loop is executed as we need to prime
* the old_data value
*/
- if (i) {
- if (delta != old_delta)
- count_var++;
- if (delta > old_delta)
- delta_sum += (delta - old_delta);
- else
- delta_sum += (old_delta - delta);
- }
+ if (delta > old_delta)
+ delta_sum += (delta - old_delta);
+ else
+ delta_sum += (old_delta - delta);
old_delta = delta;
}
@@ -763,25 +618,29 @@
*/
if (3 < time_backwards)
return JENT_ENOMONOTONIC;
- /* Error if the time variances are always identical */
- if (!delta_sum)
- return JENT_EVARVAR;
/*
* Variations of deltas of time must on average be larger
* than 1 to ensure the entropy estimation
* implied with 1 is preserved
*/
- if (delta_sum <= 1)
- return JENT_EMINVARVAR;
+ if ((delta_sum) <= 1)
+ return JENT_EVARVAR;
/*
* Ensure that we have variations in the time stamp below 10 for at
- * least 10% of all checks -- on some platforms, the counter
- * increments in multiples of 100, but not always
+ * least 10% of all checks -- on some platforms, the counter increments
+ * in multiples of 100, but not always
*/
if ((TESTLOOPCOUNT/10 * 9) < count_mod)
return JENT_ECOARSETIME;
+ /*
+ * If we have more than 90% stuck results, then this Jitter RNG is
+ * likely to not work well.
+ */
+ if ((TESTLOOPCOUNT/10 * 9) < count_stuck)
+ return JENT_ESTUCK;
+
return 0;
}
diff --git a/crypto/keywrap.c b/crypto/keywrap.c
index ec5c6a0..a155c88 100644
--- a/crypto/keywrap.c
+++ b/crypto/keywrap.c
@@ -56,7 +56,7 @@
* u8 *iv = data;
* u8 *pt = data + crypto_skcipher_ivsize(tfm);
* <ensure that pt contains the plaintext of size ptlen>
- * sg_init_one(&sg, ptdata, ptlen);
+ * sg_init_one(&sg, pt, ptlen);
* skcipher_request_set_crypt(req, &sg, &sg, ptlen, iv);
*
* ==> After encryption, data now contains full KW result as per SP800-38F.
@@ -70,8 +70,8 @@
* u8 *iv = data;
* u8 *ct = data + crypto_skcipher_ivsize(tfm);
* unsigned int ctlen = datalen - crypto_skcipher_ivsize(tfm);
- * sg_init_one(&sg, ctdata, ctlen);
- * skcipher_request_set_crypt(req, &sg, &sg, ptlen, iv);
+ * sg_init_one(&sg, ct, ctlen);
+ * skcipher_request_set_crypt(req, &sg, &sg, ctlen, iv);
*
* ==> After decryption (which hopefully does not return EBADMSG), the ct
* pointer now points to the plaintext of size ctlen.
@@ -87,10 +87,6 @@
#include <crypto/scatterwalk.h>
#include <crypto/internal/skcipher.h>
-struct crypto_kw_ctx {
- struct crypto_cipher *child;
-};
-
struct crypto_kw_block {
#define SEMIBSIZE 8
__be64 A;
@@ -124,16 +120,13 @@
}
}
-static int crypto_kw_decrypt(struct blkcipher_desc *desc,
- struct scatterlist *dst, struct scatterlist *src,
- unsigned int nbytes)
+static int crypto_kw_decrypt(struct skcipher_request *req)
{
- struct crypto_blkcipher *tfm = desc->tfm;
- struct crypto_kw_ctx *ctx = crypto_blkcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
struct crypto_kw_block block;
- struct scatterlist *lsrc, *ldst;
- u64 t = 6 * ((nbytes) >> 3);
+ struct scatterlist *src, *dst;
+ u64 t = 6 * ((req->cryptlen) >> 3);
unsigned int i;
int ret = 0;
@@ -141,27 +134,27 @@
* Require at least 2 semiblocks (note, the 3rd semiblock that is
* required by SP800-38F is the IV.
*/
- if (nbytes < (2 * SEMIBSIZE) || nbytes % SEMIBSIZE)
+ if (req->cryptlen < (2 * SEMIBSIZE) || req->cryptlen % SEMIBSIZE)
return -EINVAL;
/* Place the IV into block A */
- memcpy(&block.A, desc->info, SEMIBSIZE);
+ memcpy(&block.A, req->iv, SEMIBSIZE);
/*
* src scatterlist is read-only. dst scatterlist is r/w. During the
- * first loop, lsrc points to src and ldst to dst. For any
- * subsequent round, the code operates on dst only.
+ * first loop, src points to req->src and dst to req->dst. For any
+ * subsequent round, the code operates on req->dst only.
*/
- lsrc = src;
- ldst = dst;
+ src = req->src;
+ dst = req->dst;
for (i = 0; i < 6; i++) {
struct scatter_walk src_walk, dst_walk;
- unsigned int tmp_nbytes = nbytes;
+ unsigned int nbytes = req->cryptlen;
- while (tmp_nbytes) {
- /* move pointer by tmp_nbytes in the SGL */
- crypto_kw_scatterlist_ff(&src_walk, lsrc, tmp_nbytes);
+ while (nbytes) {
+ /* move pointer by nbytes in the SGL */
+ crypto_kw_scatterlist_ff(&src_walk, src, nbytes);
/* get the source block */
scatterwalk_copychunks(&block.R, &src_walk, SEMIBSIZE,
false);
@@ -170,21 +163,21 @@
block.A ^= cpu_to_be64(t);
t--;
/* perform KW operation: decrypt block */
- crypto_cipher_decrypt_one(child, (u8*)&block,
- (u8*)&block);
+ crypto_cipher_decrypt_one(cipher, (u8 *)&block,
+ (u8 *)&block);
- /* move pointer by tmp_nbytes in the SGL */
- crypto_kw_scatterlist_ff(&dst_walk, ldst, tmp_nbytes);
+ /* move pointer by nbytes in the SGL */
+ crypto_kw_scatterlist_ff(&dst_walk, dst, nbytes);
/* Copy block->R into place */
scatterwalk_copychunks(&block.R, &dst_walk, SEMIBSIZE,
true);
- tmp_nbytes -= SEMIBSIZE;
+ nbytes -= SEMIBSIZE;
}
/* we now start to operate on the dst SGL only */
- lsrc = dst;
- ldst = dst;
+ src = req->dst;
+ dst = req->dst;
}
/* Perform authentication check */
@@ -196,15 +189,12 @@
return ret;
}
-static int crypto_kw_encrypt(struct blkcipher_desc *desc,
- struct scatterlist *dst, struct scatterlist *src,
- unsigned int nbytes)
+static int crypto_kw_encrypt(struct skcipher_request *req)
{
- struct crypto_blkcipher *tfm = desc->tfm;
- struct crypto_kw_ctx *ctx = crypto_blkcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
struct crypto_kw_block block;
- struct scatterlist *lsrc, *ldst;
+ struct scatterlist *src, *dst;
u64 t = 1;
unsigned int i;
@@ -214,7 +204,7 @@
* This means that the dst memory must be one semiblock larger than src.
* Also ensure that the given data is aligned to semiblock.
*/
- if (nbytes < (2 * SEMIBSIZE) || nbytes % SEMIBSIZE)
+ if (req->cryptlen < (2 * SEMIBSIZE) || req->cryptlen % SEMIBSIZE)
return -EINVAL;
/*
@@ -225,26 +215,26 @@
/*
* src scatterlist is read-only. dst scatterlist is r/w. During the
- * first loop, lsrc points to src and ldst to dst. For any
- * subsequent round, the code operates on dst only.
+ * first loop, src points to req->src and dst to req->dst. For any
+ * subsequent round, the code operates on req->dst only.
*/
- lsrc = src;
- ldst = dst;
+ src = req->src;
+ dst = req->dst;
for (i = 0; i < 6; i++) {
struct scatter_walk src_walk, dst_walk;
- unsigned int tmp_nbytes = nbytes;
+ unsigned int nbytes = req->cryptlen;
- scatterwalk_start(&src_walk, lsrc);
- scatterwalk_start(&dst_walk, ldst);
+ scatterwalk_start(&src_walk, src);
+ scatterwalk_start(&dst_walk, dst);
- while (tmp_nbytes) {
+ while (nbytes) {
/* get the source block */
scatterwalk_copychunks(&block.R, &src_walk, SEMIBSIZE,
false);
/* perform KW operation: encrypt block */
- crypto_cipher_encrypt_one(child, (u8 *)&block,
+ crypto_cipher_encrypt_one(cipher, (u8 *)&block,
(u8 *)&block);
/* perform KW operation: modify IV with counter */
block.A ^= cpu_to_be64(t);
@@ -254,117 +244,59 @@
scatterwalk_copychunks(&block.R, &dst_walk, SEMIBSIZE,
true);
- tmp_nbytes -= SEMIBSIZE;
+ nbytes -= SEMIBSIZE;
}
/* we now start to operate on the dst SGL only */
- lsrc = dst;
- ldst = dst;
+ src = req->dst;
+ dst = req->dst;
}
/* establish the IV for the caller to pick up */
- memcpy(desc->info, &block.A, SEMIBSIZE);
+ memcpy(req->iv, &block.A, SEMIBSIZE);
memzero_explicit(&block, sizeof(struct crypto_kw_block));
return 0;
}
-static int crypto_kw_setkey(struct crypto_tfm *parent, const u8 *key,
- unsigned int keylen)
+static int crypto_kw_create(struct crypto_template *tmpl, struct rtattr **tb)
{
- struct crypto_kw_ctx *ctx = crypto_tfm_ctx(parent);
- struct crypto_cipher *child = ctx->child;
+ struct skcipher_instance *inst;
+ struct crypto_alg *alg;
int err;
- crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_cipher_setkey(child, key, keylen);
- crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
+ if (IS_ERR(inst))
+ return PTR_ERR(inst);
-static int crypto_kw_init_tfm(struct crypto_tfm *tfm)
-{
- struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
- struct crypto_spawn *spawn = crypto_instance_ctx(inst);
- struct crypto_kw_ctx *ctx = crypto_tfm_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_spawn_cipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
- return 0;
-}
-
-static void crypto_kw_exit_tfm(struct crypto_tfm *tfm)
-{
- struct crypto_kw_ctx *ctx = crypto_tfm_ctx(tfm);
-
- crypto_free_cipher(ctx->child);
-}
-
-static struct crypto_instance *crypto_kw_alloc(struct rtattr **tb)
-{
- struct crypto_instance *inst = NULL;
- struct crypto_alg *alg = NULL;
- int err;
-
- err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
- if (err)
- return ERR_PTR(err);
-
- alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER,
- CRYPTO_ALG_TYPE_MASK);
- if (IS_ERR(alg))
- return ERR_CAST(alg);
-
- inst = ERR_PTR(-EINVAL);
+ err = -EINVAL;
/* Section 5.1 requirement for KW */
if (alg->cra_blocksize != sizeof(struct crypto_kw_block))
- goto err;
+ goto out_free_inst;
- inst = crypto_alloc_instance("kw", alg);
- if (IS_ERR(inst))
- goto err;
+ inst->alg.base.cra_blocksize = SEMIBSIZE;
+ inst->alg.base.cra_alignmask = 0;
+ inst->alg.ivsize = SEMIBSIZE;
- inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
- inst->alg.cra_priority = alg->cra_priority;
- inst->alg.cra_blocksize = SEMIBSIZE;
- inst->alg.cra_alignmask = 0;
- inst->alg.cra_type = &crypto_blkcipher_type;
- inst->alg.cra_blkcipher.ivsize = SEMIBSIZE;
- inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
- inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
+ inst->alg.encrypt = crypto_kw_encrypt;
+ inst->alg.decrypt = crypto_kw_decrypt;
- inst->alg.cra_ctxsize = sizeof(struct crypto_kw_ctx);
+ err = skcipher_register_instance(tmpl, inst);
+ if (err)
+ goto out_free_inst;
+ goto out_put_alg;
- inst->alg.cra_init = crypto_kw_init_tfm;
- inst->alg.cra_exit = crypto_kw_exit_tfm;
-
- inst->alg.cra_blkcipher.setkey = crypto_kw_setkey;
- inst->alg.cra_blkcipher.encrypt = crypto_kw_encrypt;
- inst->alg.cra_blkcipher.decrypt = crypto_kw_decrypt;
-
-err:
+out_free_inst:
+ inst->free(inst);
+out_put_alg:
crypto_mod_put(alg);
- return inst;
-}
-
-static void crypto_kw_free(struct crypto_instance *inst)
-{
- crypto_drop_spawn(crypto_instance_ctx(inst));
- kfree(inst);
+ return err;
}
static struct crypto_template crypto_kw_tmpl = {
.name = "kw",
- .alloc = crypto_kw_alloc,
- .free = crypto_kw_free,
+ .create = crypto_kw_create,
.module = THIS_MODULE,
};
@@ -378,7 +310,7 @@
crypto_unregister_template(&crypto_kw_tmpl);
}
-module_init(crypto_kw_init);
+subsys_initcall(crypto_kw_init);
module_exit(crypto_kw_exit);
MODULE_LICENSE("Dual BSD/GPL");
diff --git a/crypto/khazad.c b/crypto/khazad.c
index 873eb5d..14ca7f1 100644
--- a/crypto/khazad.c
+++ b/crypto/khazad.c
@@ -848,6 +848,7 @@
static struct crypto_alg khazad_alg = {
.cra_name = "khazad",
+ .cra_driver_name = "khazad-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = KHAZAD_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct khazad_ctx),
@@ -875,7 +876,7 @@
}
-module_init(khazad_mod_init);
+subsys_initcall(khazad_mod_init);
module_exit(khazad_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/kpp.c b/crypto/kpp.c
index a90edc2..313b2c6 100644
--- a/crypto/kpp.c
+++ b/crypto/kpp.c
@@ -1,14 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Key-agreement Protocol Primitives (KPP)
*
* Copyright (c) 2016, Intel Corporation
* Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/errno.h>
#include <linux/kernel.h>
@@ -30,15 +25,11 @@
{
struct crypto_report_kpp rkpp;
- strncpy(rkpp.type, "kpp", sizeof(rkpp.type));
+ memset(&rkpp, 0, sizeof(rkpp));
- if (nla_put(skb, CRYPTOCFGA_REPORT_KPP,
- sizeof(struct crypto_report_kpp), &rkpp))
- goto nla_put_failure;
- return 0;
+ strscpy(rkpp.type, "kpp", sizeof(rkpp.type));
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_KPP, sizeof(rkpp), &rkpp);
}
#else
static int crypto_kpp_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/lrw.c b/crypto/lrw.c
index 5504d13..be829f6 100644
--- a/crypto/lrw.c
+++ b/crypto/lrw.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* LRW: as defined by Cyril Guyot in
* http://grouper.ieee.org/groups/1619/email/pdf00017.pdf
*
@@ -5,11 +6,6 @@
*
* Based on ecb.c
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
*/
/* This implementation is checked against the test vectors in the above
* document and by a test vector provided by Ken Buchanan at
@@ -29,8 +25,6 @@
#include <crypto/b128ops.h>
#include <crypto/gf128mul.h>
-#define LRW_BUFFER_SIZE 128u
-
#define LRW_BLOCK_SIZE 16
struct priv {
@@ -56,19 +50,7 @@
};
struct rctx {
- be128 buf[LRW_BUFFER_SIZE / sizeof(be128)];
-
be128 t;
-
- be128 *ext;
-
- struct scatterlist srcbuf[2];
- struct scatterlist dstbuf[2];
- struct scatterlist *src;
- struct scatterlist *dst;
-
- unsigned int left;
-
struct skcipher_request subreq;
};
@@ -120,27 +102,27 @@
return 0;
}
-static inline void inc(be128 *iv)
+/*
+ * Returns the number of trailing '1' bits in the words of the counter, which is
+ * represented by 4 32-bit words, arranged from least to most significant.
+ * At the same time, increments the counter by one.
+ *
+ * For example:
+ *
+ * u32 counter[4] = { 0xFFFFFFFF, 0x1, 0x0, 0x0 };
+ * int i = next_index(&counter);
+ * // i == 33, counter == { 0x0, 0x2, 0x0, 0x0 }
+ */
+static int next_index(u32 *counter)
{
- be64_add_cpu(&iv->b, 1);
- if (!iv->b)
- be64_add_cpu(&iv->a, 1);
-}
+ int i, res = 0;
-/* this returns the number of consequative 1 bits starting
- * from the right, get_index128(00 00 00 00 00 00 ... 00 00 10 FB) = 2 */
-static inline int get_index128(be128 *block)
-{
- int x;
- __be32 *p = (__be32 *) block;
+ for (i = 0; i < 4; i++) {
+ if (counter[i] + 1 != 0)
+ return res + ffz(counter[i]++);
- for (p += 3, x = 0; x < 128; p--, x += 32) {
- u32 val = be32_to_cpup(p);
-
- if (!~val)
- continue;
-
- return x + ffz(val);
+ counter[i] = 0;
+ res += 32;
}
/*
@@ -151,86 +133,39 @@
return 127;
}
-static int post_crypt(struct skcipher_request *req)
+/*
+ * We compute the tweak masks twice (both before and after the ECB encryption or
+ * decryption) to avoid having to allocate a temporary buffer and/or make
+ * mutliple calls to the 'ecb(..)' instance, which usually would be slower than
+ * just doing the next_index() calls again.
+ */
+static int xor_tweak(struct skcipher_request *req, bool second_pass)
{
- struct rctx *rctx = skcipher_request_ctx(req);
- be128 *buf = rctx->ext ?: rctx->buf;
- struct skcipher_request *subreq;
const int bs = LRW_BLOCK_SIZE;
- struct skcipher_walk w;
- struct scatterlist *sg;
- unsigned offset;
- int err;
-
- subreq = &rctx->subreq;
- err = skcipher_walk_virt(&w, subreq, false);
-
- while (w.nbytes) {
- unsigned int avail = w.nbytes;
- be128 *wdst;
-
- wdst = w.dst.virt.addr;
-
- do {
- be128_xor(wdst, buf++, wdst);
- wdst++;
- } while ((avail -= bs) >= bs);
-
- err = skcipher_walk_done(&w, avail);
- }
-
- rctx->left -= subreq->cryptlen;
-
- if (err || !rctx->left)
- goto out;
-
- rctx->dst = rctx->dstbuf;
-
- scatterwalk_done(&w.out, 0, 1);
- sg = w.out.sg;
- offset = w.out.offset;
-
- if (rctx->dst != sg) {
- rctx->dst[0] = *sg;
- sg_unmark_end(rctx->dst);
- scatterwalk_crypto_chain(rctx->dst, sg_next(sg), 2);
- }
- rctx->dst[0].length -= offset - sg->offset;
- rctx->dst[0].offset = offset;
-
-out:
- return err;
-}
-
-static int pre_crypt(struct skcipher_request *req)
-{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct rctx *rctx = skcipher_request_ctx(req);
struct priv *ctx = crypto_skcipher_ctx(tfm);
- be128 *buf = rctx->ext ?: rctx->buf;
- struct skcipher_request *subreq;
- const int bs = LRW_BLOCK_SIZE;
+ struct rctx *rctx = skcipher_request_ctx(req);
+ be128 t = rctx->t;
struct skcipher_walk w;
- struct scatterlist *sg;
- unsigned cryptlen;
- unsigned offset;
- be128 *iv;
- bool more;
+ __be32 *iv;
+ u32 counter[4];
int err;
- subreq = &rctx->subreq;
- skcipher_request_set_tfm(subreq, tfm);
+ if (second_pass) {
+ req = &rctx->subreq;
+ /* set to our TFM to enforce correct alignment: */
+ skcipher_request_set_tfm(req, tfm);
+ }
- cryptlen = subreq->cryptlen;
- more = rctx->left > cryptlen;
- if (!more)
- cryptlen = rctx->left;
+ err = skcipher_walk_virt(&w, req, false);
+ if (err)
+ return err;
- skcipher_request_set_crypt(subreq, rctx->src, rctx->dst,
- cryptlen, req->iv);
-
- err = skcipher_walk_virt(&w, subreq, false);
- iv = w.iv;
+ iv = (__be32 *)w.iv;
+ counter[0] = be32_to_cpu(iv[3]);
+ counter[1] = be32_to_cpu(iv[2]);
+ counter[2] = be32_to_cpu(iv[1]);
+ counter[3] = be32_to_cpu(iv[0]);
while (w.nbytes) {
unsigned int avail = w.nbytes;
@@ -241,188 +176,89 @@
wdst = w.dst.virt.addr;
do {
- *buf++ = rctx->t;
- be128_xor(wdst++, &rctx->t, wsrc++);
+ be128_xor(wdst++, &t, wsrc++);
/* T <- I*Key2, using the optimization
* discussed in the specification */
- be128_xor(&rctx->t, &rctx->t,
- &ctx->mulinc[get_index128(iv)]);
- inc(iv);
+ be128_xor(&t, &t, &ctx->mulinc[next_index(counter)]);
} while ((avail -= bs) >= bs);
+ if (second_pass && w.nbytes == w.total) {
+ iv[0] = cpu_to_be32(counter[3]);
+ iv[1] = cpu_to_be32(counter[2]);
+ iv[2] = cpu_to_be32(counter[1]);
+ iv[3] = cpu_to_be32(counter[0]);
+ }
+
err = skcipher_walk_done(&w, avail);
}
- skcipher_request_set_tfm(subreq, ctx->child);
- skcipher_request_set_crypt(subreq, rctx->dst, rctx->dst,
- cryptlen, NULL);
-
- if (err || !more)
- goto out;
-
- rctx->src = rctx->srcbuf;
-
- scatterwalk_done(&w.in, 0, 1);
- sg = w.in.sg;
- offset = w.in.offset;
-
- if (rctx->src != sg) {
- rctx->src[0] = *sg;
- sg_unmark_end(rctx->src);
- scatterwalk_crypto_chain(rctx->src, sg_next(sg), 2);
- }
- rctx->src[0].length -= offset - sg->offset;
- rctx->src[0].offset = offset;
-
-out:
return err;
}
-static int init_crypt(struct skcipher_request *req, crypto_completion_t done)
+static int xor_tweak_pre(struct skcipher_request *req)
+{
+ return xor_tweak(req, false);
+}
+
+static int xor_tweak_post(struct skcipher_request *req)
+{
+ return xor_tweak(req, true);
+}
+
+static void crypt_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ if (!err) {
+ struct rctx *rctx = skcipher_request_ctx(req);
+
+ rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = xor_tweak_post(req);
+ }
+
+ skcipher_request_complete(req, err);
+}
+
+static void init_crypt(struct skcipher_request *req)
{
struct priv *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
struct rctx *rctx = skcipher_request_ctx(req);
- struct skcipher_request *subreq;
- gfp_t gfp;
+ struct skcipher_request *subreq = &rctx->subreq;
- subreq = &rctx->subreq;
- skcipher_request_set_callback(subreq, req->base.flags, done, req);
-
- gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
- GFP_ATOMIC;
- rctx->ext = NULL;
-
- subreq->cryptlen = LRW_BUFFER_SIZE;
- if (req->cryptlen > LRW_BUFFER_SIZE) {
- unsigned int n = min(req->cryptlen, (unsigned int)PAGE_SIZE);
-
- rctx->ext = kmalloc(n, gfp);
- if (rctx->ext)
- subreq->cryptlen = n;
- }
-
- rctx->src = req->src;
- rctx->dst = req->dst;
- rctx->left = req->cryptlen;
+ skcipher_request_set_tfm(subreq, ctx->child);
+ skcipher_request_set_callback(subreq, req->base.flags, crypt_done, req);
+ /* pass req->iv as IV (will be used by xor_tweak, ECB will ignore it) */
+ skcipher_request_set_crypt(subreq, req->dst, req->dst,
+ req->cryptlen, req->iv);
/* calculate first value of T */
memcpy(&rctx->t, req->iv, sizeof(rctx->t));
/* T <- I*Key2 */
gf128mul_64k_bbe(&rctx->t, ctx->table);
-
- return 0;
-}
-
-static void exit_crypt(struct skcipher_request *req)
-{
- struct rctx *rctx = skcipher_request_ctx(req);
-
- rctx->left = 0;
-
- if (rctx->ext)
- kzfree(rctx->ext);
-}
-
-static int do_encrypt(struct skcipher_request *req, int err)
-{
- struct rctx *rctx = skcipher_request_ctx(req);
- struct skcipher_request *subreq;
-
- subreq = &rctx->subreq;
-
- while (!err && rctx->left) {
- err = pre_crypt(req) ?:
- crypto_skcipher_encrypt(subreq) ?:
- post_crypt(req);
-
- if (err == -EINPROGRESS || err == -EBUSY)
- return err;
- }
-
- exit_crypt(req);
- return err;
-}
-
-static void encrypt_done(struct crypto_async_request *areq, int err)
-{
- struct skcipher_request *req = areq->data;
- struct skcipher_request *subreq;
- struct rctx *rctx;
-
- rctx = skcipher_request_ctx(req);
-
- if (err == -EINPROGRESS) {
- if (rctx->left != req->cryptlen)
- return;
- goto out;
- }
-
- subreq = &rctx->subreq;
- subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
-
- err = do_encrypt(req, err ?: post_crypt(req));
- if (rctx->left)
- return;
-
-out:
- skcipher_request_complete(req, err);
}
static int encrypt(struct skcipher_request *req)
{
- return do_encrypt(req, init_crypt(req, encrypt_done));
-}
-
-static int do_decrypt(struct skcipher_request *req, int err)
-{
struct rctx *rctx = skcipher_request_ctx(req);
- struct skcipher_request *subreq;
+ struct skcipher_request *subreq = &rctx->subreq;
- subreq = &rctx->subreq;
-
- while (!err && rctx->left) {
- err = pre_crypt(req) ?:
- crypto_skcipher_decrypt(subreq) ?:
- post_crypt(req);
-
- if (err == -EINPROGRESS || err == -EBUSY)
- return err;
- }
-
- exit_crypt(req);
- return err;
-}
-
-static void decrypt_done(struct crypto_async_request *areq, int err)
-{
- struct skcipher_request *req = areq->data;
- struct skcipher_request *subreq;
- struct rctx *rctx;
-
- rctx = skcipher_request_ctx(req);
-
- if (err == -EINPROGRESS) {
- if (rctx->left != req->cryptlen)
- return;
- goto out;
- }
-
- subreq = &rctx->subreq;
- subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
-
- err = do_decrypt(req, err ?: post_crypt(req));
- if (rctx->left)
- return;
-
-out:
- skcipher_request_complete(req, err);
+ init_crypt(req);
+ return xor_tweak_pre(req) ?:
+ crypto_skcipher_encrypt(subreq) ?:
+ xor_tweak_post(req);
}
static int decrypt(struct skcipher_request *req)
{
- return do_decrypt(req, init_crypt(req, decrypt_done));
+ struct rctx *rctx = skcipher_request_ctx(req);
+ struct skcipher_request *subreq = &rctx->subreq;
+
+ init_crypt(req);
+ return xor_tweak_pre(req) ?:
+ crypto_skcipher_decrypt(subreq) ?:
+ xor_tweak_post(req);
}
static int init_tfm(struct crypto_skcipher *tfm)
@@ -548,7 +384,7 @@
inst->alg.base.cra_priority = alg->base.cra_priority;
inst->alg.base.cra_blocksize = LRW_BLOCK_SIZE;
inst->alg.base.cra_alignmask = alg->base.cra_alignmask |
- (__alignof__(u64) - 1);
+ (__alignof__(be128) - 1);
inst->alg.ivsize = LRW_BLOCK_SIZE;
inst->alg.min_keysize = crypto_skcipher_alg_min_keysize(alg) +
@@ -597,7 +433,7 @@
crypto_unregister_template(&crypto_tmpl);
}
-module_init(crypto_module_init);
+subsys_initcall(crypto_module_init);
module_exit(crypto_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/lz4.c b/crypto/lz4.c
index 2ce2660..0606f88 100644
--- a/crypto/lz4.c
+++ b/crypto/lz4.c
@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Cryptographic API.
*
* Copyright (c) 2013 Chanho Min <chanho.min@lge.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published by
- * the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
*/
#include <linux/init.h>
@@ -119,10 +106,10 @@
static struct crypto_alg alg_lz4 = {
.cra_name = "lz4",
+ .cra_driver_name = "lz4-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lz4_ctx),
.cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(alg_lz4.cra_list),
.cra_init = lz4_init,
.cra_exit = lz4_exit,
.cra_u = { .compress = {
@@ -165,7 +152,7 @@
crypto_unregister_scomp(&scomp);
}
-module_init(lz4_mod_init);
+subsys_initcall(lz4_mod_init);
module_exit(lz4_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/lz4hc.c b/crypto/lz4hc.c
index 2be14f0..d7cc94a 100644
--- a/crypto/lz4hc.c
+++ b/crypto/lz4hc.c
@@ -1,21 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Cryptographic API.
*
* Copyright (c) 2013 Chanho Min <chanho.min@lge.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published by
- * the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
*/
#include <linux/init.h>
#include <linux/module.h>
@@ -120,10 +107,10 @@
static struct crypto_alg alg_lz4hc = {
.cra_name = "lz4hc",
+ .cra_driver_name = "lz4hc-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lz4hc_ctx),
.cra_module = THIS_MODULE,
- .cra_list = LIST_HEAD_INIT(alg_lz4hc.cra_list),
.cra_init = lz4hc_init,
.cra_exit = lz4hc_exit,
.cra_u = { .compress = {
@@ -166,7 +153,7 @@
crypto_unregister_scomp(&scomp);
}
-module_init(lz4hc_mod_init);
+subsys_initcall(lz4hc_mod_init);
module_exit(lz4hc_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/lzo-rle.c b/crypto/lzo-rle.c
new file mode 100644
index 0000000..0631d97
--- /dev/null
+++ b/crypto/lzo-rle.c
@@ -0,0 +1,163 @@
+// SPDX-License-Identifier: GPL-2.0-only
+/*
+ * Cryptographic API.
+ */
+
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/crypto.h>
+#include <linux/vmalloc.h>
+#include <linux/mm.h>
+#include <linux/lzo.h>
+#include <crypto/internal/scompress.h>
+
+struct lzorle_ctx {
+ void *lzorle_comp_mem;
+};
+
+static void *lzorle_alloc_ctx(struct crypto_scomp *tfm)
+{
+ void *ctx;
+
+ ctx = kvmalloc(LZO1X_MEM_COMPRESS, GFP_KERNEL);
+ if (!ctx)
+ return ERR_PTR(-ENOMEM);
+
+ return ctx;
+}
+
+static int lzorle_init(struct crypto_tfm *tfm)
+{
+ struct lzorle_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ ctx->lzorle_comp_mem = lzorle_alloc_ctx(NULL);
+ if (IS_ERR(ctx->lzorle_comp_mem))
+ return -ENOMEM;
+
+ return 0;
+}
+
+static void lzorle_free_ctx(struct crypto_scomp *tfm, void *ctx)
+{
+ kvfree(ctx);
+}
+
+static void lzorle_exit(struct crypto_tfm *tfm)
+{
+ struct lzorle_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ lzorle_free_ctx(NULL, ctx->lzorle_comp_mem);
+}
+
+static int __lzorle_compress(const u8 *src, unsigned int slen,
+ u8 *dst, unsigned int *dlen, void *ctx)
+{
+ size_t tmp_len = *dlen; /* size_t(ulong) <-> uint on 64 bit */
+ int err;
+
+ err = lzorle1x_1_compress(src, slen, dst, &tmp_len, ctx);
+
+ if (err != LZO_E_OK)
+ return -EINVAL;
+
+ *dlen = tmp_len;
+ return 0;
+}
+
+static int lzorle_compress(struct crypto_tfm *tfm, const u8 *src,
+ unsigned int slen, u8 *dst, unsigned int *dlen)
+{
+ struct lzorle_ctx *ctx = crypto_tfm_ctx(tfm);
+
+ return __lzorle_compress(src, slen, dst, dlen, ctx->lzorle_comp_mem);
+}
+
+static int lzorle_scompress(struct crypto_scomp *tfm, const u8 *src,
+ unsigned int slen, u8 *dst, unsigned int *dlen,
+ void *ctx)
+{
+ return __lzorle_compress(src, slen, dst, dlen, ctx);
+}
+
+static int __lzorle_decompress(const u8 *src, unsigned int slen,
+ u8 *dst, unsigned int *dlen)
+{
+ int err;
+ size_t tmp_len = *dlen; /* size_t(ulong) <-> uint on 64 bit */
+
+ err = lzo1x_decompress_safe(src, slen, dst, &tmp_len);
+
+ if (err != LZO_E_OK)
+ return -EINVAL;
+
+ *dlen = tmp_len;
+ return 0;
+}
+
+static int lzorle_decompress(struct crypto_tfm *tfm, const u8 *src,
+ unsigned int slen, u8 *dst, unsigned int *dlen)
+{
+ return __lzorle_decompress(src, slen, dst, dlen);
+}
+
+static int lzorle_sdecompress(struct crypto_scomp *tfm, const u8 *src,
+ unsigned int slen, u8 *dst, unsigned int *dlen,
+ void *ctx)
+{
+ return __lzorle_decompress(src, slen, dst, dlen);
+}
+
+static struct crypto_alg alg = {
+ .cra_name = "lzo-rle",
+ .cra_driver_name = "lzo-rle-generic",
+ .cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
+ .cra_ctxsize = sizeof(struct lzorle_ctx),
+ .cra_module = THIS_MODULE,
+ .cra_init = lzorle_init,
+ .cra_exit = lzorle_exit,
+ .cra_u = { .compress = {
+ .coa_compress = lzorle_compress,
+ .coa_decompress = lzorle_decompress } }
+};
+
+static struct scomp_alg scomp = {
+ .alloc_ctx = lzorle_alloc_ctx,
+ .free_ctx = lzorle_free_ctx,
+ .compress = lzorle_scompress,
+ .decompress = lzorle_sdecompress,
+ .base = {
+ .cra_name = "lzo-rle",
+ .cra_driver_name = "lzo-rle-scomp",
+ .cra_module = THIS_MODULE,
+ }
+};
+
+static int __init lzorle_mod_init(void)
+{
+ int ret;
+
+ ret = crypto_register_alg(&alg);
+ if (ret)
+ return ret;
+
+ ret = crypto_register_scomp(&scomp);
+ if (ret) {
+ crypto_unregister_alg(&alg);
+ return ret;
+ }
+
+ return ret;
+}
+
+static void __exit lzorle_mod_fini(void)
+{
+ crypto_unregister_alg(&alg);
+ crypto_unregister_scomp(&scomp);
+}
+
+subsys_initcall(lzorle_mod_init);
+module_exit(lzorle_mod_fini);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("LZO-RLE Compression Algorithm");
+MODULE_ALIAS_CRYPTO("lzo-rle");
diff --git a/crypto/lzo.c b/crypto/lzo.c
index 218567d..ebda132 100644
--- a/crypto/lzo.c
+++ b/crypto/lzo.c
@@ -1,19 +1,6 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Cryptographic API.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published by
- * the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 51
- * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
- *
*/
#include <linux/init.h>
@@ -122,6 +109,7 @@
static struct crypto_alg alg = {
.cra_name = "lzo",
+ .cra_driver_name = "lzo-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct lzo_ctx),
.cra_module = THIS_MODULE,
@@ -167,7 +155,7 @@
crypto_unregister_scomp(&scomp);
}
-module_init(lzo_mod_init);
+subsys_initcall(lzo_mod_init);
module_exit(lzo_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/mcryptd.c b/crypto/mcryptd.c
deleted file mode 100644
index f141521..0000000
--- a/crypto/mcryptd.c
+++ /dev/null
@@ -1,675 +0,0 @@
-/*
- * Software multibuffer async crypto daemon.
- *
- * Copyright (c) 2014 Tim Chen <tim.c.chen@linux.intel.com>
- *
- * Adapted from crypto daemon.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- */
-
-#include <crypto/algapi.h>
-#include <crypto/internal/hash.h>
-#include <crypto/internal/aead.h>
-#include <crypto/mcryptd.h>
-#include <crypto/crypto_wq.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/list.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-#include <linux/sched.h>
-#include <linux/sched/stat.h>
-#include <linux/slab.h>
-
-#define MCRYPTD_MAX_CPU_QLEN 100
-#define MCRYPTD_BATCH 9
-
-static void *mcryptd_alloc_instance(struct crypto_alg *alg, unsigned int head,
- unsigned int tail);
-
-struct mcryptd_flush_list {
- struct list_head list;
- struct mutex lock;
-};
-
-static struct mcryptd_flush_list __percpu *mcryptd_flist;
-
-struct hashd_instance_ctx {
- struct crypto_ahash_spawn spawn;
- struct mcryptd_queue *queue;
-};
-
-static void mcryptd_queue_worker(struct work_struct *work);
-
-void mcryptd_arm_flusher(struct mcryptd_alg_cstate *cstate, unsigned long delay)
-{
- struct mcryptd_flush_list *flist;
-
- if (!cstate->flusher_engaged) {
- /* put the flusher on the flush list */
- flist = per_cpu_ptr(mcryptd_flist, smp_processor_id());
- mutex_lock(&flist->lock);
- list_add_tail(&cstate->flush_list, &flist->list);
- cstate->flusher_engaged = true;
- cstate->next_flush = jiffies + delay;
- queue_delayed_work_on(smp_processor_id(), kcrypto_wq,
- &cstate->flush, delay);
- mutex_unlock(&flist->lock);
- }
-}
-EXPORT_SYMBOL(mcryptd_arm_flusher);
-
-static int mcryptd_init_queue(struct mcryptd_queue *queue,
- unsigned int max_cpu_qlen)
-{
- int cpu;
- struct mcryptd_cpu_queue *cpu_queue;
-
- queue->cpu_queue = alloc_percpu(struct mcryptd_cpu_queue);
- pr_debug("mqueue:%p mcryptd_cpu_queue %p\n", queue, queue->cpu_queue);
- if (!queue->cpu_queue)
- return -ENOMEM;
- for_each_possible_cpu(cpu) {
- cpu_queue = per_cpu_ptr(queue->cpu_queue, cpu);
- pr_debug("cpu_queue #%d %p\n", cpu, queue->cpu_queue);
- crypto_init_queue(&cpu_queue->queue, max_cpu_qlen);
- INIT_WORK(&cpu_queue->work, mcryptd_queue_worker);
- spin_lock_init(&cpu_queue->q_lock);
- }
- return 0;
-}
-
-static void mcryptd_fini_queue(struct mcryptd_queue *queue)
-{
- int cpu;
- struct mcryptd_cpu_queue *cpu_queue;
-
- for_each_possible_cpu(cpu) {
- cpu_queue = per_cpu_ptr(queue->cpu_queue, cpu);
- BUG_ON(cpu_queue->queue.qlen);
- }
- free_percpu(queue->cpu_queue);
-}
-
-static int mcryptd_enqueue_request(struct mcryptd_queue *queue,
- struct crypto_async_request *request,
- struct mcryptd_hash_request_ctx *rctx)
-{
- int cpu, err;
- struct mcryptd_cpu_queue *cpu_queue;
-
- cpu_queue = raw_cpu_ptr(queue->cpu_queue);
- spin_lock(&cpu_queue->q_lock);
- cpu = smp_processor_id();
- rctx->tag.cpu = smp_processor_id();
-
- err = crypto_enqueue_request(&cpu_queue->queue, request);
- pr_debug("enqueue request: cpu %d cpu_queue %p request %p\n",
- cpu, cpu_queue, request);
- spin_unlock(&cpu_queue->q_lock);
- queue_work_on(cpu, kcrypto_wq, &cpu_queue->work);
-
- return err;
-}
-
-/*
- * Try to opportunisticlly flush the partially completed jobs if
- * crypto daemon is the only task running.
- */
-static void mcryptd_opportunistic_flush(void)
-{
- struct mcryptd_flush_list *flist;
- struct mcryptd_alg_cstate *cstate;
-
- flist = per_cpu_ptr(mcryptd_flist, smp_processor_id());
- while (single_task_running()) {
- mutex_lock(&flist->lock);
- cstate = list_first_entry_or_null(&flist->list,
- struct mcryptd_alg_cstate, flush_list);
- if (!cstate || !cstate->flusher_engaged) {
- mutex_unlock(&flist->lock);
- return;
- }
- list_del(&cstate->flush_list);
- cstate->flusher_engaged = false;
- mutex_unlock(&flist->lock);
- cstate->alg_state->flusher(cstate);
- }
-}
-
-/*
- * Called in workqueue context, do one real cryption work (via
- * req->complete) and reschedule itself if there are more work to
- * do.
- */
-static void mcryptd_queue_worker(struct work_struct *work)
-{
- struct mcryptd_cpu_queue *cpu_queue;
- struct crypto_async_request *req, *backlog;
- int i;
-
- /*
- * Need to loop through more than once for multi-buffer to
- * be effective.
- */
-
- cpu_queue = container_of(work, struct mcryptd_cpu_queue, work);
- i = 0;
- while (i < MCRYPTD_BATCH || single_task_running()) {
-
- spin_lock_bh(&cpu_queue->q_lock);
- backlog = crypto_get_backlog(&cpu_queue->queue);
- req = crypto_dequeue_request(&cpu_queue->queue);
- spin_unlock_bh(&cpu_queue->q_lock);
-
- if (!req) {
- mcryptd_opportunistic_flush();
- return;
- }
-
- if (backlog)
- backlog->complete(backlog, -EINPROGRESS);
- req->complete(req, 0);
- if (!cpu_queue->queue.qlen)
- return;
- ++i;
- }
- if (cpu_queue->queue.qlen)
- queue_work_on(smp_processor_id(), kcrypto_wq, &cpu_queue->work);
-}
-
-void mcryptd_flusher(struct work_struct *__work)
-{
- struct mcryptd_alg_cstate *alg_cpu_state;
- struct mcryptd_alg_state *alg_state;
- struct mcryptd_flush_list *flist;
- int cpu;
-
- cpu = smp_processor_id();
- alg_cpu_state = container_of(to_delayed_work(__work),
- struct mcryptd_alg_cstate, flush);
- alg_state = alg_cpu_state->alg_state;
- if (alg_cpu_state->cpu != cpu)
- pr_debug("mcryptd error: work on cpu %d, should be cpu %d\n",
- cpu, alg_cpu_state->cpu);
-
- if (alg_cpu_state->flusher_engaged) {
- flist = per_cpu_ptr(mcryptd_flist, cpu);
- mutex_lock(&flist->lock);
- list_del(&alg_cpu_state->flush_list);
- alg_cpu_state->flusher_engaged = false;
- mutex_unlock(&flist->lock);
- alg_state->flusher(alg_cpu_state);
- }
-}
-EXPORT_SYMBOL_GPL(mcryptd_flusher);
-
-static inline struct mcryptd_queue *mcryptd_get_queue(struct crypto_tfm *tfm)
-{
- struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
- struct mcryptd_instance_ctx *ictx = crypto_instance_ctx(inst);
-
- return ictx->queue;
-}
-
-static void *mcryptd_alloc_instance(struct crypto_alg *alg, unsigned int head,
- unsigned int tail)
-{
- char *p;
- struct crypto_instance *inst;
- int err;
-
- p = kzalloc(head + sizeof(*inst) + tail, GFP_KERNEL);
- if (!p)
- return ERR_PTR(-ENOMEM);
-
- inst = (void *)(p + head);
-
- err = -ENAMETOOLONG;
- if (snprintf(inst->alg.cra_driver_name, CRYPTO_MAX_ALG_NAME,
- "mcryptd(%s)", alg->cra_driver_name) >= CRYPTO_MAX_ALG_NAME)
- goto out_free_inst;
-
- memcpy(inst->alg.cra_name, alg->cra_name, CRYPTO_MAX_ALG_NAME);
-
- inst->alg.cra_priority = alg->cra_priority + 50;
- inst->alg.cra_blocksize = alg->cra_blocksize;
- inst->alg.cra_alignmask = alg->cra_alignmask;
-
-out:
- return p;
-
-out_free_inst:
- kfree(p);
- p = ERR_PTR(err);
- goto out;
-}
-
-static inline bool mcryptd_check_internal(struct rtattr **tb, u32 *type,
- u32 *mask)
-{
- struct crypto_attr_type *algt;
-
- algt = crypto_get_attr_type(tb);
- if (IS_ERR(algt))
- return false;
-
- *type |= algt->type & CRYPTO_ALG_INTERNAL;
- *mask |= algt->mask & CRYPTO_ALG_INTERNAL;
-
- if (*type & *mask & CRYPTO_ALG_INTERNAL)
- return true;
- else
- return false;
-}
-
-static int mcryptd_hash_init_tfm(struct crypto_tfm *tfm)
-{
- struct crypto_instance *inst = crypto_tfm_alg_instance(tfm);
- struct hashd_instance_ctx *ictx = crypto_instance_ctx(inst);
- struct crypto_ahash_spawn *spawn = &ictx->spawn;
- struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm);
- struct crypto_ahash *hash;
-
- hash = crypto_spawn_ahash(spawn);
- if (IS_ERR(hash))
- return PTR_ERR(hash);
-
- ctx->child = hash;
- crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm),
- sizeof(struct mcryptd_hash_request_ctx) +
- crypto_ahash_reqsize(hash));
- return 0;
-}
-
-static void mcryptd_hash_exit_tfm(struct crypto_tfm *tfm)
-{
- struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(tfm);
-
- crypto_free_ahash(ctx->child);
-}
-
-static int mcryptd_hash_setkey(struct crypto_ahash *parent,
- const u8 *key, unsigned int keylen)
-{
- struct mcryptd_hash_ctx *ctx = crypto_ahash_ctx(parent);
- struct crypto_ahash *child = ctx->child;
- int err;
-
- crypto_ahash_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_ahash_set_flags(child, crypto_ahash_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_ahash_setkey(child, key, keylen);
- crypto_ahash_set_flags(parent, crypto_ahash_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
-
-static int mcryptd_hash_enqueue(struct ahash_request *req,
- crypto_completion_t complete)
-{
- int ret;
-
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
- struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
- struct mcryptd_queue *queue =
- mcryptd_get_queue(crypto_ahash_tfm(tfm));
-
- rctx->complete = req->base.complete;
- req->base.complete = complete;
-
- ret = mcryptd_enqueue_request(queue, &req->base, rctx);
-
- return ret;
-}
-
-static void mcryptd_hash_init(struct crypto_async_request *req_async, int err)
-{
- struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm);
- struct crypto_ahash *child = ctx->child;
- struct ahash_request *req = ahash_request_cast(req_async);
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
- struct ahash_request *desc = &rctx->areq;
-
- if (unlikely(err == -EINPROGRESS))
- goto out;
-
- ahash_request_set_tfm(desc, child);
- ahash_request_set_callback(desc, CRYPTO_TFM_REQ_MAY_SLEEP,
- rctx->complete, req_async);
-
- rctx->out = req->result;
- err = crypto_ahash_init(desc);
-
-out:
- local_bh_disable();
- rctx->complete(&req->base, err);
- local_bh_enable();
-}
-
-static int mcryptd_hash_init_enqueue(struct ahash_request *req)
-{
- return mcryptd_hash_enqueue(req, mcryptd_hash_init);
-}
-
-static void mcryptd_hash_update(struct crypto_async_request *req_async, int err)
-{
- struct ahash_request *req = ahash_request_cast(req_async);
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
-
- if (unlikely(err == -EINPROGRESS))
- goto out;
-
- rctx->out = req->result;
- err = crypto_ahash_update(&rctx->areq);
- if (err) {
- req->base.complete = rctx->complete;
- goto out;
- }
-
- return;
-out:
- local_bh_disable();
- rctx->complete(&req->base, err);
- local_bh_enable();
-}
-
-static int mcryptd_hash_update_enqueue(struct ahash_request *req)
-{
- return mcryptd_hash_enqueue(req, mcryptd_hash_update);
-}
-
-static void mcryptd_hash_final(struct crypto_async_request *req_async, int err)
-{
- struct ahash_request *req = ahash_request_cast(req_async);
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
-
- if (unlikely(err == -EINPROGRESS))
- goto out;
-
- rctx->out = req->result;
- err = crypto_ahash_final(&rctx->areq);
- if (err) {
- req->base.complete = rctx->complete;
- goto out;
- }
-
- return;
-out:
- local_bh_disable();
- rctx->complete(&req->base, err);
- local_bh_enable();
-}
-
-static int mcryptd_hash_final_enqueue(struct ahash_request *req)
-{
- return mcryptd_hash_enqueue(req, mcryptd_hash_final);
-}
-
-static void mcryptd_hash_finup(struct crypto_async_request *req_async, int err)
-{
- struct ahash_request *req = ahash_request_cast(req_async);
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
-
- if (unlikely(err == -EINPROGRESS))
- goto out;
- rctx->out = req->result;
- err = crypto_ahash_finup(&rctx->areq);
-
- if (err) {
- req->base.complete = rctx->complete;
- goto out;
- }
-
- return;
-out:
- local_bh_disable();
- rctx->complete(&req->base, err);
- local_bh_enable();
-}
-
-static int mcryptd_hash_finup_enqueue(struct ahash_request *req)
-{
- return mcryptd_hash_enqueue(req, mcryptd_hash_finup);
-}
-
-static void mcryptd_hash_digest(struct crypto_async_request *req_async, int err)
-{
- struct mcryptd_hash_ctx *ctx = crypto_tfm_ctx(req_async->tfm);
- struct crypto_ahash *child = ctx->child;
- struct ahash_request *req = ahash_request_cast(req_async);
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
- struct ahash_request *desc = &rctx->areq;
-
- if (unlikely(err == -EINPROGRESS))
- goto out;
-
- ahash_request_set_tfm(desc, child);
- ahash_request_set_callback(desc, CRYPTO_TFM_REQ_MAY_SLEEP,
- rctx->complete, req_async);
-
- rctx->out = req->result;
- err = crypto_ahash_init(desc) ?: crypto_ahash_finup(desc);
-
-out:
- local_bh_disable();
- rctx->complete(&req->base, err);
- local_bh_enable();
-}
-
-static int mcryptd_hash_digest_enqueue(struct ahash_request *req)
-{
- return mcryptd_hash_enqueue(req, mcryptd_hash_digest);
-}
-
-static int mcryptd_hash_export(struct ahash_request *req, void *out)
-{
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
-
- return crypto_ahash_export(&rctx->areq, out);
-}
-
-static int mcryptd_hash_import(struct ahash_request *req, const void *in)
-{
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
-
- return crypto_ahash_import(&rctx->areq, in);
-}
-
-static int mcryptd_create_hash(struct crypto_template *tmpl, struct rtattr **tb,
- struct mcryptd_queue *queue)
-{
- struct hashd_instance_ctx *ctx;
- struct ahash_instance *inst;
- struct hash_alg_common *halg;
- struct crypto_alg *alg;
- u32 type = 0;
- u32 mask = 0;
- int err;
-
- if (!mcryptd_check_internal(tb, &type, &mask))
- return -EINVAL;
-
- halg = ahash_attr_alg(tb[1], type, mask);
- if (IS_ERR(halg))
- return PTR_ERR(halg);
-
- alg = &halg->base;
- pr_debug("crypto: mcryptd hash alg: %s\n", alg->cra_name);
- inst = mcryptd_alloc_instance(alg, ahash_instance_headroom(),
- sizeof(*ctx));
- err = PTR_ERR(inst);
- if (IS_ERR(inst))
- goto out_put_alg;
-
- ctx = ahash_instance_ctx(inst);
- ctx->queue = queue;
-
- err = crypto_init_ahash_spawn(&ctx->spawn, halg,
- ahash_crypto_instance(inst));
- if (err)
- goto out_free_inst;
-
- inst->alg.halg.base.cra_flags = CRYPTO_ALG_ASYNC |
- (alg->cra_flags & (CRYPTO_ALG_INTERNAL |
- CRYPTO_ALG_OPTIONAL_KEY));
-
- inst->alg.halg.digestsize = halg->digestsize;
- inst->alg.halg.statesize = halg->statesize;
- inst->alg.halg.base.cra_ctxsize = sizeof(struct mcryptd_hash_ctx);
-
- inst->alg.halg.base.cra_init = mcryptd_hash_init_tfm;
- inst->alg.halg.base.cra_exit = mcryptd_hash_exit_tfm;
-
- inst->alg.init = mcryptd_hash_init_enqueue;
- inst->alg.update = mcryptd_hash_update_enqueue;
- inst->alg.final = mcryptd_hash_final_enqueue;
- inst->alg.finup = mcryptd_hash_finup_enqueue;
- inst->alg.export = mcryptd_hash_export;
- inst->alg.import = mcryptd_hash_import;
- if (crypto_hash_alg_has_setkey(halg))
- inst->alg.setkey = mcryptd_hash_setkey;
- inst->alg.digest = mcryptd_hash_digest_enqueue;
-
- err = ahash_register_instance(tmpl, inst);
- if (err) {
- crypto_drop_ahash(&ctx->spawn);
-out_free_inst:
- kfree(inst);
- }
-
-out_put_alg:
- crypto_mod_put(alg);
- return err;
-}
-
-static struct mcryptd_queue mqueue;
-
-static int mcryptd_create(struct crypto_template *tmpl, struct rtattr **tb)
-{
- struct crypto_attr_type *algt;
-
- algt = crypto_get_attr_type(tb);
- if (IS_ERR(algt))
- return PTR_ERR(algt);
-
- switch (algt->type & algt->mask & CRYPTO_ALG_TYPE_MASK) {
- case CRYPTO_ALG_TYPE_DIGEST:
- return mcryptd_create_hash(tmpl, tb, &mqueue);
- break;
- }
-
- return -EINVAL;
-}
-
-static void mcryptd_free(struct crypto_instance *inst)
-{
- struct mcryptd_instance_ctx *ctx = crypto_instance_ctx(inst);
- struct hashd_instance_ctx *hctx = crypto_instance_ctx(inst);
-
- switch (inst->alg.cra_flags & CRYPTO_ALG_TYPE_MASK) {
- case CRYPTO_ALG_TYPE_AHASH:
- crypto_drop_ahash(&hctx->spawn);
- kfree(ahash_instance(inst));
- return;
- default:
- crypto_drop_spawn(&ctx->spawn);
- kfree(inst);
- }
-}
-
-static struct crypto_template mcryptd_tmpl = {
- .name = "mcryptd",
- .create = mcryptd_create,
- .free = mcryptd_free,
- .module = THIS_MODULE,
-};
-
-struct mcryptd_ahash *mcryptd_alloc_ahash(const char *alg_name,
- u32 type, u32 mask)
-{
- char mcryptd_alg_name[CRYPTO_MAX_ALG_NAME];
- struct crypto_ahash *tfm;
-
- if (snprintf(mcryptd_alg_name, CRYPTO_MAX_ALG_NAME,
- "mcryptd(%s)", alg_name) >= CRYPTO_MAX_ALG_NAME)
- return ERR_PTR(-EINVAL);
- tfm = crypto_alloc_ahash(mcryptd_alg_name, type, mask);
- if (IS_ERR(tfm))
- return ERR_CAST(tfm);
- if (tfm->base.__crt_alg->cra_module != THIS_MODULE) {
- crypto_free_ahash(tfm);
- return ERR_PTR(-EINVAL);
- }
-
- return __mcryptd_ahash_cast(tfm);
-}
-EXPORT_SYMBOL_GPL(mcryptd_alloc_ahash);
-
-struct crypto_ahash *mcryptd_ahash_child(struct mcryptd_ahash *tfm)
-{
- struct mcryptd_hash_ctx *ctx = crypto_ahash_ctx(&tfm->base);
-
- return ctx->child;
-}
-EXPORT_SYMBOL_GPL(mcryptd_ahash_child);
-
-struct ahash_request *mcryptd_ahash_desc(struct ahash_request *req)
-{
- struct mcryptd_hash_request_ctx *rctx = ahash_request_ctx(req);
- return &rctx->areq;
-}
-EXPORT_SYMBOL_GPL(mcryptd_ahash_desc);
-
-void mcryptd_free_ahash(struct mcryptd_ahash *tfm)
-{
- crypto_free_ahash(&tfm->base);
-}
-EXPORT_SYMBOL_GPL(mcryptd_free_ahash);
-
-static int __init mcryptd_init(void)
-{
- int err, cpu;
- struct mcryptd_flush_list *flist;
-
- mcryptd_flist = alloc_percpu(struct mcryptd_flush_list);
- for_each_possible_cpu(cpu) {
- flist = per_cpu_ptr(mcryptd_flist, cpu);
- INIT_LIST_HEAD(&flist->list);
- mutex_init(&flist->lock);
- }
-
- err = mcryptd_init_queue(&mqueue, MCRYPTD_MAX_CPU_QLEN);
- if (err) {
- free_percpu(mcryptd_flist);
- return err;
- }
-
- err = crypto_register_template(&mcryptd_tmpl);
- if (err) {
- mcryptd_fini_queue(&mqueue);
- free_percpu(mcryptd_flist);
- }
-
- return err;
-}
-
-static void __exit mcryptd_exit(void)
-{
- mcryptd_fini_queue(&mqueue);
- crypto_unregister_template(&mcryptd_tmpl);
- free_percpu(mcryptd_flist);
-}
-
-subsys_initcall(mcryptd_init);
-module_exit(mcryptd_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("Software async multibuffer crypto daemon");
-MODULE_ALIAS_CRYPTO("mcryptd");
diff --git a/crypto/md4.c b/crypto/md4.c
index 9965ec4..2e7f2f3 100644
--- a/crypto/md4.c
+++ b/crypto/md4.c
@@ -216,9 +216,10 @@
.final = md4_final,
.descsize = sizeof(struct md4_ctx),
.base = {
- .cra_name = "md4",
- .cra_blocksize = MD4_HMAC_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "md4",
+ .cra_driver_name = "md4-generic",
+ .cra_blocksize = MD4_HMAC_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
};
@@ -232,7 +233,7 @@
crypto_unregister_shash(&alg);
}
-module_init(md4_mod_init);
+subsys_initcall(md4_mod_init);
module_exit(md4_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/md5.c b/crypto/md5.c
index 94dd781..22dc60b 100644
--- a/crypto/md5.c
+++ b/crypto/md5.c
@@ -228,9 +228,10 @@
.descsize = sizeof(struct md5_state),
.statesize = sizeof(struct md5_state),
.base = {
- .cra_name = "md5",
- .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "md5",
+ .cra_driver_name = "md5-generic",
+ .cra_blocksize = MD5_HMAC_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
};
@@ -244,7 +245,7 @@
crypto_unregister_shash(&alg);
}
-module_init(md5_mod_init);
+subsys_initcall(md5_mod_init);
module_exit(md5_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/michael_mic.c b/crypto/michael_mic.c
index 46195e0..20e6220 100644
--- a/crypto/michael_mic.c
+++ b/crypto/michael_mic.c
@@ -1,13 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Cryptographic API
*
* Michael MIC (IEEE 802.11i/TKIP) keyed digest
*
* Copyright (c) 2004 Jouni Malinen <j@w1.fi>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
*/
#include <crypto/internal/hash.h>
#include <asm/byteorder.h>
@@ -159,6 +156,7 @@
.descsize = sizeof(struct michael_mic_desc_ctx),
.base = {
.cra_name = "michael_mic",
+ .cra_driver_name = "michael_mic-generic",
.cra_blocksize = 8,
.cra_alignmask = 3,
.cra_ctxsize = sizeof(struct michael_mic_ctx),
@@ -178,7 +176,7 @@
}
-module_init(michael_mic_init);
+subsys_initcall(michael_mic_init);
module_exit(michael_mic_exit);
MODULE_LICENSE("GPL v2");
diff --git a/crypto/morus1280.c b/crypto/morus1280.c
deleted file mode 100644
index 3889c18..0000000
--- a/crypto/morus1280.c
+++ /dev/null
@@ -1,545 +0,0 @@
-/*
- * The MORUS-1280 Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- */
-
-#include <asm/unaligned.h>
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/morus_common.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#define MORUS1280_WORD_SIZE 8
-#define MORUS1280_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS1280_WORD_SIZE)
-#define MORUS1280_BLOCK_ALIGN (__alignof__(__le64))
-#define MORUS1280_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS1280_BLOCK_ALIGN)
-
-struct morus1280_block {
- u64 words[MORUS_BLOCK_WORDS];
-};
-
-union morus1280_block_in {
- __le64 words[MORUS_BLOCK_WORDS];
- u8 bytes[MORUS1280_BLOCK_SIZE];
-};
-
-struct morus1280_state {
- struct morus1280_block s[MORUS_STATE_BLOCKS];
-};
-
-struct morus1280_ctx {
- struct morus1280_block key;
-};
-
-struct morus1280_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct morus1280_state *state,
- u8 *dst, const u8 *src, unsigned int size);
-};
-
-static const struct morus1280_block crypto_morus1280_const[1] = {
- { .words = {
- U64_C(0x0d08050302010100),
- U64_C(0x6279e99059372215),
- U64_C(0xf12fc26d55183ddb),
- U64_C(0xdd28b57342311120),
- } },
-};
-
-static void crypto_morus1280_round(struct morus1280_block *b0,
- struct morus1280_block *b1,
- struct morus1280_block *b2,
- struct morus1280_block *b3,
- struct morus1280_block *b4,
- const struct morus1280_block *m,
- unsigned int b, unsigned int w)
-{
- unsigned int i;
- struct morus1280_block tmp;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- b0->words[i] ^= b1->words[i] & b2->words[i];
- b0->words[i] ^= b3->words[i];
- b0->words[i] ^= m->words[i];
- b0->words[i] = rol64(b0->words[i], b);
- }
-
- tmp = *b3;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
-}
-
-static void crypto_morus1280_update(struct morus1280_state *state,
- const struct morus1280_block *m)
-{
- static const struct morus1280_block z = {};
-
- struct morus1280_block *s = state->s;
-
- crypto_morus1280_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 13, 1);
- crypto_morus1280_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 46, 2);
- crypto_morus1280_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 38, 3);
- crypto_morus1280_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 7, 2);
- crypto_morus1280_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 4, 1);
-}
-
-static void crypto_morus1280_load_a(struct morus1280_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = le64_to_cpu(*(const __le64 *)src);
- src += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_load_u(struct morus1280_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = get_unaligned_le64(src);
- src += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_load(struct morus1280_block *dst, const u8 *src)
-{
- if (MORUS1280_ALIGNED(src))
- crypto_morus1280_load_a(dst, src);
- else
- crypto_morus1280_load_u(dst, src);
-}
-
-static void crypto_morus1280_store_a(u8 *dst, const struct morus1280_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- *(__le64 *)dst = cpu_to_le64(src->words[i]);
- dst += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_store_u(u8 *dst, const struct morus1280_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- put_unaligned_le64(src->words[i], dst);
- dst += MORUS1280_WORD_SIZE;
- }
-}
-
-static void crypto_morus1280_store(u8 *dst, const struct morus1280_block *src)
-{
- if (MORUS1280_ALIGNED(dst))
- crypto_morus1280_store_a(dst, src);
- else
- crypto_morus1280_store_u(dst, src);
-}
-
-static void crypto_morus1280_ad(struct morus1280_state *state, const u8 *src,
- unsigned int size)
-{
- struct morus1280_block m;
-
- if (MORUS1280_ALIGNED(src)) {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_a(&m, src);
- crypto_morus1280_update(state, &m);
-
- size -= MORUS1280_BLOCK_SIZE;
- src += MORUS1280_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_u(&m, src);
- crypto_morus1280_update(state, &m);
-
- size -= MORUS1280_BLOCK_SIZE;
- src += MORUS1280_BLOCK_SIZE;
- }
- }
-}
-
-static void crypto_morus1280_core(const struct morus1280_state *state,
- struct morus1280_block *blk)
-{
- unsigned int i;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- blk->words[i] ^= state->s[0].words[i];
- blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
- }
-}
-
-static void crypto_morus1280_encrypt_chunk(struct morus1280_state *state,
- u8 *dst, const u8 *src,
- unsigned int size)
-{
- struct morus1280_block c, m;
-
- if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_a(&m, src);
- c = m;
- crypto_morus1280_core(state, &c);
- crypto_morus1280_store_a(dst, &c);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_u(&m, src);
- c = m;
- crypto_morus1280_core(state, &c);
- crypto_morus1280_store_u(dst, &c);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus1280_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
-
- crypto_morus1280_load_a(&m, tail.bytes);
- c = m;
- crypto_morus1280_core(state, &c);
- crypto_morus1280_store_a(tail.bytes, &c);
- crypto_morus1280_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus1280_decrypt_chunk(struct morus1280_state *state,
- u8 *dst, const u8 *src,
- unsigned int size)
-{
- struct morus1280_block m;
-
- if (MORUS1280_ALIGNED(src) && MORUS1280_ALIGNED(dst)) {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_a(&m, src);
- crypto_morus1280_core(state, &m);
- crypto_morus1280_store_a(dst, &m);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS1280_BLOCK_SIZE) {
- crypto_morus1280_load_u(&m, src);
- crypto_morus1280_core(state, &m);
- crypto_morus1280_store_u(dst, &m);
- crypto_morus1280_update(state, &m);
-
- src += MORUS1280_BLOCK_SIZE;
- dst += MORUS1280_BLOCK_SIZE;
- size -= MORUS1280_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus1280_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
-
- crypto_morus1280_load_a(&m, tail.bytes);
- crypto_morus1280_core(state, &m);
- crypto_morus1280_store_a(tail.bytes, &m);
- memset(tail.bytes + size, 0, MORUS1280_BLOCK_SIZE - size);
- crypto_morus1280_load_a(&m, tail.bytes);
- crypto_morus1280_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus1280_init(struct morus1280_state *state,
- const struct morus1280_block *key,
- const u8 *iv)
-{
- static const struct morus1280_block z = {};
-
- union morus1280_block_in tmp;
- unsigned int i;
-
- memcpy(tmp.bytes, iv, MORUS_NONCE_SIZE);
- memset(tmp.bytes + MORUS_NONCE_SIZE, 0,
- MORUS1280_BLOCK_SIZE - MORUS_NONCE_SIZE);
-
- crypto_morus1280_load(&state->s[0], tmp.bytes);
- state->s[1] = *key;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[2].words[i] = U64_C(0xFFFFFFFFFFFFFFFF);
- state->s[3] = z;
- state->s[4] = crypto_morus1280_const[0];
-
- for (i = 0; i < 16; i++)
- crypto_morus1280_update(state, &z);
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[1].words[i] ^= key->words[i];
-}
-
-static void crypto_morus1280_process_ad(struct morus1280_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- struct morus1280_block m;
- union morus1280_block_in buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= MORUS1280_BLOCK_SIZE) {
- if (pos > 0) {
- unsigned int fill = MORUS1280_BLOCK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
-
- crypto_morus1280_load_a(&m, buf.bytes);
- crypto_morus1280_update(state, &m);
-
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_morus1280_ad(state, src, left);
- src += left & ~(MORUS1280_BLOCK_SIZE - 1);
- left &= MORUS1280_BLOCK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, MORUS1280_BLOCK_SIZE - pos);
-
- crypto_morus1280_load_a(&m, buf.bytes);
- crypto_morus1280_update(state, &m);
- }
-}
-
-static void crypto_morus1280_process_crypt(struct morus1280_state *state,
- struct aead_request *req,
- const struct morus1280_ops *ops)
-{
- struct skcipher_walk walk;
- u8 *dst;
- const u8 *src;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- src = walk.src.virt.addr;
- dst = walk.dst.virt.addr;
-
- ops->crypt_chunk(state, dst, src, walk.nbytes);
-
- skcipher_walk_done(&walk, 0);
- }
-}
-
-static void crypto_morus1280_final(struct morus1280_state *state,
- struct morus1280_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- struct morus1280_block tmp;
- unsigned int i;
-
- tmp.words[0] = assoclen * 8;
- tmp.words[1] = cryptlen * 8;
- tmp.words[2] = 0;
- tmp.words[3] = 0;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[4].words[i] ^= state->s[0].words[i];
-
- for (i = 0; i < 10; i++)
- crypto_morus1280_update(state, &tmp);
-
- crypto_morus1280_core(state, tag_xor);
-}
-
-static int crypto_morus1280_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct morus1280_ctx *ctx = crypto_aead_ctx(aead);
- union morus1280_block_in tmp;
-
- if (keylen == MORUS1280_BLOCK_SIZE)
- crypto_morus1280_load(&ctx->key, key);
- else if (keylen == MORUS1280_BLOCK_SIZE / 2) {
- memcpy(tmp.bytes, key, keylen);
- memcpy(tmp.bytes + keylen, key, keylen);
-
- crypto_morus1280_load(&ctx->key, tmp.bytes);
- } else {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- return 0;
-}
-
-static int crypto_morus1280_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
-}
-
-static void crypto_morus1280_crypt(struct aead_request *req,
- struct morus1280_block *tag_xor,
- unsigned int cryptlen,
- const struct morus1280_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus1280_ctx *ctx = crypto_aead_ctx(tfm);
- struct morus1280_state state;
-
- crypto_morus1280_init(&state, &ctx->key, req->iv);
- crypto_morus1280_process_ad(&state, req->src, req->assoclen);
- crypto_morus1280_process_crypt(&state, req, ops);
- crypto_morus1280_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_morus1280_encrypt(struct aead_request *req)
-{
- static const struct morus1280_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_morus1280_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus1280_block tag = {};
- union morus1280_block_in tag_out;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_morus1280_crypt(req, &tag, cryptlen, &ops);
- crypto_morus1280_store(tag_out.bytes, &tag);
-
- scatterwalk_map_and_copy(tag_out.bytes, req->dst,
- req->assoclen + cryptlen, authsize, 1);
- return 0;
-}
-
-static int crypto_morus1280_decrypt(struct aead_request *req)
-{
- static const struct morus1280_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_morus1280_decrypt_chunk,
- };
- static const u8 zeros[MORUS1280_BLOCK_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union morus1280_block_in tag_in;
- struct morus1280_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag_in.bytes, req->src,
- req->assoclen + cryptlen, authsize, 0);
-
- crypto_morus1280_load(&tag, tag_in.bytes);
- crypto_morus1280_crypt(req, &tag, cryptlen, &ops);
- crypto_morus1280_store(tag_in.bytes, &tag);
-
- return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_morus1280_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_morus1280_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_morus1280_alg = {
- .setkey = crypto_morus1280_setkey,
- .setauthsize = crypto_morus1280_setauthsize,
- .encrypt = crypto_morus1280_encrypt,
- .decrypt = crypto_morus1280_decrypt,
- .init = crypto_morus1280_init_tfm,
- .exit = crypto_morus1280_exit_tfm,
-
- .ivsize = MORUS_NONCE_SIZE,
- .maxauthsize = MORUS_MAX_AUTH_SIZE,
- .chunksize = MORUS1280_BLOCK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct morus1280_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "morus1280",
- .cra_driver_name = "morus1280-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-
-static int __init crypto_morus1280_module_init(void)
-{
- return crypto_register_aead(&crypto_morus1280_alg);
-}
-
-static void __exit crypto_morus1280_module_exit(void)
-{
- crypto_unregister_aead(&crypto_morus1280_alg);
-}
-
-module_init(crypto_morus1280_module_init);
-module_exit(crypto_morus1280_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("MORUS-1280 AEAD algorithm");
-MODULE_ALIAS_CRYPTO("morus1280");
-MODULE_ALIAS_CRYPTO("morus1280-generic");
diff --git a/crypto/morus640.c b/crypto/morus640.c
deleted file mode 100644
index da06ec2..0000000
--- a/crypto/morus640.c
+++ /dev/null
@@ -1,536 +0,0 @@
-/*
- * The MORUS-640 Authenticated-Encryption Algorithm
- *
- * Copyright (c) 2016-2018 Ondrej Mosnacek <omosnacek@gmail.com>
- * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- */
-
-#include <asm/unaligned.h>
-#include <crypto/algapi.h>
-#include <crypto/internal/aead.h>
-#include <crypto/internal/skcipher.h>
-#include <crypto/morus_common.h>
-#include <crypto/scatterwalk.h>
-#include <linux/err.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/scatterlist.h>
-
-#define MORUS640_WORD_SIZE 4
-#define MORUS640_BLOCK_SIZE (MORUS_BLOCK_WORDS * MORUS640_WORD_SIZE)
-#define MORUS640_BLOCK_ALIGN (__alignof__(__le32))
-#define MORUS640_ALIGNED(p) IS_ALIGNED((uintptr_t)p, MORUS640_BLOCK_ALIGN)
-
-struct morus640_block {
- u32 words[MORUS_BLOCK_WORDS];
-};
-
-union morus640_block_in {
- __le32 words[MORUS_BLOCK_WORDS];
- u8 bytes[MORUS640_BLOCK_SIZE];
-};
-
-struct morus640_state {
- struct morus640_block s[MORUS_STATE_BLOCKS];
-};
-
-struct morus640_ctx {
- struct morus640_block key;
-};
-
-struct morus640_ops {
- int (*skcipher_walk_init)(struct skcipher_walk *walk,
- struct aead_request *req, bool atomic);
-
- void (*crypt_chunk)(struct morus640_state *state,
- u8 *dst, const u8 *src, unsigned int size);
-};
-
-static const struct morus640_block crypto_morus640_const[2] = {
- { .words = {
- U32_C(0x02010100),
- U32_C(0x0d080503),
- U32_C(0x59372215),
- U32_C(0x6279e990),
- } },
- { .words = {
- U32_C(0x55183ddb),
- U32_C(0xf12fc26d),
- U32_C(0x42311120),
- U32_C(0xdd28b573),
- } },
-};
-
-static void crypto_morus640_round(struct morus640_block *b0,
- struct morus640_block *b1,
- struct morus640_block *b2,
- struct morus640_block *b3,
- struct morus640_block *b4,
- const struct morus640_block *m,
- unsigned int b, unsigned int w)
-{
- unsigned int i;
- struct morus640_block tmp;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- b0->words[i] ^= b1->words[i] & b2->words[i];
- b0->words[i] ^= b3->words[i];
- b0->words[i] ^= m->words[i];
- b0->words[i] = rol32(b0->words[i], b);
- }
-
- tmp = *b3;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- b3->words[(i + w) % MORUS_BLOCK_WORDS] = tmp.words[i];
-}
-
-static void crypto_morus640_update(struct morus640_state *state,
- const struct morus640_block *m)
-{
- static const struct morus640_block z = {};
-
- struct morus640_block *s = state->s;
-
- crypto_morus640_round(&s[0], &s[1], &s[2], &s[3], &s[4], &z, 5, 1);
- crypto_morus640_round(&s[1], &s[2], &s[3], &s[4], &s[0], m, 31, 2);
- crypto_morus640_round(&s[2], &s[3], &s[4], &s[0], &s[1], m, 7, 3);
- crypto_morus640_round(&s[3], &s[4], &s[0], &s[1], &s[2], m, 22, 2);
- crypto_morus640_round(&s[4], &s[0], &s[1], &s[2], &s[3], m, 13, 1);
-}
-
-static void crypto_morus640_load_a(struct morus640_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = le32_to_cpu(*(const __le32 *)src);
- src += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_load_u(struct morus640_block *dst, const u8 *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- dst->words[i] = get_unaligned_le32(src);
- src += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_load(struct morus640_block *dst, const u8 *src)
-{
- if (MORUS640_ALIGNED(src))
- crypto_morus640_load_a(dst, src);
- else
- crypto_morus640_load_u(dst, src);
-}
-
-static void crypto_morus640_store_a(u8 *dst, const struct morus640_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- *(__le32 *)dst = cpu_to_le32(src->words[i]);
- dst += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_store_u(u8 *dst, const struct morus640_block *src)
-{
- unsigned int i;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- put_unaligned_le32(src->words[i], dst);
- dst += MORUS640_WORD_SIZE;
- }
-}
-
-static void crypto_morus640_store(u8 *dst, const struct morus640_block *src)
-{
- if (MORUS640_ALIGNED(dst))
- crypto_morus640_store_a(dst, src);
- else
- crypto_morus640_store_u(dst, src);
-}
-
-static void crypto_morus640_ad(struct morus640_state *state, const u8 *src,
- unsigned int size)
-{
- struct morus640_block m;
-
- if (MORUS640_ALIGNED(src)) {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_a(&m, src);
- crypto_morus640_update(state, &m);
-
- size -= MORUS640_BLOCK_SIZE;
- src += MORUS640_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_u(&m, src);
- crypto_morus640_update(state, &m);
-
- size -= MORUS640_BLOCK_SIZE;
- src += MORUS640_BLOCK_SIZE;
- }
- }
-}
-
-static void crypto_morus640_core(const struct morus640_state *state,
- struct morus640_block *blk)
-{
- unsigned int i;
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- blk->words[(i + 3) % MORUS_BLOCK_WORDS] ^= state->s[1].words[i];
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++) {
- blk->words[i] ^= state->s[0].words[i];
- blk->words[i] ^= state->s[2].words[i] & state->s[3].words[i];
- }
-}
-
-static void crypto_morus640_encrypt_chunk(struct morus640_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- struct morus640_block c, m;
-
- if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_a(&m, src);
- c = m;
- crypto_morus640_core(state, &c);
- crypto_morus640_store_a(dst, &c);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_u(&m, src);
- c = m;
- crypto_morus640_core(state, &c);
- crypto_morus640_store_u(dst, &c);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus640_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
-
- crypto_morus640_load_a(&m, tail.bytes);
- c = m;
- crypto_morus640_core(state, &c);
- crypto_morus640_store_a(tail.bytes, &c);
- crypto_morus640_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus640_decrypt_chunk(struct morus640_state *state, u8 *dst,
- const u8 *src, unsigned int size)
-{
- struct morus640_block m;
-
- if (MORUS640_ALIGNED(src) && MORUS640_ALIGNED(dst)) {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_a(&m, src);
- crypto_morus640_core(state, &m);
- crypto_morus640_store_a(dst, &m);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- } else {
- while (size >= MORUS640_BLOCK_SIZE) {
- crypto_morus640_load_u(&m, src);
- crypto_morus640_core(state, &m);
- crypto_morus640_store_u(dst, &m);
- crypto_morus640_update(state, &m);
-
- src += MORUS640_BLOCK_SIZE;
- dst += MORUS640_BLOCK_SIZE;
- size -= MORUS640_BLOCK_SIZE;
- }
- }
-
- if (size > 0) {
- union morus640_block_in tail;
-
- memcpy(tail.bytes, src, size);
- memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
-
- crypto_morus640_load_a(&m, tail.bytes);
- crypto_morus640_core(state, &m);
- crypto_morus640_store_a(tail.bytes, &m);
- memset(tail.bytes + size, 0, MORUS640_BLOCK_SIZE - size);
- crypto_morus640_load_a(&m, tail.bytes);
- crypto_morus640_update(state, &m);
-
- memcpy(dst, tail.bytes, size);
- }
-}
-
-static void crypto_morus640_init(struct morus640_state *state,
- const struct morus640_block *key,
- const u8 *iv)
-{
- static const struct morus640_block z = {};
-
- unsigned int i;
-
- crypto_morus640_load(&state->s[0], iv);
- state->s[1] = *key;
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[2].words[i] = U32_C(0xFFFFFFFF);
- state->s[3] = crypto_morus640_const[0];
- state->s[4] = crypto_morus640_const[1];
-
- for (i = 0; i < 16; i++)
- crypto_morus640_update(state, &z);
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[1].words[i] ^= key->words[i];
-}
-
-static void crypto_morus640_process_ad(struct morus640_state *state,
- struct scatterlist *sg_src,
- unsigned int assoclen)
-{
- struct scatter_walk walk;
- struct morus640_block m;
- union morus640_block_in buf;
- unsigned int pos = 0;
-
- scatterwalk_start(&walk, sg_src);
- while (assoclen != 0) {
- unsigned int size = scatterwalk_clamp(&walk, assoclen);
- unsigned int left = size;
- void *mapped = scatterwalk_map(&walk);
- const u8 *src = (const u8 *)mapped;
-
- if (pos + size >= MORUS640_BLOCK_SIZE) {
- if (pos > 0) {
- unsigned int fill = MORUS640_BLOCK_SIZE - pos;
- memcpy(buf.bytes + pos, src, fill);
-
- crypto_morus640_load_a(&m, buf.bytes);
- crypto_morus640_update(state, &m);
-
- pos = 0;
- left -= fill;
- src += fill;
- }
-
- crypto_morus640_ad(state, src, left);
- src += left & ~(MORUS640_BLOCK_SIZE - 1);
- left &= MORUS640_BLOCK_SIZE - 1;
- }
-
- memcpy(buf.bytes + pos, src, left);
-
- pos += left;
- assoclen -= size;
- scatterwalk_unmap(mapped);
- scatterwalk_advance(&walk, size);
- scatterwalk_done(&walk, 0, assoclen);
- }
-
- if (pos > 0) {
- memset(buf.bytes + pos, 0, MORUS640_BLOCK_SIZE - pos);
-
- crypto_morus640_load_a(&m, buf.bytes);
- crypto_morus640_update(state, &m);
- }
-}
-
-static void crypto_morus640_process_crypt(struct morus640_state *state,
- struct aead_request *req,
- const struct morus640_ops *ops)
-{
- struct skcipher_walk walk;
- u8 *dst;
- const u8 *src;
-
- ops->skcipher_walk_init(&walk, req, false);
-
- while (walk.nbytes) {
- src = walk.src.virt.addr;
- dst = walk.dst.virt.addr;
-
- ops->crypt_chunk(state, dst, src, walk.nbytes);
-
- skcipher_walk_done(&walk, 0);
- }
-}
-
-static void crypto_morus640_final(struct morus640_state *state,
- struct morus640_block *tag_xor,
- u64 assoclen, u64 cryptlen)
-{
- struct morus640_block tmp;
- unsigned int i;
-
- tmp.words[0] = lower_32_bits(assoclen * 8);
- tmp.words[1] = upper_32_bits(assoclen * 8);
- tmp.words[2] = lower_32_bits(cryptlen * 8);
- tmp.words[3] = upper_32_bits(cryptlen * 8);
-
- for (i = 0; i < MORUS_BLOCK_WORDS; i++)
- state->s[4].words[i] ^= state->s[0].words[i];
-
- for (i = 0; i < 10; i++)
- crypto_morus640_update(state, &tmp);
-
- crypto_morus640_core(state, tag_xor);
-}
-
-static int crypto_morus640_setkey(struct crypto_aead *aead, const u8 *key,
- unsigned int keylen)
-{
- struct morus640_ctx *ctx = crypto_aead_ctx(aead);
-
- if (keylen != MORUS640_BLOCK_SIZE) {
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- return -EINVAL;
- }
-
- crypto_morus640_load(&ctx->key, key);
- return 0;
-}
-
-static int crypto_morus640_setauthsize(struct crypto_aead *tfm,
- unsigned int authsize)
-{
- return (authsize <= MORUS_MAX_AUTH_SIZE) ? 0 : -EINVAL;
-}
-
-static void crypto_morus640_crypt(struct aead_request *req,
- struct morus640_block *tag_xor,
- unsigned int cryptlen,
- const struct morus640_ops *ops)
-{
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus640_ctx *ctx = crypto_aead_ctx(tfm);
- struct morus640_state state;
-
- crypto_morus640_init(&state, &ctx->key, req->iv);
- crypto_morus640_process_ad(&state, req->src, req->assoclen);
- crypto_morus640_process_crypt(&state, req, ops);
- crypto_morus640_final(&state, tag_xor, req->assoclen, cryptlen);
-}
-
-static int crypto_morus640_encrypt(struct aead_request *req)
-{
- static const struct morus640_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_encrypt,
- .crypt_chunk = crypto_morus640_encrypt_chunk,
- };
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- struct morus640_block tag = {};
- union morus640_block_in tag_out;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen;
-
- crypto_morus640_crypt(req, &tag, cryptlen, &ops);
- crypto_morus640_store(tag_out.bytes, &tag);
-
- scatterwalk_map_and_copy(tag_out.bytes, req->dst,
- req->assoclen + cryptlen, authsize, 1);
- return 0;
-}
-
-static int crypto_morus640_decrypt(struct aead_request *req)
-{
- static const struct morus640_ops ops = {
- .skcipher_walk_init = skcipher_walk_aead_decrypt,
- .crypt_chunk = crypto_morus640_decrypt_chunk,
- };
- static const u8 zeros[MORUS640_BLOCK_SIZE] = {};
-
- struct crypto_aead *tfm = crypto_aead_reqtfm(req);
- union morus640_block_in tag_in;
- struct morus640_block tag;
- unsigned int authsize = crypto_aead_authsize(tfm);
- unsigned int cryptlen = req->cryptlen - authsize;
-
- scatterwalk_map_and_copy(tag_in.bytes, req->src,
- req->assoclen + cryptlen, authsize, 0);
-
- crypto_morus640_load(&tag, tag_in.bytes);
- crypto_morus640_crypt(req, &tag, cryptlen, &ops);
- crypto_morus640_store(tag_in.bytes, &tag);
-
- return crypto_memneq(tag_in.bytes, zeros, authsize) ? -EBADMSG : 0;
-}
-
-static int crypto_morus640_init_tfm(struct crypto_aead *tfm)
-{
- return 0;
-}
-
-static void crypto_morus640_exit_tfm(struct crypto_aead *tfm)
-{
-}
-
-static struct aead_alg crypto_morus640_alg = {
- .setkey = crypto_morus640_setkey,
- .setauthsize = crypto_morus640_setauthsize,
- .encrypt = crypto_morus640_encrypt,
- .decrypt = crypto_morus640_decrypt,
- .init = crypto_morus640_init_tfm,
- .exit = crypto_morus640_exit_tfm,
-
- .ivsize = MORUS_NONCE_SIZE,
- .maxauthsize = MORUS_MAX_AUTH_SIZE,
- .chunksize = MORUS640_BLOCK_SIZE,
-
- .base = {
- .cra_blocksize = 1,
- .cra_ctxsize = sizeof(struct morus640_ctx),
- .cra_alignmask = 0,
-
- .cra_priority = 100,
-
- .cra_name = "morus640",
- .cra_driver_name = "morus640-generic",
-
- .cra_module = THIS_MODULE,
- }
-};
-
-static int __init crypto_morus640_module_init(void)
-{
- return crypto_register_aead(&crypto_morus640_alg);
-}
-
-static void __exit crypto_morus640_module_exit(void)
-{
- crypto_unregister_aead(&crypto_morus640_alg);
-}
-
-module_init(crypto_morus640_module_init);
-module_exit(crypto_morus640_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Ondrej Mosnacek <omosnacek@gmail.com>");
-MODULE_DESCRIPTION("MORUS-640 AEAD algorithm");
-MODULE_ALIAS_CRYPTO("morus640");
-MODULE_ALIAS_CRYPTO("morus640-generic");
diff --git a/crypto/nhpoly1305.c b/crypto/nhpoly1305.c
new file mode 100644
index 0000000..9ab4e07
--- /dev/null
+++ b/crypto/nhpoly1305.c
@@ -0,0 +1,254 @@
+// SPDX-License-Identifier: GPL-2.0
+/*
+ * NHPoly1305 - ε-almost-∆-universal hash function for Adiantum
+ *
+ * Copyright 2018 Google LLC
+ */
+
+/*
+ * "NHPoly1305" is the main component of Adiantum hashing.
+ * Specifically, it is the calculation
+ *
+ * H_L ← Poly1305_{K_L}(NH_{K_N}(pad_{128}(L)))
+ *
+ * from the procedure in section 6.4 of the Adiantum paper [1]. It is an
+ * ε-almost-∆-universal (ε-∆U) hash function for equal-length inputs over
+ * Z/(2^{128}Z), where the "∆" operation is addition. It hashes 1024-byte
+ * chunks of the input with the NH hash function [2], reducing the input length
+ * by 32x. The resulting NH digests are evaluated as a polynomial in
+ * GF(2^{130}-5), like in the Poly1305 MAC [3]. Note that the polynomial
+ * evaluation by itself would suffice to achieve the ε-∆U property; NH is used
+ * for performance since it's over twice as fast as Poly1305.
+ *
+ * This is *not* a cryptographic hash function; do not use it as such!
+ *
+ * [1] Adiantum: length-preserving encryption for entry-level processors
+ * (https://eprint.iacr.org/2018/720.pdf)
+ * [2] UMAC: Fast and Secure Message Authentication
+ * (https://fastcrypto.org/umac/umac_proc.pdf)
+ * [3] The Poly1305-AES message-authentication code
+ * (https://cr.yp.to/mac/poly1305-20050329.pdf)
+ */
+
+#include <asm/unaligned.h>
+#include <crypto/algapi.h>
+#include <crypto/internal/hash.h>
+#include <crypto/nhpoly1305.h>
+#include <linux/crypto.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+static void nh_generic(const u32 *key, const u8 *message, size_t message_len,
+ __le64 hash[NH_NUM_PASSES])
+{
+ u64 sums[4] = { 0, 0, 0, 0 };
+
+ BUILD_BUG_ON(NH_PAIR_STRIDE != 2);
+ BUILD_BUG_ON(NH_NUM_PASSES != 4);
+
+ while (message_len) {
+ u32 m0 = get_unaligned_le32(message + 0);
+ u32 m1 = get_unaligned_le32(message + 4);
+ u32 m2 = get_unaligned_le32(message + 8);
+ u32 m3 = get_unaligned_le32(message + 12);
+
+ sums[0] += (u64)(u32)(m0 + key[ 0]) * (u32)(m2 + key[ 2]);
+ sums[1] += (u64)(u32)(m0 + key[ 4]) * (u32)(m2 + key[ 6]);
+ sums[2] += (u64)(u32)(m0 + key[ 8]) * (u32)(m2 + key[10]);
+ sums[3] += (u64)(u32)(m0 + key[12]) * (u32)(m2 + key[14]);
+ sums[0] += (u64)(u32)(m1 + key[ 1]) * (u32)(m3 + key[ 3]);
+ sums[1] += (u64)(u32)(m1 + key[ 5]) * (u32)(m3 + key[ 7]);
+ sums[2] += (u64)(u32)(m1 + key[ 9]) * (u32)(m3 + key[11]);
+ sums[3] += (u64)(u32)(m1 + key[13]) * (u32)(m3 + key[15]);
+ key += NH_MESSAGE_UNIT / sizeof(key[0]);
+ message += NH_MESSAGE_UNIT;
+ message_len -= NH_MESSAGE_UNIT;
+ }
+
+ hash[0] = cpu_to_le64(sums[0]);
+ hash[1] = cpu_to_le64(sums[1]);
+ hash[2] = cpu_to_le64(sums[2]);
+ hash[3] = cpu_to_le64(sums[3]);
+}
+
+/* Pass the next NH hash value through Poly1305 */
+static void process_nh_hash_value(struct nhpoly1305_state *state,
+ const struct nhpoly1305_key *key)
+{
+ BUILD_BUG_ON(NH_HASH_BYTES % POLY1305_BLOCK_SIZE != 0);
+
+ poly1305_core_blocks(&state->poly_state, &key->poly_key, state->nh_hash,
+ NH_HASH_BYTES / POLY1305_BLOCK_SIZE);
+}
+
+/*
+ * Feed the next portion of the source data, as a whole number of 16-byte
+ * "NH message units", through NH and Poly1305. Each NH hash is taken over
+ * 1024 bytes, except possibly the final one which is taken over a multiple of
+ * 16 bytes up to 1024. Also, in the case where data is passed in misaligned
+ * chunks, we combine partial hashes; the end result is the same either way.
+ */
+static void nhpoly1305_units(struct nhpoly1305_state *state,
+ const struct nhpoly1305_key *key,
+ const u8 *src, unsigned int srclen, nh_t nh_fn)
+{
+ do {
+ unsigned int bytes;
+
+ if (state->nh_remaining == 0) {
+ /* Starting a new NH message */
+ bytes = min_t(unsigned int, srclen, NH_MESSAGE_BYTES);
+ nh_fn(key->nh_key, src, bytes, state->nh_hash);
+ state->nh_remaining = NH_MESSAGE_BYTES - bytes;
+ } else {
+ /* Continuing a previous NH message */
+ __le64 tmp_hash[NH_NUM_PASSES];
+ unsigned int pos;
+ int i;
+
+ pos = NH_MESSAGE_BYTES - state->nh_remaining;
+ bytes = min(srclen, state->nh_remaining);
+ nh_fn(&key->nh_key[pos / 4], src, bytes, tmp_hash);
+ for (i = 0; i < NH_NUM_PASSES; i++)
+ le64_add_cpu(&state->nh_hash[i],
+ le64_to_cpu(tmp_hash[i]));
+ state->nh_remaining -= bytes;
+ }
+ if (state->nh_remaining == 0)
+ process_nh_hash_value(state, key);
+ src += bytes;
+ srclen -= bytes;
+ } while (srclen);
+}
+
+int crypto_nhpoly1305_setkey(struct crypto_shash *tfm,
+ const u8 *key, unsigned int keylen)
+{
+ struct nhpoly1305_key *ctx = crypto_shash_ctx(tfm);
+ int i;
+
+ if (keylen != NHPOLY1305_KEY_SIZE)
+ return -EINVAL;
+
+ poly1305_core_setkey(&ctx->poly_key, key);
+ key += POLY1305_BLOCK_SIZE;
+
+ for (i = 0; i < NH_KEY_WORDS; i++)
+ ctx->nh_key[i] = get_unaligned_le32(key + i * sizeof(u32));
+
+ return 0;
+}
+EXPORT_SYMBOL(crypto_nhpoly1305_setkey);
+
+int crypto_nhpoly1305_init(struct shash_desc *desc)
+{
+ struct nhpoly1305_state *state = shash_desc_ctx(desc);
+
+ poly1305_core_init(&state->poly_state);
+ state->buflen = 0;
+ state->nh_remaining = 0;
+ return 0;
+}
+EXPORT_SYMBOL(crypto_nhpoly1305_init);
+
+int crypto_nhpoly1305_update_helper(struct shash_desc *desc,
+ const u8 *src, unsigned int srclen,
+ nh_t nh_fn)
+{
+ struct nhpoly1305_state *state = shash_desc_ctx(desc);
+ const struct nhpoly1305_key *key = crypto_shash_ctx(desc->tfm);
+ unsigned int bytes;
+
+ if (state->buflen) {
+ bytes = min(srclen, (int)NH_MESSAGE_UNIT - state->buflen);
+ memcpy(&state->buffer[state->buflen], src, bytes);
+ state->buflen += bytes;
+ if (state->buflen < NH_MESSAGE_UNIT)
+ return 0;
+ nhpoly1305_units(state, key, state->buffer, NH_MESSAGE_UNIT,
+ nh_fn);
+ state->buflen = 0;
+ src += bytes;
+ srclen -= bytes;
+ }
+
+ if (srclen >= NH_MESSAGE_UNIT) {
+ bytes = round_down(srclen, NH_MESSAGE_UNIT);
+ nhpoly1305_units(state, key, src, bytes, nh_fn);
+ src += bytes;
+ srclen -= bytes;
+ }
+
+ if (srclen) {
+ memcpy(state->buffer, src, srclen);
+ state->buflen = srclen;
+ }
+ return 0;
+}
+EXPORT_SYMBOL(crypto_nhpoly1305_update_helper);
+
+int crypto_nhpoly1305_update(struct shash_desc *desc,
+ const u8 *src, unsigned int srclen)
+{
+ return crypto_nhpoly1305_update_helper(desc, src, srclen, nh_generic);
+}
+EXPORT_SYMBOL(crypto_nhpoly1305_update);
+
+int crypto_nhpoly1305_final_helper(struct shash_desc *desc, u8 *dst, nh_t nh_fn)
+{
+ struct nhpoly1305_state *state = shash_desc_ctx(desc);
+ const struct nhpoly1305_key *key = crypto_shash_ctx(desc->tfm);
+
+ if (state->buflen) {
+ memset(&state->buffer[state->buflen], 0,
+ NH_MESSAGE_UNIT - state->buflen);
+ nhpoly1305_units(state, key, state->buffer, NH_MESSAGE_UNIT,
+ nh_fn);
+ }
+
+ if (state->nh_remaining)
+ process_nh_hash_value(state, key);
+
+ poly1305_core_emit(&state->poly_state, dst);
+ return 0;
+}
+EXPORT_SYMBOL(crypto_nhpoly1305_final_helper);
+
+int crypto_nhpoly1305_final(struct shash_desc *desc, u8 *dst)
+{
+ return crypto_nhpoly1305_final_helper(desc, dst, nh_generic);
+}
+EXPORT_SYMBOL(crypto_nhpoly1305_final);
+
+static struct shash_alg nhpoly1305_alg = {
+ .base.cra_name = "nhpoly1305",
+ .base.cra_driver_name = "nhpoly1305-generic",
+ .base.cra_priority = 100,
+ .base.cra_ctxsize = sizeof(struct nhpoly1305_key),
+ .base.cra_module = THIS_MODULE,
+ .digestsize = POLY1305_DIGEST_SIZE,
+ .init = crypto_nhpoly1305_init,
+ .update = crypto_nhpoly1305_update,
+ .final = crypto_nhpoly1305_final,
+ .setkey = crypto_nhpoly1305_setkey,
+ .descsize = sizeof(struct nhpoly1305_state),
+};
+
+static int __init nhpoly1305_mod_init(void)
+{
+ return crypto_register_shash(&nhpoly1305_alg);
+}
+
+static void __exit nhpoly1305_mod_exit(void)
+{
+ crypto_unregister_shash(&nhpoly1305_alg);
+}
+
+subsys_initcall(nhpoly1305_mod_init);
+module_exit(nhpoly1305_mod_exit);
+
+MODULE_DESCRIPTION("NHPoly1305 ε-almost-∆-universal hash function");
+MODULE_LICENSE("GPL v2");
+MODULE_AUTHOR("Eric Biggers <ebiggers@google.com>");
+MODULE_ALIAS_CRYPTO("nhpoly1305");
+MODULE_ALIAS_CRYPTO("nhpoly1305-generic");
diff --git a/crypto/ofb.c b/crypto/ofb.c
new file mode 100644
index 0000000..133ff4c
--- /dev/null
+++ b/crypto/ofb.c
@@ -0,0 +1,103 @@
+// SPDX-License-Identifier: GPL-2.0
+
+/*
+ * OFB: Output FeedBack mode
+ *
+ * Copyright (C) 2018 ARM Limited or its affiliates.
+ * All rights reserved.
+ */
+
+#include <crypto/algapi.h>
+#include <crypto/internal/skcipher.h>
+#include <linux/err.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+static int crypto_ofb_crypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
+ const unsigned int bsize = crypto_cipher_blocksize(cipher);
+ struct skcipher_walk walk;
+ int err;
+
+ err = skcipher_walk_virt(&walk, req, false);
+
+ while (walk.nbytes >= bsize) {
+ const u8 *src = walk.src.virt.addr;
+ u8 *dst = walk.dst.virt.addr;
+ u8 * const iv = walk.iv;
+ unsigned int nbytes = walk.nbytes;
+
+ do {
+ crypto_cipher_encrypt_one(cipher, iv, iv);
+ crypto_xor_cpy(dst, src, iv, bsize);
+ dst += bsize;
+ src += bsize;
+ } while ((nbytes -= bsize) >= bsize);
+
+ err = skcipher_walk_done(&walk, nbytes);
+ }
+
+ if (walk.nbytes) {
+ crypto_cipher_encrypt_one(cipher, walk.iv, walk.iv);
+ crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr, walk.iv,
+ walk.nbytes);
+ err = skcipher_walk_done(&walk, 0);
+ }
+ return err;
+}
+
+static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb)
+{
+ struct skcipher_instance *inst;
+ struct crypto_alg *alg;
+ int err;
+
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
+ if (IS_ERR(inst))
+ return PTR_ERR(inst);
+
+ /* OFB mode is a stream cipher. */
+ inst->alg.base.cra_blocksize = 1;
+
+ /*
+ * To simplify the implementation, configure the skcipher walk to only
+ * give a partial block at the very end, never earlier.
+ */
+ inst->alg.chunksize = alg->cra_blocksize;
+
+ inst->alg.encrypt = crypto_ofb_crypt;
+ inst->alg.decrypt = crypto_ofb_crypt;
+
+ err = skcipher_register_instance(tmpl, inst);
+ if (err)
+ inst->free(inst);
+
+ crypto_mod_put(alg);
+ return err;
+}
+
+static struct crypto_template crypto_ofb_tmpl = {
+ .name = "ofb",
+ .create = crypto_ofb_create,
+ .module = THIS_MODULE,
+};
+
+static int __init crypto_ofb_module_init(void)
+{
+ return crypto_register_template(&crypto_ofb_tmpl);
+}
+
+static void __exit crypto_ofb_module_exit(void)
+{
+ crypto_unregister_template(&crypto_ofb_tmpl);
+}
+
+subsys_initcall(crypto_ofb_module_init);
+module_exit(crypto_ofb_module_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("OFB block cipher mode of operation");
+MODULE_ALIAS_CRYPTO("ofb");
diff --git a/crypto/pcbc.c b/crypto/pcbc.c
index 8aa1014..862cdb8 100644
--- a/crypto/pcbc.c
+++ b/crypto/pcbc.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* PCBC: Propagating Cipher Block Chaining mode
*
@@ -6,12 +7,6 @@
*
* Derived from cbc.c
* - Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/algapi.h>
@@ -20,28 +15,6 @@
#include <linux/init.h>
#include <linux/kernel.h>
#include <linux/module.h>
-#include <linux/slab.h>
-#include <linux/compiler.h>
-
-struct crypto_pcbc_ctx {
- struct crypto_cipher *child;
-};
-
-static int crypto_pcbc_setkey(struct crypto_skcipher *parent, const u8 *key,
- unsigned int keylen)
-{
- struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(parent);
- struct crypto_cipher *child = ctx->child;
- int err;
-
- crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
- crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) &
- CRYPTO_TFM_REQ_MASK);
- err = crypto_cipher_setkey(child, key, keylen);
- crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) &
- CRYPTO_TFM_RES_MASK);
- return err;
-}
static int crypto_pcbc_encrypt_segment(struct skcipher_request *req,
struct skcipher_walk *walk,
@@ -51,7 +24,7 @@
unsigned int nbytes = walk->nbytes;
u8 *src = walk->src.virt.addr;
u8 *dst = walk->dst.virt.addr;
- u8 *iv = walk->iv;
+ u8 * const iv = walk->iv;
do {
crypto_xor(iv, src, bsize);
@@ -72,7 +45,7 @@
int bsize = crypto_cipher_blocksize(tfm);
unsigned int nbytes = walk->nbytes;
u8 *src = walk->src.virt.addr;
- u8 *iv = walk->iv;
+ u8 * const iv = walk->iv;
u8 tmpbuf[MAX_CIPHER_BLOCKSIZE];
do {
@@ -84,16 +57,13 @@
src += bsize;
} while ((nbytes -= bsize) >= bsize);
- memcpy(walk->iv, iv, bsize);
-
return nbytes;
}
static int crypto_pcbc_encrypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
struct skcipher_walk walk;
unsigned int nbytes;
int err;
@@ -103,10 +73,10 @@
while ((nbytes = walk.nbytes)) {
if (walk.src.virt.addr == walk.dst.virt.addr)
nbytes = crypto_pcbc_encrypt_inplace(req, &walk,
- child);
+ cipher);
else
nbytes = crypto_pcbc_encrypt_segment(req, &walk,
- child);
+ cipher);
err = skcipher_walk_done(&walk, nbytes);
}
@@ -121,7 +91,7 @@
unsigned int nbytes = walk->nbytes;
u8 *src = walk->src.virt.addr;
u8 *dst = walk->dst.virt.addr;
- u8 *iv = walk->iv;
+ u8 * const iv = walk->iv;
do {
crypto_cipher_decrypt_one(tfm, dst, src);
@@ -132,8 +102,6 @@
dst += bsize;
} while ((nbytes -= bsize) >= bsize);
- memcpy(walk->iv, iv, bsize);
-
return nbytes;
}
@@ -144,7 +112,7 @@
int bsize = crypto_cipher_blocksize(tfm);
unsigned int nbytes = walk->nbytes;
u8 *src = walk->src.virt.addr;
- u8 *iv = walk->iv;
+ u8 * const iv = walk->iv;
u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32));
do {
@@ -156,16 +124,13 @@
src += bsize;
} while ((nbytes -= bsize) >= bsize);
- memcpy(walk->iv, iv, bsize);
-
return nbytes;
}
static int crypto_pcbc_decrypt(struct skcipher_request *req)
{
struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
- struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_cipher *child = ctx->child;
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
struct skcipher_walk walk;
unsigned int nbytes;
int err;
@@ -175,117 +140,34 @@
while ((nbytes = walk.nbytes)) {
if (walk.src.virt.addr == walk.dst.virt.addr)
nbytes = crypto_pcbc_decrypt_inplace(req, &walk,
- child);
+ cipher);
else
nbytes = crypto_pcbc_decrypt_segment(req, &walk,
- child);
+ cipher);
err = skcipher_walk_done(&walk, nbytes);
}
return err;
}
-static int crypto_pcbc_init_tfm(struct crypto_skcipher *tfm)
-{
- struct skcipher_instance *inst = skcipher_alg_instance(tfm);
- struct crypto_spawn *spawn = skcipher_instance_ctx(inst);
- struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm);
- struct crypto_cipher *cipher;
-
- cipher = crypto_spawn_cipher(spawn);
- if (IS_ERR(cipher))
- return PTR_ERR(cipher);
-
- ctx->child = cipher;
- return 0;
-}
-
-static void crypto_pcbc_exit_tfm(struct crypto_skcipher *tfm)
-{
- struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm);
-
- crypto_free_cipher(ctx->child);
-}
-
-static void crypto_pcbc_free(struct skcipher_instance *inst)
-{
- crypto_drop_skcipher(skcipher_instance_ctx(inst));
- kfree(inst);
-}
-
static int crypto_pcbc_create(struct crypto_template *tmpl, struct rtattr **tb)
{
struct skcipher_instance *inst;
- struct crypto_attr_type *algt;
- struct crypto_spawn *spawn;
struct crypto_alg *alg;
int err;
- algt = crypto_get_attr_type(tb);
- if (IS_ERR(algt))
- return PTR_ERR(algt);
+ inst = skcipher_alloc_instance_simple(tmpl, tb, &alg);
+ if (IS_ERR(inst))
+ return PTR_ERR(inst);
- if (((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask) &
- ~CRYPTO_ALG_INTERNAL)
- return -EINVAL;
-
- inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
- if (!inst)
- return -ENOMEM;
-
- alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER |
- (algt->type & CRYPTO_ALG_INTERNAL),
- CRYPTO_ALG_TYPE_MASK |
- (algt->mask & CRYPTO_ALG_INTERNAL));
- err = PTR_ERR(alg);
- if (IS_ERR(alg))
- goto err_free_inst;
-
- spawn = skcipher_instance_ctx(inst);
- err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst),
- CRYPTO_ALG_TYPE_MASK);
- if (err)
- goto err_put_alg;
-
- err = crypto_inst_setname(skcipher_crypto_instance(inst), "pcbc", alg);
- if (err)
- goto err_drop_spawn;
-
- inst->alg.base.cra_flags = alg->cra_flags & CRYPTO_ALG_INTERNAL;
- inst->alg.base.cra_priority = alg->cra_priority;
- inst->alg.base.cra_blocksize = alg->cra_blocksize;
- inst->alg.base.cra_alignmask = alg->cra_alignmask;
-
- inst->alg.ivsize = alg->cra_blocksize;
- inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize;
- inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize;
-
- inst->alg.base.cra_ctxsize = sizeof(struct crypto_pcbc_ctx);
-
- inst->alg.init = crypto_pcbc_init_tfm;
- inst->alg.exit = crypto_pcbc_exit_tfm;
-
- inst->alg.setkey = crypto_pcbc_setkey;
inst->alg.encrypt = crypto_pcbc_encrypt;
inst->alg.decrypt = crypto_pcbc_decrypt;
- inst->free = crypto_pcbc_free;
-
err = skcipher_register_instance(tmpl, inst);
if (err)
- goto err_drop_spawn;
+ inst->free(inst);
crypto_mod_put(alg);
-
-out:
return err;
-
-err_drop_spawn:
- crypto_drop_spawn(spawn);
-err_put_alg:
- crypto_mod_put(alg);
-err_free_inst:
- kfree(inst);
- goto out;
}
static struct crypto_template crypto_pcbc_tmpl = {
@@ -304,9 +186,9 @@
crypto_unregister_template(&crypto_pcbc_tmpl);
}
-module_init(crypto_pcbc_module_init);
+subsys_initcall(crypto_pcbc_module_init);
module_exit(crypto_pcbc_module_exit);
MODULE_LICENSE("GPL");
-MODULE_DESCRIPTION("PCBC block cipher algorithm");
+MODULE_DESCRIPTION("PCBC block cipher mode of operation");
MODULE_ALIAS_CRYPTO("pcbc");
diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
index f8ec3d4..543792e 100644
--- a/crypto/pcrypt.c
+++ b/crypto/pcrypt.c
@@ -1,21 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* pcrypt - Parallel crypto wrapper.
*
* Copyright (C) 2009 secunet Security Networks AG
* Copyright (C) 2009 Steffen Klassert <steffen.klassert@secunet.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms and conditions of the GNU General Public License,
- * version 2, as published by the Free Software Foundation.
- *
- * This program is distributed in the hope it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <crypto/algapi.h>
@@ -30,34 +18,8 @@
#include <linux/cpu.h>
#include <crypto/pcrypt.h>
-struct padata_pcrypt {
- struct padata_instance *pinst;
- struct workqueue_struct *wq;
-
- /*
- * Cpumask for callback CPUs. It should be
- * equal to serial cpumask of corresponding padata instance,
- * so it is updated when padata notifies us about serial
- * cpumask change.
- *
- * cb_cpumask is protected by RCU. This fact prevents us from
- * using cpumask_var_t directly because the actual type of
- * cpumsak_var_t depends on kernel configuration(particularly on
- * CONFIG_CPUMASK_OFFSTACK macro). Depending on the configuration
- * cpumask_var_t may be either a pointer to the struct cpumask
- * or a variable allocated on the stack. Thus we can not safely use
- * cpumask_var_t with RCU operations such as rcu_assign_pointer or
- * rcu_dereference. So cpumask_var_t is wrapped with struct
- * pcrypt_cpumask which makes possible to use it with RCU.
- */
- struct pcrypt_cpumask {
- cpumask_var_t mask;
- } *cb_cpumask;
- struct notifier_block nblock;
-};
-
-static struct padata_pcrypt pencrypt;
-static struct padata_pcrypt pdecrypt;
+static struct padata_instance *pencrypt;
+static struct padata_instance *pdecrypt;
static struct kset *pcrypt_kset;
struct pcrypt_instance_ctx {
@@ -70,35 +32,6 @@
unsigned int cb_cpu;
};
-static int pcrypt_do_parallel(struct padata_priv *padata, unsigned int *cb_cpu,
- struct padata_pcrypt *pcrypt)
-{
- unsigned int cpu_index, cpu, i;
- struct pcrypt_cpumask *cpumask;
-
- cpu = *cb_cpu;
-
- rcu_read_lock_bh();
- cpumask = rcu_dereference_bh(pcrypt->cb_cpumask);
- if (cpumask_test_cpu(cpu, cpumask->mask))
- goto out;
-
- if (!cpumask_weight(cpumask->mask))
- goto out;
-
- cpu_index = cpu % cpumask_weight(cpumask->mask);
-
- cpu = cpumask_first(cpumask->mask);
- for (i = 0; i < cpu_index; i++)
- cpu = cpumask_next(cpu, cpumask->mask);
-
- *cb_cpu = cpu;
-
-out:
- rcu_read_unlock_bh();
- return padata_do_parallel(pcrypt->pinst, padata, cpu);
-}
-
static int pcrypt_aead_setkey(struct crypto_aead *parent,
const u8 *key, unsigned int keylen)
{
@@ -170,7 +103,7 @@
req->cryptlen, req->iv);
aead_request_set_ad(creq, req->assoclen);
- err = pcrypt_do_parallel(padata, &ctx->cb_cpu, &pencrypt);
+ err = padata_do_parallel(pencrypt, padata, &ctx->cb_cpu);
if (!err)
return -EINPROGRESS;
@@ -212,7 +145,7 @@
req->cryptlen, req->iv);
aead_request_set_ad(creq, req->assoclen);
- err = pcrypt_do_parallel(padata, &ctx->cb_cpu, &pdecrypt);
+ err = padata_do_parallel(pdecrypt, padata, &ctx->cb_cpu);
if (!err)
return -EINPROGRESS;
@@ -359,113 +292,37 @@
return -EINVAL;
}
-static int pcrypt_cpumask_change_notify(struct notifier_block *self,
- unsigned long val, void *data)
-{
- struct padata_pcrypt *pcrypt;
- struct pcrypt_cpumask *new_mask, *old_mask;
- struct padata_cpumask *cpumask = (struct padata_cpumask *)data;
-
- if (!(val & PADATA_CPU_SERIAL))
- return 0;
-
- pcrypt = container_of(self, struct padata_pcrypt, nblock);
- new_mask = kmalloc(sizeof(*new_mask), GFP_KERNEL);
- if (!new_mask)
- return -ENOMEM;
- if (!alloc_cpumask_var(&new_mask->mask, GFP_KERNEL)) {
- kfree(new_mask);
- return -ENOMEM;
- }
-
- old_mask = pcrypt->cb_cpumask;
-
- cpumask_copy(new_mask->mask, cpumask->cbcpu);
- rcu_assign_pointer(pcrypt->cb_cpumask, new_mask);
- synchronize_rcu_bh();
-
- free_cpumask_var(old_mask->mask);
- kfree(old_mask);
- return 0;
-}
-
static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
{
int ret;
pinst->kobj.kset = pcrypt_kset;
- ret = kobject_add(&pinst->kobj, NULL, name);
+ ret = kobject_add(&pinst->kobj, NULL, "%s", name);
if (!ret)
kobject_uevent(&pinst->kobj, KOBJ_ADD);
return ret;
}
-static int pcrypt_init_padata(struct padata_pcrypt *pcrypt,
- const char *name)
+static int pcrypt_init_padata(struct padata_instance **pinst, const char *name)
{
int ret = -ENOMEM;
- struct pcrypt_cpumask *mask;
- get_online_cpus();
+ *pinst = padata_alloc_possible(name);
+ if (!*pinst)
+ return ret;
- pcrypt->wq = alloc_workqueue("%s", WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE,
- 1, name);
- if (!pcrypt->wq)
- goto err;
-
- pcrypt->pinst = padata_alloc_possible(pcrypt->wq);
- if (!pcrypt->pinst)
- goto err_destroy_workqueue;
-
- mask = kmalloc(sizeof(*mask), GFP_KERNEL);
- if (!mask)
- goto err_free_padata;
- if (!alloc_cpumask_var(&mask->mask, GFP_KERNEL)) {
- kfree(mask);
- goto err_free_padata;
- }
-
- cpumask_and(mask->mask, cpu_possible_mask, cpu_online_mask);
- rcu_assign_pointer(pcrypt->cb_cpumask, mask);
-
- pcrypt->nblock.notifier_call = pcrypt_cpumask_change_notify;
- ret = padata_register_cpumask_notifier(pcrypt->pinst, &pcrypt->nblock);
+ ret = pcrypt_sysfs_add(*pinst, name);
if (ret)
- goto err_free_cpumask;
-
- ret = pcrypt_sysfs_add(pcrypt->pinst, name);
- if (ret)
- goto err_unregister_notifier;
-
- put_online_cpus();
-
- return ret;
-
-err_unregister_notifier:
- padata_unregister_cpumask_notifier(pcrypt->pinst, &pcrypt->nblock);
-err_free_cpumask:
- free_cpumask_var(mask->mask);
- kfree(mask);
-err_free_padata:
- padata_free(pcrypt->pinst);
-err_destroy_workqueue:
- destroy_workqueue(pcrypt->wq);
-err:
- put_online_cpus();
+ padata_free(*pinst);
return ret;
}
-static void pcrypt_fini_padata(struct padata_pcrypt *pcrypt)
+static void pcrypt_fini_padata(struct padata_instance *pinst)
{
- free_cpumask_var(pcrypt->cb_cpumask->mask);
- kfree(pcrypt->cb_cpumask);
-
- padata_stop(pcrypt->pinst);
- padata_unregister_cpumask_notifier(pcrypt->pinst, &pcrypt->nblock);
- destroy_workqueue(pcrypt->wq);
- padata_free(pcrypt->pinst);
+ padata_stop(pinst);
+ padata_free(pinst);
}
static struct crypto_template pcrypt_tmpl = {
@@ -490,13 +347,13 @@
if (err)
goto err_deinit_pencrypt;
- padata_start(pencrypt.pinst);
- padata_start(pdecrypt.pinst);
+ padata_start(pencrypt);
+ padata_start(pdecrypt);
return crypto_register_template(&pcrypt_tmpl);
err_deinit_pencrypt:
- pcrypt_fini_padata(&pencrypt);
+ pcrypt_fini_padata(pencrypt);
err_unreg_kset:
kset_unregister(pcrypt_kset);
err:
@@ -505,14 +362,14 @@
static void __exit pcrypt_exit(void)
{
- pcrypt_fini_padata(&pencrypt);
- pcrypt_fini_padata(&pdecrypt);
+ pcrypt_fini_padata(pencrypt);
+ pcrypt_fini_padata(pdecrypt);
kset_unregister(pcrypt_kset);
crypto_unregister_template(&pcrypt_tmpl);
}
-module_init(pcrypt_init);
+subsys_initcall(pcrypt_init);
module_exit(pcrypt_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/poly1305_generic.c b/crypto/poly1305_generic.c
index 47d3a6b..adc4029 100644
--- a/crypto/poly1305_generic.c
+++ b/crypto/poly1305_generic.c
@@ -38,7 +38,7 @@
{
struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
- memset(dctx->h, 0, sizeof(dctx->h));
+ poly1305_core_init(&dctx->h);
dctx->buflen = 0;
dctx->rset = false;
dctx->sset = false;
@@ -47,23 +47,16 @@
}
EXPORT_SYMBOL_GPL(crypto_poly1305_init);
-static void poly1305_setrkey(struct poly1305_desc_ctx *dctx, const u8 *key)
+void poly1305_core_setkey(struct poly1305_key *key, const u8 *raw_key)
{
/* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
- dctx->r[0] = (get_unaligned_le32(key + 0) >> 0) & 0x3ffffff;
- dctx->r[1] = (get_unaligned_le32(key + 3) >> 2) & 0x3ffff03;
- dctx->r[2] = (get_unaligned_le32(key + 6) >> 4) & 0x3ffc0ff;
- dctx->r[3] = (get_unaligned_le32(key + 9) >> 6) & 0x3f03fff;
- dctx->r[4] = (get_unaligned_le32(key + 12) >> 8) & 0x00fffff;
+ key->r[0] = (get_unaligned_le32(raw_key + 0) >> 0) & 0x3ffffff;
+ key->r[1] = (get_unaligned_le32(raw_key + 3) >> 2) & 0x3ffff03;
+ key->r[2] = (get_unaligned_le32(raw_key + 6) >> 4) & 0x3ffc0ff;
+ key->r[3] = (get_unaligned_le32(raw_key + 9) >> 6) & 0x3f03fff;
+ key->r[4] = (get_unaligned_le32(raw_key + 12) >> 8) & 0x00fffff;
}
-
-static void poly1305_setskey(struct poly1305_desc_ctx *dctx, const u8 *key)
-{
- dctx->s[0] = get_unaligned_le32(key + 0);
- dctx->s[1] = get_unaligned_le32(key + 4);
- dctx->s[2] = get_unaligned_le32(key + 8);
- dctx->s[3] = get_unaligned_le32(key + 12);
-}
+EXPORT_SYMBOL_GPL(poly1305_core_setkey);
/*
* Poly1305 requires a unique key for each tag, which implies that we can't set
@@ -75,13 +68,16 @@
{
if (!dctx->sset) {
if (!dctx->rset && srclen >= POLY1305_BLOCK_SIZE) {
- poly1305_setrkey(dctx, src);
+ poly1305_core_setkey(&dctx->r, src);
src += POLY1305_BLOCK_SIZE;
srclen -= POLY1305_BLOCK_SIZE;
dctx->rset = true;
}
if (srclen >= POLY1305_BLOCK_SIZE) {
- poly1305_setskey(dctx, src);
+ dctx->s[0] = get_unaligned_le32(src + 0);
+ dctx->s[1] = get_unaligned_le32(src + 4);
+ dctx->s[2] = get_unaligned_le32(src + 8);
+ dctx->s[3] = get_unaligned_le32(src + 12);
src += POLY1305_BLOCK_SIZE;
srclen -= POLY1305_BLOCK_SIZE;
dctx->sset = true;
@@ -91,41 +87,37 @@
}
EXPORT_SYMBOL_GPL(crypto_poly1305_setdesckey);
-static unsigned int poly1305_blocks(struct poly1305_desc_ctx *dctx,
- const u8 *src, unsigned int srclen,
- u32 hibit)
+static void poly1305_blocks_internal(struct poly1305_state *state,
+ const struct poly1305_key *key,
+ const void *src, unsigned int nblocks,
+ u32 hibit)
{
u32 r0, r1, r2, r3, r4;
u32 s1, s2, s3, s4;
u32 h0, h1, h2, h3, h4;
u64 d0, d1, d2, d3, d4;
- unsigned int datalen;
- if (unlikely(!dctx->sset)) {
- datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
- src += srclen - datalen;
- srclen = datalen;
- }
+ if (!nblocks)
+ return;
- r0 = dctx->r[0];
- r1 = dctx->r[1];
- r2 = dctx->r[2];
- r3 = dctx->r[3];
- r4 = dctx->r[4];
+ r0 = key->r[0];
+ r1 = key->r[1];
+ r2 = key->r[2];
+ r3 = key->r[3];
+ r4 = key->r[4];
s1 = r1 * 5;
s2 = r2 * 5;
s3 = r3 * 5;
s4 = r4 * 5;
- h0 = dctx->h[0];
- h1 = dctx->h[1];
- h2 = dctx->h[2];
- h3 = dctx->h[3];
- h4 = dctx->h[4];
+ h0 = state->h[0];
+ h1 = state->h[1];
+ h2 = state->h[2];
+ h3 = state->h[3];
+ h4 = state->h[4];
- while (likely(srclen >= POLY1305_BLOCK_SIZE)) {
-
+ do {
/* h += m[i] */
h0 += (get_unaligned_le32(src + 0) >> 0) & 0x3ffffff;
h1 += (get_unaligned_le32(src + 3) >> 2) & 0x3ffffff;
@@ -154,16 +146,36 @@
h1 += h0 >> 26; h0 = h0 & 0x3ffffff;
src += POLY1305_BLOCK_SIZE;
- srclen -= POLY1305_BLOCK_SIZE;
+ } while (--nblocks);
+
+ state->h[0] = h0;
+ state->h[1] = h1;
+ state->h[2] = h2;
+ state->h[3] = h3;
+ state->h[4] = h4;
+}
+
+void poly1305_core_blocks(struct poly1305_state *state,
+ const struct poly1305_key *key,
+ const void *src, unsigned int nblocks)
+{
+ poly1305_blocks_internal(state, key, src, nblocks, 1 << 24);
+}
+EXPORT_SYMBOL_GPL(poly1305_core_blocks);
+
+static void poly1305_blocks(struct poly1305_desc_ctx *dctx,
+ const u8 *src, unsigned int srclen, u32 hibit)
+{
+ unsigned int datalen;
+
+ if (unlikely(!dctx->sset)) {
+ datalen = crypto_poly1305_setdesckey(dctx, src, srclen);
+ src += srclen - datalen;
+ srclen = datalen;
}
- dctx->h[0] = h0;
- dctx->h[1] = h1;
- dctx->h[2] = h2;
- dctx->h[3] = h3;
- dctx->h[4] = h4;
-
- return srclen;
+ poly1305_blocks_internal(&dctx->h, &dctx->r,
+ src, srclen / POLY1305_BLOCK_SIZE, hibit);
}
int crypto_poly1305_update(struct shash_desc *desc,
@@ -187,9 +199,9 @@
}
if (likely(srclen >= POLY1305_BLOCK_SIZE)) {
- bytes = poly1305_blocks(dctx, src, srclen, 1 << 24);
- src += srclen - bytes;
- srclen = bytes;
+ poly1305_blocks(dctx, src, srclen, 1 << 24);
+ src += srclen - (srclen % POLY1305_BLOCK_SIZE);
+ srclen %= POLY1305_BLOCK_SIZE;
}
if (unlikely(srclen)) {
@@ -201,30 +213,18 @@
}
EXPORT_SYMBOL_GPL(crypto_poly1305_update);
-int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
+void poly1305_core_emit(const struct poly1305_state *state, void *dst)
{
- struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
u32 h0, h1, h2, h3, h4;
u32 g0, g1, g2, g3, g4;
u32 mask;
- u64 f = 0;
-
- if (unlikely(!dctx->sset))
- return -ENOKEY;
-
- if (unlikely(dctx->buflen)) {
- dctx->buf[dctx->buflen++] = 1;
- memset(dctx->buf + dctx->buflen, 0,
- POLY1305_BLOCK_SIZE - dctx->buflen);
- poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);
- }
/* fully carry h */
- h0 = dctx->h[0];
- h1 = dctx->h[1];
- h2 = dctx->h[2];
- h3 = dctx->h[3];
- h4 = dctx->h[4];
+ h0 = state->h[0];
+ h1 = state->h[1];
+ h2 = state->h[2];
+ h3 = state->h[3];
+ h4 = state->h[4];
h2 += (h1 >> 26); h1 = h1 & 0x3ffffff;
h3 += (h2 >> 26); h2 = h2 & 0x3ffffff;
@@ -254,16 +254,40 @@
h4 = (h4 & mask) | g4;
/* h = h % (2^128) */
- h0 = (h0 >> 0) | (h1 << 26);
- h1 = (h1 >> 6) | (h2 << 20);
- h2 = (h2 >> 12) | (h3 << 14);
- h3 = (h3 >> 18) | (h4 << 8);
+ put_unaligned_le32((h0 >> 0) | (h1 << 26), dst + 0);
+ put_unaligned_le32((h1 >> 6) | (h2 << 20), dst + 4);
+ put_unaligned_le32((h2 >> 12) | (h3 << 14), dst + 8);
+ put_unaligned_le32((h3 >> 18) | (h4 << 8), dst + 12);
+}
+EXPORT_SYMBOL_GPL(poly1305_core_emit);
+
+int crypto_poly1305_final(struct shash_desc *desc, u8 *dst)
+{
+ struct poly1305_desc_ctx *dctx = shash_desc_ctx(desc);
+ __le32 digest[4];
+ u64 f = 0;
+
+ if (unlikely(!dctx->sset))
+ return -ENOKEY;
+
+ if (unlikely(dctx->buflen)) {
+ dctx->buf[dctx->buflen++] = 1;
+ memset(dctx->buf + dctx->buflen, 0,
+ POLY1305_BLOCK_SIZE - dctx->buflen);
+ poly1305_blocks(dctx, dctx->buf, POLY1305_BLOCK_SIZE, 0);
+ }
+
+ poly1305_core_emit(&dctx->h, digest);
/* mac = (h + s) % (2^128) */
- f = (f >> 32) + h0 + dctx->s[0]; put_unaligned_le32(f, dst + 0);
- f = (f >> 32) + h1 + dctx->s[1]; put_unaligned_le32(f, dst + 4);
- f = (f >> 32) + h2 + dctx->s[2]; put_unaligned_le32(f, dst + 8);
- f = (f >> 32) + h3 + dctx->s[3]; put_unaligned_le32(f, dst + 12);
+ f = (f >> 32) + le32_to_cpu(digest[0]) + dctx->s[0];
+ put_unaligned_le32(f, dst + 0);
+ f = (f >> 32) + le32_to_cpu(digest[1]) + dctx->s[1];
+ put_unaligned_le32(f, dst + 4);
+ f = (f >> 32) + le32_to_cpu(digest[2]) + dctx->s[2];
+ put_unaligned_le32(f, dst + 8);
+ f = (f >> 32) + le32_to_cpu(digest[3]) + dctx->s[3];
+ put_unaligned_le32(f, dst + 12);
return 0;
}
@@ -294,7 +318,7 @@
crypto_unregister_shash(&poly1305_alg);
}
-module_init(poly1305_mod_init);
+subsys_initcall(poly1305_mod_init);
module_exit(poly1305_mod_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/proc.c b/crypto/proc.c
index f4eb613..7b91557 100644
--- a/crypto/proc.c
+++ b/crypto/proc.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Scatterlist Cryptographic API.
*
@@ -5,12 +6,6 @@
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* Copyright (c) 2005 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/atomic.h>
diff --git a/crypto/rmd128.c b/crypto/rmd128.c
index 5f44722..29308fb 100644
--- a/crypto/rmd128.c
+++ b/crypto/rmd128.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,12 +7,6 @@
* Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC
*
* Copyright (c) 2008 Adrian-Ken Rueegsegger <ken@codelabs.ch>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -303,6 +298,7 @@
.descsize = sizeof(struct rmd128_ctx),
.base = {
.cra_name = "rmd128",
+ .cra_driver_name = "rmd128-generic",
.cra_blocksize = RMD128_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
@@ -318,7 +314,7 @@
crypto_unregister_shash(&alg);
}
-module_init(rmd128_mod_init);
+subsys_initcall(rmd128_mod_init);
module_exit(rmd128_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/rmd160.c b/crypto/rmd160.c
index 7376453..c5fe403 100644
--- a/crypto/rmd160.c
+++ b/crypto/rmd160.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,12 +7,6 @@
* Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC
*
* Copyright (c) 2008 Adrian-Ken Rueegsegger <ken@codelabs.ch>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -347,6 +342,7 @@
.descsize = sizeof(struct rmd160_ctx),
.base = {
.cra_name = "rmd160",
+ .cra_driver_name = "rmd160-generic",
.cra_blocksize = RMD160_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
@@ -362,7 +358,7 @@
crypto_unregister_shash(&alg);
}
-module_init(rmd160_mod_init);
+subsys_initcall(rmd160_mod_init);
module_exit(rmd160_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/rmd256.c b/crypto/rmd256.c
index 0e9d306..3c730e9 100644
--- a/crypto/rmd256.c
+++ b/crypto/rmd256.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,12 +7,6 @@
* Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC
*
* Copyright (c) 2008 Adrian-Ken Rueegsegger <ken@codelabs.ch>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -322,6 +317,7 @@
.descsize = sizeof(struct rmd256_ctx),
.base = {
.cra_name = "rmd256",
+ .cra_driver_name = "rmd256-generic",
.cra_blocksize = RMD256_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
@@ -337,7 +333,7 @@
crypto_unregister_shash(&alg);
}
-module_init(rmd256_mod_init);
+subsys_initcall(rmd256_mod_init);
module_exit(rmd256_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/rmd320.c b/crypto/rmd320.c
index 3ae1df5..c919ad6 100644
--- a/crypto/rmd320.c
+++ b/crypto/rmd320.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,12 +7,6 @@
* Based on the reference implementation by Antoon Bosselaers, ESAT-COSIC
*
* Copyright (c) 2008 Adrian-Ken Rueegsegger <ken@codelabs.ch>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -371,6 +366,7 @@
.descsize = sizeof(struct rmd320_ctx),
.base = {
.cra_name = "rmd320",
+ .cra_driver_name = "rmd320-generic",
.cra_blocksize = RMD320_BLOCK_SIZE,
.cra_module = THIS_MODULE,
}
@@ -386,7 +382,7 @@
crypto_unregister_shash(&alg);
}
-module_init(rmd320_mod_init);
+subsys_initcall(rmd320_mod_init);
module_exit(rmd320_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/rng.c b/crypto/rng.c
index b4a6186..1e21231 100644
--- a/crypto/rng.c
+++ b/crypto/rng.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -5,12 +6,6 @@
*
* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
* Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/atomic.h>
@@ -35,9 +30,11 @@
int crypto_rng_reset(struct crypto_rng *tfm, const u8 *seed, unsigned int slen)
{
+ struct crypto_alg *alg = tfm->base.__crt_alg;
u8 *buf = NULL;
int err;
+ crypto_stats_get(alg);
if (!seed && slen) {
buf = kmalloc(slen, GFP_KERNEL);
if (!buf)
@@ -50,6 +47,7 @@
}
err = crypto_rng_alg(tfm)->seed(tfm, seed, slen);
+ crypto_stats_rng_seed(alg, err);
out:
kzfree(buf);
return err;
@@ -73,17 +71,13 @@
{
struct crypto_report_rng rrng;
- strncpy(rrng.type, "rng", sizeof(rrng.type));
+ memset(&rrng, 0, sizeof(rrng));
+
+ strscpy(rrng.type, "rng", sizeof(rrng.type));
rrng.seedsize = seedsize(alg);
- if (nla_put(skb, CRYPTOCFGA_REPORT_RNG,
- sizeof(struct crypto_report_rng), &rrng))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_RNG, sizeof(rrng), &rrng);
}
#else
static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg)
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 9893dbf..0aa4897 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -1,17 +1,14 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* RSA padding templates.
*
* Copyright (c) 2015 Intel Corporation
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
*/
#include <crypto/algapi.h>
#include <crypto/akcipher.h>
#include <crypto/internal/akcipher.h>
+#include <crypto/internal/rsa.h>
#include <linux/err.h>
#include <linux/init.h>
#include <linux/kernel.h>
@@ -261,15 +258,6 @@
pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
ctx->key_size - 1 - req->src_len, req->src);
- req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
- if (!req_ctx->out_buf) {
- kfree(req_ctx->in_buf);
- return -ENOMEM;
- }
-
- pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
- ctx->key_size, NULL);
-
akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
pkcs1pad_encrypt_sign_complete_cb, req);
@@ -401,7 +389,8 @@
if (!ctx->key_size)
return -EINVAL;
- digest_size = digest_info->size;
+ if (digest_info)
+ digest_size = digest_info->size;
if (req->src_len + digest_size > ctx->key_size - 11)
return -EOVERFLOW;
@@ -421,8 +410,9 @@
memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
req_ctx->in_buf[ps_end] = 0x00;
- memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
- digest_info->size);
+ if (digest_info)
+ memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
+ digest_info->size);
pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
ctx->key_size - 1 - req->src_len, req->src);
@@ -435,7 +425,7 @@
akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
req->dst, ctx->key_size - 1, req->dst_len);
- err = crypto_akcipher_sign(&req_ctx->child_req);
+ err = crypto_akcipher_decrypt(&req_ctx->child_req);
if (err != -EINPROGRESS && err != -EBUSY)
return pkcs1pad_encrypt_sign_complete(req, err);
@@ -484,21 +474,31 @@
goto done;
pos++;
- if (crypto_memneq(out_buf + pos, digest_info->data, digest_info->size))
- goto done;
+ if (digest_info) {
+ if (crypto_memneq(out_buf + pos, digest_info->data,
+ digest_info->size))
+ goto done;
- pos += digest_info->size;
+ pos += digest_info->size;
+ }
err = 0;
- if (req->dst_len < dst_len - pos)
- err = -EOVERFLOW;
- req->dst_len = dst_len - pos;
-
- if (!err)
- sg_copy_from_buffer(req->dst,
- sg_nents_for_len(req->dst, req->dst_len),
- out_buf + pos, req->dst_len);
+ if (req->dst_len != dst_len - pos) {
+ err = -EKEYREJECTED;
+ req->dst_len = dst_len - pos;
+ goto done;
+ }
+ /* Extract appended digest. */
+ sg_pcopy_to_buffer(req->src,
+ sg_nents_for_len(req->src,
+ req->src_len + req->dst_len),
+ req_ctx->out_buf + ctx->key_size,
+ req->dst_len, ctx->key_size);
+ /* Do the actual verification step. */
+ if (memcmp(req_ctx->out_buf + ctx->key_size, out_buf + pos,
+ req->dst_len) != 0)
+ err = -EKEYREJECTED;
done:
kzfree(req_ctx->out_buf);
@@ -535,10 +535,12 @@
struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
int err;
- if (!ctx->key_size || req->src_len < ctx->key_size)
+ if (WARN_ON(req->dst) ||
+ WARN_ON(!req->dst_len) ||
+ !ctx->key_size || req->src_len < ctx->key_size)
return -EINVAL;
- req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
+ req_ctx->out_buf = kmalloc(ctx->key_size + req->dst_len, GFP_KERNEL);
if (!req_ctx->out_buf)
return -ENOMEM;
@@ -554,7 +556,7 @@
req_ctx->out_sg, req->src_len,
ctx->key_size);
- err = crypto_akcipher_verify(&req_ctx->child_req);
+ err = crypto_akcipher_encrypt(&req_ctx->child_req);
if (err != -EINPROGRESS && err != -EBUSY)
return pkcs1pad_verify_complete(req, err);
@@ -617,11 +619,14 @@
hash_name = crypto_attr_alg_name(tb[2]);
if (IS_ERR(hash_name))
- return PTR_ERR(hash_name);
+ hash_name = NULL;
- digest_info = rsa_lookup_asn1(hash_name);
- if (!digest_info)
- return -EINVAL;
+ if (hash_name) {
+ digest_info = rsa_lookup_asn1(hash_name);
+ if (!digest_info)
+ return -EINVAL;
+ } else
+ digest_info = NULL;
inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
if (!inst)
@@ -641,14 +646,29 @@
err = -ENAMETOOLONG;
- if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >=
- CRYPTO_MAX_ALG_NAME ||
- snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
- "pkcs1pad(%s,%s)",
- rsa_alg->base.cra_driver_name, hash_name) >=
- CRYPTO_MAX_ALG_NAME)
- goto out_drop_alg;
+ if (!hash_name) {
+ if (snprintf(inst->alg.base.cra_name,
+ CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",
+ rsa_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_drop_alg;
+
+ if (snprintf(inst->alg.base.cra_driver_name,
+ CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",
+ rsa_alg->base.cra_driver_name) >=
+ CRYPTO_MAX_ALG_NAME)
+ goto out_drop_alg;
+ } else {
+ if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
+ "pkcs1pad(%s,%s)", rsa_alg->base.cra_name,
+ hash_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_drop_alg;
+
+ if (snprintf(inst->alg.base.cra_driver_name,
+ CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)",
+ rsa_alg->base.cra_driver_name,
+ hash_name) >= CRYPTO_MAX_ALG_NAME)
+ goto out_drop_alg;
+ }
inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;
inst->alg.base.cra_priority = rsa_alg->base.cra_priority;
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4167980..4cdbec9 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -1,12 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* RSA asymmetric public-key algorithm [RFC3447]
*
* Copyright (c) 2015, Intel Corporation
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
*/
#include <linux/module.h>
@@ -50,34 +46,6 @@
return mpi_powm(m, c, key->d, key->n);
}
-/*
- * RSASP1 function [RFC3447 sec 5.2.1]
- * s = m^d mod n
- */
-static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m)
-{
- /* (1) Validate 0 <= m < n */
- if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
- return -EINVAL;
-
- /* (2) s = m^d mod n */
- return mpi_powm(s, m, key->d, key->n);
-}
-
-/*
- * RSAVP1 function [RFC3447 sec 5.2.2]
- * m = s^e mod n;
- */
-static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s)
-{
- /* (1) Validate 0 <= s < n */
- if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
- return -EINVAL;
-
- /* (2) m = s^e mod n */
- return mpi_powm(m, s, key->e, key->n);
-}
-
static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
{
return akcipher_tfm_ctx(tfm);
@@ -160,85 +128,6 @@
return ret;
}
-static int rsa_sign(struct akcipher_request *req)
-{
- struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
- const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
- MPI m, s = mpi_alloc(0);
- int ret = 0;
- int sign;
-
- if (!s)
- return -ENOMEM;
-
- if (unlikely(!pkey->n || !pkey->d)) {
- ret = -EINVAL;
- goto err_free_s;
- }
-
- ret = -ENOMEM;
- m = mpi_read_raw_from_sgl(req->src, req->src_len);
- if (!m)
- goto err_free_s;
-
- ret = _rsa_sign(pkey, s, m);
- if (ret)
- goto err_free_m;
-
- ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign);
- if (ret)
- goto err_free_m;
-
- if (sign < 0)
- ret = -EBADMSG;
-
-err_free_m:
- mpi_free(m);
-err_free_s:
- mpi_free(s);
- return ret;
-}
-
-static int rsa_verify(struct akcipher_request *req)
-{
- struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
- const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
- MPI s, m = mpi_alloc(0);
- int ret = 0;
- int sign;
-
- if (!m)
- return -ENOMEM;
-
- if (unlikely(!pkey->n || !pkey->e)) {
- ret = -EINVAL;
- goto err_free_m;
- }
-
- s = mpi_read_raw_from_sgl(req->src, req->src_len);
- if (!s) {
- ret = -ENOMEM;
- goto err_free_m;
- }
-
- ret = _rsa_verify(pkey, m, s);
- if (ret)
- goto err_free_s;
-
- ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
- if (ret)
- goto err_free_s;
-
- if (sign < 0)
- ret = -EBADMSG;
-
-err_free_s:
- mpi_free(s);
-err_free_m:
- mpi_free(m);
- return ret;
-}
-
static void rsa_free_mpi_key(struct rsa_mpi_key *key)
{
mpi_free(key->d);
@@ -353,8 +242,6 @@
static struct akcipher_alg rsa = {
.encrypt = rsa_enc,
.decrypt = rsa_dec,
- .sign = rsa_sign,
- .verify = rsa_verify,
.set_priv_key = rsa_set_priv_key,
.set_pub_key = rsa_set_pub_key,
.max_size = rsa_max_size,
@@ -391,7 +278,7 @@
crypto_unregister_akcipher(&rsa);
}
-module_init(rsa_init);
+subsys_initcall(rsa_init);
module_exit(rsa_exit);
MODULE_ALIAS_CRYPTO("rsa");
MODULE_LICENSE("GPL");
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index efc78fe..94266f2 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -1,14 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* RSA key extract helper
*
* Copyright (c) 2015, Intel Corporation
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/kernel.h>
#include <linux/export.h>
diff --git a/crypto/salsa20_generic.c b/crypto/salsa20_generic.c
index 8c77bc7..c81a444 100644
--- a/crypto/salsa20_generic.c
+++ b/crypto/salsa20_generic.c
@@ -86,18 +86,17 @@
{
__le32 stream[SALSA20_BLOCK_SIZE / sizeof(__le32)];
- if (dst != src)
- memcpy(dst, src, bytes);
-
while (bytes >= SALSA20_BLOCK_SIZE) {
salsa20_block(state, stream);
- crypto_xor(dst, (const u8 *)stream, SALSA20_BLOCK_SIZE);
+ crypto_xor_cpy(dst, src, (const u8 *)stream,
+ SALSA20_BLOCK_SIZE);
bytes -= SALSA20_BLOCK_SIZE;
dst += SALSA20_BLOCK_SIZE;
+ src += SALSA20_BLOCK_SIZE;
}
if (bytes) {
salsa20_block(state, stream);
- crypto_xor(dst, (const u8 *)stream, bytes);
+ crypto_xor_cpy(dst, src, (const u8 *)stream, bytes);
}
}
@@ -159,9 +158,9 @@
u32 state[16];
int err;
- err = skcipher_walk_virt(&walk, req, true);
+ err = skcipher_walk_virt(&walk, req, false);
- salsa20_init(state, ctx, walk.iv);
+ salsa20_init(state, ctx, req->iv);
while (walk.nbytes > 0) {
unsigned int nbytes = walk.nbytes;
@@ -204,7 +203,7 @@
crypto_unregister_skcipher(&alg);
}
-module_init(salsa20_generic_mod_init);
+subsys_initcall(salsa20_generic_mod_init);
module_exit(salsa20_generic_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c
index d0b92c1..16f6ba8 100644
--- a/crypto/scatterwalk.c
+++ b/crypto/scatterwalk.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,12 +7,6 @@
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* 2002 Adam J. Richter <adam@yggdrasil.com>
* 2004 Jean-Luc Cooke <jlcooke@certainkey.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/scatterwalk.h>
diff --git a/crypto/scompress.c b/crypto/scompress.c
index 968bbcf..4d50750 100644
--- a/crypto/scompress.c
+++ b/crypto/scompress.c
@@ -1,15 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Synchronous Compression operations
*
* Copyright 2015 LG Electronics Inc.
* Copyright (c) 2016, Intel Corporation
* Author: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <linux/errno.h>
#include <linux/kernel.h>
@@ -29,9 +24,17 @@
#include <crypto/internal/scompress.h>
#include "internal.h"
+struct scomp_scratch {
+ spinlock_t lock;
+ void *src;
+ void *dst;
+};
+
+static DEFINE_PER_CPU(struct scomp_scratch, scomp_scratch) = {
+ .lock = __SPIN_LOCK_UNLOCKED(scomp_scratch.lock),
+};
+
static const struct crypto_type crypto_scomp_type;
-static void * __percpu *scomp_src_scratches;
-static void * __percpu *scomp_dst_scratches;
static int scomp_scratch_users;
static DEFINE_MUTEX(scomp_lock);
@@ -40,15 +43,12 @@
{
struct crypto_report_comp rscomp;
- strncpy(rscomp.type, "scomp", sizeof(rscomp.type));
+ memset(&rscomp, 0, sizeof(rscomp));
- if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
- sizeof(struct crypto_report_comp), &rscomp))
- goto nla_put_failure;
- return 0;
+ strscpy(rscomp.type, "scomp", sizeof(rscomp.type));
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS,
+ sizeof(rscomp), &rscomp);
}
#else
static int crypto_scomp_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -65,76 +65,53 @@
seq_puts(m, "type : scomp\n");
}
-static void crypto_scomp_free_scratches(void * __percpu *scratches)
+static void crypto_scomp_free_scratches(void)
{
+ struct scomp_scratch *scratch;
int i;
- if (!scratches)
- return;
-
- for_each_possible_cpu(i)
- vfree(*per_cpu_ptr(scratches, i));
-
- free_percpu(scratches);
-}
-
-static void * __percpu *crypto_scomp_alloc_scratches(void)
-{
- void * __percpu *scratches;
- int i;
-
- scratches = alloc_percpu(void *);
- if (!scratches)
- return NULL;
-
for_each_possible_cpu(i) {
- void *scratch;
+ scratch = per_cpu_ptr(&scomp_scratch, i);
- scratch = vmalloc_node(SCOMP_SCRATCH_SIZE, cpu_to_node(i));
- if (!scratch)
+ vfree(scratch->src);
+ vfree(scratch->dst);
+ scratch->src = NULL;
+ scratch->dst = NULL;
+ }
+}
+
+static int crypto_scomp_alloc_scratches(void)
+{
+ struct scomp_scratch *scratch;
+ int i;
+
+ for_each_possible_cpu(i) {
+ void *mem;
+
+ scratch = per_cpu_ptr(&scomp_scratch, i);
+
+ mem = vmalloc_node(SCOMP_SCRATCH_SIZE, cpu_to_node(i));
+ if (!mem)
goto error;
- *per_cpu_ptr(scratches, i) = scratch;
- }
-
- return scratches;
-
-error:
- crypto_scomp_free_scratches(scratches);
- return NULL;
-}
-
-static void crypto_scomp_free_all_scratches(void)
-{
- if (!--scomp_scratch_users) {
- crypto_scomp_free_scratches(scomp_src_scratches);
- crypto_scomp_free_scratches(scomp_dst_scratches);
- scomp_src_scratches = NULL;
- scomp_dst_scratches = NULL;
- }
-}
-
-static int crypto_scomp_alloc_all_scratches(void)
-{
- if (!scomp_scratch_users++) {
- scomp_src_scratches = crypto_scomp_alloc_scratches();
- if (!scomp_src_scratches)
- return -ENOMEM;
- scomp_dst_scratches = crypto_scomp_alloc_scratches();
- if (!scomp_dst_scratches) {
- crypto_scomp_free_scratches(scomp_src_scratches);
- scomp_src_scratches = NULL;
- return -ENOMEM;
- }
+ scratch->src = mem;
+ mem = vmalloc_node(SCOMP_SCRATCH_SIZE, cpu_to_node(i));
+ if (!mem)
+ goto error;
+ scratch->dst = mem;
}
return 0;
+error:
+ crypto_scomp_free_scratches();
+ return -ENOMEM;
}
static int crypto_scomp_init_tfm(struct crypto_tfm *tfm)
{
- int ret;
+ int ret = 0;
mutex_lock(&scomp_lock);
- ret = crypto_scomp_alloc_all_scratches();
+ if (!scomp_scratch_users++)
+ ret = crypto_scomp_alloc_scratches();
mutex_unlock(&scomp_lock);
return ret;
@@ -146,42 +123,41 @@
void **tfm_ctx = acomp_tfm_ctx(tfm);
struct crypto_scomp *scomp = *tfm_ctx;
void **ctx = acomp_request_ctx(req);
- const int cpu = get_cpu();
- u8 *scratch_src = *per_cpu_ptr(scomp_src_scratches, cpu);
- u8 *scratch_dst = *per_cpu_ptr(scomp_dst_scratches, cpu);
+ struct scomp_scratch *scratch;
int ret;
- if (!req->src || !req->slen || req->slen > SCOMP_SCRATCH_SIZE) {
- ret = -EINVAL;
- goto out;
- }
+ if (!req->src || !req->slen || req->slen > SCOMP_SCRATCH_SIZE)
+ return -EINVAL;
- if (req->dst && !req->dlen) {
- ret = -EINVAL;
- goto out;
- }
+ if (req->dst && !req->dlen)
+ return -EINVAL;
if (!req->dlen || req->dlen > SCOMP_SCRATCH_SIZE)
req->dlen = SCOMP_SCRATCH_SIZE;
- scatterwalk_map_and_copy(scratch_src, req->src, 0, req->slen, 0);
+ scratch = raw_cpu_ptr(&scomp_scratch);
+ spin_lock(&scratch->lock);
+
+ scatterwalk_map_and_copy(scratch->src, req->src, 0, req->slen, 0);
if (dir)
- ret = crypto_scomp_compress(scomp, scratch_src, req->slen,
- scratch_dst, &req->dlen, *ctx);
+ ret = crypto_scomp_compress(scomp, scratch->src, req->slen,
+ scratch->dst, &req->dlen, *ctx);
else
- ret = crypto_scomp_decompress(scomp, scratch_src, req->slen,
- scratch_dst, &req->dlen, *ctx);
+ ret = crypto_scomp_decompress(scomp, scratch->src, req->slen,
+ scratch->dst, &req->dlen, *ctx);
if (!ret) {
if (!req->dst) {
req->dst = sgl_alloc(req->dlen, GFP_ATOMIC, NULL);
- if (!req->dst)
+ if (!req->dst) {
+ ret = -ENOMEM;
goto out;
+ }
}
- scatterwalk_map_and_copy(scratch_dst, req->dst, 0, req->dlen,
+ scatterwalk_map_and_copy(scratch->dst, req->dst, 0, req->dlen,
1);
}
out:
- put_cpu();
+ spin_unlock(&scratch->lock);
return ret;
}
@@ -202,7 +178,8 @@
crypto_free_scomp(*ctx);
mutex_lock(&scomp_lock);
- crypto_scomp_free_all_scratches();
+ if (!--scomp_scratch_users)
+ crypto_scomp_free_scratches();
mutex_unlock(&scomp_lock);
}
diff --git a/crypto/seed.c b/crypto/seed.c
index c6ba843..5e3bef3 100644
--- a/crypto/seed.c
+++ b/crypto/seed.c
@@ -1,13 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
* SEED Cipher Algorithm.
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
* Documentation of SEED can be found in RFC 4269.
* Copyright (C) 2007 Korea Information Security Agency (KISA).
*/
@@ -470,7 +466,7 @@
crypto_unregister_alg(&seed_alg);
}
-module_init(seed_init);
+subsys_initcall(seed_init);
module_exit(seed_fini);
MODULE_DESCRIPTION("SEED Cipher Algorithm");
diff --git a/crypto/seqiv.c b/crypto/seqiv.c
index 39dbf2f..96d222c 100644
--- a/crypto/seqiv.c
+++ b/crypto/seqiv.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* seqiv: Sequence Number IV Generator
*
@@ -5,12 +6,6 @@
* with a salt. This algorithm is mainly useful for CTR and similar modes.
*
* Copyright (c) 2007 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/geniv.h>
@@ -73,9 +68,9 @@
info = req->iv;
if (req->src != req->dst) {
- SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull);
+ SYNC_SKCIPHER_REQUEST_ON_STACK(nreq, ctx->sknull);
- skcipher_request_set_tfm(nreq, ctx->sknull);
+ skcipher_request_set_sync_tfm(nreq, ctx->sknull);
skcipher_request_set_callback(nreq, req->base.flags,
NULL, NULL);
skcipher_request_set_crypt(nreq, req->src, req->dst,
@@ -89,13 +84,12 @@
if (unlikely(!IS_ALIGNED((unsigned long)info,
crypto_aead_alignmask(geniv) + 1))) {
- info = kmalloc(ivsize, req->base.flags &
- CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL:
- GFP_ATOMIC);
+ info = kmemdup(req->iv, ivsize, req->base.flags &
+ CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
+ GFP_ATOMIC);
if (!info)
return -ENOMEM;
- memcpy(info, req->iv, ivsize);
compl = seqiv_aead_encrypt_complete;
data = req;
}
@@ -212,7 +206,7 @@
crypto_unregister_template(&seqiv_tmpl);
}
-module_init(seqiv_module_init);
+subsys_initcall(seqiv_module_init);
module_exit(seqiv_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/serpent_generic.c b/crypto/serpent_generic.c
index 7c3382f..56fa665 100644
--- a/crypto/serpent_generic.c
+++ b/crypto/serpent_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -9,11 +10,6 @@
* Added tnepres support:
* Ruben Jesus Garcia Hernandez <ruben@ugr.es>, 18.10.2004
* Based on code by hvr
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
*/
#include <linux/init.h>
@@ -229,7 +225,13 @@
x4 ^= x2; \
})
-static void __serpent_setkey_sbox(u32 r0, u32 r1, u32 r2, u32 r3, u32 r4, u32 *k)
+/*
+ * both gcc and clang have misoptimized this function in the past,
+ * producing horrible object code from spilling temporary variables
+ * on the stack. Forcing this part out of line avoids that.
+ */
+static noinline void __serpent_setkey_sbox(u32 r0, u32 r1, u32 r2,
+ u32 r3, u32 r4, u32 *k)
{
k += 100;
S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24);
@@ -641,6 +643,7 @@
.cia_decrypt = serpent_decrypt } }
}, {
.cra_name = "tnepres",
+ .cra_driver_name = "tnepres-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = SERPENT_BLOCK_SIZE,
.cra_ctxsize = sizeof(struct serpent_ctx),
@@ -664,7 +667,7 @@
crypto_unregister_algs(srp_algs, ARRAY_SIZE(srp_algs));
}
-module_init(serpent_mod_init);
+subsys_initcall(serpent_mod_init);
module_exit(serpent_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/sha1_generic.c b/crypto/sha1_generic.c
index 2af64ef..7c57b84 100644
--- a/crypto/sha1_generic.c
+++ b/crypto/sha1_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -9,12 +10,6 @@
* Copyright (c) Alan Smithee.
* Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
* Copyright (c) Jean-Francois Dive <jef@linuxbe.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -92,7 +87,7 @@
crypto_unregister_shash(&alg);
}
-module_init(sha1_generic_mod_init);
+subsys_initcall(sha1_generic_mod_init);
module_exit(sha1_generic_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/sha256_generic.c b/crypto/sha256_generic.c
index 1e5ba66..f2d7095 100644
--- a/crypto/sha256_generic.c
+++ b/crypto/sha256_generic.c
@@ -1,21 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
- * Cryptographic API.
- *
- * SHA-256, as specified in
- * http://csrc.nist.gov/groups/STM/cavp/documents/shs/sha256-384-512.pdf
- *
- * SHA-256 code by Jean-Luc Cooke <jlcooke@certainkey.com>.
+ * Crypto API wrapper for the generic SHA256 code from lib/crypto/sha256.c
*
* Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
* Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* SHA224 Support Copyright 2007 Intel Corporation <jonathan.lynch@intel.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -43,229 +33,44 @@
};
EXPORT_SYMBOL_GPL(sha256_zero_message_hash);
-static inline u32 Ch(u32 x, u32 y, u32 z)
+static int crypto_sha256_init(struct shash_desc *desc)
{
- return z ^ (x & (y ^ z));
+ return sha256_init(shash_desc_ctx(desc));
}
-static inline u32 Maj(u32 x, u32 y, u32 z)
+static int crypto_sha224_init(struct shash_desc *desc)
{
- return (x & y) | (z & (x | y));
-}
-
-#define e0(x) (ror32(x, 2) ^ ror32(x,13) ^ ror32(x,22))
-#define e1(x) (ror32(x, 6) ^ ror32(x,11) ^ ror32(x,25))
-#define s0(x) (ror32(x, 7) ^ ror32(x,18) ^ (x >> 3))
-#define s1(x) (ror32(x,17) ^ ror32(x,19) ^ (x >> 10))
-
-static inline void LOAD_OP(int I, u32 *W, const u8 *input)
-{
- W[I] = get_unaligned_be32((__u32 *)input + I);
-}
-
-static inline void BLEND_OP(int I, u32 *W)
-{
- W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
-}
-
-static void sha256_transform(u32 *state, const u8 *input)
-{
- u32 a, b, c, d, e, f, g, h, t1, t2;
- u32 W[64];
- int i;
-
- /* load the input */
- for (i = 0; i < 16; i++)
- LOAD_OP(i, W, input);
-
- /* now blend */
- for (i = 16; i < 64; i++)
- BLEND_OP(i, W);
-
- /* load the state into our registers */
- a=state[0]; b=state[1]; c=state[2]; d=state[3];
- e=state[4]; f=state[5]; g=state[6]; h=state[7];
-
- /* now iterate */
- t1 = h + e1(e) + Ch(e,f,g) + 0x428a2f98 + W[ 0];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x71374491 + W[ 1];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0xb5c0fbcf + W[ 2];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0xe9b5dba5 + W[ 3];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x3956c25b + W[ 4];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x59f111f1 + W[ 5];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x923f82a4 + W[ 6];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0xab1c5ed5 + W[ 7];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0xd807aa98 + W[ 8];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x12835b01 + W[ 9];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x243185be + W[10];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x550c7dc3 + W[11];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x72be5d74 + W[12];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x80deb1fe + W[13];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x9bdc06a7 + W[14];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0xc19bf174 + W[15];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0xe49b69c1 + W[16];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0xefbe4786 + W[17];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x0fc19dc6 + W[18];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x240ca1cc + W[19];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x2de92c6f + W[20];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x4a7484aa + W[21];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x5cb0a9dc + W[22];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x76f988da + W[23];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x983e5152 + W[24];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0xa831c66d + W[25];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0xb00327c8 + W[26];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0xbf597fc7 + W[27];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0xc6e00bf3 + W[28];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0xd5a79147 + W[29];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x06ca6351 + W[30];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x14292967 + W[31];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x27b70a85 + W[32];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x2e1b2138 + W[33];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x4d2c6dfc + W[34];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x53380d13 + W[35];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x650a7354 + W[36];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x766a0abb + W[37];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x81c2c92e + W[38];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x92722c85 + W[39];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0xa2bfe8a1 + W[40];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0xa81a664b + W[41];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0xc24b8b70 + W[42];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0xc76c51a3 + W[43];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0xd192e819 + W[44];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0xd6990624 + W[45];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0xf40e3585 + W[46];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x106aa070 + W[47];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x19a4c116 + W[48];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x1e376c08 + W[49];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x2748774c + W[50];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x34b0bcb5 + W[51];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x391c0cb3 + W[52];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0x4ed8aa4a + W[53];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0x5b9cca4f + W[54];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0x682e6ff3 + W[55];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- t1 = h + e1(e) + Ch(e,f,g) + 0x748f82ee + W[56];
- t2 = e0(a) + Maj(a,b,c); d+=t1; h=t1+t2;
- t1 = g + e1(d) + Ch(d,e,f) + 0x78a5636f + W[57];
- t2 = e0(h) + Maj(h,a,b); c+=t1; g=t1+t2;
- t1 = f + e1(c) + Ch(c,d,e) + 0x84c87814 + W[58];
- t2 = e0(g) + Maj(g,h,a); b+=t1; f=t1+t2;
- t1 = e + e1(b) + Ch(b,c,d) + 0x8cc70208 + W[59];
- t2 = e0(f) + Maj(f,g,h); a+=t1; e=t1+t2;
- t1 = d + e1(a) + Ch(a,b,c) + 0x90befffa + W[60];
- t2 = e0(e) + Maj(e,f,g); h+=t1; d=t1+t2;
- t1 = c + e1(h) + Ch(h,a,b) + 0xa4506ceb + W[61];
- t2 = e0(d) + Maj(d,e,f); g+=t1; c=t1+t2;
- t1 = b + e1(g) + Ch(g,h,a) + 0xbef9a3f7 + W[62];
- t2 = e0(c) + Maj(c,d,e); f+=t1; b=t1+t2;
- t1 = a + e1(f) + Ch(f,g,h) + 0xc67178f2 + W[63];
- t2 = e0(b) + Maj(b,c,d); e+=t1; a=t1+t2;
-
- state[0] += a; state[1] += b; state[2] += c; state[3] += d;
- state[4] += e; state[5] += f; state[6] += g; state[7] += h;
-
- /* clear any sensitive info... */
- a = b = c = d = e = f = g = h = t1 = t2 = 0;
- memzero_explicit(W, 64 * sizeof(u32));
-}
-
-static void sha256_generic_block_fn(struct sha256_state *sst, u8 const *src,
- int blocks)
-{
- while (blocks--) {
- sha256_transform(sst->state, src);
- src += SHA256_BLOCK_SIZE;
- }
+ return sha224_init(shash_desc_ctx(desc));
}
int crypto_sha256_update(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
- return sha256_base_do_update(desc, data, len, sha256_generic_block_fn);
+ return sha256_update(shash_desc_ctx(desc), data, len);
}
EXPORT_SYMBOL(crypto_sha256_update);
-static int sha256_final(struct shash_desc *desc, u8 *out)
+static int crypto_sha256_final(struct shash_desc *desc, u8 *out)
{
- sha256_base_do_finalize(desc, sha256_generic_block_fn);
- return sha256_base_finish(desc, out);
+ if (crypto_shash_digestsize(desc->tfm) == SHA224_DIGEST_SIZE)
+ return sha224_final(shash_desc_ctx(desc), out);
+ else
+ return sha256_final(shash_desc_ctx(desc), out);
}
int crypto_sha256_finup(struct shash_desc *desc, const u8 *data,
unsigned int len, u8 *hash)
{
- sha256_base_do_update(desc, data, len, sha256_generic_block_fn);
- return sha256_final(desc, hash);
+ sha256_update(shash_desc_ctx(desc), data, len);
+ return crypto_sha256_final(desc, hash);
}
EXPORT_SYMBOL(crypto_sha256_finup);
static struct shash_alg sha256_algs[2] = { {
.digestsize = SHA256_DIGEST_SIZE,
- .init = sha256_base_init,
+ .init = crypto_sha256_init,
.update = crypto_sha256_update,
- .final = sha256_final,
+ .final = crypto_sha256_final,
.finup = crypto_sha256_finup,
.descsize = sizeof(struct sha256_state),
.base = {
@@ -277,9 +82,9 @@
}
}, {
.digestsize = SHA224_DIGEST_SIZE,
- .init = sha224_base_init,
+ .init = crypto_sha224_init,
.update = crypto_sha256_update,
- .final = sha256_final,
+ .final = crypto_sha256_final,
.finup = crypto_sha256_finup,
.descsize = sizeof(struct sha256_state),
.base = {
@@ -301,7 +106,7 @@
crypto_unregister_shashes(sha256_algs, ARRAY_SIZE(sha256_algs));
}
-module_init(sha256_generic_mod_init);
+subsys_initcall(sha256_generic_mod_init);
module_exit(sha256_generic_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/sha3_generic.c b/crypto/sha3_generic.c
index 7ed9836..44e263e 100644
--- a/crypto/sha3_generic.c
+++ b/crypto/sha3_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -6,12 +7,6 @@
*
* SHA-3 code by Jeff Garzik <jeff@garzik.org>
* Ard Biesheuvel <ard.biesheuvel@linaro.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)•
- * any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
@@ -294,7 +289,7 @@
crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
}
-module_init(sha3_generic_mod_init);
+subsys_initcall(sha3_generic_mod_init);
module_exit(sha3_generic_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/sha512_generic.c b/crypto/sha512_generic.c
index 4097cd5..e34d09d 100644
--- a/crypto/sha512_generic.c
+++ b/crypto/sha512_generic.c
@@ -1,14 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* SHA-512 code by Jean-Luc Cooke <jlcooke@certainkey.com>
*
* Copyright (c) Jean-Luc Cooke <jlcooke@certainkey.com>
* Copyright (c) Andrew McDonald <andrew@mcdonald.org.uk>
* Copyright (c) 2003 Kyle McMartin <kyle@debian.org>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2, or (at your option) any
- * later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/kernel.h>
@@ -223,7 +218,7 @@
crypto_unregister_shashes(sha512_algs, ARRAY_SIZE(sha512_algs));
}
-module_init(sha512_generic_mod_init);
+subsys_initcall(sha512_generic_mod_init);
module_exit(sha512_generic_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/shash.c b/crypto/shash.c
index 5d732c6..e83c512 100644
--- a/crypto/shash.c
+++ b/crypto/shash.c
@@ -1,13 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Synchronous Cryptographic Hash operations.
*
* Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/scatterwalk.h>
@@ -53,6 +48,13 @@
return err;
}
+static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg)
+{
+ if (crypto_shash_alg_has_setkey(alg) &&
+ !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
+}
+
int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key,
unsigned int keylen)
{
@@ -65,21 +67,16 @@
else
err = shash->setkey(tfm, key, keylen);
- if (err)
+ if (unlikely(err)) {
+ shash_set_needkey(tfm, shash);
return err;
+ }
crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
EXPORT_SYMBOL_GPL(crypto_shash_setkey);
-static inline unsigned int shash_align_buffer_size(unsigned len,
- unsigned long mask)
-{
- typedef u8 __aligned_largest u8_aligned;
- return len + (mask & ~(__alignof__(u8_aligned) - 1));
-}
-
static int shash_update_unaligned(struct shash_desc *desc, const u8 *data,
unsigned int len)
{
@@ -88,11 +85,17 @@
unsigned long alignmask = crypto_shash_alignmask(tfm);
unsigned int unaligned_len = alignmask + 1 -
((unsigned long)data & alignmask);
- u8 ubuf[shash_align_buffer_size(unaligned_len, alignmask)]
- __aligned_largest;
+ /*
+ * We cannot count on __aligned() working for large values:
+ * https://patchwork.kernel.org/patch/9507697/
+ */
+ u8 ubuf[MAX_ALGAPI_ALIGNMASK * 2];
u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
int err;
+ if (WARN_ON(buf + unaligned_len > ubuf + sizeof(ubuf)))
+ return -EINVAL;
+
if (unaligned_len > len)
unaligned_len = len;
@@ -124,11 +127,17 @@
unsigned long alignmask = crypto_shash_alignmask(tfm);
struct shash_alg *shash = crypto_shash_alg(tfm);
unsigned int ds = crypto_shash_digestsize(tfm);
- u8 ubuf[shash_align_buffer_size(ds, alignmask)]
- __aligned_largest;
+ /*
+ * We cannot count on __aligned() working for large values:
+ * https://patchwork.kernel.org/patch/9507697/
+ */
+ u8 ubuf[MAX_ALGAPI_ALIGNMASK + HASH_MAX_DIGESTSIZE];
u8 *buf = PTR_ALIGN(&ubuf[0], alignmask + 1);
int err;
+ if (WARN_ON(buf + ds > ubuf + sizeof(ubuf)))
+ return -EINVAL;
+
err = shash->final(desc, buf);
if (err)
goto out;
@@ -224,7 +233,6 @@
struct shash_desc *desc = ahash_request_ctx(req);
desc->tfm = *ctx;
- desc->flags = req->base.flags;
return crypto_shash_init(desc);
}
@@ -279,7 +287,6 @@
struct shash_desc *desc = ahash_request_ctx(req);
desc->tfm = *ctx;
- desc->flags = req->base.flags;
return shash_ahash_finup(req, desc);
}
@@ -293,14 +300,13 @@
if (nbytes &&
(sg = req->src, offset = sg->offset,
- nbytes < min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) {
+ nbytes <= min(sg->length, ((unsigned int)(PAGE_SIZE)) - offset))) {
void *data;
data = kmap_atomic(sg_page(sg));
err = crypto_shash_digest(desc, data + offset, nbytes,
req->result);
kunmap_atomic(data);
- crypto_yield(desc->flags);
} else
err = crypto_shash_init(desc) ?:
shash_ahash_finup(req, desc);
@@ -315,7 +321,6 @@
struct shash_desc *desc = ahash_request_ctx(req);
desc->tfm = *ctx;
- desc->flags = req->base.flags;
return shash_ahash_digest(req, desc);
}
@@ -331,7 +336,6 @@
struct shash_desc *desc = ahash_request_ctx(req);
desc->tfm = *ctx;
- desc->flags = req->base.flags;
return crypto_shash_import(desc, in);
}
@@ -368,15 +372,14 @@
crt->final = shash_async_final;
crt->finup = shash_async_finup;
crt->digest = shash_async_digest;
- crt->setkey = shash_async_setkey;
+ if (crypto_shash_alg_has_setkey(alg))
+ crt->setkey = shash_async_setkey;
crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) &
CRYPTO_TFM_NEED_KEY);
- if (alg->export)
- crt->export = shash_async_export;
- if (alg->import)
- crt->import = shash_async_import;
+ crt->export = shash_async_export;
+ crt->import = shash_async_import;
crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash);
@@ -390,9 +393,7 @@
hash->descsize = alg->descsize;
- if (crypto_shash_alg_has_setkey(alg) &&
- !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY))
- crypto_shash_set_flags(hash, CRYPTO_TFM_NEED_KEY);
+ shash_set_needkey(hash, alg);
return 0;
}
@@ -403,18 +404,14 @@
struct crypto_report_hash rhash;
struct shash_alg *salg = __crypto_shash_alg(alg);
- strncpy(rhash.type, "shash", sizeof(rhash.type));
+ memset(&rhash, 0, sizeof(rhash));
+
+ strscpy(rhash.type, "shash", sizeof(rhash.type));
rhash.blocksize = alg->cra_blocksize;
rhash.digestsize = salg->digestsize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_HASH,
- sizeof(struct crypto_report_hash), &rhash))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_HASH, sizeof(rhash), &rhash);
}
#else
static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -458,9 +455,12 @@
{
struct crypto_alg *base = &alg->base;
- if (alg->digestsize > PAGE_SIZE / 8 ||
- alg->descsize > PAGE_SIZE / 8 ||
- alg->statesize > PAGE_SIZE / 8)
+ if (alg->digestsize > HASH_MAX_DIGESTSIZE ||
+ alg->descsize > HASH_MAX_DESCSIZE ||
+ alg->statesize > HASH_MAX_STATESIZE)
+ return -EINVAL;
+
+ if ((alg->export && !alg->import) || (alg->import && !alg->export))
return -EINVAL;
base->cra_type = &crypto_shash_type;
diff --git a/crypto/simd.c b/crypto/simd.c
index 78e8d03..4887626 100644
--- a/crypto/simd.c
+++ b/crypto/simd.c
@@ -1,29 +1,34 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Shared crypto simd helpers
*
* Copyright (c) 2012 Jussi Kivilinna <jussi.kivilinna@mbnet.fi>
* Copyright (c) 2016 Herbert Xu <herbert@gondor.apana.org.au>
+ * Copyright (c) 2019 Google LLC
*
* Based on aesni-intel_glue.c by:
* Copyright (C) 2008, Intel Corp.
* Author: Huang Ying <ying.huang@intel.com>
+ */
+
+/*
+ * Shared crypto SIMD helpers. These functions dynamically create and register
+ * an skcipher or AEAD algorithm that wraps another, internal algorithm. The
+ * wrapper ensures that the internal algorithm is only executed in a context
+ * where SIMD instructions are usable, i.e. where may_use_simd() returns true.
+ * If SIMD is already usable, the wrapper directly calls the internal algorithm.
+ * Otherwise it defers execution to a workqueue via cryptd.
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
+ * This is an alternative to the internal algorithm implementing a fallback for
+ * the !may_use_simd() case itself.
*
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * Note that the wrapper algorithm is asynchronous, i.e. it has the
+ * CRYPTO_ALG_ASYNC flag set. Therefore it won't be found by users who
+ * explicitly allocate a synchronous algorithm.
*/
#include <crypto/cryptd.h>
+#include <crypto/internal/aead.h>
#include <crypto/internal/simd.h>
#include <crypto/internal/skcipher.h>
#include <linux/kernel.h>
@@ -31,6 +36,8 @@
#include <linux/preempt.h>
#include <asm/simd.h>
+/* skcipher support */
+
struct simd_skcipher_alg {
const char *ialg_name;
struct skcipher_alg alg;
@@ -66,7 +73,7 @@
subreq = skcipher_request_ctx(req);
*subreq = *req;
- if (!may_use_simd() ||
+ if (!crypto_simd_usable() ||
(in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
child = &ctx->cryptd_tfm->base;
else
@@ -87,7 +94,7 @@
subreq = skcipher_request_ctx(req);
*subreq = *req;
- if (!may_use_simd() ||
+ if (!crypto_simd_usable() ||
(in_atomic() && cryptd_skcipher_queued(ctx->cryptd_tfm)))
child = &ctx->cryptd_tfm->base;
else
@@ -272,4 +279,254 @@
}
EXPORT_SYMBOL_GPL(simd_unregister_skciphers);
+/* AEAD support */
+
+struct simd_aead_alg {
+ const char *ialg_name;
+ struct aead_alg alg;
+};
+
+struct simd_aead_ctx {
+ struct cryptd_aead *cryptd_tfm;
+};
+
+static int simd_aead_setkey(struct crypto_aead *tfm, const u8 *key,
+ unsigned int key_len)
+{
+ struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ struct crypto_aead *child = &ctx->cryptd_tfm->base;
+ int err;
+
+ crypto_aead_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+ crypto_aead_set_flags(child, crypto_aead_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_aead_setkey(child, key, key_len);
+ crypto_aead_set_flags(tfm, crypto_aead_get_flags(child) &
+ CRYPTO_TFM_RES_MASK);
+ return err;
+}
+
+static int simd_aead_setauthsize(struct crypto_aead *tfm, unsigned int authsize)
+{
+ struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ struct crypto_aead *child = &ctx->cryptd_tfm->base;
+
+ return crypto_aead_setauthsize(child, authsize);
+}
+
+static int simd_aead_encrypt(struct aead_request *req)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ struct aead_request *subreq;
+ struct crypto_aead *child;
+
+ subreq = aead_request_ctx(req);
+ *subreq = *req;
+
+ if (!crypto_simd_usable() ||
+ (in_atomic() && cryptd_aead_queued(ctx->cryptd_tfm)))
+ child = &ctx->cryptd_tfm->base;
+ else
+ child = cryptd_aead_child(ctx->cryptd_tfm);
+
+ aead_request_set_tfm(subreq, child);
+
+ return crypto_aead_encrypt(subreq);
+}
+
+static int simd_aead_decrypt(struct aead_request *req)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ struct aead_request *subreq;
+ struct crypto_aead *child;
+
+ subreq = aead_request_ctx(req);
+ *subreq = *req;
+
+ if (!crypto_simd_usable() ||
+ (in_atomic() && cryptd_aead_queued(ctx->cryptd_tfm)))
+ child = &ctx->cryptd_tfm->base;
+ else
+ child = cryptd_aead_child(ctx->cryptd_tfm);
+
+ aead_request_set_tfm(subreq, child);
+
+ return crypto_aead_decrypt(subreq);
+}
+
+static void simd_aead_exit(struct crypto_aead *tfm)
+{
+ struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
+
+ cryptd_free_aead(ctx->cryptd_tfm);
+}
+
+static int simd_aead_init(struct crypto_aead *tfm)
+{
+ struct simd_aead_ctx *ctx = crypto_aead_ctx(tfm);
+ struct cryptd_aead *cryptd_tfm;
+ struct simd_aead_alg *salg;
+ struct aead_alg *alg;
+ unsigned reqsize;
+
+ alg = crypto_aead_alg(tfm);
+ salg = container_of(alg, struct simd_aead_alg, alg);
+
+ cryptd_tfm = cryptd_alloc_aead(salg->ialg_name, CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL);
+ if (IS_ERR(cryptd_tfm))
+ return PTR_ERR(cryptd_tfm);
+
+ ctx->cryptd_tfm = cryptd_tfm;
+
+ reqsize = crypto_aead_reqsize(cryptd_aead_child(cryptd_tfm));
+ reqsize = max(reqsize, crypto_aead_reqsize(&cryptd_tfm->base));
+ reqsize += sizeof(struct aead_request);
+
+ crypto_aead_set_reqsize(tfm, reqsize);
+
+ return 0;
+}
+
+struct simd_aead_alg *simd_aead_create_compat(const char *algname,
+ const char *drvname,
+ const char *basename)
+{
+ struct simd_aead_alg *salg;
+ struct crypto_aead *tfm;
+ struct aead_alg *ialg;
+ struct aead_alg *alg;
+ int err;
+
+ tfm = crypto_alloc_aead(basename, CRYPTO_ALG_INTERNAL,
+ CRYPTO_ALG_INTERNAL | CRYPTO_ALG_ASYNC);
+ if (IS_ERR(tfm))
+ return ERR_CAST(tfm);
+
+ ialg = crypto_aead_alg(tfm);
+
+ salg = kzalloc(sizeof(*salg), GFP_KERNEL);
+ if (!salg) {
+ salg = ERR_PTR(-ENOMEM);
+ goto out_put_tfm;
+ }
+
+ salg->ialg_name = basename;
+ alg = &salg->alg;
+
+ err = -ENAMETOOLONG;
+ if (snprintf(alg->base.cra_name, CRYPTO_MAX_ALG_NAME, "%s", algname) >=
+ CRYPTO_MAX_ALG_NAME)
+ goto out_free_salg;
+
+ if (snprintf(alg->base.cra_driver_name, CRYPTO_MAX_ALG_NAME, "%s",
+ drvname) >= CRYPTO_MAX_ALG_NAME)
+ goto out_free_salg;
+
+ alg->base.cra_flags = CRYPTO_ALG_ASYNC;
+ alg->base.cra_priority = ialg->base.cra_priority;
+ alg->base.cra_blocksize = ialg->base.cra_blocksize;
+ alg->base.cra_alignmask = ialg->base.cra_alignmask;
+ alg->base.cra_module = ialg->base.cra_module;
+ alg->base.cra_ctxsize = sizeof(struct simd_aead_ctx);
+
+ alg->ivsize = ialg->ivsize;
+ alg->maxauthsize = ialg->maxauthsize;
+ alg->chunksize = ialg->chunksize;
+
+ alg->init = simd_aead_init;
+ alg->exit = simd_aead_exit;
+
+ alg->setkey = simd_aead_setkey;
+ alg->setauthsize = simd_aead_setauthsize;
+ alg->encrypt = simd_aead_encrypt;
+ alg->decrypt = simd_aead_decrypt;
+
+ err = crypto_register_aead(alg);
+ if (err)
+ goto out_free_salg;
+
+out_put_tfm:
+ crypto_free_aead(tfm);
+ return salg;
+
+out_free_salg:
+ kfree(salg);
+ salg = ERR_PTR(err);
+ goto out_put_tfm;
+}
+EXPORT_SYMBOL_GPL(simd_aead_create_compat);
+
+struct simd_aead_alg *simd_aead_create(const char *algname,
+ const char *basename)
+{
+ char drvname[CRYPTO_MAX_ALG_NAME];
+
+ if (snprintf(drvname, CRYPTO_MAX_ALG_NAME, "simd-%s", basename) >=
+ CRYPTO_MAX_ALG_NAME)
+ return ERR_PTR(-ENAMETOOLONG);
+
+ return simd_aead_create_compat(algname, drvname, basename);
+}
+EXPORT_SYMBOL_GPL(simd_aead_create);
+
+void simd_aead_free(struct simd_aead_alg *salg)
+{
+ crypto_unregister_aead(&salg->alg);
+ kfree(salg);
+}
+EXPORT_SYMBOL_GPL(simd_aead_free);
+
+int simd_register_aeads_compat(struct aead_alg *algs, int count,
+ struct simd_aead_alg **simd_algs)
+{
+ int err;
+ int i;
+ const char *algname;
+ const char *drvname;
+ const char *basename;
+ struct simd_aead_alg *simd;
+
+ err = crypto_register_aeads(algs, count);
+ if (err)
+ return err;
+
+ for (i = 0; i < count; i++) {
+ WARN_ON(strncmp(algs[i].base.cra_name, "__", 2));
+ WARN_ON(strncmp(algs[i].base.cra_driver_name, "__", 2));
+ algname = algs[i].base.cra_name + 2;
+ drvname = algs[i].base.cra_driver_name + 2;
+ basename = algs[i].base.cra_driver_name;
+ simd = simd_aead_create_compat(algname, drvname, basename);
+ err = PTR_ERR(simd);
+ if (IS_ERR(simd))
+ goto err_unregister;
+ simd_algs[i] = simd;
+ }
+ return 0;
+
+err_unregister:
+ simd_unregister_aeads(algs, count, simd_algs);
+ return err;
+}
+EXPORT_SYMBOL_GPL(simd_register_aeads_compat);
+
+void simd_unregister_aeads(struct aead_alg *algs, int count,
+ struct simd_aead_alg **simd_algs)
+{
+ int i;
+
+ crypto_unregister_aeads(algs, count);
+
+ for (i = 0; i < count; i++) {
+ if (simd_algs[i]) {
+ simd_aead_free(simd_algs[i]);
+ simd_algs[i] = NULL;
+ }
+ }
+}
+EXPORT_SYMBOL_GPL(simd_unregister_aeads);
+
MODULE_LICENSE("GPL");
diff --git a/crypto/skcipher.c b/crypto/skcipher.c
index 0bd8c6c..22753c1 100644
--- a/crypto/skcipher.c
+++ b/crypto/skcipher.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Symmetric key cipher operations.
*
@@ -6,12 +7,6 @@
* the kernel is given a chance to schedule us once per page.
*
* Copyright (c) 2015 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/internal/aead.h>
@@ -95,7 +90,7 @@
return max(start, end_page);
}
-static void skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize)
+static int skcipher_done_slow(struct skcipher_walk *walk, unsigned int bsize)
{
u8 *addr;
@@ -103,19 +98,21 @@
addr = skcipher_get_spot(addr, bsize);
scatterwalk_copychunks(addr, &walk->out, bsize,
(walk->flags & SKCIPHER_WALK_PHYS) ? 2 : 1);
+ return 0;
}
int skcipher_walk_done(struct skcipher_walk *walk, int err)
{
- unsigned int n; /* bytes processed */
- bool more;
+ unsigned int n = walk->nbytes;
+ unsigned int nbytes = 0;
- if (unlikely(err < 0))
+ if (!n)
goto finish;
- n = walk->nbytes - err;
- walk->total -= n;
- more = (walk->total != 0);
+ if (likely(err >= 0)) {
+ n -= err;
+ nbytes = walk->total - n;
+ }
if (likely(!(walk->flags & (SKCIPHER_WALK_PHYS |
SKCIPHER_WALK_SLOW |
@@ -131,30 +128,37 @@
memcpy(walk->dst.virt.addr, walk->page, n);
skcipher_unmap_dst(walk);
} else if (unlikely(walk->flags & SKCIPHER_WALK_SLOW)) {
- if (WARN_ON(err)) {
- /* unexpected case; didn't process all bytes */
+ if (err > 0) {
+ /*
+ * Didn't process all bytes. Either the algorithm is
+ * broken, or this was the last step and it turned out
+ * the message wasn't evenly divisible into blocks but
+ * the algorithm requires it.
+ */
err = -EINVAL;
- goto finish;
- }
- skcipher_done_slow(walk, n);
- goto already_advanced;
+ nbytes = 0;
+ } else
+ n = skcipher_done_slow(walk, n);
}
+ if (err > 0)
+ err = 0;
+
+ walk->total = nbytes;
+ walk->nbytes = 0;
+
scatterwalk_advance(&walk->in, n);
scatterwalk_advance(&walk->out, n);
-already_advanced:
- scatterwalk_done(&walk->in, 0, more);
- scatterwalk_done(&walk->out, 1, more);
+ scatterwalk_done(&walk->in, 0, nbytes);
+ scatterwalk_done(&walk->out, 1, nbytes);
- if (more) {
+ if (nbytes) {
crypto_yield(walk->flags & SKCIPHER_WALK_SLEEP ?
CRYPTO_TFM_REQ_MAY_SLEEP : 0);
return skcipher_walk_next(walk);
}
- err = 0;
-finish:
- walk->nbytes = 0;
+finish:
/* Short-circuit for the common/fast path. */
if (!((unsigned long)walk->buffer | (unsigned long)walk->page))
goto out;
@@ -474,6 +478,8 @@
{
int err;
+ might_sleep_if(req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP);
+
walk->flags &= ~SKCIPHER_WALK_PHYS;
err = skcipher_walk_skcipher(walk, req);
@@ -577,13 +583,18 @@
if (alg->cra_type == &crypto_blkcipher_type)
return sizeof(struct crypto_blkcipher *);
- if (alg->cra_type == &crypto_ablkcipher_type ||
- alg->cra_type == &crypto_givcipher_type)
+ if (alg->cra_type == &crypto_ablkcipher_type)
return sizeof(struct crypto_ablkcipher *);
return crypto_alg_extsize(alg);
}
+static void skcipher_set_needkey(struct crypto_skcipher *tfm)
+{
+ if (tfm->keysize)
+ crypto_skcipher_set_flags(tfm, CRYPTO_TFM_NEED_KEY);
+}
+
static int skcipher_setkey_blkcipher(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen)
{
@@ -597,8 +608,10 @@
err = crypto_blkcipher_setkey(blkcipher, key, keylen);
crypto_skcipher_set_flags(tfm, crypto_blkcipher_get_flags(blkcipher) &
CRYPTO_TFM_RES_MASK);
- if (err)
+ if (unlikely(err)) {
+ skcipher_set_needkey(tfm);
return err;
+ }
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
@@ -676,8 +689,7 @@
skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher);
skcipher->keysize = calg->cra_blkcipher.max_keysize;
- if (skcipher->keysize)
- crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY);
+ skcipher_set_needkey(skcipher);
return 0;
}
@@ -697,8 +709,10 @@
crypto_skcipher_set_flags(tfm,
crypto_ablkcipher_get_flags(ablkcipher) &
CRYPTO_TFM_RES_MASK);
- if (err)
+ if (unlikely(err)) {
+ skcipher_set_needkey(tfm);
return err;
+ }
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
@@ -775,8 +789,7 @@
sizeof(struct ablkcipher_request);
skcipher->keysize = calg->cra_ablkcipher.max_keysize;
- if (skcipher->keysize)
- crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY);
+ skcipher_set_needkey(skcipher);
return 0;
}
@@ -819,13 +832,49 @@
else
err = cipher->setkey(tfm, key, keylen);
- if (err)
+ if (unlikely(err)) {
+ skcipher_set_needkey(tfm);
return err;
+ }
crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY);
return 0;
}
+int crypto_skcipher_encrypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else
+ ret = tfm->encrypt(req);
+ crypto_stats_skcipher_encrypt(cryptlen, ret, alg);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_skcipher_encrypt);
+
+int crypto_skcipher_decrypt(struct skcipher_request *req)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ struct crypto_alg *alg = tfm->base.__crt_alg;
+ unsigned int cryptlen = req->cryptlen;
+ int ret;
+
+ crypto_stats_get(alg);
+ if (crypto_skcipher_get_flags(tfm) & CRYPTO_TFM_NEED_KEY)
+ ret = -ENOKEY;
+ else
+ ret = tfm->decrypt(req);
+ crypto_stats_skcipher_decrypt(cryptlen, ret, alg);
+ return ret;
+}
+EXPORT_SYMBOL_GPL(crypto_skcipher_decrypt);
+
static void crypto_skcipher_exit_tfm(struct crypto_tfm *tfm)
{
struct crypto_skcipher *skcipher = __crypto_skcipher_cast(tfm);
@@ -842,8 +891,7 @@
if (tfm->__crt_alg->cra_type == &crypto_blkcipher_type)
return crypto_init_skcipher_ops_blkcipher(tfm);
- if (tfm->__crt_alg->cra_type == &crypto_ablkcipher_type ||
- tfm->__crt_alg->cra_type == &crypto_givcipher_type)
+ if (tfm->__crt_alg->cra_type == &crypto_ablkcipher_type)
return crypto_init_skcipher_ops_ablkcipher(tfm);
skcipher->setkey = skcipher_setkey;
@@ -852,8 +900,7 @@
skcipher->ivsize = alg->ivsize;
skcipher->keysize = alg->max_keysize;
- if (skcipher->keysize)
- crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY);
+ skcipher_set_needkey(skcipher);
if (alg->exit)
skcipher->base.exit = crypto_skcipher_exit_tfm;
@@ -897,21 +944,18 @@
struct skcipher_alg *skcipher = container_of(alg, struct skcipher_alg,
base);
- strncpy(rblkcipher.type, "skcipher", sizeof(rblkcipher.type));
- strncpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv));
+ memset(&rblkcipher, 0, sizeof(rblkcipher));
+
+ strscpy(rblkcipher.type, "skcipher", sizeof(rblkcipher.type));
+ strscpy(rblkcipher.geniv, "<none>", sizeof(rblkcipher.geniv));
rblkcipher.blocksize = alg->cra_blocksize;
rblkcipher.min_keysize = skcipher->min_keysize;
rblkcipher.max_keysize = skcipher->max_keysize;
rblkcipher.ivsize = skcipher->ivsize;
- if (nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
- sizeof(struct crypto_report_blkcipher), &rblkcipher))
- goto nla_put_failure;
- return 0;
-
-nla_put_failure:
- return -EMSGSIZE;
+ return nla_put(skb, CRYPTOCFGA_REPORT_BLKCIPHER,
+ sizeof(rblkcipher), &rblkcipher);
}
#else
static int crypto_skcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
@@ -949,6 +993,30 @@
}
EXPORT_SYMBOL_GPL(crypto_alloc_skcipher);
+struct crypto_sync_skcipher *crypto_alloc_sync_skcipher(
+ const char *alg_name, u32 type, u32 mask)
+{
+ struct crypto_skcipher *tfm;
+
+ /* Only sync algorithms allowed. */
+ mask |= CRYPTO_ALG_ASYNC;
+
+ tfm = crypto_alloc_tfm(alg_name, &crypto_skcipher_type2, type, mask);
+
+ /*
+ * Make sure we do not allocate something that might get used with
+ * an on-stack request: check the request size.
+ */
+ if (!IS_ERR(tfm) && WARN_ON(crypto_skcipher_reqsize(tfm) >
+ MAX_SYNC_SKCIPHER_REQSIZE)) {
+ crypto_free_skcipher(tfm);
+ return ERR_PTR(-EINVAL);
+ }
+
+ return (struct crypto_sync_skcipher *)tfm;
+}
+EXPORT_SYMBOL_GPL(crypto_alloc_sync_skcipher);
+
int crypto_has_skcipher2(const char *alg_name, u32 type, u32 mask)
{
return crypto_type_has_alg(alg_name, &crypto_skcipher_type2,
@@ -1037,5 +1105,136 @@
}
EXPORT_SYMBOL_GPL(skcipher_register_instance);
+static int skcipher_setkey_simple(struct crypto_skcipher *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct crypto_cipher *cipher = skcipher_cipher_simple(tfm);
+ int err;
+
+ crypto_cipher_clear_flags(cipher, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(cipher, crypto_skcipher_get_flags(tfm) &
+ CRYPTO_TFM_REQ_MASK);
+ err = crypto_cipher_setkey(cipher, key, keylen);
+ crypto_skcipher_set_flags(tfm, crypto_cipher_get_flags(cipher) &
+ CRYPTO_TFM_RES_MASK);
+ return err;
+}
+
+static int skcipher_init_tfm_simple(struct crypto_skcipher *tfm)
+{
+ struct skcipher_instance *inst = skcipher_alg_instance(tfm);
+ struct crypto_spawn *spawn = skcipher_instance_ctx(inst);
+ struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm);
+ struct crypto_cipher *cipher;
+
+ cipher = crypto_spawn_cipher(spawn);
+ if (IS_ERR(cipher))
+ return PTR_ERR(cipher);
+
+ ctx->cipher = cipher;
+ return 0;
+}
+
+static void skcipher_exit_tfm_simple(struct crypto_skcipher *tfm)
+{
+ struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm);
+
+ crypto_free_cipher(ctx->cipher);
+}
+
+static void skcipher_free_instance_simple(struct skcipher_instance *inst)
+{
+ crypto_drop_spawn(skcipher_instance_ctx(inst));
+ kfree(inst);
+}
+
+/**
+ * skcipher_alloc_instance_simple - allocate instance of simple block cipher mode
+ *
+ * Allocate an skcipher_instance for a simple block cipher mode of operation,
+ * e.g. cbc or ecb. The instance context will have just a single crypto_spawn,
+ * that for the underlying cipher. The {min,max}_keysize, ivsize, blocksize,
+ * alignmask, and priority are set from the underlying cipher but can be
+ * overridden if needed. The tfm context defaults to skcipher_ctx_simple, and
+ * default ->setkey(), ->init(), and ->exit() methods are installed.
+ *
+ * @tmpl: the template being instantiated
+ * @tb: the template parameters
+ * @cipher_alg_ret: on success, a pointer to the underlying cipher algorithm is
+ * returned here. It must be dropped with crypto_mod_put().
+ *
+ * Return: a pointer to the new instance, or an ERR_PTR(). The caller still
+ * needs to register the instance.
+ */
+struct skcipher_instance *
+skcipher_alloc_instance_simple(struct crypto_template *tmpl, struct rtattr **tb,
+ struct crypto_alg **cipher_alg_ret)
+{
+ struct crypto_attr_type *algt;
+ struct crypto_alg *cipher_alg;
+ struct skcipher_instance *inst;
+ struct crypto_spawn *spawn;
+ u32 mask;
+ int err;
+
+ algt = crypto_get_attr_type(tb);
+ if (IS_ERR(algt))
+ return ERR_CAST(algt);
+
+ if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask)
+ return ERR_PTR(-EINVAL);
+
+ mask = CRYPTO_ALG_TYPE_MASK |
+ crypto_requires_off(algt->type, algt->mask,
+ CRYPTO_ALG_NEED_FALLBACK);
+
+ cipher_alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask);
+ if (IS_ERR(cipher_alg))
+ return ERR_CAST(cipher_alg);
+
+ inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL);
+ if (!inst) {
+ err = -ENOMEM;
+ goto err_put_cipher_alg;
+ }
+ spawn = skcipher_instance_ctx(inst);
+
+ err = crypto_inst_setname(skcipher_crypto_instance(inst), tmpl->name,
+ cipher_alg);
+ if (err)
+ goto err_free_inst;
+
+ err = crypto_init_spawn(spawn, cipher_alg,
+ skcipher_crypto_instance(inst),
+ CRYPTO_ALG_TYPE_MASK);
+ if (err)
+ goto err_free_inst;
+ inst->free = skcipher_free_instance_simple;
+
+ /* Default algorithm properties, can be overridden */
+ inst->alg.base.cra_blocksize = cipher_alg->cra_blocksize;
+ inst->alg.base.cra_alignmask = cipher_alg->cra_alignmask;
+ inst->alg.base.cra_priority = cipher_alg->cra_priority;
+ inst->alg.min_keysize = cipher_alg->cra_cipher.cia_min_keysize;
+ inst->alg.max_keysize = cipher_alg->cra_cipher.cia_max_keysize;
+ inst->alg.ivsize = cipher_alg->cra_blocksize;
+
+ /* Use skcipher_ctx_simple by default, can be overridden */
+ inst->alg.base.cra_ctxsize = sizeof(struct skcipher_ctx_simple);
+ inst->alg.setkey = skcipher_setkey_simple;
+ inst->alg.init = skcipher_init_tfm_simple;
+ inst->alg.exit = skcipher_exit_tfm_simple;
+
+ *cipher_alg_ret = cipher_alg;
+ return inst;
+
+err_free_inst:
+ kfree(inst);
+err_put_cipher_alg:
+ crypto_mod_put(cipher_alg);
+ return ERR_PTR(err);
+}
+EXPORT_SYMBOL_GPL(skcipher_alloc_instance_simple);
+
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("Symmetric key cipher type");
diff --git a/crypto/sm3_generic.c b/crypto/sm3_generic.c
index 9a5c60f..3468975 100644
--- a/crypto/sm3_generic.c
+++ b/crypto/sm3_generic.c
@@ -1,21 +1,10 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* SM3 secure hash, as specified by OSCCA GM/T 0004-2012 SM3 and
* described at https://tools.ietf.org/html/draft-shen-sm3-hash-01
*
* Copyright (C) 2017 ARM Limited or its affiliates.
* Written by Gilad Ben-Yossef <gilad@benyossef.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include <crypto/internal/hash.h>
@@ -100,7 +89,7 @@
for (i = 0; i <= 63; i++) {
- ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i)), 7);
+ ss1 = rol32((rol32(a, 12) + e + rol32(t(i), i & 31)), 7);
ss2 = ss1 ^ rol32(a, 12);
@@ -199,7 +188,7 @@
crypto_unregister_shash(&sm3_alg);
}
-module_init(sm3_generic_mod_init);
+subsys_initcall(sm3_generic_mod_init);
module_exit(sm3_generic_mod_fini);
MODULE_LICENSE("GPL v2");
diff --git a/crypto/sm4_generic.c b/crypto/sm4_generic.c
index c18eebf..71ffb34 100644
--- a/crypto/sm4_generic.c
+++ b/crypto/sm4_generic.c
@@ -237,7 +237,7 @@
crypto_unregister_alg(&sm4_alg);
}
-module_init(sm4_init);
+subsys_initcall(sm4_init);
module_exit(sm4_fini);
MODULE_DESCRIPTION("SM4 Cipher Algorithm");
diff --git a/crypto/streebog_generic.c b/crypto/streebog_generic.c
new file mode 100644
index 0000000..dc625ff
--- /dev/null
+++ b/crypto/streebog_generic.c
@@ -0,0 +1,1095 @@
+// SPDX-License-Identifier: GPL-2.0+ OR BSD-2-Clause
+/*
+ * Streebog hash function as specified by GOST R 34.11-2012 and
+ * described at https://tools.ietf.org/html/rfc6986
+ *
+ * Copyright (c) 2013 Alexey Degtyarev <alexey@renatasystems.org>
+ * Copyright (c) 2018 Vitaly Chikunov <vt@altlinux.org>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ */
+
+#include <crypto/internal/hash.h>
+#include <linux/module.h>
+#include <linux/crypto.h>
+#include <crypto/streebog.h>
+
+static const struct streebog_uint512 buffer0 = { {
+ 0, 0, 0, 0, 0, 0, 0, 0
+} };
+
+static const struct streebog_uint512 buffer512 = { {
+ cpu_to_le64(0x200), 0, 0, 0, 0, 0, 0, 0
+} };
+
+static const struct streebog_uint512 C[12] = {
+ { {
+ cpu_to_le64(0xdd806559f2a64507ULL),
+ cpu_to_le64(0x05767436cc744d23ULL),
+ cpu_to_le64(0xa2422a08a460d315ULL),
+ cpu_to_le64(0x4b7ce09192676901ULL),
+ cpu_to_le64(0x714eb88d7585c4fcULL),
+ cpu_to_le64(0x2f6a76432e45d016ULL),
+ cpu_to_le64(0xebcb2f81c0657c1fULL),
+ cpu_to_le64(0xb1085bda1ecadae9ULL)
+ } },
+ { {
+ cpu_to_le64(0xe679047021b19bb7ULL),
+ cpu_to_le64(0x55dda21bd7cbcd56ULL),
+ cpu_to_le64(0x5cb561c2db0aa7caULL),
+ cpu_to_le64(0x9ab5176b12d69958ULL),
+ cpu_to_le64(0x61d55e0f16b50131ULL),
+ cpu_to_le64(0xf3feea720a232b98ULL),
+ cpu_to_le64(0x4fe39d460f70b5d7ULL),
+ cpu_to_le64(0x6fa3b58aa99d2f1aULL)
+ } },
+ { {
+ cpu_to_le64(0x991e96f50aba0ab2ULL),
+ cpu_to_le64(0xc2b6f443867adb31ULL),
+ cpu_to_le64(0xc1c93a376062db09ULL),
+ cpu_to_le64(0xd3e20fe490359eb1ULL),
+ cpu_to_le64(0xf2ea7514b1297b7bULL),
+ cpu_to_le64(0x06f15e5f529c1f8bULL),
+ cpu_to_le64(0x0a39fc286a3d8435ULL),
+ cpu_to_le64(0xf574dcac2bce2fc7ULL)
+ } },
+ { {
+ cpu_to_le64(0x220cbebc84e3d12eULL),
+ cpu_to_le64(0x3453eaa193e837f1ULL),
+ cpu_to_le64(0xd8b71333935203beULL),
+ cpu_to_le64(0xa9d72c82ed03d675ULL),
+ cpu_to_le64(0x9d721cad685e353fULL),
+ cpu_to_le64(0x488e857e335c3c7dULL),
+ cpu_to_le64(0xf948e1a05d71e4ddULL),
+ cpu_to_le64(0xef1fdfb3e81566d2ULL)
+ } },
+ { {
+ cpu_to_le64(0x601758fd7c6cfe57ULL),
+ cpu_to_le64(0x7a56a27ea9ea63f5ULL),
+ cpu_to_le64(0xdfff00b723271a16ULL),
+ cpu_to_le64(0xbfcd1747253af5a3ULL),
+ cpu_to_le64(0x359e35d7800fffbdULL),
+ cpu_to_le64(0x7f151c1f1686104aULL),
+ cpu_to_le64(0x9a3f410c6ca92363ULL),
+ cpu_to_le64(0x4bea6bacad474799ULL)
+ } },
+ { {
+ cpu_to_le64(0xfa68407a46647d6eULL),
+ cpu_to_le64(0xbf71c57236904f35ULL),
+ cpu_to_le64(0x0af21f66c2bec6b6ULL),
+ cpu_to_le64(0xcffaa6b71c9ab7b4ULL),
+ cpu_to_le64(0x187f9ab49af08ec6ULL),
+ cpu_to_le64(0x2d66c4f95142a46cULL),
+ cpu_to_le64(0x6fa4c33b7a3039c0ULL),
+ cpu_to_le64(0xae4faeae1d3ad3d9ULL)
+ } },
+ { {
+ cpu_to_le64(0x8886564d3a14d493ULL),
+ cpu_to_le64(0x3517454ca23c4af3ULL),
+ cpu_to_le64(0x06476983284a0504ULL),
+ cpu_to_le64(0x0992abc52d822c37ULL),
+ cpu_to_le64(0xd3473e33197a93c9ULL),
+ cpu_to_le64(0x399ec6c7e6bf87c9ULL),
+ cpu_to_le64(0x51ac86febf240954ULL),
+ cpu_to_le64(0xf4c70e16eeaac5ecULL)
+ } },
+ { {
+ cpu_to_le64(0xa47f0dd4bf02e71eULL),
+ cpu_to_le64(0x36acc2355951a8d9ULL),
+ cpu_to_le64(0x69d18d2bd1a5c42fULL),
+ cpu_to_le64(0xf4892bcb929b0690ULL),
+ cpu_to_le64(0x89b4443b4ddbc49aULL),
+ cpu_to_le64(0x4eb7f8719c36de1eULL),
+ cpu_to_le64(0x03e7aa020c6e4141ULL),
+ cpu_to_le64(0x9b1f5b424d93c9a7ULL)
+ } },
+ { {
+ cpu_to_le64(0x7261445183235adbULL),
+ cpu_to_le64(0x0e38dc92cb1f2a60ULL),
+ cpu_to_le64(0x7b2b8a9aa6079c54ULL),
+ cpu_to_le64(0x800a440bdbb2ceb1ULL),
+ cpu_to_le64(0x3cd955b7e00d0984ULL),
+ cpu_to_le64(0x3a7d3a1b25894224ULL),
+ cpu_to_le64(0x944c9ad8ec165fdeULL),
+ cpu_to_le64(0x378f5a541631229bULL)
+ } },
+ { {
+ cpu_to_le64(0x74b4c7fb98459cedULL),
+ cpu_to_le64(0x3698fad1153bb6c3ULL),
+ cpu_to_le64(0x7a1e6c303b7652f4ULL),
+ cpu_to_le64(0x9fe76702af69334bULL),
+ cpu_to_le64(0x1fffe18a1b336103ULL),
+ cpu_to_le64(0x8941e71cff8a78dbULL),
+ cpu_to_le64(0x382ae548b2e4f3f3ULL),
+ cpu_to_le64(0xabbedea680056f52ULL)
+ } },
+ { {
+ cpu_to_le64(0x6bcaa4cd81f32d1bULL),
+ cpu_to_le64(0xdea2594ac06fd85dULL),
+ cpu_to_le64(0xefbacd1d7d476e98ULL),
+ cpu_to_le64(0x8a1d71efea48b9caULL),
+ cpu_to_le64(0x2001802114846679ULL),
+ cpu_to_le64(0xd8fa6bbbebab0761ULL),
+ cpu_to_le64(0x3002c6cd635afe94ULL),
+ cpu_to_le64(0x7bcd9ed0efc889fbULL)
+ } },
+ { {
+ cpu_to_le64(0x48bc924af11bd720ULL),
+ cpu_to_le64(0xfaf417d5d9b21b99ULL),
+ cpu_to_le64(0xe71da4aa88e12852ULL),
+ cpu_to_le64(0x5d80ef9d1891cc86ULL),
+ cpu_to_le64(0xf82012d430219f9bULL),
+ cpu_to_le64(0xcda43c32bcdf1d77ULL),
+ cpu_to_le64(0xd21380b00449b17aULL),
+ cpu_to_le64(0x378ee767f11631baULL)
+ } }
+};
+
+static const unsigned long long Ax[8][256] = {
+ {
+ 0xd01f715b5c7ef8e6ULL, 0x16fa240980778325ULL, 0xa8a42e857ee049c8ULL,
+ 0x6ac1068fa186465bULL, 0x6e417bd7a2e9320bULL, 0x665c8167a437daabULL,
+ 0x7666681aa89617f6ULL, 0x4b959163700bdcf5ULL, 0xf14be6b78df36248ULL,
+ 0xc585bd689a625cffULL, 0x9557d7fca67d82cbULL, 0x89f0b969af6dd366ULL,
+ 0xb0833d48749f6c35ULL, 0xa1998c23b1ecbc7cULL, 0x8d70c431ac02a736ULL,
+ 0xd6dfbc2fd0a8b69eULL, 0x37aeb3e551fa198bULL, 0x0b7d128a40b5cf9cULL,
+ 0x5a8f2008b5780cbcULL, 0xedec882284e333e5ULL, 0xd25fc177d3c7c2ceULL,
+ 0x5e0f5d50b61778ecULL, 0x1d873683c0c24cb9ULL, 0xad040bcbb45d208cULL,
+ 0x2f89a0285b853c76ULL, 0x5732fff6791b8d58ULL, 0x3e9311439ef6ec3fULL,
+ 0xc9183a809fd3c00fULL, 0x83adf3f5260a01eeULL, 0xa6791941f4e8ef10ULL,
+ 0x103ae97d0ca1cd5dULL, 0x2ce948121dee1b4aULL, 0x39738421dbf2bf53ULL,
+ 0x093da2a6cf0cf5b4ULL, 0xcd9847d89cbcb45fULL, 0xf9561c078b2d8ae8ULL,
+ 0x9c6a755a6971777fULL, 0xbc1ebaa0712ef0c5ULL, 0x72e61542abf963a6ULL,
+ 0x78bb5fde229eb12eULL, 0x14ba94250fceb90dULL, 0x844d6697630e5282ULL,
+ 0x98ea08026a1e032fULL, 0xf06bbea144217f5cULL, 0xdb6263d11ccb377aULL,
+ 0x641c314b2b8ee083ULL, 0x320e96ab9b4770cfULL, 0x1ee7deb986a96b85ULL,
+ 0xe96cf57a878c47b5ULL, 0xfdd6615f8842feb8ULL, 0xc83862965601dd1bULL,
+ 0x2ea9f83e92572162ULL, 0xf876441142ff97fcULL, 0xeb2c455608357d9dULL,
+ 0x5612a7e0b0c9904cULL, 0x6c01cbfb2d500823ULL, 0x4548a6a7fa037a2dULL,
+ 0xabc4c6bf388b6ef4ULL, 0xbade77d4fdf8bebdULL, 0x799b07c8eb4cac3aULL,
+ 0x0c9d87e805b19cf0ULL, 0xcb588aac106afa27ULL, 0xea0c1d40c1e76089ULL,
+ 0x2869354a1e816f1aULL, 0xff96d17307fbc490ULL, 0x9f0a9d602f1a5043ULL,
+ 0x96373fc6e016a5f7ULL, 0x5292dab8b3a6e41cULL, 0x9b8ae0382c752413ULL,
+ 0x4f15ec3b7364a8a5ULL, 0x3fb349555724f12bULL, 0xc7c50d4415db66d7ULL,
+ 0x92b7429ee379d1a7ULL, 0xd37f99611a15dfdaULL, 0x231427c05e34a086ULL,
+ 0xa439a96d7b51d538ULL, 0xb403401077f01865ULL, 0xdda2aea5901d7902ULL,
+ 0x0a5d4a9c8967d288ULL, 0xc265280adf660f93ULL, 0x8bb0094520d4e94eULL,
+ 0x2a29856691385532ULL, 0x42a833c5bf072941ULL, 0x73c64d54622b7eb2ULL,
+ 0x07e095624504536cULL, 0x8a905153e906f45aULL, 0x6f6123c16b3b2f1fULL,
+ 0xc6e55552dc097bc3ULL, 0x4468feb133d16739ULL, 0xe211e7f0c7398829ULL,
+ 0xa2f96419f7879b40ULL, 0x19074bdbc3ad38e9ULL, 0xf4ebc3f9474e0b0cULL,
+ 0x43886bd376d53455ULL, 0xd8028beb5aa01046ULL, 0x51f23282f5cdc320ULL,
+ 0xe7b1c2be0d84e16dULL, 0x081dfab006dee8a0ULL, 0x3b33340d544b857bULL,
+ 0x7f5bcabc679ae242ULL, 0x0edd37c48a08a6d8ULL, 0x81ed43d9a9b33bc6ULL,
+ 0xb1a3655ebd4d7121ULL, 0x69a1eeb5e7ed6167ULL, 0xf6ab73d5c8f73124ULL,
+ 0x1a67a3e185c61fd5ULL, 0x2dc91004d43c065eULL, 0x0240b02c8fb93a28ULL,
+ 0x90f7f2b26cc0eb8fULL, 0x3cd3a16f114fd617ULL, 0xaae49ea9f15973e0ULL,
+ 0x06c0cd748cd64e78ULL, 0xda423bc7d5192a6eULL, 0xc345701c16b41287ULL,
+ 0x6d2193ede4821537ULL, 0xfcf639494190e3acULL, 0x7c3b228621f1c57eULL,
+ 0xfb16ac2b0494b0c0ULL, 0xbf7e529a3745d7f9ULL, 0x6881b6a32e3f7c73ULL,
+ 0xca78d2bad9b8e733ULL, 0xbbfe2fc2342aa3a9ULL, 0x0dbddffecc6381e4ULL,
+ 0x70a6a56e2440598eULL, 0xe4d12a844befc651ULL, 0x8c509c2765d0ba22ULL,
+ 0xee8c6018c28814d9ULL, 0x17da7c1f49a59e31ULL, 0x609c4c1328e194d3ULL,
+ 0xb3e3d57232f44b09ULL, 0x91d7aaa4a512f69bULL, 0x0ffd6fd243dabbccULL,
+ 0x50d26a943c1fde34ULL, 0x6be15e9968545b4fULL, 0x94778fea6faf9fdfULL,
+ 0x2b09dd7058ea4826ULL, 0x677cd9716de5c7bfULL, 0x49d5214fffb2e6ddULL,
+ 0x0360e83a466b273cULL, 0x1fc786af4f7b7691ULL, 0xa0b9d435783ea168ULL,
+ 0xd49f0c035f118cb6ULL, 0x01205816c9d21d14ULL, 0xac2453dd7d8f3d98ULL,
+ 0x545217cc3f70aa64ULL, 0x26b4028e9489c9c2ULL, 0xdec2469fd6765e3eULL,
+ 0x04807d58036f7450ULL, 0xe5f17292823ddb45ULL, 0xf30b569b024a5860ULL,
+ 0x62dcfc3fa758aefbULL, 0xe84cad6c4e5e5aa1ULL, 0xccb81fce556ea94bULL,
+ 0x53b282ae7a74f908ULL, 0x1b47fbf74c1402c1ULL, 0x368eebf39828049fULL,
+ 0x7afbeff2ad278b06ULL, 0xbe5e0a8cfe97caedULL, 0xcfd8f7f413058e77ULL,
+ 0xf78b2bc301252c30ULL, 0x4d555c17fcdd928dULL, 0x5f2f05467fc565f8ULL,
+ 0x24f4b2a21b30f3eaULL, 0x860dd6bbecb768aaULL, 0x4c750401350f8f99ULL,
+ 0x0000000000000000ULL, 0xecccd0344d312ef1ULL, 0xb5231806be220571ULL,
+ 0xc105c030990d28afULL, 0x653c695de25cfd97ULL, 0x159acc33c61ca419ULL,
+ 0xb89ec7f872418495ULL, 0xa9847693b73254dcULL, 0x58cf90243ac13694ULL,
+ 0x59efc832f3132b80ULL, 0x5c4fed7c39ae42c4ULL, 0x828dabe3efd81cfaULL,
+ 0xd13f294d95ace5f2ULL, 0x7d1b7a90e823d86aULL, 0xb643f03cf849224dULL,
+ 0x3df3f979d89dcb03ULL, 0x7426d836272f2ddeULL, 0xdfe21e891fa4432aULL,
+ 0x3a136c1b9d99986fULL, 0xfa36f43dcd46add4ULL, 0xc025982650df35bbULL,
+ 0x856d3e81aadc4f96ULL, 0xc4a5e57e53b041ebULL, 0x4708168b75ba4005ULL,
+ 0xaf44bbe73be41aa4ULL, 0x971767d029c4b8e3ULL, 0xb9be9feebb939981ULL,
+ 0x215497ecd18d9aaeULL, 0x316e7e91dd2c57f3ULL, 0xcef8afe2dad79363ULL,
+ 0x3853dc371220a247ULL, 0x35ee03c9de4323a3ULL, 0xe6919aa8c456fc79ULL,
+ 0xe05157dc4880b201ULL, 0x7bdbb7e464f59612ULL, 0x127a59518318f775ULL,
+ 0x332ecebd52956ddbULL, 0x8f30741d23bb9d1eULL, 0xd922d3fd93720d52ULL,
+ 0x7746300c61440ae2ULL, 0x25d4eab4d2e2eefeULL, 0x75068020eefd30caULL,
+ 0x135a01474acaea61ULL, 0x304e268714fe4ae7ULL, 0xa519f17bb283c82cULL,
+ 0xdc82f6b359cf6416ULL, 0x5baf781e7caa11a8ULL, 0xb2c38d64fb26561dULL,
+ 0x34ce5bdf17913eb7ULL, 0x5d6fb56af07c5fd0ULL, 0x182713cd0a7f25fdULL,
+ 0x9e2ac576e6c84d57ULL, 0x9aaab82ee5a73907ULL, 0xa3d93c0f3e558654ULL,
+ 0x7e7b92aaae48ff56ULL, 0x872d8ead256575beULL, 0x41c8dbfff96c0e7dULL,
+ 0x99ca5014a3cc1e3bULL, 0x40e883e930be1369ULL, 0x1ca76e95091051adULL,
+ 0x4e35b42dbab6b5b1ULL, 0x05a0254ecabd6944ULL, 0xe1710fca8152af15ULL,
+ 0xf22b0e8dcb984574ULL, 0xb763a82a319b3f59ULL, 0x63fca4296e8ab3efULL,
+ 0x9d4a2d4ca0a36a6bULL, 0xe331bfe60eeb953dULL, 0xd5bf541596c391a2ULL,
+ 0xf5cb9bef8e9c1618ULL, 0x46284e9dbc685d11ULL, 0x2074cffa185f87baULL,
+ 0xbd3ee2b6b8fcedd1ULL, 0xae64e3f1f23607b0ULL, 0xfeb68965ce29d984ULL,
+ 0x55724fdaf6a2b770ULL, 0x29496d5cd753720eULL, 0xa75941573d3af204ULL,
+ 0x8e102c0bea69800aULL, 0x111ab16bc573d049ULL, 0xd7ffe439197aab8aULL,
+ 0xefac380e0b5a09cdULL, 0x48f579593660fbc9ULL, 0x22347fd697e6bd92ULL,
+ 0x61bc1405e13389c7ULL, 0x4ab5c975b9d9c1e1ULL, 0x80cd1bcf606126d2ULL,
+ 0x7186fd78ed92449aULL, 0x93971a882aabccb3ULL, 0x88d0e17f66bfce72ULL,
+ 0x27945a985d5bd4d6ULL
+ }, {
+ 0xde553f8c05a811c8ULL, 0x1906b59631b4f565ULL, 0x436e70d6b1964ff7ULL,
+ 0x36d343cb8b1e9d85ULL, 0x843dfacc858aab5aULL, 0xfdfc95c299bfc7f9ULL,
+ 0x0f634bdea1d51fa2ULL, 0x6d458b3b76efb3cdULL, 0x85c3f77cf8593f80ULL,
+ 0x3c91315fbe737cb2ULL, 0x2148b03366ace398ULL, 0x18f8b8264c6761bfULL,
+ 0xc830c1c495c9fb0fULL, 0x981a76102086a0aaULL, 0xaa16012142f35760ULL,
+ 0x35cc54060c763cf6ULL, 0x42907d66cc45db2dULL, 0x8203d44b965af4bcULL,
+ 0x3d6f3cefc3a0e868ULL, 0xbc73ff69d292bda7ULL, 0x8722ed0102e20a29ULL,
+ 0x8f8185e8cd34deb7ULL, 0x9b0561dda7ee01d9ULL, 0x5335a0193227fad6ULL,
+ 0xc9cecc74e81a6fd5ULL, 0x54f5832e5c2431eaULL, 0x99e47ba05d553470ULL,
+ 0xf7bee756acd226ceULL, 0x384e05a5571816fdULL, 0xd1367452a47d0e6aULL,
+ 0xf29fde1c386ad85bULL, 0x320c77316275f7caULL, 0xd0c879e2d9ae9ab0ULL,
+ 0xdb7406c69110ef5dULL, 0x45505e51a2461011ULL, 0xfc029872e46c5323ULL,
+ 0xfa3cb6f5f7bc0cc5ULL, 0x031f17cd8768a173ULL, 0xbd8df2d9af41297dULL,
+ 0x9d3b4f5ab43e5e3fULL, 0x4071671b36feee84ULL, 0x716207e7d3e3b83dULL,
+ 0x48d20ff2f9283a1aULL, 0x27769eb4757cbc7eULL, 0x5c56ebc793f2e574ULL,
+ 0xa48b474f9ef5dc18ULL, 0x52cbada94ff46e0cULL, 0x60c7da982d8199c6ULL,
+ 0x0e9d466edc068b78ULL, 0x4eec2175eaf865fcULL, 0x550b8e9e21f7a530ULL,
+ 0x6b7ba5bc653fec2bULL, 0x5eb7f1ba6949d0ddULL, 0x57ea94e3db4c9099ULL,
+ 0xf640eae6d101b214ULL, 0xdd4a284182c0b0bbULL, 0xff1d8fbf6304f250ULL,
+ 0xb8accb933bf9d7e8ULL, 0xe8867c478eb68c4dULL, 0x3f8e2692391bddc1ULL,
+ 0xcb2fd60912a15a7cULL, 0xaec935dbab983d2fULL, 0xf55ffd2b56691367ULL,
+ 0x80e2ce366ce1c115ULL, 0x179bf3f8edb27e1dULL, 0x01fe0db07dd394daULL,
+ 0xda8a0b76ecc37b87ULL, 0x44ae53e1df9584cbULL, 0xb310b4b77347a205ULL,
+ 0xdfab323c787b8512ULL, 0x3b511268d070b78eULL, 0x65e6e3d2b9396753ULL,
+ 0x6864b271e2574d58ULL, 0x259784c98fc789d7ULL, 0x02e11a7dfabb35a9ULL,
+ 0x8841a6dfa337158bULL, 0x7ade78c39b5dcdd0ULL, 0xb7cf804d9a2cc84aULL,
+ 0x20b6bd831b7f7742ULL, 0x75bd331d3a88d272ULL, 0x418f6aab4b2d7a5eULL,
+ 0xd9951cbb6babdaf4ULL, 0xb6318dfde7ff5c90ULL, 0x1f389b112264aa83ULL,
+ 0x492c024284fbaec0ULL, 0xe33a0363c608f9a0ULL, 0x2688930408af28a4ULL,
+ 0xc7538a1a341ce4adULL, 0x5da8e677ee2171aeULL, 0x8c9e92254a5c7fc4ULL,
+ 0x63d8cd55aae938b5ULL, 0x29ebd8daa97a3706ULL, 0x959827b37be88aa1ULL,
+ 0x1484e4356adadf6eULL, 0xa7945082199d7d6bULL, 0xbf6ce8a455fa1cd4ULL,
+ 0x9cc542eac9edcae5ULL, 0x79c16f0e1c356ca3ULL, 0x89bfab6fdee48151ULL,
+ 0xd4174d1830c5f0ffULL, 0x9258048415eb419dULL, 0x6139d72850520d1cULL,
+ 0x6a85a80c18ec78f1ULL, 0xcd11f88e0171059aULL, 0xcceff53e7ca29140ULL,
+ 0xd229639f2315af19ULL, 0x90b91ef9ef507434ULL, 0x5977d28d074a1be1ULL,
+ 0x311360fce51d56b9ULL, 0xc093a92d5a1f2f91ULL, 0x1a19a25bb6dc5416ULL,
+ 0xeb996b8a09de2d3eULL, 0xfee3820f1ed7668aULL, 0xd7085ad5b7ad518cULL,
+ 0x7fff41890fe53345ULL, 0xec5948bd67dde602ULL, 0x2fd5f65dbaaa68e0ULL,
+ 0xa5754affe32648c2ULL, 0xf8ddac880d07396cULL, 0x6fa491468c548664ULL,
+ 0x0c7c5c1326bdbed1ULL, 0x4a33158f03930fb3ULL, 0x699abfc19f84d982ULL,
+ 0xe4fa2054a80b329cULL, 0x6707f9af438252faULL, 0x08a368e9cfd6d49eULL,
+ 0x47b1442c58fd25b8ULL, 0xbbb3dc5ebc91769bULL, 0x1665fe489061eac7ULL,
+ 0x33f27a811fa66310ULL, 0x93a609346838d547ULL, 0x30ed6d4c98cec263ULL,
+ 0x1dd9816cd8df9f2aULL, 0x94662a03063b1e7bULL, 0x83fdd9fbeb896066ULL,
+ 0x7b207573e68e590aULL, 0x5f49fc0a149a4407ULL, 0x343259b671a5a82cULL,
+ 0xfbc2bb458a6f981fULL, 0xc272b350a0a41a38ULL, 0x3aaf1fd8ada32354ULL,
+ 0x6cbb868b0b3c2717ULL, 0xa2b569c88d2583feULL, 0xf180c9d1bf027928ULL,
+ 0xaf37386bd64ba9f5ULL, 0x12bacab2790a8088ULL, 0x4c0d3b0810435055ULL,
+ 0xb2eeb9070e9436dfULL, 0xc5b29067cea7d104ULL, 0xdcb425f1ff132461ULL,
+ 0x4f122cc5972bf126ULL, 0xac282fa651230886ULL, 0xe7e537992f6393efULL,
+ 0xe61b3a2952b00735ULL, 0x709c0a57ae302ce7ULL, 0xe02514ae416058d3ULL,
+ 0xc44c9dd7b37445deULL, 0x5a68c5408022ba92ULL, 0x1c278cdca50c0bf0ULL,
+ 0x6e5a9cf6f18712beULL, 0x86dce0b17f319ef3ULL, 0x2d34ec2040115d49ULL,
+ 0x4bcd183f7e409b69ULL, 0x2815d56ad4a9a3dcULL, 0x24698979f2141d0dULL,
+ 0x0000000000000000ULL, 0x1ec696a15fb73e59ULL, 0xd86b110b16784e2eULL,
+ 0x8e7f8858b0e74a6dULL, 0x063e2e8713d05fe6ULL, 0xe2c40ed3bbdb6d7aULL,
+ 0xb1f1aeca89fc97acULL, 0xe1db191e3cb3cc09ULL, 0x6418ee62c4eaf389ULL,
+ 0xc6ad87aa49cf7077ULL, 0xd6f65765ca7ec556ULL, 0x9afb6c6dda3d9503ULL,
+ 0x7ce05644888d9236ULL, 0x8d609f95378feb1eULL, 0x23a9aa4e9c17d631ULL,
+ 0x6226c0e5d73aac6fULL, 0x56149953a69f0443ULL, 0xeeb852c09d66d3abULL,
+ 0x2b0ac2a753c102afULL, 0x07c023376e03cb3cULL, 0x2ccae1903dc2c993ULL,
+ 0xd3d76e2f5ec63bc3ULL, 0x9e2458973356ff4cULL, 0xa66a5d32644ee9b1ULL,
+ 0x0a427294356de137ULL, 0x783f62be61e6f879ULL, 0x1344c70204d91452ULL,
+ 0x5b96c8f0fdf12e48ULL, 0xa90916ecc59bf613ULL, 0xbe92e5142829880eULL,
+ 0x727d102a548b194eULL, 0x1be7afebcb0fc0ccULL, 0x3e702b2244c8491bULL,
+ 0xd5e940a84d166425ULL, 0x66f9f41f3e51c620ULL, 0xabe80c913f20c3baULL,
+ 0xf07ec461c2d1edf2ULL, 0xf361d3ac45b94c81ULL, 0x0521394a94b8fe95ULL,
+ 0xadd622162cf09c5cULL, 0xe97871f7f3651897ULL, 0xf4a1f09b2bba87bdULL,
+ 0x095d6559b2054044ULL, 0x0bbc7f2448be75edULL, 0x2af4cf172e129675ULL,
+ 0x157ae98517094bb4ULL, 0x9fda55274e856b96ULL, 0x914713499283e0eeULL,
+ 0xb952c623462a4332ULL, 0x74433ead475b46a8ULL, 0x8b5eb112245fb4f8ULL,
+ 0xa34b6478f0f61724ULL, 0x11a5dd7ffe6221fbULL, 0xc16da49d27ccbb4bULL,
+ 0x76a224d0bde07301ULL, 0x8aa0bca2598c2022ULL, 0x4df336b86d90c48fULL,
+ 0xea67663a740db9e4ULL, 0xef465f70e0b54771ULL, 0x39b008152acb8227ULL,
+ 0x7d1e5bf4f55e06ecULL, 0x105bd0cf83b1b521ULL, 0x775c2960c033e7dbULL,
+ 0x7e014c397236a79fULL, 0x811cc386113255cfULL, 0xeda7450d1a0e72d8ULL,
+ 0x5889df3d7a998f3bULL, 0x2e2bfbedc779fc3aULL, 0xce0eef438619a4e9ULL,
+ 0x372d4e7bf6cd095fULL, 0x04df34fae96b6a4fULL, 0xf923a13870d4adb6ULL,
+ 0xa1aa7e050a4d228dULL, 0xa8f71b5cb84862c9ULL, 0xb52e9a306097fde3ULL,
+ 0x0d8251a35b6e2a0bULL, 0x2257a7fee1c442ebULL, 0x73831d9a29588d94ULL,
+ 0x51d4ba64c89ccf7fULL, 0x502ab7d4b54f5ba5ULL, 0x97793dce8153bf08ULL,
+ 0xe5042de4d5d8a646ULL, 0x9687307efc802bd2ULL, 0xa05473b5779eb657ULL,
+ 0xb4d097801d446939ULL, 0xcff0e2f3fbca3033ULL, 0xc38cbee0dd778ee2ULL,
+ 0x464f499c252eb162ULL, 0xcad1dbb96f72cea6ULL, 0xba4dd1eec142e241ULL,
+ 0xb00fa37af42f0376ULL
+ }, {
+ 0xcce4cd3aa968b245ULL, 0x089d5484e80b7fafULL, 0x638246c1b3548304ULL,
+ 0xd2fe0ec8c2355492ULL, 0xa7fbdf7ff2374eeeULL, 0x4df1600c92337a16ULL,
+ 0x84e503ea523b12fbULL, 0x0790bbfd53ab0c4aULL, 0x198a780f38f6ea9dULL,
+ 0x2ab30c8f55ec48cbULL, 0xe0f7fed6b2c49db5ULL, 0xb6ecf3f422cadbdcULL,
+ 0x409c9a541358df11ULL, 0xd3ce8a56dfde3fe3ULL, 0xc3e9224312c8c1a0ULL,
+ 0x0d6dfa58816ba507ULL, 0xddf3e1b179952777ULL, 0x04c02a42748bb1d9ULL,
+ 0x94c2abff9f2decb8ULL, 0x4f91752da8f8acf4ULL, 0x78682befb169bf7bULL,
+ 0xe1c77a48af2ff6c4ULL, 0x0c5d7ec69c80ce76ULL, 0x4cc1e4928fd81167ULL,
+ 0xfeed3d24d9997b62ULL, 0x518bb6dfc3a54a23ULL, 0x6dbf2d26151f9b90ULL,
+ 0xb5bc624b05ea664fULL, 0xe86aaa525acfe21aULL, 0x4801ced0fb53a0beULL,
+ 0xc91463e6c00868edULL, 0x1027a815cd16fe43ULL, 0xf67069a0319204cdULL,
+ 0xb04ccc976c8abce7ULL, 0xc0b9b3fc35e87c33ULL, 0xf380c77c58f2de65ULL,
+ 0x50bb3241de4e2152ULL, 0xdf93f490435ef195ULL, 0xf1e0d25d62390887ULL,
+ 0xaf668bfb1a3c3141ULL, 0xbc11b251f00a7291ULL, 0x73a5eed47e427d47ULL,
+ 0x25bee3f6ee4c3b2eULL, 0x43cc0beb34786282ULL, 0xc824e778dde3039cULL,
+ 0xf97d86d98a327728ULL, 0xf2b043e24519b514ULL, 0xe297ebf7880f4b57ULL,
+ 0x3a94a49a98fab688ULL, 0x868516cb68f0c419ULL, 0xeffa11af0964ee50ULL,
+ 0xa4ab4ec0d517f37dULL, 0xa9c6b498547c567aULL, 0x8e18424f80fbbbb6ULL,
+ 0x0bcdc53bcf2bc23cULL, 0x137739aaea3643d0ULL, 0x2c1333ec1bac2ff0ULL,
+ 0x8d48d3f0a7db0625ULL, 0x1e1ac3f26b5de6d7ULL, 0xf520f81f16b2b95eULL,
+ 0x9f0f6ec450062e84ULL, 0x0130849e1deb6b71ULL, 0xd45e31ab8c7533a9ULL,
+ 0x652279a2fd14e43fULL, 0x3209f01e70f1c927ULL, 0xbe71a770cac1a473ULL,
+ 0x0e3d6be7a64b1894ULL, 0x7ec8148cff29d840ULL, 0xcb7476c7fac3be0fULL,
+ 0x72956a4a63a91636ULL, 0x37f95ec21991138fULL, 0x9e3fea5a4ded45f5ULL,
+ 0x7b38ba50964902e8ULL, 0x222e580bbde73764ULL, 0x61e253e0899f55e6ULL,
+ 0xfc8d2805e352ad80ULL, 0x35994be3235ac56dULL, 0x09add01af5e014deULL,
+ 0x5e8659a6780539c6ULL, 0xb17c48097161d796ULL, 0x026015213acbd6e2ULL,
+ 0xd1ae9f77e515e901ULL, 0xb7dc776a3f21b0adULL, 0xaba6a1b96eb78098ULL,
+ 0x9bcf4486248d9f5dULL, 0x582666c536455efdULL, 0xfdbdac9bfeb9c6f1ULL,
+ 0xc47999be4163cdeaULL, 0x765540081722a7efULL, 0x3e548ed8ec710751ULL,
+ 0x3d041f67cb51bac2ULL, 0x7958af71ac82d40aULL, 0x36c9da5c047a78feULL,
+ 0xed9a048e33af38b2ULL, 0x26ee7249c96c86bdULL, 0x900281bdeba65d61ULL,
+ 0x11172c8bd0fd9532ULL, 0xea0abf73600434f8ULL, 0x42fc8f75299309f3ULL,
+ 0x34a9cf7d3eb1ae1cULL, 0x2b838811480723baULL, 0x5ce64c8742ceef24ULL,
+ 0x1adae9b01fd6570eULL, 0x3c349bf9d6bad1b3ULL, 0x82453c891c7b75c0ULL,
+ 0x97923a40b80d512bULL, 0x4a61dbf1c198765cULL, 0xb48ce6d518010d3eULL,
+ 0xcfb45c858e480fd6ULL, 0xd933cbf30d1e96aeULL, 0xd70ea014ab558e3aULL,
+ 0xc189376228031742ULL, 0x9262949cd16d8b83ULL, 0xeb3a3bed7def5f89ULL,
+ 0x49314a4ee6b8cbcfULL, 0xdcc3652f647e4c06ULL, 0xda635a4c2a3e2b3dULL,
+ 0x470c21a940f3d35bULL, 0x315961a157d174b4ULL, 0x6672e81dda3459acULL,
+ 0x5b76f77a1165e36eULL, 0x445cb01667d36ec8ULL, 0xc5491d205c88a69bULL,
+ 0x456c34887a3805b9ULL, 0xffddb9bac4721013ULL, 0x99af51a71e4649bfULL,
+ 0xa15be01cbc7729d5ULL, 0x52db2760e485f7b0ULL, 0x8c78576eba306d54ULL,
+ 0xae560f6507d75a30ULL, 0x95f22f6182c687c9ULL, 0x71c5fbf54489aba5ULL,
+ 0xca44f259e728d57eULL, 0x88b87d2ccebbdc8dULL, 0xbab18d32be4a15aaULL,
+ 0x8be8ec93e99b611eULL, 0x17b713e89ebdf209ULL, 0xb31c5d284baa0174ULL,
+ 0xeeca9531148f8521ULL, 0xb8d198138481c348ULL, 0x8988f9b2d350b7fcULL,
+ 0xb9e11c8d996aa839ULL, 0x5a4673e40c8e881fULL, 0x1687977683569978ULL,
+ 0xbf4123eed72acf02ULL, 0x4ea1f1b3b513c785ULL, 0xe767452be16f91ffULL,
+ 0x7505d1b730021a7cULL, 0xa59bca5ec8fc980cULL, 0xad069eda20f7e7a3ULL,
+ 0x38f4b1bba231606aULL, 0x60d2d77e94743e97ULL, 0x9affc0183966f42cULL,
+ 0x248e6768f3a7505fULL, 0xcdd449a4b483d934ULL, 0x87b59255751baf68ULL,
+ 0x1bea6d2e023d3c7fULL, 0x6b1f12455b5ffcabULL, 0x743555292de9710dULL,
+ 0xd8034f6d10f5fddfULL, 0xc6198c9f7ba81b08ULL, 0xbb8109aca3a17edbULL,
+ 0xfa2d1766ad12cabbULL, 0xc729080166437079ULL, 0x9c5fff7b77269317ULL,
+ 0x0000000000000000ULL, 0x15d706c9a47624ebULL, 0x6fdf38072fd44d72ULL,
+ 0x5fb6dd3865ee52b7ULL, 0xa33bf53d86bcff37ULL, 0xe657c1b5fc84fa8eULL,
+ 0xaa962527735cebe9ULL, 0x39c43525bfda0b1bULL, 0x204e4d2a872ce186ULL,
+ 0x7a083ece8ba26999ULL, 0x554b9c9db72efbfaULL, 0xb22cd9b656416a05ULL,
+ 0x96a2bedea5e63a5aULL, 0x802529a826b0a322ULL, 0x8115ad363b5bc853ULL,
+ 0x8375b81701901eb1ULL, 0x3069e53f4a3a1fc5ULL, 0xbd2136cfede119e0ULL,
+ 0x18bafc91251d81ecULL, 0x1d4a524d4c7d5b44ULL, 0x05f0aedc6960daa8ULL,
+ 0x29e39d3072ccf558ULL, 0x70f57f6b5962c0d4ULL, 0x989fd53903ad22ceULL,
+ 0xf84d024797d91c59ULL, 0x547b1803aac5908bULL, 0xf0d056c37fd263f6ULL,
+ 0xd56eb535919e58d8ULL, 0x1c7ad6d351963035ULL, 0x2e7326cd2167f912ULL,
+ 0xac361a443d1c8cd2ULL, 0x697f076461942a49ULL, 0x4b515f6fdc731d2dULL,
+ 0x8ad8680df4700a6fULL, 0x41ac1eca0eb3b460ULL, 0x7d988533d80965d3ULL,
+ 0xa8f6300649973d0bULL, 0x7765c4960ac9cc9eULL, 0x7ca801adc5e20ea2ULL,
+ 0xdea3700e5eb59ae4ULL, 0xa06b6482a19c42a4ULL, 0x6a2f96db46b497daULL,
+ 0x27def6d7d487edccULL, 0x463ca5375d18b82aULL, 0xa6cb5be1efdc259fULL,
+ 0x53eba3fef96e9cc1ULL, 0xce84d81b93a364a7ULL, 0xf4107c810b59d22fULL,
+ 0x333974806d1aa256ULL, 0x0f0def79bba073e5ULL, 0x231edc95a00c5c15ULL,
+ 0xe437d494c64f2c6cULL, 0x91320523f64d3610ULL, 0x67426c83c7df32ddULL,
+ 0x6eefbc99323f2603ULL, 0x9d6f7be56acdf866ULL, 0x5916e25b2bae358cULL,
+ 0x7ff89012e2c2b331ULL, 0x035091bf2720bd93ULL, 0x561b0d22900e4669ULL,
+ 0x28d319ae6f279e29ULL, 0x2f43a2533c8c9263ULL, 0xd09e1be9f8fe8270ULL,
+ 0xf740ed3e2c796fbcULL, 0xdb53ded237d5404cULL, 0x62b2c25faebfe875ULL,
+ 0x0afd41a5d2c0a94dULL, 0x6412fd3ce0ff8f4eULL, 0xe3a76f6995e42026ULL,
+ 0x6c8fa9b808f4f0e1ULL, 0xc2d9a6dd0f23aad1ULL, 0x8f28c6d19d10d0c7ULL,
+ 0x85d587744fd0798aULL, 0xa20b71a39b579446ULL, 0x684f83fa7c7f4138ULL,
+ 0xe507500adba4471dULL, 0x3f640a46f19a6c20ULL, 0x1247bd34f7dd28a1ULL,
+ 0x2d23b77206474481ULL, 0x93521002cc86e0f2ULL, 0x572b89bc8de52d18ULL,
+ 0xfb1d93f8b0f9a1caULL, 0xe95a2ecc4724896bULL, 0x3ba420048511ddf9ULL,
+ 0xd63e248ab6bee54bULL, 0x5dd6c8195f258455ULL, 0x06a03f634e40673bULL,
+ 0x1f2a476c76b68da6ULL, 0x217ec9b49ac78af7ULL, 0xecaa80102e4453c3ULL,
+ 0x14e78257b99d4f9aULL
+ }, {
+ 0x20329b2cc87bba05ULL, 0x4f5eb6f86546a531ULL, 0xd4f44775f751b6b1ULL,
+ 0x8266a47b850dfa8bULL, 0xbb986aa15a6ca985ULL, 0xc979eb08f9ae0f99ULL,
+ 0x2da6f447a2375ea1ULL, 0x1e74275dcd7d8576ULL, 0xbc20180a800bc5f8ULL,
+ 0xb4a2f701b2dc65beULL, 0xe726946f981b6d66ULL, 0x48e6c453bf21c94cULL,
+ 0x42cad9930f0a4195ULL, 0xefa47b64aacccd20ULL, 0x71180a8960409a42ULL,
+ 0x8bb3329bf6a44e0cULL, 0xd34c35de2d36daccULL, 0xa92f5b7cbc23dc96ULL,
+ 0xb31a85aa68bb09c3ULL, 0x13e04836a73161d2ULL, 0xb24dfc4129c51d02ULL,
+ 0x8ae44b70b7da5acdULL, 0xe671ed84d96579a7ULL, 0xa4bb3417d66f3832ULL,
+ 0x4572ab38d56d2de8ULL, 0xb1b47761ea47215cULL, 0xe81c09cf70aba15dULL,
+ 0xffbdb872ce7f90acULL, 0xa8782297fd5dc857ULL, 0x0d946f6b6a4ce4a4ULL,
+ 0xe4df1f4f5b995138ULL, 0x9ebc71edca8c5762ULL, 0x0a2c1dc0b02b88d9ULL,
+ 0x3b503c115d9d7b91ULL, 0xc64376a8111ec3a2ULL, 0xcec199a323c963e4ULL,
+ 0xdc76a87ec58616f7ULL, 0x09d596e073a9b487ULL, 0x14583a9d7d560dafULL,
+ 0xf4c6dc593f2a0cb4ULL, 0xdd21d19584f80236ULL, 0x4a4836983ddde1d3ULL,
+ 0xe58866a41ae745f9ULL, 0xf591a5b27e541875ULL, 0x891dc05074586693ULL,
+ 0x5b068c651810a89eULL, 0xa30346bc0c08544fULL, 0x3dbf3751c684032dULL,
+ 0x2a1e86ec785032dcULL, 0xf73f5779fca830eaULL, 0xb60c05ca30204d21ULL,
+ 0x0cc316802b32f065ULL, 0x8770241bdd96be69ULL, 0xb861e18199ee95dbULL,
+ 0xf805cad91418fcd1ULL, 0x29e70dccbbd20e82ULL, 0xc7140f435060d763ULL,
+ 0x0f3a9da0e8b0cc3bULL, 0xa2543f574d76408eULL, 0xbd7761e1c175d139ULL,
+ 0x4b1f4f737ca3f512ULL, 0x6dc2df1f2fc137abULL, 0xf1d05c3967b14856ULL,
+ 0xa742bf3715ed046cULL, 0x654030141d1697edULL, 0x07b872abda676c7dULL,
+ 0x3ce84eba87fa17ecULL, 0xc1fb0403cb79afdfULL, 0x3e46bc7105063f73ULL,
+ 0x278ae987121cd678ULL, 0xa1adb4778ef47cd0ULL, 0x26dd906c5362c2b9ULL,
+ 0x05168060589b44e2ULL, 0xfbfc41f9d79ac08fULL, 0x0e6de44ba9ced8faULL,
+ 0x9feb08068bf243a3ULL, 0x7b341749d06b129bULL, 0x229c69e74a87929aULL,
+ 0xe09ee6c4427c011bULL, 0x5692e30e725c4c3aULL, 0xda99a33e5e9f6e4bULL,
+ 0x353dd85af453a36bULL, 0x25241b4c90e0fee7ULL, 0x5de987258309d022ULL,
+ 0xe230140fc0802984ULL, 0x93281e86a0c0b3c6ULL, 0xf229d719a4337408ULL,
+ 0x6f6c2dd4ad3d1f34ULL, 0x8ea5b2fbae3f0aeeULL, 0x8331dd90c473ee4aULL,
+ 0x346aa1b1b52db7aaULL, 0xdf8f235e06042aa9ULL, 0xcc6f6b68a1354b7bULL,
+ 0x6c95a6f46ebf236aULL, 0x52d31a856bb91c19ULL, 0x1a35ded6d498d555ULL,
+ 0xf37eaef2e54d60c9ULL, 0x72e181a9a3c2a61cULL, 0x98537aad51952fdeULL,
+ 0x16f6c856ffaa2530ULL, 0xd960281e9d1d5215ULL, 0x3a0745fa1ce36f50ULL,
+ 0x0b7b642bf1559c18ULL, 0x59a87eae9aec8001ULL, 0x5e100c05408bec7cULL,
+ 0x0441f98b19e55023ULL, 0xd70dcc5534d38aefULL, 0x927f676de1bea707ULL,
+ 0x9769e70db925e3e5ULL, 0x7a636ea29115065aULL, 0x468b201816ef11b6ULL,
+ 0xab81a9b73edff409ULL, 0xc0ac7de88a07bb1eULL, 0x1f235eb68c0391b7ULL,
+ 0x6056b074458dd30fULL, 0xbe8eeac102f7ed67ULL, 0xcd381283e04b5fbaULL,
+ 0x5cbefecec277c4e3ULL, 0xd21b4c356c48ce0dULL, 0x1019c31664b35d8cULL,
+ 0x247362a7d19eea26ULL, 0xebe582efb3299d03ULL, 0x02aef2cb82fc289fULL,
+ 0x86275df09ce8aaa8ULL, 0x28b07427faac1a43ULL, 0x38a9b7319e1f47cfULL,
+ 0xc82e92e3b8d01b58ULL, 0x06ef0b409b1978bcULL, 0x62f842bfc771fb90ULL,
+ 0x9904034610eb3b1fULL, 0xded85ab5477a3e68ULL, 0x90d195a663428f98ULL,
+ 0x5384636e2ac708d8ULL, 0xcbd719c37b522706ULL, 0xae9729d76644b0ebULL,
+ 0x7c8c65e20a0c7ee6ULL, 0x80c856b007f1d214ULL, 0x8c0b40302cc32271ULL,
+ 0xdbcedad51fe17a8aULL, 0x740e8ae938dbdea0ULL, 0xa615c6dc549310adULL,
+ 0x19cc55f6171ae90bULL, 0x49b1bdb8fe5fdd8dULL, 0xed0a89af2830e5bfULL,
+ 0x6a7aadb4f5a65bd6ULL, 0x7e22972988f05679ULL, 0xf952b3325566e810ULL,
+ 0x39fecedadf61530eULL, 0x6101c99f04f3c7ceULL, 0x2e5f7f6761b562ffULL,
+ 0xf08725d226cf5c97ULL, 0x63af3b54860fef51ULL, 0x8ff2cb10ef411e2fULL,
+ 0x884ab9bb35267252ULL, 0x4df04433e7ba8daeULL, 0x9afd8866d3690741ULL,
+ 0x66b9bb34de94abb3ULL, 0x9baaf18d92171380ULL, 0x543c11c5f0a064a5ULL,
+ 0x17a1b1bdbed431f1ULL, 0xb5f58eeaf3a2717fULL, 0xc355f6c849858740ULL,
+ 0xec5df044694ef17eULL, 0xd83751f5dc6346d4ULL, 0xfc4433520dfdacf2ULL,
+ 0x0000000000000000ULL, 0x5a51f58e596ebc5fULL, 0x3285aaf12e34cf16ULL,
+ 0x8d5c39db6dbd36b0ULL, 0x12b731dde64f7513ULL, 0x94906c2d7aa7dfbbULL,
+ 0x302b583aacc8e789ULL, 0x9d45facd090e6b3cULL, 0x2165e2c78905aec4ULL,
+ 0x68d45f7f775a7349ULL, 0x189b2c1d5664fdcaULL, 0xe1c99f2f030215daULL,
+ 0x6983269436246788ULL, 0x8489af3b1e148237ULL, 0xe94b702431d5b59cULL,
+ 0x33d2d31a6f4adbd7ULL, 0xbfd9932a4389f9a6ULL, 0xb0e30e8aab39359dULL,
+ 0xd1e2c715afcaf253ULL, 0x150f43763c28196eULL, 0xc4ed846393e2eb3dULL,
+ 0x03f98b20c3823c5eULL, 0xfd134ab94c83b833ULL, 0x556b682eb1de7064ULL,
+ 0x36c4537a37d19f35ULL, 0x7559f30279a5ca61ULL, 0x799ae58252973a04ULL,
+ 0x9c12832648707ffdULL, 0x78cd9c6913e92ec5ULL, 0x1d8dac7d0effb928ULL,
+ 0x439da0784e745554ULL, 0x413352b3cc887dcbULL, 0xbacf134a1b12bd44ULL,
+ 0x114ebafd25cd494dULL, 0x2f08068c20cb763eULL, 0x76a07822ba27f63fULL,
+ 0xeab2fb04f25789c2ULL, 0xe3676de481fe3d45ULL, 0x1b62a73d95e6c194ULL,
+ 0x641749ff5c68832cULL, 0xa5ec4dfc97112cf3ULL, 0xf6682e92bdd6242bULL,
+ 0x3f11c59a44782bb2ULL, 0x317c21d1edb6f348ULL, 0xd65ab5be75ad9e2eULL,
+ 0x6b2dd45fb4d84f17ULL, 0xfaab381296e4d44eULL, 0xd0b5befeeeb4e692ULL,
+ 0x0882ef0b32d7a046ULL, 0x512a91a5a83b2047ULL, 0x963e9ee6f85bf724ULL,
+ 0x4e09cf132438b1f0ULL, 0x77f701c9fb59e2feULL, 0x7ddb1c094b726a27ULL,
+ 0x5f4775ee01f5f8bdULL, 0x9186ec4d223c9b59ULL, 0xfeeac1998f01846dULL,
+ 0xac39db1ce4b89874ULL, 0xb75b7c21715e59e0ULL, 0xafc0503c273aa42aULL,
+ 0x6e3b543fec430bf5ULL, 0x704f7362213e8e83ULL, 0x58ff0745db9294c0ULL,
+ 0x67eec2df9feabf72ULL, 0xa0facd9ccf8a6811ULL, 0xb936986ad890811aULL,
+ 0x95c715c63bd9cb7aULL, 0xca8060283a2c33c7ULL, 0x507de84ee9453486ULL,
+ 0x85ded6d05f6a96f6ULL, 0x1cdad5964f81ade9ULL, 0xd5a33e9eb62fa270ULL,
+ 0x40642b588df6690aULL, 0x7f75eec2c98e42b8ULL, 0x2cf18dace3494a60ULL,
+ 0x23cb100c0bf9865bULL, 0xeef3028febb2d9e1ULL, 0x4425d2d394133929ULL,
+ 0xaad6d05c7fa1e0c8ULL, 0xad6ea2f7a5c68cb5ULL, 0xc2028f2308fb9381ULL,
+ 0x819f2f5b468fc6d5ULL, 0xc5bafd88d29cfffcULL, 0x47dc59f357910577ULL,
+ 0x2b49ff07392e261dULL, 0x57c59ae5332258fbULL, 0x73b6f842e2bcb2ddULL,
+ 0xcf96e04862b77725ULL, 0x4ca73dd8a6c4996fULL, 0x015779eb417e14c1ULL,
+ 0x37932a9176af8bf4ULL
+ }, {
+ 0x190a2c9b249df23eULL, 0x2f62f8b62263e1e9ULL, 0x7a7f754740993655ULL,
+ 0x330b7ba4d5564d9fULL, 0x4c17a16a46672582ULL, 0xb22f08eb7d05f5b8ULL,
+ 0x535f47f40bc148ccULL, 0x3aec5d27d4883037ULL, 0x10ed0a1825438f96ULL,
+ 0x516101f72c233d17ULL, 0x13cc6f949fd04eaeULL, 0x739853c441474bfdULL,
+ 0x653793d90d3f5b1bULL, 0x5240647b96b0fc2fULL, 0x0c84890ad27623e0ULL,
+ 0xd7189b32703aaea3ULL, 0x2685de3523bd9c41ULL, 0x99317c5b11bffefaULL,
+ 0x0d9baa854f079703ULL, 0x70b93648fbd48ac5ULL, 0xa80441fce30bc6beULL,
+ 0x7287704bdc36ff1eULL, 0xb65384ed33dc1f13ULL, 0xd36417343ee34408ULL,
+ 0x39cd38ab6e1bf10fULL, 0x5ab861770a1f3564ULL, 0x0ebacf09f594563bULL,
+ 0xd04572b884708530ULL, 0x3cae9722bdb3af47ULL, 0x4a556b6f2f5cbaf2ULL,
+ 0xe1704f1f76c4bd74ULL, 0x5ec4ed7144c6dfcfULL, 0x16afc01d4c7810e6ULL,
+ 0x283f113cd629ca7aULL, 0xaf59a8761741ed2dULL, 0xeed5a3991e215facULL,
+ 0x3bf37ea849f984d4ULL, 0xe413e096a56ce33cULL, 0x2c439d3a98f020d1ULL,
+ 0x637559dc6404c46bULL, 0x9e6c95d1e5f5d569ULL, 0x24bb9836045fe99aULL,
+ 0x44efa466dac8ecc9ULL, 0xc6eab2a5c80895d6ULL, 0x803b50c035220cc4ULL,
+ 0x0321658cba93c138ULL, 0x8f9ebc465dc7ee1cULL, 0xd15a5137190131d3ULL,
+ 0x0fa5ec8668e5e2d8ULL, 0x91c979578d1037b1ULL, 0x0642ca05693b9f70ULL,
+ 0xefca80168350eb4fULL, 0x38d21b24f36a45ecULL, 0xbeab81e1af73d658ULL,
+ 0x8cbfd9cae7542f24ULL, 0xfd19cc0d81f11102ULL, 0x0ac6430fbb4dbc90ULL,
+ 0x1d76a09d6a441895ULL, 0x2a01573ff1cbbfa1ULL, 0xb572e161894fde2bULL,
+ 0x8124734fa853b827ULL, 0x614b1fdf43e6b1b0ULL, 0x68ac395c4238cc18ULL,
+ 0x21d837bfd7f7b7d2ULL, 0x20c714304a860331ULL, 0x5cfaab726324aa14ULL,
+ 0x74c5ba4eb50d606eULL, 0xf3a3030474654739ULL, 0x23e671bcf015c209ULL,
+ 0x45f087e947b9582aULL, 0xd8bd77b418df4c7bULL, 0xe06f6c90ebb50997ULL,
+ 0x0bd96080263c0873ULL, 0x7e03f9410e40dcfeULL, 0xb8e94be4c6484928ULL,
+ 0xfb5b0608e8ca8e72ULL, 0x1a2b49179e0e3306ULL, 0x4e29e76961855059ULL,
+ 0x4f36c4e6fcf4e4baULL, 0x49740ee395cf7bcaULL, 0xc2963ea386d17f7dULL,
+ 0x90d65ad810618352ULL, 0x12d34c1b02a1fa4dULL, 0xfa44258775bb3a91ULL,
+ 0x18150f14b9ec46ddULL, 0x1491861e6b9a653dULL, 0x9a1019d7ab2c3fc2ULL,
+ 0x3668d42d06fe13d7ULL, 0xdcc1fbb25606a6d0ULL, 0x969490dd795a1c22ULL,
+ 0x3549b1a1bc6dd2efULL, 0xc94f5e23a0ed770eULL, 0xb9f6686b5b39fdcbULL,
+ 0xc4d4f4a6efeae00dULL, 0xe732851a1fff2204ULL, 0x94aad6de5eb869f9ULL,
+ 0x3f8ff2ae07206e7fULL, 0xfe38a9813b62d03aULL, 0xa7a1ad7a8bee2466ULL,
+ 0x7b6056c8dde882b6ULL, 0x302a1e286fc58ca7ULL, 0x8da0fa457a259bc7ULL,
+ 0xb3302b64e074415bULL, 0x5402ae7eff8b635fULL, 0x08f8050c9cafc94bULL,
+ 0xae468bf98a3059ceULL, 0x88c355cca98dc58fULL, 0xb10e6d67c7963480ULL,
+ 0xbad70de7e1aa3cf3ULL, 0xbfb4a26e320262bbULL, 0xcb711820870f02d5ULL,
+ 0xce12b7a954a75c9dULL, 0x563ce87dd8691684ULL, 0x9f73b65e7884618aULL,
+ 0x2b1e74b06cba0b42ULL, 0x47cec1ea605b2df1ULL, 0x1c698312f735ac76ULL,
+ 0x5fdbcefed9b76b2cULL, 0x831a354c8fb1cdfcULL, 0x820516c312c0791fULL,
+ 0xb74ca762aeadabf0ULL, 0xfc06ef821c80a5e1ULL, 0x5723cbf24518a267ULL,
+ 0x9d4df05d5f661451ULL, 0x588627742dfd40bfULL, 0xda8331b73f3d39a0ULL,
+ 0x17b0e392d109a405ULL, 0xf965400bcf28fba9ULL, 0x7c3dbf4229a2a925ULL,
+ 0x023e460327e275dbULL, 0x6cd0b55a0ce126b3ULL, 0xe62da695828e96e7ULL,
+ 0x42ad6e63b3f373b9ULL, 0xe50cc319381d57dfULL, 0xc5cbd729729b54eeULL,
+ 0x46d1e265fd2a9912ULL, 0x6428b056904eeff8ULL, 0x8be23040131e04b7ULL,
+ 0x6709d5da2add2ec0ULL, 0x075de98af44a2b93ULL, 0x8447dcc67bfbe66fULL,
+ 0x6616f655b7ac9a23ULL, 0xd607b8bded4b1a40ULL, 0x0563af89d3a85e48ULL,
+ 0x3db1b4ad20c21ba4ULL, 0x11f22997b8323b75ULL, 0x292032b34b587e99ULL,
+ 0x7f1cdace9331681dULL, 0x8e819fc9c0b65affULL, 0xa1e3677fe2d5bb16ULL,
+ 0xcd33d225ee349da5ULL, 0xd9a2543b85aef898ULL, 0x795e10cbfa0af76dULL,
+ 0x25a4bbb9992e5d79ULL, 0x78413344677b438eULL, 0xf0826688cef68601ULL,
+ 0xd27b34bba392f0ebULL, 0x551d8df162fad7bcULL, 0x1e57c511d0d7d9adULL,
+ 0xdeffbdb171e4d30bULL, 0xf4feea8e802f6caaULL, 0xa480c8f6317de55eULL,
+ 0xa0fc44f07fa40ff5ULL, 0x95b5f551c3c9dd1aULL, 0x22f952336d6476eaULL,
+ 0x0000000000000000ULL, 0xa6be8ef5169f9085ULL, 0xcc2cf1aa73452946ULL,
+ 0x2e7ddb39bf12550aULL, 0xd526dd3157d8db78ULL, 0x486b2d6c08becf29ULL,
+ 0x9b0f3a58365d8b21ULL, 0xac78cdfaadd22c15ULL, 0xbc95c7e28891a383ULL,
+ 0x6a927f5f65dab9c3ULL, 0xc3891d2c1ba0cb9eULL, 0xeaa92f9f50f8b507ULL,
+ 0xcf0d9426c9d6e87eULL, 0xca6e3baf1a7eb636ULL, 0xab25247059980786ULL,
+ 0x69b31ad3df4978fbULL, 0xe2512a93cc577c4cULL, 0xff278a0ea61364d9ULL,
+ 0x71a615c766a53e26ULL, 0x89dc764334fc716cULL, 0xf87a638452594f4aULL,
+ 0xf2bc208be914f3daULL, 0x8766b94ac1682757ULL, 0xbbc82e687cdb8810ULL,
+ 0x626a7a53f9757088ULL, 0xa2c202f358467a2eULL, 0x4d0882e5db169161ULL,
+ 0x09e7268301de7da8ULL, 0xe897699c771ac0dcULL, 0xc8507dac3d9cc3edULL,
+ 0xc0a878a0a1330aa6ULL, 0x978bb352e42ba8c1ULL, 0xe9884a13ea6b743fULL,
+ 0x279afdbabecc28a2ULL, 0x047c8c064ed9eaabULL, 0x507e2278b15289f4ULL,
+ 0x599904fbb08cf45cULL, 0xbd8ae46d15e01760ULL, 0x31353da7f2b43844ULL,
+ 0x8558ff49e68a528cULL, 0x76fbfc4d92ef15b5ULL, 0x3456922e211c660cULL,
+ 0x86799ac55c1993b4ULL, 0x3e90d1219a51da9cULL, 0x2d5cbeb505819432ULL,
+ 0x982e5fd48cce4a19ULL, 0xdb9c1238a24c8d43ULL, 0xd439febecaa96f9bULL,
+ 0x418c0bef0960b281ULL, 0x158ea591f6ebd1deULL, 0x1f48e69e4da66d4eULL,
+ 0x8afd13cf8e6fb054ULL, 0xf5e1c9011d5ed849ULL, 0xe34e091c5126c8afULL,
+ 0xad67ee7530a398f6ULL, 0x43b24dec2e82c75aULL, 0x75da99c1287cd48dULL,
+ 0x92e81cdb3783f689ULL, 0xa3dd217cc537cecdULL, 0x60543c50de970553ULL,
+ 0x93f73f54aaf2426aULL, 0xa91b62737e7a725dULL, 0xf19d4507538732e2ULL,
+ 0x77e4dfc20f9ea156ULL, 0x7d229ccdb4d31dc6ULL, 0x1b346a98037f87e5ULL,
+ 0xedf4c615a4b29e94ULL, 0x4093286094110662ULL, 0xb0114ee85ae78063ULL,
+ 0x6ff1d0d6b672e78bULL, 0x6dcf96d591909250ULL, 0xdfe09e3eec9567e8ULL,
+ 0x3214582b4827f97cULL, 0xb46dc2ee143e6ac8ULL, 0xf6c0ac8da7cd1971ULL,
+ 0xebb60c10cd8901e4ULL, 0xf7df8f023abcad92ULL, 0x9c52d3d2c217a0b2ULL,
+ 0x6b8d5cd0f8ab0d20ULL, 0x3777f7a29b8fa734ULL, 0x011f238f9d71b4e3ULL,
+ 0xc1b75b2f3c42be45ULL, 0x5de588fdfe551ef7ULL, 0x6eeef3592b035368ULL,
+ 0xaa3a07ffc4e9b365ULL, 0xecebe59a39c32a77ULL, 0x5ba742f8976e8187ULL,
+ 0x4b4a48e0b22d0e11ULL, 0xddded83dcb771233ULL, 0xa59feb79ac0c51bdULL,
+ 0xc7f5912a55792135ULL
+ }, {
+ 0x6d6ae04668a9b08aULL, 0x3ab3f04b0be8c743ULL, 0xe51e166b54b3c908ULL,
+ 0xbe90a9eb35c2f139ULL, 0xb2c7066637f2bec1ULL, 0xaa6945613392202cULL,
+ 0x9a28c36f3b5201ebULL, 0xddce5a93ab536994ULL, 0x0e34133ef6382827ULL,
+ 0x52a02ba1ec55048bULL, 0xa2f88f97c4b2a177ULL, 0x8640e513ca2251a5ULL,
+ 0xcdf1d36258137622ULL, 0xfe6cb708dedf8ddbULL, 0x8a174a9ec8121e5dULL,
+ 0x679896036b81560eULL, 0x59ed033395795feeULL, 0x1dd778ab8b74edafULL,
+ 0xee533ef92d9f926dULL, 0x2a8c79baf8a8d8f5ULL, 0x6bcf398e69b119f6ULL,
+ 0xe20491742fafdd95ULL, 0x276488e0809c2aecULL, 0xea955b82d88f5cceULL,
+ 0x7102c63a99d9e0c4ULL, 0xf9763017a5c39946ULL, 0x429fa2501f151b3dULL,
+ 0x4659c72bea05d59eULL, 0x984b7fdccf5a6634ULL, 0xf742232953fbb161ULL,
+ 0x3041860e08c021c7ULL, 0x747bfd9616cd9386ULL, 0x4bb1367192312787ULL,
+ 0x1b72a1638a6c44d3ULL, 0x4a0e68a6e8359a66ULL, 0x169a5039f258b6caULL,
+ 0xb98a2ef44edee5a4ULL, 0xd9083fe85e43a737ULL, 0x967f6ce239624e13ULL,
+ 0x8874f62d3c1a7982ULL, 0x3c1629830af06e3fULL, 0x9165ebfd427e5a8eULL,
+ 0xb5dd81794ceeaa5cULL, 0x0de8f15a7834f219ULL, 0x70bd98ede3dd5d25ULL,
+ 0xaccc9ca9328a8950ULL, 0x56664eda1945ca28ULL, 0x221db34c0f8859aeULL,
+ 0x26dbd637fa98970dULL, 0x1acdffb4f068f932ULL, 0x4585254f64090fa0ULL,
+ 0x72de245e17d53afaULL, 0x1546b25d7c546cf4ULL, 0x207e0ffffb803e71ULL,
+ 0xfaaad2732bcf4378ULL, 0xb462dfae36ea17bdULL, 0xcf926fd1ac1b11fdULL,
+ 0xe0672dc7dba7ba4aULL, 0xd3fa49ad5d6b41b3ULL, 0x8ba81449b216a3bcULL,
+ 0x14f9ec8a0650d115ULL, 0x40fc1ee3eb1d7ce2ULL, 0x23a2ed9b758ce44fULL,
+ 0x782c521b14fddc7eULL, 0x1c68267cf170504eULL, 0xbcf31558c1ca96e6ULL,
+ 0xa781b43b4ba6d235ULL, 0xf6fd7dfe29ff0c80ULL, 0xb0a4bad5c3fad91eULL,
+ 0xd199f51ea963266cULL, 0x414340349119c103ULL, 0x5405f269ed4dadf7ULL,
+ 0xabd61bb649969dcdULL, 0x6813dbeae7bdc3c8ULL, 0x65fb2ab09f8931d1ULL,
+ 0xf1e7fae152e3181dULL, 0xc1a67cef5a2339daULL, 0x7a4feea8e0f5bba1ULL,
+ 0x1e0b9acf05783791ULL, 0x5b8ebf8061713831ULL, 0x80e53cdbcb3af8d9ULL,
+ 0x7e898bd315e57502ULL, 0xc6bcfbf0213f2d47ULL, 0x95a38e86b76e942dULL,
+ 0x092e94218d243cbaULL, 0x8339debf453622e7ULL, 0xb11be402b9fe64ffULL,
+ 0x57d9100d634177c9ULL, 0xcc4e8db52217cbc3ULL, 0x3b0cae9c71ec7aa2ULL,
+ 0xfb158ca451cbfe99ULL, 0x2b33276d82ac6514ULL, 0x01bf5ed77a04bde1ULL,
+ 0xc5601994af33f779ULL, 0x75c4a3416cc92e67ULL, 0xf3844652a6eb7fc2ULL,
+ 0x3487e375fdd0ef64ULL, 0x18ae430704609eedULL, 0x4d14efb993298efbULL,
+ 0x815a620cb13e4538ULL, 0x125c354207487869ULL, 0x9eeea614ce42cf48ULL,
+ 0xce2d3106d61fac1cULL, 0xbbe99247bad6827bULL, 0x071a871f7b1c149dULL,
+ 0x2e4a1cc10db81656ULL, 0x77a71ff298c149b8ULL, 0x06a5d9c80118a97cULL,
+ 0xad73c27e488e34b1ULL, 0x443a7b981e0db241ULL, 0xe3bbcfa355ab6074ULL,
+ 0x0af276450328e684ULL, 0x73617a896dd1871bULL, 0x58525de4ef7de20fULL,
+ 0xb7be3dcab8e6cd83ULL, 0x19111dd07e64230cULL, 0x842359a03e2a367aULL,
+ 0x103f89f1f3401fb6ULL, 0xdc710444d157d475ULL, 0xb835702334da5845ULL,
+ 0x4320fc876511a6dcULL, 0xd026abc9d3679b8dULL, 0x17250eee885c0b2bULL,
+ 0x90dab52a387ae76fULL, 0x31fed8d972c49c26ULL, 0x89cba8fa461ec463ULL,
+ 0x2ff5421677bcabb7ULL, 0x396f122f85e41d7dULL, 0xa09b332430bac6a8ULL,
+ 0xc888e8ced7070560ULL, 0xaeaf201ac682ee8fULL, 0x1180d7268944a257ULL,
+ 0xf058a43628e7a5fcULL, 0xbd4c4b8fbbce2b07ULL, 0xa1246df34abe7b49ULL,
+ 0x7d5569b79be9af3cULL, 0xa9b5a705bd9efa12ULL, 0xdb6b835baa4bc0e8ULL,
+ 0x05793bac8f147342ULL, 0x21c1512881848390ULL, 0xfdb0556c50d357e5ULL,
+ 0x613d4fcb6a99ff72ULL, 0x03dce2648e0cda3eULL, 0xe949b9e6568386f0ULL,
+ 0xfc0f0bbb2ad7ea04ULL, 0x6a70675913b5a417ULL, 0x7f36d5046fe1c8e3ULL,
+ 0x0c57af8d02304ff8ULL, 0x32223abdfcc84618ULL, 0x0891caf6f720815bULL,
+ 0xa63eeaec31a26fd4ULL, 0x2507345374944d33ULL, 0x49d28ac266394058ULL,
+ 0xf5219f9aa7f3d6beULL, 0x2d96fea583b4cc68ULL, 0x5a31e1571b7585d0ULL,
+ 0x8ed12fe53d02d0feULL, 0xdfade6205f5b0e4bULL, 0x4cabb16ee92d331aULL,
+ 0x04c6657bf510cea3ULL, 0xd73c2cd6a87b8f10ULL, 0xe1d87310a1a307abULL,
+ 0x6cd5be9112ad0d6bULL, 0x97c032354366f3f2ULL, 0xd4e0ceb22677552eULL,
+ 0x0000000000000000ULL, 0x29509bde76a402cbULL, 0xc27a9e8bd42fe3e4ULL,
+ 0x5ef7842cee654b73ULL, 0xaf107ecdbc86536eULL, 0x3fcacbe784fcb401ULL,
+ 0xd55f90655c73e8cfULL, 0xe6c2f40fdabf1336ULL, 0xe8f6e7312c873b11ULL,
+ 0xeb2a0555a28be12fULL, 0xe4a148bc2eb774e9ULL, 0x9b979db84156bc0aULL,
+ 0x6eb60222e6a56ab4ULL, 0x87ffbbc4b026ec44ULL, 0xc703a5275b3b90a6ULL,
+ 0x47e699fc9001687fULL, 0x9c8d1aa73a4aa897ULL, 0x7cea3760e1ed12ddULL,
+ 0x4ec80ddd1d2554c5ULL, 0x13e36b957d4cc588ULL, 0x5d2b66486069914dULL,
+ 0x92b90999cc7280b0ULL, 0x517cc9c56259deb5ULL, 0xc937b619ad03b881ULL,
+ 0xec30824ad997f5b2ULL, 0xa45d565fc5aa080bULL, 0xd6837201d27f32f1ULL,
+ 0x635ef3789e9198adULL, 0x531f75769651b96aULL, 0x4f77530a6721e924ULL,
+ 0x486dd4151c3dfdb9ULL, 0x5f48dafb9461f692ULL, 0x375b011173dc355aULL,
+ 0x3da9775470f4d3deULL, 0x8d0dcd81b30e0ac0ULL, 0x36e45fc609d888bbULL,
+ 0x55baacbe97491016ULL, 0x8cb29356c90ab721ULL, 0x76184125e2c5f459ULL,
+ 0x99f4210bb55edbd5ULL, 0x6f095cf59ca1d755ULL, 0x9f51f8c3b44672a9ULL,
+ 0x3538bda287d45285ULL, 0x50c39712185d6354ULL, 0xf23b1885dcefc223ULL,
+ 0x79930ccc6ef9619fULL, 0xed8fdc9da3934853ULL, 0xcb540aaa590bdf5eULL,
+ 0x5c94389f1a6d2cacULL, 0xe77daad8a0bbaed7ULL, 0x28efc5090ca0bf2aULL,
+ 0xbf2ff73c4fc64cd8ULL, 0xb37858b14df60320ULL, 0xf8c96ec0dfc724a7ULL,
+ 0x828680683f329f06ULL, 0x941cd051cd6a29ccULL, 0xc3c5c05cae2b5e05ULL,
+ 0xb601631dc2e27062ULL, 0xc01922382027843bULL, 0x24b86a840e90f0d2ULL,
+ 0xd245177a276ffc52ULL, 0x0f8b4de98c3c95c6ULL, 0x3e759530fef809e0ULL,
+ 0x0b4d2892792c5b65ULL, 0xc4df4743d5374a98ULL, 0xa5e20888bfaeb5eaULL,
+ 0xba56cc90c0d23f9aULL, 0x38d04cf8ffe0a09cULL, 0x62e1adafe495254cULL,
+ 0x0263bcb3f40867dfULL, 0xcaeb547d230f62bfULL, 0x6082111c109d4293ULL,
+ 0xdad4dd8cd04f7d09ULL, 0xefec602e579b2f8cULL, 0x1fb4c4187f7c8a70ULL,
+ 0xffd3e9dfa4db303aULL, 0x7bf0b07f9af10640ULL, 0xf49ec14dddf76b5fULL,
+ 0x8f6e713247066d1fULL, 0x339d646a86ccfbf9ULL, 0x64447467e58d8c30ULL,
+ 0x2c29a072f9b07189ULL, 0xd8b7613f24471ad6ULL, 0x6627c8d41185ebefULL,
+ 0xa347d140beb61c96ULL, 0xde12b8f7255fb3aaULL, 0x9d324470404e1576ULL,
+ 0x9306574eb6763d51ULL, 0xa80af9d2c79a47f3ULL, 0x859c0777442e8b9bULL,
+ 0x69ac853d9db97e29ULL
+ }, {
+ 0xc3407dfc2de6377eULL, 0x5b9e93eea4256f77ULL, 0xadb58fdd50c845e0ULL,
+ 0x5219ff11a75bed86ULL, 0x356b61cfd90b1de9ULL, 0xfb8f406e25abe037ULL,
+ 0x7a5a0231c0f60796ULL, 0x9d3cd216e1f5020bULL, 0x0c6550fb6b48d8f3ULL,
+ 0xf57508c427ff1c62ULL, 0x4ad35ffa71cb407dULL, 0x6290a2da1666aa6dULL,
+ 0xe284ec2349355f9fULL, 0xb3c307c53d7c84ecULL, 0x05e23c0468365a02ULL,
+ 0x190bac4d6c9ebfa8ULL, 0x94bbbee9e28b80faULL, 0xa34fc777529cb9b5ULL,
+ 0xcc7b39f095bcd978ULL, 0x2426addb0ce532e3ULL, 0x7e79329312ce4fc7ULL,
+ 0xab09a72eebec2917ULL, 0xf8d15499f6b9d6c2ULL, 0x1a55b8babf8c895dULL,
+ 0xdb8add17fb769a85ULL, 0xb57f2f368658e81bULL, 0x8acd36f18f3f41f6ULL,
+ 0x5ce3b7bba50f11d3ULL, 0x114dcc14d5ee2f0aULL, 0xb91a7fcded1030e8ULL,
+ 0x81d5425fe55de7a1ULL, 0xb6213bc1554adeeeULL, 0x80144ef95f53f5f2ULL,
+ 0x1e7688186db4c10cULL, 0x3b912965db5fe1bcULL, 0xc281715a97e8252dULL,
+ 0x54a5d7e21c7f8171ULL, 0x4b12535ccbc5522eULL, 0x1d289cefbea6f7f9ULL,
+ 0x6ef5f2217d2e729eULL, 0xe6a7dc819b0d17ceULL, 0x1b94b41c05829b0eULL,
+ 0x33d7493c622f711eULL, 0xdcf7f942fa5ce421ULL, 0x600fba8b7f7a8ecbULL,
+ 0x46b60f011a83988eULL, 0x235b898e0dcf4c47ULL, 0x957ab24f588592a9ULL,
+ 0x4354330572b5c28cULL, 0xa5f3ef84e9b8d542ULL, 0x8c711e02341b2d01ULL,
+ 0x0b1874ae6a62a657ULL, 0x1213d8e306fc19ffULL, 0xfe6d7c6a4d9dba35ULL,
+ 0x65ed868f174cd4c9ULL, 0x88522ea0e6236550ULL, 0x899322065c2d7703ULL,
+ 0xc01e690bfef4018bULL, 0x915982ed8abddaf8ULL, 0xbe675b98ec3a4e4cULL,
+ 0xa996bf7f82f00db1ULL, 0xe1daf8d49a27696aULL, 0x2effd5d3dc8986e7ULL,
+ 0xd153a51f2b1a2e81ULL, 0x18caa0ebd690adfbULL, 0x390e3134b243c51aULL,
+ 0x2778b92cdff70416ULL, 0x029f1851691c24a6ULL, 0x5e7cafeacc133575ULL,
+ 0xfa4e4cc89fa5f264ULL, 0x5a5f9f481e2b7d24ULL, 0x484c47ab18d764dbULL,
+ 0x400a27f2a1a7f479ULL, 0xaeeb9b2a83da7315ULL, 0x721c626879869734ULL,
+ 0x042330a2d2384851ULL, 0x85f672fd3765aff0ULL, 0xba446b3a3e02061dULL,
+ 0x73dd6ecec3888567ULL, 0xffac70ccf793a866ULL, 0xdfa9edb5294ed2d4ULL,
+ 0x6c6aea7014325638ULL, 0x834a5a0e8c41c307ULL, 0xcdba35562fb2cb2bULL,
+ 0x0ad97808d06cb404ULL, 0x0f3b440cb85aee06ULL, 0xe5f9c876481f213bULL,
+ 0x98deee1289c35809ULL, 0x59018bbfcd394bd1ULL, 0xe01bf47220297b39ULL,
+ 0xde68e1139340c087ULL, 0x9fa3ca4788e926adULL, 0xbb85679c840c144eULL,
+ 0x53d8f3b71d55ffd5ULL, 0x0da45c5dd146caa0ULL, 0x6f34fe87c72060cdULL,
+ 0x57fbc315cf6db784ULL, 0xcee421a1fca0fddeULL, 0x3d2d0196607b8d4bULL,
+ 0x642c8a29ad42c69aULL, 0x14aff010bdd87508ULL, 0xac74837beac657b3ULL,
+ 0x3216459ad821634dULL, 0x3fb219c70967a9edULL, 0x06bc28f3bb246cf7ULL,
+ 0xf2082c9126d562c6ULL, 0x66b39278c45ee23cULL, 0xbd394f6f3f2878b9ULL,
+ 0xfd33689d9e8f8cc0ULL, 0x37f4799eb017394fULL, 0x108cc0b26fe03d59ULL,
+ 0xda4bd1b1417888d6ULL, 0xb09d1332ee6eb219ULL, 0x2f3ed975668794b4ULL,
+ 0x58c0871977375982ULL, 0x7561463d78ace990ULL, 0x09876cff037e82f1ULL,
+ 0x7fb83e35a8c05d94ULL, 0x26b9b58a65f91645ULL, 0xef20b07e9873953fULL,
+ 0x3148516d0b3355b8ULL, 0x41cb2b541ba9e62aULL, 0x790416c613e43163ULL,
+ 0xa011d380818e8f40ULL, 0x3a5025c36151f3efULL, 0xd57095bdf92266d0ULL,
+ 0x498d4b0da2d97688ULL, 0x8b0c3a57353153a5ULL, 0x21c491df64d368e1ULL,
+ 0x8f2f0af5e7091bf4ULL, 0x2da1c1240f9bb012ULL, 0xc43d59a92ccc49daULL,
+ 0xbfa6573e56345c1fULL, 0x828b56a8364fd154ULL, 0x9a41f643e0df7cafULL,
+ 0xbcf843c985266aeaULL, 0x2b1de9d7b4bfdce5ULL, 0x20059d79dedd7ab2ULL,
+ 0x6dabe6d6ae3c446bULL, 0x45e81bf6c991ae7bULL, 0x6351ae7cac68b83eULL,
+ 0xa432e32253b6c711ULL, 0xd092a9b991143cd2ULL, 0xcac711032e98b58fULL,
+ 0xd8d4c9e02864ac70ULL, 0xc5fc550f96c25b89ULL, 0xd7ef8dec903e4276ULL,
+ 0x67729ede7e50f06fULL, 0xeac28c7af045cf3dULL, 0xb15c1f945460a04aULL,
+ 0x9cfddeb05bfb1058ULL, 0x93c69abce3a1fe5eULL, 0xeb0380dc4a4bdd6eULL,
+ 0xd20db1e8f8081874ULL, 0x229a8528b7c15e14ULL, 0x44291750739fbc28ULL,
+ 0xd3ccbd4e42060a27ULL, 0xf62b1c33f4ed2a97ULL, 0x86a8660ae4779905ULL,
+ 0xd62e814a2a305025ULL, 0x477703a7a08d8addULL, 0x7b9b0e977af815c5ULL,
+ 0x78c51a60a9ea2330ULL, 0xa6adfb733aaae3b7ULL, 0x97e5aa1e3199b60fULL,
+ 0x0000000000000000ULL, 0xf4b404629df10e31ULL, 0x5564db44a6719322ULL,
+ 0x9207961a59afec0dULL, 0x9624a6b88b97a45cULL, 0x363575380a192b1cULL,
+ 0x2c60cd82b595a241ULL, 0x7d272664c1dc7932ULL, 0x7142769faa94a1c1ULL,
+ 0xa1d0df263b809d13ULL, 0x1630e841d4c451aeULL, 0xc1df65ad44fa13d8ULL,
+ 0x13d2d445bcf20bacULL, 0xd915c546926abe23ULL, 0x38cf3d92084dd749ULL,
+ 0xe766d0272103059dULL, 0xc7634d5effde7f2fULL, 0x077d2455012a7ea4ULL,
+ 0xedbfa82ff16fb199ULL, 0xaf2a978c39d46146ULL, 0x42953fa3c8bbd0dfULL,
+ 0xcb061da59496a7dcULL, 0x25e7a17db6eb20b0ULL, 0x34aa6d6963050fbaULL,
+ 0xa76cf7d580a4f1e4ULL, 0xf7ea10954ee338c4ULL, 0xfcf2643b24819e93ULL,
+ 0xcf252d0746aeef8dULL, 0x4ef06f58a3f3082cULL, 0x563acfb37563a5d7ULL,
+ 0x5086e740ce47c920ULL, 0x2982f186dda3f843ULL, 0x87696aac5e798b56ULL,
+ 0x5d22bb1d1f010380ULL, 0x035e14f7d31236f5ULL, 0x3cec0d30da759f18ULL,
+ 0xf3c920379cdb7095ULL, 0xb8db736b571e22bbULL, 0xdd36f5e44052f672ULL,
+ 0xaac8ab8851e23b44ULL, 0xa857b3d938fe1fe2ULL, 0x17f1e4e76eca43fdULL,
+ 0xec7ea4894b61a3caULL, 0x9e62c6e132e734feULL, 0xd4b1991b432c7483ULL,
+ 0x6ad6c283af163acfULL, 0x1ce9904904a8e5aaULL, 0x5fbda34c761d2726ULL,
+ 0xf910583f4cb7c491ULL, 0xc6a241f845d06d7cULL, 0x4f3163fe19fd1a7fULL,
+ 0xe99c988d2357f9c8ULL, 0x8eee06535d0709a7ULL, 0x0efa48aa0254fc55ULL,
+ 0xb4be23903c56fa48ULL, 0x763f52caabbedf65ULL, 0xeee1bcd8227d876cULL,
+ 0xe345e085f33b4dccULL, 0x3e731561b369bbbeULL, 0x2843fd2067adea10ULL,
+ 0x2adce5710eb1ceb6ULL, 0xb7e03767ef44ccbdULL, 0x8db012a48e153f52ULL,
+ 0x61ceb62dc5749c98ULL, 0xe85d942b9959eb9bULL, 0x4c6f7709caef2c8aULL,
+ 0x84377e5b8d6bbda3ULL, 0x30895dcbb13d47ebULL, 0x74a04a9bc2a2fbc3ULL,
+ 0x6b17ce251518289cULL, 0xe438c4d0f2113368ULL, 0x1fb784bed7bad35fULL,
+ 0x9b80fae55ad16efcULL, 0x77fe5e6c11b0cd36ULL, 0xc858095247849129ULL,
+ 0x08466059b97090a2ULL, 0x01c10ca6ba0e1253ULL, 0x6988d6747c040c3aULL,
+ 0x6849dad2c60a1e69ULL, 0x5147ebe67449db73ULL, 0xc99905f4fd8a837aULL,
+ 0x991fe2b433cd4a5aULL, 0xf09734c04fc94660ULL, 0xa28ecbd1e892abe6ULL,
+ 0xf1563866f5c75433ULL, 0x4dae7baf70e13ed9ULL, 0x7ce62ac27bd26b61ULL,
+ 0x70837a39109ab392ULL, 0x90988e4b30b3c8abULL, 0xb2020b63877296bfULL,
+ 0x156efcb607d6675bULL
+ }, {
+ 0xe63f55ce97c331d0ULL, 0x25b506b0015bba16ULL, 0xc8706e29e6ad9ba8ULL,
+ 0x5b43d3775d521f6aULL, 0x0bfa3d577035106eULL, 0xab95fc172afb0e66ULL,
+ 0xf64b63979e7a3276ULL, 0xf58b4562649dad4bULL, 0x48f7c3dbae0c83f1ULL,
+ 0xff31916642f5c8c5ULL, 0xcbb048dc1c4a0495ULL, 0x66b8f83cdf622989ULL,
+ 0x35c130e908e2b9b0ULL, 0x7c761a61f0b34fa1ULL, 0x3601161cf205268dULL,
+ 0x9e54ccfe2219b7d6ULL, 0x8b7d90a538940837ULL, 0x9cd403588ea35d0bULL,
+ 0xbc3c6fea9ccc5b5aULL, 0xe5ff733b6d24aeedULL, 0xceed22de0f7eb8d2ULL,
+ 0xec8581cab1ab545eULL, 0xb96105e88ff8e71dULL, 0x8ca03501871a5eadULL,
+ 0x76ccce65d6db2a2fULL, 0x5883f582a7b58057ULL, 0x3f7be4ed2e8adc3eULL,
+ 0x0fe7be06355cd9c9ULL, 0xee054e6c1d11be83ULL, 0x1074365909b903a6ULL,
+ 0x5dde9f80b4813c10ULL, 0x4a770c7d02b6692cULL, 0x5379c8d5d7809039ULL,
+ 0xb4067448161ed409ULL, 0x5f5e5026183bd6cdULL, 0xe898029bf4c29df9ULL,
+ 0x7fb63c940a54d09cULL, 0xc5171f897f4ba8bcULL, 0xa6f28db7b31d3d72ULL,
+ 0x2e4f3be7716eaa78ULL, 0x0d6771a099e63314ULL, 0x82076254e41bf284ULL,
+ 0x2f0fd2b42733df98ULL, 0x5c9e76d3e2dc49f0ULL, 0x7aeb569619606cdbULL,
+ 0x83478b07b2468764ULL, 0xcfadcb8d5923cd32ULL, 0x85dac7f05b95a41eULL,
+ 0xb5469d1b4043a1e9ULL, 0xb821ecbbd9a592fdULL, 0x1b8e0b0e798c13c8ULL,
+ 0x62a57b6d9a0be02eULL, 0xfcf1b793b81257f8ULL, 0x9d94ea0bd8fe28ebULL,
+ 0x4cea408aeb654a56ULL, 0x23284a47e888996cULL, 0x2d8f1d128b893545ULL,
+ 0xf4cbac3132c0d8abULL, 0xbd7c86b9ca912ebaULL, 0x3a268eef3dbe6079ULL,
+ 0xf0d62f6077a9110cULL, 0x2735c916ade150cbULL, 0x89fd5f03942ee2eaULL,
+ 0x1acee25d2fd16628ULL, 0x90f39bab41181bffULL, 0x430dfe8cde39939fULL,
+ 0xf70b8ac4c8274796ULL, 0x1c53aeaac6024552ULL, 0x13b410acf35e9c9bULL,
+ 0xa532ab4249faa24fULL, 0x2b1251e5625a163fULL, 0xd7e3e676da4841c7ULL,
+ 0xa7b264e4e5404892ULL, 0xda8497d643ae72d3ULL, 0x861ae105a1723b23ULL,
+ 0x38a6414991048aa4ULL, 0x6578dec92585b6b4ULL, 0x0280cfa6acbaeaddULL,
+ 0x88bdb650c273970aULL, 0x9333bd5ebbff84c2ULL, 0x4e6a8f2c47dfa08bULL,
+ 0x321c954db76cef2aULL, 0x418d312a72837942ULL, 0xb29b38bfffcdf773ULL,
+ 0x6c022c38f90a4c07ULL, 0x5a033a240b0f6a8aULL, 0x1f93885f3ce5da6fULL,
+ 0xc38a537e96988bc6ULL, 0x39e6a81ac759ff44ULL, 0x29929e43cee0fce2ULL,
+ 0x40cdd87924de0ca2ULL, 0xe9d8ebc8a29fe819ULL, 0x0c2798f3cfbb46f4ULL,
+ 0x55e484223e53b343ULL, 0x4650948ecd0d2fd8ULL, 0x20e86cb2126f0651ULL,
+ 0x6d42c56baf5739e7ULL, 0xa06fc1405ace1e08ULL, 0x7babbfc54f3d193bULL,
+ 0x424d17df8864e67fULL, 0xd8045870ef14980eULL, 0xc6d7397c85ac3781ULL,
+ 0x21a885e1443273b1ULL, 0x67f8116f893f5c69ULL, 0x24f5efe35706cff6ULL,
+ 0xd56329d076f2ab1aULL, 0x5e1eb9754e66a32dULL, 0x28d2771098bd8902ULL,
+ 0x8f6013f47dfdc190ULL, 0x17a993fdb637553cULL, 0xe0a219397e1012aaULL,
+ 0x786b9930b5da8606ULL, 0x6e82e39e55b0a6daULL, 0x875a0856f72f4ec3ULL,
+ 0x3741ff4fa458536dULL, 0xac4859b3957558fcULL, 0x7ef6d5c75c09a57cULL,
+ 0xc04a758b6c7f14fbULL, 0xf9acdd91ab26ebbfULL, 0x7391a467c5ef9668ULL,
+ 0x335c7c1ee1319acaULL, 0xa91533b18641e4bbULL, 0xe4bf9a683b79db0dULL,
+ 0x8e20faa72ba0b470ULL, 0x51f907737b3a7ae4ULL, 0x2268a314bed5ec8cULL,
+ 0xd944b123b949edeeULL, 0x31dcb3b84d8b7017ULL, 0xd3fe65279f218860ULL,
+ 0x097af2f1dc8ffab3ULL, 0x9b09a6fc312d0b91ULL, 0xcc6ded78a3c4520fULL,
+ 0x3481d9ba5ebfcc50ULL, 0x4f2a667f1182d56bULL, 0xdfd9fdd4509ace94ULL,
+ 0x26752045fbbc252bULL, 0xbffc491f662bc467ULL, 0xdd593272fc202449ULL,
+ 0x3cbbc218d46d4303ULL, 0x91b372f817456e1fULL, 0x681faf69bc6385a0ULL,
+ 0xb686bbeebaa43ed4ULL, 0x1469b5084cd0ca01ULL, 0x98c98009cbca94acULL,
+ 0x6438379a73d8c354ULL, 0xc2caba2dc0c5fe26ULL, 0x3e3b0dbe78d7a9deULL,
+ 0x50b9ee202d670f04ULL, 0x4590b27b37eab0e5ULL, 0x6025b4cb36b10af3ULL,
+ 0xfb2c1237079c0162ULL, 0xa12f28130c936be8ULL, 0x4b37e52e54eb1cccULL,
+ 0x083a1ba28ad28f53ULL, 0xc10a9cd83a22611bULL, 0x9f1425ad7444c236ULL,
+ 0x069d4cf7e9d3237aULL, 0xedc56899e7f621beULL, 0x778c273680865fcfULL,
+ 0x309c5aeb1bd605f7ULL, 0x8de0dc52d1472b4dULL, 0xf8ec34c2fd7b9e5fULL,
+ 0xea18cd3d58787724ULL, 0xaad515447ca67b86ULL, 0x9989695a9d97e14cULL,
+ 0x0000000000000000ULL, 0xf196c63321f464ecULL, 0x71116bc169557cb5ULL,
+ 0xaf887f466f92c7c1ULL, 0x972e3e0ffe964d65ULL, 0x190ec4a8d536f915ULL,
+ 0x95aef1a9522ca7b8ULL, 0xdc19db21aa7d51a9ULL, 0x94ee18fa0471d258ULL,
+ 0x8087adf248a11859ULL, 0xc457f6da2916dd5cULL, 0xfa6cfb6451c17482ULL,
+ 0xf256e0c6db13fbd1ULL, 0x6a9f60cf10d96f7dULL, 0x4daaa9d9bd383fb6ULL,
+ 0x03c026f5fae79f3dULL, 0xde99148706c7bb74ULL, 0x2a52b8b6340763dfULL,
+ 0x6fc20acd03edd33aULL, 0xd423c08320afdefaULL, 0xbbe1ca4e23420dc0ULL,
+ 0x966ed75ca8cb3885ULL, 0xeb58246e0e2502c4ULL, 0x055d6a021334bc47ULL,
+ 0xa47242111fa7d7afULL, 0xe3623fcc84f78d97ULL, 0x81c744a11efc6db9ULL,
+ 0xaec8961539cfb221ULL, 0xf31609958d4e8e31ULL, 0x63e5923ecc5695ceULL,
+ 0x47107ddd9b505a38ULL, 0xa3afe7b5a0298135ULL, 0x792b7063e387f3e6ULL,
+ 0x0140e953565d75e0ULL, 0x12f4f9ffa503e97bULL, 0x750ce8902c3cb512ULL,
+ 0xdbc47e8515f30733ULL, 0x1ed3610c6ab8af8fULL, 0x5239218681dde5d9ULL,
+ 0xe222d69fd2aaf877ULL, 0xfe71783514a8bd25ULL, 0xcaf0a18f4a177175ULL,
+ 0x61655d9860ec7f13ULL, 0xe77fbc9dc19e4430ULL, 0x2ccff441ddd440a5ULL,
+ 0x16e97aaee06a20dcULL, 0xa855dae2d01c915bULL, 0x1d1347f9905f30b2ULL,
+ 0xb7c652bdecf94b34ULL, 0xd03e43d265c6175dULL, 0xfdb15ec0ee4f2218ULL,
+ 0x57644b8492e9599eULL, 0x07dda5a4bf8e569aULL, 0x54a46d71680ec6a3ULL,
+ 0x5624a2d7c4b42c7eULL, 0xbebca04c3076b187ULL, 0x7d36f332a6ee3a41ULL,
+ 0x3b6667bc6be31599ULL, 0x695f463aea3ef040ULL, 0xad08b0e0c3282d1cULL,
+ 0xb15b1e4a052a684eULL, 0x44d05b2861b7c505ULL, 0x15295c5b1a8dbfe1ULL,
+ 0x744c01c37a61c0f2ULL, 0x59c31cd1f1e8f5b7ULL, 0xef45a73f4b4ccb63ULL,
+ 0x6bdf899c46841a9dULL, 0x3dfb2b4b823036e3ULL, 0xa2ef0ee6f674f4d5ULL,
+ 0x184e2dfb836b8cf5ULL, 0x1134df0a5fe47646ULL, 0xbaa1231d751f7820ULL,
+ 0xd17eaa81339b62bdULL, 0xb01bf71953771daeULL, 0x849a2ea30dc8d1feULL,
+ 0x705182923f080955ULL, 0x0ea757556301ac29ULL, 0x041d83514569c9a7ULL,
+ 0x0abad4042668658eULL, 0x49b72a88f851f611ULL, 0x8a3d79f66ec97dd7ULL,
+ 0xcd2d042bf59927efULL, 0xc930877ab0f0ee48ULL, 0x9273540deda2f122ULL,
+ 0xc797d02fd3f14261ULL, 0xe1e2f06a284d674aULL, 0xd2be8c74c97cfd80ULL,
+ 0x9a494faf67707e71ULL, 0xb3dbd1eca9908293ULL, 0x72d14d3493b2e388ULL,
+ 0xd6a30f258c153427ULL
+ }
+}; /* Ax */
+
+static void streebog_xor(const struct streebog_uint512 *x,
+ const struct streebog_uint512 *y,
+ struct streebog_uint512 *z)
+{
+ z->qword[0] = x->qword[0] ^ y->qword[0];
+ z->qword[1] = x->qword[1] ^ y->qword[1];
+ z->qword[2] = x->qword[2] ^ y->qword[2];
+ z->qword[3] = x->qword[3] ^ y->qword[3];
+ z->qword[4] = x->qword[4] ^ y->qword[4];
+ z->qword[5] = x->qword[5] ^ y->qword[5];
+ z->qword[6] = x->qword[6] ^ y->qword[6];
+ z->qword[7] = x->qword[7] ^ y->qword[7];
+}
+
+static void streebog_xlps(const struct streebog_uint512 *x,
+ const struct streebog_uint512 *y,
+ struct streebog_uint512 *data)
+{
+ u64 r0, r1, r2, r3, r4, r5, r6, r7;
+ int i;
+
+ r0 = le64_to_cpu(x->qword[0] ^ y->qword[0]);
+ r1 = le64_to_cpu(x->qword[1] ^ y->qword[1]);
+ r2 = le64_to_cpu(x->qword[2] ^ y->qword[2]);
+ r3 = le64_to_cpu(x->qword[3] ^ y->qword[3]);
+ r4 = le64_to_cpu(x->qword[4] ^ y->qword[4]);
+ r5 = le64_to_cpu(x->qword[5] ^ y->qword[5]);
+ r6 = le64_to_cpu(x->qword[6] ^ y->qword[6]);
+ r7 = le64_to_cpu(x->qword[7] ^ y->qword[7]);
+
+ for (i = 0; i <= 7; i++) {
+ data->qword[i] = cpu_to_le64(Ax[0][r0 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[1][r1 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[2][r2 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[3][r3 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[4][r4 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[5][r5 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[6][r6 & 0xFF]);
+ data->qword[i] ^= cpu_to_le64(Ax[7][r7 & 0xFF]);
+ r0 >>= 8;
+ r1 >>= 8;
+ r2 >>= 8;
+ r3 >>= 8;
+ r4 >>= 8;
+ r5 >>= 8;
+ r6 >>= 8;
+ r7 >>= 8;
+ }
+}
+
+static void streebog_round(int i, struct streebog_uint512 *Ki,
+ struct streebog_uint512 *data)
+{
+ streebog_xlps(Ki, &C[i], Ki);
+ streebog_xlps(Ki, data, data);
+}
+
+static int streebog_init(struct shash_desc *desc)
+{
+ struct streebog_state *ctx = shash_desc_ctx(desc);
+ unsigned int digest_size = crypto_shash_digestsize(desc->tfm);
+ unsigned int i;
+
+ memset(ctx, 0, sizeof(struct streebog_state));
+ for (i = 0; i < 8; i++) {
+ if (digest_size == STREEBOG256_DIGEST_SIZE)
+ ctx->h.qword[i] = cpu_to_le64(0x0101010101010101ULL);
+ }
+ return 0;
+}
+
+static void streebog_pad(struct streebog_state *ctx)
+{
+ if (ctx->fillsize >= STREEBOG_BLOCK_SIZE)
+ return;
+
+ memset(ctx->buffer + ctx->fillsize, 0,
+ sizeof(ctx->buffer) - ctx->fillsize);
+
+ ctx->buffer[ctx->fillsize] = 1;
+}
+
+static void streebog_add512(const struct streebog_uint512 *x,
+ const struct streebog_uint512 *y,
+ struct streebog_uint512 *r)
+{
+ u64 carry = 0;
+ int i;
+
+ for (i = 0; i < 8; i++) {
+ const u64 left = le64_to_cpu(x->qword[i]);
+ u64 sum;
+
+ sum = left + le64_to_cpu(y->qword[i]) + carry;
+ if (sum != left)
+ carry = (sum < left);
+ r->qword[i] = cpu_to_le64(sum);
+ }
+}
+
+static void streebog_g(struct streebog_uint512 *h,
+ const struct streebog_uint512 *N,
+ const struct streebog_uint512 *m)
+{
+ struct streebog_uint512 Ki, data;
+ unsigned int i;
+
+ streebog_xlps(h, N, &data);
+
+ /* Starting E() */
+ Ki = data;
+ streebog_xlps(&Ki, m, &data);
+
+ for (i = 0; i < 11; i++)
+ streebog_round(i, &Ki, &data);
+
+ streebog_xlps(&Ki, &C[11], &Ki);
+ streebog_xor(&Ki, &data, &data);
+ /* E() done */
+
+ streebog_xor(&data, h, &data);
+ streebog_xor(&data, m, h);
+}
+
+static void streebog_stage2(struct streebog_state *ctx, const u8 *data)
+{
+ struct streebog_uint512 m;
+
+ memcpy(&m, data, sizeof(m));
+
+ streebog_g(&ctx->h, &ctx->N, &m);
+
+ streebog_add512(&ctx->N, &buffer512, &ctx->N);
+ streebog_add512(&ctx->Sigma, &m, &ctx->Sigma);
+}
+
+static void streebog_stage3(struct streebog_state *ctx)
+{
+ struct streebog_uint512 buf = { { 0 } };
+
+ buf.qword[0] = cpu_to_le64(ctx->fillsize << 3);
+ streebog_pad(ctx);
+
+ streebog_g(&ctx->h, &ctx->N, &ctx->m);
+ streebog_add512(&ctx->N, &buf, &ctx->N);
+ streebog_add512(&ctx->Sigma, &ctx->m, &ctx->Sigma);
+ streebog_g(&ctx->h, &buffer0, &ctx->N);
+ streebog_g(&ctx->h, &buffer0, &ctx->Sigma);
+ memcpy(&ctx->hash, &ctx->h, sizeof(struct streebog_uint512));
+}
+
+static int streebog_update(struct shash_desc *desc, const u8 *data,
+ unsigned int len)
+{
+ struct streebog_state *ctx = shash_desc_ctx(desc);
+ size_t chunksize;
+
+ if (ctx->fillsize) {
+ chunksize = STREEBOG_BLOCK_SIZE - ctx->fillsize;
+ if (chunksize > len)
+ chunksize = len;
+ memcpy(&ctx->buffer[ctx->fillsize], data, chunksize);
+ ctx->fillsize += chunksize;
+ len -= chunksize;
+ data += chunksize;
+
+ if (ctx->fillsize == STREEBOG_BLOCK_SIZE) {
+ streebog_stage2(ctx, ctx->buffer);
+ ctx->fillsize = 0;
+ }
+ }
+
+ while (len >= STREEBOG_BLOCK_SIZE) {
+ streebog_stage2(ctx, data);
+ data += STREEBOG_BLOCK_SIZE;
+ len -= STREEBOG_BLOCK_SIZE;
+ }
+
+ if (len) {
+ memcpy(&ctx->buffer, data, len);
+ ctx->fillsize = len;
+ }
+ return 0;
+}
+
+static int streebog_final(struct shash_desc *desc, u8 *digest)
+{
+ struct streebog_state *ctx = shash_desc_ctx(desc);
+
+ streebog_stage3(ctx);
+ ctx->fillsize = 0;
+ if (crypto_shash_digestsize(desc->tfm) == STREEBOG256_DIGEST_SIZE)
+ memcpy(digest, &ctx->hash.qword[4], STREEBOG256_DIGEST_SIZE);
+ else
+ memcpy(digest, &ctx->hash.qword[0], STREEBOG512_DIGEST_SIZE);
+ return 0;
+}
+
+static struct shash_alg algs[2] = { {
+ .digestsize = STREEBOG256_DIGEST_SIZE,
+ .init = streebog_init,
+ .update = streebog_update,
+ .final = streebog_final,
+ .descsize = sizeof(struct streebog_state),
+ .base = {
+ .cra_name = "streebog256",
+ .cra_driver_name = "streebog256-generic",
+ .cra_blocksize = STREEBOG_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ },
+}, {
+ .digestsize = STREEBOG512_DIGEST_SIZE,
+ .init = streebog_init,
+ .update = streebog_update,
+ .final = streebog_final,
+ .descsize = sizeof(struct streebog_state),
+ .base = {
+ .cra_name = "streebog512",
+ .cra_driver_name = "streebog512-generic",
+ .cra_blocksize = STREEBOG_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
+ }
+} };
+
+static int __init streebog_mod_init(void)
+{
+ return crypto_register_shashes(algs, ARRAY_SIZE(algs));
+}
+
+static void __exit streebog_mod_fini(void)
+{
+ crypto_unregister_shashes(algs, ARRAY_SIZE(algs));
+}
+
+subsys_initcall(streebog_mod_init);
+module_exit(streebog_mod_fini);
+
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Vitaly Chikunov <vt@altlinux.org>");
+MODULE_DESCRIPTION("Streebog Hash Function");
+
+MODULE_ALIAS_CRYPTO("streebog256");
+MODULE_ALIAS_CRYPTO("streebog256-generic");
+MODULE_ALIAS_CRYPTO("streebog512");
+MODULE_ALIAS_CRYPTO("streebog512-generic");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 6e0a054..83ad0b1 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Quick & dirty crypto testing module.
*
@@ -14,12 +15,6 @@
* Gabriele Paoloni <gabriele.paoloni@intel.com>
* Tadeusz Struk (tadeusz.struk@intel.com)
* Copyright (c) 2010, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
@@ -76,11 +71,12 @@
"cast6", "arc4", "michael_mic", "deflate", "crc32c", "tea", "xtea",
"khazad", "wp512", "wp384", "wp256", "tnepres", "xeta", "fcrypt",
"camellia", "seed", "salsa20", "rmd128", "rmd160", "rmd256", "rmd320",
- "lzo", "cts", "zlib", "sha3-224", "sha3-256", "sha3-384", "sha3-512",
+ "lzo", "lzo-rle", "cts", "sha3-224", "sha3-256", "sha3-384",
+ "sha3-512", "streebog256", "streebog512",
NULL
};
-static u32 block_sizes[] = { 16, 64, 256, 1024, 8192, 0 };
+static u32 block_sizes[] = { 16, 64, 256, 1024, 1472, 8192, 0 };
static u32 aead_sizes[] = { 16, 64, 256, 512, 1024, 2048, 4096, 8192, 0 };
#define XBUFSIZE 8
@@ -1736,6 +1732,8 @@
ret += tcrypt_test("xts(aes)");
ret += tcrypt_test("ctr(aes)");
ret += tcrypt_test("rfc3686(ctr(aes))");
+ ret += tcrypt_test("ofb(aes)");
+ ret += tcrypt_test("cfb(aes)");
break;
case 11:
@@ -1881,10 +1879,6 @@
ret += tcrypt_test("ecb(seed)");
break;
- case 44:
- ret += tcrypt_test("zlib");
- break;
-
case 45:
ret += tcrypt_test("rfc4309(ccm(aes))");
break;
@@ -1917,6 +1911,14 @@
ret += tcrypt_test("sm3");
break;
+ case 53:
+ ret += tcrypt_test("streebog256");
+ break;
+
+ case 54:
+ ret += tcrypt_test("streebog512");
+ break;
+
case 100:
ret += tcrypt_test("hmac(md5)");
break;
@@ -1973,6 +1975,14 @@
ret += tcrypt_test("hmac(sha3-512)");
break;
+ case 115:
+ ret += tcrypt_test("hmac(streebog256)");
+ break;
+
+ case 116:
+ ret += tcrypt_test("hmac(streebog512)");
+ break;
+
case 150:
ret += tcrypt_test("ansi_cprng");
break;
@@ -2036,6 +2046,8 @@
break;
case 191:
ret += tcrypt_test("ecb(sm4)");
+ ret += tcrypt_test("cbc(sm4)");
+ ret += tcrypt_test("ctr(sm4)");
break;
case 200:
test_cipher_speed("ecb(aes)", ENCRYPT, sec, NULL, 0,
@@ -2062,6 +2074,10 @@
speed_template_16_24_32);
test_cipher_speed("ctr(aes)", DECRYPT, sec, NULL, 0,
speed_template_16_24_32);
+ test_cipher_speed("cfb(aes)", ENCRYPT, sec, NULL, 0,
+ speed_template_16_24_32);
+ test_cipher_speed("cfb(aes)", DECRYPT, sec, NULL, 0,
+ speed_template_16_24_32);
break;
case 201:
@@ -2285,6 +2301,48 @@
num_mb);
break;
+ case 218:
+ test_cipher_speed("ecb(sm4)", ENCRYPT, sec, NULL, 0,
+ speed_template_16);
+ test_cipher_speed("ecb(sm4)", DECRYPT, sec, NULL, 0,
+ speed_template_16);
+ test_cipher_speed("cbc(sm4)", ENCRYPT, sec, NULL, 0,
+ speed_template_16);
+ test_cipher_speed("cbc(sm4)", DECRYPT, sec, NULL, 0,
+ speed_template_16);
+ test_cipher_speed("ctr(sm4)", ENCRYPT, sec, NULL, 0,
+ speed_template_16);
+ test_cipher_speed("ctr(sm4)", DECRYPT, sec, NULL, 0,
+ speed_template_16);
+ break;
+
+ case 219:
+ test_cipher_speed("adiantum(xchacha12,aes)", ENCRYPT, sec, NULL,
+ 0, speed_template_32);
+ test_cipher_speed("adiantum(xchacha12,aes)", DECRYPT, sec, NULL,
+ 0, speed_template_32);
+ test_cipher_speed("adiantum(xchacha20,aes)", ENCRYPT, sec, NULL,
+ 0, speed_template_32);
+ test_cipher_speed("adiantum(xchacha20,aes)", DECRYPT, sec, NULL,
+ 0, speed_template_32);
+ break;
+
+ case 220:
+ test_acipher_speed("essiv(cbc(aes),sha256)",
+ ENCRYPT, sec, NULL, 0,
+ speed_template_16_24_32);
+ test_acipher_speed("essiv(cbc(aes),sha256)",
+ DECRYPT, sec, NULL, 0,
+ speed_template_16_24_32);
+ break;
+
+ case 221:
+ test_aead_speed("aegis128", ENCRYPT, sec,
+ NULL, 0, 16, 8, speed_template_16);
+ test_aead_speed("aegis128", DECRYPT, sec,
+ NULL, 0, 16, 8, speed_template_16);
+ break;
+
case 300:
if (alg) {
test_hash_speed(alg, sec, generic_hash_speed_template);
@@ -2395,6 +2453,16 @@
test_hash_speed("sm3", sec, generic_hash_speed_template);
if (mode > 300 && mode < 400) break;
/* fall through */
+ case 327:
+ test_hash_speed("streebog256", sec,
+ generic_hash_speed_template);
+ if (mode > 300 && mode < 400) break;
+ /* fall through */
+ case 328:
+ test_hash_speed("streebog512", sec,
+ generic_hash_speed_template);
+ if (mode > 300 && mode < 400) break;
+ /* fall through */
case 399:
break;
@@ -2508,6 +2576,16 @@
num_mb);
if (mode > 400 && mode < 500) break;
/* fall through */
+ case 426:
+ test_mb_ahash_speed("streebog256", sec,
+ generic_hash_speed_template, num_mb);
+ if (mode > 400 && mode < 500) break;
+ /* fall through */
+ case 427:
+ test_mb_ahash_speed("streebog512", sec,
+ generic_hash_speed_template, num_mb);
+ if (mode > 400 && mode < 500) break;
+ /* fall through */
case 499:
break;
@@ -2986,7 +3064,7 @@
*/
static void __exit tcrypt_mod_fini(void) { }
-module_init(tcrypt_mod_init);
+subsys_initcall(tcrypt_mod_init);
module_exit(tcrypt_mod_fini);
module_param(alg, charp, 0);
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index f0bfee1..7e5fea8 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Quick & dirty crypto testing module.
*
@@ -7,12 +8,6 @@
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
* Copyright (c) 2007 Nokia Siemens Networks
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#ifndef _CRYPTO_TCRYPT_H
#define _CRYPTO_TCRYPT_H
@@ -51,6 +46,7 @@
* Cipher speed tests
*/
static u8 speed_template_8[] = {8, 0};
+static u8 speed_template_16[] = {16, 0};
static u8 speed_template_24[] = {24, 0};
static u8 speed_template_8_16[] = {8, 16, 0};
static u8 speed_template_8_32[] = {8, 32, 0};
diff --git a/crypto/tea.c b/crypto/tea.c
index b70b441..02efc5d 100644
--- a/crypto/tea.c
+++ b/crypto/tea.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -11,12 +12,6 @@
* compatibility with these implementations.
*
* Copyright (c) 2004 Aaron Grothe ajgrothe@yahoo.com
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <linux/init.h>
@@ -221,6 +216,7 @@
static struct crypto_alg tea_algs[3] = { {
.cra_name = "tea",
+ .cra_driver_name = "tea-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = TEA_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct tea_ctx),
@@ -234,6 +230,7 @@
.cia_decrypt = tea_decrypt } }
}, {
.cra_name = "xtea",
+ .cra_driver_name = "xtea-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = XTEA_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct xtea_ctx),
@@ -247,6 +244,7 @@
.cia_decrypt = xtea_decrypt } }
}, {
.cra_name = "xeta",
+ .cra_driver_name = "xeta-generic",
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = XTEA_BLOCK_SIZE,
.cra_ctxsize = sizeof (struct xtea_ctx),
@@ -274,7 +272,7 @@
MODULE_ALIAS_CRYPTO("xtea");
MODULE_ALIAS_CRYPTO("xeta");
-module_init(tea_mod_init);
+subsys_initcall(tea_mod_init);
module_exit(tea_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/testmgr.c b/crypto/testmgr.c
index 1c9bf38..c39e39e 100644
--- a/crypto/testmgr.c
+++ b/crypto/testmgr.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Algorithm testing framework and tests.
*
@@ -5,6 +6,7 @@
* Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
* Copyright (c) 2007 Nokia Siemens Networks
* Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
+ * Copyright (c) 2019 Google LLC
*
* Updated RFC4106 AES-GCM testing.
* Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
@@ -12,12 +14,6 @@
* Gabriele Paoloni <gabriele.paoloni@intel.com>
* Tadeusz Struk (tadeusz.struk@intel.com)
* Copyright (c) 2010, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#include <crypto/aead.h>
@@ -26,6 +22,8 @@
#include <linux/err.h>
#include <linux/fips.h>
#include <linux/module.h>
+#include <linux/once.h>
+#include <linux/random.h>
#include <linux/scatterlist.h>
#include <linux/slab.h>
#include <linux/string.h>
@@ -34,6 +32,7 @@
#include <crypto/akcipher.h>
#include <crypto/kpp.h>
#include <crypto/acompress.h>
+#include <crypto/internal/simd.h>
#include "internal.h"
@@ -41,6 +40,22 @@
module_param(notests, bool, 0644);
MODULE_PARM_DESC(notests, "disable crypto self-tests");
+static bool panic_on_fail;
+module_param(panic_on_fail, bool, 0444);
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+static bool noextratests;
+module_param(noextratests, bool, 0644);
+MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests");
+
+static unsigned int fuzz_iterations = 100;
+module_param(fuzz_iterations, uint, 0644);
+MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations");
+
+DEFINE_PER_CPU(bool, crypto_simd_disabled_for_test);
+EXPORT_PER_CPU_SYMBOL_GPL(crypto_simd_disabled_for_test);
+#endif
+
#ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
/* a perfect nop */
@@ -59,28 +74,14 @@
#define XBUFSIZE 8
/*
- * Indexes into the xbuf to simulate cross-page access.
- */
-#define IDX1 32
-#define IDX2 32400
-#define IDX3 1511
-#define IDX4 8193
-#define IDX5 22222
-#define IDX6 17101
-#define IDX7 27333
-#define IDX8 3000
-
-/*
* Used by test_cipher()
*/
#define ENCRYPT 1
#define DECRYPT 0
struct aead_test_suite {
- struct {
- const struct aead_testvec *vecs;
- unsigned int count;
- } enc, dec;
+ const struct aead_testvec *vecs;
+ unsigned int count;
};
struct cipher_test_suite {
@@ -122,6 +123,7 @@
struct alg_test_desc {
const char *alg;
+ const char *generic_driver;
int (*test)(const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask);
int fips_allowed; /* set if alg is allowed in fips mode */
@@ -138,9 +140,6 @@
} suite;
};
-static const unsigned int IDX[8] = {
- IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 };
-
static void hexdump(unsigned char *buf, unsigned int len)
{
print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET,
@@ -148,12 +147,12 @@
buf, len, false);
}
-static int testmgr_alloc_buf(char *buf[XBUFSIZE])
+static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order)
{
int i;
for (i = 0; i < XBUFSIZE; i++) {
- buf[i] = (void *)__get_free_page(GFP_KERNEL);
+ buf[i] = (char *)__get_free_pages(GFP_KERNEL, order);
if (!buf[i])
goto err_free_buf;
}
@@ -162,856 +161,2187 @@
err_free_buf:
while (i-- > 0)
- free_page((unsigned long)buf[i]);
+ free_pages((unsigned long)buf[i], order);
return -ENOMEM;
}
-static void testmgr_free_buf(char *buf[XBUFSIZE])
+static int testmgr_alloc_buf(char *buf[XBUFSIZE])
+{
+ return __testmgr_alloc_buf(buf, 0);
+}
+
+static void __testmgr_free_buf(char *buf[XBUFSIZE], int order)
{
int i;
for (i = 0; i < XBUFSIZE; i++)
- free_page((unsigned long)buf[i]);
+ free_pages((unsigned long)buf[i], order);
}
-static int ahash_guard_result(char *result, char c, int size)
+static void testmgr_free_buf(char *buf[XBUFSIZE])
{
- int i;
-
- for (i = 0; i < size; i++) {
- if (result[i] != c)
- return -EINVAL;
- }
-
- return 0;
+ __testmgr_free_buf(buf, 0);
}
-static int ahash_partial_update(struct ahash_request **preq,
- struct crypto_ahash *tfm, const struct hash_testvec *template,
- void *hash_buff, int k, int temp, struct scatterlist *sg,
- const char *algo, char *result, struct crypto_wait *wait)
+#define TESTMGR_POISON_BYTE 0xfe
+#define TESTMGR_POISON_LEN 16
+
+static inline void testmgr_poison(void *addr, size_t len)
{
- char *state;
- struct ahash_request *req;
- int statesize, ret = -EINVAL;
- static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 };
- int digestsize = crypto_ahash_digestsize(tfm);
-
- req = *preq;
- statesize = crypto_ahash_statesize(
- crypto_ahash_reqtfm(req));
- state = kmalloc(statesize + sizeof(guard), GFP_KERNEL);
- if (!state) {
- pr_err("alg: hash: Failed to alloc state for %s\n", algo);
- goto out_nostate;
- }
- memcpy(state + statesize, guard, sizeof(guard));
- memset(result, 1, digestsize);
- ret = crypto_ahash_export(req, state);
- WARN_ON(memcmp(state + statesize, guard, sizeof(guard)));
- if (ret) {
- pr_err("alg: hash: Failed to export() for %s\n", algo);
- goto out;
- }
- ret = ahash_guard_result(result, 1, digestsize);
- if (ret) {
- pr_err("alg: hash: Failed, export used req->result for %s\n",
- algo);
- goto out;
- }
- ahash_request_free(req);
- req = ahash_request_alloc(tfm, GFP_KERNEL);
- if (!req) {
- pr_err("alg: hash: Failed to alloc request for %s\n", algo);
- goto out_noreq;
- }
- ahash_request_set_callback(req,
- CRYPTO_TFM_REQ_MAY_BACKLOG,
- crypto_req_done, wait);
-
- memcpy(hash_buff, template->plaintext + temp,
- template->tap[k]);
- sg_init_one(&sg[0], hash_buff, template->tap[k]);
- ahash_request_set_crypt(req, sg, result, template->tap[k]);
- ret = crypto_ahash_import(req, state);
- if (ret) {
- pr_err("alg: hash: Failed to import() for %s\n", algo);
- goto out;
- }
- ret = ahash_guard_result(result, 1, digestsize);
- if (ret) {
- pr_err("alg: hash: Failed, import used req->result for %s\n",
- algo);
- goto out;
- }
- ret = crypto_wait_req(crypto_ahash_update(req), wait);
- if (ret)
- goto out;
- *preq = req;
- ret = 0;
- goto out_noreq;
-out:
- ahash_request_free(req);
-out_noreq:
- kfree(state);
-out_nostate:
- return ret;
+ memset(addr, TESTMGR_POISON_BYTE, len);
}
-enum hash_test {
- HASH_TEST_DIGEST,
- HASH_TEST_FINAL,
- HASH_TEST_FINUP
+/* Is the memory region still fully poisoned? */
+static inline bool testmgr_is_poison(const void *addr, size_t len)
+{
+ return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL;
+}
+
+/* flush type for hash algorithms */
+enum flush_type {
+ /* merge with update of previous buffer(s) */
+ FLUSH_TYPE_NONE = 0,
+
+ /* update with previous buffer(s) before doing this one */
+ FLUSH_TYPE_FLUSH,
+
+ /* likewise, but also export and re-import the intermediate state */
+ FLUSH_TYPE_REIMPORT,
};
-static int __test_hash(struct crypto_ahash *tfm,
- const struct hash_testvec *template, unsigned int tcount,
- enum hash_test test_type, const int align_offset)
+/* finalization function for hash algorithms */
+enum finalization_type {
+ FINALIZATION_TYPE_FINAL, /* use final() */
+ FINALIZATION_TYPE_FINUP, /* use finup() */
+ FINALIZATION_TYPE_DIGEST, /* use digest() */
+};
+
+#define TEST_SG_TOTAL 10000
+
+/**
+ * struct test_sg_division - description of a scatterlist entry
+ *
+ * This struct describes one entry of a scatterlist being constructed to check a
+ * crypto test vector.
+ *
+ * @proportion_of_total: length of this chunk relative to the total length,
+ * given as a proportion out of TEST_SG_TOTAL so that it
+ * scales to fit any test vector
+ * @offset: byte offset into a 2-page buffer at which this chunk will start
+ * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the
+ * @offset
+ * @flush_type: for hashes, whether an update() should be done now vs.
+ * continuing to accumulate data
+ * @nosimd: if doing the pending update(), do it with SIMD disabled?
+ */
+struct test_sg_division {
+ unsigned int proportion_of_total;
+ unsigned int offset;
+ bool offset_relative_to_alignmask;
+ enum flush_type flush_type;
+ bool nosimd;
+};
+
+/**
+ * struct testvec_config - configuration for testing a crypto test vector
+ *
+ * This struct describes the data layout and other parameters with which each
+ * crypto test vector can be tested.
+ *
+ * @name: name of this config, logged for debugging purposes if a test fails
+ * @inplace: operate on the data in-place, if applicable for the algorithm type?
+ * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP
+ * @src_divs: description of how to arrange the source scatterlist
+ * @dst_divs: description of how to arrange the dst scatterlist, if applicable
+ * for the algorithm type. Defaults to @src_divs if unset.
+ * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1],
+ * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary
+ * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to
+ * the @iv_offset
+ * @finalization_type: what finalization function to use for hashes
+ * @nosimd: execute with SIMD disabled? Requires !CRYPTO_TFM_REQ_MAY_SLEEP.
+ */
+struct testvec_config {
+ const char *name;
+ bool inplace;
+ u32 req_flags;
+ struct test_sg_division src_divs[XBUFSIZE];
+ struct test_sg_division dst_divs[XBUFSIZE];
+ unsigned int iv_offset;
+ bool iv_offset_relative_to_alignmask;
+ enum finalization_type finalization_type;
+ bool nosimd;
+};
+
+#define TESTVEC_CONFIG_NAMELEN 192
+
+/*
+ * The following are the lists of testvec_configs to test for each algorithm
+ * type when the basic crypto self-tests are enabled, i.e. when
+ * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test
+ * coverage, while keeping the test time much shorter than the full fuzz tests
+ * so that the basic tests can be enabled in a wider range of circumstances.
+ */
+
+/* Configs for skciphers and aeads */
+static const struct testvec_config default_cipher_testvec_configs[] = {
+ {
+ .name = "in-place",
+ .inplace = true,
+ .src_divs = { { .proportion_of_total = 10000 } },
+ }, {
+ .name = "out-of-place",
+ .src_divs = { { .proportion_of_total = 10000 } },
+ }, {
+ .name = "unaligned buffer, offset=1",
+ .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
+ .iv_offset = 1,
+ }, {
+ .name = "buffer aligned only to alignmask",
+ .src_divs = {
+ {
+ .proportion_of_total = 10000,
+ .offset = 1,
+ .offset_relative_to_alignmask = true,
+ },
+ },
+ .iv_offset = 1,
+ .iv_offset_relative_to_alignmask = true,
+ }, {
+ .name = "two even aligned splits",
+ .src_divs = {
+ { .proportion_of_total = 5000 },
+ { .proportion_of_total = 5000 },
+ },
+ }, {
+ .name = "uneven misaligned splits, may sleep",
+ .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
+ .src_divs = {
+ { .proportion_of_total = 1900, .offset = 33 },
+ { .proportion_of_total = 3300, .offset = 7 },
+ { .proportion_of_total = 4800, .offset = 18 },
+ },
+ .iv_offset = 3,
+ }, {
+ .name = "misaligned splits crossing pages, inplace",
+ .inplace = true,
+ .src_divs = {
+ {
+ .proportion_of_total = 7500,
+ .offset = PAGE_SIZE - 32
+ }, {
+ .proportion_of_total = 2500,
+ .offset = PAGE_SIZE - 7
+ },
+ },
+ }
+};
+
+static const struct testvec_config default_hash_testvec_configs[] = {
+ {
+ .name = "init+update+final aligned buffer",
+ .src_divs = { { .proportion_of_total = 10000 } },
+ .finalization_type = FINALIZATION_TYPE_FINAL,
+ }, {
+ .name = "init+finup aligned buffer",
+ .src_divs = { { .proportion_of_total = 10000 } },
+ .finalization_type = FINALIZATION_TYPE_FINUP,
+ }, {
+ .name = "digest aligned buffer",
+ .src_divs = { { .proportion_of_total = 10000 } },
+ .finalization_type = FINALIZATION_TYPE_DIGEST,
+ }, {
+ .name = "init+update+final misaligned buffer",
+ .src_divs = { { .proportion_of_total = 10000, .offset = 1 } },
+ .finalization_type = FINALIZATION_TYPE_FINAL,
+ }, {
+ .name = "digest buffer aligned only to alignmask",
+ .src_divs = {
+ {
+ .proportion_of_total = 10000,
+ .offset = 1,
+ .offset_relative_to_alignmask = true,
+ },
+ },
+ .finalization_type = FINALIZATION_TYPE_DIGEST,
+ }, {
+ .name = "init+update+update+final two even splits",
+ .src_divs = {
+ { .proportion_of_total = 5000 },
+ {
+ .proportion_of_total = 5000,
+ .flush_type = FLUSH_TYPE_FLUSH,
+ },
+ },
+ .finalization_type = FINALIZATION_TYPE_FINAL,
+ }, {
+ .name = "digest uneven misaligned splits, may sleep",
+ .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP,
+ .src_divs = {
+ { .proportion_of_total = 1900, .offset = 33 },
+ { .proportion_of_total = 3300, .offset = 7 },
+ { .proportion_of_total = 4800, .offset = 18 },
+ },
+ .finalization_type = FINALIZATION_TYPE_DIGEST,
+ }, {
+ .name = "digest misaligned splits crossing pages",
+ .src_divs = {
+ {
+ .proportion_of_total = 7500,
+ .offset = PAGE_SIZE - 32,
+ }, {
+ .proportion_of_total = 2500,
+ .offset = PAGE_SIZE - 7,
+ },
+ },
+ .finalization_type = FINALIZATION_TYPE_DIGEST,
+ }, {
+ .name = "import/export",
+ .src_divs = {
+ {
+ .proportion_of_total = 6500,
+ .flush_type = FLUSH_TYPE_REIMPORT,
+ }, {
+ .proportion_of_total = 3500,
+ .flush_type = FLUSH_TYPE_REIMPORT,
+ },
+ },
+ .finalization_type = FINALIZATION_TYPE_FINAL,
+ }
+};
+
+static unsigned int count_test_sg_divisions(const struct test_sg_division *divs)
{
- const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm));
- size_t digest_size = crypto_ahash_digestsize(tfm);
- unsigned int i, j, k, temp;
- struct scatterlist sg[8];
- char *result;
- char *key;
- struct ahash_request *req;
- struct crypto_wait wait;
- void *hash_buff;
- char *xbuf[XBUFSIZE];
- int ret = -ENOMEM;
+ unsigned int remaining = TEST_SG_TOTAL;
+ unsigned int ndivs = 0;
- result = kmalloc(digest_size, GFP_KERNEL);
- if (!result)
- return ret;
- key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
- if (!key)
- goto out_nobuf;
- if (testmgr_alloc_buf(xbuf))
- goto out_nobuf;
+ do {
+ remaining -= divs[ndivs++].proportion_of_total;
+ } while (remaining);
- crypto_init_wait(&wait);
-
- req = ahash_request_alloc(tfm, GFP_KERNEL);
- if (!req) {
- printk(KERN_ERR "alg: hash: Failed to allocate request for "
- "%s\n", algo);
- goto out_noreq;
- }
- ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- crypto_req_done, &wait);
-
- j = 0;
- for (i = 0; i < tcount; i++) {
- if (template[i].np)
- continue;
-
- ret = -EINVAL;
- if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE))
- goto out;
-
- j++;
- memset(result, 0, digest_size);
-
- hash_buff = xbuf[0];
- hash_buff += align_offset;
-
- memcpy(hash_buff, template[i].plaintext, template[i].psize);
- sg_init_one(&sg[0], hash_buff, template[i].psize);
-
- if (template[i].ksize) {
- crypto_ahash_clear_flags(tfm, ~0);
- if (template[i].ksize > MAX_KEYLEN) {
- pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
- j, algo, template[i].ksize, MAX_KEYLEN);
- ret = -EINVAL;
- goto out;
- }
- memcpy(key, template[i].key, template[i].ksize);
- ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
- if (ret) {
- printk(KERN_ERR "alg: hash: setkey failed on "
- "test %d for %s: ret=%d\n", j, algo,
- -ret);
- goto out;
- }
- }
-
- ahash_request_set_crypt(req, sg, result, template[i].psize);
- switch (test_type) {
- case HASH_TEST_DIGEST:
- ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
- if (ret) {
- pr_err("alg: hash: digest failed on test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- break;
-
- case HASH_TEST_FINAL:
- memset(result, 1, digest_size);
- ret = crypto_wait_req(crypto_ahash_init(req), &wait);
- if (ret) {
- pr_err("alg: hash: init failed on test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- ret = ahash_guard_result(result, 1, digest_size);
- if (ret) {
- pr_err("alg: hash: init failed on test %d "
- "for %s: used req->result\n", j, algo);
- goto out;
- }
- ret = crypto_wait_req(crypto_ahash_update(req), &wait);
- if (ret) {
- pr_err("alg: hash: update failed on test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- ret = ahash_guard_result(result, 1, digest_size);
- if (ret) {
- pr_err("alg: hash: update failed on test %d "
- "for %s: used req->result\n", j, algo);
- goto out;
- }
- ret = crypto_wait_req(crypto_ahash_final(req), &wait);
- if (ret) {
- pr_err("alg: hash: final failed on test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- break;
-
- case HASH_TEST_FINUP:
- memset(result, 1, digest_size);
- ret = crypto_wait_req(crypto_ahash_init(req), &wait);
- if (ret) {
- pr_err("alg: hash: init failed on test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- ret = ahash_guard_result(result, 1, digest_size);
- if (ret) {
- pr_err("alg: hash: init failed on test %d "
- "for %s: used req->result\n", j, algo);
- goto out;
- }
- ret = crypto_wait_req(crypto_ahash_finup(req), &wait);
- if (ret) {
- pr_err("alg: hash: final failed on test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- break;
- }
-
- if (memcmp(result, template[i].digest,
- crypto_ahash_digestsize(tfm))) {
- printk(KERN_ERR "alg: hash: Test %d failed for %s\n",
- j, algo);
- hexdump(result, crypto_ahash_digestsize(tfm));
- ret = -EINVAL;
- goto out;
- }
- }
-
- if (test_type)
- goto out;
-
- j = 0;
- for (i = 0; i < tcount; i++) {
- /* alignment tests are only done with continuous buffers */
- if (align_offset != 0)
- break;
-
- if (!template[i].np)
- continue;
-
- j++;
- memset(result, 0, digest_size);
-
- temp = 0;
- sg_init_table(sg, template[i].np);
- ret = -EINVAL;
- for (k = 0; k < template[i].np; k++) {
- if (WARN_ON(offset_in_page(IDX[k]) +
- template[i].tap[k] > PAGE_SIZE))
- goto out;
- sg_set_buf(&sg[k],
- memcpy(xbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]),
- template[i].plaintext + temp,
- template[i].tap[k]),
- template[i].tap[k]);
- temp += template[i].tap[k];
- }
-
- if (template[i].ksize) {
- if (template[i].ksize > MAX_KEYLEN) {
- pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
- j, algo, template[i].ksize, MAX_KEYLEN);
- ret = -EINVAL;
- goto out;
- }
- crypto_ahash_clear_flags(tfm, ~0);
- memcpy(key, template[i].key, template[i].ksize);
- ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
-
- if (ret) {
- printk(KERN_ERR "alg: hash: setkey "
- "failed on chunking test %d "
- "for %s: ret=%d\n", j, algo, -ret);
- goto out;
- }
- }
-
- ahash_request_set_crypt(req, sg, result, template[i].psize);
- ret = crypto_wait_req(crypto_ahash_digest(req), &wait);
- if (ret) {
- pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n",
- j, algo, -ret);
- goto out;
- }
-
- if (memcmp(result, template[i].digest,
- crypto_ahash_digestsize(tfm))) {
- printk(KERN_ERR "alg: hash: Chunking test %d "
- "failed for %s\n", j, algo);
- hexdump(result, crypto_ahash_digestsize(tfm));
- ret = -EINVAL;
- goto out;
- }
- }
-
- /* partial update exercise */
- j = 0;
- for (i = 0; i < tcount; i++) {
- /* alignment tests are only done with continuous buffers */
- if (align_offset != 0)
- break;
-
- if (template[i].np < 2)
- continue;
-
- j++;
- memset(result, 0, digest_size);
-
- ret = -EINVAL;
- hash_buff = xbuf[0];
- memcpy(hash_buff, template[i].plaintext,
- template[i].tap[0]);
- sg_init_one(&sg[0], hash_buff, template[i].tap[0]);
-
- if (template[i].ksize) {
- crypto_ahash_clear_flags(tfm, ~0);
- if (template[i].ksize > MAX_KEYLEN) {
- pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n",
- j, algo, template[i].ksize, MAX_KEYLEN);
- ret = -EINVAL;
- goto out;
- }
- memcpy(key, template[i].key, template[i].ksize);
- ret = crypto_ahash_setkey(tfm, key, template[i].ksize);
- if (ret) {
- pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n",
- j, algo, -ret);
- goto out;
- }
- }
-
- ahash_request_set_crypt(req, sg, result, template[i].tap[0]);
- ret = crypto_wait_req(crypto_ahash_init(req), &wait);
- if (ret) {
- pr_err("alg: hash: init failed on test %d for %s: ret=%d\n",
- j, algo, -ret);
- goto out;
- }
- ret = crypto_wait_req(crypto_ahash_update(req), &wait);
- if (ret) {
- pr_err("alg: hash: update failed on test %d for %s: ret=%d\n",
- j, algo, -ret);
- goto out;
- }
-
- temp = template[i].tap[0];
- for (k = 1; k < template[i].np; k++) {
- ret = ahash_partial_update(&req, tfm, &template[i],
- hash_buff, k, temp, &sg[0], algo, result,
- &wait);
- if (ret) {
- pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n",
- j, algo, -ret);
- goto out_noreq;
- }
- temp += template[i].tap[k];
- }
- ret = crypto_wait_req(crypto_ahash_final(req), &wait);
- if (ret) {
- pr_err("alg: hash: final failed on test %d for %s: ret=%d\n",
- j, algo, -ret);
- goto out;
- }
- if (memcmp(result, template[i].digest,
- crypto_ahash_digestsize(tfm))) {
- pr_err("alg: hash: Partial Test %d failed for %s\n",
- j, algo);
- hexdump(result, crypto_ahash_digestsize(tfm));
- ret = -EINVAL;
- goto out;
- }
- }
-
- ret = 0;
-
-out:
- ahash_request_free(req);
-out_noreq:
- testmgr_free_buf(xbuf);
-out_nobuf:
- kfree(key);
- kfree(result);
- return ret;
+ return ndivs;
}
-static int test_hash(struct crypto_ahash *tfm,
- const struct hash_testvec *template,
- unsigned int tcount, enum hash_test test_type)
+#define SGDIVS_HAVE_FLUSHES BIT(0)
+#define SGDIVS_HAVE_NOSIMD BIT(1)
+
+static bool valid_sg_divisions(const struct test_sg_division *divs,
+ unsigned int count, int *flags_ret)
{
- unsigned int alignmask;
- int ret;
+ unsigned int total = 0;
+ unsigned int i;
- ret = __test_hash(tfm, template, tcount, test_type, 0);
- if (ret)
- return ret;
+ for (i = 0; i < count && total != TEST_SG_TOTAL; i++) {
+ if (divs[i].proportion_of_total <= 0 ||
+ divs[i].proportion_of_total > TEST_SG_TOTAL - total)
+ return false;
+ total += divs[i].proportion_of_total;
+ if (divs[i].flush_type != FLUSH_TYPE_NONE)
+ *flags_ret |= SGDIVS_HAVE_FLUSHES;
+ if (divs[i].nosimd)
+ *flags_ret |= SGDIVS_HAVE_NOSIMD;
+ }
+ return total == TEST_SG_TOTAL &&
+ memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL;
+}
- /* test unaligned buffers, check with one byte offset */
- ret = __test_hash(tfm, template, tcount, test_type, 1);
- if (ret)
- return ret;
+/*
+ * Check whether the given testvec_config is valid. This isn't strictly needed
+ * since every testvec_config should be valid, but check anyway so that people
+ * don't unknowingly add broken configs that don't do what they wanted.
+ */
+static bool valid_testvec_config(const struct testvec_config *cfg)
+{
+ int flags = 0;
- alignmask = crypto_tfm_alg_alignmask(&tfm->base);
- if (alignmask) {
- /* Check if alignment mask for tfm is correctly set. */
- ret = __test_hash(tfm, template, tcount, test_type,
- alignmask + 1);
- if (ret)
- return ret;
+ if (cfg->name == NULL)
+ return false;
+
+ if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs),
+ &flags))
+ return false;
+
+ if (cfg->dst_divs[0].proportion_of_total) {
+ if (!valid_sg_divisions(cfg->dst_divs,
+ ARRAY_SIZE(cfg->dst_divs), &flags))
+ return false;
+ } else {
+ if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs)))
+ return false;
+ /* defaults to dst_divs=src_divs */
+ }
+
+ if (cfg->iv_offset +
+ (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) >
+ MAX_ALGAPI_ALIGNMASK + 1)
+ return false;
+
+ if ((flags & (SGDIVS_HAVE_FLUSHES | SGDIVS_HAVE_NOSIMD)) &&
+ cfg->finalization_type == FINALIZATION_TYPE_DIGEST)
+ return false;
+
+ if ((cfg->nosimd || (flags & SGDIVS_HAVE_NOSIMD)) &&
+ (cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP))
+ return false;
+
+ return true;
+}
+
+struct test_sglist {
+ char *bufs[XBUFSIZE];
+ struct scatterlist sgl[XBUFSIZE];
+ struct scatterlist sgl_saved[XBUFSIZE];
+ struct scatterlist *sgl_ptr;
+ unsigned int nents;
+};
+
+static int init_test_sglist(struct test_sglist *tsgl)
+{
+ return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */);
+}
+
+static void destroy_test_sglist(struct test_sglist *tsgl)
+{
+ return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */);
+}
+
+/**
+ * build_test_sglist() - build a scatterlist for a crypto test
+ *
+ * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page
+ * buffers which the scatterlist @tsgl->sgl[] will be made to point into.
+ * @divs: the layout specification on which the scatterlist will be based
+ * @alignmask: the algorithm's alignmask
+ * @total_len: the total length of the scatterlist to build in bytes
+ * @data: if non-NULL, the buffers will be filled with this data until it ends.
+ * Otherwise the buffers will be poisoned. In both cases, some bytes
+ * past the end of each buffer will be poisoned to help detect overruns.
+ * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry
+ * corresponds will be returned here. This will match @divs except
+ * that divisions resolving to a length of 0 are omitted as they are
+ * not included in the scatterlist.
+ *
+ * Return: 0 or a -errno value
+ */
+static int build_test_sglist(struct test_sglist *tsgl,
+ const struct test_sg_division *divs,
+ const unsigned int alignmask,
+ const unsigned int total_len,
+ struct iov_iter *data,
+ const struct test_sg_division *out_divs[XBUFSIZE])
+{
+ struct {
+ const struct test_sg_division *div;
+ size_t length;
+ } partitions[XBUFSIZE];
+ const unsigned int ndivs = count_test_sg_divisions(divs);
+ unsigned int len_remaining = total_len;
+ unsigned int i;
+
+ BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl));
+ if (WARN_ON(ndivs > ARRAY_SIZE(partitions)))
+ return -EINVAL;
+
+ /* Calculate the (div, length) pairs */
+ tsgl->nents = 0;
+ for (i = 0; i < ndivs; i++) {
+ unsigned int len_this_sg =
+ min(len_remaining,
+ (total_len * divs[i].proportion_of_total +
+ TEST_SG_TOTAL / 2) / TEST_SG_TOTAL);
+
+ if (len_this_sg != 0) {
+ partitions[tsgl->nents].div = &divs[i];
+ partitions[tsgl->nents].length = len_this_sg;
+ tsgl->nents++;
+ len_remaining -= len_this_sg;
+ }
+ }
+ if (tsgl->nents == 0) {
+ partitions[tsgl->nents].div = &divs[0];
+ partitions[tsgl->nents].length = 0;
+ tsgl->nents++;
+ }
+ partitions[tsgl->nents - 1].length += len_remaining;
+
+ /* Set up the sgl entries and fill the data or poison */
+ sg_init_table(tsgl->sgl, tsgl->nents);
+ for (i = 0; i < tsgl->nents; i++) {
+ unsigned int offset = partitions[i].div->offset;
+ void *addr;
+
+ if (partitions[i].div->offset_relative_to_alignmask)
+ offset += alignmask;
+
+ while (offset + partitions[i].length + TESTMGR_POISON_LEN >
+ 2 * PAGE_SIZE) {
+ if (WARN_ON(offset <= 0))
+ return -EINVAL;
+ offset /= 2;
+ }
+
+ addr = &tsgl->bufs[i][offset];
+ sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length);
+
+ if (out_divs)
+ out_divs[i] = partitions[i].div;
+
+ if (data) {
+ size_t copy_len, copied;
+
+ copy_len = min(partitions[i].length, data->count);
+ copied = copy_from_iter(addr, copy_len, data);
+ if (WARN_ON(copied != copy_len))
+ return -EINVAL;
+ testmgr_poison(addr + copy_len, partitions[i].length +
+ TESTMGR_POISON_LEN - copy_len);
+ } else {
+ testmgr_poison(addr, partitions[i].length +
+ TESTMGR_POISON_LEN);
+ }
+ }
+
+ sg_mark_end(&tsgl->sgl[tsgl->nents - 1]);
+ tsgl->sgl_ptr = tsgl->sgl;
+ memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0]));
+ return 0;
+}
+
+/*
+ * Verify that a scatterlist crypto operation produced the correct output.
+ *
+ * @tsgl: scatterlist containing the actual output
+ * @expected_output: buffer containing the expected output
+ * @len_to_check: length of @expected_output in bytes
+ * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result
+ * @check_poison: verify that the poison bytes after each chunk are intact?
+ *
+ * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun.
+ */
+static int verify_correct_output(const struct test_sglist *tsgl,
+ const char *expected_output,
+ unsigned int len_to_check,
+ unsigned int unchecked_prefix_len,
+ bool check_poison)
+{
+ unsigned int i;
+
+ for (i = 0; i < tsgl->nents; i++) {
+ struct scatterlist *sg = &tsgl->sgl_ptr[i];
+ unsigned int len = sg->length;
+ unsigned int offset = sg->offset;
+ const char *actual_output;
+
+ if (unchecked_prefix_len) {
+ if (unchecked_prefix_len >= len) {
+ unchecked_prefix_len -= len;
+ continue;
+ }
+ offset += unchecked_prefix_len;
+ len -= unchecked_prefix_len;
+ unchecked_prefix_len = 0;
+ }
+ len = min(len, len_to_check);
+ actual_output = page_address(sg_page(sg)) + offset;
+ if (memcmp(expected_output, actual_output, len) != 0)
+ return -EINVAL;
+ if (check_poison &&
+ !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN))
+ return -EOVERFLOW;
+ len_to_check -= len;
+ expected_output += len;
+ }
+ if (WARN_ON(len_to_check != 0))
+ return -EINVAL;
+ return 0;
+}
+
+static bool is_test_sglist_corrupted(const struct test_sglist *tsgl)
+{
+ unsigned int i;
+
+ for (i = 0; i < tsgl->nents; i++) {
+ if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link)
+ return true;
+ if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset)
+ return true;
+ if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length)
+ return true;
+ }
+ return false;
+}
+
+struct cipher_test_sglists {
+ struct test_sglist src;
+ struct test_sglist dst;
+};
+
+static struct cipher_test_sglists *alloc_cipher_test_sglists(void)
+{
+ struct cipher_test_sglists *tsgls;
+
+ tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL);
+ if (!tsgls)
+ return NULL;
+
+ if (init_test_sglist(&tsgls->src) != 0)
+ goto fail_kfree;
+ if (init_test_sglist(&tsgls->dst) != 0)
+ goto fail_destroy_src;
+
+ return tsgls;
+
+fail_destroy_src:
+ destroy_test_sglist(&tsgls->src);
+fail_kfree:
+ kfree(tsgls);
+ return NULL;
+}
+
+static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls)
+{
+ if (tsgls) {
+ destroy_test_sglist(&tsgls->src);
+ destroy_test_sglist(&tsgls->dst);
+ kfree(tsgls);
+ }
+}
+
+/* Build the src and dst scatterlists for an skcipher or AEAD test */
+static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls,
+ const struct testvec_config *cfg,
+ unsigned int alignmask,
+ unsigned int src_total_len,
+ unsigned int dst_total_len,
+ const struct kvec *inputs,
+ unsigned int nr_inputs)
+{
+ struct iov_iter input;
+ int err;
+
+ iov_iter_kvec(&input, WRITE, inputs, nr_inputs, src_total_len);
+ err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask,
+ cfg->inplace ?
+ max(dst_total_len, src_total_len) :
+ src_total_len,
+ &input, NULL);
+ if (err)
+ return err;
+
+ if (cfg->inplace) {
+ tsgls->dst.sgl_ptr = tsgls->src.sgl;
+ tsgls->dst.nents = tsgls->src.nents;
+ return 0;
+ }
+ return build_test_sglist(&tsgls->dst,
+ cfg->dst_divs[0].proportion_of_total ?
+ cfg->dst_divs : cfg->src_divs,
+ alignmask, dst_total_len, NULL, NULL);
+}
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+
+/* Generate a random length in range [0, max_len], but prefer smaller values */
+static unsigned int generate_random_length(unsigned int max_len)
+{
+ unsigned int len = prandom_u32() % (max_len + 1);
+
+ switch (prandom_u32() % 4) {
+ case 0:
+ return len % 64;
+ case 1:
+ return len % 256;
+ case 2:
+ return len % 1024;
+ default:
+ return len;
+ }
+}
+
+/* Sometimes make some random changes to the given data buffer */
+static void mutate_buffer(u8 *buf, size_t count)
+{
+ size_t num_flips;
+ size_t i;
+ size_t pos;
+
+ /* Sometimes flip some bits */
+ if (prandom_u32() % 4 == 0) {
+ num_flips = min_t(size_t, 1 << (prandom_u32() % 8), count * 8);
+ for (i = 0; i < num_flips; i++) {
+ pos = prandom_u32() % (count * 8);
+ buf[pos / 8] ^= 1 << (pos % 8);
+ }
+ }
+
+ /* Sometimes flip some bytes */
+ if (prandom_u32() % 4 == 0) {
+ num_flips = min_t(size_t, 1 << (prandom_u32() % 8), count);
+ for (i = 0; i < num_flips; i++)
+ buf[prandom_u32() % count] ^= 0xff;
+ }
+}
+
+/* Randomly generate 'count' bytes, but sometimes make them "interesting" */
+static void generate_random_bytes(u8 *buf, size_t count)
+{
+ u8 b;
+ u8 increment;
+ size_t i;
+
+ if (count == 0)
+ return;
+
+ switch (prandom_u32() % 8) { /* Choose a generation strategy */
+ case 0:
+ case 1:
+ /* All the same byte, plus optional mutations */
+ switch (prandom_u32() % 4) {
+ case 0:
+ b = 0x00;
+ break;
+ case 1:
+ b = 0xff;
+ break;
+ default:
+ b = (u8)prandom_u32();
+ break;
+ }
+ memset(buf, b, count);
+ mutate_buffer(buf, count);
+ break;
+ case 2:
+ /* Ascending or descending bytes, plus optional mutations */
+ increment = (u8)prandom_u32();
+ b = (u8)prandom_u32();
+ for (i = 0; i < count; i++, b += increment)
+ buf[i] = b;
+ mutate_buffer(buf, count);
+ break;
+ default:
+ /* Fully random bytes */
+ for (i = 0; i < count; i++)
+ buf[i] = (u8)prandom_u32();
+ }
+}
+
+static char *generate_random_sgl_divisions(struct test_sg_division *divs,
+ size_t max_divs, char *p, char *end,
+ bool gen_flushes, u32 req_flags)
+{
+ struct test_sg_division *div = divs;
+ unsigned int remaining = TEST_SG_TOTAL;
+
+ do {
+ unsigned int this_len;
+ const char *flushtype_str;
+
+ if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0)
+ this_len = remaining;
+ else
+ this_len = 1 + (prandom_u32() % remaining);
+ div->proportion_of_total = this_len;
+
+ if (prandom_u32() % 4 == 0)
+ div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128);
+ else if (prandom_u32() % 2 == 0)
+ div->offset = prandom_u32() % 32;
+ else
+ div->offset = prandom_u32() % PAGE_SIZE;
+ if (prandom_u32() % 8 == 0)
+ div->offset_relative_to_alignmask = true;
+
+ div->flush_type = FLUSH_TYPE_NONE;
+ if (gen_flushes) {
+ switch (prandom_u32() % 4) {
+ case 0:
+ div->flush_type = FLUSH_TYPE_REIMPORT;
+ break;
+ case 1:
+ div->flush_type = FLUSH_TYPE_FLUSH;
+ break;
+ }
+ }
+
+ if (div->flush_type != FLUSH_TYPE_NONE &&
+ !(req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
+ prandom_u32() % 2 == 0)
+ div->nosimd = true;
+
+ switch (div->flush_type) {
+ case FLUSH_TYPE_FLUSH:
+ if (div->nosimd)
+ flushtype_str = "<flush,nosimd>";
+ else
+ flushtype_str = "<flush>";
+ break;
+ case FLUSH_TYPE_REIMPORT:
+ if (div->nosimd)
+ flushtype_str = "<reimport,nosimd>";
+ else
+ flushtype_str = "<reimport>";
+ break;
+ default:
+ flushtype_str = "";
+ break;
+ }
+
+ BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */
+ p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", flushtype_str,
+ this_len / 100, this_len % 100,
+ div->offset_relative_to_alignmask ?
+ "alignmask" : "",
+ div->offset, this_len == remaining ? "" : ", ");
+ remaining -= this_len;
+ div++;
+ } while (remaining);
+
+ return p;
+}
+
+/* Generate a random testvec_config for fuzz testing */
+static void generate_random_testvec_config(struct testvec_config *cfg,
+ char *name, size_t max_namelen)
+{
+ char *p = name;
+ char * const end = name + max_namelen;
+
+ memset(cfg, 0, sizeof(*cfg));
+
+ cfg->name = name;
+
+ p += scnprintf(p, end - p, "random:");
+
+ if (prandom_u32() % 2 == 0) {
+ cfg->inplace = true;
+ p += scnprintf(p, end - p, " inplace");
+ }
+
+ if (prandom_u32() % 2 == 0) {
+ cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP;
+ p += scnprintf(p, end - p, " may_sleep");
+ }
+
+ switch (prandom_u32() % 4) {
+ case 0:
+ cfg->finalization_type = FINALIZATION_TYPE_FINAL;
+ p += scnprintf(p, end - p, " use_final");
+ break;
+ case 1:
+ cfg->finalization_type = FINALIZATION_TYPE_FINUP;
+ p += scnprintf(p, end - p, " use_finup");
+ break;
+ default:
+ cfg->finalization_type = FINALIZATION_TYPE_DIGEST;
+ p += scnprintf(p, end - p, " use_digest");
+ break;
+ }
+
+ if (!(cfg->req_flags & CRYPTO_TFM_REQ_MAY_SLEEP) &&
+ prandom_u32() % 2 == 0) {
+ cfg->nosimd = true;
+ p += scnprintf(p, end - p, " nosimd");
+ }
+
+ p += scnprintf(p, end - p, " src_divs=[");
+ p = generate_random_sgl_divisions(cfg->src_divs,
+ ARRAY_SIZE(cfg->src_divs), p, end,
+ (cfg->finalization_type !=
+ FINALIZATION_TYPE_DIGEST),
+ cfg->req_flags);
+ p += scnprintf(p, end - p, "]");
+
+ if (!cfg->inplace && prandom_u32() % 2 == 0) {
+ p += scnprintf(p, end - p, " dst_divs=[");
+ p = generate_random_sgl_divisions(cfg->dst_divs,
+ ARRAY_SIZE(cfg->dst_divs),
+ p, end, false,
+ cfg->req_flags);
+ p += scnprintf(p, end - p, "]");
+ }
+
+ if (prandom_u32() % 2 == 0) {
+ cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK);
+ p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset);
+ }
+
+ WARN_ON_ONCE(!valid_testvec_config(cfg));
+}
+
+static void crypto_disable_simd_for_test(void)
+{
+ preempt_disable();
+ __this_cpu_write(crypto_simd_disabled_for_test, true);
+}
+
+static void crypto_reenable_simd_for_test(void)
+{
+ __this_cpu_write(crypto_simd_disabled_for_test, false);
+ preempt_enable();
+}
+
+/*
+ * Given an algorithm name, build the name of the generic implementation of that
+ * algorithm, assuming the usual naming convention. Specifically, this appends
+ * "-generic" to every part of the name that is not a template name. Examples:
+ *
+ * aes => aes-generic
+ * cbc(aes) => cbc(aes-generic)
+ * cts(cbc(aes)) => cts(cbc(aes-generic))
+ * rfc7539(chacha20,poly1305) => rfc7539(chacha20-generic,poly1305-generic)
+ *
+ * Return: 0 on success, or -ENAMETOOLONG if the generic name would be too long
+ */
+static int build_generic_driver_name(const char *algname,
+ char driver_name[CRYPTO_MAX_ALG_NAME])
+{
+ const char *in = algname;
+ char *out = driver_name;
+ size_t len = strlen(algname);
+
+ if (len >= CRYPTO_MAX_ALG_NAME)
+ goto too_long;
+ do {
+ const char *in_saved = in;
+
+ while (*in && *in != '(' && *in != ')' && *in != ',')
+ *out++ = *in++;
+ if (*in != '(' && in > in_saved) {
+ len += 8;
+ if (len >= CRYPTO_MAX_ALG_NAME)
+ goto too_long;
+ memcpy(out, "-generic", 8);
+ out += 8;
+ }
+ } while ((*out++ = *in++) != '\0');
+ return 0;
+
+too_long:
+ pr_err("alg: generic driver name for \"%s\" would be too long\n",
+ algname);
+ return -ENAMETOOLONG;
+}
+#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+static void crypto_disable_simd_for_test(void)
+{
+}
+
+static void crypto_reenable_simd_for_test(void)
+{
+}
+#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+
+static int build_hash_sglist(struct test_sglist *tsgl,
+ const struct hash_testvec *vec,
+ const struct testvec_config *cfg,
+ unsigned int alignmask,
+ const struct test_sg_division *divs[XBUFSIZE])
+{
+ struct kvec kv;
+ struct iov_iter input;
+
+ kv.iov_base = (void *)vec->plaintext;
+ kv.iov_len = vec->psize;
+ iov_iter_kvec(&input, WRITE, &kv, 1, vec->psize);
+ return build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize,
+ &input, divs);
+}
+
+static int check_hash_result(const char *type,
+ const u8 *result, unsigned int digestsize,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const char *driver,
+ const struct testvec_config *cfg)
+{
+ if (memcmp(result, vec->digest, digestsize) != 0) {
+ pr_err("alg: %s: %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
+ type, driver, vec_name, cfg->name);
+ return -EINVAL;
+ }
+ if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) {
+ pr_err("alg: %s: %s overran result buffer on test vector %s, cfg=\"%s\"\n",
+ type, driver, vec_name, cfg->name);
+ return -EOVERFLOW;
+ }
+ return 0;
+}
+
+static inline int check_shash_op(const char *op, int err,
+ const char *driver, const char *vec_name,
+ const struct testvec_config *cfg)
+{
+ if (err)
+ pr_err("alg: shash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ driver, op, err, vec_name, cfg->name);
+ return err;
+}
+
+static inline const void *sg_data(struct scatterlist *sg)
+{
+ return page_address(sg_page(sg)) + sg->offset;
+}
+
+/* Test one hash test vector in one configuration, using the shash API */
+static int test_shash_vec_cfg(const char *driver,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct shash_desc *desc,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ struct crypto_shash *tfm = desc->tfm;
+ const unsigned int alignmask = crypto_shash_alignmask(tfm);
+ const unsigned int digestsize = crypto_shash_digestsize(tfm);
+ const unsigned int statesize = crypto_shash_statesize(tfm);
+ const struct test_sg_division *divs[XBUFSIZE];
+ unsigned int i;
+ u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
+ int err;
+
+ /* Set the key, if specified */
+ if (vec->ksize) {
+ err = crypto_shash_setkey(tfm, vec->key, vec->ksize);
+ if (err) {
+ if (err == vec->setkey_error)
+ return 0;
+ pr_err("alg: shash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
+ driver, vec_name, vec->setkey_error, err,
+ crypto_shash_get_flags(tfm));
+ return err;
+ }
+ if (vec->setkey_error) {
+ pr_err("alg: shash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ driver, vec_name, vec->setkey_error);
+ return -EINVAL;
+ }
+ }
+
+ /* Build the scatterlist for the source data */
+ err = build_hash_sglist(tsgl, vec, cfg, alignmask, divs);
+ if (err) {
+ pr_err("alg: shash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
+ driver, vec_name, cfg->name);
+ return err;
+ }
+
+ /* Do the actual hashing */
+
+ testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm));
+ testmgr_poison(result, digestsize + TESTMGR_POISON_LEN);
+
+ if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST ||
+ vec->digest_error) {
+ /* Just using digest() */
+ if (tsgl->nents != 1)
+ return 0;
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_digest(desc, sg_data(&tsgl->sgl[0]),
+ tsgl->sgl[0].length, result);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ if (err) {
+ if (err == vec->digest_error)
+ return 0;
+ pr_err("alg: shash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
+ driver, vec_name, vec->digest_error, err,
+ cfg->name);
+ return err;
+ }
+ if (vec->digest_error) {
+ pr_err("alg: shash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
+ driver, vec_name, vec->digest_error, cfg->name);
+ return -EINVAL;
+ }
+ goto result_ready;
+ }
+
+ /* Using init(), zero or more update(), then final() or finup() */
+
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_init(desc);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("init", err, driver, vec_name, cfg);
+ if (err)
+ return err;
+
+ for (i = 0; i < tsgl->nents; i++) {
+ if (i + 1 == tsgl->nents &&
+ cfg->finalization_type == FINALIZATION_TYPE_FINUP) {
+ if (divs[i]->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_finup(desc, sg_data(&tsgl->sgl[i]),
+ tsgl->sgl[i].length, result);
+ if (divs[i]->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("finup", err, driver, vec_name,
+ cfg);
+ if (err)
+ return err;
+ goto result_ready;
+ }
+ if (divs[i]->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_update(desc, sg_data(&tsgl->sgl[i]),
+ tsgl->sgl[i].length);
+ if (divs[i]->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("update", err, driver, vec_name, cfg);
+ if (err)
+ return err;
+ if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) {
+ /* Test ->export() and ->import() */
+ testmgr_poison(hashstate + statesize,
+ TESTMGR_POISON_LEN);
+ err = crypto_shash_export(desc, hashstate);
+ err = check_shash_op("export", err, driver, vec_name,
+ cfg);
+ if (err)
+ return err;
+ if (!testmgr_is_poison(hashstate + statesize,
+ TESTMGR_POISON_LEN)) {
+ pr_err("alg: shash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
+ driver, vec_name, cfg->name);
+ return -EOVERFLOW;
+ }
+ testmgr_poison(desc->__ctx, crypto_shash_descsize(tfm));
+ err = crypto_shash_import(desc, hashstate);
+ err = check_shash_op("import", err, driver, vec_name,
+ cfg);
+ if (err)
+ return err;
+ }
+ }
+
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = crypto_shash_final(desc, result);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ err = check_shash_op("final", err, driver, vec_name, cfg);
+ if (err)
+ return err;
+result_ready:
+ return check_hash_result("shash", result, digestsize, vec, vec_name,
+ driver, cfg);
+}
+
+static int do_ahash_op(int (*op)(struct ahash_request *req),
+ struct ahash_request *req,
+ struct crypto_wait *wait, bool nosimd)
+{
+ int err;
+
+ if (nosimd)
+ crypto_disable_simd_for_test();
+
+ err = op(req);
+
+ if (nosimd)
+ crypto_reenable_simd_for_test();
+
+ return crypto_wait_req(err, wait);
+}
+
+static int check_nonfinal_ahash_op(const char *op, int err,
+ u8 *result, unsigned int digestsize,
+ const char *driver, const char *vec_name,
+ const struct testvec_config *cfg)
+{
+ if (err) {
+ pr_err("alg: ahash: %s %s() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ driver, op, err, vec_name, cfg->name);
+ return err;
+ }
+ if (!testmgr_is_poison(result, digestsize)) {
+ pr_err("alg: ahash: %s %s() used result buffer on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return -EINVAL;
+ }
+ return 0;
+}
+
+/* Test one hash test vector in one configuration, using the ahash API */
+static int test_ahash_vec_cfg(const char *driver,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct ahash_request *req,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ const unsigned int alignmask = crypto_ahash_alignmask(tfm);
+ const unsigned int digestsize = crypto_ahash_digestsize(tfm);
+ const unsigned int statesize = crypto_ahash_statesize(tfm);
+ const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
+ const struct test_sg_division *divs[XBUFSIZE];
+ DECLARE_CRYPTO_WAIT(wait);
+ unsigned int i;
+ struct scatterlist *pending_sgl;
+ unsigned int pending_len;
+ u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN];
+ int err;
+
+ /* Set the key, if specified */
+ if (vec->ksize) {
+ err = crypto_ahash_setkey(tfm, vec->key, vec->ksize);
+ if (err) {
+ if (err == vec->setkey_error)
+ return 0;
+ pr_err("alg: ahash: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
+ driver, vec_name, vec->setkey_error, err,
+ crypto_ahash_get_flags(tfm));
+ return err;
+ }
+ if (vec->setkey_error) {
+ pr_err("alg: ahash: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ driver, vec_name, vec->setkey_error);
+ return -EINVAL;
+ }
+ }
+
+ /* Build the scatterlist for the source data */
+ err = build_hash_sglist(tsgl, vec, cfg, alignmask, divs);
+ if (err) {
+ pr_err("alg: ahash: %s: error preparing scatterlist for test vector %s, cfg=\"%s\"\n",
+ driver, vec_name, cfg->name);
+ return err;
+ }
+
+ /* Do the actual hashing */
+
+ testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
+ testmgr_poison(result, digestsize + TESTMGR_POISON_LEN);
+
+ if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST ||
+ vec->digest_error) {
+ /* Just using digest() */
+ ahash_request_set_callback(req, req_flags, crypto_req_done,
+ &wait);
+ ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize);
+ err = do_ahash_op(crypto_ahash_digest, req, &wait, cfg->nosimd);
+ if (err) {
+ if (err == vec->digest_error)
+ return 0;
+ pr_err("alg: ahash: %s digest() failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
+ driver, vec_name, vec->digest_error, err,
+ cfg->name);
+ return err;
+ }
+ if (vec->digest_error) {
+ pr_err("alg: ahash: %s digest() unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
+ driver, vec_name, vec->digest_error, cfg->name);
+ return -EINVAL;
+ }
+ goto result_ready;
+ }
+
+ /* Using init(), zero or more update(), then final() or finup() */
+
+ ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
+ ahash_request_set_crypt(req, NULL, result, 0);
+ err = do_ahash_op(crypto_ahash_init, req, &wait, cfg->nosimd);
+ err = check_nonfinal_ahash_op("init", err, result, digestsize,
+ driver, vec_name, cfg);
+ if (err)
+ return err;
+
+ pending_sgl = NULL;
+ pending_len = 0;
+ for (i = 0; i < tsgl->nents; i++) {
+ if (divs[i]->flush_type != FLUSH_TYPE_NONE &&
+ pending_sgl != NULL) {
+ /* update() with the pending data */
+ ahash_request_set_callback(req, req_flags,
+ crypto_req_done, &wait);
+ ahash_request_set_crypt(req, pending_sgl, result,
+ pending_len);
+ err = do_ahash_op(crypto_ahash_update, req, &wait,
+ divs[i]->nosimd);
+ err = check_nonfinal_ahash_op("update", err,
+ result, digestsize,
+ driver, vec_name, cfg);
+ if (err)
+ return err;
+ pending_sgl = NULL;
+ pending_len = 0;
+ }
+ if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) {
+ /* Test ->export() and ->import() */
+ testmgr_poison(hashstate + statesize,
+ TESTMGR_POISON_LEN);
+ err = crypto_ahash_export(req, hashstate);
+ err = check_nonfinal_ahash_op("export", err,
+ result, digestsize,
+ driver, vec_name, cfg);
+ if (err)
+ return err;
+ if (!testmgr_is_poison(hashstate + statesize,
+ TESTMGR_POISON_LEN)) {
+ pr_err("alg: ahash: %s export() overran state buffer on test vector %s, cfg=\"%s\"\n",
+ driver, vec_name, cfg->name);
+ return -EOVERFLOW;
+ }
+
+ testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm));
+ err = crypto_ahash_import(req, hashstate);
+ err = check_nonfinal_ahash_op("import", err,
+ result, digestsize,
+ driver, vec_name, cfg);
+ if (err)
+ return err;
+ }
+ if (pending_sgl == NULL)
+ pending_sgl = &tsgl->sgl[i];
+ pending_len += tsgl->sgl[i].length;
+ }
+
+ ahash_request_set_callback(req, req_flags, crypto_req_done, &wait);
+ ahash_request_set_crypt(req, pending_sgl, result, pending_len);
+ if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) {
+ /* finish with update() and final() */
+ err = do_ahash_op(crypto_ahash_update, req, &wait, cfg->nosimd);
+ err = check_nonfinal_ahash_op("update", err, result, digestsize,
+ driver, vec_name, cfg);
+ if (err)
+ return err;
+ err = do_ahash_op(crypto_ahash_final, req, &wait, cfg->nosimd);
+ if (err) {
+ pr_err("alg: ahash: %s final() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ driver, err, vec_name, cfg->name);
+ return err;
+ }
+ } else {
+ /* finish with finup() */
+ err = do_ahash_op(crypto_ahash_finup, req, &wait, cfg->nosimd);
+ if (err) {
+ pr_err("alg: ahash: %s finup() failed with err %d on test vector %s, cfg=\"%s\"\n",
+ driver, err, vec_name, cfg->name);
+ return err;
+ }
+ }
+
+result_ready:
+ return check_hash_result("ahash", result, digestsize, vec, vec_name,
+ driver, cfg);
+}
+
+static int test_hash_vec_cfg(const char *driver,
+ const struct hash_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct ahash_request *req,
+ struct shash_desc *desc,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ int err;
+
+ /*
+ * For algorithms implemented as "shash", most bugs will be detected by
+ * both the shash and ahash tests. Test the shash API first so that the
+ * failures involve less indirection, so are easier to debug.
+ */
+
+ if (desc) {
+ err = test_shash_vec_cfg(driver, vec, vec_name, cfg, desc, tsgl,
+ hashstate);
+ if (err)
+ return err;
+ }
+
+ return test_ahash_vec_cfg(driver, vec, vec_name, cfg, req, tsgl,
+ hashstate);
+}
+
+static int test_hash_vec(const char *driver, const struct hash_testvec *vec,
+ unsigned int vec_num, struct ahash_request *req,
+ struct shash_desc *desc, struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ char vec_name[16];
+ unsigned int i;
+ int err;
+
+ sprintf(vec_name, "%u", vec_num);
+
+ for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) {
+ err = test_hash_vec_cfg(driver, vec, vec_name,
+ &default_hash_testvec_configs[i],
+ req, desc, tsgl, hashstate);
+ if (err)
+ return err;
+ }
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+ if (!noextratests) {
+ struct testvec_config cfg;
+ char cfgname[TESTVEC_CONFIG_NAMELEN];
+
+ for (i = 0; i < fuzz_iterations; i++) {
+ generate_random_testvec_config(&cfg, cfgname,
+ sizeof(cfgname));
+ err = test_hash_vec_cfg(driver, vec, vec_name, &cfg,
+ req, desc, tsgl, hashstate);
+ if (err)
+ return err;
+ cond_resched();
+ }
+ }
+#endif
+ return 0;
+}
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+/*
+ * Generate a hash test vector from the given implementation.
+ * Assumes the buffers in 'vec' were already allocated.
+ */
+static void generate_random_hash_testvec(struct shash_desc *desc,
+ struct hash_testvec *vec,
+ unsigned int maxkeysize,
+ unsigned int maxdatasize,
+ char *name, size_t max_namelen)
+{
+ /* Data */
+ vec->psize = generate_random_length(maxdatasize);
+ generate_random_bytes((u8 *)vec->plaintext, vec->psize);
+
+ /*
+ * Key: length in range [1, maxkeysize], but usually choose maxkeysize.
+ * If algorithm is unkeyed, then maxkeysize == 0 and set ksize = 0.
+ */
+ vec->setkey_error = 0;
+ vec->ksize = 0;
+ if (maxkeysize) {
+ vec->ksize = maxkeysize;
+ if (prandom_u32() % 4 == 0)
+ vec->ksize = 1 + (prandom_u32() % maxkeysize);
+ generate_random_bytes((u8 *)vec->key, vec->ksize);
+
+ vec->setkey_error = crypto_shash_setkey(desc->tfm, vec->key,
+ vec->ksize);
+ /* If the key couldn't be set, no need to continue to digest. */
+ if (vec->setkey_error)
+ goto done;
+ }
+
+ /* Digest */
+ vec->digest_error = crypto_shash_digest(desc, vec->plaintext,
+ vec->psize, (u8 *)vec->digest);
+done:
+ snprintf(name, max_namelen, "\"random: psize=%u ksize=%u\"",
+ vec->psize, vec->ksize);
+}
+
+/*
+ * Test the hash algorithm represented by @req against the corresponding generic
+ * implementation, if one is available.
+ */
+static int test_hash_vs_generic_impl(const char *driver,
+ const char *generic_driver,
+ unsigned int maxkeysize,
+ struct ahash_request *req,
+ struct shash_desc *desc,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ struct crypto_ahash *tfm = crypto_ahash_reqtfm(req);
+ const unsigned int digestsize = crypto_ahash_digestsize(tfm);
+ const unsigned int blocksize = crypto_ahash_blocksize(tfm);
+ const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN;
+ const char *algname = crypto_hash_alg_common(tfm)->base.cra_name;
+ char _generic_driver[CRYPTO_MAX_ALG_NAME];
+ struct crypto_shash *generic_tfm = NULL;
+ struct shash_desc *generic_desc = NULL;
+ unsigned int i;
+ struct hash_testvec vec = { 0 };
+ char vec_name[64];
+ struct testvec_config *cfg;
+ char cfgname[TESTVEC_CONFIG_NAMELEN];
+ int err;
+
+ if (noextratests)
+ return 0;
+
+ if (!generic_driver) { /* Use default naming convention? */
+ err = build_generic_driver_name(algname, _generic_driver);
+ if (err)
+ return err;
+ generic_driver = _generic_driver;
+ }
+
+ if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */
+ return 0;
+
+ generic_tfm = crypto_alloc_shash(generic_driver, 0, 0);
+ if (IS_ERR(generic_tfm)) {
+ err = PTR_ERR(generic_tfm);
+ if (err == -ENOENT) {
+ pr_warn("alg: hash: skipping comparison tests for %s because %s is unavailable\n",
+ driver, generic_driver);
+ return 0;
+ }
+ pr_err("alg: hash: error allocating %s (generic impl of %s): %d\n",
+ generic_driver, algname, err);
+ return err;
+ }
+
+ cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
+ if (!cfg) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ generic_desc = kzalloc(sizeof(*desc) +
+ crypto_shash_descsize(generic_tfm), GFP_KERNEL);
+ if (!generic_desc) {
+ err = -ENOMEM;
+ goto out;
+ }
+ generic_desc->tfm = generic_tfm;
+
+ /* Check the algorithm properties for consistency. */
+
+ if (digestsize != crypto_shash_digestsize(generic_tfm)) {
+ pr_err("alg: hash: digestsize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, digestsize,
+ crypto_shash_digestsize(generic_tfm));
+ err = -EINVAL;
+ goto out;
+ }
+
+ if (blocksize != crypto_shash_blocksize(generic_tfm)) {
+ pr_err("alg: hash: blocksize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, blocksize, crypto_shash_blocksize(generic_tfm));
+ err = -EINVAL;
+ goto out;
+ }
+
+ /*
+ * Now generate test vectors using the generic implementation, and test
+ * the other implementation against them.
+ */
+
+ vec.key = kmalloc(maxkeysize, GFP_KERNEL);
+ vec.plaintext = kmalloc(maxdatasize, GFP_KERNEL);
+ vec.digest = kmalloc(digestsize, GFP_KERNEL);
+ if (!vec.key || !vec.plaintext || !vec.digest) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ for (i = 0; i < fuzz_iterations * 8; i++) {
+ generate_random_hash_testvec(generic_desc, &vec,
+ maxkeysize, maxdatasize,
+ vec_name, sizeof(vec_name));
+ generate_random_testvec_config(cfg, cfgname, sizeof(cfgname));
+
+ err = test_hash_vec_cfg(driver, &vec, vec_name, cfg,
+ req, desc, tsgl, hashstate);
+ if (err)
+ goto out;
+ cond_resched();
+ }
+ err = 0;
+out:
+ kfree(cfg);
+ kfree(vec.key);
+ kfree(vec.plaintext);
+ kfree(vec.digest);
+ crypto_free_shash(generic_tfm);
+ kzfree(generic_desc);
+ return err;
+}
+#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+static int test_hash_vs_generic_impl(const char *driver,
+ const char *generic_driver,
+ unsigned int maxkeysize,
+ struct ahash_request *req,
+ struct shash_desc *desc,
+ struct test_sglist *tsgl,
+ u8 *hashstate)
+{
+ return 0;
+}
+#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+
+static int alloc_shash(const char *driver, u32 type, u32 mask,
+ struct crypto_shash **tfm_ret,
+ struct shash_desc **desc_ret)
+{
+ struct crypto_shash *tfm;
+ struct shash_desc *desc;
+
+ tfm = crypto_alloc_shash(driver, type, mask);
+ if (IS_ERR(tfm)) {
+ if (PTR_ERR(tfm) == -ENOENT) {
+ /*
+ * This algorithm is only available through the ahash
+ * API, not the shash API, so skip the shash tests.
+ */
+ return 0;
+ }
+ pr_err("alg: hash: failed to allocate shash transform for %s: %ld\n",
+ driver, PTR_ERR(tfm));
+ return PTR_ERR(tfm);
+ }
+
+ desc = kmalloc(sizeof(*desc) + crypto_shash_descsize(tfm), GFP_KERNEL);
+ if (!desc) {
+ crypto_free_shash(tfm);
+ return -ENOMEM;
+ }
+ desc->tfm = tfm;
+
+ *tfm_ret = tfm;
+ *desc_ret = desc;
+ return 0;
+}
+
+static int __alg_test_hash(const struct hash_testvec *vecs,
+ unsigned int num_vecs, const char *driver,
+ u32 type, u32 mask,
+ const char *generic_driver, unsigned int maxkeysize)
+{
+ struct crypto_ahash *atfm = NULL;
+ struct ahash_request *req = NULL;
+ struct crypto_shash *stfm = NULL;
+ struct shash_desc *desc = NULL;
+ struct test_sglist *tsgl = NULL;
+ u8 *hashstate = NULL;
+ unsigned int statesize;
+ unsigned int i;
+ int err;
+
+ /*
+ * Always test the ahash API. This works regardless of whether the
+ * algorithm is implemented as ahash or shash.
+ */
+
+ atfm = crypto_alloc_ahash(driver, type, mask);
+ if (IS_ERR(atfm)) {
+ pr_err("alg: hash: failed to allocate transform for %s: %ld\n",
+ driver, PTR_ERR(atfm));
+ return PTR_ERR(atfm);
+ }
+
+ req = ahash_request_alloc(atfm, GFP_KERNEL);
+ if (!req) {
+ pr_err("alg: hash: failed to allocate request for %s\n",
+ driver);
+ err = -ENOMEM;
+ goto out;
+ }
+
+ /*
+ * If available also test the shash API, to cover corner cases that may
+ * be missed by testing the ahash API only.
+ */
+ err = alloc_shash(driver, type, mask, &stfm, &desc);
+ if (err)
+ goto out;
+
+ tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL);
+ if (!tsgl || init_test_sglist(tsgl) != 0) {
+ pr_err("alg: hash: failed to allocate test buffers for %s\n",
+ driver);
+ kfree(tsgl);
+ tsgl = NULL;
+ err = -ENOMEM;
+ goto out;
+ }
+
+ statesize = crypto_ahash_statesize(atfm);
+ if (stfm)
+ statesize = max(statesize, crypto_shash_statesize(stfm));
+ hashstate = kmalloc(statesize + TESTMGR_POISON_LEN, GFP_KERNEL);
+ if (!hashstate) {
+ pr_err("alg: hash: failed to allocate hash state buffer for %s\n",
+ driver);
+ err = -ENOMEM;
+ goto out;
+ }
+
+ for (i = 0; i < num_vecs; i++) {
+ err = test_hash_vec(driver, &vecs[i], i, req, desc, tsgl,
+ hashstate);
+ if (err)
+ goto out;
+ cond_resched();
+ }
+ err = test_hash_vs_generic_impl(driver, generic_driver, maxkeysize, req,
+ desc, tsgl, hashstate);
+out:
+ kfree(hashstate);
+ if (tsgl) {
+ destroy_test_sglist(tsgl);
+ kfree(tsgl);
+ }
+ kfree(desc);
+ crypto_free_shash(stfm);
+ ahash_request_free(req);
+ crypto_free_ahash(atfm);
+ return err;
+}
+
+static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
+ u32 type, u32 mask)
+{
+ const struct hash_testvec *template = desc->suite.hash.vecs;
+ unsigned int tcount = desc->suite.hash.count;
+ unsigned int nr_unkeyed, nr_keyed;
+ unsigned int maxkeysize = 0;
+ int err;
+
+ /*
+ * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
+ * first, before setting a key on the tfm. To make this easier, we
+ * require that the unkeyed test vectors (if any) are listed first.
+ */
+
+ for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
+ if (template[nr_unkeyed].ksize)
+ break;
+ }
+ for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
+ if (!template[nr_unkeyed + nr_keyed].ksize) {
+ pr_err("alg: hash: test vectors for %s out of order, "
+ "unkeyed ones must come first\n", desc->alg);
+ return -EINVAL;
+ }
+ maxkeysize = max_t(unsigned int, maxkeysize,
+ template[nr_unkeyed + nr_keyed].ksize);
+ }
+
+ err = 0;
+ if (nr_unkeyed) {
+ err = __alg_test_hash(template, nr_unkeyed, driver, type, mask,
+ desc->generic_driver, maxkeysize);
+ template += nr_unkeyed;
+ }
+
+ if (!err && nr_keyed)
+ err = __alg_test_hash(template, nr_keyed, driver, type, mask,
+ desc->generic_driver, maxkeysize);
+
+ return err;
+}
+
+static int test_aead_vec_cfg(const char *driver, int enc,
+ const struct aead_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct aead_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ const unsigned int alignmask = crypto_aead_alignmask(tfm);
+ const unsigned int ivsize = crypto_aead_ivsize(tfm);
+ const unsigned int authsize = vec->clen - vec->plen;
+ const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
+ const char *op = enc ? "encryption" : "decryption";
+ DECLARE_CRYPTO_WAIT(wait);
+ u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
+ u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
+ cfg->iv_offset +
+ (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
+ struct kvec input[2];
+ int expected_error;
+ int err;
+
+ /* Set the key */
+ if (vec->wk)
+ crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
+ else
+ crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
+ err = crypto_aead_setkey(tfm, vec->key, vec->klen);
+ if (err && err != vec->setkey_error) {
+ pr_err("alg: aead: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
+ driver, vec_name, vec->setkey_error, err,
+ crypto_aead_get_flags(tfm));
+ return err;
+ }
+ if (!err && vec->setkey_error) {
+ pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ driver, vec_name, vec->setkey_error);
+ return -EINVAL;
+ }
+
+ /* Set the authentication tag size */
+ err = crypto_aead_setauthsize(tfm, authsize);
+ if (err && err != vec->setauthsize_error) {
+ pr_err("alg: aead: %s setauthsize failed on test vector %s; expected_error=%d, actual_error=%d\n",
+ driver, vec_name, vec->setauthsize_error, err);
+ return err;
+ }
+ if (!err && vec->setauthsize_error) {
+ pr_err("alg: aead: %s setauthsize unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ driver, vec_name, vec->setauthsize_error);
+ return -EINVAL;
+ }
+
+ if (vec->setkey_error || vec->setauthsize_error)
+ return 0;
+
+ /* The IV must be copied to a buffer, as the algorithm may modify it */
+ if (WARN_ON(ivsize > MAX_IVLEN))
+ return -EINVAL;
+ if (vec->iv)
+ memcpy(iv, vec->iv, ivsize);
+ else
+ memset(iv, 0, ivsize);
+
+ /* Build the src/dst scatterlists */
+ input[0].iov_base = (void *)vec->assoc;
+ input[0].iov_len = vec->alen;
+ input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
+ input[1].iov_len = enc ? vec->plen : vec->clen;
+ err = build_cipher_test_sglists(tsgls, cfg, alignmask,
+ vec->alen + (enc ? vec->plen :
+ vec->clen),
+ vec->alen + (enc ? vec->clen :
+ vec->plen),
+ input, 2);
+ if (err) {
+ pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return err;
+ }
+
+ /* Do the actual encryption or decryption */
+ testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm));
+ aead_request_set_callback(req, req_flags, crypto_req_done, &wait);
+ aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
+ enc ? vec->plen : vec->clen, iv);
+ aead_request_set_ad(req, vec->alen);
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ err = crypto_wait_req(err, &wait);
+
+ /* Check that the algorithm didn't overwrite things it shouldn't have */
+ if (req->cryptlen != (enc ? vec->plen : vec->clen) ||
+ req->assoclen != vec->alen ||
+ req->iv != iv ||
+ req->src != tsgls->src.sgl_ptr ||
+ req->dst != tsgls->dst.sgl_ptr ||
+ crypto_aead_reqtfm(req) != tfm ||
+ req->base.complete != crypto_req_done ||
+ req->base.flags != req_flags ||
+ req->base.data != &wait) {
+ pr_err("alg: aead: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ if (req->cryptlen != (enc ? vec->plen : vec->clen))
+ pr_err("alg: aead: changed 'req->cryptlen'\n");
+ if (req->assoclen != vec->alen)
+ pr_err("alg: aead: changed 'req->assoclen'\n");
+ if (req->iv != iv)
+ pr_err("alg: aead: changed 'req->iv'\n");
+ if (req->src != tsgls->src.sgl_ptr)
+ pr_err("alg: aead: changed 'req->src'\n");
+ if (req->dst != tsgls->dst.sgl_ptr)
+ pr_err("alg: aead: changed 'req->dst'\n");
+ if (crypto_aead_reqtfm(req) != tfm)
+ pr_err("alg: aead: changed 'req->base.tfm'\n");
+ if (req->base.complete != crypto_req_done)
+ pr_err("alg: aead: changed 'req->base.complete'\n");
+ if (req->base.flags != req_flags)
+ pr_err("alg: aead: changed 'req->base.flags'\n");
+ if (req->base.data != &wait)
+ pr_err("alg: aead: changed 'req->base.data'\n");
+ return -EINVAL;
+ }
+ if (is_test_sglist_corrupted(&tsgls->src)) {
+ pr_err("alg: aead: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return -EINVAL;
+ }
+ if (tsgls->dst.sgl_ptr != tsgls->src.sgl &&
+ is_test_sglist_corrupted(&tsgls->dst)) {
+ pr_err("alg: aead: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return -EINVAL;
+ }
+
+ /* Check for success or failure */
+ expected_error = vec->novrfy ? -EBADMSG : vec->crypt_error;
+ if (err) {
+ if (err == expected_error)
+ return 0;
+ pr_err("alg: aead: %s %s failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
+ driver, op, vec_name, expected_error, err, cfg->name);
+ return err;
+ }
+ if (expected_error) {
+ pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
+ driver, op, vec_name, expected_error, cfg->name);
+ return -EINVAL;
+ }
+
+ /* Check for the correct output (ciphertext or plaintext) */
+ err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
+ enc ? vec->clen : vec->plen,
+ vec->alen, enc || !cfg->inplace);
+ if (err == -EOVERFLOW) {
+ pr_err("alg: aead: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return err;
+ }
+ if (err) {
+ pr_err("alg: aead: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return err;
}
return 0;
}
-static int __test_aead(struct crypto_aead *tfm, int enc,
- const struct aead_testvec *template, unsigned int tcount,
- const bool diff_dst, const int align_offset)
+static int test_aead_vec(const char *driver, int enc,
+ const struct aead_testvec *vec, unsigned int vec_num,
+ struct aead_request *req,
+ struct cipher_test_sglists *tsgls)
{
- const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm));
- unsigned int i, j, k, n, temp;
- int ret = -ENOMEM;
- char *q;
- char *key;
- struct aead_request *req;
- struct scatterlist *sg;
- struct scatterlist *sgout;
- const char *e, *d;
- struct crypto_wait wait;
- unsigned int authsize, iv_len;
- void *input;
- void *output;
- void *assoc;
- char *iv;
- char *xbuf[XBUFSIZE];
- char *xoutbuf[XBUFSIZE];
- char *axbuf[XBUFSIZE];
+ char vec_name[16];
+ unsigned int i;
+ int err;
- iv = kzalloc(MAX_IVLEN, GFP_KERNEL);
- if (!iv)
- return ret;
- key = kmalloc(MAX_KEYLEN, GFP_KERNEL);
- if (!key)
- goto out_noxbuf;
- if (testmgr_alloc_buf(xbuf))
- goto out_noxbuf;
- if (testmgr_alloc_buf(axbuf))
- goto out_noaxbuf;
- if (diff_dst && testmgr_alloc_buf(xoutbuf))
- goto out_nooutbuf;
+ if (enc && vec->novrfy)
+ return 0;
- /* avoid "the frame size is larger than 1024 bytes" compiler warning */
- sg = kmalloc(array3_size(sizeof(*sg), 8, (diff_dst ? 4 : 2)),
- GFP_KERNEL);
- if (!sg)
- goto out_nosg;
- sgout = &sg[16];
+ sprintf(vec_name, "%u", vec_num);
- if (diff_dst)
- d = "-ddst";
+ for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
+ err = test_aead_vec_cfg(driver, enc, vec, vec_name,
+ &default_cipher_testvec_configs[i],
+ req, tsgls);
+ if (err)
+ return err;
+ }
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+ if (!noextratests) {
+ struct testvec_config cfg;
+ char cfgname[TESTVEC_CONFIG_NAMELEN];
+
+ for (i = 0; i < fuzz_iterations; i++) {
+ generate_random_testvec_config(&cfg, cfgname,
+ sizeof(cfgname));
+ err = test_aead_vec_cfg(driver, enc, vec, vec_name,
+ &cfg, req, tsgls);
+ if (err)
+ return err;
+ cond_resched();
+ }
+ }
+#endif
+ return 0;
+}
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+/*
+ * Generate an AEAD test vector from the given implementation.
+ * Assumes the buffers in 'vec' were already allocated.
+ */
+static void generate_random_aead_testvec(struct aead_request *req,
+ struct aead_testvec *vec,
+ unsigned int maxkeysize,
+ unsigned int maxdatasize,
+ char *name, size_t max_namelen)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ const unsigned int ivsize = crypto_aead_ivsize(tfm);
+ unsigned int maxauthsize = crypto_aead_alg(tfm)->maxauthsize;
+ unsigned int authsize;
+ unsigned int total_len;
+ int i;
+ struct scatterlist src[2], dst;
+ u8 iv[MAX_IVLEN];
+ DECLARE_CRYPTO_WAIT(wait);
+
+ /* Key: length in [0, maxkeysize], but usually choose maxkeysize */
+ vec->klen = maxkeysize;
+ if (prandom_u32() % 4 == 0)
+ vec->klen = prandom_u32() % (maxkeysize + 1);
+ generate_random_bytes((u8 *)vec->key, vec->klen);
+ vec->setkey_error = crypto_aead_setkey(tfm, vec->key, vec->klen);
+
+ /* IV */
+ generate_random_bytes((u8 *)vec->iv, ivsize);
+
+ /* Tag length: in [0, maxauthsize], but usually choose maxauthsize */
+ authsize = maxauthsize;
+ if (prandom_u32() % 4 == 0)
+ authsize = prandom_u32() % (maxauthsize + 1);
+ if (WARN_ON(authsize > maxdatasize))
+ authsize = maxdatasize;
+ maxdatasize -= authsize;
+ vec->setauthsize_error = crypto_aead_setauthsize(tfm, authsize);
+
+ /* Plaintext and associated data */
+ total_len = generate_random_length(maxdatasize);
+ if (prandom_u32() % 4 == 0)
+ vec->alen = 0;
else
- d = "";
+ vec->alen = generate_random_length(total_len);
+ vec->plen = total_len - vec->alen;
+ generate_random_bytes((u8 *)vec->assoc, vec->alen);
+ generate_random_bytes((u8 *)vec->ptext, vec->plen);
- if (enc == ENCRYPT)
- e = "encryption";
- else
- e = "decryption";
+ vec->clen = vec->plen + authsize;
- crypto_init_wait(&wait);
+ /*
+ * If the key or authentication tag size couldn't be set, no need to
+ * continue to encrypt.
+ */
+ if (vec->setkey_error || vec->setauthsize_error)
+ goto done;
+
+ /* Ciphertext */
+ sg_init_table(src, 2);
+ i = 0;
+ if (vec->alen)
+ sg_set_buf(&src[i++], vec->assoc, vec->alen);
+ if (vec->plen)
+ sg_set_buf(&src[i++], vec->ptext, vec->plen);
+ sg_init_one(&dst, vec->ctext, vec->alen + vec->clen);
+ memcpy(iv, vec->iv, ivsize);
+ aead_request_set_callback(req, 0, crypto_req_done, &wait);
+ aead_request_set_crypt(req, src, &dst, vec->plen, iv);
+ aead_request_set_ad(req, vec->alen);
+ vec->crypt_error = crypto_wait_req(crypto_aead_encrypt(req), &wait);
+ if (vec->crypt_error == 0)
+ memmove((u8 *)vec->ctext, vec->ctext + vec->alen, vec->clen);
+done:
+ snprintf(name, max_namelen,
+ "\"random: alen=%u plen=%u authsize=%u klen=%u\"",
+ vec->alen, vec->plen, authsize, vec->klen);
+}
+
+/*
+ * Test the AEAD algorithm represented by @req against the corresponding generic
+ * implementation, if one is available.
+ */
+static int test_aead_vs_generic_impl(const char *driver,
+ const struct alg_test_desc *test_desc,
+ struct aead_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ struct crypto_aead *tfm = crypto_aead_reqtfm(req);
+ const unsigned int ivsize = crypto_aead_ivsize(tfm);
+ const unsigned int maxauthsize = crypto_aead_alg(tfm)->maxauthsize;
+ const unsigned int blocksize = crypto_aead_blocksize(tfm);
+ const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN;
+ const char *algname = crypto_aead_alg(tfm)->base.cra_name;
+ const char *generic_driver = test_desc->generic_driver;
+ char _generic_driver[CRYPTO_MAX_ALG_NAME];
+ struct crypto_aead *generic_tfm = NULL;
+ struct aead_request *generic_req = NULL;
+ unsigned int maxkeysize;
+ unsigned int i;
+ struct aead_testvec vec = { 0 };
+ char vec_name[64];
+ struct testvec_config *cfg;
+ char cfgname[TESTVEC_CONFIG_NAMELEN];
+ int err;
+
+ if (noextratests)
+ return 0;
+
+ if (!generic_driver) { /* Use default naming convention? */
+ err = build_generic_driver_name(algname, _generic_driver);
+ if (err)
+ return err;
+ generic_driver = _generic_driver;
+ }
+
+ if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */
+ return 0;
+
+ generic_tfm = crypto_alloc_aead(generic_driver, 0, 0);
+ if (IS_ERR(generic_tfm)) {
+ err = PTR_ERR(generic_tfm);
+ if (err == -ENOENT) {
+ pr_warn("alg: aead: skipping comparison tests for %s because %s is unavailable\n",
+ driver, generic_driver);
+ return 0;
+ }
+ pr_err("alg: aead: error allocating %s (generic impl of %s): %d\n",
+ generic_driver, algname, err);
+ return err;
+ }
+
+ cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
+ if (!cfg) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ generic_req = aead_request_alloc(generic_tfm, GFP_KERNEL);
+ if (!generic_req) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ /* Check the algorithm properties for consistency. */
+
+ if (maxauthsize != crypto_aead_alg(generic_tfm)->maxauthsize) {
+ pr_err("alg: aead: maxauthsize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, maxauthsize,
+ crypto_aead_alg(generic_tfm)->maxauthsize);
+ err = -EINVAL;
+ goto out;
+ }
+
+ if (ivsize != crypto_aead_ivsize(generic_tfm)) {
+ pr_err("alg: aead: ivsize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, ivsize, crypto_aead_ivsize(generic_tfm));
+ err = -EINVAL;
+ goto out;
+ }
+
+ if (blocksize != crypto_aead_blocksize(generic_tfm)) {
+ pr_err("alg: aead: blocksize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, blocksize, crypto_aead_blocksize(generic_tfm));
+ err = -EINVAL;
+ goto out;
+ }
+
+ /*
+ * Now generate test vectors using the generic implementation, and test
+ * the other implementation against them.
+ */
+
+ maxkeysize = 0;
+ for (i = 0; i < test_desc->suite.aead.count; i++)
+ maxkeysize = max_t(unsigned int, maxkeysize,
+ test_desc->suite.aead.vecs[i].klen);
+
+ vec.key = kmalloc(maxkeysize, GFP_KERNEL);
+ vec.iv = kmalloc(ivsize, GFP_KERNEL);
+ vec.assoc = kmalloc(maxdatasize, GFP_KERNEL);
+ vec.ptext = kmalloc(maxdatasize, GFP_KERNEL);
+ vec.ctext = kmalloc(maxdatasize, GFP_KERNEL);
+ if (!vec.key || !vec.iv || !vec.assoc || !vec.ptext || !vec.ctext) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ for (i = 0; i < fuzz_iterations * 8; i++) {
+ generate_random_aead_testvec(generic_req, &vec,
+ maxkeysize, maxdatasize,
+ vec_name, sizeof(vec_name));
+ generate_random_testvec_config(cfg, cfgname, sizeof(cfgname));
+
+ err = test_aead_vec_cfg(driver, ENCRYPT, &vec, vec_name, cfg,
+ req, tsgls);
+ if (err)
+ goto out;
+ err = test_aead_vec_cfg(driver, DECRYPT, &vec, vec_name, cfg,
+ req, tsgls);
+ if (err)
+ goto out;
+ cond_resched();
+ }
+ err = 0;
+out:
+ kfree(cfg);
+ kfree(vec.key);
+ kfree(vec.iv);
+ kfree(vec.assoc);
+ kfree(vec.ptext);
+ kfree(vec.ctext);
+ crypto_free_aead(generic_tfm);
+ aead_request_free(generic_req);
+ return err;
+}
+#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+static int test_aead_vs_generic_impl(const char *driver,
+ const struct alg_test_desc *test_desc,
+ struct aead_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ return 0;
+}
+#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+
+static int test_aead(const char *driver, int enc,
+ const struct aead_test_suite *suite,
+ struct aead_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ unsigned int i;
+ int err;
+
+ for (i = 0; i < suite->count; i++) {
+ err = test_aead_vec(driver, enc, &suite->vecs[i], i, req,
+ tsgls);
+ if (err)
+ return err;
+ cond_resched();
+ }
+ return 0;
+}
+
+static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
+ u32 type, u32 mask)
+{
+ const struct aead_test_suite *suite = &desc->suite.aead;
+ struct crypto_aead *tfm;
+ struct aead_request *req = NULL;
+ struct cipher_test_sglists *tsgls = NULL;
+ int err;
+
+ if (suite->count <= 0) {
+ pr_err("alg: aead: empty test suite for %s\n", driver);
+ return -EINVAL;
+ }
+
+ tfm = crypto_alloc_aead(driver, type, mask);
+ if (IS_ERR(tfm)) {
+ pr_err("alg: aead: failed to allocate transform for %s: %ld\n",
+ driver, PTR_ERR(tfm));
+ return PTR_ERR(tfm);
+ }
req = aead_request_alloc(tfm, GFP_KERNEL);
if (!req) {
- pr_err("alg: aead%s: Failed to allocate request for %s\n",
- d, algo);
+ pr_err("alg: aead: failed to allocate request for %s\n",
+ driver);
+ err = -ENOMEM;
goto out;
}
- aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- crypto_req_done, &wait);
-
- iv_len = crypto_aead_ivsize(tfm);
-
- for (i = 0, j = 0; i < tcount; i++) {
- if (template[i].np)
- continue;
-
- j++;
-
- /* some templates have no input data but they will
- * touch input
- */
- input = xbuf[0];
- input += align_offset;
- assoc = axbuf[0];
-
- ret = -EINVAL;
- if (WARN_ON(align_offset + template[i].ilen >
- PAGE_SIZE || template[i].alen > PAGE_SIZE))
- goto out;
-
- memcpy(input, template[i].input, template[i].ilen);
- memcpy(assoc, template[i].assoc, template[i].alen);
- if (template[i].iv)
- memcpy(iv, template[i].iv, iv_len);
- else
- memset(iv, 0, iv_len);
-
- crypto_aead_clear_flags(tfm, ~0);
- if (template[i].wk)
- crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
-
- if (template[i].klen > MAX_KEYLEN) {
- pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
- d, j, algo, template[i].klen,
- MAX_KEYLEN);
- ret = -EINVAL;
- goto out;
- }
- memcpy(key, template[i].key, template[i].klen);
-
- ret = crypto_aead_setkey(tfm, key, template[i].klen);
- if (template[i].fail == !ret) {
- pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n",
- d, j, algo, crypto_aead_get_flags(tfm));
- goto out;
- } else if (ret)
- continue;
-
- authsize = abs(template[i].rlen - template[i].ilen);
- ret = crypto_aead_setauthsize(tfm, authsize);
- if (ret) {
- pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n",
- d, authsize, j, algo);
- goto out;
- }
-
- k = !!template[i].alen;
- sg_init_table(sg, k + 1);
- sg_set_buf(&sg[0], assoc, template[i].alen);
- sg_set_buf(&sg[k], input,
- template[i].ilen + (enc ? authsize : 0));
- output = input;
-
- if (diff_dst) {
- sg_init_table(sgout, k + 1);
- sg_set_buf(&sgout[0], assoc, template[i].alen);
-
- output = xoutbuf[0];
- output += align_offset;
- sg_set_buf(&sgout[k], output,
- template[i].rlen + (enc ? 0 : authsize));
- }
-
- aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
- template[i].ilen, iv);
-
- aead_request_set_ad(req, template[i].alen);
-
- ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
- : crypto_aead_decrypt(req), &wait);
-
- switch (ret) {
- case 0:
- if (template[i].novrfy) {
- /* verification was supposed to fail */
- pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n",
- d, e, j, algo);
- /* so really, we got a bad message */
- ret = -EBADMSG;
- goto out;
- }
- break;
- case -EBADMSG:
- if (template[i].novrfy)
- /* verification failure was expected */
- continue;
- /* fall through */
- default:
- pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n",
- d, e, j, algo, -ret);
- goto out;
- }
-
- q = output;
- if (memcmp(q, template[i].result, template[i].rlen)) {
- pr_err("alg: aead%s: Test %d failed on %s for %s\n",
- d, j, e, algo);
- hexdump(q, template[i].rlen);
- ret = -EINVAL;
- goto out;
- }
+ tsgls = alloc_cipher_test_sglists();
+ if (!tsgls) {
+ pr_err("alg: aead: failed to allocate test buffers for %s\n",
+ driver);
+ err = -ENOMEM;
+ goto out;
}
- for (i = 0, j = 0; i < tcount; i++) {
- /* alignment tests are only done with continuous buffers */
- if (align_offset != 0)
- break;
+ err = test_aead(driver, ENCRYPT, suite, req, tsgls);
+ if (err)
+ goto out;
- if (!template[i].np)
- continue;
+ err = test_aead(driver, DECRYPT, suite, req, tsgls);
+ if (err)
+ goto out;
- j++;
-
- if (template[i].iv)
- memcpy(iv, template[i].iv, iv_len);
- else
- memset(iv, 0, MAX_IVLEN);
-
- crypto_aead_clear_flags(tfm, ~0);
- if (template[i].wk)
- crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
- if (template[i].klen > MAX_KEYLEN) {
- pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n",
- d, j, algo, template[i].klen, MAX_KEYLEN);
- ret = -EINVAL;
- goto out;
- }
- memcpy(key, template[i].key, template[i].klen);
-
- ret = crypto_aead_setkey(tfm, key, template[i].klen);
- if (template[i].fail == !ret) {
- pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n",
- d, j, algo, crypto_aead_get_flags(tfm));
- goto out;
- } else if (ret)
- continue;
-
- authsize = abs(template[i].rlen - template[i].ilen);
-
- ret = -EINVAL;
- sg_init_table(sg, template[i].anp + template[i].np);
- if (diff_dst)
- sg_init_table(sgout, template[i].anp + template[i].np);
-
- ret = -EINVAL;
- for (k = 0, temp = 0; k < template[i].anp; k++) {
- if (WARN_ON(offset_in_page(IDX[k]) +
- template[i].atap[k] > PAGE_SIZE))
- goto out;
- sg_set_buf(&sg[k],
- memcpy(axbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]),
- template[i].assoc + temp,
- template[i].atap[k]),
- template[i].atap[k]);
- if (diff_dst)
- sg_set_buf(&sgout[k],
- axbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]),
- template[i].atap[k]);
- temp += template[i].atap[k];
- }
-
- for (k = 0, temp = 0; k < template[i].np; k++) {
- if (WARN_ON(offset_in_page(IDX[k]) +
- template[i].tap[k] > PAGE_SIZE))
- goto out;
-
- q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
- memcpy(q, template[i].input + temp, template[i].tap[k]);
- sg_set_buf(&sg[template[i].anp + k],
- q, template[i].tap[k]);
-
- if (diff_dst) {
- q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]);
-
- memset(q, 0, template[i].tap[k]);
-
- sg_set_buf(&sgout[template[i].anp + k],
- q, template[i].tap[k]);
- }
-
- n = template[i].tap[k];
- if (k == template[i].np - 1 && enc)
- n += authsize;
- if (offset_in_page(q) + n < PAGE_SIZE)
- q[n] = 0;
-
- temp += template[i].tap[k];
- }
-
- ret = crypto_aead_setauthsize(tfm, authsize);
- if (ret) {
- pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n",
- d, authsize, j, algo);
- goto out;
- }
-
- if (enc) {
- if (WARN_ON(sg[template[i].anp + k - 1].offset +
- sg[template[i].anp + k - 1].length +
- authsize > PAGE_SIZE)) {
- ret = -EINVAL;
- goto out;
- }
-
- if (diff_dst)
- sgout[template[i].anp + k - 1].length +=
- authsize;
- sg[template[i].anp + k - 1].length += authsize;
- }
-
- aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
- template[i].ilen,
- iv);
-
- aead_request_set_ad(req, template[i].alen);
-
- ret = crypto_wait_req(enc ? crypto_aead_encrypt(req)
- : crypto_aead_decrypt(req), &wait);
-
- switch (ret) {
- case 0:
- if (template[i].novrfy) {
- /* verification was supposed to fail */
- pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n",
- d, e, j, algo);
- /* so really, we got a bad message */
- ret = -EBADMSG;
- goto out;
- }
- break;
- case -EBADMSG:
- if (template[i].novrfy)
- /* verification failure was expected */
- continue;
- /* fall through */
- default:
- pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n",
- d, e, j, algo, -ret);
- goto out;
- }
-
- ret = -EINVAL;
- for (k = 0, temp = 0; k < template[i].np; k++) {
- if (diff_dst)
- q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]);
- else
- q = xbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]);
-
- n = template[i].tap[k];
- if (k == template[i].np - 1)
- n += enc ? authsize : -authsize;
-
- if (memcmp(q, template[i].result + temp, n)) {
- pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n",
- d, j, e, k, algo);
- hexdump(q, n);
- goto out;
- }
-
- q += n;
- if (k == template[i].np - 1 && !enc) {
- if (!diff_dst &&
- memcmp(q, template[i].input +
- temp + n, authsize))
- n = authsize;
- else
- n = 0;
- } else {
- for (n = 0; offset_in_page(q + n) && q[n]; n++)
- ;
- }
- if (n) {
- pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
- d, j, e, k, algo, n);
- hexdump(q, n);
- goto out;
- }
-
- temp += template[i].tap[k];
- }
- }
-
- ret = 0;
-
+ err = test_aead_vs_generic_impl(driver, desc, req, tsgls);
out:
+ free_cipher_test_sglists(tsgls);
aead_request_free(req);
- kfree(sg);
-out_nosg:
- if (diff_dst)
- testmgr_free_buf(xoutbuf);
-out_nooutbuf:
- testmgr_free_buf(axbuf);
-out_noaxbuf:
- testmgr_free_buf(xbuf);
-out_noxbuf:
- kfree(key);
- kfree(iv);
- return ret;
-}
-
-static int test_aead(struct crypto_aead *tfm, int enc,
- const struct aead_testvec *template, unsigned int tcount)
-{
- unsigned int alignmask;
- int ret;
-
- /* test 'dst == src' case */
- ret = __test_aead(tfm, enc, template, tcount, false, 0);
- if (ret)
- return ret;
-
- /* test 'dst != src' case */
- ret = __test_aead(tfm, enc, template, tcount, true, 0);
- if (ret)
- return ret;
-
- /* test unaligned buffers, check with one byte offset */
- ret = __test_aead(tfm, enc, template, tcount, true, 1);
- if (ret)
- return ret;
-
- alignmask = crypto_tfm_alg_alignmask(&tfm->base);
- if (alignmask) {
- /* Check if alignment mask for tfm is correctly set. */
- ret = __test_aead(tfm, enc, template, tcount, true,
- alignmask + 1);
- if (ret)
- return ret;
- }
-
- return 0;
+ crypto_free_aead(tfm);
+ return err;
}
static int test_cipher(struct crypto_cipher *tfm, int enc,
@@ -1037,8 +2367,6 @@
j = 0;
for (i = 0; i < tcount; i++) {
- if (template[i].np)
- continue;
if (fips_enabled && template[i].fips_skip)
continue;
@@ -1056,17 +2384,24 @@
crypto_cipher_clear_flags(tfm, ~0);
if (template[i].wk)
- crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY);
+ crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
ret = crypto_cipher_setkey(tfm, template[i].key,
template[i].klen);
- if (template[i].fail == !ret) {
- printk(KERN_ERR "alg: cipher: setkey failed "
- "on test %d for %s: flags=%x\n", j,
- algo, crypto_cipher_get_flags(tfm));
+ if (ret) {
+ if (ret == template[i].setkey_error)
+ continue;
+ pr_err("alg: cipher: %s setkey failed on test vector %u; expected_error=%d, actual_error=%d, flags=%#x\n",
+ algo, j, template[i].setkey_error, ret,
+ crypto_cipher_get_flags(tfm));
goto out;
- } else if (ret)
- continue;
+ }
+ if (template[i].setkey_error) {
+ pr_err("alg: cipher: %s setkey unexpectedly succeeded on test vector %u; expected_error=%d\n",
+ algo, j, template[i].setkey_error);
+ ret = -EINVAL;
+ goto out;
+ }
for (k = 0; k < template[i].len;
k += crypto_cipher_blocksize(tfm)) {
@@ -1096,286 +2431,470 @@
return ret;
}
-static int __test_skcipher(struct crypto_skcipher *tfm, int enc,
- const struct cipher_testvec *template,
- unsigned int tcount,
- const bool diff_dst, const int align_offset)
+static int test_skcipher_vec_cfg(const char *driver, int enc,
+ const struct cipher_testvec *vec,
+ const char *vec_name,
+ const struct testvec_config *cfg,
+ struct skcipher_request *req,
+ struct cipher_test_sglists *tsgls)
{
- const char *algo =
- crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm));
- unsigned int i, j, k, n, temp;
- char *q;
- struct skcipher_request *req;
- struct scatterlist sg[8];
- struct scatterlist sgout[8];
- const char *e, *d;
- struct crypto_wait wait;
- const char *input, *result;
- void *data;
- char iv[MAX_IVLEN];
- char *xbuf[XBUFSIZE];
- char *xoutbuf[XBUFSIZE];
- int ret = -ENOMEM;
- unsigned int ivsize = crypto_skcipher_ivsize(tfm);
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const unsigned int alignmask = crypto_skcipher_alignmask(tfm);
+ const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
+ const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags;
+ const char *op = enc ? "encryption" : "decryption";
+ DECLARE_CRYPTO_WAIT(wait);
+ u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN];
+ u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) +
+ cfg->iv_offset +
+ (cfg->iv_offset_relative_to_alignmask ? alignmask : 0);
+ struct kvec input;
+ int err;
- if (testmgr_alloc_buf(xbuf))
- goto out_nobuf;
-
- if (diff_dst && testmgr_alloc_buf(xoutbuf))
- goto out_nooutbuf;
-
- if (diff_dst)
- d = "-ddst";
+ /* Set the key */
+ if (vec->wk)
+ crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
else
- d = "";
-
- if (enc == ENCRYPT)
- e = "encryption";
- else
- e = "decryption";
-
- crypto_init_wait(&wait);
-
- req = skcipher_request_alloc(tfm, GFP_KERNEL);
- if (!req) {
- pr_err("alg: skcipher%s: Failed to allocate request for %s\n",
- d, algo);
- goto out;
+ crypto_skcipher_clear_flags(tfm,
+ CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
+ err = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
+ if (err) {
+ if (err == vec->setkey_error)
+ return 0;
+ pr_err("alg: skcipher: %s setkey failed on test vector %s; expected_error=%d, actual_error=%d, flags=%#x\n",
+ driver, vec_name, vec->setkey_error, err,
+ crypto_skcipher_get_flags(tfm));
+ return err;
+ }
+ if (vec->setkey_error) {
+ pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %s; expected_error=%d\n",
+ driver, vec_name, vec->setkey_error);
+ return -EINVAL;
}
- skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
- crypto_req_done, &wait);
-
- j = 0;
- for (i = 0; i < tcount; i++) {
- if (template[i].np && !template[i].also_non_np)
- continue;
-
- if (fips_enabled && template[i].fips_skip)
- continue;
-
- if (template[i].iv && !(template[i].generates_iv && enc))
- memcpy(iv, template[i].iv, ivsize);
+ /* The IV must be copied to a buffer, as the algorithm may modify it */
+ if (ivsize) {
+ if (WARN_ON(ivsize > MAX_IVLEN))
+ return -EINVAL;
+ if (vec->generates_iv && !enc)
+ memcpy(iv, vec->iv_out, ivsize);
+ else if (vec->iv)
+ memcpy(iv, vec->iv, ivsize);
else
- memset(iv, 0, MAX_IVLEN);
-
- input = enc ? template[i].ptext : template[i].ctext;
- result = enc ? template[i].ctext : template[i].ptext;
- j++;
- ret = -EINVAL;
- if (WARN_ON(align_offset + template[i].len > PAGE_SIZE))
- goto out;
-
- data = xbuf[0];
- data += align_offset;
- memcpy(data, input, template[i].len);
-
- crypto_skcipher_clear_flags(tfm, ~0);
- if (template[i].wk)
- crypto_skcipher_set_flags(tfm,
- CRYPTO_TFM_REQ_WEAK_KEY);
-
- ret = crypto_skcipher_setkey(tfm, template[i].key,
- template[i].klen);
- if (template[i].fail == !ret) {
- pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n",
- d, j, algo, crypto_skcipher_get_flags(tfm));
- goto out;
- } else if (ret)
- continue;
-
- sg_init_one(&sg[0], data, template[i].len);
- if (diff_dst) {
- data = xoutbuf[0];
- data += align_offset;
- sg_init_one(&sgout[0], data, template[i].len);
+ memset(iv, 0, ivsize);
+ } else {
+ if (vec->generates_iv) {
+ pr_err("alg: skcipher: %s has ivsize=0 but test vector %s generates IV!\n",
+ driver, vec_name);
+ return -EINVAL;
}
-
- skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
- template[i].len, iv);
- ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
- crypto_skcipher_decrypt(req), &wait);
-
- if (ret) {
- pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n",
- d, e, j, algo, -ret);
- goto out;
- }
-
- q = data;
- if (memcmp(q, result, template[i].len)) {
- pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n",
- d, j, e, algo);
- hexdump(q, template[i].len);
- ret = -EINVAL;
- goto out;
- }
-
- if (template[i].generates_iv && enc &&
- memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) {
- pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n",
- d, j, e, algo);
- hexdump(iv, crypto_skcipher_ivsize(tfm));
- ret = -EINVAL;
- goto out;
- }
+ iv = NULL;
}
- j = 0;
- for (i = 0; i < tcount; i++) {
- /* alignment tests are only done with continuous buffers */
- if (align_offset != 0)
- break;
-
- if (!template[i].np)
- continue;
-
- if (fips_enabled && template[i].fips_skip)
- continue;
-
- if (template[i].iv && !(template[i].generates_iv && enc))
- memcpy(iv, template[i].iv, ivsize);
- else
- memset(iv, 0, MAX_IVLEN);
-
- input = enc ? template[i].ptext : template[i].ctext;
- result = enc ? template[i].ctext : template[i].ptext;
- j++;
- crypto_skcipher_clear_flags(tfm, ~0);
- if (template[i].wk)
- crypto_skcipher_set_flags(tfm,
- CRYPTO_TFM_REQ_WEAK_KEY);
-
- ret = crypto_skcipher_setkey(tfm, template[i].key,
- template[i].klen);
- if (template[i].fail == !ret) {
- pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n",
- d, j, algo, crypto_skcipher_get_flags(tfm));
- goto out;
- } else if (ret)
- continue;
-
- temp = 0;
- ret = -EINVAL;
- sg_init_table(sg, template[i].np);
- if (diff_dst)
- sg_init_table(sgout, template[i].np);
- for (k = 0; k < template[i].np; k++) {
- if (WARN_ON(offset_in_page(IDX[k]) +
- template[i].tap[k] > PAGE_SIZE))
- goto out;
-
- q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]);
-
- memcpy(q, input + temp, template[i].tap[k]);
-
- if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE)
- q[template[i].tap[k]] = 0;
-
- sg_set_buf(&sg[k], q, template[i].tap[k]);
- if (diff_dst) {
- q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]);
-
- sg_set_buf(&sgout[k], q, template[i].tap[k]);
-
- memset(q, 0, template[i].tap[k]);
- if (offset_in_page(q) +
- template[i].tap[k] < PAGE_SIZE)
- q[template[i].tap[k]] = 0;
- }
-
- temp += template[i].tap[k];
- }
-
- skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg,
- template[i].len, iv);
-
- ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) :
- crypto_skcipher_decrypt(req), &wait);
-
- if (ret) {
- pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n",
- d, e, j, algo, -ret);
- goto out;
- }
-
- temp = 0;
- ret = -EINVAL;
- for (k = 0; k < template[i].np; k++) {
- if (diff_dst)
- q = xoutbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]);
- else
- q = xbuf[IDX[k] >> PAGE_SHIFT] +
- offset_in_page(IDX[k]);
-
- if (memcmp(q, result + temp, template[i].tap[k])) {
- pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n",
- d, j, e, k, algo);
- hexdump(q, template[i].tap[k]);
- goto out;
- }
-
- q += template[i].tap[k];
- for (n = 0; offset_in_page(q + n) && q[n]; n++)
- ;
- if (n) {
- pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n",
- d, j, e, k, algo, n);
- hexdump(q, n);
- goto out;
- }
- temp += template[i].tap[k];
- }
+ /* Build the src/dst scatterlists */
+ input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext;
+ input.iov_len = vec->len;
+ err = build_cipher_test_sglists(tsgls, cfg, alignmask,
+ vec->len, vec->len, &input, 1);
+ if (err) {
+ pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return err;
}
- ret = 0;
+ /* Do the actual encryption or decryption */
+ testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm));
+ skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait);
+ skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr,
+ vec->len, iv);
+ if (cfg->nosimd)
+ crypto_disable_simd_for_test();
+ err = enc ? crypto_skcipher_encrypt(req) : crypto_skcipher_decrypt(req);
+ if (cfg->nosimd)
+ crypto_reenable_simd_for_test();
+ err = crypto_wait_req(err, &wait);
-out:
- skcipher_request_free(req);
- if (diff_dst)
- testmgr_free_buf(xoutbuf);
-out_nooutbuf:
- testmgr_free_buf(xbuf);
-out_nobuf:
- return ret;
-}
+ /* Check that the algorithm didn't overwrite things it shouldn't have */
+ if (req->cryptlen != vec->len ||
+ req->iv != iv ||
+ req->src != tsgls->src.sgl_ptr ||
+ req->dst != tsgls->dst.sgl_ptr ||
+ crypto_skcipher_reqtfm(req) != tfm ||
+ req->base.complete != crypto_req_done ||
+ req->base.flags != req_flags ||
+ req->base.data != &wait) {
+ pr_err("alg: skcipher: %s %s corrupted request struct on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ if (req->cryptlen != vec->len)
+ pr_err("alg: skcipher: changed 'req->cryptlen'\n");
+ if (req->iv != iv)
+ pr_err("alg: skcipher: changed 'req->iv'\n");
+ if (req->src != tsgls->src.sgl_ptr)
+ pr_err("alg: skcipher: changed 'req->src'\n");
+ if (req->dst != tsgls->dst.sgl_ptr)
+ pr_err("alg: skcipher: changed 'req->dst'\n");
+ if (crypto_skcipher_reqtfm(req) != tfm)
+ pr_err("alg: skcipher: changed 'req->base.tfm'\n");
+ if (req->base.complete != crypto_req_done)
+ pr_err("alg: skcipher: changed 'req->base.complete'\n");
+ if (req->base.flags != req_flags)
+ pr_err("alg: skcipher: changed 'req->base.flags'\n");
+ if (req->base.data != &wait)
+ pr_err("alg: skcipher: changed 'req->base.data'\n");
+ return -EINVAL;
+ }
+ if (is_test_sglist_corrupted(&tsgls->src)) {
+ pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return -EINVAL;
+ }
+ if (tsgls->dst.sgl_ptr != tsgls->src.sgl &&
+ is_test_sglist_corrupted(&tsgls->dst)) {
+ pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return -EINVAL;
+ }
-static int test_skcipher(struct crypto_skcipher *tfm, int enc,
- const struct cipher_testvec *template,
- unsigned int tcount)
-{
- unsigned int alignmask;
- int ret;
+ /* Check for success or failure */
+ if (err) {
+ if (err == vec->crypt_error)
+ return 0;
+ pr_err("alg: skcipher: %s %s failed on test vector %s; expected_error=%d, actual_error=%d, cfg=\"%s\"\n",
+ driver, op, vec_name, vec->crypt_error, err, cfg->name);
+ return err;
+ }
+ if (vec->crypt_error) {
+ pr_err("alg: skcipher: %s %s unexpectedly succeeded on test vector %s; expected_error=%d, cfg=\"%s\"\n",
+ driver, op, vec_name, vec->crypt_error, cfg->name);
+ return -EINVAL;
+ }
- /* test 'dst == src' case */
- ret = __test_skcipher(tfm, enc, template, tcount, false, 0);
- if (ret)
- return ret;
+ /* Check for the correct output (ciphertext or plaintext) */
+ err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext,
+ vec->len, 0, true);
+ if (err == -EOVERFLOW) {
+ pr_err("alg: skcipher: %s %s overran dst buffer on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return err;
+ }
+ if (err) {
+ pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ return err;
+ }
- /* test 'dst != src' case */
- ret = __test_skcipher(tfm, enc, template, tcount, true, 0);
- if (ret)
- return ret;
-
- /* test unaligned buffers, check with one byte offset */
- ret = __test_skcipher(tfm, enc, template, tcount, true, 1);
- if (ret)
- return ret;
-
- alignmask = crypto_tfm_alg_alignmask(&tfm->base);
- if (alignmask) {
- /* Check if alignment mask for tfm is correctly set. */
- ret = __test_skcipher(tfm, enc, template, tcount, true,
- alignmask + 1);
- if (ret)
- return ret;
+ /* If applicable, check that the algorithm generated the correct IV */
+ if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) {
+ pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %s, cfg=\"%s\"\n",
+ driver, op, vec_name, cfg->name);
+ hexdump(iv, ivsize);
+ return -EINVAL;
}
return 0;
}
+static int test_skcipher_vec(const char *driver, int enc,
+ const struct cipher_testvec *vec,
+ unsigned int vec_num,
+ struct skcipher_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ char vec_name[16];
+ unsigned int i;
+ int err;
+
+ if (fips_enabled && vec->fips_skip)
+ return 0;
+
+ sprintf(vec_name, "%u", vec_num);
+
+ for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) {
+ err = test_skcipher_vec_cfg(driver, enc, vec, vec_name,
+ &default_cipher_testvec_configs[i],
+ req, tsgls);
+ if (err)
+ return err;
+ }
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+ if (!noextratests) {
+ struct testvec_config cfg;
+ char cfgname[TESTVEC_CONFIG_NAMELEN];
+
+ for (i = 0; i < fuzz_iterations; i++) {
+ generate_random_testvec_config(&cfg, cfgname,
+ sizeof(cfgname));
+ err = test_skcipher_vec_cfg(driver, enc, vec, vec_name,
+ &cfg, req, tsgls);
+ if (err)
+ return err;
+ cond_resched();
+ }
+ }
+#endif
+ return 0;
+}
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+/*
+ * Generate a symmetric cipher test vector from the given implementation.
+ * Assumes the buffers in 'vec' were already allocated.
+ */
+static void generate_random_cipher_testvec(struct skcipher_request *req,
+ struct cipher_testvec *vec,
+ unsigned int maxdatasize,
+ char *name, size_t max_namelen)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const unsigned int maxkeysize = tfm->keysize;
+ const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
+ struct scatterlist src, dst;
+ u8 iv[MAX_IVLEN];
+ DECLARE_CRYPTO_WAIT(wait);
+
+ /* Key: length in [0, maxkeysize], but usually choose maxkeysize */
+ vec->klen = maxkeysize;
+ if (prandom_u32() % 4 == 0)
+ vec->klen = prandom_u32() % (maxkeysize + 1);
+ generate_random_bytes((u8 *)vec->key, vec->klen);
+ vec->setkey_error = crypto_skcipher_setkey(tfm, vec->key, vec->klen);
+
+ /* IV */
+ generate_random_bytes((u8 *)vec->iv, ivsize);
+
+ /* Plaintext */
+ vec->len = generate_random_length(maxdatasize);
+ generate_random_bytes((u8 *)vec->ptext, vec->len);
+
+ /* If the key couldn't be set, no need to continue to encrypt. */
+ if (vec->setkey_error)
+ goto done;
+
+ /* Ciphertext */
+ sg_init_one(&src, vec->ptext, vec->len);
+ sg_init_one(&dst, vec->ctext, vec->len);
+ memcpy(iv, vec->iv, ivsize);
+ skcipher_request_set_callback(req, 0, crypto_req_done, &wait);
+ skcipher_request_set_crypt(req, &src, &dst, vec->len, iv);
+ vec->crypt_error = crypto_wait_req(crypto_skcipher_encrypt(req), &wait);
+done:
+ snprintf(name, max_namelen, "\"random: len=%u klen=%u\"",
+ vec->len, vec->klen);
+}
+
+/*
+ * Test the skcipher algorithm represented by @req against the corresponding
+ * generic implementation, if one is available.
+ */
+static int test_skcipher_vs_generic_impl(const char *driver,
+ const char *generic_driver,
+ struct skcipher_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const unsigned int ivsize = crypto_skcipher_ivsize(tfm);
+ const unsigned int blocksize = crypto_skcipher_blocksize(tfm);
+ const unsigned int maxdatasize = (2 * PAGE_SIZE) - TESTMGR_POISON_LEN;
+ const char *algname = crypto_skcipher_alg(tfm)->base.cra_name;
+ char _generic_driver[CRYPTO_MAX_ALG_NAME];
+ struct crypto_skcipher *generic_tfm = NULL;
+ struct skcipher_request *generic_req = NULL;
+ unsigned int i;
+ struct cipher_testvec vec = { 0 };
+ char vec_name[64];
+ struct testvec_config *cfg;
+ char cfgname[TESTVEC_CONFIG_NAMELEN];
+ int err;
+
+ if (noextratests)
+ return 0;
+
+ /* Keywrap isn't supported here yet as it handles its IV differently. */
+ if (strncmp(algname, "kw(", 3) == 0)
+ return 0;
+
+ if (!generic_driver) { /* Use default naming convention? */
+ err = build_generic_driver_name(algname, _generic_driver);
+ if (err)
+ return err;
+ generic_driver = _generic_driver;
+ }
+
+ if (strcmp(generic_driver, driver) == 0) /* Already the generic impl? */
+ return 0;
+
+ generic_tfm = crypto_alloc_skcipher(generic_driver, 0, 0);
+ if (IS_ERR(generic_tfm)) {
+ err = PTR_ERR(generic_tfm);
+ if (err == -ENOENT) {
+ pr_warn("alg: skcipher: skipping comparison tests for %s because %s is unavailable\n",
+ driver, generic_driver);
+ return 0;
+ }
+ pr_err("alg: skcipher: error allocating %s (generic impl of %s): %d\n",
+ generic_driver, algname, err);
+ return err;
+ }
+
+ cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
+ if (!cfg) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ generic_req = skcipher_request_alloc(generic_tfm, GFP_KERNEL);
+ if (!generic_req) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ /* Check the algorithm properties for consistency. */
+
+ if (tfm->keysize != generic_tfm->keysize) {
+ pr_err("alg: skcipher: max keysize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, tfm->keysize, generic_tfm->keysize);
+ err = -EINVAL;
+ goto out;
+ }
+
+ if (ivsize != crypto_skcipher_ivsize(generic_tfm)) {
+ pr_err("alg: skcipher: ivsize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, ivsize, crypto_skcipher_ivsize(generic_tfm));
+ err = -EINVAL;
+ goto out;
+ }
+
+ if (blocksize != crypto_skcipher_blocksize(generic_tfm)) {
+ pr_err("alg: skcipher: blocksize for %s (%u) doesn't match generic impl (%u)\n",
+ driver, blocksize,
+ crypto_skcipher_blocksize(generic_tfm));
+ err = -EINVAL;
+ goto out;
+ }
+
+ /*
+ * Now generate test vectors using the generic implementation, and test
+ * the other implementation against them.
+ */
+
+ vec.key = kmalloc(tfm->keysize, GFP_KERNEL);
+ vec.iv = kmalloc(ivsize, GFP_KERNEL);
+ vec.ptext = kmalloc(maxdatasize, GFP_KERNEL);
+ vec.ctext = kmalloc(maxdatasize, GFP_KERNEL);
+ if (!vec.key || !vec.iv || !vec.ptext || !vec.ctext) {
+ err = -ENOMEM;
+ goto out;
+ }
+
+ for (i = 0; i < fuzz_iterations * 8; i++) {
+ generate_random_cipher_testvec(generic_req, &vec, maxdatasize,
+ vec_name, sizeof(vec_name));
+ generate_random_testvec_config(cfg, cfgname, sizeof(cfgname));
+
+ err = test_skcipher_vec_cfg(driver, ENCRYPT, &vec, vec_name,
+ cfg, req, tsgls);
+ if (err)
+ goto out;
+ err = test_skcipher_vec_cfg(driver, DECRYPT, &vec, vec_name,
+ cfg, req, tsgls);
+ if (err)
+ goto out;
+ cond_resched();
+ }
+ err = 0;
+out:
+ kfree(cfg);
+ kfree(vec.key);
+ kfree(vec.iv);
+ kfree(vec.ptext);
+ kfree(vec.ctext);
+ crypto_free_skcipher(generic_tfm);
+ skcipher_request_free(generic_req);
+ return err;
+}
+#else /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+static int test_skcipher_vs_generic_impl(const char *driver,
+ const char *generic_driver,
+ struct skcipher_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ return 0;
+}
+#endif /* !CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */
+
+static int test_skcipher(const char *driver, int enc,
+ const struct cipher_test_suite *suite,
+ struct skcipher_request *req,
+ struct cipher_test_sglists *tsgls)
+{
+ unsigned int i;
+ int err;
+
+ for (i = 0; i < suite->count; i++) {
+ err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req,
+ tsgls);
+ if (err)
+ return err;
+ cond_resched();
+ }
+ return 0;
+}
+
+static int alg_test_skcipher(const struct alg_test_desc *desc,
+ const char *driver, u32 type, u32 mask)
+{
+ const struct cipher_test_suite *suite = &desc->suite.cipher;
+ struct crypto_skcipher *tfm;
+ struct skcipher_request *req = NULL;
+ struct cipher_test_sglists *tsgls = NULL;
+ int err;
+
+ if (suite->count <= 0) {
+ pr_err("alg: skcipher: empty test suite for %s\n", driver);
+ return -EINVAL;
+ }
+
+ tfm = crypto_alloc_skcipher(driver, type, mask);
+ if (IS_ERR(tfm)) {
+ pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n",
+ driver, PTR_ERR(tfm));
+ return PTR_ERR(tfm);
+ }
+
+ req = skcipher_request_alloc(tfm, GFP_KERNEL);
+ if (!req) {
+ pr_err("alg: skcipher: failed to allocate request for %s\n",
+ driver);
+ err = -ENOMEM;
+ goto out;
+ }
+
+ tsgls = alloc_cipher_test_sglists();
+ if (!tsgls) {
+ pr_err("alg: skcipher: failed to allocate test buffers for %s\n",
+ driver);
+ err = -ENOMEM;
+ goto out;
+ }
+
+ err = test_skcipher(driver, ENCRYPT, suite, req, tsgls);
+ if (err)
+ goto out;
+
+ err = test_skcipher(driver, DECRYPT, suite, req, tsgls);
+ if (err)
+ goto out;
+
+ err = test_skcipher_vs_generic_impl(driver, desc->generic_driver, req,
+ tsgls);
+out:
+ free_cipher_test_sglists(tsgls);
+ skcipher_request_free(req);
+ crypto_free_skcipher(tfm);
+ return err;
+}
+
static int test_comp(struct crypto_comp *tfm,
const struct comp_testvec *ctemplate,
const struct comp_testvec *dtemplate,
@@ -1400,8 +2919,8 @@
int ilen;
unsigned int dlen = COMP_BUF_SIZE;
- memset(output, 0, sizeof(COMP_BUF_SIZE));
- memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
+ memset(output, 0, COMP_BUF_SIZE);
+ memset(decomp_output, 0, COMP_BUF_SIZE);
ilen = ctemplate[i].inlen;
ret = crypto_comp_compress(tfm, ctemplate[i].input,
@@ -1445,7 +2964,7 @@
int ilen;
unsigned int dlen = COMP_BUF_SIZE;
- memset(decomp_output, 0, sizeof(COMP_BUF_SIZE));
+ memset(decomp_output, 0, COMP_BUF_SIZE);
ilen = dtemplate[i].inlen;
ret = crypto_comp_decompress(tfm, dtemplate[i].input,
@@ -1713,35 +3232,6 @@
return err;
}
-static int alg_test_aead(const struct alg_test_desc *desc, const char *driver,
- u32 type, u32 mask)
-{
- struct crypto_aead *tfm;
- int err = 0;
-
- tfm = crypto_alloc_aead(driver, type, mask);
- if (IS_ERR(tfm)) {
- printk(KERN_ERR "alg: aead: Failed to load transform for %s: "
- "%ld\n", driver, PTR_ERR(tfm));
- return PTR_ERR(tfm);
- }
-
- if (desc->suite.aead.enc.vecs) {
- err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs,
- desc->suite.aead.enc.count);
- if (err)
- goto out;
- }
-
- if (!err && desc->suite.aead.dec.vecs)
- err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs,
- desc->suite.aead.dec.count);
-
-out:
- crypto_free_aead(tfm);
- return err;
-}
-
static int alg_test_cipher(const struct alg_test_desc *desc,
const char *driver, u32 type, u32 mask)
{
@@ -1764,28 +3254,6 @@
return err;
}
-static int alg_test_skcipher(const struct alg_test_desc *desc,
- const char *driver, u32 type, u32 mask)
-{
- const struct cipher_test_suite *suite = &desc->suite.cipher;
- struct crypto_skcipher *tfm;
- int err;
-
- tfm = crypto_alloc_skcipher(driver, type, mask);
- if (IS_ERR(tfm)) {
- printk(KERN_ERR "alg: skcipher: Failed to load transform for "
- "%s: %ld\n", driver, PTR_ERR(tfm));
- return PTR_ERR(tfm);
- }
-
- err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count);
- if (!err)
- err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count);
-
- crypto_free_skcipher(tfm);
- return err;
-}
-
static int alg_test_comp(const struct alg_test_desc *desc, const char *driver,
u32 type, u32 mask)
{
@@ -1824,84 +3292,30 @@
return err;
}
-static int __alg_test_hash(const struct hash_testvec *template,
- unsigned int tcount, const char *driver,
- u32 type, u32 mask)
-{
- struct crypto_ahash *tfm;
- int err;
-
- tfm = crypto_alloc_ahash(driver, type, mask);
- if (IS_ERR(tfm)) {
- printk(KERN_ERR "alg: hash: Failed to load transform for %s: "
- "%ld\n", driver, PTR_ERR(tfm));
- return PTR_ERR(tfm);
- }
-
- err = test_hash(tfm, template, tcount, HASH_TEST_DIGEST);
- if (!err)
- err = test_hash(tfm, template, tcount, HASH_TEST_FINAL);
- if (!err)
- err = test_hash(tfm, template, tcount, HASH_TEST_FINUP);
- crypto_free_ahash(tfm);
- return err;
-}
-
-static int alg_test_hash(const struct alg_test_desc *desc, const char *driver,
- u32 type, u32 mask)
-{
- const struct hash_testvec *template = desc->suite.hash.vecs;
- unsigned int tcount = desc->suite.hash.count;
- unsigned int nr_unkeyed, nr_keyed;
- int err;
-
- /*
- * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests
- * first, before setting a key on the tfm. To make this easier, we
- * require that the unkeyed test vectors (if any) are listed first.
- */
-
- for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) {
- if (template[nr_unkeyed].ksize)
- break;
- }
- for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) {
- if (!template[nr_unkeyed + nr_keyed].ksize) {
- pr_err("alg: hash: test vectors for %s out of order, "
- "unkeyed ones must come first\n", desc->alg);
- return -EINVAL;
- }
- }
-
- err = 0;
- if (nr_unkeyed) {
- err = __alg_test_hash(template, nr_unkeyed, driver, type, mask);
- template += nr_unkeyed;
- }
-
- if (!err && nr_keyed)
- err = __alg_test_hash(template, nr_keyed, driver, type, mask);
-
- return err;
-}
-
static int alg_test_crc32c(const struct alg_test_desc *desc,
const char *driver, u32 type, u32 mask)
{
struct crypto_shash *tfm;
- u32 val;
+ __le32 val;
int err;
err = alg_test_hash(desc, driver, type, mask);
if (err)
- goto out;
+ return err;
tfm = crypto_alloc_shash(driver, type, mask);
if (IS_ERR(tfm)) {
+ if (PTR_ERR(tfm) == -ENOENT) {
+ /*
+ * This crc32c implementation is only available through
+ * ahash API, not the shash API, so the remaining part
+ * of the test is not applicable to it.
+ */
+ return 0;
+ }
printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: "
"%ld\n", driver, PTR_ERR(tfm));
- err = PTR_ERR(tfm);
- goto out;
+ return PTR_ERR(tfm);
}
do {
@@ -1909,9 +3323,8 @@
u32 *ctx = (u32 *)shash_desc_ctx(shash);
shash->tfm = tfm;
- shash->flags = 0;
- *ctx = le32_to_cpu(420553207);
+ *ctx = 420553207;
err = crypto_shash_final(shash, (u8 *)&val);
if (err) {
printk(KERN_ERR "alg: crc32c: Operation failed for "
@@ -1919,16 +3332,15 @@
break;
}
- if (val != ~420553207) {
- printk(KERN_ERR "alg: crc32c: Test failed for %s: "
- "%d\n", driver, val);
+ if (val != cpu_to_le32(~420553207)) {
+ pr_err("alg: crc32c: Test failed for %s: %u\n",
+ driver, le32_to_cpu(val));
err = -EINVAL;
}
} while (0);
crypto_free_shash(tfm);
-out:
return err;
}
@@ -2094,12 +3506,11 @@
if (vec->genkey) {
/* Save party A's public key */
- a_public = kzalloc(out_len_max, GFP_KERNEL);
+ a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL);
if (!a_public) {
err = -ENOMEM;
goto free_output;
}
- memcpy(a_public, sg_virt(req->dst), out_len_max);
} else {
/* Verify calculated public key */
if (memcmp(vec->expected_a_public, sg_virt(req->dst),
@@ -2112,13 +3523,12 @@
}
/* Calculate shared secret key by using counter part (b) public key. */
- input_buf = kzalloc(vec->b_public_size, GFP_KERNEL);
+ input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL);
if (!input_buf) {
err = -ENOMEM;
goto free_output;
}
- memcpy(input_buf, vec->b_public, vec->b_public_size);
sg_init_one(&src, input_buf, vec->b_public_size);
sg_init_one(&dst, output_buf, out_len_max);
kpp_request_set_input(req, &src, vec->b_public_size);
@@ -2134,12 +3544,11 @@
if (vec->genkey) {
/* Save the shared secret obtained by party A */
- a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL);
+ a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL);
if (!a_ss) {
err = -ENOMEM;
goto free_all;
}
- memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size);
/*
* Calculate party B's shared secret by using party A's
@@ -2227,6 +3636,12 @@
return err;
}
+static u8 *test_pack_u32(u8 *dst, u32 val)
+{
+ memcpy(dst, &val, sizeof(val));
+ return dst + sizeof(val);
+}
+
static int test_akcipher_one(struct crypto_akcipher *tfm,
const struct akcipher_testvec *vecs)
{
@@ -2237,7 +3652,11 @@
struct crypto_wait wait;
unsigned int out_len_max, out_len = 0;
int err = -ENOMEM;
- struct scatterlist src, dst, src_tab[2];
+ struct scatterlist src, dst, src_tab[3];
+ const char *m, *c;
+ unsigned int m_size, c_size;
+ const char *op;
+ u8 *key, *ptr;
if (testmgr_alloc_buf(xbuf))
return err;
@@ -2248,57 +3667,101 @@
crypto_init_wait(&wait);
+ key = kmalloc(vecs->key_len + sizeof(u32) * 2 + vecs->param_len,
+ GFP_KERNEL);
+ if (!key)
+ goto free_xbuf;
+ memcpy(key, vecs->key, vecs->key_len);
+ ptr = key + vecs->key_len;
+ ptr = test_pack_u32(ptr, vecs->algo);
+ ptr = test_pack_u32(ptr, vecs->param_len);
+ memcpy(ptr, vecs->params, vecs->param_len);
+
if (vecs->public_key_vec)
- err = crypto_akcipher_set_pub_key(tfm, vecs->key,
- vecs->key_len);
+ err = crypto_akcipher_set_pub_key(tfm, key, vecs->key_len);
else
- err = crypto_akcipher_set_priv_key(tfm, vecs->key,
- vecs->key_len);
+ err = crypto_akcipher_set_priv_key(tfm, key, vecs->key_len);
if (err)
goto free_req;
+ /*
+ * First run test which do not require a private key, such as
+ * encrypt or verify.
+ */
err = -ENOMEM;
out_len_max = crypto_akcipher_maxsize(tfm);
outbuf_enc = kzalloc(out_len_max, GFP_KERNEL);
if (!outbuf_enc)
goto free_req;
- if (WARN_ON(vecs->m_size > PAGE_SIZE))
+ if (!vecs->siggen_sigver_test) {
+ m = vecs->m;
+ m_size = vecs->m_size;
+ c = vecs->c;
+ c_size = vecs->c_size;
+ op = "encrypt";
+ } else {
+ /* Swap args so we could keep plaintext (digest)
+ * in vecs->m, and cooked signature in vecs->c.
+ */
+ m = vecs->c; /* signature */
+ m_size = vecs->c_size;
+ c = vecs->m; /* digest */
+ c_size = vecs->m_size;
+ op = "verify";
+ }
+
+ if (WARN_ON(m_size > PAGE_SIZE))
goto free_all;
+ memcpy(xbuf[0], m, m_size);
- memcpy(xbuf[0], vecs->m, vecs->m_size);
-
- sg_init_table(src_tab, 2);
+ sg_init_table(src_tab, 3);
sg_set_buf(&src_tab[0], xbuf[0], 8);
- sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8);
- sg_init_one(&dst, outbuf_enc, out_len_max);
- akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size,
- out_len_max);
+ sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8);
+ if (vecs->siggen_sigver_test) {
+ if (WARN_ON(c_size > PAGE_SIZE))
+ goto free_all;
+ memcpy(xbuf[1], c, c_size);
+ sg_set_buf(&src_tab[2], xbuf[1], c_size);
+ akcipher_request_set_crypt(req, src_tab, NULL, m_size, c_size);
+ } else {
+ sg_init_one(&dst, outbuf_enc, out_len_max);
+ akcipher_request_set_crypt(req, src_tab, &dst, m_size,
+ out_len_max);
+ }
akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
crypto_req_done, &wait);
err = crypto_wait_req(vecs->siggen_sigver_test ?
- /* Run asymmetric signature generation */
- crypto_akcipher_sign(req) :
+ /* Run asymmetric signature verification */
+ crypto_akcipher_verify(req) :
/* Run asymmetric encrypt */
crypto_akcipher_encrypt(req), &wait);
if (err) {
- pr_err("alg: akcipher: encrypt test failed. err %d\n", err);
+ pr_err("alg: akcipher: %s test failed. err %d\n", op, err);
goto free_all;
}
- if (req->dst_len != vecs->c_size) {
- pr_err("alg: akcipher: encrypt test failed. Invalid output len\n");
- err = -EINVAL;
- goto free_all;
+ if (!vecs->siggen_sigver_test) {
+ if (req->dst_len != c_size) {
+ pr_err("alg: akcipher: %s test failed. Invalid output len\n",
+ op);
+ err = -EINVAL;
+ goto free_all;
+ }
+ /* verify that encrypted message is equal to expected */
+ if (memcmp(c, outbuf_enc, c_size) != 0) {
+ pr_err("alg: akcipher: %s test failed. Invalid output\n",
+ op);
+ hexdump(outbuf_enc, c_size);
+ err = -EINVAL;
+ goto free_all;
+ }
}
- /* verify that encrypted message is equal to expected */
- if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) {
- pr_err("alg: akcipher: encrypt test failed. Invalid output\n");
- hexdump(outbuf_enc, vecs->c_size);
- err = -EINVAL;
- goto free_all;
- }
- /* Don't invoke decrypt for vectors with public key */
+
+ /*
+ * Don't invoke (decrypt or sign) test which require a private key
+ * for vectors with only a public key.
+ */
if (vecs->public_key_vec) {
err = 0;
goto free_all;
@@ -2309,37 +3772,36 @@
goto free_all;
}
- if (WARN_ON(vecs->c_size > PAGE_SIZE))
+ op = vecs->siggen_sigver_test ? "sign" : "decrypt";
+ if (WARN_ON(c_size > PAGE_SIZE))
goto free_all;
+ memcpy(xbuf[0], c, c_size);
- memcpy(xbuf[0], vecs->c, vecs->c_size);
-
- sg_init_one(&src, xbuf[0], vecs->c_size);
+ sg_init_one(&src, xbuf[0], c_size);
sg_init_one(&dst, outbuf_dec, out_len_max);
crypto_init_wait(&wait);
- akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max);
+ akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max);
err = crypto_wait_req(vecs->siggen_sigver_test ?
- /* Run asymmetric signature verification */
- crypto_akcipher_verify(req) :
+ /* Run asymmetric signature generation */
+ crypto_akcipher_sign(req) :
/* Run asymmetric decrypt */
crypto_akcipher_decrypt(req), &wait);
if (err) {
- pr_err("alg: akcipher: decrypt test failed. err %d\n", err);
+ pr_err("alg: akcipher: %s test failed. err %d\n", op, err);
goto free_all;
}
out_len = req->dst_len;
- if (out_len < vecs->m_size) {
- pr_err("alg: akcipher: decrypt test failed. "
- "Invalid output len %u\n", out_len);
+ if (out_len < m_size) {
+ pr_err("alg: akcipher: %s test failed. Invalid output len %u\n",
+ op, out_len);
err = -EINVAL;
goto free_all;
}
/* verify that decrypted message is equal to the original msg */
- if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) ||
- memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size,
- vecs->m_size)) {
- pr_err("alg: akcipher: decrypt test failed. Invalid output\n");
+ if (memchr_inv(outbuf_dec, 0, out_len - m_size) ||
+ memcmp(m, outbuf_dec + out_len - m_size, m_size)) {
+ pr_err("alg: akcipher: %s test failed. Invalid output\n", op);
hexdump(outbuf_dec, out_len);
err = -EINVAL;
}
@@ -2348,6 +3810,7 @@
kfree(outbuf_enc);
free_req:
akcipher_request_free(req);
+ kfree(key);
free_xbuf:
testmgr_free_buf(xbuf);
return err;
@@ -2404,31 +3867,24 @@
/* Please keep this list sorted by algorithm name. */
static const struct alg_test_desc alg_test_descs[] = {
{
+ .alg = "adiantum(xchacha12,aes)",
+ .generic_driver = "adiantum(xchacha12-generic,aes-generic,nhpoly1305-generic)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(adiantum_xchacha12_aes_tv_template)
+ },
+ }, {
+ .alg = "adiantum(xchacha20,aes)",
+ .generic_driver = "adiantum(xchacha20-generic,aes-generic,nhpoly1305-generic)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(adiantum_xchacha20_aes_tv_template)
+ },
+ }, {
.alg = "aegis128",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(aegis128_enc_tv_template),
- .dec = __VECS(aegis128_dec_tv_template),
- }
- }
- }, {
- .alg = "aegis128l",
- .test = alg_test_aead,
- .suite = {
- .aead = {
- .enc = __VECS(aegis128l_enc_tv_template),
- .dec = __VECS(aegis128l_dec_tv_template),
- }
- }
- }, {
- .alg = "aegis256",
- .test = alg_test_aead,
- .suite = {
- .aead = {
- .enc = __VECS(aegis256_enc_tv_template),
- .dec = __VECS(aegis256_dec_tv_template),
- }
+ .aead = __VECS(aegis128_tv_template)
}
}, {
.alg = "ansi_cprng",
@@ -2440,36 +3896,27 @@
.alg = "authenc(hmac(md5),ecb(cipher_null))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template),
- .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template)
- }
+ .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template)
}
}, {
.alg = "authenc(hmac(sha1),cbc(aes))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),ctr(aes))",
@@ -2479,10 +3926,7 @@
.alg = "authenc(hmac(sha1),ecb(cipher_null))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp),
- .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp)
- }
+ .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp)
}
}, {
.alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))",
@@ -2492,44 +3936,34 @@
.alg = "authenc(hmac(sha224),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha224_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha224),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(aes))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha256_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha256_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha256),ctr(aes))",
@@ -2543,18 +3977,14 @@
.alg = "authenc(hmac(sha384),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha384_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha384),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha384),ctr(aes))",
@@ -2569,26 +3999,20 @@
.fips_allowed = 1,
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha512_aes_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),cbc(des))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha512_des_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),cbc(des3_ede))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp)
- }
+ .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp)
}
}, {
.alg = "authenc(hmac(sha512),ctr(aes))",
@@ -2656,12 +4080,24 @@
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ /* Same as cbc(sm4) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "cbc(psm4)",
+ .test = alg_test_null,
+ }, {
.alg = "cbc(serpent)",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(serpent_cbc_tv_template)
},
}, {
+ .alg = "cbc(sm4)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_cbc_tv_template)
+ }
+ }, {
.alg = "cbc(twofish)",
.test = alg_test_skcipher,
.suite = {
@@ -2676,15 +4112,20 @@
}
}, {
.alg = "ccm(aes)",
+ .generic_driver = "ccm_base(ctr(aes-generic),cbcmac(aes-generic))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_ccm_enc_tv_template),
- .dec = __VECS(aes_ccm_dec_tv_template)
- }
+ .aead = __VECS(aes_ccm_tv_template)
}
}, {
+ .alg = "cfb(aes)",
+ .test = alg_test_skcipher,
+ .fips_allowed = 1,
+ .suite = {
+ .cipher = __VECS(aes_cfb_tv_template)
+ },
+ }, {
.alg = "chacha20",
.test = alg_test_skcipher,
.suite = {
@@ -2710,6 +4151,7 @@
}, {
.alg = "crc32",
.test = alg_test_hash,
+ .fips_allowed = 1,
.suite = {
.hash = __VECS(crc32_tv_template)
}
@@ -2779,12 +4221,25 @@
.test = alg_test_null,
.fips_allowed = 1,
}, {
+
+ /* Same as ctr(sm4) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "ctr(psm4)",
+ .test = alg_test_null,
+ }, {
.alg = "ctr(serpent)",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(serpent_ctr_tv_template)
}
}, {
+ .alg = "ctr(sm4)",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(sm4_ctr_tv_template)
+ }
+ }, {
.alg = "ctr(twofish)",
.test = alg_test_skcipher,
.suite = {
@@ -2793,10 +4248,18 @@
}, {
.alg = "cts(cbc(aes))",
.test = alg_test_skcipher,
+ .fips_allowed = 1,
.suite = {
.cipher = __VECS(cts_mode_tv_template)
}
}, {
+ /* Same as cts(cbc((aes)) except the key is stored in
+ * hardware secure memory which we reference by index
+ */
+ .alg = "cts(cbc(paes))",
+ .test = alg_test_null,
+ .fips_allowed = 1,
+ }, {
.alg = "deflate",
.test = alg_test_comp,
.fips_allowed = 1,
@@ -2952,6 +4415,7 @@
}
}, {
.alg = "ecb(arc4)",
+ .generic_driver = "ecb(arc4)-generic",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(arc4_tv_template)
@@ -3075,14 +4539,32 @@
.kpp = __VECS(ecdh_tv_template)
}
}, {
- .alg = "gcm(aes)",
+ .alg = "ecrdsa",
+ .test = alg_test_akcipher,
+ .suite = {
+ .akcipher = __VECS(ecrdsa_tv_template)
+ }
+ }, {
+ .alg = "essiv(authenc(hmac(sha256),cbc(aes)),sha256)",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_gcm_enc_tv_template),
- .dec = __VECS(aes_gcm_dec_tv_template)
- }
+ .aead = __VECS(essiv_hmac_sha256_aes_cbc_tv_temp)
+ }
+ }, {
+ .alg = "essiv(cbc(aes),sha256)",
+ .test = alg_test_skcipher,
+ .fips_allowed = 1,
+ .suite = {
+ .cipher = __VECS(essiv_aes_cbc_tv_template)
+ }
+ }, {
+ .alg = "gcm(aes)",
+ .generic_driver = "gcm_base(ctr(aes-generic),ghash-generic)",
+ .test = alg_test_aead,
+ .fips_allowed = 1,
+ .suite = {
+ .aead = __VECS(aes_gcm_tv_template)
}
}, {
.alg = "ghash",
@@ -3173,6 +4655,18 @@
.hash = __VECS(hmac_sha512_tv_template)
}
}, {
+ .alg = "hmac(streebog256)",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(hmac_streebog256_tv_template)
+ }
+ }, {
+ .alg = "hmac(streebog512)",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(hmac_streebog512_tv_template)
+ }
+ }, {
.alg = "jitterentropy_rng",
.fips_allowed = 1,
.test = alg_test_null,
@@ -3185,30 +4679,35 @@
}
}, {
.alg = "lrw(aes)",
+ .generic_driver = "lrw(ecb(aes-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(aes_lrw_tv_template)
}
}, {
.alg = "lrw(camellia)",
+ .generic_driver = "lrw(ecb(camellia-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(camellia_lrw_tv_template)
}
}, {
.alg = "lrw(cast6)",
+ .generic_driver = "lrw(ecb(cast6-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(cast6_lrw_tv_template)
}
}, {
.alg = "lrw(serpent)",
+ .generic_driver = "lrw(ecb(serpent-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(serpent_lrw_tv_template)
}
}, {
.alg = "lrw(twofish)",
+ .generic_driver = "lrw(ecb(twofish-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(tf_lrw_tv_template)
@@ -3244,6 +4743,16 @@
}
}
}, {
+ .alg = "lzo-rle",
+ .test = alg_test_comp,
+ .fips_allowed = 1,
+ .suite = {
+ .comp = {
+ .comp = __VECS(lzorle_comp_tv_template),
+ .decomp = __VECS(lzorle_decomp_tv_template)
+ }
+ }
+ }, {
.alg = "md4",
.test = alg_test_hash,
.suite = {
@@ -3262,22 +4771,10 @@
.hash = __VECS(michael_mic_tv_template)
}
}, {
- .alg = "morus1280",
- .test = alg_test_aead,
+ .alg = "nhpoly1305",
+ .test = alg_test_hash,
.suite = {
- .aead = {
- .enc = __VECS(morus1280_enc_tv_template),
- .dec = __VECS(morus1280_dec_tv_template),
- }
- }
- }, {
- .alg = "morus640",
- .test = alg_test_aead,
- .suite = {
- .aead = {
- .enc = __VECS(morus640_enc_tv_template),
- .dec = __VECS(morus640_dec_tv_template),
- }
+ .hash = __VECS(nhpoly1305_tv_template)
}
}, {
.alg = "ofb(aes)",
@@ -3333,50 +4830,38 @@
}
}, {
.alg = "rfc4106(gcm(aes))",
+ .generic_driver = "rfc4106(gcm_base(ctr(aes-generic),ghash-generic))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_gcm_rfc4106_enc_tv_template),
- .dec = __VECS(aes_gcm_rfc4106_dec_tv_template)
- }
+ .aead = __VECS(aes_gcm_rfc4106_tv_template)
}
}, {
.alg = "rfc4309(ccm(aes))",
+ .generic_driver = "rfc4309(ccm_base(ctr(aes-generic),cbcmac(aes-generic)))",
.test = alg_test_aead,
.fips_allowed = 1,
.suite = {
- .aead = {
- .enc = __VECS(aes_ccm_rfc4309_enc_tv_template),
- .dec = __VECS(aes_ccm_rfc4309_dec_tv_template)
- }
+ .aead = __VECS(aes_ccm_rfc4309_tv_template)
}
}, {
.alg = "rfc4543(gcm(aes))",
+ .generic_driver = "rfc4543(gcm_base(ctr(aes-generic),ghash-generic))",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(aes_gcm_rfc4543_enc_tv_template),
- .dec = __VECS(aes_gcm_rfc4543_dec_tv_template),
- }
+ .aead = __VECS(aes_gcm_rfc4543_tv_template)
}
}, {
.alg = "rfc7539(chacha20,poly1305)",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(rfc7539_enc_tv_template),
- .dec = __VECS(rfc7539_dec_tv_template),
- }
+ .aead = __VECS(rfc7539_tv_template)
}
}, {
.alg = "rfc7539esp(chacha20,poly1305)",
.test = alg_test_aead,
.suite = {
- .aead = {
- .enc = __VECS(rfc7539esp_enc_tv_template),
- .dec = __VECS(rfc7539esp_dec_tv_template),
- }
+ .aead = __VECS(rfc7539esp_tv_template)
}
}, {
.alg = "rmd128",
@@ -3485,6 +4970,18 @@
.hash = __VECS(sm3_tv_template)
}
}, {
+ .alg = "streebog256",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(streebog256_tv_template)
+ }
+ }, {
+ .alg = "streebog512",
+ .test = alg_test_hash,
+ .suite = {
+ .hash = __VECS(streebog512_tv_template)
+ }
+ }, {
.alg = "tgr128",
.test = alg_test_hash,
.suite = {
@@ -3533,7 +5030,20 @@
.hash = __VECS(aes_xcbc128_tv_template)
}
}, {
+ .alg = "xchacha12",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(xchacha12_tv_template)
+ },
+ }, {
+ .alg = "xchacha20",
+ .test = alg_test_skcipher,
+ .suite = {
+ .cipher = __VECS(xchacha20_tv_template)
+ },
+ }, {
.alg = "xts(aes)",
+ .generic_driver = "xts(ecb(aes-generic))",
.test = alg_test_skcipher,
.fips_allowed = 1,
.suite = {
@@ -3541,12 +5051,14 @@
}
}, {
.alg = "xts(camellia)",
+ .generic_driver = "xts(ecb(camellia-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(camellia_xts_tv_template)
}
}, {
.alg = "xts(cast6)",
+ .generic_driver = "xts(ecb(cast6-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(cast6_xts_tv_template)
@@ -3560,12 +5072,14 @@
.fips_allowed = 1,
}, {
.alg = "xts(serpent)",
+ .generic_driver = "xts(ecb(serpent-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(serpent_xts_tv_template)
}
}, {
.alg = "xts(twofish)",
+ .generic_driver = "xts(ecb(twofish-generic))",
.test = alg_test_skcipher,
.suite = {
.cipher = __VECS(tf_xts_tv_template)
@@ -3579,6 +5093,13 @@
.test = alg_test_null,
.fips_allowed = 1,
}, {
+ .alg = "xxhash64",
+ .test = alg_test_hash,
+ .fips_allowed = 1,
+ .suite = {
+ .hash = __VECS(xxhash64_tv_template)
+ }
+ }, {
.alg = "zlib-deflate",
.test = alg_test_comp,
.fips_allowed = 1,
@@ -3601,18 +5122,10 @@
}
};
-static bool alg_test_descs_checked;
-
-static void alg_test_descs_check_order(void)
+static void alg_check_test_descs_order(void)
{
int i;
- /* only check once */
- if (alg_test_descs_checked)
- return;
-
- alg_test_descs_checked = true;
-
for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) {
int diff = strcmp(alg_test_descs[i - 1].alg,
alg_test_descs[i].alg);
@@ -3630,6 +5143,29 @@
}
}
+static void alg_check_testvec_configs(void)
+{
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++)
+ WARN_ON(!valid_testvec_config(
+ &default_cipher_testvec_configs[i]));
+
+ for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++)
+ WARN_ON(!valid_testvec_config(
+ &default_hash_testvec_configs[i]));
+}
+
+static void testmgr_onetime_init(void)
+{
+ alg_check_test_descs_order();
+ alg_check_testvec_configs();
+
+#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS
+ pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n");
+#endif
+}
+
static int alg_find_test(const char *alg)
{
int start = 0;
@@ -3666,7 +5202,7 @@
return 0;
}
- alg_test_descs_check_order();
+ DO_ONCE(testmgr_onetime_init);
if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) {
char nalg[CRYPTO_MAX_ALG_NAME];
@@ -3704,8 +5240,11 @@
type, mask);
test_done:
- if (fips_enabled && rc)
- panic("%s: %s alg self test failed in fips mode!\n", driver, alg);
+ if (rc && (fips_enabled || panic_on_fail)) {
+ fips_fail_notify();
+ panic("alg: self-tests for %s (%s) failed in %s mode!\n",
+ driver, alg, fips_enabled ? "fips" : "panic_on_fail");
+ }
if (fips_enabled && !rc)
pr_info("alg: self-tests for %s (%s) passed\n", driver, alg);
diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 0b3d7ca..ef7d21f 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -1,3 +1,4 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Algorithm testing framework and tests.
*
@@ -5,6 +6,7 @@
* Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
* Copyright (c) 2007 Nokia Siemens Networks
* Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
+ * Copyright (c) 2019 Google LLC
*
* Updated RFC4106 AES-GCM testing. Some test vectors were taken from
* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/
@@ -14,87 +16,101 @@
* Gabriele Paoloni <gabriele.paoloni@intel.com>
* Tadeusz Struk (tadeusz.struk@intel.com)
* Copyright (c) 2010, Intel Corporation.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
*/
#ifndef _CRYPTO_TESTMGR_H
#define _CRYPTO_TESTMGR_H
-#include <linux/netlink.h>
+#include <linux/oid_registry.h>
-#define MAX_DIGEST_SIZE 64
-#define MAX_TAP 8
-
-#define MAX_KEYLEN 160
#define MAX_IVLEN 32
+/*
+ * hash_testvec: structure to describe a hash (message digest) test
+ * @key: Pointer to key (NULL if none)
+ * @plaintext: Pointer to source data
+ * @digest: Pointer to expected digest
+ * @psize: Length of source data in bytes
+ * @ksize: Length of @key in bytes (0 if no key)
+ * @setkey_error: Expected error from setkey()
+ * @digest_error: Expected error from digest()
+ */
struct hash_testvec {
- /* only used with keyed hash algorithms */
const char *key;
const char *plaintext;
const char *digest;
- unsigned char tap[MAX_TAP];
- unsigned short psize;
- unsigned char np;
- unsigned char ksize;
+ unsigned int psize;
+ unsigned short ksize;
+ int setkey_error;
+ int digest_error;
};
/*
* cipher_testvec: structure to describe a symmetric cipher test
* @key: Pointer to key
* @klen: Length of @key in bytes
- * @iv: Pointer to IV (optional for some ciphers)
+ * @iv: Pointer to IV. If NULL, an all-zeroes IV is used.
+ * @iv_out: Pointer to output IV, if applicable for the cipher.
* @ptext: Pointer to plaintext
* @ctext: Pointer to ciphertext
* @len: Length of @ptext and @ctext in bytes
- * @fail: If set to one, the test need to fail
- * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY
+ * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS?
* ( e.g. test needs to fail due to a weak key )
- * @np: numbers of SG to distribute data in (from 1 to MAX_TAP)
- * @tap: How to distribute data in @np SGs
- * @also_non_np: if set to 1, the test will be also done without
- * splitting data in @np SGs
* @fips_skip: Skip the test vector in FIPS mode
- * @generates_iv: Encryption should ignore the given IV, and output @iv.
- * Decryption takes @iv. Needed for AES Keywrap ("kw(aes)").
+ * @generates_iv: Encryption should ignore the given IV, and output @iv_out.
+ * Decryption takes @iv_out. Needed for AES Keywrap ("kw(aes)").
+ * @setkey_error: Expected error from setkey()
+ * @crypt_error: Expected error from encrypt() and decrypt()
*/
struct cipher_testvec {
const char *key;
const char *iv;
+ const char *iv_out;
const char *ptext;
const char *ctext;
- unsigned short tap[MAX_TAP];
- int np;
- unsigned char also_non_np;
- bool fail;
unsigned char wk; /* weak key flag */
- unsigned char klen;
- unsigned short len;
+ unsigned short klen;
+ unsigned int len;
bool fips_skip;
bool generates_iv;
+ int setkey_error;
+ int crypt_error;
};
+/*
+ * aead_testvec: structure to describe an AEAD test
+ * @key: Pointer to key
+ * @iv: Pointer to IV. If NULL, an all-zeroes IV is used.
+ * @ptext: Pointer to plaintext
+ * @assoc: Pointer to associated data
+ * @ctext: Pointer to the full authenticated ciphertext. For AEADs that
+ * produce a separate "ciphertext" and "authentication tag", these
+ * two parts are concatenated: ciphertext || tag.
+ * @novrfy: Decryption verification failure expected?
+ * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS?
+ * (e.g. setkey() needs to fail due to a weak key)
+ * @klen: Length of @key in bytes
+ * @plen: Length of @ptext in bytes
+ * @alen: Length of @assoc in bytes
+ * @clen: Length of @ctext in bytes
+ * @setkey_error: Expected error from setkey()
+ * @setauthsize_error: Expected error from setauthsize()
+ * @crypt_error: Expected error from encrypt() and decrypt()
+ */
struct aead_testvec {
const char *key;
const char *iv;
- const char *input;
+ const char *ptext;
const char *assoc;
- const char *result;
- unsigned char tap[MAX_TAP];
- unsigned char atap[MAX_TAP];
- int np;
- int anp;
- bool fail;
- unsigned char novrfy; /* ccm dec verification failure expected */
- unsigned char wk; /* weak key flag */
+ const char *ctext;
+ unsigned char novrfy;
+ unsigned char wk;
unsigned char klen;
- unsigned short ilen;
- unsigned short alen;
- unsigned short rlen;
+ unsigned int plen;
+ unsigned int clen;
+ unsigned int alen;
+ int setkey_error;
+ int setauthsize_error;
+ int crypt_error;
};
struct cprng_testvec {
@@ -126,13 +142,16 @@
struct akcipher_testvec {
const unsigned char *key;
+ const unsigned char *params;
const unsigned char *m;
const unsigned char *c;
unsigned int key_len;
+ unsigned int param_len;
unsigned int m_size;
unsigned int c_size;
bool public_key_vec;
bool siggen_sigver_test;
+ enum OID algo;
};
struct kpp_testvec {
@@ -542,6 +561,160 @@
};
/*
+ * EC-RDSA test vectors are generated by gost-engine.
+ */
+static const struct akcipher_testvec ecrdsa_tv_template[] = {
+ {
+ .key =
+ "\x04\x40\xd5\xa7\x77\xf9\x26\x2f\x8c\xbd\xcc\xe3\x1f\x01\x94\x05"
+ "\x3d\x2f\xec\xb5\x00\x34\xf5\x51\x6d\x3b\x90\x4b\x23\x28\x6f\x1d"
+ "\xc8\x36\x61\x60\x36\xec\xbb\xb4\x0b\x95\x4e\x54\x4f\x15\x21\x05"
+ "\xd8\x52\x66\x44\x31\x7e\x5d\xc5\xd1\x26\x00\x5f\x60\xd8\xf0\xc7"
+ "\x27\xfc",
+ .key_len = 66,
+ .params = /* OID_gostCPSignA */
+ "\x30\x13\x06\x07\x2a\x85\x03\x02\x02\x23\x01\x06\x08\x2a\x85\x03"
+ "\x07\x01\x01\x02\x02",
+ .param_len = 21,
+ .c =
+ "\x41\x32\x09\x73\xa4\xc1\x38\xd6\x63\x7d\x8b\xf7\x50\x3f\xda\x9f"
+ "\x68\x48\xc1\x50\xe3\x42\x3a\x9b\x2b\x28\x12\x2a\xa7\xc2\x75\x31"
+ "\x65\x77\x8c\x3c\x9e\x0d\x56\xb2\xf9\xdc\x04\x33\x3e\xb0\x9e\xf9"
+ "\x74\x4e\x59\xb3\x83\xf2\x91\x27\xda\x5e\xc7\x33\xc0\xc1\x8f\x41",
+ .c_size = 64,
+ .algo = OID_gost2012PKey256,
+ .m =
+ "\x75\x1b\x9b\x40\x25\xb9\x96\xd2\x9b\x00\x41\xb3\x58\xbf\x23\x14"
+ "\x79\xd2\x76\x64\xa3\xbd\x66\x10\x79\x05\x5a\x06\x42\xec\xb9\xc9",
+ .m_size = 32,
+ .public_key_vec = true,
+ .siggen_sigver_test = true,
+ },
+ {
+ .key =
+ "\x04\x40\x66\x6f\xd6\xb7\x06\xd0\xf5\xa5\x6f\x69\x5c\xa5\x13\x45"
+ "\x14\xdd\xcb\x12\x9c\x1b\xf5\x28\x64\x7a\x49\x48\x29\x14\x66\x42"
+ "\xb8\x1b\x5c\xf9\x56\x6d\x08\x3b\xce\xbb\x62\x2f\xc2\x3c\xc5\x49"
+ "\x93\x27\x70\x20\xcc\x79\xeb\xdc\x76\x8e\x48\x6e\x04\x96\xc3\x29"
+ "\xa0\x73",
+ .key_len = 66,
+ .params = /* OID_gostCPSignB */
+ "\x30\x13\x06\x07\x2a\x85\x03\x02\x02\x23\x02\x06\x08\x2a\x85\x03"
+ "\x07\x01\x01\x02\x02",
+ .param_len = 21,
+ .c =
+ "\x45\x6d\x4a\x03\x1d\x5c\x0b\x17\x79\xe7\x19\xdb\xbf\x81\x9f\x82"
+ "\xae\x06\xda\xf5\x47\x00\x05\x80\xc3\x16\x06\x9a\x8e\x7c\xb2\x8e"
+ "\x7f\x74\xaa\xec\x6b\x7b\x7f\x8b\xc6\x0b\x10\x42\x4e\x91\x2c\xdf"
+ "\x7b\x8b\x15\xf4\x9e\x59\x0f\xc7\xa4\x68\x2e\xce\x89\xdf\x84\xe9",
+ .c_size = 64,
+ .algo = OID_gost2012PKey256,
+ .m =
+ "\xd0\x54\x00\x27\x6a\xeb\xce\x6c\xf5\xf6\xfb\x57\x18\x18\x21\x13"
+ "\x11\x23\x4a\x70\x43\x52\x7a\x68\x11\x65\x45\x37\xbb\x25\xb7\x40",
+ .m_size = 32,
+ .public_key_vec = true,
+ .siggen_sigver_test = true,
+ },
+ {
+ .key =
+ "\x04\x40\x05\x91\xa9\x7d\xcb\x87\xdc\x98\xa1\xbf\xff\xdd\x20\x61"
+ "\xaa\x58\x3b\x2d\x8e\x9c\x41\x9d\x4f\xc6\x23\x17\xf9\xca\x60\x65"
+ "\xbc\x97\x97\xf6\x6b\x24\xe8\xac\xb1\xa7\x61\x29\x3c\x71\xdc\xad"
+ "\xcb\x20\xbe\x96\xe8\xf4\x44\x2e\x49\xd5\x2c\xb9\xc9\x3b\x9c\xaa"
+ "\xba\x15",
+ .key_len = 66,
+ .params = /* OID_gostCPSignC */
+ "\x30\x13\x06\x07\x2a\x85\x03\x02\x02\x23\x03\x06\x08\x2a\x85\x03"
+ "\x07\x01\x01\x02\x02",
+ .param_len = 21,
+ .c =
+ "\x3b\x2e\x2e\x74\x74\x47\xda\xea\x93\x90\x6a\xe2\xf5\xf5\xe6\x46"
+ "\x11\xfc\xab\xdc\x52\xbc\x58\xdb\x45\x44\x12\x4a\xf7\xd0\xab\xc9"
+ "\x73\xba\x64\xab\x0d\xac\x4e\x72\x10\xa8\x04\xf6\x1e\xe0\x48\x6a"
+ "\xcd\xe8\xe3\x78\x73\x77\x82\x24\x8d\xf1\xd3\xeb\x4c\x25\x7e\xc0",
+ .c_size = 64,
+ .algo = OID_gost2012PKey256,
+ .m =
+ "\x52\x33\xf4\x3f\x7b\x5d\xcf\x20\xee\xe4\x5c\xab\x0b\x3f\x14\xd6"
+ "\x9f\x16\xc6\x1c\xb1\x3f\x84\x41\x69\xec\x34\xfd\xf1\xf9\xa3\x39",
+ .m_size = 32,
+ .public_key_vec = true,
+ .siggen_sigver_test = true,
+ },
+ {
+ .key =
+ "\x04\x81\x80\x85\x46\x8f\x16\xf8\x7a\x7e\x4a\xc3\x81\x9e\xf1\x6e"
+ "\x94\x1e\x5d\x02\x87\xea\xfa\xa0\x0a\x17\x70\x49\x64\xad\x95\x68"
+ "\x60\x0a\xf0\x57\x29\x41\x79\x30\x3c\x61\x69\xf2\xa6\x94\x87\x17"
+ "\x54\xfa\x97\x2c\xe6\x1e\x0a\xbb\x55\x10\x57\xbe\xf7\xc1\x77\x2b"
+ "\x11\x74\x0a\x50\x37\x14\x10\x2a\x45\xfc\x7a\xae\x1c\x4c\xce\x08"
+ "\x05\xb7\xa4\x50\xc8\x3d\x39\x3d\xdc\x5c\x8f\x96\x6c\xe7\xfc\x21"
+ "\xc3\x2d\x1e\x9f\x11\xb3\xec\x22\x18\x8a\x8c\x08\x6b\x8b\xed\xf5"
+ "\xc5\x47\x3c\x7e\x73\x59\x44\x1e\x77\x83\x84\x52\x9e\x3b\x7d\xff"
+ "\x9d\x86\x1a",
+ .key_len = 131,
+ .params = /* OID_gostTC26Sign512A */
+ "\x30\x0b\x06\x09\x2a\x85\x03\x07\x01\x02\x01\x02\x01",
+ .param_len = 13,
+ .c =
+ "\x92\x81\x74\x5f\x95\x48\x38\x87\xd9\x8f\x5e\xc8\x8a\xbb\x01\x4e"
+ "\xb0\x75\x3c\x2f\xc7\x5a\x08\x4c\x68\xab\x75\x01\x32\x75\x75\xb5"
+ "\x37\xe0\x74\x6d\x94\x84\x31\x2a\x6b\xf4\xf7\xb7\xa7\x39\x7b\x46"
+ "\x07\xf0\x98\xbd\x33\x18\xa1\x72\xb2\x6d\x54\xe3\xde\x91\xc2\x2e"
+ "\x4f\x6a\xf8\xb7\xec\xa8\x83\xc9\x8f\xd9\xce\x7c\x45\x06\x02\xf4"
+ "\x4f\x21\xb5\x24\x3d\xb4\xb5\xd8\x58\x42\xbe\x2d\x29\xae\x93\xc0"
+ "\x13\x41\x96\x35\x08\x69\xe8\x36\xc7\xd1\x83\x81\xd7\xca\xfb\xc0"
+ "\xd2\xb7\x78\x32\x3e\x30\x1a\x1e\xce\xdc\x34\x35\xc6\xad\x68\x24",
+ .c_size = 128,
+ .algo = OID_gost2012PKey512,
+ .m =
+ "\x1f\x70\xb5\xe9\x55\x12\xd6\x88\xcc\x55\xb9\x0c\x7f\xc4\x94\xf2"
+ "\x04\x77\x41\x12\x02\xd6\xf1\x1f\x83\x56\xe9\xd6\x5a\x6a\x72\xb9"
+ "\x6e\x8e\x24\x2a\x84\xf1\xba\x67\xe8\xbf\xff\xc1\xd3\xde\xfb\xc6"
+ "\xa8\xf6\x80\x01\xb9\x27\xac\xd8\x45\x96\x66\xa1\xee\x48\x08\x3f",
+ .m_size = 64,
+ .public_key_vec = true,
+ .siggen_sigver_test = true,
+ },
+ {
+ .key =
+ "\x04\x81\x80\x28\xf3\x2b\x92\x04\x32\xea\x66\x20\xde\xa0\x2f\x74"
+ "\xbf\x2d\xf7\xb5\x30\x76\xb1\xc8\xee\x38\x9f\xea\xe5\xad\xc6\xa3"
+ "\x28\x1e\x51\x3d\x67\xa3\x41\xcc\x6b\x81\xe2\xe2\x9e\x82\xf3\x78"
+ "\x56\xd7\x2e\xb2\xb5\xbe\xb4\x50\x21\x05\xe5\x29\x82\xef\x15\x1b"
+ "\xc0\xd7\x30\xd6\x2f\x96\xe8\xff\x99\x4c\x25\xcf\x9a\xfc\x54\x30"
+ "\xce\xdf\x59\xe9\xc6\x45\xce\xe4\x22\xe8\x01\xd5\xcd\x2f\xaa\x78"
+ "\x99\xc6\x04\x1e\x6f\x4c\x25\x6a\x76\xad\xff\x48\xf3\xb3\xb4\xd6"
+ "\x14\x5c\x2c\x0e\xea\xa2\x4b\xb9\x7e\x89\x77\x02\x3a\x29\xc8\x16"
+ "\x8e\x78\x48",
+ .key_len = 131,
+ .params = /* OID_gostTC26Sign512B */
+ "\x30\x0b\x06\x09\x2a\x85\x03\x07\x01\x02\x01\x02\x02",
+ .param_len = 13,
+ .c =
+ "\x0a\xed\xb6\x27\xea\xa7\xa6\x7e\x2f\xc1\x02\x21\x74\xce\x27\xd2"
+ "\xee\x8a\x92\x4d\xa9\x43\x2d\xa4\x5b\xdc\x23\x02\xfc\x3a\xf3\xb2"
+ "\x10\x93\x0b\x40\x1b\x75\x95\x3e\x39\x41\x37\xb9\xab\x51\x09\xeb"
+ "\xf1\xb9\x49\x58\xec\x58\xc7\xf9\x2e\xb9\xc9\x40\xf2\x00\x39\x7e"
+ "\x3f\xde\x72\xe3\x85\x67\x06\xbe\xd8\xb8\xc1\x81\x1e\xe3\x0a\xfe"
+ "\xce\xd3\x77\x92\x56\x8c\x58\xf9\x37\x60\x2d\xe6\x8b\x66\xa3\xdd"
+ "\xd2\xf0\xf8\xda\x1b\x20\xbc\x9c\xec\x29\x5d\xd1\x8f\xcc\x37\xd1"
+ "\x3b\x8d\xb7\xc1\xe0\xb8\x3b\xef\x14\x1b\x87\xbc\xc1\x03\x9a\x93",
+ .c_size = 128,
+ .algo = OID_gost2012PKey512,
+ .m =
+ "\x11\x24\x21\x27\xf2\x42\x9f\xce\x5a\xf9\x01\x70\xe0\x07\x2b\x57"
+ "\xfb\x7d\x77\x5e\x74\x66\xe6\xa5\x40\x4c\x1a\x85\x18\xff\xd0\x63"
+ "\xe0\x39\xd3\xd6\xe5\x17\xf8\xc3\x4b\xc6\x1c\x33\x1a\xca\xa6\x66"
+ "\x6d\xf4\xd2\x45\xc2\x83\xa0\x42\x95\x05\x9d\x89\x8e\x0a\xca\xcc",
+ .m_size = 64,
+ .public_key_vec = true,
+ .siggen_sigver_test = true,
+ },
+};
+
+/*
* PKCS#1 RSA test vectors. Obtained from CAVS testing.
*/
static const struct akcipher_testvec pkcs1pad_rsa_tv_template[] = {
@@ -1017,8 +1190,6 @@
.psize = 26,
.digest = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd"
"\xee\xa8\xed\x63\xdf\x41\x2d\xa9",
- .np = 2,
- .tap = { 13, 13 },
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
@@ -1055,8 +1226,6 @@
"\xc9\xfd\x55\x74\x49\x44\x79\xba"
"\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea"
"\xd0\xfc\xce\x33",
- .np = 2,
- .tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -1216,8 +1385,6 @@
"\x49\x10\x03\x76\xa8\x23\x5e\x2c"
"\x82\xe1\xb9\x99\x8a\x99\x9e\x21"
"\xdb\x32\xdd\x97\x49\x6d\x33\x76",
- .np = 2,
- .tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -1384,8 +1551,6 @@
"\x9b\xfd\xbc\x32\xb9\xd4\xad\x5a"
"\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1"
"\x9e\xef\x51\xac\xd0\x65\x7c\x22",
- .np = 2,
- .tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -1560,8 +1725,6 @@
"\xba\x1b\x0d\x8d\xc7\x8c\x08\x63"
"\x46\xb5\x33\xb4\x9c\x03\x0d\x99"
"\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e",
- .np = 2,
- .tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -1731,8 +1894,6 @@
.psize = 26,
.digest = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
"\x7d\xfb\x49\x6c\xca\x67\xe1\x3b",
- .np = 2,
- .tap = {13, 13}
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
@@ -1793,8 +1954,6 @@
.psize = 56,
.digest = "\xa1\xaa\x06\x89\xd0\xfa\xfa\x2d"
"\xdc\x22\xe8\x8b\x49\x13\x3a\x06",
- .np = 2,
- .tap = { 28, 28 },
}, {
.plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi"
"jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr"
@@ -1855,8 +2014,6 @@
.psize = 56,
.digest = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05"
"\xa0\x6c\x27\xdc\xf4\x9a\xda\x62\xeb\x2b",
- .np = 2,
- .tap = { 28, 28 },
}, {
.plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi"
"jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr"
@@ -1933,8 +2090,6 @@
"\xc8\xd9\x12\x85\x73\xe7\xa9\x80"
"\x9a\xfb\x2a\x0f\x34\xcc\xc3\x6e"
"\xa9\xe7\x2f\x16\xf6\x36\x8e\x3f",
- .np = 2,
- .tap = { 28, 28 },
}
};
@@ -1999,8 +2154,6 @@
"\xb8\x4d\xf7\x69\xa5\xde\x20\x60\xe2\x59"
"\xdf\x4c\x9b\xb4\xa4\x26\x8c\x0e\x93\x5b"
"\xbc\x74\x70\xa9\x69\xc9\xd0\x72\xa1\xac",
- .np = 2,
- .tap = { 28, 28 },
}
};
@@ -2014,15 +2167,11 @@
"123456789012345678901234567890123456789",
.psize = 79,
.digest = (u8 *)(u16 []){ 0x4b70 },
- .np = 2,
- .tap = { 63, 16 },
}, {
.plaintext = "abcdddddddddddddddddddddddddddddddddddddddd"
"ddddddddddddd",
.psize = 56,
.digest = (u8 *)(u16 []){ 0x9ce3 },
- .np = 8,
- .tap = { 1, 2, 28, 7, 6, 5, 4, 3 },
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
@@ -2035,19 +2184,6 @@
.psize = 319,
.digest = (u8 *)(u16 []){ 0x44c6 },
}, {
- .plaintext = "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890"
- "1234567890123456789012345678901234567890"
- "123456789012345678901234567890123456789",
- .psize = 319,
- .digest = (u8 *)(u16 []){ 0x44c6 },
- .np = 4,
- .tap = { 1, 255, 57, 6 },
- }, {
.plaintext = "\x6e\x05\x79\x10\xa7\x1b\xb2\x49"
"\xe0\x54\xeb\x82\x19\x8d\x24\xbb"
"\x2f\xc6\x5d\xf4\x68\xff\x96\x0a"
@@ -2309,6 +2445,122 @@
}
};
+/*
+ * Streebog test vectors from RFC 6986 and GOST R 34.11-2012
+ */
+static const struct hash_testvec streebog256_tv_template[] = {
+ { /* M1 */
+ .plaintext = "012345678901234567890123456789012345678901234567890123456789012",
+ .psize = 63,
+ .digest =
+ "\x9d\x15\x1e\xef\xd8\x59\x0b\x89"
+ "\xda\xa6\xba\x6c\xb7\x4a\xf9\x27"
+ "\x5d\xd0\x51\x02\x6b\xb1\x49\xa4"
+ "\x52\xfd\x84\xe5\xe5\x7b\x55\x00",
+ },
+ { /* M2 */
+ .plaintext =
+ "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8"
+ "\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee"
+ "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8"
+ "\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20"
+ "\xf1\x20\xec\xee\xf0\xff\x20\xf1"
+ "\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20"
+ "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0"
+ "\xfb\xff\x20\xef\xeb\xfa\xea\xfb"
+ "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb",
+ .psize = 72,
+ .digest =
+ "\x9d\xd2\xfe\x4e\x90\x40\x9e\x5d"
+ "\xa8\x7f\x53\x97\x6d\x74\x05\xb0"
+ "\xc0\xca\xc6\x28\xfc\x66\x9a\x74"
+ "\x1d\x50\x06\x3c\x55\x7e\x8f\x50",
+ },
+};
+
+static const struct hash_testvec streebog512_tv_template[] = {
+ { /* M1 */
+ .plaintext = "012345678901234567890123456789012345678901234567890123456789012",
+ .psize = 63,
+ .digest =
+ "\x1b\x54\xd0\x1a\x4a\xf5\xb9\xd5"
+ "\xcc\x3d\x86\xd6\x8d\x28\x54\x62"
+ "\xb1\x9a\xbc\x24\x75\x22\x2f\x35"
+ "\xc0\x85\x12\x2b\xe4\xba\x1f\xfa"
+ "\x00\xad\x30\xf8\x76\x7b\x3a\x82"
+ "\x38\x4c\x65\x74\xf0\x24\xc3\x11"
+ "\xe2\xa4\x81\x33\x2b\x08\xef\x7f"
+ "\x41\x79\x78\x91\xc1\x64\x6f\x48",
+ },
+ { /* M2 */
+ .plaintext =
+ "\xd1\xe5\x20\xe2\xe5\xf2\xf0\xe8"
+ "\x2c\x20\xd1\xf2\xf0\xe8\xe1\xee"
+ "\xe6\xe8\x20\xe2\xed\xf3\xf6\xe8"
+ "\x2c\x20\xe2\xe5\xfe\xf2\xfa\x20"
+ "\xf1\x20\xec\xee\xf0\xff\x20\xf1"
+ "\xf2\xf0\xe5\xeb\xe0\xec\xe8\x20"
+ "\xed\xe0\x20\xf5\xf0\xe0\xe1\xf0"
+ "\xfb\xff\x20\xef\xeb\xfa\xea\xfb"
+ "\x20\xc8\xe3\xee\xf0\xe5\xe2\xfb",
+ .psize = 72,
+ .digest =
+ "\x1e\x88\xe6\x22\x26\xbf\xca\x6f"
+ "\x99\x94\xf1\xf2\xd5\x15\x69\xe0"
+ "\xda\xf8\x47\x5a\x3b\x0f\xe6\x1a"
+ "\x53\x00\xee\xe4\x6d\x96\x13\x76"
+ "\x03\x5f\xe8\x35\x49\xad\xa2\xb8"
+ "\x62\x0f\xcd\x7c\x49\x6c\xe5\xb3"
+ "\x3f\x0c\xb9\xdd\xdc\x2b\x64\x60"
+ "\x14\x3b\x03\xda\xba\xc9\xfb\x28",
+ },
+};
+
+/*
+ * Two HMAC-Streebog test vectors from RFC 7836 and R 50.1.113-2016 A
+ */
+static const struct hash_testvec hmac_streebog256_tv_template[] = {
+ {
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .ksize = 32,
+ .plaintext =
+ "\x01\x26\xbd\xb8\x78\x00\xaf\x21"
+ "\x43\x41\x45\x65\x63\x78\x01\x00",
+ .psize = 16,
+ .digest =
+ "\xa1\xaa\x5f\x7d\xe4\x02\xd7\xb3"
+ "\xd3\x23\xf2\x99\x1c\x8d\x45\x34"
+ "\x01\x31\x37\x01\x0a\x83\x75\x4f"
+ "\xd0\xaf\x6d\x7c\xd4\x92\x2e\xd9",
+ },
+};
+
+static const struct hash_testvec hmac_streebog512_tv_template[] = {
+ {
+ .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .ksize = 32,
+ .plaintext =
+ "\x01\x26\xbd\xb8\x78\x00\xaf\x21"
+ "\x43\x41\x45\x65\x63\x78\x01\x00",
+ .psize = 16,
+ .digest =
+ "\xa5\x9b\xab\x22\xec\xae\x19\xc6"
+ "\x5f\xbd\xe6\xe5\xf4\xe9\xf5\xd8"
+ "\x54\x9d\x31\xf0\x37\xf9\xdf\x9b"
+ "\x90\x55\x00\xe1\x71\x92\x3a\x77"
+ "\x3d\x5f\x15\x30\xf2\xed\x7e\x96"
+ "\x4c\xb2\xee\xdc\x29\xe9\xad\x2f"
+ "\x3a\xfe\x93\xb2\x81\x4f\x79\xf5"
+ "\x00\x0f\xfc\x03\x66\xc2\x51\xe6",
+ },
+};
+
/* Example vectors below taken from
* http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
*
@@ -2396,8 +2648,6 @@
.psize = 56,
.digest = "\x84\x98\x3e\x44\x1c\x3b\xd2\x6e\xba\xae"
"\x4a\xa1\xf9\x51\x29\xe5\xe5\x46\x70\xf1",
- .np = 2,
- .tap = { 28, 28 }
}, {
.plaintext = "\xec\x29\x56\x12\x44\xed\xe7\x06"
"\xb6\xeb\x30\xa1\xc3\x71\xd7\x44"
@@ -2423,8 +2673,6 @@
.psize = 163,
.digest = "\x97\x01\x11\xc4\xe7\x7b\xcc\x88\xcc\x20"
"\x45\x9c\x02\xb6\x9b\x4a\xa8\xf5\x82\x17",
- .np = 4,
- .tap = { 63, 64, 31, 5 }
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
@@ -2593,8 +2841,6 @@
"\x5D\xBA\x5D\xA1\xFD\x89\x01\x50"
"\xB0\xC6\x45\x5C\xB4\xF5\x8B\x19"
"\x52\x52\x25\x25",
- .np = 2,
- .tap = { 28, 28 }
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
@@ -2764,8 +3010,6 @@
"\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
"\xa3\x3c\xe4\x59\x64\xff\x21\x67"
"\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
- .np = 2,
- .tap = { 28, 28 }
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
@@ -2961,8 +3205,6 @@
"\x4d\x8f\xd0\x14\xe5\x82\x82\x3a"
"\x89\xe1\x6f\x9b\x2a\x7b\xbc\x1a"
"\xc9\x38\xe2\xd1\x99\xe8\xbe\xa4",
- .np = 4,
- .tap = { 26, 26, 26, 26 }
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -3163,8 +3405,6 @@
"\xb2\x78\xe6\x6d\xff\x8b\x84\xfe"
"\x2b\x28\x70\xf7\x42\xa5\x80\xd8"
"\xed\xb4\x19\x87\x23\x28\x50\xc9",
- .np = 4,
- .tap = { 26, 26, 26, 26 }
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
@@ -3697,8 +3937,6 @@
.psize = 28,
.digest = "\x3e\x1f\x5c\x4d\x65\xf0\xef\xce"
"\x0d\x61\x06\x27\x66\x51\xd5\xe2",
- .np = 2,
- .tap = {14, 14}
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
@@ -3809,8 +4047,6 @@
.psize = 28,
.digest = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03"
"\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",
- .np = 2,
- .tap = {14, 14}
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 16,
@@ -3888,8 +4124,6 @@
.psize = 28,
.digest = "\x87\x5f\x82\x88\x62\xb6\xb3\x34"
"\xb4\x27\xc5\x5f\x9f\x7f\xf0\x9b",
- .np = 2,
- .tap = { 14, 14 },
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 16,
@@ -3967,8 +4201,6 @@
.psize = 28,
.digest = "\xdd\xa6\xc0\x21\x3a\x48\x5a\x9e\x24\xf4"
"\x74\x20\x64\xa7\xf0\x33\xb4\x3c\x40\x69",
- .np = 2,
- .tap = { 14, 14 },
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 20,
@@ -4047,8 +4279,6 @@
.psize = 28,
.digest = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74"
"\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79",
- .np = 2,
- .tap = { 14, 14 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 20,
@@ -4138,8 +4368,6 @@
"\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f"
"\x8b\xbe\xa2\xa3\x9e\x61\x48\x00"
"\x8f\xd0\x5e\x44",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -4283,8 +4511,6 @@
"\x6a\x04\x24\x26\x08\x95\x75\xc7"
"\x5a\x00\x3f\x08\x9d\x27\x39\x83"
"\x9d\xec\x58\xb9\x64\xec\x38\x43",
- .np = 2,
- .tap = { 14, 14 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -4457,8 +4683,6 @@
"\xf8\xf2\x76\x03\xac\x39\xb0\x9d",
.psize = 33,
.ksize = 16,
- .np = 2,
- .tap = { 7, 26 },
}, {
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
@@ -4575,9 +4799,7 @@
"\x10\x11\x12\x13",
.digest = "\x47\xf5\x1b\x45\x64\x96\x62\x15"
"\xb8\x98\x5c\x63\x05\x5e\xd3\x08",
- .tap = { 10, 10 },
.psize = 20,
- .np = 2,
.ksize = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
@@ -4600,9 +4822,7 @@
"\x20\x21",
.digest = "\xbe\xcb\xb3\xbc\xcd\xb5\x18\xa3"
"\x06\x77\xd5\x48\x1f\xb6\xb4\xd8",
- .tap = { 17, 17 },
.psize = 34,
- .np = 2,
.ksize = 16,
}
};
@@ -4685,8 +4905,6 @@
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabc",
.psize = 316,
.digest = "\x44\x92\xdf\x6c\x5c\xac\x1b\xbe",
- .tap = { 1, 100, 200, 15 },
- .np = 4,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
@@ -4791,8 +5009,6 @@
"\xe4\x2e\xc3\x73\x63\x22\x44\x5e"
"\x8e\x22\x40\xca\x5e\x69\xe2\xc7"
"\x8b\x32\x39\xec\xfa\xb2\x16\x49",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -4893,8 +5109,6 @@
"\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd"
"\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b"
"\x63\x6e\x07\x0a\x38\xbc\xe7\x37",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -4990,8 +5204,6 @@
"\x1b\x79\x86\x34\xad\x38\x68\x11"
"\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b"
"\xba\xce\x5e\x66",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -5079,8 +5291,6 @@
"\x35\x96\xbb\xb0\xda\x73\xb8\x87"
"\xc9\x17\x1f\x93\x09\x5b\x29\x4a"
"\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -5172,8 +5382,6 @@
"\x3c\xa1\x35\x08\xa9\x32\x43\xce"
"\x48\xc0\x45\xdc\x00\x7f\x26\xa2"
"\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -5273,8 +5481,6 @@
"\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
"\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83"
"\x96\x02\x75\xbe\xb4\xe6\x20\x24",
- .np = 4,
- .tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
@@ -5592,9 +5798,1423 @@
.psize = 80,
.digest = "\x13\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
- },
+ }, { /* Regression test for overflow in AVX2 implementation */
+ .plaintext = "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff",
+ .psize = 300,
+ .digest = "\xfb\x5e\x96\xd8\x61\xd5\xc7\xc8"
+ "\x78\xe5\x87\xcc\x2d\x5a\x22\xe1",
+ }
};
+/* NHPoly1305 test vectors from https://github.com/google/adiantum */
+static const struct hash_testvec nhpoly1305_tv_template[] = {
+ {
+ .key = "\xd2\x5d\x4c\xdd\x8d\x2b\x7f\x7a"
+ "\xd9\xbe\x71\xec\xd1\x83\x52\xe3"
+ "\xe1\xad\xd7\x5c\x0a\x75\x9d\xec"
+ "\x1d\x13\x7e\x5d\x71\x07\xc9\xe4"
+ "\x57\x2d\x44\x68\xcf\xd8\xd6\xc5"
+ "\x39\x69\x7d\x32\x75\x51\x4f\x7e"
+ "\xb2\x4c\xc6\x90\x51\x6e\xd9\xd6"
+ "\xa5\x8b\x2d\xf1\x94\xf9\xf7\x5e"
+ "\x2c\x84\x7b\x41\x0f\x88\x50\x89"
+ "\x30\xd9\xa1\x38\x46\x6c\xc0\x4f"
+ "\xe8\xdf\xdc\x66\xab\x24\x43\x41"
+ "\x91\x55\x29\x65\x86\x28\x5e\x45"
+ "\xd5\x2d\xb7\x80\x08\x9a\xc3\xd4"
+ "\x9a\x77\x0a\xd4\xef\x3e\xe6\x3f"
+ "\x6f\x2f\x9b\x3a\x7d\x12\x1e\x80"
+ "\x6c\x44\xa2\x25\xe1\xf6\x60\xe9"
+ "\x0d\xaf\xc5\x3c\xa5\x79\xae\x64"
+ "\xbc\xa0\x39\xa3\x4d\x10\xe5\x4d"
+ "\xd5\xe7\x89\x7a\x13\xee\x06\x78"
+ "\xdc\xa4\xdc\x14\x27\xe6\x49\x38"
+ "\xd0\xe0\x45\x25\x36\xc5\xf4\x79"
+ "\x2e\x9a\x98\x04\xe4\x2b\x46\x52"
+ "\x7c\x33\xca\xe2\x56\x51\x50\xe2"
+ "\xa5\x9a\xae\x18\x6a\x13\xf8\xd2"
+ "\x21\x31\x66\x02\xe2\xda\x8d\x7e"
+ "\x41\x19\xb2\x61\xee\x48\x8f\xf1"
+ "\x65\x24\x2e\x1e\x68\xce\x05\xd9"
+ "\x2a\xcf\xa5\x3a\x57\xdd\x35\x91"
+ "\x93\x01\xca\x95\xfc\x2b\x36\x04"
+ "\xe6\x96\x97\x28\xf6\x31\xfe\xa3"
+ "\x9d\xf6\x6a\x1e\x80\x8d\xdc\xec"
+ "\xaf\x66\x11\x13\x02\x88\xd5\x27"
+ "\x33\xb4\x1a\xcd\xa3\xf6\xde\x31"
+ "\x8e\xc0\x0e\x6c\xd8\x5a\x97\x5e"
+ "\xdd\xfd\x60\x69\x38\x46\x3f\x90"
+ "\x5e\x97\xd3\x32\x76\xc7\x82\x49"
+ "\xfe\xba\x06\x5f\x2f\xa2\xfd\xff"
+ "\x80\x05\x40\xe4\x33\x03\xfb\x10"
+ "\xc0\xde\x65\x8c\xc9\x8d\x3a\x9d"
+ "\xb5\x7b\x36\x4b\xb5\x0c\xcf\x00"
+ "\x9c\x87\xe4\x49\xad\x90\xda\x4a"
+ "\xdd\xbd\xff\xe2\x32\x57\xd6\x78"
+ "\x36\x39\x6c\xd3\x5b\x9b\x88\x59"
+ "\x2d\xf0\x46\xe4\x13\x0e\x2b\x35"
+ "\x0d\x0f\x73\x8a\x4f\x26\x84\x75"
+ "\x88\x3c\xc5\x58\x66\x18\x1a\xb4"
+ "\x64\x51\x34\x27\x1b\xa4\x11\xc9"
+ "\x6d\x91\x8a\xfa\x32\x60\x9d\xd7"
+ "\x87\xe5\xaa\x43\x72\xf8\xda\xd1"
+ "\x48\x44\x13\x61\xdc\x8c\x76\x17"
+ "\x0c\x85\x4e\xf3\xdd\xa2\x42\xd2"
+ "\x74\xc1\x30\x1b\xeb\x35\x31\x29"
+ "\x5b\xd7\x4c\x94\x46\x35\xa1\x23"
+ "\x50\xf2\xa2\x8e\x7e\x4f\x23\x4f"
+ "\x51\xff\xe2\xc9\xa3\x7d\x56\x8b"
+ "\x41\xf2\xd0\xc5\x57\x7e\x59\xac"
+ "\xbb\x65\xf3\xfe\xf7\x17\xef\x63"
+ "\x7c\x6f\x23\xdd\x22\x8e\xed\x84"
+ "\x0e\x3b\x09\xb3\xf3\xf4\x8f\xcd"
+ "\x37\xa8\xe1\xa7\x30\xdb\xb1\xa2"
+ "\x9c\xa2\xdf\x34\x17\x3e\x68\x44"
+ "\xd0\xde\x03\x50\xd1\x48\x6b\x20"
+ "\xe2\x63\x45\xa5\xea\x87\xc2\x42"
+ "\x95\x03\x49\x05\xed\xe0\x90\x29"
+ "\x1a\xb8\xcf\x9b\x43\xcf\x29\x7a"
+ "\x63\x17\x41\x9f\xe0\xc9\x10\xfd"
+ "\x2c\x56\x8c\x08\x55\xb4\xa9\x27"
+ "\x0f\x23\xb1\x05\x6a\x12\x46\xc7"
+ "\xe1\xfe\x28\x93\x93\xd7\x2f\xdc"
+ "\x98\x30\xdb\x75\x8a\xbe\x97\x7a"
+ "\x02\xfb\x8c\xba\xbe\x25\x09\xbe"
+ "\xce\xcb\xa2\xef\x79\x4d\x0e\x9d"
+ "\x1b\x9d\xb6\x39\x34\x38\xfa\x07"
+ "\xec\xe8\xfc\x32\x85\x1d\xf7\x85"
+ "\x63\xc3\x3c\xc0\x02\x75\xd7\x3f"
+ "\xb2\x68\x60\x66\x65\x81\xc6\xb1"
+ "\x42\x65\x4b\x4b\x28\xd7\xc7\xaa"
+ "\x9b\xd2\xdc\x1b\x01\xe0\x26\x39"
+ "\x01\xc1\x52\x14\xd1\x3f\xb7\xe6"
+ "\x61\x41\xc7\x93\xd2\xa2\x67\xc6"
+ "\xf7\x11\xb5\xf5\xea\xdd\x19\xfb"
+ "\x4d\x21\x12\xd6\x7d\xf1\x10\xb0"
+ "\x89\x07\xc7\x5a\x52\x73\x70\x2f"
+ "\x32\xef\x65\x2b\x12\xb2\xf0\xf5"
+ "\x20\xe0\x90\x59\x7e\x64\xf1\x4c"
+ "\x41\xb3\xa5\x91\x08\xe6\x5e\x5f"
+ "\x05\x56\x76\xb4\xb0\xcd\x70\x53"
+ "\x10\x48\x9c\xff\xc2\x69\x55\x24"
+ "\x87\xef\x84\xea\xfb\xa7\xbf\xa0"
+ "\x91\x04\xad\x4f\x8b\x57\x54\x4b"
+ "\xb6\xe9\xd1\xac\x37\x2f\x1d\x2e"
+ "\xab\xa5\xa4\xe8\xff\xfb\xd9\x39"
+ "\x2f\xb7\xac\xd1\xfe\x0b\x9a\x80"
+ "\x0f\xb6\xf4\x36\x39\x90\x51\xe3"
+ "\x0a\x2f\xb6\x45\x76\x89\xcd\x61"
+ "\xfe\x48\x5f\x75\x1d\x13\x00\x62"
+ "\x80\x24\x47\xe7\xbc\x37\xd7\xe3"
+ "\x15\xe8\x68\x22\xaf\x80\x6f\x4b"
+ "\xa8\x9f\x01\x10\x48\x14\xc3\x02"
+ "\x52\xd2\xc7\x75\x9b\x52\x6d\x30"
+ "\xac\x13\x85\xc8\xf7\xa3\x58\x4b"
+ "\x49\xf7\x1c\x45\x55\x8c\x39\x9a"
+ "\x99\x6d\x97\x27\x27\xe6\xab\xdd"
+ "\x2c\x42\x1b\x35\xdd\x9d\x73\xbb"
+ "\x6c\xf3\x64\xf1\xfb\xb9\xf7\xe6"
+ "\x4a\x3c\xc0\x92\xc0\x2e\xb7\x1a"
+ "\xbe\xab\xb3\x5a\xe5\xea\xb1\x48"
+ "\x58\x13\x53\x90\xfd\xc3\x8e\x54"
+ "\xf9\x18\x16\x73\xe8\xcb\x6d\x39"
+ "\x0e\xd7\xe0\xfe\xb6\x9f\x43\x97"
+ "\xe8\xd0\x85\x56\x83\x3e\x98\x68"
+ "\x7f\xbd\x95\xa8\x9a\x61\x21\x8f"
+ "\x06\x98\x34\xa6\xc8\xd6\x1d\xf3"
+ "\x3d\x43\xa4\x9a\x8c\xe5\xd3\x5a"
+ "\x32\xa2\x04\x22\xa4\x19\x1a\x46"
+ "\x42\x7e\x4d\xe5\xe0\xe6\x0e\xca"
+ "\xd5\x58\x9d\x2c\xaf\xda\x33\x5c"
+ "\xb0\x79\x9e\xc9\xfc\xca\xf0\x2f"
+ "\xa8\xb2\x77\xeb\x7a\xa2\xdd\x37"
+ "\x35\x83\x07\xd6\x02\x1a\xb6\x6c"
+ "\x24\xe2\x59\x08\x0e\xfd\x3e\x46"
+ "\xec\x40\x93\xf4\x00\x26\x4f\x2a"
+ "\xff\x47\x2f\xeb\x02\x92\x26\x5b"
+ "\x53\x17\xc2\x8d\x2a\xc7\xa3\x1b"
+ "\xcd\xbc\xa7\xe8\xd1\x76\xe3\x80"
+ "\x21\xca\x5d\x3b\xe4\x9c\x8f\xa9"
+ "\x5b\x7f\x29\x7f\x7c\xd8\xed\x6d"
+ "\x8c\xb2\x86\x85\xe7\x77\xf2\x85"
+ "\xab\x38\xa9\x9d\xc1\x4e\xc5\x64"
+ "\x33\x73\x8b\x59\x03\xad\x05\xdf"
+ "\x25\x98\x31\xde\xef\x13\xf1\x9b"
+ "\x3c\x91\x9d\x7b\xb1\xfa\xe6\xbf"
+ "\x5b\xed\xa5\x55\xe6\xea\x6c\x74"
+ "\xf4\xb9\xe4\x45\x64\x72\x81\xc2"
+ "\x4c\x28\xd4\xcd\xac\xe2\xde\xf9"
+ "\xeb\x5c\xeb\x61\x60\x5a\xe5\x28",
+ .ksize = 1088,
+ .plaintext = "",
+ .psize = 0,
+ .digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ }, {
+ .key = "\x29\x21\x43\xcb\xcb\x13\x07\xde"
+ "\xbf\x48\xdf\x8a\x7f\xa2\x84\xde"
+ "\x72\x23\x9d\xf5\xf0\x07\xf2\x4c"
+ "\x20\x3a\x93\xb9\xcd\x5d\xfe\xcb"
+ "\x99\x2c\x2b\x58\xc6\x50\x5f\x94"
+ "\x56\xc3\x7c\x0d\x02\x3f\xb8\x5e"
+ "\x7b\xc0\x6c\x51\x34\x76\xc0\x0e"
+ "\xc6\x22\xc8\x9e\x92\xa0\x21\xc9"
+ "\x85\x5c\x7c\xf8\xe2\x64\x47\xc9"
+ "\xe4\xa2\x57\x93\xf8\xa2\x69\xcd"
+ "\x62\x98\x99\xf4\xd7\x7b\x14\xb1"
+ "\xd8\x05\xff\x04\x15\xc9\xe1\x6e"
+ "\x9b\xe6\x50\x6b\x0b\x3f\x22\x1f"
+ "\x08\xde\x0c\x5b\x08\x7e\xc6\x2f"
+ "\x6c\xed\xd6\xb2\x15\xa4\xb3\xf9"
+ "\xa7\x46\x38\x2a\xea\x69\xa5\xde"
+ "\x02\xc3\x96\x89\x4d\x55\x3b\xed"
+ "\x3d\x3a\x85\x77\xbf\x97\x45\x5c"
+ "\x9e\x02\x69\xe2\x1b\x68\xbe\x96"
+ "\xfb\x64\x6f\x0f\xf6\x06\x40\x67"
+ "\xfa\x04\xe3\x55\xfa\xbe\xa4\x60"
+ "\xef\x21\x66\x97\xe6\x9d\x5c\x1f"
+ "\x62\x37\xaa\x31\xde\xe4\x9c\x28"
+ "\x95\xe0\x22\x86\xf4\x4d\xf3\x07"
+ "\xfd\x5f\x3a\x54\x2c\x51\x80\x71"
+ "\xba\x78\x69\x5b\x65\xab\x1f\x81"
+ "\xed\x3b\xff\x34\xa3\xfb\xbc\x73"
+ "\x66\x7d\x13\x7f\xdf\x6e\xe2\xe2"
+ "\xeb\x4f\x6c\xda\x7d\x33\x57\xd0"
+ "\xd3\x7c\x95\x4f\x33\x58\x21\xc7"
+ "\xc0\xe5\x6f\x42\x26\xc6\x1f\x5e"
+ "\x85\x1b\x98\x9a\xa2\x1e\x55\x77"
+ "\x23\xdf\x81\x5e\x79\x55\x05\xfc"
+ "\xfb\xda\xee\xba\x5a\xba\xf7\x77"
+ "\x7f\x0e\xd3\xe1\x37\xfe\x8d\x2b"
+ "\xd5\x3f\xfb\xd0\xc0\x3c\x0b\x3f"
+ "\xcf\x3c\x14\xcf\xfb\x46\x72\x4c"
+ "\x1f\x39\xe2\xda\x03\x71\x6d\x23"
+ "\xef\x93\xcd\x39\xd9\x37\x80\x4d"
+ "\x65\x61\xd1\x2c\x03\xa9\x47\x72"
+ "\x4d\x1e\x0e\x16\x33\x0f\x21\x17"
+ "\xec\x92\xea\x6f\x37\x22\xa4\xd8"
+ "\x03\x33\x9e\xd8\x03\x69\x9a\xe8"
+ "\xb2\x57\xaf\x78\x99\x05\x12\xab"
+ "\x48\x90\x80\xf0\x12\x9b\x20\x64"
+ "\x7a\x1d\x47\x5f\xba\x3c\xf9\xc3"
+ "\x0a\x0d\x8d\xa1\xf9\x1b\x82\x13"
+ "\x3e\x0d\xec\x0a\x83\xc0\x65\xe1"
+ "\xe9\x95\xff\x97\xd6\xf2\xe4\xd5"
+ "\x86\xc0\x1f\x29\x27\x63\xd7\xde"
+ "\xb7\x0a\x07\x99\x04\x2d\xa3\x89"
+ "\xa2\x43\xcf\xf3\xe1\x43\xac\x4a"
+ "\x06\x97\xd0\x05\x4f\x87\xfa\xf9"
+ "\x9b\xbf\x52\x70\xbd\xbc\x6c\xf3"
+ "\x03\x13\x60\x41\x28\x09\xec\xcc"
+ "\xb1\x1a\xec\xd6\xfb\x6f\x2a\x89"
+ "\x5d\x0b\x53\x9c\x59\xc1\x84\x21"
+ "\x33\x51\x47\x19\x31\x9c\xd4\x0a"
+ "\x4d\x04\xec\x50\x90\x61\xbd\xbc"
+ "\x7e\xc8\xd9\x6c\x98\x1d\x45\x41"
+ "\x17\x5e\x97\x1c\xc5\xa8\xe8\xea"
+ "\x46\x58\x53\xf7\x17\xd5\xad\x11"
+ "\xc8\x54\xf5\x7a\x33\x90\xf5\x19"
+ "\xba\x36\xb4\xfc\x52\xa5\x72\x3d"
+ "\x14\xbb\x55\xa7\xe9\xe3\x12\xf7"
+ "\x1c\x30\xa2\x82\x03\xbf\x53\x91"
+ "\x2e\x60\x41\x9f\x5b\x69\x39\xf6"
+ "\x4d\xc8\xf8\x46\x7a\x7f\xa4\x98"
+ "\x36\xff\x06\xcb\xca\xe7\x33\xf2"
+ "\xc0\x4a\xf4\x3c\x14\x44\x5f\x6b"
+ "\x75\xef\x02\x36\x75\x08\x14\xfd"
+ "\x10\x8e\xa5\x58\xd0\x30\x46\x49"
+ "\xaf\x3a\xf8\x40\x3d\x35\xdb\x84"
+ "\x11\x2e\x97\x6a\xb7\x87\x7f\xad"
+ "\xf1\xfa\xa5\x63\x60\xd8\x5e\xbf"
+ "\x41\x78\x49\xcf\x77\xbb\x56\xbb"
+ "\x7d\x01\x67\x05\x22\xc8\x8f\x41"
+ "\xba\x81\xd2\xca\x2c\x38\xac\x76"
+ "\x06\xc1\x1a\xc2\xce\xac\x90\x67"
+ "\x57\x3e\x20\x12\x5b\xd9\x97\x58"
+ "\x65\x05\xb7\x04\x61\x7e\xd8\x3a"
+ "\xbf\x55\x3b\x13\xe9\x34\x5a\x37"
+ "\x36\xcb\x94\x45\xc5\x32\xb3\xa0"
+ "\x0c\x3e\x49\xc5\xd3\xed\xa7\xf0"
+ "\x1c\x69\xcc\xea\xcc\x83\xc9\x16"
+ "\x95\x72\x4b\xf4\x89\xd5\xb9\x10"
+ "\xf6\x2d\x60\x15\xea\x3c\x06\x66"
+ "\x9f\x82\xad\x17\xce\xd2\xa4\x48"
+ "\x7c\x65\xd9\xf8\x02\x4d\x9b\x4c"
+ "\x89\x06\x3a\x34\x85\x48\x89\x86"
+ "\xf9\x24\xa9\x54\x72\xdb\x44\x95"
+ "\xc7\x44\x1c\x19\x11\x4c\x04\xdc"
+ "\x13\xb9\x67\xc8\xc3\x3a\x6a\x50"
+ "\xfa\xd1\xfb\xe1\x88\xb6\xf1\xa3"
+ "\xc5\x3b\xdc\x38\x45\x16\x26\x02"
+ "\x3b\xb8\x8f\x8b\x58\x7d\x23\x04"
+ "\x50\x6b\x81\x9f\xae\x66\xac\x6f"
+ "\xcf\x2a\x9d\xf1\xfd\x1d\x57\x07"
+ "\xbe\x58\xeb\x77\x0c\xe3\xc2\x19"
+ "\x14\x74\x1b\x51\x1c\x4f\x41\xf3"
+ "\x32\x89\xb3\xe7\xde\x62\xf6\x5f"
+ "\xc7\x6a\x4a\x2a\x5b\x0f\x5f\x87"
+ "\x9c\x08\xb9\x02\x88\xc8\x29\xb7"
+ "\x94\x52\xfa\x52\xfe\xaa\x50\x10"
+ "\xba\x48\x75\x5e\x11\x1b\xe6\x39"
+ "\xd7\x82\x2c\x87\xf1\x1e\xa4\x38"
+ "\x72\x3e\x51\xe7\xd8\x3e\x5b\x7b"
+ "\x31\x16\x89\xba\xd6\xad\x18\x5e"
+ "\xba\xf8\x12\xb3\xf4\x6c\x47\x30"
+ "\xc0\x38\x58\xb3\x10\x8d\x58\x5d"
+ "\xb4\xfb\x19\x7e\x41\xc3\x66\xb8"
+ "\xd6\x72\x84\xe1\x1a\xc2\x71\x4c"
+ "\x0d\x4a\x21\x7a\xab\xa2\xc0\x36"
+ "\x15\xc5\xe9\x46\xd7\x29\x17\x76"
+ "\x5e\x47\x36\x7f\x72\x05\xa7\xcc"
+ "\x36\x63\xf9\x47\x7d\xe6\x07\x3c"
+ "\x8b\x79\x1d\x96\x61\x8d\x90\x65"
+ "\x7c\xf5\xeb\x4e\x6e\x09\x59\x6d"
+ "\x62\x50\x1b\x0f\xe0\xdc\x78\xf2"
+ "\x5b\x83\x1a\xa1\x11\x75\xfd\x18"
+ "\xd7\xe2\x8d\x65\x14\x21\xce\xbe"
+ "\xb5\x87\xe3\x0a\xda\x24\x0a\x64"
+ "\xa9\x9f\x03\x8d\x46\x5d\x24\x1a"
+ "\x8a\x0c\x42\x01\xca\xb1\x5f\x7c"
+ "\xa5\xac\x32\x4a\xb8\x07\x91\x18"
+ "\x6f\xb0\x71\x3c\xc9\xb1\xa8\xf8"
+ "\x5f\x69\xa5\xa1\xca\x9e\x7a\xaa"
+ "\xac\xe9\xc7\x47\x41\x75\x25\xc3"
+ "\x73\xe2\x0b\xdd\x6d\x52\x71\xbe"
+ "\xc5\xdc\xb4\xe7\x01\x26\x53\x77"
+ "\x86\x90\x85\x68\x6b\x7b\x03\x53"
+ "\xda\x52\x52\x51\x68\xc8\xf3\xec"
+ "\x6c\xd5\x03\x7a\xa3\x0e\xb4\x02"
+ "\x5f\x1a\xab\xee\xca\x67\x29\x7b"
+ "\xbd\x96\x59\xb3\x8b\x32\x7a\x92"
+ "\x9f\xd8\x25\x2b\xdf\xc0\x4c\xda",
+ .ksize = 1088,
+ .plaintext = "\xbc\xda\x81\xa8\x78\x79\x1c\xbf"
+ "\x77\x53\xba\x4c\x30\x5b\xb8\x33",
+ .psize = 16,
+ .digest = "\x04\xbf\x7f\x6a\xce\x72\xea\x6a"
+ "\x79\xdb\xb0\xc9\x60\xf6\x12\xcc",
+ }, {
+ .key = "\x2e\x77\x1e\x2c\x63\x76\x34\x3f"
+ "\x71\x08\x4f\x5a\xe3\x3d\x74\x56"
+ "\xc7\x98\x46\x52\xe5\x8a\xba\x0d"
+ "\x72\x41\x11\x15\x14\x72\x50\x8a"
+ "\xd5\xec\x60\x09\xdd\x71\xcc\xb9"
+ "\x59\x81\x65\x2d\x9e\x50\x18\xf3"
+ "\x32\xf3\xf1\xe7\x01\x82\x1c\xad"
+ "\x88\xa0\x21\x0c\x4b\x80\x5e\x62"
+ "\xfc\x81\xec\x52\xaa\xe4\xa5\x86"
+ "\xc2\xe6\x03\x11\xdc\x66\x09\x86"
+ "\x3c\x3b\xf0\x59\x0f\xb3\xf7\x44"
+ "\x24\xb7\x88\xc5\xfc\xc8\x77\x9f"
+ "\x8c\x44\xc4\x11\x55\xce\x7a\xa3"
+ "\xe0\xa2\xb8\xbf\xb5\x3d\x07\x2c"
+ "\x32\xb6\x6c\xfc\xb4\x42\x95\x95"
+ "\x98\x32\x81\xc4\xe7\xe2\xd9\x6a"
+ "\x87\xf4\xf4\x1e\x74\x7c\xb5\xcd"
+ "\x51\x45\x68\x38\x51\xdb\x30\x74"
+ "\x11\xe0\xaa\xae\x19\x8f\x15\x55"
+ "\xdd\x47\x4a\x35\xb9\x0c\xb4\x4e"
+ "\xa9\xce\x2f\xfa\x8f\xc1\x8a\x5e"
+ "\x5b\xec\xa5\x81\x3b\xb3\x43\x06"
+ "\x24\x81\xf4\x24\xe2\x21\xfa\xcb"
+ "\x49\xa8\xf8\xbd\x31\x4a\x5b\x2d"
+ "\x64\x0a\x07\xf0\x80\xc9\x0d\x81"
+ "\x14\x58\x54\x2b\xba\x22\x31\xba"
+ "\xef\x66\xc9\x49\x69\x69\x83\x0d"
+ "\xf2\xf9\x80\x9d\x30\x36\xfb\xe3"
+ "\xc0\x72\x2b\xcc\x5a\x81\x2c\x5d"
+ "\x3b\x5e\xf8\x2b\xd3\x14\x28\x73"
+ "\xf9\x1c\x70\xe6\xd8\xbb\xac\x30"
+ "\xf9\xd9\xa0\xe2\x33\x7c\x33\x34"
+ "\xa5\x6a\x77\x6d\xd5\xaf\xf4\xf3"
+ "\xc7\xb3\x0e\x83\x3d\xcb\x01\xcc"
+ "\x81\xc0\xf9\x4a\xae\x36\x92\xf7"
+ "\x69\x7b\x65\x01\xc3\xc8\xb8\xae"
+ "\x16\xd8\x30\xbb\xba\x6d\x78\x6e"
+ "\x0d\xf0\x7d\x84\xb7\x87\xda\x28"
+ "\x7a\x18\x10\x0b\x29\xec\x29\xf3"
+ "\xb0\x7b\xa1\x28\xbf\xbc\x2b\x2c"
+ "\x92\x2c\x16\xfb\x02\x39\xf9\xa6"
+ "\xa2\x15\x05\xa6\x72\x10\xbc\x62"
+ "\x4a\x6e\xb8\xb5\x5d\x59\xae\x3c"
+ "\x32\xd3\x68\xd7\x8e\x5a\xcd\x1b"
+ "\xef\xf6\xa7\x5e\x10\x51\x15\x4b"
+ "\x2c\xe3\xba\x70\x4f\x2c\xa0\x1c"
+ "\x7b\x97\xd7\xb2\xa5\x05\x17\xcc"
+ "\xf7\x3a\x29\x6f\xd5\x4b\xb8\x24"
+ "\xf4\x65\x95\x12\xc0\x86\xd1\x64"
+ "\x81\xdf\x46\x55\x0d\x22\x06\x77"
+ "\xd8\xca\x8d\xc8\x87\xc3\xfa\xb9"
+ "\xe1\x98\x94\xe6\x7b\xed\x65\x66"
+ "\x0e\xc7\x25\x15\xee\x4a\xe6\x7e"
+ "\xea\x1b\x58\xee\x96\xa0\x75\x9a"
+ "\xa3\x00\x9e\x42\xc2\x26\x20\x8c"
+ "\x3d\x22\x1f\x94\x3e\x74\x43\x72"
+ "\xe9\x1d\xa6\xa1\x6c\xa7\xb8\x03"
+ "\xdf\xb9\x7a\xaf\xe9\xe9\x3b\xfe"
+ "\xdf\x91\xc1\x01\xa8\xba\x5d\x29"
+ "\xa5\xe0\x98\x9b\x13\xe5\x13\x11"
+ "\x7c\x04\x3a\xe8\x44\x7e\x78\xfc"
+ "\xd6\x96\xa8\xbc\x7d\xc1\x89\x3d"
+ "\x75\x64\xa9\x0e\x86\x33\xfb\x73"
+ "\xf7\x15\xbc\x2c\x9a\x3f\x29\xce"
+ "\x1c\x9d\x10\x4e\x85\xe1\x77\x41"
+ "\x01\xe2\xbc\x88\xec\x81\xef\xc2"
+ "\x6a\xed\x4f\xf7\xdf\xac\x10\x71"
+ "\x94\xed\x71\xa4\x01\xd4\xd6\xbe"
+ "\xfe\x3e\xc3\x92\x6a\xf2\x2b\xb5"
+ "\xab\x15\x96\xb7\x88\x2c\xc2\xe1"
+ "\xb0\x04\x22\xe7\x3d\xa9\xc9\x7d"
+ "\x2c\x7c\x21\xff\x97\x86\x6b\x0c"
+ "\x2b\x5b\xe0\xb6\x48\x74\x8f\x24"
+ "\xef\x8e\xdd\x0f\x2a\x5f\xff\x33"
+ "\xf4\x8e\xc5\xeb\x9c\xd7\x2a\x45"
+ "\xf3\x50\xf1\xc0\x91\x8f\xc7\xf9"
+ "\x97\xc1\x3c\x9c\xf4\xed\x8a\x23"
+ "\x61\x5b\x40\x1a\x09\xee\x23\xa8"
+ "\x7c\x7a\x96\xe1\x31\x55\x3d\x12"
+ "\x04\x1f\x21\x78\x72\xf0\x0f\xa5"
+ "\x80\x58\x7c\x2f\x37\xb5\x67\x24"
+ "\x2f\xce\xf9\xf6\x86\x9f\xb3\x34"
+ "\x0c\xfe\x0a\xaf\x27\xe6\x5e\x0a"
+ "\x21\x44\x68\xe1\x5d\x84\x25\xae"
+ "\x2c\x5a\x94\x66\x9a\x3f\x0e\x5a"
+ "\xd0\x60\x2a\xd5\x3a\x4e\x2f\x40"
+ "\x87\xe9\x27\x3e\xee\x92\xe1\x07"
+ "\x22\x43\x52\xed\x67\x49\x13\xdd"
+ "\x68\xd7\x54\xc2\x76\x72\x7e\x75"
+ "\xaf\x24\x98\x5c\xe8\x22\xaa\x35"
+ "\x0f\x9a\x1c\x4c\x0b\x43\x68\x99"
+ "\x45\xdd\xbf\x82\xa5\x6f\x0a\xef"
+ "\x44\x90\x85\xe7\x57\x23\x22\x41"
+ "\x2e\xda\x24\x28\x65\x7f\x96\x85"
+ "\x9f\x4b\x0d\x43\xb9\xa8\xbd\x84"
+ "\xad\x0b\x09\xcc\x2c\x4a\x0c\xec"
+ "\x71\x58\xba\xf1\xfc\x49\x4c\xca"
+ "\x5c\x5d\xb2\x77\x0c\x99\xae\x1c"
+ "\xce\x70\x05\x5b\x73\x6b\x7c\x28"
+ "\x3b\xeb\x21\x3f\xa3\x71\xe1\x6a"
+ "\xf4\x87\xd0\xbf\x73\xaa\x0b\x0b"
+ "\xed\x70\xb3\xd4\xa3\xca\x76\x3a"
+ "\xdb\xfa\xd8\x08\x95\xec\xac\x59"
+ "\xd0\x79\x90\xc2\x33\x7b\xcc\x28"
+ "\x65\xb6\x5f\x92\xc4\xac\x23\x40"
+ "\xd1\x20\x44\x1f\xd7\x29\xab\x46"
+ "\x79\x32\xc6\x8f\x79\xe5\xaa\x2c"
+ "\xa6\x76\x70\x3a\x9e\x46\x3f\x8c"
+ "\x1a\x89\x32\x28\x61\x5c\xcf\x93"
+ "\x1e\xde\x9e\x98\xbe\x06\x30\x23"
+ "\xc4\x8b\xda\x1c\xd1\x67\x46\x93"
+ "\x9d\x41\xa2\x8c\x03\x22\xbd\x55"
+ "\x7e\x91\x51\x13\xdc\xcf\x5c\x1e"
+ "\xcb\x5d\xfb\x14\x16\x1a\x44\x56"
+ "\x27\x77\xfd\xed\x7d\xbd\xd1\x49"
+ "\x7f\x0d\xc3\x59\x48\x6b\x3c\x02"
+ "\x6b\xb5\xd0\x83\xd5\x81\x29\xe7"
+ "\xe0\xc9\x36\x23\x8d\x41\x33\x77"
+ "\xff\x5f\x54\xde\x4d\x3f\xd2\x4e"
+ "\xb6\x4d\xdd\x85\xf8\x9b\x20\x7d"
+ "\x39\x27\x68\x63\xd3\x8e\x61\x39"
+ "\xfa\xe1\xc3\x04\x74\x27\x5a\x34"
+ "\x7f\xec\x59\x2d\xc5\x6e\x54\x23"
+ "\xf5\x7b\x4b\xbe\x58\x2b\xf2\x81"
+ "\x93\x63\xcc\x13\xd9\x90\xbb\x6a"
+ "\x41\x03\x8d\x95\xeb\xbb\x5d\x06"
+ "\x38\x4c\x0e\xd6\xa9\x5b\x84\x97"
+ "\x3e\x64\x72\xe9\x96\x07\x0f\x73"
+ "\x6e\xc6\x3b\x32\xbe\xac\x13\x14"
+ "\xd0\x0a\x17\x5f\xb9\x9c\x3e\x34"
+ "\xd9\xec\xd6\x8f\x89\xbf\x1e\xd3"
+ "\xda\x80\xb2\x29\xff\x28\x96\xb3"
+ "\x46\x50\x5b\x15\x80\x97\xee\x1f"
+ "\x6c\xd8\xe8\xe0\xbd\x09\xe7\x20"
+ "\x8c\x23\x8e\xd9\xbb\x92\xfa\x82"
+ "\xaa\x0f\xb5\xf8\x78\x60\x11\xf0",
+ .ksize = 1088,
+ .plaintext = "\x0b\xb2\x31\x2d\xad\xfe\xce\xf9"
+ "\xec\x5d\x3d\x64\x5f\x3f\x75\x43"
+ "\x05\x5b\x97",
+ .psize = 19,
+ .digest = "\x5f\x02\xae\x65\x6c\x13\x21\x67"
+ "\x77\x9e\xc4\x43\x58\x68\xde\x8f",
+ }, {
+ .key = "\x65\x4d\xe3\xf8\xd2\x4c\xac\x28"
+ "\x68\xf5\xb3\x81\x71\x4b\xa1\xfa"
+ "\x04\x0e\xd3\x81\x36\xbe\x0c\x81"
+ "\x5e\xaf\xbc\x3a\xa4\xc0\x8e\x8b"
+ "\x55\x63\xd3\x52\x97\x88\xd6\x19"
+ "\xbc\x96\xdf\x49\xff\x04\x63\xf5"
+ "\x0c\x11\x13\xaa\x9e\x1f\x5a\xf7"
+ "\xdd\xbd\x37\x80\xc3\xd0\xbe\xa7"
+ "\x05\xc8\x3c\x98\x1e\x05\x3c\x84"
+ "\x39\x61\xc4\xed\xed\x71\x1b\xc4"
+ "\x74\x45\x2c\xa1\x56\x70\x97\xfd"
+ "\x44\x18\x07\x7d\xca\x60\x1f\x73"
+ "\x3b\x6d\x21\xcb\x61\x87\x70\x25"
+ "\x46\x21\xf1\x1f\x21\x91\x31\x2d"
+ "\x5d\xcc\xb7\xd1\x84\x3e\x3d\xdb"
+ "\x03\x53\x2a\x82\xa6\x9a\x95\xbc"
+ "\x1a\x1e\x0a\x5e\x07\x43\xab\x43"
+ "\xaf\x92\x82\x06\x91\x04\x09\xf4"
+ "\x17\x0a\x9a\x2c\x54\xdb\xb8\xf4"
+ "\xd0\xf0\x10\x66\x24\x8d\xcd\xda"
+ "\xfe\x0e\x45\x9d\x6f\xc4\x4e\xf4"
+ "\x96\xaf\x13\xdc\xa9\xd4\x8c\xc4"
+ "\xc8\x57\x39\x3c\xc2\xd3\x0a\x76"
+ "\x4a\x1f\x75\x83\x44\xc7\xd1\x39"
+ "\xd8\xb5\x41\xba\x73\x87\xfa\x96"
+ "\xc7\x18\x53\xfb\x9b\xda\xa0\x97"
+ "\x1d\xee\x60\x85\x9e\x14\xc3\xce"
+ "\xc4\x05\x29\x3b\x95\x30\xa3\xd1"
+ "\x9f\x82\x6a\x04\xf5\xa7\x75\x57"
+ "\x82\x04\xfe\x71\x51\x71\xb1\x49"
+ "\x50\xf8\xe0\x96\xf1\xfa\xa8\x88"
+ "\x3f\xa0\x86\x20\xd4\x60\x79\x59"
+ "\x17\x2d\xd1\x09\xf4\xec\x05\x57"
+ "\xcf\x62\x7e\x0e\x7e\x60\x78\xe6"
+ "\x08\x60\x29\xd8\xd5\x08\x1a\x24"
+ "\xc4\x6c\x24\xe7\x92\x08\x3d\x8a"
+ "\x98\x7a\xcf\x99\x0a\x65\x0e\xdc"
+ "\x8c\x8a\xbe\x92\x82\x91\xcc\x62"
+ "\x30\xb6\xf4\x3f\xc6\x8a\x7f\x12"
+ "\x4a\x8a\x49\xfa\x3f\x5c\xd4\x5a"
+ "\xa6\x82\xa3\xe6\xaa\x34\x76\xb2"
+ "\xab\x0a\x30\xef\x6c\x77\x58\x3f"
+ "\x05\x6b\xcc\x5c\xae\xdc\xd7\xb9"
+ "\x51\x7e\x8d\x32\x5b\x24\x25\xbe"
+ "\x2b\x24\x01\xcf\x80\xda\x16\xd8"
+ "\x90\x72\x2c\xad\x34\x8d\x0c\x74"
+ "\x02\xcb\xfd\xcf\x6e\xef\x97\xb5"
+ "\x4c\xf2\x68\xca\xde\x43\x9e\x8a"
+ "\xc5\x5f\x31\x7f\x14\x71\x38\xec"
+ "\xbd\x98\xe5\x71\xc4\xb5\xdb\xef"
+ "\x59\xd2\xca\xc0\xc1\x86\x75\x01"
+ "\xd4\x15\x0d\x6f\xa4\xf7\x7b\x37"
+ "\x47\xda\x18\x93\x63\xda\xbe\x9e"
+ "\x07\xfb\xb2\x83\xd5\xc4\x34\x55"
+ "\xee\x73\xa1\x42\x96\xf9\x66\x41"
+ "\xa4\xcc\xd2\x93\x6e\xe1\x0a\xbb"
+ "\xd2\xdd\x18\x23\xe6\x6b\x98\x0b"
+ "\x8a\x83\x59\x2c\xc3\xa6\x59\x5b"
+ "\x01\x22\x59\xf7\xdc\xb0\x87\x7e"
+ "\xdb\x7d\xf4\x71\x41\xab\xbd\xee"
+ "\x79\xbe\x3c\x01\x76\x0b\x2d\x0a"
+ "\x42\xc9\x77\x8c\xbb\x54\x95\x60"
+ "\x43\x2e\xe0\x17\x52\xbd\x90\xc9"
+ "\xc2\x2c\xdd\x90\x24\x22\x76\x40"
+ "\x5c\xb9\x41\xc9\xa1\xd5\xbd\xe3"
+ "\x44\xe0\xa4\xab\xcc\xb8\xe2\x32"
+ "\x02\x15\x04\x1f\x8c\xec\x5d\x14"
+ "\xac\x18\xaa\xef\x6e\x33\x19\x6e"
+ "\xde\xfe\x19\xdb\xeb\x61\xca\x18"
+ "\xad\xd8\x3d\xbf\x09\x11\xc7\xa5"
+ "\x86\x0b\x0f\xe5\x3e\xde\xe8\xd9"
+ "\x0a\x69\x9e\x4c\x20\xff\xf9\xc5"
+ "\xfa\xf8\xf3\x7f\xa5\x01\x4b\x5e"
+ "\x0f\xf0\x3b\x68\xf0\x46\x8c\x2a"
+ "\x7a\xc1\x8f\xa0\xfe\x6a\x5b\x44"
+ "\x70\x5c\xcc\x92\x2c\x6f\x0f\xbd"
+ "\x25\x3e\xb7\x8e\x73\x58\xda\xc9"
+ "\xa5\xaa\x9e\xf3\x9b\xfd\x37\x3e"
+ "\xe2\x88\xa4\x7b\xc8\x5c\xa8\x93"
+ "\x0e\xe7\x9a\x9c\x2e\x95\x18\x9f"
+ "\xc8\x45\x0c\x88\x9e\x53\x4f\x3a"
+ "\x76\xc1\x35\xfa\x17\xd8\xac\xa0"
+ "\x0c\x2d\x47\x2e\x4f\x69\x9b\xf7"
+ "\xd0\xb6\x96\x0c\x19\xb3\x08\x01"
+ "\x65\x7a\x1f\xc7\x31\x86\xdb\xc8"
+ "\xc1\x99\x8f\xf8\x08\x4a\x9d\x23"
+ "\x22\xa8\xcf\x27\x01\x01\x88\x93"
+ "\x9c\x86\x45\xbd\xe0\x51\xca\x52"
+ "\x84\xba\xfe\x03\xf7\xda\xc5\xce"
+ "\x3e\x77\x75\x86\xaf\x84\xc8\x05"
+ "\x44\x01\x0f\x02\xf3\x58\xb0\x06"
+ "\x5a\xd7\x12\x30\x8d\xdf\x1f\x1f"
+ "\x0a\xe6\xd2\xea\xf6\x3a\x7a\x99"
+ "\x63\xe8\xd2\xc1\x4a\x45\x8b\x40"
+ "\x4d\x0a\xa9\x76\x92\xb3\xda\x87"
+ "\x36\x33\xf0\x78\xc3\x2f\x5f\x02"
+ "\x1a\x6a\x2c\x32\xcd\x76\xbf\xbd"
+ "\x5a\x26\x20\x28\x8c\x8c\xbc\x52"
+ "\x3d\x0a\xc9\xcb\xab\xa4\x21\xb0"
+ "\x54\x40\x81\x44\xc7\xd6\x1c\x11"
+ "\x44\xc6\x02\x92\x14\x5a\xbf\x1a"
+ "\x09\x8a\x18\xad\xcd\x64\x3d\x53"
+ "\x4a\xb6\xa5\x1b\x57\x0e\xef\xe0"
+ "\x8c\x44\x5f\x7d\xbd\x6c\xfd\x60"
+ "\xae\x02\x24\xb6\x99\xdd\x8c\xaf"
+ "\x59\x39\x75\x3c\xd1\x54\x7b\x86"
+ "\xcc\x99\xd9\x28\x0c\xb0\x94\x62"
+ "\xf9\x51\xd1\x19\x96\x2d\x66\xf5"
+ "\x55\xcf\x9e\x59\xe2\x6b\x2c\x08"
+ "\xc0\x54\x48\x24\x45\xc3\x8c\x73"
+ "\xea\x27\x6e\x66\x7d\x1d\x0e\x6e"
+ "\x13\xe8\x56\x65\x3a\xb0\x81\x5c"
+ "\xf0\xe8\xd8\x00\x6b\xcd\x8f\xad"
+ "\xdd\x53\xf3\xa4\x6c\x43\xd6\x31"
+ "\xaf\xd2\x76\x1e\x91\x12\xdb\x3c"
+ "\x8c\xc2\x81\xf0\x49\xdb\xe2\x6b"
+ "\x76\x62\x0a\x04\xe4\xaa\x8a\x7c"
+ "\x08\x0b\x5d\xd0\xee\x1d\xfb\xc4"
+ "\x02\x75\x42\xd6\xba\xa7\x22\xa8"
+ "\x47\x29\xb7\x85\x6d\x93\x3a\xdb"
+ "\x00\x53\x0b\xa2\xeb\xf8\xfe\x01"
+ "\x6f\x8a\x31\xd6\x17\x05\x6f\x67"
+ "\x88\x95\x32\xfe\x4f\xa6\x4b\xf8"
+ "\x03\xe4\xcd\x9a\x18\xe8\x4e\x2d"
+ "\xf7\x97\x9a\x0c\x7d\x9f\x7e\x44"
+ "\x69\x51\xe0\x32\x6b\x62\x86\x8f"
+ "\xa6\x8e\x0b\x21\x96\xe5\xaf\x77"
+ "\xc0\x83\xdf\xa5\x0e\xd0\xa1\x04"
+ "\xaf\xc1\x10\xcb\x5a\x40\xe4\xe3"
+ "\x38\x7e\x07\xe8\x4d\xfa\xed\xc5"
+ "\xf0\x37\xdf\xbb\x8a\xcf\x3d\xdc"
+ "\x61\xd2\xc6\x2b\xff\x07\xc9\x2f"
+ "\x0c\x2d\x5c\x07\xa8\x35\x6a\xfc"
+ "\xae\x09\x03\x45\x74\x51\x4d\xc4"
+ "\xb8\x23\x87\x4a\x99\x27\x20\x87"
+ "\x62\x44\x0a\x4a\xce\x78\x47\x22",
+ .ksize = 1088,
+ .plaintext = "\x8e\xb0\x4c\xde\x9c\x4a\x04\x5a"
+ "\xf6\xa9\x7f\x45\x25\xa5\x7b\x3a"
+ "\xbc\x4d\x73\x39\x81\xb5\xbd\x3d"
+ "\x21\x6f\xd7\x37\x50\x3c\x7b\x28"
+ "\xd1\x03\x3a\x17\xed\x7b\x7c\x2a"
+ "\x16\xbc\xdf\x19\x89\x52\x71\x31"
+ "\xb6\xc0\xfd\xb5\xd3\xba\x96\x99"
+ "\xb6\x34\x0b\xd0\x99\x93\xfc\x1a"
+ "\x01\x3c\x85\xc6\x9b\x78\x5c\x8b"
+ "\xfe\xae\xd2\xbf\xb2\x6f\xf9\xed"
+ "\xc8\x25\x17\xfe\x10\x3b\x7d\xda"
+ "\xf4\x8d\x35\x4b\x7c\x7b\x82\xe7"
+ "\xc2\xb3\xee\x60\x4a\x03\x86\xc9"
+ "\x4e\xb5\xc4\xbe\xd2\xbd\x66\xf1"
+ "\x13\xf1\x09\xab\x5d\xca\x63\x1f"
+ "\xfc\xfb\x57\x2a\xfc\xca\x66\xd8"
+ "\x77\x84\x38\x23\x1d\xac\xd3\xb3"
+ "\x7a\xad\x4c\x70\xfa\x9c\xc9\x61"
+ "\xa6\x1b\xba\x33\x4b\x4e\x33\xec"
+ "\xa0\xa1\x64\x39\x40\x05\x1c\xc2"
+ "\x3f\x49\x9d\xae\xf2\xc5\xf2\xc5"
+ "\xfe\xe8\xf4\xc2\xf9\x96\x2d\x28"
+ "\x92\x30\x44\xbc\xd2\x7f\xe1\x6e"
+ "\x62\x02\x8f\x3d\x1c\x80\xda\x0e"
+ "\x6a\x90\x7e\x75\xff\xec\x3e\xc4"
+ "\xcd\x16\x34\x3b\x05\x6d\x4d\x20"
+ "\x1c\x7b\xf5\x57\x4f\xfa\x3d\xac"
+ "\xd0\x13\x55\xe8\xb3\xe1\x1b\x78"
+ "\x30\xe6\x9f\x84\xd4\x69\xd1\x08"
+ "\x12\x77\xa7\x4a\xbd\xc0\xf2\xd2"
+ "\x78\xdd\xa3\x81\x12\xcb\x6c\x14"
+ "\x90\x61\xe2\x84\xc6\x2b\x16\xcc"
+ "\x40\x99\x50\x88\x01\x09\x64\x4f"
+ "\x0a\x80\xbe\x61\xae\x46\xc9\x0a"
+ "\x5d\xe0\xfb\x72\x7a\x1a\xdd\x61"
+ "\x63\x20\x05\xa0\x4a\xf0\x60\x69"
+ "\x7f\x92\xbc\xbf\x4e\x39\x4d\xdd"
+ "\x74\xd1\xb7\xc0\x5a\x34\xb7\xae"
+ "\x76\x65\x2e\xbc\x36\xb9\x04\x95"
+ "\x42\xe9\x6f\xca\x78\xb3\x72\x07"
+ "\xa3\xba\x02\x94\x67\x4c\xb1\xd7"
+ "\xe9\x30\x0d\xf0\x3b\xb8\x10\x6d"
+ "\xea\x2b\x21\xbf\x74\x59\x82\x97"
+ "\x85\xaa\xf1\xd7\x54\x39\xeb\x05"
+ "\xbd\xf3\x40\xa0\x97\xe6\x74\xfe"
+ "\xb4\x82\x5b\xb1\x36\xcb\xe8\x0d"
+ "\xce\x14\xd9\xdf\xf1\x94\x22\xcd"
+ "\xd6\x00\xba\x04\x4c\x05\x0c\xc0"
+ "\xd1\x5a\xeb\x52\xd5\xa8\x8e\xc8"
+ "\x97\xa1\xaa\xc1\xea\xc1\xbe\x7c"
+ "\x36\xb3\x36\xa0\xc6\x76\x66\xc5"
+ "\xe2\xaf\xd6\x5c\xe2\xdb\x2c\xb3"
+ "\x6c\xb9\x99\x7f\xff\x9f\x03\x24"
+ "\xe1\x51\x44\x66\xd8\x0c\x5d\x7f"
+ "\x5c\x85\x22\x2a\xcf\x6d\x79\x28"
+ "\xab\x98\x01\x72\xfe\x80\x87\x5f"
+ "\x46\xba\xef\x81\x24\xee\xbf\xb0"
+ "\x24\x74\xa3\x65\x97\x12\xc4\xaf"
+ "\x8b\xa0\x39\xda\x8a\x7e\x74\x6e"
+ "\x1b\x42\xb4\x44\x37\xfc\x59\xfd"
+ "\x86\xed\xfb\x8c\x66\x33\xda\x63"
+ "\x75\xeb\xe1\xa4\x85\x4f\x50\x8f"
+ "\x83\x66\x0d\xd3\x37\xfa\xe6\x9c"
+ "\x4f\x30\x87\x35\x18\xe3\x0b\xb7"
+ "\x6e\x64\x54\xcd\x70\xb3\xde\x54"
+ "\xb7\x1d\xe6\x4c\x4d\x55\x12\x12"
+ "\xaf\x5f\x7f\x5e\xee\x9d\xe8\x8e"
+ "\x32\x9d\x4e\x75\xeb\xc6\xdd\xaa"
+ "\x48\x82\xa4\x3f\x3c\xd7\xd3\xa8"
+ "\x63\x9e\x64\xfe\xe3\x97\x00\x62"
+ "\xe5\x40\x5d\xc3\xad\x72\xe1\x28"
+ "\x18\x50\xb7\x75\xef\xcd\x23\xbf"
+ "\x3f\xc0\x51\x36\xf8\x41\xc3\x08"
+ "\xcb\xf1\x8d\x38\x34\xbd\x48\x45"
+ "\x75\xed\xbc\x65\x7b\xb5\x0c\x9b"
+ "\xd7\x67\x7d\x27\xb4\xc4\x80\xd7"
+ "\xa9\xb9\xc7\x4a\x97\xaa\xda\xc8"
+ "\x3c\x74\xcf\x36\x8f\xe4\x41\xe3"
+ "\xd4\xd3\x26\xa7\xf3\x23\x9d\x8f"
+ "\x6c\x20\x05\x32\x3e\xe0\xc3\xc8"
+ "\x56\x3f\xa7\x09\xb7\xfb\xc7\xf7"
+ "\xbe\x2a\xdd\x0f\x06\x7b\x0d\xdd"
+ "\xb0\xb4\x86\x17\xfd\xb9\x04\xe5"
+ "\xc0\x64\x5d\xad\x2a\x36\x38\xdb"
+ "\x24\xaf\x5b\xff\xca\xf9\x41\xe8"
+ "\xf9\x2f\x1e\x5e\xf9\xf5\xd5\xf2"
+ "\xb2\x88\xca\xc9\xa1\x31\xe2\xe8"
+ "\x10\x95\x65\xbf\xf1\x11\x61\x7a"
+ "\x30\x1a\x54\x90\xea\xd2\x30\xf6"
+ "\xa5\xad\x60\xf9\x4d\x84\x21\x1b"
+ "\xe4\x42\x22\xc8\x12\x4b\xb0\x58"
+ "\x3e\x9c\x2d\x32\x95\x0a\x8e\xb0"
+ "\x0a\x7e\x77\x2f\xe8\x97\x31\x6a"
+ "\xf5\x59\xb4\x26\xe6\x37\x12\xc9"
+ "\xcb\xa0\x58\x33\x6f\xd5\x55\x55"
+ "\x3c\xa1\x33\xb1\x0b\x7e\x2e\xb4"
+ "\x43\x2a\x84\x39\xf0\x9c\xf4\x69"
+ "\x4f\x1e\x79\xa6\x15\x1b\x87\xbb"
+ "\xdb\x9b\xe0\xf1\x0b\xba\xe3\x6e"
+ "\xcc\x2f\x49\x19\x22\x29\xfc\x71"
+ "\xbb\x77\x38\x18\x61\xaf\x85\x76"
+ "\xeb\xd1\x09\xcc\x86\x04\x20\x9a"
+ "\x66\x53\x2f\x44\x8b\xc6\xa3\xd2"
+ "\x5f\xc7\x79\x82\x66\xa8\x6e\x75"
+ "\x7d\x94\xd1\x86\x75\x0f\xa5\x4f"
+ "\x3c\x7a\x33\xce\xd1\x6e\x9d\x7b"
+ "\x1f\x91\x37\xb8\x37\x80\xfb\xe0"
+ "\x52\x26\xd0\x9a\xd4\x48\x02\x41"
+ "\x05\xe3\x5a\x94\xf1\x65\x61\x19"
+ "\xb8\x88\x4e\x2b\xea\xba\x8b\x58"
+ "\x8b\x42\x01\x00\xa8\xfe\x00\x5c"
+ "\xfe\x1c\xee\x31\x15\x69\xfa\xb3"
+ "\x9b\x5f\x22\x8e\x0d\x2c\xe3\xa5"
+ "\x21\xb9\x99\x8a\x8e\x94\x5a\xef"
+ "\x13\x3e\x99\x96\x79\x6e\xd5\x42"
+ "\x36\x03\xa9\xe2\xca\x65\x4e\x8a"
+ "\x8a\x30\xd2\x7d\x74\xe7\xf0\xaa"
+ "\x23\x26\xdd\xcb\x82\x39\xfc\x9d"
+ "\x51\x76\x21\x80\xa2\xbe\x93\x03"
+ "\x47\xb0\xc1\xb6\xdc\x63\xfd\x9f"
+ "\xca\x9d\xa5\xca\x27\x85\xe2\xd8"
+ "\x15\x5b\x7e\x14\x7a\xc4\x89\xcc"
+ "\x74\x14\x4b\x46\xd2\xce\xac\x39"
+ "\x6b\x6a\x5a\xa4\x0e\xe3\x7b\x15"
+ "\x94\x4b\x0f\x74\xcb\x0c\x7f\xa9"
+ "\xbe\x09\x39\xa3\xdd\x56\x5c\xc7"
+ "\x99\x56\x65\x39\xf4\x0b\x7d\x87"
+ "\xec\xaa\xe3\x4d\x22\x65\x39\x4e",
+ .psize = 1024,
+ .digest = "\x64\x3a\xbc\xc3\x3f\x74\x40\x51"
+ "\x6e\x56\x01\x1a\x51\xec\x36\xde",
+ }, {
+ .key = "\x1b\x82\x2e\x1b\x17\x23\xb9\x6d"
+ "\xdc\x9c\xda\x99\x07\xe3\x5f\xd8"
+ "\xd2\xf8\x43\x80\x8d\x86\x7d\x80"
+ "\x1a\xd0\xcc\x13\xb9\x11\x05\x3f"
+ "\x7e\xcf\x7e\x80\x0e\xd8\x25\x48"
+ "\x8b\xaa\x63\x83\x92\xd0\x72\xf5"
+ "\x4f\x67\x7e\x50\x18\x25\xa4\xd1"
+ "\xe0\x7e\x1e\xba\xd8\xa7\x6e\xdb"
+ "\x1a\xcc\x0d\xfe\x9f\x6d\x22\x35"
+ "\xe1\xe6\xe0\xa8\x7b\x9c\xb1\x66"
+ "\xa3\xf8\xff\x4d\x90\x84\x28\xbc"
+ "\xdc\x19\xc7\x91\x49\xfc\xf6\x33"
+ "\xc9\x6e\x65\x7f\x28\x6f\x68\x2e"
+ "\xdf\x1a\x75\xe9\xc2\x0c\x96\xb9"
+ "\x31\x22\xc4\x07\xc6\x0a\x2f\xfd"
+ "\x36\x06\x5f\x5c\xc5\xb1\x3a\xf4"
+ "\x5e\x48\xa4\x45\x2b\x88\xa7\xee"
+ "\xa9\x8b\x52\xcc\x99\xd9\x2f\xb8"
+ "\xa4\x58\x0a\x13\xeb\x71\x5a\xfa"
+ "\xe5\x5e\xbe\xf2\x64\xad\x75\xbc"
+ "\x0b\x5b\x34\x13\x3b\x23\x13\x9a"
+ "\x69\x30\x1e\x9a\xb8\x03\xb8\x8b"
+ "\x3e\x46\x18\x6d\x38\xd9\xb3\xd8"
+ "\xbf\xf1\xd0\x28\xe6\x51\x57\x80"
+ "\x5e\x99\xfb\xd0\xce\x1e\x83\xf7"
+ "\xe9\x07\x5a\x63\xa9\xef\xce\xa5"
+ "\xfb\x3f\x37\x17\xfc\x0b\x37\x0e"
+ "\xbb\x4b\x21\x62\xb7\x83\x0e\xa9"
+ "\x9e\xb0\xc4\xad\x47\xbe\x35\xe7"
+ "\x51\xb2\xf2\xac\x2b\x65\x7b\x48"
+ "\xe3\x3f\x5f\xb6\x09\x04\x0c\x58"
+ "\xce\x99\xa9\x15\x2f\x4e\xc1\xf2"
+ "\x24\x48\xc0\xd8\x6c\xd3\x76\x17"
+ "\x83\x5d\xe6\xe3\xfd\x01\x8e\xf7"
+ "\x42\xa5\x04\x29\x30\xdf\xf9\x00"
+ "\x4a\xdc\x71\x22\x1a\x33\x15\xb6"
+ "\xd7\x72\xfb\x9a\xb8\xeb\x2b\x38"
+ "\xea\xa8\x61\xa8\x90\x11\x9d\x73"
+ "\x2e\x6c\xce\x81\x54\x5a\x9f\xcd"
+ "\xcf\xd5\xbd\x26\x5d\x66\xdb\xfb"
+ "\xdc\x1e\x7c\x10\xfe\x58\x82\x10"
+ "\x16\x24\x01\xce\x67\x55\x51\xd1"
+ "\xdd\x6b\x44\xa3\x20\x8e\xa9\xa6"
+ "\x06\xa8\x29\x77\x6e\x00\x38\x5b"
+ "\xde\x4d\x58\xd8\x1f\x34\xdf\xf9"
+ "\x2c\xac\x3e\xad\xfb\x92\x0d\x72"
+ "\x39\xa4\xac\x44\x10\xc0\x43\xc4"
+ "\xa4\x77\x3b\xfc\xc4\x0d\x37\xd3"
+ "\x05\x84\xda\x53\x71\xf8\x80\xd3"
+ "\x34\x44\xdb\x09\xb4\x2b\x8e\xe3"
+ "\x00\x75\x50\x9e\x43\x22\x00\x0b"
+ "\x7c\x70\xab\xd4\x41\xf1\x93\xcd"
+ "\x25\x2d\x84\x74\xb5\xf2\x92\xcd"
+ "\x0a\x28\xea\x9a\x49\x02\x96\xcb"
+ "\x85\x9e\x2f\x33\x03\x86\x1d\xdc"
+ "\x1d\x31\xd5\xfc\x9d\xaa\xc5\xe9"
+ "\x9a\xc4\x57\xf5\x35\xed\xf4\x4b"
+ "\x3d\x34\xc2\x29\x13\x86\x36\x42"
+ "\x5d\xbf\x90\x86\x13\x77\xe5\xc3"
+ "\x62\xb4\xfe\x0b\x70\x39\x35\x65"
+ "\x02\xea\xf6\xce\x57\x0c\xbb\x74"
+ "\x29\xe3\xfd\x60\x90\xfd\x10\x38"
+ "\xd5\x4e\x86\xbd\x37\x70\xf0\x97"
+ "\xa6\xab\x3b\x83\x64\x52\xca\x66"
+ "\x2f\xf9\xa4\xca\x3a\x55\x6b\xb0"
+ "\xe8\x3a\x34\xdb\x9e\x48\x50\x2f"
+ "\x3b\xef\xfd\x08\x2d\x5f\xc1\x37"
+ "\x5d\xbe\x73\xe4\xd8\xe9\xac\xca"
+ "\x8a\xaa\x48\x7c\x5c\xf4\xa6\x96"
+ "\x5f\xfa\x70\xa6\xb7\x8b\x50\xcb"
+ "\xa6\xf5\xa9\xbd\x7b\x75\x4c\x22"
+ "\x0b\x19\x40\x2e\xc9\x39\x39\x32"
+ "\x83\x03\xa8\xa4\x98\xe6\x8e\x16"
+ "\xb9\xde\x08\xc5\xfc\xbf\xad\x39"
+ "\xa8\xc7\x93\x6c\x6f\x23\xaf\xc1"
+ "\xab\xe1\xdf\xbb\x39\xae\x93\x29"
+ "\x0e\x7d\x80\x8d\x3e\x65\xf3\xfd"
+ "\x96\x06\x65\x90\xa1\x28\x64\x4b"
+ "\x69\xf9\xa8\x84\x27\x50\xfc\x87"
+ "\xf7\xbf\x55\x8e\x56\x13\x58\x7b"
+ "\x85\xb4\x6a\x72\x0f\x40\xf1\x4f"
+ "\x83\x81\x1f\x76\xde\x15\x64\x7a"
+ "\x7a\x80\xe4\xc7\x5e\x63\x01\x91"
+ "\xd7\x6b\xea\x0b\x9b\xa2\x99\x3b"
+ "\x6c\x88\xd8\xfd\x59\x3c\x8d\x22"
+ "\x86\x56\xbe\xab\xa1\x37\x08\x01"
+ "\x50\x85\x69\x29\xee\x9f\xdf\x21"
+ "\x3e\x20\x20\xf5\xb0\xbb\x6b\xd0"
+ "\x9c\x41\x38\xec\x54\x6f\x2d\xbd"
+ "\x0f\xe1\xbd\xf1\x2b\x6e\x60\x56"
+ "\x29\xe5\x7a\x70\x1c\xe2\xfc\x97"
+ "\x82\x68\x67\xd9\x3d\x1f\xfb\xd8"
+ "\x07\x9f\xbf\x96\x74\xba\x6a\x0e"
+ "\x10\x48\x20\xd8\x13\x1e\xb5\x44"
+ "\xf2\xcc\xb1\x8b\xfb\xbb\xec\xd7"
+ "\x37\x70\x1f\x7c\x55\xd2\x4b\xb9"
+ "\xfd\x70\x5e\xa3\x91\x73\x63\x52"
+ "\x13\x47\x5a\x06\xfb\x01\x67\xa5"
+ "\xc0\xd0\x49\x19\x56\x66\x9a\x77"
+ "\x64\xaf\x8c\x25\x91\x52\x87\x0e"
+ "\x18\xf3\x5f\x97\xfd\x71\x13\xf8"
+ "\x05\xa5\x39\xcc\x65\xd3\xcc\x63"
+ "\x5b\xdb\x5f\x7e\x5f\x6e\xad\xc4"
+ "\xf4\xa0\xc5\xc2\x2b\x4d\x97\x38"
+ "\x4f\xbc\xfa\x33\x17\xb4\x47\xb9"
+ "\x43\x24\x15\x8d\xd2\xed\x80\x68"
+ "\x84\xdb\x04\x80\xca\x5e\x6a\x35"
+ "\x2c\x2c\xe7\xc5\x03\x5f\x54\xb0"
+ "\x5e\x4f\x1d\x40\x54\x3d\x78\x9a"
+ "\xac\xda\x80\x27\x4d\x15\x4c\x1a"
+ "\x6e\x80\xc9\xc4\x3b\x84\x0e\xd9"
+ "\x2e\x93\x01\x8c\xc3\xc8\x91\x4b"
+ "\xb3\xaa\x07\x04\x68\x5b\x93\xa5"
+ "\xe7\xc4\x9d\xe7\x07\xee\xf5\x3b"
+ "\x40\x89\xcc\x60\x34\x9d\xb4\x06"
+ "\x1b\xef\x92\xe6\xc1\x2a\x7d\x0f"
+ "\x81\xaa\x56\xe3\xd7\xed\xa7\xd4"
+ "\xa7\x3a\x49\xc4\xad\x81\x5c\x83"
+ "\x55\x8e\x91\x54\xb7\x7d\x65\xa5"
+ "\x06\x16\xd5\x9a\x16\xc1\xb0\xa2"
+ "\x06\xd8\x98\x47\x73\x7e\x73\xa0"
+ "\xb8\x23\xb1\x52\xbf\x68\x74\x5d"
+ "\x0b\xcb\xfa\x8c\x46\xe3\x24\xe6"
+ "\xab\xd4\x69\x8d\x8c\xf2\x8a\x59"
+ "\xbe\x48\x46\x50\x8c\x9a\xe8\xe3"
+ "\x31\x55\x0a\x06\xed\x4f\xf8\xb7"
+ "\x4f\xe3\x85\x17\x30\xbd\xd5\x20"
+ "\xe7\x5b\xb2\x32\xcf\x6b\x16\x44"
+ "\xd2\xf5\x7e\xd7\xd1\x2f\xee\x64"
+ "\x3e\x9d\x10\xef\x27\x35\x43\x64"
+ "\x67\xfb\x7a\x7b\xe0\x62\x31\x9a"
+ "\x4d\xdf\xa5\xab\xc0\x20\xbb\x01"
+ "\xe9\x7b\x54\xf1\xde\xb2\x79\x50"
+ "\x6c\x4b\x91\xdb\x7f\xbb\x50\xc1"
+ "\x55\x44\x38\x9a\xe0\x9f\xe8\x29"
+ "\x6f\x15\xf8\x4e\xa6\xec\xa0\x60",
+ .ksize = 1088,
+ .plaintext = "\x15\x68\x9e\x2f\xad\x15\x52\xdf"
+ "\xf0\x42\x62\x24\x2a\x2d\xea\xbf"
+ "\xc7\xf3\xb4\x1a\xf5\xed\xb2\x08"
+ "\x15\x60\x1c\x00\x77\xbf\x0b\x0e"
+ "\xb7\x2c\xcf\x32\x3a\xc7\x01\x77"
+ "\xef\xa6\x75\xd0\x29\xc7\x68\x20"
+ "\xb2\x92\x25\xbf\x12\x34\xe9\xa4"
+ "\xfd\x32\x7b\x3f\x7c\xbd\xa5\x02"
+ "\x38\x41\xde\xc9\xc1\x09\xd9\xfc"
+ "\x6e\x78\x22\x83\x18\xf7\x50\x8d"
+ "\x8f\x9c\x2d\x02\xa5\x30\xac\xff"
+ "\xea\x63\x2e\x80\x37\x83\xb0\x58"
+ "\xda\x2f\xef\x21\x55\xba\x7b\xb1"
+ "\xb6\xed\xf5\xd2\x4d\xaa\x8c\xa9"
+ "\xdd\xdb\x0f\xb4\xce\xc1\x9a\xb1"
+ "\xc1\xdc\xbd\xab\x86\xc2\xdf\x0b"
+ "\xe1\x2c\xf9\xbe\xf6\xd8\xda\x62"
+ "\x72\xdd\x98\x09\x52\xc0\xc4\xb6"
+ "\x7b\x17\x5c\xf5\xd8\x4b\x88\xd6"
+ "\x6b\xbf\x84\x4a\x3f\xf5\x4d\xd2"
+ "\x94\xe2\x9c\xff\xc7\x3c\xd9\xc8"
+ "\x37\x38\xbc\x8c\xf3\xe7\xb7\xd0"
+ "\x1d\x78\xc4\x39\x07\xc8\x5e\x79"
+ "\xb6\x5a\x90\x5b\x6e\x97\xc9\xd4"
+ "\x82\x9c\xf3\x83\x7a\xe7\x97\xfc"
+ "\x1d\xbb\xef\xdb\xce\xe0\x82\xad"
+ "\xca\x07\x6c\x54\x62\x6f\x81\xe6"
+ "\x7a\x5a\x96\x6e\x80\x3a\xa2\x37"
+ "\x6f\xc6\xa4\x29\xc3\x9e\x19\x94"
+ "\x9f\xb0\x3e\x38\xfb\x3c\x2b\x7d"
+ "\xaa\xb8\x74\xda\x54\x23\x51\x12"
+ "\x4b\x96\x36\x8f\x91\x4f\x19\x37"
+ "\x83\xc9\xdd\xc7\x1a\x32\x2d\xab"
+ "\xc7\x89\xe2\x07\x47\x6c\xe8\xa6"
+ "\x70\x6b\x8e\x0c\xda\x5c\x6a\x59"
+ "\x27\x33\x0e\xe1\xe1\x20\xe8\xc8"
+ "\xae\xdc\xd0\xe3\x6d\xa8\xa6\x06"
+ "\x41\xb4\xd4\xd4\xcf\x91\x3e\x06"
+ "\xb0\x9a\xf7\xf1\xaa\xa6\x23\x92"
+ "\x10\x86\xf0\x94\xd1\x7c\x2e\x07"
+ "\x30\xfb\xc5\xd8\xf3\x12\xa9\xe8"
+ "\x22\x1c\x97\x1a\xad\x96\xb0\xa1"
+ "\x72\x6a\x6b\xb4\xfd\xf7\xe8\xfa"
+ "\xe2\x74\xd8\x65\x8d\x35\x17\x4b"
+ "\x00\x23\x5c\x8c\x70\xad\x71\xa2"
+ "\xca\xc5\x6c\x59\xbf\xb4\xc0\x6d"
+ "\x86\x98\x3e\x19\x5a\x90\x92\xb1"
+ "\x66\x57\x6a\x91\x68\x7c\xbc\xf3"
+ "\xf1\xdb\x94\xf8\x48\xf1\x36\xd8"
+ "\x78\xac\x1c\xa9\xcc\xd6\x27\xba"
+ "\x91\x54\x22\xf5\xe6\x05\x3f\xcc"
+ "\xc2\x8f\x2c\x3b\x2b\xc3\x2b\x2b"
+ "\x3b\xb8\xb6\x29\xb7\x2f\x94\xb6"
+ "\x7b\xfc\x94\x3e\xd0\x7a\x41\x59"
+ "\x7b\x1f\x9a\x09\xa6\xed\x4a\x82"
+ "\x9d\x34\x1c\xbd\x4e\x1c\x3a\x66"
+ "\x80\x74\x0e\x9a\x4f\x55\x54\x47"
+ "\x16\xba\x2a\x0a\x03\x35\x99\xa3"
+ "\x5c\x63\x8d\xa2\x72\x8b\x17\x15"
+ "\x68\x39\x73\xeb\xec\xf2\xe8\xf5"
+ "\x95\x32\x27\xd6\xc4\xfe\xb0\x51"
+ "\xd5\x0c\x50\xc5\xcd\x6d\x16\xb3"
+ "\xa3\x1e\x95\x69\xad\x78\x95\x06"
+ "\xb9\x46\xf2\x6d\x24\x5a\x99\x76"
+ "\x73\x6a\x91\xa6\xac\x12\xe1\x28"
+ "\x79\xbc\x08\x4e\x97\x00\x98\x63"
+ "\x07\x1c\x4e\xd1\x68\xf3\xb3\x81"
+ "\xa8\xa6\x5f\xf1\x01\xc9\xc1\xaf"
+ "\x3a\x96\xf9\x9d\xb5\x5a\x5f\x8f"
+ "\x7e\xc1\x7e\x77\x0a\x40\xc8\x8e"
+ "\xfc\x0e\xed\xe1\x0d\xb0\xe5\x5e"
+ "\x5e\x6f\xf5\x7f\xab\x33\x7d\xcd"
+ "\xf0\x09\x4b\xb2\x11\x37\xdc\x65"
+ "\x97\x32\x62\x71\x3a\x29\x54\xb9"
+ "\xc7\xa4\xbf\x75\x0f\xf9\x40\xa9"
+ "\x8d\xd7\x8b\xa7\xe0\x9a\xbe\x15"
+ "\xc6\xda\xd8\x00\x14\x69\x1a\xaf"
+ "\x5f\x79\xc3\xf5\xbb\x6c\x2a\x9d"
+ "\xdd\x3c\x5f\x97\x21\xe1\x3a\x03"
+ "\x84\x6a\xe9\x76\x11\x1f\xd3\xd5"
+ "\xf0\x54\x20\x4d\xc2\x91\xc3\xa4"
+ "\x36\x25\xbe\x1b\x2a\x06\xb7\xf3"
+ "\xd1\xd0\x55\x29\x81\x4c\x83\xa3"
+ "\xa6\x84\x1e\x5c\xd1\xd0\x6c\x90"
+ "\xa4\x11\xf0\xd7\x63\x6a\x48\x05"
+ "\xbc\x48\x18\x53\xcd\xb0\x8d\xdb"
+ "\xdc\xfe\x55\x11\x5c\x51\xb3\xab"
+ "\xab\x63\x3e\x31\x5a\x8b\x93\x63"
+ "\x34\xa9\xba\x2b\x69\x1a\xc0\xe3"
+ "\xcb\x41\xbc\xd7\xf5\x7f\x82\x3e"
+ "\x01\xa3\x3c\x72\xf4\xfe\xdf\xbe"
+ "\xb1\x67\x17\x2b\x37\x60\x0d\xca"
+ "\x6f\xc3\x94\x2c\xd2\x92\x6d\x9d"
+ "\x75\x18\x77\xaa\x29\x38\x96\xed"
+ "\x0e\x20\x70\x92\xd5\xd0\xb4\x00"
+ "\xc0\x31\xf2\xc9\x43\x0e\x75\x1d"
+ "\x4b\x64\xf2\x1f\xf2\x29\x6c\x7b"
+ "\x7f\xec\x59\x7d\x8c\x0d\xd4\xd3"
+ "\xac\x53\x4c\xa3\xde\x42\x92\x95"
+ "\x6d\xa3\x4f\xd0\xe6\x3d\xe7\xec"
+ "\x7a\x4d\x68\xf1\xfe\x67\x66\x09"
+ "\x83\x22\xb1\x98\x43\x8c\xab\xb8"
+ "\x45\xe6\x6d\xdf\x5e\x50\x71\xce"
+ "\xf5\x4e\x40\x93\x2b\xfa\x86\x0e"
+ "\xe8\x30\xbd\x82\xcc\x1c\x9c\x5f"
+ "\xad\xfd\x08\x31\xbe\x52\xe7\xe6"
+ "\xf2\x06\x01\x62\x25\x15\x99\x74"
+ "\x33\x51\x52\x57\x3f\x57\x87\x61"
+ "\xb9\x7f\x29\x3d\xcd\x92\x5e\xa6"
+ "\x5c\x3b\xf1\xed\x5f\xeb\x82\xed"
+ "\x56\x7b\x61\xe7\xfd\x02\x47\x0e"
+ "\x2a\x15\xa4\xce\x43\x86\x9b\xe1"
+ "\x2b\x4c\x2a\xd9\x42\x97\xf7\x9a"
+ "\xe5\x47\x46\x48\xd3\x55\x6f\x4d"
+ "\xd9\xeb\x4b\xdd\x7b\x21\x2f\xb3"
+ "\xa8\x36\x28\xdf\xca\xf1\xf6\xd9"
+ "\x10\xf6\x1c\xfd\x2e\x0c\x27\xe0"
+ "\x01\xb3\xff\x6d\x47\x08\x4d\xd4"
+ "\x00\x25\xee\x55\x4a\xe9\xe8\x5b"
+ "\xd8\xf7\x56\x12\xd4\x50\xb2\xe5"
+ "\x51\x6f\x34\x63\x69\xd2\x4e\x96"
+ "\x4e\xbc\x79\xbf\x18\xae\xc6\x13"
+ "\x80\x92\x77\xb0\xb4\x0f\x29\x94"
+ "\x6f\x4c\xbb\x53\x11\x36\xc3\x9f"
+ "\x42\x8e\x96\x8a\x91\xc8\xe9\xfc"
+ "\xfe\xbf\x7c\x2d\x6f\xf9\xb8\x44"
+ "\x89\x1b\x09\x53\x0a\x2a\x92\xc3"
+ "\x54\x7a\x3a\xf9\xe2\xe4\x75\x87"
+ "\xa0\x5e\x4b\x03\x7a\x0d\x8a\xf4"
+ "\x55\x59\x94\x2b\x63\x96\x0e\xf5",
+ .psize = 1040,
+ .digest = "\xb5\xb9\x08\xb3\x24\x3e\x03\xf0"
+ "\xd6\x0b\x57\xbc\x0a\x6d\x89\x59",
+ }, {
+ .key = "\xf6\x34\x42\x71\x35\x52\x8b\x58"
+ "\x02\x3a\x8e\x4a\x8d\x41\x13\xe9"
+ "\x7f\xba\xb9\x55\x9d\x73\x4d\xf8"
+ "\x3f\x5d\x73\x15\xff\xd3\x9e\x7f"
+ "\x20\x2a\x6a\xa8\xd1\xf0\x8f\x12"
+ "\x6b\x02\xd8\x6c\xde\xba\x80\x22"
+ "\x19\x37\xc8\xd0\x4e\x89\x17\x7c"
+ "\x7c\xdd\x88\xfd\x41\xc0\x04\xb7"
+ "\x1d\xac\x19\xe3\x20\xc7\x16\xcf"
+ "\x58\xee\x1d\x7a\x61\x69\xa9\x12"
+ "\x4b\xef\x4f\xb6\x38\xdd\x78\xf8"
+ "\x28\xee\x70\x08\xc7\x7c\xcc\xc8"
+ "\x1e\x41\xf5\x80\x86\x70\xd0\xf0"
+ "\xa3\x87\x6b\x0a\x00\xd2\x41\x28"
+ "\x74\x26\xf1\x24\xf3\xd0\x28\x77"
+ "\xd7\xcd\xf6\x2d\x61\xf4\xa2\x13"
+ "\x77\xb4\x6f\xa0\xf4\xfb\xd6\xb5"
+ "\x38\x9d\x5a\x0c\x51\xaf\xad\x63"
+ "\x27\x67\x8c\x01\xea\x42\x1a\x66"
+ "\xda\x16\x7c\x3c\x30\x0c\x66\x53"
+ "\x1c\x88\xa4\x5c\xb2\xe3\x78\x0a"
+ "\x13\x05\x6d\xe2\xaf\xb3\xe4\x75"
+ "\x00\x99\x58\xee\x76\x09\x64\xaa"
+ "\xbb\x2e\xb1\x81\xec\xd8\x0e\xd3"
+ "\x0c\x33\x5d\xb7\x98\xef\x36\xb6"
+ "\xd2\x65\x69\x41\x70\x12\xdc\x25"
+ "\x41\x03\x99\x81\x41\x19\x62\x13"
+ "\xd1\x0a\x29\xc5\x8c\xe0\x4c\xf3"
+ "\xd6\xef\x4c\xf4\x1d\x83\x2e\x6d"
+ "\x8e\x14\x87\xed\x80\xe0\xaa\xd3"
+ "\x08\x04\x73\x1a\x84\x40\xf5\x64"
+ "\xbd\x61\x32\x65\x40\x42\xfb\xb0"
+ "\x40\xf6\x40\x8d\xc7\x7f\x14\xd0"
+ "\x83\x99\xaa\x36\x7e\x60\xc6\xbf"
+ "\x13\x8a\xf9\x21\xe4\x7e\x68\x87"
+ "\xf3\x33\x86\xb4\xe0\x23\x7e\x0a"
+ "\x21\xb1\xf5\xad\x67\x3c\x9c\x9d"
+ "\x09\xab\xaf\x5f\xba\xe0\xd0\x82"
+ "\x48\x22\x70\xb5\x6d\x53\xd6\x0e"
+ "\xde\x64\x92\x41\xb0\xd3\xfb\xda"
+ "\x21\xfe\xab\xea\x20\xc4\x03\x58"
+ "\x18\x2e\x7d\x2f\x03\xa9\x47\x66"
+ "\xdf\x7b\xa4\x6b\x34\x6b\x55\x9c"
+ "\x4f\xd7\x9c\x47\xfb\xa9\x42\xec"
+ "\x5a\x12\xfd\xfe\x76\xa0\x92\x9d"
+ "\xfe\x1e\x16\xdd\x24\x2a\xe4\x27"
+ "\xd5\xa9\xf2\x05\x4f\x83\xa2\xaf"
+ "\xfe\xee\x83\x7a\xad\xde\xdf\x9a"
+ "\x80\xd5\x81\x14\x93\x16\x7e\x46"
+ "\x47\xc2\x14\xef\x49\x6e\xb9\xdb"
+ "\x40\xe8\x06\x6f\x9c\x2a\xfd\x62"
+ "\x06\x46\xfd\x15\x1d\x36\x61\x6f"
+ "\x77\x77\x5e\x64\xce\x78\x1b\x85"
+ "\xbf\x50\x9a\xfd\x67\xa6\x1a\x65"
+ "\xad\x5b\x33\x30\xf1\x71\xaa\xd9"
+ "\x23\x0d\x92\x24\x5f\xae\x57\xb0"
+ "\x24\x37\x0a\x94\x12\xfb\xb5\xb1"
+ "\xd3\xb8\x1d\x12\x29\xb0\x80\x24"
+ "\x2d\x47\x9f\x96\x1f\x95\xf1\xb1"
+ "\xda\x35\xf6\x29\xe0\xe1\x23\x96"
+ "\xc7\xe8\x22\x9b\x7c\xac\xf9\x41"
+ "\x39\x01\xe5\x73\x15\x5e\x99\xec"
+ "\xb4\xc1\xf4\xe7\xa7\x97\x6a\xd5"
+ "\x90\x9a\xa0\x1d\xf3\x5a\x8b\x5f"
+ "\xdf\x01\x52\xa4\x93\x31\x97\xb0"
+ "\x93\x24\xb5\xbc\xb2\x14\x24\x98"
+ "\x4a\x8f\x19\x85\xc3\x2d\x0f\x74"
+ "\x9d\x16\x13\x80\x5e\x59\x62\x62"
+ "\x25\xe0\xd1\x2f\x64\xef\xba\xac"
+ "\xcd\x09\x07\x15\x8a\xcf\x73\xb5"
+ "\x8b\xc9\xd8\x24\xb0\x53\xd5\x6f"
+ "\xe1\x2b\x77\xb1\xc5\xe4\xa7\x0e"
+ "\x18\x45\xab\x36\x03\x59\xa8\xbd"
+ "\x43\xf0\xd8\x2c\x1a\x69\x96\xbb"
+ "\x13\xdf\x6c\x33\x77\xdf\x25\x34"
+ "\x5b\xa5\x5b\x8c\xf9\x51\x05\xd4"
+ "\x8b\x8b\x44\x87\x49\xfc\xa0\x8f"
+ "\x45\x15\x5b\x40\x42\xc4\x09\x92"
+ "\x98\x0c\x4d\xf4\x26\x37\x1b\x13"
+ "\x76\x01\x93\x8d\x4f\xe6\xed\x18"
+ "\xd0\x79\x7b\x3f\x44\x50\xcb\xee"
+ "\xf7\x4a\xc9\x9e\xe0\x96\x74\xa7"
+ "\xe6\x93\xb2\x53\xca\x55\xa8\xdc"
+ "\x1e\x68\x07\x87\xb7\x2e\xc1\x08"
+ "\xb2\xa4\x5b\xaf\xc6\xdb\x5c\x66"
+ "\x41\x1c\x51\xd9\xb0\x07\x00\x0d"
+ "\xf0\x4c\xdc\x93\xde\xa9\x1e\x8e"
+ "\xd3\x22\x62\xd8\x8b\x88\x2c\xea"
+ "\x5e\xf1\x6e\x14\x40\xc7\xbe\xaa"
+ "\x42\x28\xd0\x26\x30\x78\x01\x9b"
+ "\x83\x07\xbc\x94\xc7\x57\xa2\x9f"
+ "\x03\x07\xff\x16\xff\x3c\x6e\x48"
+ "\x0a\xd0\xdd\x4c\xf6\x64\x9a\xf1"
+ "\xcd\x30\x12\x82\x2c\x38\xd3\x26"
+ "\x83\xdb\xab\x3e\xc6\xf8\xe6\xfa"
+ "\x77\x0a\x78\x82\x75\xf8\x63\x51"
+ "\x59\xd0\x8d\x24\x9f\x25\xe6\xa3"
+ "\x4c\xbc\x34\xfc\xe3\x10\xc7\x62"
+ "\xd4\x23\xc8\x3d\xa7\xc6\xa6\x0a"
+ "\x4f\x7e\x29\x9d\x6d\xbe\xb5\xf1"
+ "\xdf\xa4\x53\xfa\xc0\x23\x0f\x37"
+ "\x84\x68\xd0\xb5\xc8\xc6\xae\xf8"
+ "\xb7\x8d\xb3\x16\xfe\x8f\x87\xad"
+ "\xd0\xc1\x08\xee\x12\x1c\x9b\x1d"
+ "\x90\xf8\xd1\x63\xa4\x92\x3c\xf0"
+ "\xc7\x34\xd8\xf1\x14\xed\xa3\xbc"
+ "\x17\x7e\xd4\x62\x42\x54\x57\x2c"
+ "\x3e\x7a\x35\x35\x17\x0f\x0b\x7f"
+ "\x81\xa1\x3f\xd0\xcd\xc8\x3b\x96"
+ "\xe9\xe0\x4a\x04\xe1\xb6\x3c\xa1"
+ "\xd6\xca\xc4\xbd\xb6\xb5\x95\x34"
+ "\x12\x9d\xc5\x96\xf2\xdf\xba\x54"
+ "\x76\xd1\xb2\x6b\x3b\x39\xe0\xb9"
+ "\x18\x62\xfb\xf7\xfc\x12\xf1\x5f"
+ "\x7e\xc7\xe3\x59\x4c\xa6\xc2\x3d"
+ "\x40\x15\xf9\xa3\x95\x64\x4c\x74"
+ "\x8b\x73\x77\x33\x07\xa7\x04\x1d"
+ "\x33\x5a\x7e\x8f\xbd\x86\x01\x4f"
+ "\x3e\xb9\x27\x6f\xe2\x41\xf7\x09"
+ "\x67\xfd\x29\x28\xc5\xe4\xf6\x18"
+ "\x4c\x1b\x49\xb2\x9c\x5b\xf6\x81"
+ "\x4f\xbb\x5c\xcc\x0b\xdf\x84\x23"
+ "\x58\xd6\x28\x34\x93\x3a\x25\x97"
+ "\xdf\xb2\xc3\x9e\x97\x38\x0b\x7d"
+ "\x10\xb3\x54\x35\x23\x8c\x64\xee"
+ "\xf0\xd8\x66\xff\x8b\x22\xd2\x5b"
+ "\x05\x16\x3c\x89\xf7\xb1\x75\xaf"
+ "\xc0\xae\x6a\x4f\x3f\xaf\x9a\xf4"
+ "\xf4\x9a\x24\xd9\x80\x82\xc0\x12"
+ "\xde\x96\xd1\xbe\x15\x0b\x8d\x6a"
+ "\xd7\x12\xe4\x85\x9f\x83\xc9\xc3"
+ "\xff\x0b\xb5\xaf\x3b\xd8\x6d\x67"
+ "\x81\x45\xe6\xac\xec\xc1\x7b\x16"
+ "\x18\x0a\xce\x4b\xc0\x2e\x76\xbc"
+ "\x1b\xfa\xb4\x34\xb8\xfc\x3e\xc8"
+ "\x5d\x90\x71\x6d\x7a\x79\xef\x06",
+ .ksize = 1088,
+ .plaintext = "\xaa\x5d\x54\xcb\xea\x1e\x46\x0f"
+ "\x45\x87\x70\x51\x8a\x66\x7a\x33"
+ "\xb4\x18\xff\xa9\x82\xf9\x45\x4b"
+ "\x93\xae\x2e\x7f\xab\x98\xfe\xbf"
+ "\x01\xee\xe5\xa0\x37\x8f\x57\xa6"
+ "\xb0\x76\x0d\xa4\xd6\x28\x2b\x5d"
+ "\xe1\x03\xd6\x1c\x6f\x34\x0d\xe7"
+ "\x61\x2d\x2e\xe5\xae\x5d\x47\xc7"
+ "\x80\x4b\x18\x8f\xa8\x99\xbc\x28"
+ "\xed\x1d\x9d\x86\x7d\xd7\x41\xd1"
+ "\xe0\x2b\xe1\x8c\x93\x2a\xa7\x80"
+ "\xe1\x07\xa0\xa9\x9f\x8c\x8d\x1a"
+ "\x55\xfc\x6b\x24\x7a\xbd\x3e\x51"
+ "\x68\x4b\x26\x59\xc8\xa7\x16\xd9"
+ "\xb9\x61\x13\xde\x8b\x63\x1c\xf6"
+ "\x60\x01\xfb\x08\xb3\x5b\x0a\xbf"
+ "\x34\x73\xda\x87\x87\x3d\x6f\x97"
+ "\x4a\x0c\xa3\x58\x20\xa2\xc0\x81"
+ "\x5b\x8c\xef\xa9\xc2\x01\x1e\x64"
+ "\x83\x8c\xbc\x03\xb6\xd0\x29\x9f"
+ "\x54\xe2\xce\x8b\xc2\x07\x85\x78"
+ "\x25\x38\x96\x4c\xb4\xbe\x17\x4a"
+ "\x65\xa6\xfa\x52\x9d\x66\x9d\x65"
+ "\x4a\xd1\x01\x01\xf0\xcb\x13\xcc"
+ "\xa5\x82\xf3\xf2\x66\xcd\x3f\x9d"
+ "\xd1\xaa\xe4\x67\xea\xf2\xad\x88"
+ "\x56\x76\xa7\x9b\x59\x3c\xb1\x5d"
+ "\x78\xfd\x69\x79\x74\x78\x43\x26"
+ "\x7b\xde\x3f\xf1\xf5\x4e\x14\xd9"
+ "\x15\xf5\x75\xb5\x2e\x19\xf3\x0c"
+ "\x48\x72\xd6\x71\x6d\x03\x6e\xaa"
+ "\xa7\x08\xf9\xaa\x70\xa3\x0f\x4d"
+ "\x12\x8a\xdd\xe3\x39\x73\x7e\xa7"
+ "\xea\x1f\x6d\x06\x26\x2a\xf2\xc5"
+ "\x52\xb4\xbf\xfd\x52\x0c\x06\x60"
+ "\x90\xd1\xb2\x7b\x56\xae\xac\x58"
+ "\x5a\x6b\x50\x2a\xf5\xe0\x30\x3c"
+ "\x2a\x98\x0f\x1b\x5b\x0a\x84\x6c"
+ "\x31\xae\x92\xe2\xd4\xbb\x7f\x59"
+ "\x26\x10\xb9\x89\x37\x68\x26\xbf"
+ "\x41\xc8\x49\xc4\x70\x35\x7d\xff"
+ "\x2d\x7f\xf6\x8a\x93\x68\x8c\x78"
+ "\x0d\x53\xce\x7d\xff\x7d\xfb\xae"
+ "\x13\x1b\x75\xc4\x78\xd7\x71\xd8"
+ "\xea\xd3\xf4\x9d\x95\x64\x8e\xb4"
+ "\xde\xb8\xe4\xa6\x68\xc8\xae\x73"
+ "\x58\xaf\xa8\xb0\x5a\x20\xde\x87"
+ "\x43\xb9\x0f\xe3\xad\x41\x4b\xd5"
+ "\xb7\xad\x16\x00\xa6\xff\xf6\x74"
+ "\xbf\x8c\x9f\xb3\x58\x1b\xb6\x55"
+ "\xa9\x90\x56\x28\xf0\xb5\x13\x4e"
+ "\x9e\xf7\x25\x86\xe0\x07\x7b\x98"
+ "\xd8\x60\x5d\x38\x95\x3c\xe4\x22"
+ "\x16\x2f\xb2\xa2\xaf\xe8\x90\x17"
+ "\xec\x11\x83\x1a\xf4\xa9\x26\xda"
+ "\x39\x72\xf5\x94\x61\x05\x51\xec"
+ "\xa8\x30\x8b\x2c\x13\xd0\x72\xac"
+ "\xb9\xd2\xa0\x4c\x4b\x78\xe8\x6e"
+ "\x04\x85\xe9\x04\x49\x82\x91\xff"
+ "\x89\xe5\xab\x4c\xaa\x37\x03\x12"
+ "\xca\x8b\x74\x10\xfd\x9e\xd9\x7b"
+ "\xcb\xdb\x82\x6e\xce\x2e\x33\x39"
+ "\xce\xd2\x84\x6e\x34\x71\x51\x6e"
+ "\x0d\xd6\x01\x87\xc7\xfa\x0a\xd3"
+ "\xad\x36\xf3\x4c\x9f\x96\x5e\x62"
+ "\x62\x54\xc3\x03\x78\xd6\xab\xdd"
+ "\x89\x73\x55\x25\x30\xf8\xa7\xe6"
+ "\x4f\x11\x0c\x7c\x0a\xa1\x2b\x7b"
+ "\x3d\x0d\xde\x81\xd4\x9d\x0b\xae"
+ "\xdf\x00\xf9\x4c\xb6\x90\x8e\x16"
+ "\xcb\x11\xc8\xd1\x2e\x73\x13\x75"
+ "\x75\x3e\xaa\xf5\xee\x02\xb3\x18"
+ "\xa6\x2d\xf5\x3b\x51\xd1\x1f\x47"
+ "\x6b\x2c\xdb\xc4\x10\xe0\xc8\xba"
+ "\x9d\xac\xb1\x9d\x75\xd5\x41\x0e"
+ "\x7e\xbe\x18\x5b\xa4\x1f\xf8\x22"
+ "\x4c\xc1\x68\xda\x6d\x51\x34\x6c"
+ "\x19\x59\xec\xb5\xb1\xec\xa7\x03"
+ "\xca\x54\x99\x63\x05\x6c\xb1\xac"
+ "\x9c\x31\xd6\xdb\xba\x7b\x14\x12"
+ "\x7a\xc3\x2f\xbf\x8d\xdc\x37\x46"
+ "\xdb\xd2\xbc\xd4\x2f\xab\x30\xd5"
+ "\xed\x34\x99\x8e\x83\x3e\xbe\x4c"
+ "\x86\x79\x58\xe0\x33\x8d\x9a\xb8"
+ "\xa9\xa6\x90\x46\xa2\x02\xb8\xdd"
+ "\xf5\xf9\x1a\x5c\x8c\x01\xaa\x6e"
+ "\xb4\x22\x12\xf5\x0c\x1b\x9b\x7a"
+ "\xc3\x80\xf3\x06\x00\x5f\x30\xd5"
+ "\x06\xdb\x7d\x82\xc2\xd4\x0b\x4c"
+ "\x5f\xe9\xc5\xf5\xdf\x97\x12\xbf"
+ "\x56\xaf\x9b\x69\xcd\xee\x30\xb4"
+ "\xa8\x71\xff\x3e\x7d\x73\x7a\xb4"
+ "\x0d\xa5\x46\x7a\xf3\xf4\x15\x87"
+ "\x5d\x93\x2b\x8c\x37\x64\xb5\xdd"
+ "\x48\xd1\xe5\x8c\xae\xd4\xf1\x76"
+ "\xda\xf4\xba\x9e\x25\x0e\xad\xa3"
+ "\x0d\x08\x7c\xa8\x82\x16\x8d\x90"
+ "\x56\x40\x16\x84\xe7\x22\x53\x3a"
+ "\x58\xbc\xb9\x8f\x33\xc8\xc2\x84"
+ "\x22\xe6\x0d\xe7\xb3\xdc\x5d\xdf"
+ "\xd7\x2a\x36\xe4\x16\x06\x07\xd2"
+ "\x97\x60\xb2\xf5\x5e\x14\xc9\xfd"
+ "\x8b\x05\xd1\xce\xee\x9a\x65\x99"
+ "\xb7\xae\x19\xb7\xc8\xbc\xd5\xa2"
+ "\x7b\x95\xe1\xcc\xba\x0d\xdc\x8a"
+ "\x1d\x59\x52\x50\xaa\x16\x02\x82"
+ "\xdf\x61\x33\x2e\x44\xce\x49\xc7"
+ "\xe5\xc6\x2e\x76\xcf\x80\x52\xf0"
+ "\x3d\x17\x34\x47\x3f\xd3\x80\x48"
+ "\xa2\xba\xd5\xc7\x7b\x02\x28\xdb"
+ "\xac\x44\xc7\x6e\x05\x5c\xc2\x79"
+ "\xb3\x7d\x6a\x47\x77\x66\xf1\x38"
+ "\xf0\xf5\x4f\x27\x1a\x31\xca\x6c"
+ "\x72\x95\x92\x8e\x3f\xb0\xec\x1d"
+ "\xc7\x2a\xff\x73\xee\xdf\x55\x80"
+ "\x93\xd2\xbd\x34\xd3\x9f\x00\x51"
+ "\xfb\x2e\x41\xba\x6c\x5a\x7c\x17"
+ "\x7f\xe6\x70\xac\x8d\x39\x3f\x77"
+ "\xe2\x23\xac\x8f\x72\x4e\xe4\x53"
+ "\xcc\xf1\x1b\xf1\x35\xfe\x52\xa4"
+ "\xd6\xb8\x40\x6b\xc1\xfd\xa0\xa1"
+ "\xf5\x46\x65\xc2\x50\xbb\x43\xe2"
+ "\xd1\x43\x28\x34\x74\xf5\x87\xa0"
+ "\xf2\x5e\x27\x3b\x59\x2b\x3e\x49"
+ "\xdf\x46\xee\xaf\x71\xd7\x32\x36"
+ "\xc7\x14\x0b\x58\x6e\x3e\x2d\x41"
+ "\xfa\x75\x66\x3a\x54\xe0\xb2\xb9"
+ "\xaf\xdd\x04\x80\x15\x19\x3f\x6f"
+ "\xce\x12\xb4\xd8\xe8\x89\x3c\x05"
+ "\x30\xeb\xf3\x3d\xcd\x27\xec\xdc"
+ "\x56\x70\x12\xcf\x78\x2b\x77\xbf"
+ "\x22\xf0\x1b\x17\x9c\xcc\xd6\x1b"
+ "\x2d\x3d\xa0\x3b\xd8\xc9\x70\xa4"
+ "\x7a\x3e\x07\xb9\x06\xc3\xfa\xb0"
+ "\x33\xee\xc1\xd8\xf6\xe0\xf0\xb2"
+ "\x61\x12\x69\xb0\x5f\x28\x99\xda"
+ "\xc3\x61\x48\xfa\x07\x16\x03\xc4"
+ "\xa8\xe1\x3c\xe8\x0e\x64\x15\x30"
+ "\xc1\x9d\x84\x2f\x73\x98\x0e\x3a"
+ "\xf2\x86\x21\xa4\x9e\x1d\xb5\x86"
+ "\x16\xdb\x2b\x9a\x06\x64\x8e\x79"
+ "\x8d\x76\x3e\xc3\xc2\x64\x44\xe3"
+ "\xda\xbc\x1a\x52\xd7\x61\x03\x65"
+ "\x54\x32\x77\x01\xed\x9d\x8a\x43"
+ "\x25\x24\xe3\xc1\xbe\xb8\x2f\xcb"
+ "\x89\x14\x64\xab\xf6\xa0\x6e\x02"
+ "\x57\xe4\x7d\xa9\x4e\x9a\x03\x36"
+ "\xad\xf1\xb1\xfc\x0b\xe6\x79\x51"
+ "\x9f\x81\x77\xc4\x14\x78\x9d\xbf"
+ "\xb6\xd6\xa3\x8c\xba\x0b\x26\xe7"
+ "\xc8\xb9\x5c\xcc\xe1\x5f\xd5\xc6"
+ "\xc4\xca\xc2\xa3\x45\xba\x94\x13"
+ "\xb2\x8f\xc3\x54\x01\x09\xe7\x8b"
+ "\xda\x2a\x0a\x11\x02\x43\xcb\x57"
+ "\xc9\xcc\xb5\x5c\xab\xc4\xec\x54"
+ "\x00\x06\x34\xe1\x6e\x03\x89\x7c"
+ "\xc6\xfb\x6a\xc7\x60\x43\xd6\xc5"
+ "\xb5\x68\x72\x89\x8f\x42\xc3\x74"
+ "\xbd\x25\xaa\x9f\x67\xb5\xdf\x26"
+ "\x20\xe8\xb7\x01\x3c\xe4\x77\xce"
+ "\xc4\x65\xa7\x23\x79\xea\x33\xc7"
+ "\x82\x14\x5c\x82\xf2\x4e\x3d\xf6"
+ "\xc6\x4a\x0e\x29\xbb\xec\x44\xcd"
+ "\x2f\xd1\x4f\x21\x71\xa9\xce\x0f"
+ "\x5c\xf2\x72\x5c\x08\x2e\x21\xd2"
+ "\xc3\x29\x13\xd8\xac\xc3\xda\x13"
+ "\x1a\x9d\xa7\x71\x1d\x27\x1d\x27"
+ "\x1d\xea\xab\x44\x79\xad\xe5\xeb"
+ "\xef\x1f\x22\x0a\x44\x4f\xcb\x87"
+ "\xa7\x58\x71\x0e\x66\xf8\x60\xbf"
+ "\x60\x74\x4a\xb4\xec\x2e\xfe\xd3"
+ "\xf5\xb8\xfe\x46\x08\x50\x99\x6c"
+ "\x66\xa5\xa8\x34\x44\xb5\xe5\xf0"
+ "\xdd\x2c\x67\x4e\x35\x96\x8e\x67"
+ "\x48\x3f\x5f\x37\x44\x60\x51\x2e"
+ "\x14\x91\x5e\x57\xc3\x0e\x79\x77"
+ "\x2f\x03\xf4\xe2\x1c\x72\xbf\x85"
+ "\x5d\xd3\x17\xdf\x6c\xc5\x70\x24"
+ "\x42\xdf\x51\x4e\x2a\xb2\xd2\x5b"
+ "\x9e\x69\x83\x41\x11\xfe\x73\x22"
+ "\xde\x8a\x9e\xd8\x8a\xfb\x20\x38"
+ "\xd8\x47\x6f\xd5\xed\x8f\x41\xfd"
+ "\x13\x7a\x18\x03\x7d\x0f\xcd\x7d"
+ "\xa6\x7d\x31\x9e\xf1\x8f\x30\xa3"
+ "\x8b\x4c\x24\xb7\xf5\x48\xd7\xd9"
+ "\x12\xe7\x84\x97\x5c\x31\x6d\xfb"
+ "\xdf\xf3\xd3\xd1\xd5\x0c\x30\x06"
+ "\x01\x6a\xbc\x6c\x78\x7b\xa6\x50"
+ "\xfa\x0f\x3c\x42\x2d\xa5\xa3\x3b"
+ "\xcf\x62\x50\xff\x71\x6d\xe7\xda"
+ "\x27\xab\xc6\x67\x16\x65\x68\x64"
+ "\xc7\xd5\x5f\x81\xa9\xf6\x65\xb3"
+ "\x5e\x43\x91\x16\xcd\x3d\x55\x37"
+ "\x55\xb3\xf0\x28\xc5\x54\x19\xc0"
+ "\xe0\xd6\x2a\x61\xd4\xc8\x72\x51"
+ "\xe9\xa1\x7b\x48\x21\xad\x44\x09"
+ "\xe4\x01\x61\x3c\x8a\x5b\xf9\xa1"
+ "\x6e\x1b\xdf\xc0\x04\xa8\x8b\xf2"
+ "\x21\xbe\x34\x7b\xfc\xa1\xcd\xc9"
+ "\xa9\x96\xf4\xa4\x4c\xf7\x4e\x8f"
+ "\x84\xcc\xd3\xa8\x92\x77\x8f\x36"
+ "\xe2\x2e\x8c\x33\xe8\x84\xa6\x0c"
+ "\x6c\x8a\xda\x14\x32\xc2\x96\xff"
+ "\xc6\x4a\xc2\x9b\x30\x7f\xd1\x29"
+ "\xc0\xd5\x78\x41\x00\x80\x80\x03"
+ "\x2a\xb1\xde\x26\x03\x48\x49\xee"
+ "\x57\x14\x76\x51\x3c\x36\x5d\x0a"
+ "\x5c\x9f\xe8\xd8\x53\xdb\x4f\xd4"
+ "\x38\xbf\x66\xc9\x75\x12\x18\x75"
+ "\x34\x2d\x93\x22\x96\x51\x24\x6e"
+ "\x4e\xd9\x30\xea\x67\xff\x92\x1c"
+ "\x16\x26\xe9\xb5\x33\xab\x8c\x22"
+ "\x47\xdb\xa0\x2c\x08\xf0\x12\x69"
+ "\x7e\x93\x52\xda\xa5\xe5\xca\xc1"
+ "\x0f\x55\x2a\xbd\x09\x30\x88\x1b"
+ "\x9c\xc6\x9f\xe6\xdb\xa6\x92\xeb"
+ "\xf4\xbd\x5c\xc4\xdb\xc6\x71\x09"
+ "\xab\x5e\x48\x0c\xed\x6f\xda\x8e"
+ "\x8d\x0c\x98\x71\x7d\x10\xd0\x9c"
+ "\x20\x9b\x79\x53\x26\x5d\xb9\x85"
+ "\x8a\x31\xb8\xc5\x1c\x97\xde\x88"
+ "\x61\x55\x7f\x7c\x21\x06\xea\xc4"
+ "\x5f\xaf\xf2\xf0\xd5\x5e\x7d\xb4"
+ "\x6e\xcf\xe9\xae\x1b\x0e\x11\x80"
+ "\xc1\x9a\x74\x7e\x52\x6f\xa0\xb7"
+ "\x24\xcd\x8d\x0a\x11\x40\x63\x72"
+ "\xfa\xe2\xc5\xb3\x94\xef\x29\xa2"
+ "\x1a\x23\x43\x04\x37\x55\x0d\xe9"
+ "\x83\xb2\x29\x51\x49\x64\xa0\xbd"
+ "\xde\x73\xfd\xa5\x7c\x95\x70\x62"
+ "\x58\xdc\xe2\xd0\xbf\x98\xf5\x8a"
+ "\x6a\xfd\xce\xa8\x0e\x42\x2a\xeb"
+ "\xd2\xff\x83\x27\x53\x5c\xa0\x6e"
+ "\x93\xef\xe2\xb9\x5d\x35\xd6\x98"
+ "\xf6\x71\x19\x7a\x54\xa1\xa7\xe8"
+ "\x09\xfe\xf6\x9e\xc7\xbd\x3e\x29"
+ "\xbd\x6b\x17\xf4\xe7\x3e\x10\x5c"
+ "\xc1\xd2\x59\x4f\x4b\x12\x1a\x5b"
+ "\x50\x80\x59\xb9\xec\x13\x66\xa8"
+ "\xd2\x31\x7b\x6a\x61\x22\xdd\x7d"
+ "\x61\xee\x87\x16\x46\x9f\xf9\xc7"
+ "\x41\xee\x74\xf8\xd0\x96\x2c\x76"
+ "\x2a\xac\x7d\x6e\x9f\x0e\x7f\x95"
+ "\xfe\x50\x16\xb2\x23\xca\x62\xd5"
+ "\x68\xcf\x07\x3f\x3f\x97\x85\x2a"
+ "\x0c\x25\x45\xba\xdb\x32\xcb\x83"
+ "\x8c\x4f\xe0\x6d\x9a\x99\xf9\xc9"
+ "\xda\xd4\x19\x31\xc1\x7c\x6d\xd9"
+ "\x9c\x56\xd3\xec\xc1\x81\x4c\xed"
+ "\x28\x9d\x87\xeb\x19\xd7\x1a\x4f"
+ "\x04\x6a\xcb\x1f\xcf\x1f\xa2\x16"
+ "\xfc\x2a\x0d\xa1\x14\x2d\xfa\xc5"
+ "\x5a\xd2\xc5\xf9\x19\x7c\x20\x1f"
+ "\x2d\x10\xc0\x66\x7c\xd9\x2d\xe5"
+ "\x88\x70\x59\xa7\x85\xd5\x2e\x7c"
+ "\x5c\xe3\xb7\x12\xd6\x97\x3f\x29",
+ .psize = 2048,
+ .digest = "\x37\x90\x92\xc2\xeb\x01\x87\xd9"
+ "\x95\xc7\x91\xc3\x17\x8b\x38\x52",
+ }
+};
+
+
/*
* DES test vectors.
*/
@@ -5628,7 +7248,7 @@
"\xb4\x99\x26\xf7\x1f\xe1\xd4\x90",
.len = 24,
}, { /* Weak key */
- .fail = true,
+ .setkey_error = -EINVAL,
.wk = 1,
.key = "\x01\x01\x01\x01\x01\x01\x01\x01",
.klen = 8,
@@ -5643,8 +7263,6 @@
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
.len = 16,
- .np = 2,
- .tap = { 8, 8 }
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
@@ -5653,18 +7271,6 @@
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\x69\x0f\x5b\x0d\x9a\x26\x93\x9b",
.len = 16,
- .np = 2,
- .tap = { 8, 8 }
- }, {
- .key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .klen = 8,
- .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
- "\xa3\x99\x7b\xca\xaf\x69\xa0\xf5",
- .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
- "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b",
- .len = 16,
- .np = 3,
- .tap = { 3, 12, 1 }
}, { /* Four blocks -- for testing encryption with chunking */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
@@ -5677,38 +7283,6 @@
"\xb4\x99\x26\xf7\x1f\xe1\xd4\x90"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
.len = 32,
- .np = 3,
- .tap = { 14, 10, 8 }
- }, {
- .key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .klen = 8,
- .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
- "\x22\x33\x44\x55\x66\x77\x88\x99"
- "\xca\xfe\xba\xbe\xfe\xed\xbe\xef",
- .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
- "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b"
- "\xb4\x99\x26\xf7\x1f\xe1\xd4\x90",
- .len = 24,
- .np = 4,
- .tap = { 2, 1, 3, 18 }
- }, {
- .key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .klen = 8,
- .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
- "\x22\x33\x44\x55\x66\x77\x88\x99",
- .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
- "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
- .len = 16,
- .np = 5,
- .tap = { 2, 2, 2, 2, 8 }
- }, {
- .key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .klen = 8,
- .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7",
- .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d",
- .len = 8,
- .np = 8,
- .tap = { 1, 1, 1, 1, 1, 1, 1, 1 }
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
@@ -5775,9 +7349,6 @@
"\xE1\x58\x39\x09\xB4\x8B\x40\xAC"
"\x5F\x62\xC7\x72\xD9\xFC\xCB\x9A",
.len = 248,
- .also_non_np = 1,
- .np = 3,
- .tap = { 248 - 10, 2, 8 },
},
};
@@ -5786,6 +7357,7 @@
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .iv_out = "\x46\x8e\x91\x15\x78\x88\xba\x68",
.ptext = "\x37\x36\x35\x34\x33\x32\x31\x20"
"\x4e\x6f\x77\x20\x69\x73\x20\x74"
"\x68\x65\x20\x74\x69\x6d\x65\x20",
@@ -5797,6 +7369,7 @@
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\x12\x34\x56\x78\x90\xab\xcd\xef",
+ .iv_out = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c",
.ptext = "\x4e\x6f\x77\x20\x69\x73\x20\x74",
.ctext = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c",
.len = 8,
@@ -5804,6 +7377,7 @@
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c",
+ .iv_out = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f",
.ptext = "\x68\x65\x20\x74\x69\x6d\x65\x20",
.ctext = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f",
.len = 8,
@@ -5811,30 +7385,15 @@
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f",
+ .iv_out = "\x68\x37\x88\x49\x9a\x7c\x05\xf6",
.ptext = "\x66\x6f\x72\x20\x61\x6c\x6c\x20",
.ctext = "\x68\x37\x88\x49\x9a\x7c\x05\xf6",
.len = 8,
- .np = 2,
- .tap = { 4, 4 },
- .also_non_np = 1,
- }, { /* Copy of openssl vector for chunk testing */
- /* From OpenSSL */
- .key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .klen = 8,
- .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
- .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20"
- "\x4e\x6f\x77\x20\x69\x73\x20\x74"
- "\x68\x65\x20\x74\x69\x6d\x65\x20",
- .ctext = "\xcc\xd1\x73\xff\xab\x20\x39\xf4"
- "\xac\xd8\xae\xfd\xdf\xd8\xa1\xeb"
- "\x46\x8e\x91\x15\x78\x88\xba\x68",
- .len = 24,
- .np = 2,
- .tap = { 13, 11 }
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47",
+ .iv_out = "\xC6\x4A\xF3\x55\xC7\x29\x2E\x63",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
@@ -5898,9 +7457,6 @@
"\x82\xA9\xBD\x6A\x31\x91\x39\x11"
"\xC6\x4A\xF3\x55\xC7\x29\x2E\x63",
.len = 248,
- .also_non_np = 1,
- .np = 3,
- .tap = { 248 - 10, 2, 8 },
},
};
@@ -5909,6 +7465,7 @@
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x1C",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
@@ -5972,13 +7529,11 @@
"\x19\x7F\x99\x19\x53\xCE\x1D\x14"
"\x69\x74\xA1\x06\x46\x0F\x4E\x75",
.len = 248,
- .also_non_np = 1,
- .np = 3,
- .tap = { 248 - 10, 2, 8 },
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47",
+ .iv_out = "\xE7\x82\x1D\xB8\x53\x11\xAC\x66",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
@@ -6042,9 +7597,6 @@
"\xA5\xA6\xE7\xB0\x51\x36\x52\x37"
"\x91\x45\x05\x3E\x58\xBF\x32",
.len = 247,
- .also_non_np = 1,
- .np = 2,
- .tap = { 247 - 8, 8 },
},
};
@@ -6203,9 +7755,6 @@
"\x93\x03\xD7\x51\x09\xFA\xBE\x68"
"\xD8\x45\xFF\x33\xBA\xBB\x2B\x63",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -6216,6 +7765,7 @@
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
+ .iv_out = "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
.ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
@@ -6256,6 +7806,7 @@
.klen = 24,
.iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12"
"\xB7\x28\x4D\x83\x24\x59\xF2\x17",
+ .iv_out = "\x95\x63\x73\xA2\x44\xAC\xF8\xA5",
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
@@ -6381,9 +7932,6 @@
"\x83\x70\xFF\x86\xE6\xAA\x0F\x1F"
"\x95\x63\x73\xA2\x44\xAC\xF8\xA5",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -6393,8 +7941,8 @@
"\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE"
"\xEB\xB4\x51\x72\xB4\x51\x72\x1F",
.klen = 24,
- .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
- "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x3D",
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
@@ -6520,16 +8068,13 @@
"\xFD\x51\xB0\xC6\x2C\x63\x13\x78"
"\x5C\xEE\xFC\xCF\xC4\x70\x00\x34",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
}, { /* Generated with Crypto++ */
.key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00"
"\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE"
"\xEB\xB4\x51\x72\xB4\x51\x72\x1F",
.klen = 24,
- .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12"
- "\xB7\x28\x4D\x83\x24\x59\xF2\x17",
+ .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12",
+ .iv_out = "\xB2\xD7\x48\xED\x06\x44\xF9\x51",
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
@@ -6657,9 +8202,6 @@
"\x32\x0F\x05\x2F\xF2\x4C\x95\x3B"
"\xF2\x79\xD9",
.len = 499,
- .also_non_np = 1,
- .np = 2,
- .tap = { 499 - 16, 16 },
},
};
@@ -6845,9 +8387,6 @@
"\x56\xEB\x36\x77\x3D\xAA\xB8\xF5"
"\xC9\x1A\xFB\x5D\xDE\xBB\x43\xF4",
.len = 504,
- .also_non_np = 1,
- .np = 3,
- .tap = { 504 - 10, 2, 8 },
},
};
@@ -6857,6 +8396,7 @@
"\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
.klen = 16,
.iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
+ .iv_out = "\x59\xf1\x65\x2b\xd5\xff\x92\xcc",
.ptext = "\x37\x36\x35\x34\x33\x32\x31\x20"
"\x4e\x6f\x77\x20\x69\x73\x20\x74"
"\x68\x65\x20\x74\x69\x6d\x65\x20"
@@ -6873,6 +8413,7 @@
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
+ .iv_out = "\xB4\x98\xD8\x6B\x74\xE7\x65\xF4",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -7000,9 +8541,6 @@
"\x93\x9B\xEE\xB5\x97\x41\xD2\xA0"
"\xB4\x98\xD8\x6B\x74\xE7\x65\xF4",
.len = 504,
- .also_non_np = 1,
- .np = 3,
- .tap = { 504 - 10, 2, 8 },
},
};
@@ -7014,6 +8552,7 @@
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x9E",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -7148,6 +8687,7 @@
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x9E",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -7275,9 +8815,6 @@
"\x32\x44\x96\x1C\xD8\xEB\x95\xD2"
"\xF3\x71\xEF\xEB\x4E\xBB\x4D",
.len = 503,
- .also_non_np = 1,
- .np = 2,
- .tap = { 503 - 8, 8 },
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
@@ -7285,6 +8822,7 @@
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x3C",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -7576,9 +9114,6 @@
"\x58\x33\x9B\x78\xC7\x58\x48\x6B"
"\x2C\x75\x64\xC4\xCA\xC1\x7E\xD5",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -7587,6 +9122,8 @@
.key = zeroed_string,
.klen = 16,
.iv = zeroed_string,
+ .iv_out = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
+ "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a",
.ptext = zeroed_string,
.ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a",
@@ -7596,6 +9133,8 @@
.klen = 16,
.iv = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a",
+ .iv_out = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e"
+ "\x86\xcb\x08\x6b\x78\x9f\x54\x19",
.ptext = zeroed_string,
.ctext = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e"
"\x86\xcb\x08\x6b\x78\x9f\x54\x19",
@@ -7605,6 +9144,8 @@
.klen = 16,
.iv = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e"
"\x86\xcb\x08\x6b\x78\x9f\x54\x19",
+ .iv_out = "\x05\xef\x8c\x61\xa8\x11\x58\x26"
+ "\x34\xba\x5c\xb7\x10\x6a\xa6\x41",
.ptext = zeroed_string,
.ctext = "\x05\xef\x8c\x61\xa8\x11\x58\x26"
"\x34\xba\x5c\xb7\x10\x6a\xa6\x41",
@@ -7613,6 +9154,8 @@
.key = zeroed_string,
.klen = 16,
.iv = zeroed_string,
+ .iv_out = "\x05\xef\x8c\x61\xa8\x11\x58\x26"
+ "\x34\xba\x5c\xb7\x10\x6a\xa6\x41",
.ptext = zeroed_string,
.ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a"
@@ -7629,6 +9172,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\x30\x70\x56\xA4\x37\xDD\x7C\xC0"
+ "\x0A\xA3\x30\x10\x26\x25\x41\x2C",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -7754,9 +9299,6 @@
"\x30\x70\x56\xA4\x37\xDD\x7C\xC0"
"\x0A\xA3\x30\x10\x26\x25\x41\x2C",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -7769,6 +9311,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -7902,6 +9446,8 @@
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x1C",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -8035,6 +9581,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x84",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -8162,9 +9710,6 @@
"\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF"
"\x6C\x82\x9D",
.len = 499,
- .also_non_np = 1,
- .np = 2,
- .tap = { 499 - 16, 16 },
},
};
@@ -8406,9 +9951,6 @@
"\x80\x18\xc4\x6c\x03\xd3\xb7\xba"
"\x11\xd7\xb8\x6e\xea\xe1\x80\x30",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -8743,9 +10285,6 @@
"\xa4\x05\x0b\xb2\xb3\xa8\x30\x97"
"\x37\x30\xe1\x91\x8d\xb3\x2a\xff",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -8918,9 +10457,6 @@
"\x75\x55\x9B\xFF\x36\x73\xAB\x7C"
"\xF4\x46\x2E\xEB\xAC\xF3\xD2\xB7",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -9012,6 +10548,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xFC\x66\xAA\x37\xF2\x37\x39\x6B"
+ "\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -9137,9 +10675,6 @@
"\xFC\x66\xAA\x37\xF2\x37\x39\x6B"
"\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -9152,6 +10687,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -9285,6 +10822,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x84",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -9412,9 +10951,6 @@
"\x40\x53\x77\x8C\x15\xF8\x8D\x13"
"\x38\xE2\xE5",
.len = 499,
- .also_non_np = 1,
- .np = 2,
- .tap = { 499 - 16, 16 },
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
@@ -9423,6 +10959,8 @@
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x1C",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -9789,9 +11327,6 @@
"\x5c\xc6\x84\xfe\x7c\xcb\x26\xfd"
"\xd9\x51\x0f\xd7\x94\x2f\xc5\xa7",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -10126,19 +11661,17 @@
"\xaf\x43\x0b\xc5\x20\x41\x92\x20"
"\xd4\xa0\x91\x98\x11\x5f\x4d\xb1",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
/*
- * SM4 test vector taken from the draft RFC
- * https://tools.ietf.org/html/draft-crypto-sm4-00#ref-GBT.32907-2016
+ * SM4 test vectors taken from the "The SM4 Blockcipher Algorithm And Its
+ * Modes Of Operations" draft RFC
+ * https://datatracker.ietf.org/doc/draft-ribose-cfrg-sm4
*/
static const struct cipher_testvec sm4_tv_template[] = {
- { /* SM4 Appendix A: Example Calculations. Example 1. */
+ { /* GB/T 32907-2016 Example 1. */
.key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
"\xFE\xDC\xBA\x98\x76\x54\x32\x10",
.klen = 16,
@@ -10147,10 +11680,7 @@
.ctext = "\x68\x1E\xDF\x34\xD2\x06\x96\x5E"
"\x86\xB3\xE9\x4F\x53\x6E\x42\x46",
.len = 16,
- }, { /*
- * SM4 Appendix A: Example Calculations.
- * Last 10 iterations of Example 2.
- */
+ }, { /* Last 10 iterations of GB/T 32907-2016 Example 2. */
.key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
"\xFE\xDC\xBA\x98\x76\x54\x32\x10",
.klen = 16,
@@ -10195,6 +11725,124 @@
"\x59\x52\x98\xc7\xc6\xfd\x27\x1f"
"\x4\x2\xf8\x4\xc3\x3d\x3f\x66",
.len = 160
+ }, { /* A.2.1.1 SM4-ECB Example 1 */
+ .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
+ "\xFE\xDC\xBA\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .ctext = "\x5e\xc8\x14\x3d\xe5\x09\xcf\xf7"
+ "\xb5\x17\x9f\x8f\x47\x4b\x86\x19"
+ "\x2f\x1d\x30\x5a\x7f\xb1\x7d\xf9"
+ "\x85\xf8\x1c\x84\x82\x19\x23\x04",
+ .len = 32,
+ }, { /* A.2.1.2 SM4-ECB Example 2 */
+ .key = "\xFE\xDC\xBA\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
+ .klen = 16,
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .ctext = "\xC5\x87\x68\x97\xE4\xA5\x9B\xBB"
+ "\xA7\x2A\x10\xC8\x38\x72\x24\x5B"
+ "\x12\xDD\x90\xBC\x2D\x20\x06\x92"
+ "\xB5\x29\xA4\x15\x5A\xC9\xE6\x00",
+ .len = 32,
+ }
+};
+
+static const struct cipher_testvec sm4_cbc_tv_template[] = {
+ { /* A.2.2.1 SM4-CBC Example 1 */
+ .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
+ "\xFE\xDC\xBA\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv_out = "\x4C\xB7\x01\x69\x51\x90\x92\x26"
+ "\x97\x9B\x0D\x15\xDC\x6A\x8F\x6D",
+ .ctext = "\x78\xEB\xB1\x1C\xC4\x0B\x0A\x48"
+ "\x31\x2A\xAE\xB2\x04\x02\x44\xCB"
+ "\x4C\xB7\x01\x69\x51\x90\x92\x26"
+ "\x97\x9B\x0D\x15\xDC\x6A\x8F\x6D",
+ .len = 32,
+ }, { /* A.2.2.2 SM4-CBC Example 2 */
+ .key = "\xFE\xDC\xBA\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
+ .klen = 16,
+ .ptext = "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv_out = "\x91\xf2\xc1\x47\x91\x1a\x41\x44"
+ "\x66\x5e\x1f\xa1\xd4\x0b\xae\x38",
+ .ctext = "\x0d\x3a\x6d\xdc\x2d\x21\xc6\x98"
+ "\x85\x72\x15\x58\x7b\x7b\xb5\x9a"
+ "\x91\xf2\xc1\x47\x91\x1a\x41\x44"
+ "\x66\x5e\x1f\xa1\xd4\x0b\xae\x38",
+ .len = 32,
+ }
+};
+
+static const struct cipher_testvec sm4_ctr_tv_template[] = {
+ { /* A.2.5.1 SM4-CTR Example 1 */
+ .key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
+ "\xFE\xDC\xBA\x98\x76\x54\x32\x10",
+ .klen = 16,
+ .ptext = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xee\xee\xee\xee"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv_out = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0A\x0B\x0C\x0D\x0E\x13",
+ .ctext = "\xac\x32\x36\xcb\x97\x0c\xc2\x07"
+ "\x91\x36\x4c\x39\x5a\x13\x42\xd1"
+ "\xa3\xcb\xc1\x87\x8c\x6f\x30\xcd"
+ "\x07\x4c\xce\x38\x5c\xdd\x70\xc7"
+ "\xf2\x34\xbc\x0e\x24\xc1\x19\x80"
+ "\xfd\x12\x86\x31\x0c\xe3\x7b\x92"
+ "\x6e\x02\xfc\xd0\xfa\xa0\xba\xf3"
+ "\x8b\x29\x33\x85\x1d\x82\x45\x14",
+ .len = 64,
+ }, { /* A.2.5.2 SM4-CTR Example 2 */
+ .key = "\xFE\xDC\xBA\x98\x76\x54\x32\x10"
+ "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
+ .klen = 16,
+ .ptext = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb"
+ "\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc"
+ "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
+ "\xee\xee\xee\xee\xee\xee\xee\xee"
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+ "\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb",
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
+ .iv_out = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0A\x0B\x0C\x0D\x0E\x13",
+ .ctext = "\x5d\xcc\xcd\x25\xb9\x5a\xb0\x74"
+ "\x17\xa0\x85\x12\xee\x16\x0e\x2f"
+ "\x8f\x66\x15\x21\xcb\xba\xb4\x4c"
+ "\xc8\x71\x38\x44\x5b\xc2\x9e\x5c"
+ "\x0a\xe0\x29\x72\x05\xd6\x27\x04"
+ "\x17\x3b\x21\x23\x9b\x88\x7f\x6c"
+ "\x8c\xb5\xb8\x00\x91\x7a\x24\x88"
+ "\x28\x4b\xde\x9e\x16\xea\x29\x06",
+ .len = 64,
}
};
@@ -10360,9 +12008,6 @@
"\x84\x52\x6D\x68\xDE\xC6\x64\xB2"
"\x11\x74\x93\x57\xB4\x7E\xC6\x00",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -10375,6 +12020,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\x4D\x59\x7D\xC5\x28\x69\xFA\x92"
+ "\x22\x46\x89\x2D\x0F\x2B\x08\x24",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -10500,9 +12147,6 @@
"\x4D\x59\x7D\xC5\x28\x69\xFA\x92"
"\x22\x46\x89\x2D\x0F\x2B\x08\x24",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -10515,6 +12159,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x66",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A",
@@ -10530,6 +12176,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -10655,9 +12303,6 @@
"\x0E\x74\x33\x30\x62\xB9\x89\xDF"
"\xF9\xC5\xDD\x27\xB3\x39\xCB\xCB",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -10801,9 +12446,6 @@
"\x8D\xD9\xCD\x3B\x22\x67\x18\xC7"
"\xC4\xF5\x99\x61\xBC\xBB\x5B\x46",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -10949,9 +12591,6 @@
"\xA1\xAC\xE8\xCF\xC6\x74\xCF\xDC"
"\x22\x60\x4E\xE8\xA4\x5D\x85\xB9",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -11120,9 +12759,6 @@
"\x09\x79\xA0\x43\x5C\x0D\x08\x58"
"\x17\xBB\xC0\x6B\x62\x3F\x56\xE9",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -11133,19 +12769,20 @@
.klen = 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
+ .iv_out = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ "\x27\x08\x94\x2d\xbe\x77\x18\x1a",
.ptext = "Single block msg",
.ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a",
.len = 16,
- .also_non_np = 1,
- .np = 8,
- .tap = { 3, 2, 3, 2, 3, 1, 1, 1 },
}, {
.key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
"\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
.klen = 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
+ .iv_out = "\x75\x86\x60\x2d\x25\x3c\xff\xf9"
+ "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
@@ -11162,6 +12799,8 @@
.klen = 24,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .iv_out = "\x08\xb0\xe2\x79\x88\x59\x88\x81"
+ "\xd9\x20\xa9\xe6\x4f\x56\x15\xcd",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
@@ -11187,6 +12826,8 @@
.klen = 32,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .iv_out = "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
+ "\xda\x6c\x19\x07\x8c\x6a\x9d\x1b",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
@@ -11212,6 +12853,8 @@
.klen = 32,
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
"\xE2\x7D\x18\xD6\x71\x0C\xA7\x42",
+ .iv_out = "\xE0\x1F\x91\xF8\x82\x96\x2D\x65"
+ "\xA3\xAA\x13\xCC\x50\xFF\x7B\x02",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
@@ -11337,13 +12980,108 @@
"\xE0\x1F\x91\xF8\x82\x96\x2D\x65"
"\xA3\xAA\x13\xCC\x50\xFF\x7B\x02",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
-static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = {
+static const struct cipher_testvec aes_cfb_tv_template[] = {
+ { /* From NIST SP800-38A */
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
+ "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
+ "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
+ "\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f"
+ "\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"
+ "\x26\x75\x1f\x67\xa3\xcb\xb1\x40"
+ "\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf"
+ "\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e"
+ "\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6",
+ .len = 64,
+ }, {
+ .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
+ "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+ .klen = 24,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab"
+ "\x34\xc2\x59\x09\xc9\x9a\x41\x74"
+ "\x67\xce\x7f\x7f\x81\x17\x36\x21"
+ "\x96\x1a\x2b\x70\x17\x1d\x3d\x7a"
+ "\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1"
+ "\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9"
+ "\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0"
+ "\x42\xae\x8f\xba\x58\x4b\x09\xff",
+ .len = 64,
+ }, {
+ .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
+ "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
+ "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+ .klen = 32,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\xdc\x7e\x84\xbf\xda\x79\x16\x4b"
+ "\x7e\xcd\x84\x86\x98\x5d\x38\x60"
+ "\x39\xff\xed\x14\x3b\x28\xb1\xc8"
+ "\x32\x11\x3c\x63\x31\xe5\x40\x7b"
+ "\xdf\x10\x13\x24\x15\xe5\x4b\x92"
+ "\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9"
+ "\x75\xa3\x85\x74\x1a\xb9\xce\xf8"
+ "\x20\x31\x62\x3d\x55\xb1\xe4\x71",
+ .len = 64,
+ }, { /* > 16 bytes, not a multiple of 16 bytes */
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
+ "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae",
+ .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
+ "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
+ "\xc8",
+ .len = 17,
+ }, { /* < 16 bytes */
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
+ "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f",
+ .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad",
+ .len = 7,
+ },
+};
+
+static const struct aead_testvec hmac_md5_ecb_cipher_null_tv_template[] = {
{ /* Input data from RFC 2410 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11357,12 +13095,12 @@
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 8 + 16 + 0,
.iv = "",
- .input = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .ilen = 8,
- .result = "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .plen = 8,
+ .ctext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xaa\x42\xfe\x43\x8d\xea\xa3\x5a"
"\xb9\x3d\x9f\xb1\xa3\x8e\x9b\xae",
- .rlen = 8 + 16,
+ .clen = 8 + 16,
}, { /* Input data from RFC 2410 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11376,58 +13114,16 @@
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 8 + 16 + 0,
.iv = "",
- .input = "Network Security People Have A Strange Sense Of Humor",
- .ilen = 53,
- .result = "Network Security People Have A Strange Sense Of Humor"
+ .ptext = "Network Security People Have A Strange Sense Of Humor",
+ .plen = 53,
+ .ctext = "Network Security People Have A Strange Sense Of Humor"
"\x73\xa5\x3e\x1c\x08\x0e\x8a\x8a"
"\x8e\xb5\x5f\x90\x8e\xfe\x13\x23",
- .rlen = 53 + 16,
+ .clen = 53 + 16,
},
};
-static const struct aead_testvec hmac_md5_ecb_cipher_null_dec_tv_template[] = {
- {
-#ifdef __LITTLE_ENDIAN
- .key = "\x08\x00" /* rta length */
- "\x01\x00" /* rta type */
-#else
- .key = "\x00\x08" /* rta length */
- "\x00\x01" /* rta type */
-#endif
- "\x00\x00\x00\x00" /* enc key length */
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 8 + 16 + 0,
- .iv = "",
- .input = "\x01\x23\x45\x67\x89\xab\xcd\xef"
- "\xaa\x42\xfe\x43\x8d\xea\xa3\x5a"
- "\xb9\x3d\x9f\xb1\xa3\x8e\x9b\xae",
- .ilen = 8 + 16,
- .result = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .rlen = 8,
- }, {
-#ifdef __LITTLE_ENDIAN
- .key = "\x08\x00" /* rta length */
- "\x01\x00" /* rta type */
-#else
- .key = "\x00\x08" /* rta length */
- "\x00\x01" /* rta type */
-#endif
- "\x00\x00\x00\x00" /* enc key length */
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 8 + 16 + 0,
- .iv = "",
- .input = "Network Security People Have A Strange Sense Of Humor"
- "\x73\xa5\x3e\x1c\x08\x0e\x8a\x8a"
- "\x8e\xb5\x5f\x90\x8e\xfe\x13\x23",
- .ilen = 53 + 16,
- .result = "Network Security People Have A Strange Sense Of Humor",
- .rlen = 53,
- },
-};
-
-static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha1_aes_cbc_tv_temp[] = {
{ /* RFC 3602 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11448,14 +13144,14 @@
.assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.alen = 16,
- .input = "Single block msg",
- .ilen = 16,
- .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ .ptext = "Single block msg",
+ .plen = 16,
+ .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a"
"\x1b\x13\xcb\xaf\x89\x5e\xe1\x2c"
"\x13\xc5\x2e\xa3\xcc\xed\xdc\xb5"
"\x03\x71\xa2\x06",
- .rlen = 16 + 20,
+ .clen = 16 + 20,
}, { /* RFC 3602 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11476,19 +13172,19 @@
.assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.alen = 16,
- .input = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
- .ilen = 32,
- .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
+ .plen = 32,
+ .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
"\xad\x9b\x4c\x5c\x85\xe1\xda\xae"
"\xee\x81\x4e\xd7\xdb\x74\xcf\x58"
"\x65\x39\xf8\xde",
- .rlen = 32 + 20,
+ .clen = 32 + 20,
}, { /* RFC 3602 Case 3 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11509,9 +13205,9 @@
.assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.alen = 16,
- .input = "This is a 48-byte message (exactly 3 AES blocks)",
- .ilen = 48,
- .result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
+ .ptext = "This is a 48-byte message (exactly 3 AES blocks)",
+ .plen = 48,
+ .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
"\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
"\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
"\x50\x69\x39\x27\x67\x72\xf8\xd5"
@@ -11520,7 +13216,7 @@
"\xc2\xec\x0c\xf8\x7f\x05\xba\xca"
"\xff\xee\x4c\xd0\x93\xe6\x36\x7f"
"\x8d\x62\xf2\x1e",
- .rlen = 48 + 20,
+ .clen = 48 + 20,
}, { /* RFC 3602 Case 4 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11541,7 +13237,7 @@
.assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.alen = 16,
- .input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
@@ -11549,8 +13245,8 @@
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
- .ilen = 64,
- .result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
+ .plen = 64,
+ .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
"\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
"\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
"\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
@@ -11561,7 +13257,7 @@
"\x1c\x45\x57\xa9\x56\xcb\xa9\x2d"
"\x18\xac\xf1\xc7\x5d\xd1\xcd\x0d"
"\x1d\xbe\xc6\xe9",
- .rlen = 64 + 20,
+ .clen = 64 + 20,
}, { /* RFC 3602 Case 5 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11583,7 +13279,7 @@
"\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.alen = 24,
- .input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
+ .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
"\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
@@ -11593,8 +13289,8 @@
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
- .ilen = 80,
- .result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
+ .plen = 80,
+ .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
"\xa9\x45\x3e\x19\x4e\x12\x08\x49"
"\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
"\x33\x00\x13\xb4\x89\x8d\xc8\x56"
@@ -11607,7 +13303,7 @@
"\x58\xc6\x84\x75\xe4\xe9\x6b\x0c"
"\xe1\xc5\x0b\x73\x4d\x82\x55\xa8"
"\x85\xe1\x59\xf7",
- .rlen = 80 + 20,
+ .clen = 80 + 20,
}, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11629,7 +13325,7 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
- .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
@@ -11637,8 +13333,8 @@
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
- .ilen = 64,
- .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
+ .plen = 64,
+ .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
@@ -11649,7 +13345,7 @@
"\x73\xe3\x19\x3f\x8b\xc9\xc6\xf4"
"\x5a\xf1\x5b\xa8\x98\x07\xc5\x36"
"\x47\x4c\xfc\x36",
- .rlen = 64 + 20,
+ .clen = 64 + 20,
}, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11672,7 +13368,7 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
- .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
@@ -11680,8 +13376,8 @@
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
- .ilen = 64,
- .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
+ .plen = 64,
+ .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
@@ -11692,11 +13388,11 @@
"\xa3\xe8\x9b\x17\xe3\xf4\x7f\xde"
"\x1b\x9f\xc6\x81\x26\x43\x4a\x87"
"\x51\xee\xd6\x4e",
- .rlen = 64 + 20,
+ .clen = 64 + 20,
},
};
-static const struct aead_testvec hmac_sha1_ecb_cipher_null_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha1_ecb_cipher_null_tv_temp[] = {
{ /* Input data from RFC 2410 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11711,13 +13407,13 @@
"\x00\x00\x00\x00",
.klen = 8 + 20 + 0,
.iv = "",
- .input = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .ilen = 8,
- .result = "\x01\x23\x45\x67\x89\xab\xcd\xef"
+ .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
+ .plen = 8,
+ .ctext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x40\xc3\x0a\xa1\xc9\xa0\x28\xab"
"\x99\x5e\x19\x04\xd1\x72\xef\xb8"
"\x8c\x5e\xe4\x08",
- .rlen = 8 + 20,
+ .clen = 8 + 20,
}, { /* Input data from RFC 2410 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11732,63 +13428,17 @@
"\x00\x00\x00\x00",
.klen = 8 + 20 + 0,
.iv = "",
- .input = "Network Security People Have A Strange Sense Of Humor",
- .ilen = 53,
- .result = "Network Security People Have A Strange Sense Of Humor"
+ .ptext = "Network Security People Have A Strange Sense Of Humor",
+ .plen = 53,
+ .ctext = "Network Security People Have A Strange Sense Of Humor"
"\x75\x6f\x42\x1e\xf8\x50\x21\xd2"
"\x65\x47\xee\x8e\x1a\xef\x16\xf6"
"\x91\x56\xe4\xd6",
- .rlen = 53 + 20,
+ .clen = 53 + 20,
},
};
-static const struct aead_testvec hmac_sha1_ecb_cipher_null_dec_tv_temp[] = {
- {
-#ifdef __LITTLE_ENDIAN
- .key = "\x08\x00" /* rta length */
- "\x01\x00" /* rta type */
-#else
- .key = "\x00\x08" /* rta length */
- "\x00\x01" /* rta type */
-#endif
- "\x00\x00\x00\x00" /* enc key length */
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00",
- .klen = 8 + 20 + 0,
- .iv = "",
- .input = "\x01\x23\x45\x67\x89\xab\xcd\xef"
- "\x40\xc3\x0a\xa1\xc9\xa0\x28\xab"
- "\x99\x5e\x19\x04\xd1\x72\xef\xb8"
- "\x8c\x5e\xe4\x08",
- .ilen = 8 + 20,
- .result = "\x01\x23\x45\x67\x89\xab\xcd\xef",
- .rlen = 8,
- }, {
-#ifdef __LITTLE_ENDIAN
- .key = "\x08\x00" /* rta length */
- "\x01\x00" /* rta type */
-#else
- .key = "\x00\x08" /* rta length */
- "\x00\x01" /* rta type */
-#endif
- "\x00\x00\x00\x00" /* enc key length */
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00",
- .klen = 8 + 20 + 0,
- .iv = "",
- .input = "Network Security People Have A Strange Sense Of Humor"
- "\x75\x6f\x42\x1e\xf8\x50\x21\xd2"
- "\x65\x47\xee\x8e\x1a\xef\x16\xf6"
- "\x91\x56\xe4\xd6",
- .ilen = 53 + 20,
- .result = "Network Security People Have A Strange Sense Of Humor",
- .rlen = 53,
- },
-};
-
-static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha256_aes_cbc_tv_temp[] = {
{ /* RFC 3602 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11810,15 +13460,15 @@
.assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.alen = 16,
- .input = "Single block msg",
- .ilen = 16,
- .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ .ptext = "Single block msg",
+ .plen = 16,
+ .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a"
"\xcc\xde\x2d\x6a\xae\xf1\x0b\xcc"
"\x38\x06\x38\x51\xb4\xb8\xf3\x5b"
"\x5c\x34\xa6\xa3\x6e\x0b\x05\xe5"
"\x6a\x6d\x44\xaa\x26\xa8\x44\xa5",
- .rlen = 16 + 32,
+ .clen = 16 + 32,
}, { /* RFC 3602 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11840,12 +13490,12 @@
.assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.alen = 16,
- .input = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
- .ilen = 32,
- .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
+ .plen = 32,
+ .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
@@ -11853,7 +13503,7 @@
"\x0e\x06\x58\x8f\xba\xf6\x06\xda"
"\x49\x69\x0d\x5b\xd4\x36\x06\x62"
"\x35\x5e\x54\x58\x53\x4d\xdf\xbf",
- .rlen = 32 + 32,
+ .clen = 32 + 32,
}, { /* RFC 3602 Case 3 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11875,9 +13525,9 @@
.assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.alen = 16,
- .input = "This is a 48-byte message (exactly 3 AES blocks)",
- .ilen = 48,
- .result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
+ .ptext = "This is a 48-byte message (exactly 3 AES blocks)",
+ .plen = 48,
+ .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
"\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
"\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
"\x50\x69\x39\x27\x67\x72\xf8\xd5"
@@ -11887,7 +13537,7 @@
"\xe7\xc6\xce\x10\x31\x2f\x9b\x1d"
"\x24\x78\xfb\xbe\x02\xe0\x4f\x40"
"\x10\xbd\xaa\xc6\xa7\x79\xe0\x1a",
- .rlen = 48 + 32,
+ .clen = 48 + 32,
}, { /* RFC 3602 Case 4 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11909,7 +13559,7 @@
.assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.alen = 16,
- .input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
@@ -11917,8 +13567,8 @@
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
- .ilen = 64,
- .result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
+ .plen = 64,
+ .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
"\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
"\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
"\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
@@ -11930,7 +13580,7 @@
"\xe0\x93\xec\xc9\x9f\xf7\xce\xd8"
"\x3f\x54\xe2\x49\x39\xe3\x71\x25"
"\x2b\x6c\xe9\x5d\xec\xec\x2b\x64",
- .rlen = 64 + 32,
+ .clen = 64 + 32,
}, { /* RFC 3602 Case 5 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -11953,7 +13603,7 @@
"\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.alen = 24,
- .input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
+ .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
"\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
@@ -11963,8 +13613,8 @@
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
- .ilen = 80,
- .result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
+ .plen = 80,
+ .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
"\xa9\x45\x3e\x19\x4e\x12\x08\x49"
"\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
"\x33\x00\x13\xb4\x89\x8d\xc8\x56"
@@ -11978,7 +13628,7 @@
"\x3a\xd2\xe1\x03\x86\xa5\x59\xb7"
"\x73\xc3\x46\x20\x2c\xb1\xef\x68"
"\xbb\x8a\x32\x7e\x12\x8c\x69\xcf",
- .rlen = 80 + 32,
+ .clen = 80 + 32,
}, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12001,7 +13651,7 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
- .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
@@ -12009,8 +13659,8 @@
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
- .ilen = 64,
- .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
+ .plen = 64,
+ .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
@@ -12022,7 +13672,7 @@
"\x61\x81\x31\xea\x5b\x3d\x8e\xfb"
"\xca\x71\x85\x93\xf7\x85\x55\x8b"
"\x7a\xe4\x94\xca\x8b\xba\x19\x33",
- .rlen = 64 + 32,
+ .clen = 64 + 32,
}, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12046,7 +13696,7 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
- .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
@@ -12054,8 +13704,8 @@
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
- .ilen = 64,
- .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
+ .plen = 64,
+ .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
@@ -12067,11 +13717,11 @@
"\x8f\x74\xbd\x17\x92\x03\xbe\x8f"
"\xf3\x61\xde\x1c\xe9\xdb\xcd\xd0"
"\xcc\xce\xe9\x85\x57\xcf\x6f\x5f",
- .rlen = 64 + 32,
+ .clen = 64 + 32,
},
};
-static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha512_aes_cbc_tv_temp[] = {
{ /* RFC 3602 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12097,9 +13747,9 @@
.assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.alen = 16,
- .input = "Single block msg",
- .ilen = 16,
- .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ .ptext = "Single block msg",
+ .plen = 16,
+ .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a"
"\x3f\xdc\xad\x90\x03\x63\x5e\x68"
"\xc3\x13\xdd\xa4\x5c\x4d\x54\xa7"
@@ -12109,7 +13759,7 @@
"\xe8\x9a\x7c\x06\x3d\xcb\xff\xb2"
"\xfa\x20\x89\xdd\x9c\xac\x9e\x16"
"\x18\x8a\xa0\x6d\x01\x6c\xa3\x3a",
- .rlen = 16 + 64,
+ .clen = 16 + 64,
}, { /* RFC 3602 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12135,12 +13785,12 @@
.assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.alen = 16,
- .input = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
- .ilen = 32,
- .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
+ .plen = 32,
+ .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
@@ -12152,7 +13802,7 @@
"\x46\x32\x7c\x41\x9c\x59\x3e\xe9"
"\x8f\x9f\xd4\x31\xd6\x22\xbd\xf8"
"\xf7\x0a\x94\xe5\xa9\xc3\xf6\x9d",
- .rlen = 32 + 64,
+ .clen = 32 + 64,
}, { /* RFC 3602 Case 3 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12178,9 +13828,9 @@
.assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.alen = 16,
- .input = "This is a 48-byte message (exactly 3 AES blocks)",
- .ilen = 48,
- .result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
+ .ptext = "This is a 48-byte message (exactly 3 AES blocks)",
+ .plen = 48,
+ .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
"\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
"\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
"\x50\x69\x39\x27\x67\x72\xf8\xd5"
@@ -12194,7 +13844,7 @@
"\x08\xea\x29\x6c\x74\x67\x3f\xb0"
"\xac\x7f\x5c\x1d\xf5\xee\x22\x66"
"\x27\xa6\xb6\x13\xba\xba\xf0\xc2",
- .rlen = 48 + 64,
+ .clen = 48 + 64,
}, { /* RFC 3602 Case 4 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12220,7 +13870,7 @@
.assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.alen = 16,
- .input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
@@ -12228,8 +13878,8 @@
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
- .ilen = 64,
- .result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
+ .plen = 64,
+ .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
"\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
"\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
"\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
@@ -12245,7 +13895,7 @@
"\xbc\x6f\xed\xd5\x8d\xde\x23\x7c"
"\x62\x98\x14\xd7\x2f\x37\x8d\xdf"
"\xf4\x33\x80\xeb\x8e\xb4\xa4\xda",
- .rlen = 64 + 64,
+ .clen = 64 + 64,
}, { /* RFC 3602 Case 5 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12272,7 +13922,7 @@
"\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.alen = 24,
- .input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
+ .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
"\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
@@ -12282,8 +13932,8 @@
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
- .ilen = 80,
- .result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
+ .plen = 80,
+ .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
"\xa9\x45\x3e\x19\x4e\x12\x08\x49"
"\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
"\x33\x00\x13\xb4\x89\x8d\xc8\x56"
@@ -12301,7 +13951,7 @@
"\x92\x26\xc1\x76\x20\x11\xeb\xba"
"\x62\x4f\x9a\x62\x25\xc3\x75\x80"
"\xb7\x0a\x17\xf5\xd7\x94\xb4\x14",
- .rlen = 80 + 64,
+ .clen = 80 + 64,
}, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12328,7 +13978,7 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
- .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
@@ -12336,8 +13986,8 @@
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
- .ilen = 64,
- .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
+ .plen = 64,
+ .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
@@ -12353,7 +14003,7 @@
"\xba\x03\xd5\x32\xfa\x5f\x41\x58"
"\x8d\x43\x98\xa7\x94\x16\x07\x02"
"\x0f\xb6\x81\x50\x28\x95\x2e\x75",
- .rlen = 64 + 64,
+ .clen = 64 + 64,
}, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12381,7 +14031,7 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
- .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
@@ -12389,8 +14039,8 @@
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
- .ilen = 64,
- .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
+ .plen = 64,
+ .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
@@ -12406,11 +14056,11 @@
"\xe3\x8d\x64\xc3\x8d\xff\x7c\x8c"
"\xdb\xbf\xa0\xb4\x01\xa2\xa8\xa2"
"\x2c\xb1\x62\x2c\x10\xca\xf1\x21",
- .rlen = 64 + 64,
+ .clen = 64 + 64,
},
};
-static const struct aead_testvec hmac_sha1_des_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha1_des_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12429,7 +14079,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12445,8 +14095,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
+ .plen = 128,
+ .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
@@ -12465,11 +14115,11 @@
"\x95\x16\x20\x09\xf5\x95\x19\xfd"
"\x3c\xc7\xe0\x42\xc0\x14\x69\xfa"
"\x5c\x44\xa9\x37",
- .rlen = 128 + 20,
+ .clen = 128 + 20,
},
};
-static const struct aead_testvec hmac_sha224_des_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha224_des_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12488,7 +14138,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12504,8 +14154,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
+ .plen = 128,
+ .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
@@ -12524,11 +14174,11 @@
"\x9c\x2d\x7e\xee\x20\x34\x55\x0a"
"\xce\xb5\x4e\x64\x53\xe7\xbf\x91"
"\xab\xd4\xd9\xda\xc9\x12\xae\xf7",
- .rlen = 128 + 24,
+ .clen = 128 + 24,
},
};
-static const struct aead_testvec hmac_sha256_des_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha256_des_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12548,7 +14198,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12564,8 +14214,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
+ .plen = 128,
+ .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
@@ -12585,11 +14235,11 @@
"\x50\xf6\x5d\xab\x4b\x51\x4e\x5e"
"\xde\x63\xde\x76\x52\xde\x9f\xba"
"\x90\xcf\x15\xf2\xbb\x6e\x84\x00",
- .rlen = 128 + 32,
+ .clen = 128 + 32,
},
};
-static const struct aead_testvec hmac_sha384_des_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha384_des_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12611,7 +14261,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12627,8 +14277,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
+ .plen = 128,
+ .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
@@ -12650,11 +14300,11 @@
"\x5e\x67\xb5\x74\xe7\xe7\x85\x61"
"\x6a\x95\x26\x75\xcc\x53\x89\xf3"
"\x74\xc9\x2a\x76\x20\xa2\x64\x62",
- .rlen = 128 + 48,
+ .clen = 128 + 48,
},
};
-static const struct aead_testvec hmac_sha512_des_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha512_des_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12678,7 +14328,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12694,8 +14344,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
+ .plen = 128,
+ .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
@@ -12719,11 +14369,11 @@
"\x97\xe2\xe3\xb8\xaa\x48\x85\xee"
"\x8c\xf6\x07\x95\x1f\xa6\x6c\x96"
"\x99\xc7\x5c\x8d\xd8\xb5\x68\x7b",
- .rlen = 128 + 64,
+ .clen = 128 + 64,
},
};
-static const struct aead_testvec hmac_sha1_des3_ede_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha1_des3_ede_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12744,7 +14394,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12760,8 +14410,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ .plen = 128,
+ .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
@@ -12780,11 +14430,11 @@
"\x67\x6d\xb1\xf5\xb8\x10\xdc\xc6"
"\x75\x86\x96\x6b\xb1\xc5\xe4\xcf"
"\xd1\x60\x91\xb3",
- .rlen = 128 + 20,
+ .clen = 128 + 20,
},
};
-static const struct aead_testvec hmac_sha224_des3_ede_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha224_des3_ede_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12805,7 +14455,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12821,8 +14471,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ .plen = 128,
+ .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
@@ -12841,11 +14491,11 @@
"\x15\x24\x7f\x5a\x45\x4a\x66\xce"
"\x2b\x0b\x93\x99\x2f\x9d\x0c\x6c"
"\x56\x1f\xe1\xa6\x41\xb2\x4c\xd0",
- .rlen = 128 + 24,
+ .clen = 128 + 24,
},
};
-static const struct aead_testvec hmac_sha256_des3_ede_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha256_des3_ede_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12867,7 +14517,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12883,8 +14533,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ .plen = 128,
+ .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
@@ -12904,11 +14554,11 @@
"\x56\x38\x44\xc0\xdb\xe3\x4f\x71"
"\xf7\xce\xd1\xd3\xf8\xbd\x3e\x4f"
"\xca\x43\x95\xdf\x80\x61\x81\xa9",
- .rlen = 128 + 32,
+ .clen = 128 + 32,
},
};
-static const struct aead_testvec hmac_sha384_des3_ede_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha384_des3_ede_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -12932,7 +14582,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -12948,8 +14598,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ .plen = 128,
+ .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
@@ -12971,11 +14621,11 @@
"\xa4\x32\x8a\x0b\x46\xd7\xf0\x39"
"\x36\x5d\x13\x2f\x86\x10\x78\xd6"
"\xd6\xbe\x5c\xb9\x15\x89\xf9\x1b",
- .rlen = 128 + 48,
+ .clen = 128 + 48,
},
};
-static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = {
+static const struct aead_testvec hmac_sha512_des3_ede_cbc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
@@ -13001,7 +14651,7 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
- .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
+ .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
@@ -13017,8 +14667,8 @@
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
- .ilen = 128,
- .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
+ .plen = 128,
+ .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
@@ -13042,7 +14692,7 @@
"\x2a\x74\xd4\x65\x12\xcb\x55\xf2"
"\xd5\x02\x6d\xe6\xaf\xc9\x2f\xf2"
"\x57\xaa\x85\xf7\xf3\x6a\xcb\xdb",
- .rlen = 128 + 64,
+ .clen = 128 + 64,
},
};
@@ -13145,6 +14795,27 @@
.ctext = "\x5b\x90\x8e\xc1\xab\xdd\x67\x5f"
"\x3d\x69\x8a\x95\x53\xc8\x9c\xe5",
.len = 16,
+ }, { /* Test counter wrap-around, modified from LRW-32-AES 1 */
+ .key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
+ "\x4c\x26\x84\x14\xb5\x68\x01\x85"
+ "\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
+ "\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
+ .klen = 32,
+ .iv = "\xff\xff\xff\xff\xff\xff\xff\xff"
+ "\xff\xff\xff\xff\xff\xff\xff\xff",
+ .ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x41\x42\x43\x44\x45\x46"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x41\x42\x43\x44\x45\x46"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x41\x42\x43\x44\x45\x46",
+ .ctext = "\x47\x90\x50\xf6\xf4\x8d\x5c\x7f"
+ "\x84\xc7\x83\x95\x2d\xa2\x02\xc0"
+ "\xda\x7f\xa3\xc0\x88\x2a\x0a\x50"
+ "\xfb\xc1\x78\x03\x39\xfe\x1d\xe5"
+ "\xf1\xb2\x73\xcd\x65\xa3\xdf\x5f"
+ "\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
+ .len = 48,
}, {
/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
@@ -13285,9 +14956,6 @@
"\xcd\x7e\x2b\x5d\x43\xea\x42\xe7"
"\x74\x3f\x7d\x58\x88\x75\xde\x3e",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
}
};
@@ -13623,9 +15291,6 @@
"\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70"
"\xb9\xc6\xe6\x93\xe1\x48\xc1\x51",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
}
};
@@ -13636,6 +15301,8 @@
.klen = 16,
.iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
+ .iv_out = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
+ "\xf8\xf9\xfa\xfb\xfc\xfd\xff\x03",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
@@ -13660,6 +15327,8 @@
.klen = 24,
.iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
+ .iv_out = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
+ "\xf8\xf9\xfa\xfb\xfc\xfd\xff\x03",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
@@ -13685,6 +15354,8 @@
.klen = 32,
.iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
+ .iv_out = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
+ "\xf8\xf9\xfa\xfb\xfc\xfd\xff\x03",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
@@ -13710,6 +15381,8 @@
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x1C",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
@@ -13835,9 +15508,6 @@
"\xFA\x3A\x05\x4C\xFA\xD1\xFF\xFE"
"\xF1\x4C\xE5\xB2\x91\x64\x0C\x51",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55"
"\x0F\x32\x55\x78\x9B\xBE\x78\x9B"
@@ -13846,6 +15516,8 @@
.klen = 32,
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
"\xE2\x7D\x18\xD6\x71\x0C\xA7\x42",
+ .iv_out = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
+ "\xE2\x7D\x18\xD6\x71\x0C\xA7\x62",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
@@ -13973,9 +15645,6 @@
"\xD8\xFE\xC9\x5B\x5C\x25\xE5\x76"
"\xFB\xF2\x3F",
.len = 499,
- .also_non_np = 1,
- .np = 2,
- .tap = { 499 - 16, 16 },
},
};
@@ -15099,14 +16768,11 @@
"\x4b\xef\x31\x18\xea\xac\xb1\x84"
"\x21\xed\xda\x86",
.len = 4100,
- .np = 2,
- .tap = { 4064, 36 },
},
};
static const struct cipher_testvec aes_ofb_tv_template[] = {
- /* From NIST Special Publication 800-38A, Appendix F.5 */
- {
+ { /* From NIST Special Publication 800-38A, Appendix F.5 */
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.klen = 16,
@@ -15129,33 +16795,55 @@
"\x30\x4c\x65\x28\xf6\x59\xc7\x78"
"\x66\xa5\x10\xd9\xc1\xd6\xae\x5e",
.len = 64,
+ }, { /* > 16 bytes, not a multiple of 16 bytes */
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
+ "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae",
+ .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
+ "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
+ "\x77",
+ .len = 17,
+ }, { /* < 16 bytes */
+ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
+ "\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
+ .klen = 16,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f",
+ .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad",
+ .len = 7,
}
};
-static const struct aead_testvec aes_gcm_enc_tv_template[] = {
+static const struct aead_testvec aes_gcm_tv_template[] = {
{ /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
.key = zeroed_string,
.klen = 16,
- .result = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61"
+ .ctext = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61"
"\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
- .rlen = 16,
+ .clen = 16,
}, {
.key = zeroed_string,
.klen = 16,
- .input = zeroed_string,
- .ilen = 16,
- .result = "\x03\x88\xda\xce\x60\xb6\xa3\x92"
+ .ptext = zeroed_string,
+ .plen = 16,
+ .ctext = "\x03\x88\xda\xce\x60\xb6\xa3\x92"
"\xf3\x28\xc2\xb9\x71\xb2\xfe\x78"
"\xab\x6e\x47\xd4\x2c\xec\x13\xbd"
"\xf5\x3a\x67\xb2\x12\x57\xbd\xdf",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 16,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
- .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
+ .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
@@ -15163,8 +16851,8 @@
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
- .ilen = 64,
- .result = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
+ .plen = 64,
+ .ctext = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
"\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
"\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
"\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
@@ -15174,14 +16862,14 @@
"\x3d\x58\xe0\x91\x47\x3f\x59\x85"
"\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6"
"\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 16,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
- .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
+ .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
@@ -15189,12 +16877,12 @@
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39",
- .ilen = 60,
+ .plen = 60,
.assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xab\xad\xda\xd2",
.alen = 20,
- .result = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
+ .ctext = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
"\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
"\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
"\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
@@ -15204,23 +16892,23 @@
"\x3d\x58\xe0\x91"
"\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb"
"\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
- .rlen = 76,
+ .clen = 76,
}, {
.key = zeroed_string,
.klen = 24,
- .result = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b"
+ .ctext = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b"
"\xa0\x0e\xd1\xf3\x12\x57\x24\x35",
- .rlen = 16,
+ .clen = 16,
}, {
.key = zeroed_string,
.klen = 24,
- .input = zeroed_string,
- .ilen = 16,
- .result = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41"
+ .ptext = zeroed_string,
+ .plen = 16,
+ .ctext = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41"
"\x1c\x26\x7e\x43\x84\xb0\xf6\x00"
"\x2f\xf5\x8d\x80\x03\x39\x27\xab"
"\x8e\xf4\xd4\x58\x75\x14\xf0\xfb",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
@@ -15228,7 +16916,7 @@
.klen = 24,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
- .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
+ .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
@@ -15236,8 +16924,8 @@
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
- .ilen = 64,
- .result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
+ .plen = 64,
+ .ctext = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
"\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
"\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
"\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
@@ -15247,62 +16935,23 @@
"\xcc\xda\x27\x10\xac\xad\xe2\x56"
"\x99\x24\xa7\xc8\x58\x73\x36\xbf"
"\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
- .rlen = 80,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\xfe\xff\xe9\x92\x86\x65\x73\x1c",
- .klen = 24,
- .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
- "\xde\xca\xf8\x88",
- .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
- "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
- "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
- "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
- "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
- "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
- "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39",
- .ilen = 60,
- .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xab\xad\xda\xd2",
- .alen = 20,
- .result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
- "\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
- "\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
- "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
- "\x7d\x77\x3d\x00\xc1\x44\xc5\x25"
- "\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
- "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9"
- "\xcc\xda\x27\x10"
- "\x25\x19\x49\x8e\x80\xf1\x47\x8f"
- "\x37\xba\x55\xbd\x6d\x27\x61\x8c",
- .rlen = 76,
- .np = 2,
- .tap = { 32, 28 },
- .anp = 2,
- .atap = { 8, 12 }
+ .clen = 80,
}, {
.key = zeroed_string,
.klen = 32,
- .result = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9"
+ .ctext = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9"
"\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b",
- .rlen = 16,
- }
-};
-
-static const struct aead_testvec aes_gcm_dec_tv_template[] = {
- { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
+ .clen = 16,
+ }, {
.key = zeroed_string,
.klen = 32,
- .input = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e"
+ .ptext = zeroed_string,
+ .plen = 16,
+ .ctext = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e"
"\x07\x4e\xc5\xd3\xba\xf3\x9d\x18"
"\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0"
"\x26\x5b\x98\xb5\xd4\x8a\xb9\x19",
- .ilen = 32,
- .result = zeroed_string,
- .rlen = 16,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
@@ -15311,7 +16960,16 @@
.klen = 32,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
- .input = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07"
+ .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
+ "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
+ "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
+ "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
+ "\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
+ .plen = 64,
+ .ctext = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07"
"\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
"\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9"
"\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
@@ -15321,16 +16979,7 @@
"\xbc\xc9\xf6\x62\x89\x80\x15\xad"
"\xb0\x94\xda\xc5\xd9\x34\x71\xbd"
"\xec\x1a\x50\x22\x70\xe3\xcc\x6c",
- .ilen = 80,
- .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
- "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
- "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
- "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
- "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
- "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
- "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
- .rlen = 64,
+ .clen = 80,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
@@ -15339,7 +16988,20 @@
.klen = 32,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
- .input = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07"
+ .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
+ "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
+ "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
+ "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
+ "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
+ "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
+ "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
+ "\xba\x63\x7b\x39",
+ .plen = 60,
+ .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xab\xad\xda\xd2",
+ .alen = 20,
+ .ctext = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07"
"\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
"\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9"
"\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
@@ -15349,90 +17011,7 @@
"\xbc\xc9\xf6\x62"
"\x76\xfc\x6e\xce\x0f\x4e\x17\x68"
"\xcd\xdf\x88\x53\xbb\x2d\x55\x1b",
- .ilen = 76,
- .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xab\xad\xda\xd2",
- .alen = 20,
- .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
- "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
- "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
- "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
- "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
- "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
- "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39",
- .rlen = 60,
- .np = 2,
- .tap = { 48, 28 },
- .anp = 3,
- .atap = { 8, 8, 4 }
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08",
- .klen = 16,
- .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
- "\xde\xca\xf8\x88",
- .input = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
- "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
- "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
- "\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
- "\x21\xd5\x14\xb2\x54\x66\x93\x1c"
- "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
- "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97"
- "\x3d\x58\xe0\x91\x47\x3f\x59\x85"
- "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6"
- "\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
- .ilen = 80,
- .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
- "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
- "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
- "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
- "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
- "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
- "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
- .rlen = 64,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08",
- .klen = 16,
- .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
- "\xde\xca\xf8\x88",
- .input = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
- "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
- "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
- "\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
- "\x21\xd5\x14\xb2\x54\x66\x93\x1c"
- "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
- "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97"
- "\x3d\x58\xe0\x91"
- "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb"
- "\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
- .ilen = 76,
- .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xab\xad\xda\xd2",
- .alen = 20,
- .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
- "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
- "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
- "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
- "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
- "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
- "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39",
- .rlen = 60,
- }, {
- .key = zeroed_string,
- .klen = 24,
- .input = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41"
- "\x1c\x26\x7e\x43\x84\xb0\xf6\x00"
- "\x2f\xf5\x8d\x80\x03\x39\x27\xab"
- "\x8e\xf4\xd4\x58\x75\x14\xf0\xfb",
- .ilen = 32,
- .result = zeroed_string,
- .rlen = 16,
+ .clen = 76,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
@@ -15440,34 +17019,20 @@
.klen = 24,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
- .input = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
- "\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
- "\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
- "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
- "\x7d\x77\x3d\x00\xc1\x44\xc5\x25"
- "\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
- "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9"
- "\xcc\xda\x27\x10\xac\xad\xe2\x56"
- "\x99\x24\xa7\xc8\x58\x73\x36\xbf"
- "\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
- .ilen = 80,
- .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
+ .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
- .rlen = 64,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\xfe\xff\xe9\x92\x86\x65\x73\x1c",
- .klen = 24,
- .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
- "\xde\xca\xf8\x88",
- .input = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
+ "\xba\x63\x7b\x39",
+ .plen = 60,
+ .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
+ "\xab\xad\xda\xd2",
+ .alen = 20,
+ .ctext = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
"\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
"\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
"\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
@@ -15477,53 +17042,40 @@
"\xcc\xda\x27\x10"
"\x25\x19\x49\x8e\x80\xf1\x47\x8f"
"\x37\xba\x55\xbd\x6d\x27\x61\x8c",
- .ilen = 76,
- .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
- "\xab\xad\xda\xd2",
- .alen = 20,
- .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
- "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
- "\x86\xa7\xa9\x53\x15\x34\xf7\xda"
- "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
- "\x1c\x3c\x0c\x95\x95\x68\x09\x53"
- "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
- "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
- "\xba\x63\x7b\x39",
- .rlen = 60,
+ .clen = 76,
}
};
-static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = {
+static const struct aead_testvec aes_gcm_rfc4106_tv_template[] = {
{ /* Generated using Crypto++ */
.key = zeroed_string,
.klen = 20,
.iv = zeroed_string,
- .input = zeroed_string,
- .ilen = 16,
+ .ptext = zeroed_string,
+ .plen = 16,
.assoc = zeroed_string,
.alen = 16,
- .result = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92"
+ .ctext = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92"
"\xF3\x28\xC2\xB9\x71\xB2\xFE\x78"
"\x97\xFE\x4C\x23\x37\x42\x01\xE0"
"\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B",
- .rlen = 32,
+ .clen = 32,
},{
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = zeroed_string,
- .ilen = 16,
+ .ptext = zeroed_string,
+ .plen = 16,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
- .result = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18"
+ .ctext = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18"
"\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28"
"\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D"
"\x2F\x70\x44\x92\xF7\xF2\xE3\xEF",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
@@ -15531,57 +17083,57 @@
"\x00\x00\x00\x00",
.klen = 20,
.iv = zeroed_string,
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 16,
+ .plen = 16,
.assoc = zeroed_string,
.alen = 16,
- .result = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
+ .ctext = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
"\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
"\x0B\x8F\x88\x69\x17\xE6\xB4\x3C"
"\xB1\x68\xFD\x14\x52\x64\x61\xB2",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = zeroed_string,
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 16,
+ .plen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
- .result = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
+ .ctext = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
"\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
"\x90\x92\xB7\xE3\x5F\xA3\x9A\x63"
"\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 16,
+ .plen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
- .result = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
+ .ctext = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
"\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
"\x64\x50\xF9\x32\x13\xFB\x74\x61"
"\xF4\xED\x52\xD3\xC5\x10\x55\x3C",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
@@ -15589,11 +17141,11 @@
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
- .result = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
+ .ctext = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
"\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
"\x98\x14\xA1\x42\x37\x80\xFD\x90"
"\x68\x12\x01\xA8\x91\x89\xB9\x83"
@@ -15603,14 +17155,14 @@
"\xDC\xD3\xDA\x65\x73\xAF\x80\xCD"
"\xD2\xB6\xC2\x4A\x76\xC2\x92\x85"
"\xBD\xCF\x62\x98\x58\x14\xE5\xBD",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
- .input = "\xff\xff\xff\xff\xff\xff\xff\xff"
+ .ptext = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
@@ -15634,12 +17186,12 @@
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
- .ilen = 192,
+ .plen = 192,
.assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
"\x89\xab\xcd\xef",
.alen = 20,
- .result = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE"
+ .ctext = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE"
"\xDE\x89\x3D\x42\xE7\xC9\x69\x8A"
"\x44\x6D\xC3\x88\x46\x2E\xC2\x01"
"\x5E\xF6\x0C\x39\xF0\xC4\xA5\x82"
@@ -15665,14 +17217,14 @@
"\x2E\xD5\x03\x2E\x86\x7E\xAA\x3B"
"\x37\x08\x1C\xCF\xBA\x5D\x71\x46"
"\x80\x72\xB0\x4C\x82\x0D\x60\x3C",
- .rlen = 208,
+ .clen = 208,
}, { /* From draft-mcgrew-gcm-test-01 */
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x2E\x44\x3B\x68",
.klen = 20,
.iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
- .input = "\x45\x00\x00\x48\x69\x9A\x00\x00"
+ .ptext = "\x45\x00\x00\x48\x69\x9A\x00\x00"
"\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
"\x38\xD3\x01\x00\x00\x01\x00\x00"
@@ -15681,12 +17233,12 @@
"\x69\x70\x09\x63\x79\x62\x65\x72"
"\x63\x69\x74\x79\x02\x64\x6B\x00"
"\x00\x21\x00\x01\x01\x02\x02\x01",
- .ilen = 72,
+ .plen = 72,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x00\x49\x56\xED\x7E"
"\x3B\x24\x4C\xFE",
.alen = 20,
- .result = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07"
+ .ctext = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07"
"\xDC\x30\xDF\x52\x8D\xD2\x2B\x76"
"\x8D\x1B\x98\x73\x66\x96\xA6\xFD"
"\x34\x85\x09\xFA\x13\xCE\xAC\x34"
@@ -15697,14 +17249,14 @@
"\x61\xBC\x17\xD7\x68\xFD\x97\x32"
"\x45\x90\x18\x14\x8F\x6C\xBE\x72"
"\x2F\xD0\x47\x96\x56\x2D\xFD\xB4",
- .rlen = 88,
+ .clen = 88,
}, {
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xCA\xFE\xBA\xBE",
.klen = 20,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .input = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
+ .ptext = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
"\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x98\x00\x35"
"\x00\x2A\x23\x43\xB2\xD0\x01\x00"
@@ -15712,11 +17264,11 @@
"\x03\x73\x69\x70\x09\x63\x79\x62"
"\x65\x72\x63\x69\x74\x79\x02\x64"
"\x6B\x00\x00\x01\x00\x01\x00\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
- .result = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1"
+ .ctext = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1"
"\x6E\x3A\x65\xBE\xEB\x8D\xF3\x04"
"\xA5\xA5\x89\x7D\x33\xAE\x53\x0F"
"\x1B\xA7\x6D\x5D\x11\x4D\x2A\x5C"
@@ -15726,7 +17278,7 @@
"\xEC\x3B\x9B\xA9\x5D\x91\x8B\xD1"
"\x83\xB7\x0D\x3A\xA8\xBC\x6E\xE4"
"\xC3\x09\xE9\xD8\x5A\x41\xAD\x4A",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
@@ -15735,18 +17287,18 @@
"\x11\x22\x33\x44",
.klen = 36,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
- .input = "\x45\x00\x00\x30\x69\xA6\x40\x00"
+ .ptext = "\x45\x00\x00\x30\x69\xA6\x40\x00"
"\x80\x06\x26\x90\xC0\xA8\x01\x02"
"\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
"\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
"\x70\x02\x40\x00\x20\xBF\x00\x00"
"\x02\x04\x05\xB4\x01\x01\x04\x02"
"\x01\x02\x02\x01",
- .ilen = 52,
+ .plen = 52,
.assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
"\x01\x02\x03\x04\x05\x06\x07\x08",
.alen = 16,
- .result = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF"
+ .ctext = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF"
"\x7A\x3B\xCD\x51\x01\x94\xE0\x0D"
"\x6A\x78\x10\x7F\x1B\x0B\x1C\xBF"
"\x06\xEF\xAE\x9D\x65\xA5\xD7\x63"
@@ -15755,14 +17307,14 @@
"\xEF\x84\x2D\x8E\xB3\x35\xF4\xEE"
"\xCF\xDB\xF8\x31\x82\x4B\x4C\x49"
"\x15\x95\x6C\x96",
- .rlen = 68,
+ .clen = 68,
}, {
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .input = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
+ .ptext = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
"\x80\x01\xCB\x7A\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x07\x5C"
"\x02\x00\x44\x00\x61\x62\x63\x64"
@@ -15770,11 +17322,11 @@
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
- .result = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92"
+ .ctext = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92"
"\x73\x29\x09\xC3\x31\xD5\x6D\x60"
"\xF6\x94\xAB\xAA\x41\x4B\x5E\x7F"
"\xF5\xFD\xCD\xFF\xF5\xE9\xA2\x84"
@@ -15784,14 +17336,14 @@
"\x1D\x19\xD4\xD5\xC8\xC1\x8A\xF3"
"\xF8\x21\xD4\x96\xEE\xB0\x96\xE9"
"\x8A\xD2\xB6\x9E\x47\x99\xC7\x1D",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
+ .ptext = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
"\x80\x01\xCB\x7C\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x08\x5C"
"\x02\x00\x43\x00\x61\x62\x63\x64"
@@ -15799,12 +17351,12 @@
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0"
+ .ctext = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0"
"\xF2\x2C\xB1\x0D\x86\xDD\x83\xB0"
"\xFE\xC7\x56\x91\xCF\x1A\x04\xB0"
"\x0D\x11\x38\xEC\x9C\x35\x79\x17"
@@ -15814,29 +17366,29 @@
"\x1F\x5E\x22\x73\x95\x30\x32\x0A"
"\xE0\xD7\x31\xCC\x97\x8E\xCA\xFA"
"\xEA\xE8\x8F\x00\xE8\x0D\x6E\x48",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
+ .ptext = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
"\x80\x01\x44\x1F\x40\x67\x93\xB6"
"\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
"\x01\x02\x02\x01",
- .ilen = 28,
+ .plen = 28,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0"
+ .ctext = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0"
"\xF2\x2C\x3E\x6E\x86\xDD\x83\x1E"
"\x1F\xC6\x57\x92\xCD\x1A\xF9\x13"
"\x0E\x13\x79\xED\x36\x9F\x07\x1F"
"\x35\xE0\x34\xBE\x95\xF1\x12\xE4"
"\xE7\xD0\x5D\x35",
- .rlen = 44,
+ .clen = 44,
}, {
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
@@ -15844,30 +17396,30 @@
"\xCA\xFE\xBA\xBE",
.klen = 28,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .input = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
+ .ptext = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
"\x40\x06\x78\x80\x0A\x01\x03\x8F"
"\x0A\x01\x06\x12\x80\x23\x06\xB8"
"\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
"\x50\x10\x16\xD0\x75\x68\x00\x01",
- .ilen = 40,
+ .plen = 40,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
- .result = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4"
+ .ctext = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4"
"\x0E\x59\x8B\x81\x22\xDE\x02\x42"
"\x09\x38\xB3\xAB\x33\xF8\x28\xE6"
"\x87\xB8\x85\x8B\x5B\xFB\xDB\xD0"
"\x31\x5B\x27\x45\x21\x44\xCC\x77"
"\x95\x45\x7B\x96\x52\x03\x7F\x53"
"\x18\x02\x7B\x5B\x4C\xD7\xA6\x36",
- .rlen = 56,
+ .clen = 56,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8\x88",
.klen = 20,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .input = "\x45\x00\x00\x49\x33\xBA\x00\x00"
+ .ptext = "\x45\x00\x00\x49\x33\xBA\x00\x00"
"\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xDD\x7B\x80\x03\x02\xD5"
@@ -15877,12 +17429,12 @@
"\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
"\x9B\x62\x66\xC0\x47\x22\xB1\x49"
"\x23\x01\x01\x01",
- .ilen = 76,
+ .plen = 76,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
- .result = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A"
+ .ctext = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A"
"\xB2\xA2\xEA\x90\x1F\x73\xD8\x14"
"\xE3\xE7\xF2\x43\xD9\x54\x12\xE1"
"\xC3\x49\xC1\xD2\xFB\xEC\x16\x8F"
@@ -15894,7 +17446,7 @@
"\xE7\x84\x5D\x68\x65\x1F\x57\xE6"
"\x5F\x35\x4F\x75\xFF\x17\x01\x57"
"\x69\x62\x34\x36",
- .rlen = 92,
+ .clen = 92,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
@@ -15903,31 +17455,31 @@
"\x73\x61\x6C\x74",
.klen = 36,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .input = "\x45\x08\x00\x28\x73\x2C\x00\x00"
+ .ptext = "\x45\x08\x00\x28\x73\x2C\x00\x00"
"\x40\x06\xE9\xF9\x0A\x01\x06\x12"
"\x0A\x01\x03\x8F\x06\xB8\x80\x23"
"\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
"\x50\x10\x1F\x64\x6D\x54\x00\x01",
- .ilen = 40,
+ .plen = 40,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
- .result = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B"
+ .ctext = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B"
"\x8D\x5E\xF3\x8B\xAD\x4D\xA5\x8D"
"\x1F\x27\x8F\xDE\x98\xEF\x67\x54"
"\x9D\x52\x4A\x30\x18\xD9\xA5\x7F"
"\xF4\xD3\xA3\x1C\xE6\x73\x11\x9E"
"\x45\x16\x26\xC2\x41\x57\x71\xE3"
"\xB7\xEE\xBC\xA6\x14\xC8\x9B\x35",
- .rlen = 56,
+ .clen = 56,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x49\x33\x3E\x00\x00"
+ .ptext = "\x45\x00\x00\x49\x33\x3E\x00\x00"
"\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xCB\x45\x80\x03\x02\x5B"
@@ -15937,12 +17489,12 @@
"\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
"\x5A\xE2\x70\xC0\x38\x99\x49\x39"
"\x15\x01\x01\x01",
- .ilen = 76,
+ .plen = 76,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0"
+ .ctext = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0"
"\x0D\x3C\xEB\xF3\x05\x41\x0D\xB8"
"\x3D\x77\x84\xB6\x07\x32\x3D\x22"
"\x0F\x24\xB0\xA9\x7D\x54\x18\x28"
@@ -15954,7 +17506,7 @@
"\xE5\x16\x09\x75\xCD\xB6\x08\xC5"
"\x76\x91\x89\x60\x97\x63\xB8\xE1"
"\x8C\xAA\x81\xE2",
- .rlen = 92,
+ .clen = 92,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
@@ -15963,7 +17515,7 @@
"\x73\x61\x6C\x74",
.klen = 36,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .input = "\x63\x69\x73\x63\x6F\x01\x72\x75"
+ .ptext = "\x63\x69\x73\x63\x6F\x01\x72\x75"
"\x6C\x65\x73\x01\x74\x68\x65\x01"
"\x6E\x65\x74\x77\x65\x01\x64\x65"
"\x66\x69\x6E\x65\x01\x74\x68\x65"
@@ -15972,12 +17524,12 @@
"\x74\x77\x69\x6C\x6C\x01\x64\x65"
"\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
"\x72\x72\x6F\x77\x01\x02\x02\x01",
- .ilen = 72,
+ .plen = 72,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
- .result = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E"
+ .ctext = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E"
"\xA1\x3D\x69\x73\xD3\x24\xC6\x9E"
"\x7B\x43\xF8\x26\xFB\x56\x83\x12"
"\x26\x50\x8B\xEB\xD2\xDC\xEB\x18"
@@ -15988,42 +17540,42 @@
"\x12\xA4\x93\x63\x41\x23\x64\xF8"
"\xC0\xCA\xC5\x87\xF2\x49\xE5\x6B"
"\x11\xE2\x4F\x30\xE4\x4C\xCC\x76",
- .rlen = 88,
+ .clen = 88,
}, {
.key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
"\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
"\xD9\x66\x42\x67",
.klen = 20,
.iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
- .input = "\x01\x02\x02\x01",
- .ilen = 4,
+ .ptext = "\x01\x02\x02\x01",
+ .plen = 4,
.assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
"\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.alen = 16,
- .result = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F"
+ .ctext = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F"
"\xE9\xB0\x82\x2B\xAC\x96\x1C\x45"
"\x04\xBE\xF2\x70",
- .rlen = 20,
+ .clen = 20,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8\x88",
.klen = 20,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .input = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
+ .ptext = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
"\x01\x6E\x6F\x74\x01\x74\x6F\x01"
"\x62\x65\x00\x01",
- .ilen = 20,
+ .plen = 20,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
- .result = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38"
+ .ctext = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38"
"\xCC\xDD\x14\xE2\xDD\xFC\xAA\x05"
"\x43\x33\x21\x64\x41\x25\x03\x52"
"\x43\x03\xED\x3C\x6C\x5F\x28\x38"
"\x43\xAF\x8C\x3E",
- .rlen = 36,
+ .clen = 36,
}, {
.key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
"\x6D\x61\x72\x69\x6A\x75\x61\x6E"
@@ -16032,19 +17584,19 @@
"\x74\x75\x72\x6E",
.klen = 36,
.iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
- .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
+ .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
- .ilen = 52,
+ .plen = 52,
.assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
"\x67\x65\x74\x6D",
.alen = 20,
- .result = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC"
+ .ctext = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC"
"\xE1\x76\x44\xAC\x8C\x78\xE2\x5D"
"\xD2\x4D\xED\xBB\x29\xEB\xF1\xB6"
"\x4A\x27\x4B\x39\xB4\x9C\x3A\x86"
@@ -16053,26 +17605,26 @@
"\x1D\xCC\x63\xB9\xD0\x93\x7B\xA2"
"\x94\x5F\x66\x93\x68\x66\x1A\x32"
"\x9F\xB4\xC0\x53",
- .rlen = 68,
+ .clen = 68,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
+ .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
- .ilen = 52,
+ .plen = 52,
.assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0"
+ .ctext = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0"
"\xF2\x2C\xA5\x4A\x06\x12\x10\xAD"
"\x3F\x6E\x57\x91\xCF\x1A\xCA\x21"
"\x0D\x11\x7C\xEC\x9C\x35\x79\x17"
@@ -16081,647 +17633,33 @@
"\x63\x21\x93\x06\x84\xEE\xCA\xDB"
"\x56\x91\x25\x46\xE7\xA9\x5C\x97"
"\x40\xD7\xCB\x05",
- .rlen = 68,
+ .clen = 68,
}, {
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x22\x43\x3C\x64",
.klen = 20,
.iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
- .input = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
+ .ptext = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
"\x71\x72\x73\x74\x01\x02\x02\x01",
- .ilen = 32,
+ .plen = 32,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x07\x48\x55\xEC\x7D"
"\x3A\x23\x4B\xFD",
.alen = 20,
- .result = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C"
+ .ctext = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C"
"\xD7\xC0\xF4\xAC\xC3\x6C\x4B\xFF"
"\x84\xB7\xD7\xB9\x8F\x0C\xA8\xB6"
"\xAC\xDA\x68\x94\xBC\x61\x90\x69"
"\xEF\x9C\xBC\x28\xFE\x1B\x56\xA7"
"\xC4\xE0\xD5\x8C\x86\xCD\x2B\xC0",
- .rlen = 48,
+ .clen = 48,
}
};
-static const struct aead_testvec aes_gcm_rfc4106_dec_tv_template[] = {
- { /* Generated using Crypto++ */
- .key = zeroed_string,
- .klen = 20,
- .iv = zeroed_string,
- .input = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92"
- "\xF3\x28\xC2\xB9\x71\xB2\xFE\x78"
- "\x97\xFE\x4C\x23\x37\x42\x01\xE0"
- "\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B",
- .ilen = 32,
- .assoc = zeroed_string,
- .alen = 16,
- .result = zeroed_string,
- .rlen = 16,
-
- },{
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18"
- "\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28"
- "\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D"
- "\x2F\x70\x44\x92\xF7\xF2\xE3\xEF",
- .ilen = 32,
- .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x01",
- .alen = 16,
- .result = zeroed_string,
- .rlen = 16,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = zeroed_string,
- .input = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
- "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
- "\x0B\x8F\x88\x69\x17\xE6\xB4\x3C"
- "\xB1\x68\xFD\x14\x52\x64\x61\xB2",
- .ilen = 32,
- .assoc = zeroed_string,
- .alen = 16,
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 16,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = zeroed_string,
- .input = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
- "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
- "\x90\x92\xB7\xE3\x5F\xA3\x9A\x63"
- "\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5",
- .ilen = 32,
- .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .alen = 16,
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 16,
-
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
- "\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
- "\x64\x50\xF9\x32\x13\xFB\x74\x61"
- "\xF4\xED\x52\xD3\xC5\x10\x55\x3C",
- .ilen = 32,
- .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x01",
- .alen = 16,
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 16,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
- "\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
- "\x98\x14\xA1\x42\x37\x80\xFD\x90"
- "\x68\x12\x01\xA8\x91\x89\xB9\x83"
- "\x5B\x11\x77\x12\x9B\xFF\x24\x89"
- "\x94\x5F\x18\x12\xBA\x27\x09\x39"
- "\x99\x96\x76\x42\x15\x1C\xCD\xCB"
- "\xDC\xD3\xDA\x65\x73\xAF\x80\xCD"
- "\xD2\xB6\xC2\x4A\x76\xC2\x92\x85"
- "\xBD\xCF\x62\x98\x58\x14\xE5\xBD",
- .ilen = 80,
- .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x01",
- .alen = 16,
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 64,
- }, {
- .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
- .input = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE"
- "\xDE\x89\x3D\x42\xE7\xC9\x69\x8A"
- "\x44\x6D\xC3\x88\x46\x2E\xC2\x01"
- "\x5E\xF6\x0C\x39\xF0\xC4\xA5\x82"
- "\xCD\xE8\x31\xCC\x0A\x4C\xE4\x44"
- "\x41\xA9\x82\x6F\x22\xA1\x23\x1A"
- "\xA8\xE3\x16\xFD\x31\x5C\x27\x31"
- "\xF1\x7F\x01\x63\xA3\xAF\x70\xA1"
- "\xCF\x07\x57\x41\x67\xD0\xC4\x42"
- "\xDB\x18\xC6\x4C\x4C\xE0\x3D\x9F"
- "\x05\x07\xFB\x13\x7D\x4A\xCA\x5B"
- "\xF0\xBF\x64\x7E\x05\xB1\x72\xEE"
- "\x7C\x3B\xD4\xCD\x14\x03\xB2\x2C"
- "\xD3\xA9\xEE\xFA\x17\xFC\x9C\xDF"
- "\xC7\x75\x40\xFF\xAE\xAD\x1E\x59"
- "\x2F\x30\x24\xFB\xAD\x6B\x10\xFA"
- "\x6C\x9F\x5B\xE7\x25\xD5\xD0\x25"
- "\xAC\x4A\x4B\xDA\xFC\x7A\x85\x1B"
- "\x7E\x13\x06\x82\x08\x17\xA4\x35"
- "\xEC\xC5\x8D\x63\x96\x81\x0A\x8F"
- "\xA3\x05\x38\x95\x20\x1A\x47\x04"
- "\x6F\x6D\xDA\x8F\xEF\xC1\x76\x35"
- "\x6B\xC7\x4D\x0F\x94\x12\xCA\x3E"
- "\x2E\xD5\x03\x2E\x86\x7E\xAA\x3B"
- "\x37\x08\x1C\xCF\xBA\x5D\x71\x46"
- "\x80\x72\xB0\x4C\x82\x0D\x60\x3C",
- .ilen = 208,
- .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
- "\x89\xab\xcd\xef",
- .alen = 20,
- .result = "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff",
- .rlen = 192,
- }, {
- .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
- "\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
- "\x2E\x44\x3B\x68",
- .klen = 20,
- .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
- .result = "\x45\x00\x00\x48\x69\x9A\x00\x00"
- "\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
- "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
- "\x38\xD3\x01\x00\x00\x01\x00\x00"
- "\x00\x00\x00\x00\x04\x5F\x73\x69"
- "\x70\x04\x5F\x75\x64\x70\x03\x73"
- "\x69\x70\x09\x63\x79\x62\x65\x72"
- "\x63\x69\x74\x79\x02\x64\x6B\x00"
- "\x00\x21\x00\x01\x01\x02\x02\x01",
- .rlen = 72,
- .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
- "\x00\x00\x00\x00\x49\x56\xED\x7E"
- "\x3B\x24\x4C\xFE",
- .alen = 20,
- .input = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07"
- "\xDC\x30\xDF\x52\x8D\xD2\x2B\x76"
- "\x8D\x1B\x98\x73\x66\x96\xA6\xFD"
- "\x34\x85\x09\xFA\x13\xCE\xAC\x34"
- "\xCF\xA2\x43\x6F\x14\xA3\xF3\xCF"
- "\x65\x92\x5B\xF1\xF4\xA1\x3C\x5D"
- "\x15\xB2\x1E\x18\x84\xF5\xFF\x62"
- "\x47\xAE\xAB\xB7\x86\xB9\x3B\xCE"
- "\x61\xBC\x17\xD7\x68\xFD\x97\x32"
- "\x45\x90\x18\x14\x8F\x6C\xBE\x72"
- "\x2F\xD0\x47\x96\x56\x2D\xFD\xB4",
- .ilen = 88,
- }, {
- .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
- "\x6D\x6A\x8F\x94\x67\x30\x83\x08"
- "\xCA\xFE\xBA\xBE",
- .klen = 20,
- .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .result = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
- "\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
- "\xC0\xA8\x01\x01\x0A\x98\x00\x35"
- "\x00\x2A\x23\x43\xB2\xD0\x01\x00"
- "\x00\x01\x00\x00\x00\x00\x00\x00"
- "\x03\x73\x69\x70\x09\x63\x79\x62"
- "\x65\x72\x63\x69\x74\x79\x02\x64"
- "\x6B\x00\x00\x01\x00\x01\x00\x01",
- .rlen = 64,
- .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
- "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .alen = 16,
- .input = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1"
- "\x6E\x3A\x65\xBE\xEB\x8D\xF3\x04"
- "\xA5\xA5\x89\x7D\x33\xAE\x53\x0F"
- "\x1B\xA7\x6D\x5D\x11\x4D\x2A\x5C"
- "\x3D\xE8\x18\x27\xC1\x0E\x9A\x4F"
- "\x51\x33\x0D\x0E\xEC\x41\x66\x42"
- "\xCF\xBB\x85\xA5\xB4\x7E\x48\xA4"
- "\xEC\x3B\x9B\xA9\x5D\x91\x8B\xD1"
- "\x83\xB7\x0D\x3A\xA8\xBC\x6E\xE4"
- "\xC3\x09\xE9\xD8\x5A\x41\xAD\x4A",
- .ilen = 80,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\x11\x22\x33\x44",
- .klen = 36,
- .iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
- .result = "\x45\x00\x00\x30\x69\xA6\x40\x00"
- "\x80\x06\x26\x90\xC0\xA8\x01\x02"
- "\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
- "\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
- "\x70\x02\x40\x00\x20\xBF\x00\x00"
- "\x02\x04\x05\xB4\x01\x01\x04\x02"
- "\x01\x02\x02\x01",
- .rlen = 52,
- .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
- "\x01\x02\x03\x04\x05\x06\x07\x08",
- .alen = 16,
- .input = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF"
- "\x7A\x3B\xCD\x51\x01\x94\xE0\x0D"
- "\x6A\x78\x10\x7F\x1B\x0B\x1C\xBF"
- "\x06\xEF\xAE\x9D\x65\xA5\xD7\x63"
- "\x74\x8A\x63\x79\x85\x77\x1D\x34"
- "\x7F\x05\x45\x65\x9F\x14\xE9\x9D"
- "\xEF\x84\x2D\x8E\xB3\x35\xF4\xEE"
- "\xCF\xDB\xF8\x31\x82\x4B\x4C\x49"
- "\x15\x95\x6C\x96",
- .ilen = 68,
- }, {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00",
- .klen = 20,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .result = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
- "\x80\x01\xCB\x7A\x40\x67\x93\x18"
- "\x01\x01\x01\x01\x08\x00\x07\x5C"
- "\x02\x00\x44\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x75\x76\x77\x61\x62\x63\x64\x65"
- "\x66\x67\x68\x69\x01\x02\x02\x01",
- .rlen = 64,
- .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .alen = 16,
- .input = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92"
- "\x73\x29\x09\xC3\x31\xD5\x6D\x60"
- "\xF6\x94\xAB\xAA\x41\x4B\x5E\x7F"
- "\xF5\xFD\xCD\xFF\xF5\xE9\xA2\x84"
- "\x45\x64\x76\x49\x27\x19\xFF\xB6"
- "\x4D\xE7\xD9\xDC\xA1\xE1\xD8\x94"
- "\xBC\x3B\xD5\x78\x73\xED\x4D\x18"
- "\x1D\x19\xD4\xD5\xC8\xC1\x8A\xF3"
- "\xF8\x21\xD4\x96\xEE\xB0\x96\xE9"
- "\x8A\xD2\xB6\x9E\x47\x99\xC7\x1D",
- .ilen = 80,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E\x43",
- .klen = 20,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
- "\x80\x01\xCB\x7C\x40\x67\x93\x18"
- "\x01\x01\x01\x01\x08\x00\x08\x5C"
- "\x02\x00\x43\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x75\x76\x77\x61\x62\x63\x64\x65"
- "\x66\x67\x68\x69\x01\x02\x02\x01",
- .rlen = 64,
- .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0"
- "\xF2\x2C\xB1\x0D\x86\xDD\x83\xB0"
- "\xFE\xC7\x56\x91\xCF\x1A\x04\xB0"
- "\x0D\x11\x38\xEC\x9C\x35\x79\x17"
- "\x65\xAC\xBD\x87\x01\xAD\x79\x84"
- "\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9"
- "\x17\x55\xE6\x66\x2B\x4C\x8D\x0D"
- "\x1F\x5E\x22\x73\x95\x30\x32\x0A"
- "\xE0\xD7\x31\xCC\x97\x8E\xCA\xFA"
- "\xEA\xE8\x8F\x00\xE8\x0D\x6E\x48",
- .ilen = 80,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E\x43",
- .klen = 20,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
- "\x80\x01\x44\x1F\x40\x67\x93\xB6"
- "\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
- "\x01\x02\x02\x01",
- .rlen = 28,
- .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0"
- "\xF2\x2C\x3E\x6E\x86\xDD\x83\x1E"
- "\x1F\xC6\x57\x92\xCD\x1A\xF9\x13"
- "\x0E\x13\x79\xED\x36\x9F\x07\x1F"
- "\x35\xE0\x34\xBE\x95\xF1\x12\xE4"
- "\xE7\xD0\x5D\x35",
- .ilen = 44,
- }, {
- .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
- "\x6D\x6A\x8F\x94\x67\x30\x83\x08"
- "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
- "\xCA\xFE\xBA\xBE",
- .klen = 28,
- .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .result = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
- "\x40\x06\x78\x80\x0A\x01\x03\x8F"
- "\x0A\x01\x06\x12\x80\x23\x06\xB8"
- "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
- "\x50\x10\x16\xD0\x75\x68\x00\x01",
- .rlen = 40,
- .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
- "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .alen = 16,
- .input = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4"
- "\x0E\x59\x8B\x81\x22\xDE\x02\x42"
- "\x09\x38\xB3\xAB\x33\xF8\x28\xE6"
- "\x87\xB8\x85\x8B\x5B\xFB\xDB\xD0"
- "\x31\x5B\x27\x45\x21\x44\xCC\x77"
- "\x95\x45\x7B\x96\x52\x03\x7F\x53"
- "\x18\x02\x7B\x5B\x4C\xD7\xA6\x36",
- .ilen = 56,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xDE\xCA\xF8\x88",
- .klen = 20,
- .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .result = "\x45\x00\x00\x49\x33\xBA\x00\x00"
- "\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
- "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
- "\x00\x35\xDD\x7B\x80\x03\x02\xD5"
- "\x00\x00\x4E\x20\x00\x1E\x8C\x18"
- "\xD7\x5B\x81\xDC\x91\xBA\xA0\x47"
- "\x6B\x91\xB9\x24\xB2\x80\x38\x9D"
- "\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
- "\x9B\x62\x66\xC0\x47\x22\xB1\x49"
- "\x23\x01\x01\x01",
- .rlen = 76,
- .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
- "\xCE\xFA\xCE\x74",
- .alen = 20,
- .input = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A"
- "\xB2\xA2\xEA\x90\x1F\x73\xD8\x14"
- "\xE3\xE7\xF2\x43\xD9\x54\x12\xE1"
- "\xC3\x49\xC1\xD2\xFB\xEC\x16\x8F"
- "\x91\x90\xFE\xEB\xAF\x2C\xB0\x19"
- "\x84\xE6\x58\x63\x96\x5D\x74\x72"
- "\xB7\x9D\xA3\x45\xE0\xE7\x80\x19"
- "\x1F\x0D\x2F\x0E\x0F\x49\x6C\x22"
- "\x6F\x21\x27\xB2\x7D\xB3\x57\x24"
- "\xE7\x84\x5D\x68\x65\x1F\x57\xE6"
- "\x5F\x35\x4F\x75\xFF\x17\x01\x57"
- "\x69\x62\x34\x36",
- .ilen = 92,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\x73\x61\x6C\x74",
- .klen = 36,
- .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .result = "\x45\x08\x00\x28\x73\x2C\x00\x00"
- "\x40\x06\xE9\xF9\x0A\x01\x06\x12"
- "\x0A\x01\x03\x8F\x06\xB8\x80\x23"
- "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
- "\x50\x10\x1F\x64\x6D\x54\x00\x01",
- .rlen = 40,
- .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
- "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
- "\x69\x76\x65\x63",
- .alen = 20,
- .input = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B"
- "\x8D\x5E\xF3\x8B\xAD\x4D\xA5\x8D"
- "\x1F\x27\x8F\xDE\x98\xEF\x67\x54"
- "\x9D\x52\x4A\x30\x18\xD9\xA5\x7F"
- "\xF4\xD3\xA3\x1C\xE6\x73\x11\x9E"
- "\x45\x16\x26\xC2\x41\x57\x71\xE3"
- "\xB7\xEE\xBC\xA6\x14\xC8\x9B\x35",
- .ilen = 56,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E\x43",
- .klen = 20,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x49\x33\x3E\x00\x00"
- "\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
- "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
- "\x00\x35\xCB\x45\x80\x03\x02\x5B"
- "\x00\x00\x01\xE0\x00\x1E\x8C\x18"
- "\xD6\x57\x59\xD5\x22\x84\xA0\x35"
- "\x2C\x71\x47\x5C\x88\x80\x39\x1C"
- "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
- "\x5A\xE2\x70\xC0\x38\x99\x49\x39"
- "\x15\x01\x01\x01",
- .rlen = 76,
- .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0"
- "\x0D\x3C\xEB\xF3\x05\x41\x0D\xB8"
- "\x3D\x77\x84\xB6\x07\x32\x3D\x22"
- "\x0F\x24\xB0\xA9\x7D\x54\x18\x28"
- "\x00\xCA\xDB\x0F\x68\xD9\x9E\xF0"
- "\xE0\xC0\xC8\x9A\xE9\xBE\xA8\x88"
- "\x4E\x52\xD6\x5B\xC1\xAF\xD0\x74"
- "\x0F\x74\x24\x44\x74\x7B\x5B\x39"
- "\xAB\x53\x31\x63\xAA\xD4\x55\x0E"
- "\xE5\x16\x09\x75\xCD\xB6\x08\xC5"
- "\x76\x91\x89\x60\x97\x63\xB8\xE1"
- "\x8C\xAA\x81\xE2",
- .ilen = 92,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\x73\x61\x6C\x74",
- .klen = 36,
- .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .result = "\x63\x69\x73\x63\x6F\x01\x72\x75"
- "\x6C\x65\x73\x01\x74\x68\x65\x01"
- "\x6E\x65\x74\x77\x65\x01\x64\x65"
- "\x66\x69\x6E\x65\x01\x74\x68\x65"
- "\x74\x65\x63\x68\x6E\x6F\x6C\x6F"
- "\x67\x69\x65\x73\x01\x74\x68\x61"
- "\x74\x77\x69\x6C\x6C\x01\x64\x65"
- "\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
- "\x72\x72\x6F\x77\x01\x02\x02\x01",
- .rlen = 72,
- .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
- "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
- "\x69\x76\x65\x63",
- .alen = 20,
- .input = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E"
- "\xA1\x3D\x69\x73\xD3\x24\xC6\x9E"
- "\x7B\x43\xF8\x26\xFB\x56\x83\x12"
- "\x26\x50\x8B\xEB\xD2\xDC\xEB\x18"
- "\xD0\xA6\xDF\x10\xE5\x48\x7D\xF0"
- "\x74\x11\x3E\x14\xC6\x41\x02\x4E"
- "\x3E\x67\x73\xD9\x1A\x62\xEE\x42"
- "\x9B\x04\x3A\x10\xE3\xEF\xE6\xB0"
- "\x12\xA4\x93\x63\x41\x23\x64\xF8"
- "\xC0\xCA\xC5\x87\xF2\x49\xE5\x6B"
- "\x11\xE2\x4F\x30\xE4\x4C\xCC\x76",
- .ilen = 88,
- }, {
- .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
- "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
- "\xD9\x66\x42\x67",
- .klen = 20,
- .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
- .result = "\x01\x02\x02\x01",
- .rlen = 4,
- .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
- "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
- .alen = 16,
- .input = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F"
- "\xE9\xB0\x82\x2B\xAC\x96\x1C\x45"
- "\x04\xBE\xF2\x70",
- .ilen = 20,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xDE\xCA\xF8\x88",
- .klen = 20,
- .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .result = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
- "\x01\x6E\x6F\x74\x01\x74\x6F\x01"
- "\x62\x65\x00\x01",
- .rlen = 20,
- .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
- "\xCE\xFA\xCE\x74",
- .alen = 20,
- .input = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38"
- "\xCC\xDD\x14\xE2\xDD\xFC\xAA\x05"
- "\x43\x33\x21\x64\x41\x25\x03\x52"
- "\x43\x03\xED\x3C\x6C\x5F\x28\x38"
- "\x43\xAF\x8C\x3E",
- .ilen = 36,
- }, {
- .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
- "\x6D\x61\x72\x69\x6A\x75\x61\x6E"
- "\x61\x61\x6E\x64\x64\x6F\x69\x74"
- "\x62\x65\x66\x6F\x72\x65\x69\x61"
- "\x74\x75\x72\x6E",
- .klen = 36,
- .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
- .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
- "\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
- "\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01",
- .rlen = 52,
- .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
- "\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
- "\x67\x65\x74\x6D",
- .alen = 20,
- .input = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC"
- "\xE1\x76\x44\xAC\x8C\x78\xE2\x5D"
- "\xD2\x4D\xED\xBB\x29\xEB\xF1\xB6"
- "\x4A\x27\x4B\x39\xB4\x9C\x3A\x86"
- "\x4C\xD3\xD7\x8C\xA4\xAE\x68\xA3"
- "\x2B\x42\x45\x8F\xB5\x7D\xBE\x82"
- "\x1D\xCC\x63\xB9\xD0\x93\x7B\xA2"
- "\x94\x5F\x66\x93\x68\x66\x1A\x32"
- "\x9F\xB4\xC0\x53",
- .ilen = 68,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E\x43",
- .klen = 20,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
- "\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
- "\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01",
- .rlen = 52,
- .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0"
- "\xF2\x2C\xA5\x4A\x06\x12\x10\xAD"
- "\x3F\x6E\x57\x91\xCF\x1A\xCA\x21"
- "\x0D\x11\x7C\xEC\x9C\x35\x79\x17"
- "\x65\xAC\xBD\x87\x01\xAD\x79\x84"
- "\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9"
- "\x63\x21\x93\x06\x84\xEE\xCA\xDB"
- "\x56\x91\x25\x46\xE7\xA9\x5C\x97"
- "\x40\xD7\xCB\x05",
- .ilen = 68,
- }, {
- .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
- "\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
- "\x22\x43\x3C\x64",
- .klen = 20,
- .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
- .result = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
- "\x61\x62\x63\x64\x65\x66\x67\x68"
- "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
- "\x71\x72\x73\x74\x01\x02\x02\x01",
- .rlen = 32,
- .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
- "\x00\x00\x00\x07\x48\x55\xEC\x7D"
- "\x3A\x23\x4B\xFD",
- .alen = 20,
- .input = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C"
- "\xD7\xC0\xF4\xAC\xC3\x6C\x4B\xFF"
- "\x84\xB7\xD7\xB9\x8F\x0C\xA8\xB6"
- "\xAC\xDA\x68\x94\xBC\x61\x90\x69"
- "\xEF\x9C\xBC\x28\xFE\x1B\x56\xA7"
- "\xC4\xE0\xD5\x8C\x86\xCD\x2B\xC0",
- .ilen = 48,
- }
-};
-
-static const struct aead_testvec aes_gcm_rfc4543_enc_tv_template[] = {
+static const struct aead_testvec aes_gcm_rfc4543_tv_template[] = {
{ /* From draft-mcgrew-gcm-test-01 */
.key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda"
"\x90\x6a\xc7\x3c\x36\x13\xa6\x34"
@@ -16731,15 +17669,15 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x07"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
- .input = "\x45\x00\x00\x30\xda\x3a\x00\x00"
+ .ptext = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
- .ilen = 52,
- .result = "\x45\x00\x00\x30\xda\x3a\x00\x00"
+ .plen = 52,
+ .ctext = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
@@ -16748,38 +17686,7 @@
"\x01\x02\x02\x01\xf2\xa9\xa8\x36"
"\xe1\x55\x10\x6a\xa8\xdc\xd6\x18"
"\xe4\x09\x9a\xaa",
- .rlen = 68,
- }
-};
-
-static const struct aead_testvec aes_gcm_rfc4543_dec_tv_template[] = {
- { /* From draft-mcgrew-gcm-test-01 */
- .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda"
- "\x90\x6a\xc7\x3c\x36\x13\xa6\x34"
- "\x22\x43\x3c\x64",
- .klen = 20,
- .iv = zeroed_string,
- .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .alen = 16,
- .input = "\x45\x00\x00\x30\xda\x3a\x00\x00"
- "\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
- "\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6a\x6b\x6c"
- "\x6d\x6e\x6f\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01\xf2\xa9\xa8\x36"
- "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18"
- "\xe4\x09\x9a\xaa",
- .ilen = 68,
- .result = "\x45\x00\x00\x30\xda\x3a\x00\x00"
- "\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
- "\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6a\x6b\x6c"
- "\x6d\x6e\x6f\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01",
- .rlen = 52,
+ .clen = 68,
}, { /* nearly same as previous, but should fail */
.key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda"
"\x90\x6a\xc7\x3c\x36\x13\xa6\x34"
@@ -16789,7 +17696,16 @@
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x07"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
- .input = "\x45\x00\x00\x30\xda\x3a\x00\x00"
+ .ptext = "\x45\x00\x00\x30\xda\x3a\x00\x00"
+ "\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
+ "\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
+ "\x02\x00\x07\x00\x61\x62\x63\x64"
+ "\x65\x66\x67\x68\x69\x6a\x6b\x6c"
+ "\x6d\x6e\x6f\x70\x71\x72\x73\x74"
+ "\x01\x02\x02\x01",
+ .plen = 52,
+ .novrfy = 1,
+ .ctext = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
@@ -16798,20 +17714,11 @@
"\x01\x02\x02\x01\xf2\xa9\xa8\x36"
"\xe1\x55\x10\x6a\xa8\xdc\xd6\x18"
"\x00\x00\x00\x00",
- .ilen = 68,
- .novrfy = 1,
- .result = "\x45\x00\x00\x30\xda\x3a\x00\x00"
- "\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
- "\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6a\x6b\x6c"
- "\x6d\x6e\x6f\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01",
- .rlen = 52,
+ .clen = 68,
},
};
-static const struct aead_testvec aes_ccm_enc_tv_template[] = {
+static const struct aead_testvec aes_ccm_tv_template[] = {
{ /* From RFC 3610 */
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
@@ -16820,15 +17727,15 @@
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
.alen = 8,
- .input = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ .ptext = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e",
- .ilen = 23,
- .result = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2"
+ .plen = 23,
+ .ctext = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2"
"\xf0\x66\xd0\xc2\xc0\xf9\x89\x80"
"\x6d\x5f\x6b\x61\xda\xc3\x84\x17"
"\xe8\xd1\x2c\xfd\xf9\x26\xe0",
- .rlen = 31,
+ .clen = 31,
}, {
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
@@ -16838,15 +17745,15 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b",
.alen = 12,
- .input = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
+ .ptext = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b"
"\x1c\x1d\x1e\x1f",
- .ilen = 20,
- .result = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb"
+ .plen = 20,
+ .ctext = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb"
"\x9d\x4e\x13\x12\x53\x65\x8a\xd8"
"\x6e\xbd\xca\x3e\x51\xe8\x3f\x07"
"\x7d\x9c\x2d\x93",
- .rlen = 28,
+ .clen = 28,
}, {
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
@@ -16855,17 +17762,17 @@
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
.alen = 8,
- .input = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ .ptext = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20",
- .ilen = 25,
- .result = "\x82\x53\x1a\x60\xcc\x24\x94\x5a"
+ .plen = 25,
+ .ctext = "\x82\x53\x1a\x60\xcc\x24\x94\x5a"
"\x4b\x82\x79\x18\x1a\xb5\xc8\x4d"
"\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1"
"\x97\xea\x9c\x07\xe5\x6b\x5e\xb1"
"\x7e\x5f\x4e",
- .rlen = 35,
+ .clen = 35,
}, {
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
@@ -16875,15 +17782,15 @@
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b",
.alen = 12,
- .input = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
+ .ptext = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b"
"\x1c\x1d\x1e",
- .ilen = 19,
- .result = "\x07\x34\x25\x94\x15\x77\x85\x15"
+ .plen = 19,
+ .ctext = "\x07\x34\x25\x94\x15\x77\x85\x15"
"\x2b\x07\x40\x98\x33\x0a\xbb\x14"
"\x1b\x94\x7b\x56\x6a\xa9\x40\x6b"
"\x4d\x99\x99\x88\xdd",
- .rlen = 29,
+ .clen = 29,
}, {
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
@@ -16892,15 +17799,15 @@
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb",
.alen = 8,
- .input = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a"
+ .ptext = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a"
"\xfa\x00\x39\xba\x4b\xaf\xf9\xbf"
"\xb7\x9c\x70\x28\x94\x9c\xd0\xec",
- .ilen = 24,
- .result = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa"
+ .plen = 24,
+ .ctext = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa"
"\xa0\x72\x6c\x55\xd3\x78\x06\x12"
"\x98\xc8\x5c\x92\x81\x4a\xbc\x33"
"\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
@@ -16910,15 +17817,15 @@
.assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81"
"\x20\xea\x60\xc0",
.alen = 12,
- .input = "\x64\x35\xac\xba\xfb\x11\xa8\x2e"
+ .ptext = "\x64\x35\xac\xba\xfb\x11\xa8\x2e"
"\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9"
"\x3a\x80\x3b\xa8\x7f",
- .ilen = 21,
- .result = "\x00\x97\x69\xec\xab\xdf\x48\x62"
+ .plen = 21,
+ .ctext = "\x00\x97\x69\xec\xab\xdf\x48\x62"
"\x55\x94\xc5\x92\x51\xe6\x03\x57"
"\x22\x67\x5e\x04\xc8\x47\x09\x9e"
"\x5a\xe0\x70\x45\x51",
- .rlen = 29,
+ .clen = 29,
}, {
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
@@ -16927,16 +17834,16 @@
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8",
.alen = 8,
- .input = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01"
+ .ptext = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01"
"\x8e\x5e\x67\x01\xc9\x17\x87\x65"
"\x98\x09\xd6\x7d\xbe\xdd\x18",
- .ilen = 23,
- .result = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6"
+ .plen = 23,
+ .ctext = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6"
"\xdb\x38\x6a\x99\xac\x1a\xef\x23"
"\xad\xe0\xb5\x29\x39\xcb\x6a\x63"
"\x7c\xf9\xbe\xc2\x40\x88\x97\xc6"
"\xba",
- .rlen = 33,
+ .clen = 33,
}, {
/* This is taken from FIPS CAVS. */
.key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05"
@@ -16944,18 +17851,18 @@
.klen = 16,
.iv = "\x03\x96\xac\x59\x30\x07\xa1\xe2\xa2\xc7\x55\x24\0\0\0\0",
.alen = 0,
- .input = "\x19\xc8\x81\xf6\xe9\x86\xff\x93"
+ .ptext = "\x19\xc8\x81\xf6\xe9\x86\xff\x93"
"\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e"
"\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c"
"\x35\x2e\xad\xe0\x62\xf9\x91\xa1",
- .ilen = 32,
- .result = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8"
+ .plen = 32,
+ .ctext = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8"
"\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1"
"\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a"
"\x57\x2b\xbe\x5d\x98\xa6\xb1\x32"
"\xda\x24\xea\xd9\xa1\x39\x98\xfd"
"\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8",
- .rlen = 48,
+ .clen = 48,
}, {
.key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0"
"\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3",
@@ -16967,18 +17874,18 @@
"\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1"
"\x0a\x63\x09\x78\xbc\x2c\x55\xde",
.alen = 32,
- .input = "\x87\xa3\x36\xfd\x96\xb3\x93\x78"
+ .ptext = "\x87\xa3\x36\xfd\x96\xb3\x93\x78"
"\xa9\x28\x63\xba\x12\xa3\x14\x85"
"\x57\x1e\x06\xc9\x7b\x21\xef\x76"
"\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e",
- .ilen = 32,
- .result = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19"
+ .plen = 32,
+ .ctext = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19"
"\xfc\x70\xc4\x6d\x8e\xb7\x99\xab"
"\xc5\x4b\xa2\xac\xd3\xf3\x48\xff"
"\x3b\xb5\xce\x53\xef\xde\xbb\x02"
"\xa9\x86\x15\x6c\x13\xfe\xda\x0a"
"\x22\xb8\x29\x3d\xd8\x39\x9a\x23",
- .rlen = 48,
+ .clen = 48,
}, {
.key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1"
"\xa3\xf0\xff\xdd\x4e\x4b\x12\x75"
@@ -16991,9 +17898,9 @@
"\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d"
"\xd8\x9e\x2b\x56\x10\x23\x56\xe7",
.alen = 32,
- .result = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc"
+ .ctext = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc"
"\xad\x0c\x7a\x63\xf6\x61\xfd\x9b",
- .rlen = 16,
+ .clen = 16,
}, {
.key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42"
"\xef\x7a\xd3\xce\xfc\x84\x60\x62"
@@ -17006,18 +17913,18 @@
"\xf2\x88\x32\xa3\xf2\x50\xcb\x4c"
"\xe3\x00\x73\x69\x84\x69\x87\x79",
.alen = 32,
- .input = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c"
+ .ptext = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c"
"\x43\x69\x3a\x2d\x8e\x70\xad\x7e"
"\xe0\xe5\x46\x09\x80\x89\x13\xb2"
"\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b",
- .ilen = 32,
- .result = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62"
+ .plen = 32,
+ .ctext = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62"
"\x5d\x51\xc2\x16\xd8\xbd\x06\x9f"
"\x9b\x6a\x09\x70\xc1\x51\x83\xc2"
"\x66\x88\x1d\x4f\x9a\xda\xe0\x1e"
"\xc7\x79\x11\x58\xe5\x6b\x20\x40"
"\x7a\xea\x46\x42\x8b\xe4\x6f\xe1",
- .rlen = 48,
+ .clen = 48,
}, {
.key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a"
"\xbd\x01\x99\xd5\x8a\xdf\x71\x3a"
@@ -17031,17 +17938,17 @@
"\x6b\x75\xcb\x98\x34\x08\x7e\x79"
"\xe4\x3e\x49\x0d\x84\x8b\x22\x87",
.alen = 32,
- .input = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f"
+ .ptext = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f"
"\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66"
"\xbf\x17\x99\x62\x4a\x39\x27\x1f"
"\x1d\xdc\x24\xae\x19\x2f\x98\x4c",
- .ilen = 32,
- .result = "\x19\xb8\x61\x33\x45\x2b\x43\x96"
+ .plen = 32,
+ .ctext = "\x19\xb8\x61\x33\x45\x2b\x43\x96"
"\x6f\x51\xd0\x20\x30\x7d\x9b\xc6"
"\x26\x3d\xf8\xc9\x65\x16\xa8\x9f"
"\xf0\x62\x17\x34\xf2\x1e\x8d\x75"
"\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d",
- .rlen = 40,
+ .clen = 40,
}, {
.key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c"
"\x45\x41\xb8\xbd\x5c\xa7\xc2\x32"
@@ -17055,18 +17962,18 @@
"\x8e\xd6\x39\xcf\x7d\x14\x9b\x94"
"\xb0\x39\x36\xe6\x8f\x57\xe0\x13",
.alen = 32,
- .input = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6"
+ .ptext = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6"
"\x83\x72\x07\x4f\xcf\xfa\x66\x89"
"\x5f\xca\xb1\xba\xd5\x8f\x2c\x27"
"\x30\xdb\x75\x09\x93\xd4\x65\xe4",
- .ilen = 32,
- .result = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d"
+ .plen = 32,
+ .ctext = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d"
"\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d"
"\xcc\x63\x44\x25\x07\x78\x4f\x9e"
"\x96\xb8\x88\xeb\xbc\x48\x1f\x06"
"\x39\xaf\x39\xac\xd8\x4a\x80\x39"
"\x7b\x72\x8a\xf7",
- .rlen = 44,
+ .clen = 44,
}, {
.key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83"
"\x8c\x76\x95\xd4\xb6\xdc\xf3\x46"
@@ -17080,147 +17987,18 @@
"\xab\x90\x65\x8d\x8e\xca\x4d\x4f"
"\x16\x0c\x40\x90\x4b\xc7\x36\x73",
.alen = 32,
- .input = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92"
+ .ptext = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92"
"\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d"
"\x6c\xde\xbc\xf1\x90\xea\x6a\xb2"
"\x35\x86\x36\xaf\x5c\xfe\x4b\x3a",
- .ilen = 32,
- .result = "\x83\x6f\x40\x87\x72\xcf\xc1\x13"
+ .plen = 32,
+ .ctext = "\x83\x6f\x40\x87\x72\xcf\xc1\x13"
"\xef\xbb\x80\x21\x04\x6c\x58\x09"
"\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7"
"\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf"
"\x5c\xda\xb2\x33\xe5\x13\xe2\x0d"
"\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8",
- .rlen = 48,
- }
-};
-
-static const struct aead_testvec aes_ccm_dec_tv_template[] = {
- { /* From RFC 3610 */
- .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
- .klen = 16,
- .iv = "\x01\x00\x00\x00\x03\x02\x01\x00"
- "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
- .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
- .alen = 8,
- .input = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2"
- "\xf0\x66\xd0\xc2\xc0\xf9\x89\x80"
- "\x6d\x5f\x6b\x61\xda\xc3\x84\x17"
- "\xe8\xd1\x2c\xfd\xf9\x26\xe0",
- .ilen = 31,
- .result = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e",
- .rlen = 23,
- }, {
- .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
- .klen = 16,
- .iv = "\x01\x00\x00\x00\x07\x06\x05\x04"
- "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
- .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b",
- .alen = 12,
- .input = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb"
- "\x9d\x4e\x13\x12\x53\x65\x8a\xd8"
- "\x6e\xbd\xca\x3e\x51\xe8\x3f\x07"
- "\x7d\x9c\x2d\x93",
- .ilen = 28,
- .result = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
- "\x14\x15\x16\x17\x18\x19\x1a\x1b"
- "\x1c\x1d\x1e\x1f",
- .rlen = 20,
- }, {
- .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
- .klen = 16,
- .iv = "\x01\x00\x00\x00\x0b\x0a\x09\x08"
- "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
- .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
- .alen = 8,
- .input = "\x82\x53\x1a\x60\xcc\x24\x94\x5a"
- "\x4b\x82\x79\x18\x1a\xb5\xc8\x4d"
- "\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1"
- "\x97\xea\x9c\x07\xe5\x6b\x5e\xb1"
- "\x7e\x5f\x4e",
- .ilen = 35,
- .result = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
- "\x20",
- .rlen = 25,
- }, {
- .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
- "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
- .klen = 16,
- .iv = "\x01\x00\x00\x00\x0c\x0b\x0a\x09"
- "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
- .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b",
- .alen = 12,
- .input = "\x07\x34\x25\x94\x15\x77\x85\x15"
- "\x2b\x07\x40\x98\x33\x0a\xbb\x14"
- "\x1b\x94\x7b\x56\x6a\xa9\x40\x6b"
- "\x4d\x99\x99\x88\xdd",
- .ilen = 29,
- .result = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
- "\x14\x15\x16\x17\x18\x19\x1a\x1b"
- "\x1c\x1d\x1e",
- .rlen = 19,
- }, {
- .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
- "\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
- .klen = 16,
- .iv = "\x01\x00\x33\x56\x8e\xf7\xb2\x63"
- "\x3c\x96\x96\x76\x6c\xfa\x00\x00",
- .assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb",
- .alen = 8,
- .input = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa"
- "\xa0\x72\x6c\x55\xd3\x78\x06\x12"
- "\x98\xc8\x5c\x92\x81\x4a\xbc\x33"
- "\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a",
- .ilen = 32,
- .result = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a"
- "\xfa\x00\x39\xba\x4b\xaf\xf9\xbf"
- "\xb7\x9c\x70\x28\x94\x9c\xd0\xec",
- .rlen = 24,
- }, {
- .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
- "\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
- .klen = 16,
- .iv = "\x01\x00\xd5\x60\x91\x2d\x3f\x70"
- "\x3c\x96\x96\x76\x6c\xfa\x00\x00",
- .assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81"
- "\x20\xea\x60\xc0",
- .alen = 12,
- .input = "\x00\x97\x69\xec\xab\xdf\x48\x62"
- "\x55\x94\xc5\x92\x51\xe6\x03\x57"
- "\x22\x67\x5e\x04\xc8\x47\x09\x9e"
- "\x5a\xe0\x70\x45\x51",
- .ilen = 29,
- .result = "\x64\x35\xac\xba\xfb\x11\xa8\x2e"
- "\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9"
- "\x3a\x80\x3b\xa8\x7f",
- .rlen = 21,
- }, {
- .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
- "\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
- .klen = 16,
- .iv = "\x01\x00\x42\xff\xf8\xf1\x95\x1c"
- "\x3c\x96\x96\x76\x6c\xfa\x00\x00",
- .assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8",
- .alen = 8,
- .input = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6"
- "\xdb\x38\x6a\x99\xac\x1a\xef\x23"
- "\xad\xe0\xb5\x29\x39\xcb\x6a\x63"
- "\x7c\xf9\xbe\xc2\x40\x88\x97\xc6"
- "\xba",
- .ilen = 33,
- .result = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01"
- "\x8e\x5e\x67\x01\xc9\x17\x87\x65"
- "\x98\x09\xd6\x7d\xbe\xdd\x18",
- .rlen = 23,
+ .clen = 48,
}, {
/* This is taken from FIPS CAVS. */
.key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1"
@@ -17229,10 +18007,10 @@
.iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab"
"\xd8\xa6\xb2\xd8\x00\x00\x00\x00",
.alen = 0,
- .input = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b",
- .ilen = 8,
- .result = "\x00",
- .rlen = 0,
+ .ptext = "\x00",
+ .plen = 0,
+ .ctext = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b",
+ .clen = 8,
.novrfy = 1,
}, {
.key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1"
@@ -17241,10 +18019,10 @@
.iv = "\x03\xaf\x94\x87\x78\x35\x82\x81"
"\x7f\x88\x94\x68\x00\x00\x00\x00",
.alen = 0,
- .input = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3",
- .ilen = 8,
- .result = "\x00",
- .rlen = 0,
+ .ptext = "\x00",
+ .plen = 0,
+ .ctext = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3",
+ .clen = 8,
}, {
.key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38"
"\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8",
@@ -17256,18 +18034,18 @@
"\x04\x1f\x4e\xed\x78\xd5\x33\x66"
"\xd8\x94\x99\x91\x81\x54\x62\x57",
.alen = 32,
- .input = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55"
+ .ptext = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb"
+ "\x33\xe4\x73\xce\xd2\xfb\x95\x79"
+ "\xe8\xb4\xb5\x77\x11\x10\x62\x6f"
+ "\x6a\x82\xd1\x13\xec\xf5\xd0\x48",
+ .plen = 32,
+ .ctext = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55"
"\xd0\xd1\x3d\x1a\xa3\x6d\xe4\x0a"
"\x86\xb0\x87\x6b\x62\x33\x8c\x34"
"\xce\xab\x57\xcc\x79\x0b\xe0\x6f"
"\x5c\x3e\x48\x1f\x6c\x46\xf7\x51"
"\x8b\x84\x83\x2a\xc1\x05\xb8\xc5",
- .ilen = 48,
- .result = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb"
- "\x33\xe4\x73\xce\xd2\xfb\x95\x79"
- "\xe8\xb4\xb5\x77\x11\x10\x62\x6f"
- "\x6a\x82\xd1\x13\xec\xf5\xd0\x48",
- .rlen = 32,
+ .clen = 48,
.novrfy = 1,
}, {
.key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38"
@@ -17280,18 +18058,18 @@
"\xd8\x5c\x42\x68\xe0\x6c\xda\x89"
"\x05\xac\x56\xac\x1b\x2a\xd3\x86",
.alen = 32,
- .input = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c"
+ .ptext = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60"
+ "\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7"
+ "\xf2\xae\x61\x05\x8f\x82\x24\x3f"
+ "\x9c\x67\x91\xe1\x38\x4f\xe4\x0c",
+ .plen = 32,
+ .ctext = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c"
"\xad\x83\x52\x6d\x71\x03\x25\x1c"
"\xed\x81\x3a\x9a\x16\x7d\x19\x80"
"\x72\x04\x72\xd0\xf6\xff\x05\x0f"
"\xb7\x14\x30\x00\x32\x9e\xa0\xa6"
"\x9e\x5a\x18\xa1\xb8\xfe\xdb\xd3",
- .ilen = 48,
- .result = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60"
- "\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7"
- "\xf2\xae\x61\x05\x8f\x82\x24\x3f"
- "\x9c\x67\x91\xe1\x38\x4f\xe4\x0c",
- .rlen = 32,
+ .clen = 48,
}, {
.key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73"
"\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3"
@@ -17304,10 +18082,10 @@
"\xa4\xf0\x13\x05\xd1\x77\x99\x67"
"\x11\xc4\xc6\xdb\x00\x56\x36\x61",
.alen = 32,
- .input = "\x71\x99\xfa\xf4\x44\x12\x68\x9b",
- .ilen = 8,
- .result = "\x00",
- .rlen = 0,
+ .ptext = "\x00",
+ .plen = 0,
+ .ctext = "\x71\x99\xfa\xf4\x44\x12\x68\x9b",
+ .clen = 8,
}, {
.key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7"
"\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
@@ -17320,17 +18098,17 @@
"\xa4\xf0\x13\x05\xd1\x77\x99\x67"
"\x11\xc4\xc6\xdb\x00\x56\x36\x61",
.alen = 32,
- .input = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7"
+ .ptext = "\x85\x34\x66\x42\xc8\x92\x0f\x36"
+ "\x58\xe0\x6b\x91\x3c\x98\x5c\xbb"
+ "\x0a\x85\xcc\x02\xad\x7a\x96\xe9"
+ "\x65\x43\xa4\xc3\x0f\xdc\x55\x81",
+ .plen = 32,
+ .ctext = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7"
"\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2"
"\x66\xca\x61\x1e\x96\x7a\x61\xb3"
"\x1c\x16\x45\x52\xba\x04\x9c\x9f"
"\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1",
- .ilen = 40,
- .result = "\x85\x34\x66\x42\xc8\x92\x0f\x36"
- "\x58\xe0\x6b\x91\x3c\x98\x5c\xbb"
- "\x0a\x85\xcc\x02\xad\x7a\x96\xe9"
- "\x65\x43\xa4\xc3\x0f\xdc\x55\x81",
- .rlen = 32,
+ .clen = 40,
}, {
.key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7"
"\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
@@ -17343,18 +18121,18 @@
"\xff\xb6\x81\xbd\xe2\xd5\x06\xc7"
"\x3c\xa1\x52\x13\x03\x8a\x23\x3a",
.alen = 32,
- .input = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00"
+ .ptext = "\x02\x87\x4d\x28\x80\x6e\xb2\xed"
+ "\x99\x2a\xa8\xca\x04\x25\x45\x90"
+ "\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c"
+ "\x49\xe9\x01\xfe\xa7\x80\x6d\x6b",
+ .plen = 32,
+ .ctext = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00"
"\xc6\x0e\x6e\xe5\xd6\x98\xa6\x37"
"\x8c\x26\x33\xc6\xb2\xa2\x17\xfa"
"\x64\x19\xc0\x30\xd7\xfc\x14\x6b"
"\xe3\x33\xc2\x04\xb0\x37\xbe\x3f"
"\xa9\xb4\x2d\x68\x03\xa3\x44\xef",
- .ilen = 48,
- .result = "\x02\x87\x4d\x28\x80\x6e\xb2\xed"
- "\x99\x2a\xa8\xca\x04\x25\x45\x90"
- "\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c"
- "\x49\xe9\x01\xfe\xa7\x80\x6d\x6b",
- .rlen = 32,
+ .clen = 48,
.novrfy = 1,
}, {
.key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01"
@@ -17365,10 +18143,10 @@
.iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9"
"\x57\xba\xfd\x9e\x00\x00\x00\x00",
.alen = 0,
- .input = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2",
- .ilen = 8,
- .result = "\x00",
- .rlen = 0,
+ .ptext = "\x00",
+ .plen = 0,
+ .ctext = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2",
+ .clen = 8,
}, {
.key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73"
"\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3"
@@ -17378,18 +18156,18 @@
.iv = "\x03\x85\x34\x66\x42\xc8\x92\x0f"
"\x36\x58\xe0\x6b\x00\x00\x00\x00",
.alen = 0,
- .input = "\x48\x01\x5e\x02\x24\x04\x66\x47"
+ .ptext = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c"
+ "\xf0\x97\x3a\xfb\x6d\xe7\x32\x99"
+ "\x3e\xaf\x70\x5e\xb2\x4d\xea\x39"
+ "\x89\xd4\x75\x7a\x63\xb1\xda\x93",
+ .plen = 32,
+ .ctext = "\x48\x01\x5e\x02\x24\x04\x66\x47"
"\xa1\xea\x6f\xaf\xe8\xfc\xfb\xdd"
"\xa5\xa9\x87\x8d\x84\xee\x2e\x77"
"\xbb\x86\xb9\xf5\x5c\x6c\xff\xf6"
"\x72\xc3\x8e\xf7\x70\xb1\xb2\x07"
"\xbc\xa8\xa3\xbd\x83\x7c\x1d\x2a",
- .ilen = 48,
- .result = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c"
- "\xf0\x97\x3a\xfb\x6d\xe7\x32\x99"
- "\x3e\xaf\x70\x5e\xb2\x4d\xea\x39"
- "\x89\xd4\x75\x7a\x63\xb1\xda\x93",
- .rlen = 32,
+ .clen = 48,
.novrfy = 1,
}, {
.key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7"
@@ -17404,18 +18182,18 @@
"\x8a\x2a\xc5\x6f\x30\x23\x58\x7b"
"\xfb\x36\x03\x11\xb4\xd9\xf2\xfe",
.alen = 32,
- .input = "\x48\x58\xd6\xf3\xad\x63\x58\xbf"
+ .ptext = "\xc2\x54\xc8\xde\x78\x87\x77\x40"
+ "\x49\x71\xe4\xb7\xe7\xcb\x76\x61"
+ "\x0a\x41\xb9\xe9\xc0\x76\x54\xab"
+ "\x04\x49\x3b\x19\x93\x57\x25\x5d",
+ .plen = 32,
+ .ctext = "\x48\x58\xd6\xf3\xad\x63\x58\xbf"
"\xae\xc7\x5e\xae\x83\x8f\x7b\xe4"
"\x78\x5c\x4c\x67\x71\x89\x94\xbf"
"\x47\xf1\x63\x7e\x1c\x59\xbd\xc5"
"\x7f\x44\x0a\x0c\x01\x18\x07\x92"
"\xe1\xd3\x51\xce\x32\x6d\x0c\x5b",
- .ilen = 48,
- .result = "\xc2\x54\xc8\xde\x78\x87\x77\x40"
- "\x49\x71\xe4\xb7\xe7\xcb\x76\x61"
- "\x0a\x41\xb9\xe9\xc0\x76\x54\xab"
- "\x04\x49\x3b\x19\x93\x57\x25\x5d",
- .rlen = 32,
+ .clen = 48,
},
};
@@ -17427,36 +18205,36 @@
* These vectors are copied/generated from the ones for rfc4106 with
* the key truncated by one byte..
*/
-static const struct aead_testvec aes_ccm_rfc4309_enc_tv_template[] = {
+static const struct aead_testvec aes_ccm_rfc4309_tv_template[] = {
{ /* Generated using Crypto++ */
.key = zeroed_string,
.klen = 19,
.iv = zeroed_string,
- .input = zeroed_string,
- .ilen = 16,
+ .ptext = zeroed_string,
+ .plen = 16,
.assoc = zeroed_string,
.alen = 16,
- .result = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
+ .ctext = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
"\x12\x50\xE8\xDE\x81\x3C\x63\x08"
"\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5"
"\x27\x50\x01\xAC\x03\x33\x39\xFB",
- .rlen = 32,
+ .clen = 32,
},{
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = zeroed_string,
- .ilen = 16,
+ .ptext = zeroed_string,
+ .plen = 16,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
- .result = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F"
+ .ctext = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F"
"\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17"
"\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA"
"\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
@@ -17464,57 +18242,57 @@
"\x00\x00\x00",
.klen = 19,
.iv = zeroed_string,
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 16,
+ .plen = 16,
.assoc = zeroed_string,
.alen = 16,
- .result = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
+ .ctext = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
"\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
"\xA1\xE2\xC2\x42\x2B\x81\x70\x40"
"\xFD\x7F\x76\xD1\x03\x07\xBB\x0C",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = zeroed_string,
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 16,
+ .plen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
- .result = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
+ .ctext = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
"\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
"\x5B\xC0\x73\xE0\x2B\x73\x68\xC9"
"\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 16,
+ .plen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
- .result = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
+ .ctext = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
"\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
"\x43\x8E\x76\x57\x3B\xB4\x05\xE8"
"\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED",
- .rlen = 32,
+ .clen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .input = "\x01\x01\x01\x01\x01\x01\x01\x01"
+ .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
@@ -17522,11 +18300,11 @@
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
- .result = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
+ .ctext = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
"\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
"\x9C\xA4\x97\x83\x3F\x01\xA5\xF4"
"\x43\x09\xE7\xB8\xE9\xD1\xD7\x02"
@@ -17536,14 +18314,14 @@
"\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB"
"\x02\x73\xDD\xE7\x30\x4A\x30\x54"
"\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
- .input = "\xff\xff\xff\xff\xff\xff\xff\xff"
+ .ptext = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
@@ -17567,12 +18345,12 @@
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
- .ilen = 192,
+ .plen = 192,
.assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
"\x89\xab\xcd\xef",
.alen = 20,
- .result = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E"
+ .ctext = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E"
"\x7C\x64\x6D\x33\x46\x77\xAC\xB1"
"\x5C\x9E\xE2\xC7\x27\x11\x3E\x95"
"\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C"
@@ -17598,14 +18376,14 @@
"\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E"
"\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC"
"\x39\xAB\x63\xA5\x3D\x9C\x51\x8A",
- .rlen = 208,
+ .clen = 208,
}, { /* From draft-mcgrew-gcm-test-01 */
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x2E\x44\x3B",
.klen = 19,
.iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
- .input = "\x45\x00\x00\x48\x69\x9A\x00\x00"
+ .ptext = "\x45\x00\x00\x48\x69\x9A\x00\x00"
"\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
"\x38\xD3\x01\x00\x00\x01\x00\x00"
@@ -17614,12 +18392,12 @@
"\x69\x70\x09\x63\x79\x62\x65\x72"
"\x63\x69\x74\x79\x02\x64\x6B\x00"
"\x00\x21\x00\x01\x01\x02\x02\x01",
- .ilen = 72,
+ .plen = 72,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x00\x49\x56\xED\x7E"
"\x3B\x24\x4C\xFE",
.alen = 20,
- .result = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB"
+ .ctext = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB"
"\x83\x60\xF5\xBA\x3A\x56\x79\xE6"
"\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E"
"\x1A\x26\x01\x24\xC7\x2E\x3D\xBF"
@@ -17630,14 +18408,14 @@
"\x18\x85\x54\xB2\xBC\xDD\x3F\x43"
"\x61\x06\x8A\xDF\x86\x3F\xB4\xAC"
"\x97\xDC\xBD\xFD\x92\x10\xC5\xFF",
- .rlen = 88,
+ .clen = 88,
}, {
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xCA\xFE\xBA",
.klen = 19,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .input = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
+ .ptext = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
"\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x98\x00\x35"
"\x00\x2A\x23\x43\xB2\xD0\x01\x00"
@@ -17645,11 +18423,11 @@
"\x03\x73\x69\x70\x09\x63\x79\x62"
"\x65\x72\x63\x69\x74\x79\x02\x64"
"\x6B\x00\x00\x01\x00\x01\x00\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
- .result = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8"
+ .ctext = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8"
"\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16"
"\x56\xC7\xD2\x88\xBA\x8D\x58\xAF"
"\xF5\x71\xB6\x37\x84\xA7\xB1\x99"
@@ -17659,7 +18437,7 @@
"\x00\x62\x1F\x68\x4E\x7C\xA0\x97"
"\x10\x72\x7E\x53\x13\x3B\x68\xE4"
"\x30\x99\x91\x79\x09\xEA\xFF\x6A",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
@@ -17668,18 +18446,18 @@
"\x11\x22\x33",
.klen = 35,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
- .input = "\x45\x00\x00\x30\x69\xA6\x40\x00"
+ .ptext = "\x45\x00\x00\x30\x69\xA6\x40\x00"
"\x80\x06\x26\x90\xC0\xA8\x01\x02"
"\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
"\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
"\x70\x02\x40\x00\x20\xBF\x00\x00"
"\x02\x04\x05\xB4\x01\x01\x04\x02"
"\x01\x02\x02\x01",
- .ilen = 52,
+ .plen = 52,
.assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
"\x01\x02\x03\x04\x05\x06\x07\x08",
.alen = 16,
- .result = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F"
+ .ctext = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F"
"\x58\x41\x7E\xFF\x9A\x9E\x09\xB4"
"\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD"
"\x27\x0E\x2C\xF2\xDB\x10\xDF\x55"
@@ -17688,14 +18466,14 @@
"\x11\xD4\x0B\x12\xEC\xB4\xB1\x92"
"\x23\xA6\x10\xB0\x26\xD6\xD9\x26"
"\x5A\x48\x6A\x3E",
- .rlen = 68,
+ .clen = 68,
}, {
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .input = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
+ .ptext = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
"\x80\x01\xCB\x7A\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x07\x5C"
"\x02\x00\x44\x00\x61\x62\x63\x64"
@@ -17703,11 +18481,11 @@
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
- .result = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F"
+ .ctext = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F"
"\x92\x51\x23\xA4\xC1\x5B\xF0\x10"
"\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC"
"\x89\xC8\xF8\x42\x62\x95\xB7\xCB"
@@ -17717,14 +18495,14 @@
"\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE"
"\x36\x25\xC1\x10\x12\x1C\xCA\x82"
"\xEA\xE6\x63\x5A\x57\x28\xA9\x9A",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
+ .ptext = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
"\x80\x01\xCB\x7C\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x08\x5C"
"\x02\x00\x43\x00\x61\x62\x63\x64"
@@ -17732,12 +18510,12 @@
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
- .ilen = 64,
+ .plen = 64,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6"
+ .ctext = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6"
"\x10\x60\x40\x62\x6B\x4F\x97\x8E"
"\x0B\xB2\x22\x97\xCB\x21\xE0\x90"
"\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B"
@@ -17747,29 +18525,29 @@
"\xD0\x95\xB7\xB8\x91\x42\xF7\xFD"
"\x97\x57\xCA\xC1\x20\xD0\x86\xB9"
"\x66\x9D\xB4\x2B\x96\x22\xAC\x67",
- .rlen = 80,
+ .clen = 80,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
+ .ptext = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
"\x80\x01\x44\x1F\x40\x67\x93\xB6"
"\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
"\x01\x02\x02\x01",
- .ilen = 28,
+ .plen = 28,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6"
+ .ctext = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6"
"\x10\x60\xCF\x01\x6B\x4F\x97\x20"
"\xEA\xB3\x23\x94\xC9\x21\x1D\x33"
"\xA1\xE5\x90\x40\x05\x37\x45\x70"
"\xB5\xD6\x09\x0A\x23\x73\x33\xF9"
"\x08\xB4\x22\xE4",
- .rlen = 44,
+ .clen = 44,
}, {
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
@@ -17777,30 +18555,30 @@
"\xCA\xFE\xBA",
.klen = 27,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .input = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
+ .ptext = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
"\x40\x06\x78\x80\x0A\x01\x03\x8F"
"\x0A\x01\x06\x12\x80\x23\x06\xB8"
"\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
"\x50\x10\x16\xD0\x75\x68\x00\x01",
- .ilen = 40,
+ .plen = 40,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
- .result = "\x05\x22\x15\xD1\x52\x56\x85\x04"
+ .ctext = "\x05\x22\x15\xD1\x52\x56\x85\x04"
"\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA"
"\xEA\x16\x37\x50\xF3\xDF\x84\x3B"
"\x2F\x32\x18\x57\x34\x2A\x8C\x23"
"\x67\xDF\x6D\x35\x7B\x54\x0D\xFB"
"\x34\xA5\x9F\x6C\x48\x30\x1E\x22"
"\xFE\xB1\x22\x17\x17\x8A\xB9\x5B",
- .rlen = 56,
+ .clen = 56,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8",
.klen = 19,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .input = "\x45\x00\x00\x49\x33\xBA\x00\x00"
+ .ptext = "\x45\x00\x00\x49\x33\xBA\x00\x00"
"\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xDD\x7B\x80\x03\x02\xD5"
@@ -17810,12 +18588,12 @@
"\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
"\x9B\x62\x66\xC0\x47\x22\xB1\x49"
"\x23\x01\x01\x01",
- .ilen = 76,
+ .plen = 76,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
- .result = "\x92\xD0\x53\x79\x33\x38\xD5\xF3"
+ .ctext = "\x92\xD0\x53\x79\x33\x38\xD5\xF3"
"\x7D\xE4\x7A\x8E\x86\x03\xC9\x90"
"\x96\x35\xAB\x9C\xFB\xE8\xA3\x76"
"\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00"
@@ -17827,7 +18605,7 @@
"\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D"
"\x76\xD6\x55\xC6\xB4\xC2\x34\xC7"
"\x12\x25\x0B\xF9",
- .rlen = 92,
+ .clen = 92,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
@@ -17836,31 +18614,31 @@
"\x73\x61\x6C",
.klen = 35,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .input = "\x45\x08\x00\x28\x73\x2C\x00\x00"
+ .ptext = "\x45\x08\x00\x28\x73\x2C\x00\x00"
"\x40\x06\xE9\xF9\x0A\x01\x06\x12"
"\x0A\x01\x03\x8F\x06\xB8\x80\x23"
"\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
"\x50\x10\x1F\x64\x6D\x54\x00\x01",
- .ilen = 40,
+ .plen = 40,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
- .result = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42"
+ .ctext = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42"
"\x2C\x64\x87\x46\x1E\x34\x10\x05"
"\x29\x6B\xBB\x36\xE9\x69\xAD\x92"
"\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D"
"\x08\xBA\xF3\x91\xCA\xAA\x61\xDA"
"\x62\xF4\x14\x61\x5C\x9D\xB5\xA7"
"\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D",
- .rlen = 56,
+ .clen = 56,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x49\x33\x3E\x00\x00"
+ .ptext = "\x45\x00\x00\x49\x33\x3E\x00\x00"
"\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xCB\x45\x80\x03\x02\x5B"
@@ -17870,12 +18648,12 @@
"\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
"\x5A\xE2\x70\xC0\x38\x99\x49\x39"
"\x15\x01\x01\x01",
- .ilen = 76,
+ .plen = 76,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6"
+ .ctext = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6"
"\xEF\x70\x1A\x9C\xE8\xD3\x19\x86"
"\xC8\x02\xF0\xB0\x03\x09\xD9\x02"
"\xA0\xD2\x59\x04\xD1\x85\x2A\x24"
@@ -17887,7 +18665,7 @@
"\x23\xF4\x84\x40\x74\x14\x8A\x6B"
"\xDB\xD7\x67\xED\xA4\x93\xF3\x47"
"\xCC\xF7\x46\x6F",
- .rlen = 92,
+ .clen = 92,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
@@ -17896,7 +18674,7 @@
"\x73\x61\x6C",
.klen = 35,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .input = "\x63\x69\x73\x63\x6F\x01\x72\x75"
+ .ptext = "\x63\x69\x73\x63\x6F\x01\x72\x75"
"\x6C\x65\x73\x01\x74\x68\x65\x01"
"\x6E\x65\x74\x77\x65\x01\x64\x65"
"\x66\x69\x6E\x65\x01\x74\x68\x65"
@@ -17905,12 +18683,12 @@
"\x74\x77\x69\x6C\x6C\x01\x64\x65"
"\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
"\x72\x72\x6F\x77\x01\x02\x02\x01",
- .ilen = 72,
+ .plen = 72,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
- .result = "\xEA\x15\xC4\x98\xAC\x15\x22\x37"
+ .ctext = "\xEA\x15\xC4\x98\xAC\x15\x22\x37"
"\x00\x07\x1D\xBE\x60\x5D\x73\x16"
"\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4"
"\x39\xA3\xD1\xB1\x21\x0A\x92\x1A"
@@ -17921,42 +18699,42 @@
"\x73\xF4\xE7\x12\x84\x4C\x37\x0A"
"\x4A\x8F\x06\x37\x48\xF9\xF9\x05"
"\x55\x13\x40\xC3\xD5\x55\x3A\x3D",
- .rlen = 88,
+ .clen = 88,
}, {
.key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
"\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
"\xD9\x66\x42",
.klen = 19,
.iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
- .input = "\x01\x02\x02\x01",
- .ilen = 4,
+ .ptext = "\x01\x02\x02\x01",
+ .plen = 4,
.assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
"\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.alen = 16,
- .result = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD"
+ .ctext = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD"
"\xD0\xD8\x60\x9D\x8B\xEF\x85\x90"
"\xF7\x61\x24\x62",
- .rlen = 20,
+ .clen = 20,
}, {
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8",
.klen = 19,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .input = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
+ .ptext = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
"\x01\x6E\x6F\x74\x01\x74\x6F\x01"
"\x62\x65\x00\x01",
- .ilen = 20,
+ .plen = 20,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
- .result = "\xA3\xBF\x52\x52\x65\x83\xBA\x81"
+ .ctext = "\xA3\xBF\x52\x52\x65\x83\xBA\x81"
"\x03\x9B\x84\xFC\x44\x8C\xBB\x81"
"\x36\xE1\x78\xBB\xA5\x49\x3A\xD0"
"\xF0\x6B\x21\xAF\x98\xC0\x34\xDC"
"\x17\x17\x65\xAD",
- .rlen = 36,
+ .clen = 36,
}, {
.key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
"\x6D\x61\x72\x69\x6A\x75\x61\x6E"
@@ -17965,19 +18743,19 @@
"\x74\x75\x72",
.klen = 35,
.iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
- .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
+ .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
- .ilen = 52,
+ .plen = 52,
.assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
"\x67\x65\x74\x6D",
.alen = 20,
- .result = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10"
+ .ctext = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10"
"\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A"
"\x48\x59\x80\x18\x1A\x18\x1A\x04"
"\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75"
@@ -17986,26 +18764,26 @@
"\xEB\x40\x6B\x7A\x8E\x75\xBB\x42"
"\xE0\x63\x4B\x21\x44\xA2\x2B\x2B"
"\x39\xDB\xC8\xDC",
- .rlen = 68,
+ .clen = 68,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
+ .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
- .ilen = 52,
+ .plen = 52,
.assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
- .result = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6"
+ .ctext = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6"
"\x10\x60\x54\x25\xEB\x80\x04\x93"
"\xCA\x1B\x23\x97\xCB\x21\x2E\x01"
"\xA2\xE7\x95\x41\x30\xE4\x4B\x1B"
@@ -18014,649 +18792,36 @@
"\x44\xCC\x90\xBF\x00\x94\x94\x92"
"\x20\x17\x0C\x1B\x55\xDE\x7E\x68"
"\xF4\x95\x5D\x4F",
- .rlen = 68,
+ .clen = 68,
}, {
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x22\x43\x3C",
.klen = 19,
.iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
- .input = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
+ .ptext = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
"\x71\x72\x73\x74\x01\x02\x02\x01",
- .ilen = 32,
+ .plen = 32,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x07\x48\x55\xEC\x7D"
"\x3A\x23\x4B\xFD",
.alen = 20,
- .result = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02"
+ .ctext = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02"
"\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F"
"\xF8\xA3\x4C\x53\xB8\x12\x09\xBF"
"\x58\x7D\xCF\x29\xA3\x41\x68\x6B"
"\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F"
"\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6",
- .rlen = 48,
- }
-};
-
-static const struct aead_testvec aes_ccm_rfc4309_dec_tv_template[] = {
- { /* Generated using Crypto++ */
- .key = zeroed_string,
- .klen = 19,
- .iv = zeroed_string,
- .result = zeroed_string,
- .rlen = 16,
- .assoc = zeroed_string,
- .alen = 16,
- .input = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
- "\x12\x50\xE8\xDE\x81\x3C\x63\x08"
- "\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5"
- "\x27\x50\x01\xAC\x03\x33\x39\xFB",
- .ilen = 32,
- },{
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00",
- .klen = 19,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .result = zeroed_string,
- .rlen = 16,
- .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x01",
- .alen = 16,
- .input = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F"
- "\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17"
- "\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA"
- "\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0",
- .ilen = 32,
-
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00",
- .klen = 19,
- .iv = zeroed_string,
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 16,
- .assoc = zeroed_string,
- .alen = 16,
- .input = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
- "\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
- "\xA1\xE2\xC2\x42\x2B\x81\x70\x40"
- "\xFD\x7F\x76\xD1\x03\x07\xBB\x0C",
- .ilen = 32,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00",
- .klen = 19,
- .iv = zeroed_string,
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 16,
- .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .alen = 16,
- .input = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
- "\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
- "\x5B\xC0\x73\xE0\x2B\x73\x68\xC9"
- "\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E",
- .ilen = 32,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00",
- .klen = 19,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 16,
- .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x01",
- .alen = 16,
- .input = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
- "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
- "\x43\x8E\x76\x57\x3B\xB4\x05\xE8"
- "\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED",
- .ilen = 32,
- }, {
- .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
- "\x6d\x6a\x8f\x94\x67\x30\x83\x08"
- "\x00\x00\x00",
- .klen = 19,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
- .result = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x01\x01\x01\x01\x01\x01\x01\x01",
- .rlen = 64,
- .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x01",
- .alen = 16,
- .input = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
- "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
- "\x9C\xA4\x97\x83\x3F\x01\xA5\xF4"
- "\x43\x09\xE7\xB8\xE9\xD1\xD7\x02"
- "\x9B\xAB\x39\x18\xEB\x94\x34\x36"
- "\xE6\xC5\xC8\x9B\x00\x81\x9E\x49"
- "\x1D\x78\xE1\x48\xE3\xE9\xEA\x8E"
- "\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB"
- "\x02\x73\xDD\xE7\x30\x4A\x30\x54"
- "\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F",
- .ilen = 80,
- }, {
- .key = "\x00\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
- "\x00\x00\x00",
- .klen = 19,
- .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
- .result = "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff",
- .rlen = 192,
- .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
- "\x89\xab\xcd\xef",
- .alen = 20,
- .input = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E"
- "\x7C\x64\x6D\x33\x46\x77\xAC\xB1"
- "\x5C\x9E\xE2\xC7\x27\x11\x3E\x95"
- "\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C"
- "\xB4\xE2\xDE\x9F\x53\x59\x26\xDB"
- "\x0C\xD4\xE4\x07\x9A\xE6\x3E\x01"
- "\x58\x0D\x3E\x3D\xD5\x21\xEB\x04"
- "\x06\x9D\x5F\xB9\x02\x49\x1A\x2B"
- "\xBA\xF0\x4E\x3B\x85\x50\x5B\x09"
- "\xFE\xEC\xFC\x54\xEC\x0C\xE2\x79"
- "\x8A\x2F\x5F\xD7\x05\x5D\xF1\x6D"
- "\x22\xEB\xD1\x09\x80\x3F\x5A\x70"
- "\xB2\xB9\xD3\x63\x99\xC2\x4D\x1B"
- "\x36\x12\x00\x89\xAA\x5D\x55\xDA"
- "\x1D\x5B\xD8\x3C\x5F\x09\xD2\xE6"
- "\x39\x41\x5C\xF0\xBE\x26\x4E\x5F"
- "\x2B\x50\x44\x52\xC2\x10\x7D\x38"
- "\x82\x64\x83\x0C\xAE\x49\xD0\xE5"
- "\x4F\xE5\x66\x4C\x58\x7A\xEE\x43"
- "\x3B\x51\xFE\xBA\x24\x8A\xFE\xDC"
- "\x19\x6D\x60\x66\x61\xF9\x9A\x3F"
- "\x75\xFC\x38\x53\x5B\xB5\xCD\x52"
- "\x4F\xE5\xE4\xC9\xFE\x10\xCB\x98"
- "\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E"
- "\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC"
- "\x39\xAB\x63\xA5\x3D\x9C\x51\x8A",
- .ilen = 208,
- }, { /* From draft-mcgrew-gcm-test-01 */
- .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
- "\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
- "\x2E\x44\x3B",
- .klen = 19,
- .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
- .result = "\x45\x00\x00\x48\x69\x9A\x00\x00"
- "\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
- "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
- "\x38\xD3\x01\x00\x00\x01\x00\x00"
- "\x00\x00\x00\x00\x04\x5F\x73\x69"
- "\x70\x04\x5F\x75\x64\x70\x03\x73"
- "\x69\x70\x09\x63\x79\x62\x65\x72"
- "\x63\x69\x74\x79\x02\x64\x6B\x00"
- "\x00\x21\x00\x01\x01\x02\x02\x01",
- .rlen = 72,
- .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
- "\x00\x00\x00\x00\x49\x56\xED\x7E"
- "\x3B\x24\x4C\xFE",
- .alen = 20,
- .input = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB"
- "\x83\x60\xF5\xBA\x3A\x56\x79\xE6"
- "\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E"
- "\x1A\x26\x01\x24\xC7\x2E\x3D\xBF"
- "\x29\x2C\x91\xC1\xB8\xA8\xCF\xE0"
- "\x39\xF8\x53\x6D\x31\x22\x2B\xBF"
- "\x98\x81\xFC\x34\xEE\x85\x36\xCD"
- "\x26\xDB\x6C\x7A\x0C\x77\x8A\x35"
- "\x18\x85\x54\xB2\xBC\xDD\x3F\x43"
- "\x61\x06\x8A\xDF\x86\x3F\xB4\xAC"
- "\x97\xDC\xBD\xFD\x92\x10\xC5\xFF",
- .ilen = 88,
- }, {
- .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
- "\x6D\x6A\x8F\x94\x67\x30\x83\x08"
- "\xCA\xFE\xBA",
- .klen = 19,
- .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .result = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
- "\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
- "\xC0\xA8\x01\x01\x0A\x98\x00\x35"
- "\x00\x2A\x23\x43\xB2\xD0\x01\x00"
- "\x00\x01\x00\x00\x00\x00\x00\x00"
- "\x03\x73\x69\x70\x09\x63\x79\x62"
- "\x65\x72\x63\x69\x74\x79\x02\x64"
- "\x6B\x00\x00\x01\x00\x01\x00\x01",
- .rlen = 64,
- .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
- "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .alen = 16,
- .input = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8"
- "\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16"
- "\x56\xC7\xD2\x88\xBA\x8D\x58\xAF"
- "\xF5\x71\xB6\x37\x84\xA7\xB1\x99"
- "\x51\x5C\x0D\xA0\x27\xDE\xE7\x2D"
- "\xEF\x25\x88\x1F\x1D\x77\x11\xFF"
- "\xDB\xED\xEE\x56\x16\xC5\x5C\x9B"
- "\x00\x62\x1F\x68\x4E\x7C\xA0\x97"
- "\x10\x72\x7E\x53\x13\x3B\x68\xE4"
- "\x30\x99\x91\x79\x09\xEA\xFF\x6A",
- .ilen = 80,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\x11\x22\x33",
- .klen = 35,
- .iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
- .result = "\x45\x00\x00\x30\x69\xA6\x40\x00"
- "\x80\x06\x26\x90\xC0\xA8\x01\x02"
- "\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
- "\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
- "\x70\x02\x40\x00\x20\xBF\x00\x00"
- "\x02\x04\x05\xB4\x01\x01\x04\x02"
- "\x01\x02\x02\x01",
- .rlen = 52,
- .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
- "\x01\x02\x03\x04\x05\x06\x07\x08",
- .alen = 16,
- .input = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F"
- "\x58\x41\x7E\xFF\x9A\x9E\x09\xB4"
- "\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD"
- "\x27\x0E\x2C\xF2\xDB\x10\xDF\x55"
- "\x8F\x0D\xD7\xAC\x23\xBD\x42\x10"
- "\xD0\xB2\xAF\xD8\x37\xAC\x6B\x0B"
- "\x11\xD4\x0B\x12\xEC\xB4\xB1\x92"
- "\x23\xA6\x10\xB0\x26\xD6\xD9\x26"
- "\x5A\x48\x6A\x3E",
- .ilen = 68,
- }, {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00",
- .klen = 19,
- .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
- .result = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
- "\x80\x01\xCB\x7A\x40\x67\x93\x18"
- "\x01\x01\x01\x01\x08\x00\x07\x5C"
- "\x02\x00\x44\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x75\x76\x77\x61\x62\x63\x64\x65"
- "\x66\x67\x68\x69\x01\x02\x02\x01",
- .rlen = 64,
- .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .alen = 16,
- .input = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F"
- "\x92\x51\x23\xA4\xC1\x5B\xF0\x10"
- "\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC"
- "\x89\xC8\xF8\x42\x62\x95\xB7\xCB"
- "\xB8\xF5\x0F\x1B\x2E\x94\xA2\xA7"
- "\xBF\xFB\x8A\x92\x13\x63\xD1\x3C"
- "\x08\xF5\xE8\xA6\xAA\xF6\x34\xF9"
- "\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE"
- "\x36\x25\xC1\x10\x12\x1C\xCA\x82"
- "\xEA\xE6\x63\x5A\x57\x28\xA9\x9A",
- .ilen = 80,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E",
- .klen = 19,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
- "\x80\x01\xCB\x7C\x40\x67\x93\x18"
- "\x01\x01\x01\x01\x08\x00\x08\x5C"
- "\x02\x00\x43\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x75\x76\x77\x61\x62\x63\x64\x65"
- "\x66\x67\x68\x69\x01\x02\x02\x01",
- .rlen = 64,
- .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6"
- "\x10\x60\x40\x62\x6B\x4F\x97\x8E"
- "\x0B\xB2\x22\x97\xCB\x21\xE0\x90"
- "\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B"
- "\x79\x01\x58\x50\x01\x06\xE1\xE0"
- "\x2C\x83\x79\xD3\xDE\x46\x97\x1A"
- "\x30\xB8\xE5\xDF\xD7\x12\x56\x75"
- "\xD0\x95\xB7\xB8\x91\x42\xF7\xFD"
- "\x97\x57\xCA\xC1\x20\xD0\x86\xB9"
- "\x66\x9D\xB4\x2B\x96\x22\xAC\x67",
- .ilen = 80,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E",
- .klen = 19,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
- "\x80\x01\x44\x1F\x40\x67\x93\xB6"
- "\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
- "\x01\x02\x02\x01",
- .rlen = 28,
- .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6"
- "\x10\x60\xCF\x01\x6B\x4F\x97\x20"
- "\xEA\xB3\x23\x94\xC9\x21\x1D\x33"
- "\xA1\xE5\x90\x40\x05\x37\x45\x70"
- "\xB5\xD6\x09\x0A\x23\x73\x33\xF9"
- "\x08\xB4\x22\xE4",
- .ilen = 44,
- }, {
- .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
- "\x6D\x6A\x8F\x94\x67\x30\x83\x08"
- "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
- "\xCA\xFE\xBA",
- .klen = 27,
- .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .result = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
- "\x40\x06\x78\x80\x0A\x01\x03\x8F"
- "\x0A\x01\x06\x12\x80\x23\x06\xB8"
- "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
- "\x50\x10\x16\xD0\x75\x68\x00\x01",
- .rlen = 40,
- .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
- "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
- .alen = 16,
- .input = "\x05\x22\x15\xD1\x52\x56\x85\x04"
- "\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA"
- "\xEA\x16\x37\x50\xF3\xDF\x84\x3B"
- "\x2F\x32\x18\x57\x34\x2A\x8C\x23"
- "\x67\xDF\x6D\x35\x7B\x54\x0D\xFB"
- "\x34\xA5\x9F\x6C\x48\x30\x1E\x22"
- "\xFE\xB1\x22\x17\x17\x8A\xB9\x5B",
- .ilen = 56,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xDE\xCA\xF8",
- .klen = 19,
- .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .result = "\x45\x00\x00\x49\x33\xBA\x00\x00"
- "\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
- "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
- "\x00\x35\xDD\x7B\x80\x03\x02\xD5"
- "\x00\x00\x4E\x20\x00\x1E\x8C\x18"
- "\xD7\x5B\x81\xDC\x91\xBA\xA0\x47"
- "\x6B\x91\xB9\x24\xB2\x80\x38\x9D"
- "\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
- "\x9B\x62\x66\xC0\x47\x22\xB1\x49"
- "\x23\x01\x01\x01",
- .rlen = 76,
- .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
- "\xCE\xFA\xCE\x74",
- .alen = 20,
- .input = "\x92\xD0\x53\x79\x33\x38\xD5\xF3"
- "\x7D\xE4\x7A\x8E\x86\x03\xC9\x90"
- "\x96\x35\xAB\x9C\xFB\xE8\xA3\x76"
- "\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00"
- "\xFA\xCE\xB5\x9E\x02\xA7\x7B\xEA"
- "\x71\x9A\x58\xFB\xA5\x8A\xE1\xB7"
- "\x9C\x39\x9D\xE3\xB5\x6E\x69\xE6"
- "\x63\xC9\xDB\x05\x69\x51\x12\xAD"
- "\x3E\x00\x32\x73\x86\xF2\xEE\xF5"
- "\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D"
- "\x76\xD6\x55\xC6\xB4\xC2\x34\xC7"
- "\x12\x25\x0B\xF9",
- .ilen = 92,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\x73\x61\x6C",
- .klen = 35,
- .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .result = "\x45\x08\x00\x28\x73\x2C\x00\x00"
- "\x40\x06\xE9\xF9\x0A\x01\x06\x12"
- "\x0A\x01\x03\x8F\x06\xB8\x80\x23"
- "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
- "\x50\x10\x1F\x64\x6D\x54\x00\x01",
- .rlen = 40,
- .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
- "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
- "\x69\x76\x65\x63",
- .alen = 20,
- .input = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42"
- "\x2C\x64\x87\x46\x1E\x34\x10\x05"
- "\x29\x6B\xBB\x36\xE9\x69\xAD\x92"
- "\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D"
- "\x08\xBA\xF3\x91\xCA\xAA\x61\xDA"
- "\x62\xF4\x14\x61\x5C\x9D\xB5\xA7"
- "\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D",
- .ilen = 56,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E",
- .klen = 19,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x49\x33\x3E\x00\x00"
- "\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
- "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
- "\x00\x35\xCB\x45\x80\x03\x02\x5B"
- "\x00\x00\x01\xE0\x00\x1E\x8C\x18"
- "\xD6\x57\x59\xD5\x22\x84\xA0\x35"
- "\x2C\x71\x47\x5C\x88\x80\x39\x1C"
- "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
- "\x5A\xE2\x70\xC0\x38\x99\x49\x39"
- "\x15\x01\x01\x01",
- .rlen = 76,
- .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6"
- "\xEF\x70\x1A\x9C\xE8\xD3\x19\x86"
- "\xC8\x02\xF0\xB0\x03\x09\xD9\x02"
- "\xA0\xD2\x59\x04\xD1\x85\x2A\x24"
- "\x1C\x67\x3E\xD8\x68\x72\x06\x94"
- "\x97\xBA\x4F\x76\x8D\xB0\x44\x5B"
- "\x69\xBF\xD5\xE2\x3D\xF1\x0B\x0C"
- "\xC0\xBF\xB1\x8F\x70\x09\x9E\xCE"
- "\xA5\xF2\x55\x58\x84\xFA\xF9\xB5"
- "\x23\xF4\x84\x40\x74\x14\x8A\x6B"
- "\xDB\xD7\x67\xED\xA4\x93\xF3\x47"
- "\xCC\xF7\x46\x6F",
- .ilen = 92,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\x73\x61\x6C",
- .klen = 35,
- .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
- .result = "\x63\x69\x73\x63\x6F\x01\x72\x75"
- "\x6C\x65\x73\x01\x74\x68\x65\x01"
- "\x6E\x65\x74\x77\x65\x01\x64\x65"
- "\x66\x69\x6E\x65\x01\x74\x68\x65"
- "\x74\x65\x63\x68\x6E\x6F\x6C\x6F"
- "\x67\x69\x65\x73\x01\x74\x68\x61"
- "\x74\x77\x69\x6C\x6C\x01\x64\x65"
- "\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
- "\x72\x72\x6F\x77\x01\x02\x02\x01",
- .rlen = 72,
- .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
- "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
- "\x69\x76\x65\x63",
- .alen = 20,
- .input = "\xEA\x15\xC4\x98\xAC\x15\x22\x37"
- "\x00\x07\x1D\xBE\x60\x5D\x73\x16"
- "\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4"
- "\x39\xA3\xD1\xB1\x21\x0A\x92\x1A"
- "\x2C\xCF\x8F\x9D\xC9\x91\x0D\xB4"
- "\x15\xFC\xBC\xA5\xC5\xBF\x54\xE5"
- "\x1C\xC7\x32\x41\x07\x7B\x2C\xB6"
- "\x5C\x23\x7C\x93\xEA\xEF\x23\x1C"
- "\x73\xF4\xE7\x12\x84\x4C\x37\x0A"
- "\x4A\x8F\x06\x37\x48\xF9\xF9\x05"
- "\x55\x13\x40\xC3\xD5\x55\x3A\x3D",
- .ilen = 88,
- }, {
- .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
- "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
- "\xD9\x66\x42",
- .klen = 19,
- .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
- .result = "\x01\x02\x02\x01",
- .rlen = 4,
- .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
- "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
- .alen = 16,
- .input = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD"
- "\xD0\xD8\x60\x9D\x8B\xEF\x85\x90"
- "\xF7\x61\x24\x62",
- .ilen = 20,
- }, {
- .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
- "\x34\x45\x56\x67\x78\x89\x9A\xAB"
- "\xDE\xCA\xF8",
- .klen = 19,
- .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
- .result = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
- "\x01\x6E\x6F\x74\x01\x74\x6F\x01"
- "\x62\x65\x00\x01",
- .rlen = 20,
- .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
- "\xCE\xFA\xCE\x74",
- .alen = 20,
- .input = "\xA3\xBF\x52\x52\x65\x83\xBA\x81"
- "\x03\x9B\x84\xFC\x44\x8C\xBB\x81"
- "\x36\xE1\x78\xBB\xA5\x49\x3A\xD0"
- "\xF0\x6B\x21\xAF\x98\xC0\x34\xDC"
- "\x17\x17\x65\xAD",
- .ilen = 36,
- }, {
- .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
- "\x6D\x61\x72\x69\x6A\x75\x61\x6E"
- "\x61\x61\x6E\x64\x64\x6F\x69\x74"
- "\x62\x65\x66\x6F\x72\x65\x69\x61"
- "\x74\x75\x72",
- .klen = 35,
- .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
- .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
- "\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
- "\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01",
- .rlen = 52,
- .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
- "\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
- "\x67\x65\x74\x6D",
- .alen = 20,
- .input = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10"
- "\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A"
- "\x48\x59\x80\x18\x1A\x18\x1A\x04"
- "\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75"
- "\x92\x9C\x52\x5C\x0B\xFB\xF8\xAF"
- "\x16\xC3\x35\xA8\xE7\xCE\x84\x04"
- "\xEB\x40\x6B\x7A\x8E\x75\xBB\x42"
- "\xE0\x63\x4B\x21\x44\xA2\x2B\x2B"
- "\x39\xDB\xC8\xDC",
- .ilen = 68,
- }, {
- .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
- "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
- "\x57\x69\x0E",
- .klen = 19,
- .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
- .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
- "\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
- "\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
- "\x02\x00\x07\x00\x61\x62\x63\x64"
- "\x65\x66\x67\x68\x69\x6A\x6B\x6C"
- "\x6D\x6E\x6F\x70\x71\x72\x73\x74"
- "\x01\x02\x02\x01",
- .rlen = 52,
- .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
- "\x10\x10\x10\x10\x4E\x28\x00\x00"
- "\xA2\xFC\xA1\xA3",
- .alen = 20,
- .input = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6"
- "\x10\x60\x54\x25\xEB\x80\x04\x93"
- "\xCA\x1B\x23\x97\xCB\x21\x2E\x01"
- "\xA2\xE7\x95\x41\x30\xE4\x4B\x1B"
- "\x79\x01\x58\x50\x01\x06\xE1\xE0"
- "\x2C\x83\x79\xD3\xDE\x46\x97\x1A"
- "\x44\xCC\x90\xBF\x00\x94\x94\x92"
- "\x20\x17\x0C\x1B\x55\xDE\x7E\x68"
- "\xF4\x95\x5D\x4F",
- .ilen = 68,
- }, {
- .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
- "\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
- "\x22\x43\x3C",
- .klen = 19,
- .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
- .result = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
- "\x61\x62\x63\x64\x65\x66\x67\x68"
- "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
- "\x71\x72\x73\x74\x01\x02\x02\x01",
- .rlen = 32,
- .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
- "\x00\x00\x00\x07\x48\x55\xEC\x7D"
- "\x3A\x23\x4B\xFD",
- .alen = 20,
- .input = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02"
- "\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F"
- "\xF8\xA3\x4C\x53\xB8\x12\x09\xBF"
- "\x58\x7D\xCF\x29\xA3\x41\x68\x6B"
- "\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F"
- "\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6",
- .ilen = 48,
+ .clen = 48,
}
};
/*
* ChaCha20-Poly1305 AEAD test vectors from RFC7539 2.8.2./A.5.
*/
-static const struct aead_testvec rfc7539_enc_tv_template[] = {
+static const struct aead_testvec rfc7539_tv_template[] = {
{
.key = "\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
@@ -18668,7 +18833,7 @@
.assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3"
"\xc4\xc5\xc6\xc7",
.alen = 12,
- .input = "\x4c\x61\x64\x69\x65\x73\x20\x61"
+ .ptext = "\x4c\x61\x64\x69\x65\x73\x20\x61"
"\x6e\x64\x20\x47\x65\x6e\x74\x6c"
"\x65\x6d\x65\x6e\x20\x6f\x66\x20"
"\x74\x68\x65\x20\x63\x6c\x61\x73"
@@ -18683,8 +18848,8 @@
"\x63\x72\x65\x65\x6e\x20\x77\x6f"
"\x75\x6c\x64\x20\x62\x65\x20\x69"
"\x74\x2e",
- .ilen = 114,
- .result = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb"
+ .plen = 114,
+ .ctext = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb"
"\x7b\x86\xaf\xbc\x53\xef\x7e\xc2"
"\xa4\xad\xed\x51\x29\x6e\x08\xfe"
"\xa9\xe2\xb5\xa7\x36\xee\x62\xd6"
@@ -18701,7 +18866,7 @@
"\x61\x16\x1a\xe1\x0b\x59\x4f\x09"
"\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60"
"\x06\x91",
- .rlen = 130,
+ .clen = 130,
}, {
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
@@ -18713,7 +18878,7 @@
.assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
"\x00\x00\x4e\x91",
.alen = 12,
- .input = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
+ .ptext = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
"\x2d\x44\x72\x61\x66\x74\x73\x20"
"\x61\x72\x65\x20\x64\x72\x61\x66"
"\x74\x20\x64\x6f\x63\x75\x6d\x65"
@@ -18747,8 +18912,8 @@
"\x20\x69\x6e\x20\x70\x72\x6f\x67"
"\x72\x65\x73\x73\x2e\x2f\xe2\x80"
"\x9d",
- .ilen = 265,
- .result = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
+ .plen = 265,
+ .ctext = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
"\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
"\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
"\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
@@ -18784,146 +18949,14 @@
"\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
"\x22\x39\x23\x36\xfe\xa1\x85\x1f"
"\x38",
- .rlen = 281,
- },
-};
-
-static const struct aead_testvec rfc7539_dec_tv_template[] = {
- {
- .key = "\x80\x81\x82\x83\x84\x85\x86\x87"
- "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
- "\x90\x91\x92\x93\x94\x95\x96\x97"
- "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
- .klen = 32,
- .iv = "\x07\x00\x00\x00\x40\x41\x42\x43"
- "\x44\x45\x46\x47",
- .assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3"
- "\xc4\xc5\xc6\xc7",
- .alen = 12,
- .input = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb"
- "\x7b\x86\xaf\xbc\x53\xef\x7e\xc2"
- "\xa4\xad\xed\x51\x29\x6e\x08\xfe"
- "\xa9\xe2\xb5\xa7\x36\xee\x62\xd6"
- "\x3d\xbe\xa4\x5e\x8c\xa9\x67\x12"
- "\x82\xfa\xfb\x69\xda\x92\x72\x8b"
- "\x1a\x71\xde\x0a\x9e\x06\x0b\x29"
- "\x05\xd6\xa5\xb6\x7e\xcd\x3b\x36"
- "\x92\xdd\xbd\x7f\x2d\x77\x8b\x8c"
- "\x98\x03\xae\xe3\x28\x09\x1b\x58"
- "\xfa\xb3\x24\xe4\xfa\xd6\x75\x94"
- "\x55\x85\x80\x8b\x48\x31\xd7\xbc"
- "\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d"
- "\xe5\x76\xd2\x65\x86\xce\xc6\x4b"
- "\x61\x16\x1a\xe1\x0b\x59\x4f\x09"
- "\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60"
- "\x06\x91",
- .ilen = 130,
- .result = "\x4c\x61\x64\x69\x65\x73\x20\x61"
- "\x6e\x64\x20\x47\x65\x6e\x74\x6c"
- "\x65\x6d\x65\x6e\x20\x6f\x66\x20"
- "\x74\x68\x65\x20\x63\x6c\x61\x73"
- "\x73\x20\x6f\x66\x20\x27\x39\x39"
- "\x3a\x20\x49\x66\x20\x49\x20\x63"
- "\x6f\x75\x6c\x64\x20\x6f\x66\x66"
- "\x65\x72\x20\x79\x6f\x75\x20\x6f"
- "\x6e\x6c\x79\x20\x6f\x6e\x65\x20"
- "\x74\x69\x70\x20\x66\x6f\x72\x20"
- "\x74\x68\x65\x20\x66\x75\x74\x75"
- "\x72\x65\x2c\x20\x73\x75\x6e\x73"
- "\x63\x72\x65\x65\x6e\x20\x77\x6f"
- "\x75\x6c\x64\x20\x62\x65\x20\x69"
- "\x74\x2e",
- .rlen = 114,
- }, {
- .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
- "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
- "\x47\x39\x17\xc1\x40\x2b\x80\x09"
- "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
- .klen = 32,
- .iv = "\x00\x00\x00\x00\x01\x02\x03\x04"
- "\x05\x06\x07\x08",
- .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
- "\x00\x00\x4e\x91",
- .alen = 12,
- .input = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
- "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
- "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
- "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
- "\x4c\x6c\xfc\x18\x75\x5d\x43\xee"
- "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
- "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00"
- "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
- "\x33\x2f\x83\x0e\x71\x0b\x97\xce"
- "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
- "\x14\xad\x17\x6e\x00\x8d\x33\xbd"
- "\x60\xf9\x82\xb1\xff\x37\xc8\x55"
- "\x97\x97\xa0\x6e\xf4\xf0\xef\x61"
- "\xc1\x86\x32\x4e\x2b\x35\x06\x38"
- "\x36\x06\x90\x7b\x6a\x7c\x02\xb0"
- "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
- "\xb9\x16\x6c\x76\x7b\x80\x4d\x46"
- "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
- "\x90\x40\xc5\xa4\x04\x33\x22\x5e"
- "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
- "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15"
- "\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
- "\x0d\x07\x2b\x04\xb3\x56\x4e\xea"
- "\x1b\x42\x22\x73\xf5\x48\x27\x1a"
- "\x0b\xb2\x31\x60\x53\xfa\x76\x99"
- "\x19\x55\xeb\xd6\x31\x59\x43\x4e"
- "\xce\xbb\x4e\x46\x6d\xae\x5a\x10"
- "\x73\xa6\x72\x76\x27\x09\x7a\x10"
- "\x49\xe6\x17\xd9\x1d\x36\x10\x94"
- "\xfa\x68\xf0\xff\x77\x98\x71\x30"
- "\x30\x5b\xea\xba\x2e\xda\x04\xdf"
- "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
- "\xa6\xad\x5c\xb4\x02\x2b\x02\x70"
- "\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
- "\x22\x39\x23\x36\xfe\xa1\x85\x1f"
- "\x38",
- .ilen = 281,
- .result = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
- "\x2d\x44\x72\x61\x66\x74\x73\x20"
- "\x61\x72\x65\x20\x64\x72\x61\x66"
- "\x74\x20\x64\x6f\x63\x75\x6d\x65"
- "\x6e\x74\x73\x20\x76\x61\x6c\x69"
- "\x64\x20\x66\x6f\x72\x20\x61\x20"
- "\x6d\x61\x78\x69\x6d\x75\x6d\x20"
- "\x6f\x66\x20\x73\x69\x78\x20\x6d"
- "\x6f\x6e\x74\x68\x73\x20\x61\x6e"
- "\x64\x20\x6d\x61\x79\x20\x62\x65"
- "\x20\x75\x70\x64\x61\x74\x65\x64"
- "\x2c\x20\x72\x65\x70\x6c\x61\x63"
- "\x65\x64\x2c\x20\x6f\x72\x20\x6f"
- "\x62\x73\x6f\x6c\x65\x74\x65\x64"
- "\x20\x62\x79\x20\x6f\x74\x68\x65"
- "\x72\x20\x64\x6f\x63\x75\x6d\x65"
- "\x6e\x74\x73\x20\x61\x74\x20\x61"
- "\x6e\x79\x20\x74\x69\x6d\x65\x2e"
- "\x20\x49\x74\x20\x69\x73\x20\x69"
- "\x6e\x61\x70\x70\x72\x6f\x70\x72"
- "\x69\x61\x74\x65\x20\x74\x6f\x20"
- "\x75\x73\x65\x20\x49\x6e\x74\x65"
- "\x72\x6e\x65\x74\x2d\x44\x72\x61"
- "\x66\x74\x73\x20\x61\x73\x20\x72"
- "\x65\x66\x65\x72\x65\x6e\x63\x65"
- "\x20\x6d\x61\x74\x65\x72\x69\x61"
- "\x6c\x20\x6f\x72\x20\x74\x6f\x20"
- "\x63\x69\x74\x65\x20\x74\x68\x65"
- "\x6d\x20\x6f\x74\x68\x65\x72\x20"
- "\x74\x68\x61\x6e\x20\x61\x73\x20"
- "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b"
- "\x20\x69\x6e\x20\x70\x72\x6f\x67"
- "\x72\x65\x73\x73\x2e\x2f\xe2\x80"
- "\x9d",
- .rlen = 265,
+ .clen = 281,
},
};
/*
* draft-irtf-cfrg-chacha20-poly1305
*/
-static const struct aead_testvec rfc7539esp_enc_tv_template[] = {
+static const struct aead_testvec rfc7539esp_tv_template[] = {
{
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
@@ -18936,7 +18969,7 @@
"\x00\x00\x4e\x91\x01\x02\x03\x04"
"\x05\x06\x07\x08",
.alen = 20,
- .input = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
+ .ptext = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
"\x2d\x44\x72\x61\x66\x74\x73\x20"
"\x61\x72\x65\x20\x64\x72\x61\x66"
"\x74\x20\x64\x6f\x63\x75\x6d\x65"
@@ -18970,8 +19003,8 @@
"\x20\x69\x6e\x20\x70\x72\x6f\x67"
"\x72\x65\x73\x73\x2e\x2f\xe2\x80"
"\x9d",
- .ilen = 265,
- .result = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
+ .plen = 265,
+ .ctext = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
"\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
"\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
"\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
@@ -19007,532 +19040,7 @@
"\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
"\x22\x39\x23\x36\xfe\xa1\x85\x1f"
"\x38",
- .rlen = 281,
- },
-};
-
-static const struct aead_testvec rfc7539esp_dec_tv_template[] = {
- {
- .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
- "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
- "\x47\x39\x17\xc1\x40\x2b\x80\x09"
- "\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
- "\x00\x00\x00\x00",
- .klen = 36,
- .iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
- .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
- "\x00\x00\x4e\x91\x01\x02\x03\x04"
- "\x05\x06\x07\x08",
- .alen = 20,
- .input = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
- "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
- "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
- "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
- "\x4c\x6c\xfc\x18\x75\x5d\x43\xee"
- "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
- "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00"
- "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
- "\x33\x2f\x83\x0e\x71\x0b\x97\xce"
- "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
- "\x14\xad\x17\x6e\x00\x8d\x33\xbd"
- "\x60\xf9\x82\xb1\xff\x37\xc8\x55"
- "\x97\x97\xa0\x6e\xf4\xf0\xef\x61"
- "\xc1\x86\x32\x4e\x2b\x35\x06\x38"
- "\x36\x06\x90\x7b\x6a\x7c\x02\xb0"
- "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
- "\xb9\x16\x6c\x76\x7b\x80\x4d\x46"
- "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
- "\x90\x40\xc5\xa4\x04\x33\x22\x5e"
- "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
- "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15"
- "\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
- "\x0d\x07\x2b\x04\xb3\x56\x4e\xea"
- "\x1b\x42\x22\x73\xf5\x48\x27\x1a"
- "\x0b\xb2\x31\x60\x53\xfa\x76\x99"
- "\x19\x55\xeb\xd6\x31\x59\x43\x4e"
- "\xce\xbb\x4e\x46\x6d\xae\x5a\x10"
- "\x73\xa6\x72\x76\x27\x09\x7a\x10"
- "\x49\xe6\x17\xd9\x1d\x36\x10\x94"
- "\xfa\x68\xf0\xff\x77\x98\x71\x30"
- "\x30\x5b\xea\xba\x2e\xda\x04\xdf"
- "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
- "\xa6\xad\x5c\xb4\x02\x2b\x02\x70"
- "\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
- "\x22\x39\x23\x36\xfe\xa1\x85\x1f"
- "\x38",
- .ilen = 281,
- .result = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
- "\x2d\x44\x72\x61\x66\x74\x73\x20"
- "\x61\x72\x65\x20\x64\x72\x61\x66"
- "\x74\x20\x64\x6f\x63\x75\x6d\x65"
- "\x6e\x74\x73\x20\x76\x61\x6c\x69"
- "\x64\x20\x66\x6f\x72\x20\x61\x20"
- "\x6d\x61\x78\x69\x6d\x75\x6d\x20"
- "\x6f\x66\x20\x73\x69\x78\x20\x6d"
- "\x6f\x6e\x74\x68\x73\x20\x61\x6e"
- "\x64\x20\x6d\x61\x79\x20\x62\x65"
- "\x20\x75\x70\x64\x61\x74\x65\x64"
- "\x2c\x20\x72\x65\x70\x6c\x61\x63"
- "\x65\x64\x2c\x20\x6f\x72\x20\x6f"
- "\x62\x73\x6f\x6c\x65\x74\x65\x64"
- "\x20\x62\x79\x20\x6f\x74\x68\x65"
- "\x72\x20\x64\x6f\x63\x75\x6d\x65"
- "\x6e\x74\x73\x20\x61\x74\x20\x61"
- "\x6e\x79\x20\x74\x69\x6d\x65\x2e"
- "\x20\x49\x74\x20\x69\x73\x20\x69"
- "\x6e\x61\x70\x70\x72\x6f\x70\x72"
- "\x69\x61\x74\x65\x20\x74\x6f\x20"
- "\x75\x73\x65\x20\x49\x6e\x74\x65"
- "\x72\x6e\x65\x74\x2d\x44\x72\x61"
- "\x66\x74\x73\x20\x61\x73\x20\x72"
- "\x65\x66\x65\x72\x65\x6e\x63\x65"
- "\x20\x6d\x61\x74\x65\x72\x69\x61"
- "\x6c\x20\x6f\x72\x20\x74\x6f\x20"
- "\x63\x69\x74\x65\x20\x74\x68\x65"
- "\x6d\x20\x6f\x74\x68\x65\x72\x20"
- "\x74\x68\x61\x6e\x20\x61\x73\x20"
- "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b"
- "\x20\x69\x6e\x20\x70\x72\x6f\x67"
- "\x72\x65\x73\x73\x2e\x2f\xe2\x80"
- "\x9d",
- .rlen = 265,
- },
-};
-
-static const struct aead_testvec aegis128_enc_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .klen = 16,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03",
- .assoc = "",
- .alen = 0,
- .input = "",
- .ilen = 0,
- .result = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d"
- "\xda\xb8\x12\x34\x4c\x53\xd9\x72",
- .rlen = 16,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .klen = 16,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
- .assoc = "",
- .alen = 0,
- .input = "\x79",
- .ilen = 1,
- .result = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3"
- "\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a"
- "\xcc",
- .rlen = 17,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .klen = 16,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
- .assoc = "",
- .alen = 0,
- .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .ilen = 15,
- .result = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7"
- "\xca\xdd\x6f\xac\x85\x08\xb5\x35"
- "\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b"
- "\x7a\x21\x16\xb3\xe6\x67\x66",
- .rlen = 31,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .klen = 16,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
- .assoc = "",
- .alen = 0,
- .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .ilen = 16,
- .result = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d"
- "\x38\xfd\x3a\xd2\xc2\x58\xa9\x11"
- "\x1e\xa8\x30\x9c\x16\xa4\xdb\x65"
- "\x51\x10\x16\x27\x70\x9b\x64\x29",
- .rlen = 32,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .klen = 16,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
- .assoc = "",
- .alen = 0,
- .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .ilen = 17,
- .result = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5"
- "\x1f\xf0\x89\x2e\x13\xad\xe6\xf6"
- "\x46\x80\xb1\x0e\x18\x30\x40\x97"
- "\x03\xdf\x64\x3c\xbe\x93\x9e\xc9"
- "\x3b",
- .rlen = 33,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .klen = 16,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
- .assoc = "",
- .alen = 0,
- .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .ilen = 31,
- .result = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c"
- "\xe2\x04\x3e\xe4\x85\x14\xb6\x3f"
- "\xb1\x8f\x4c\xdb\x41\xa2\x14\x99"
- "\xf5\x53\x0f\x73\x86\x7e\x97\xa1"
- "\x4b\x56\x5b\x94\xce\xcd\x74\xcd"
- "\x75\xc4\x53\x01\x89\x45\x59",
- .rlen = 47,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .klen = 16,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
- .assoc = "",
- .alen = 0,
- .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .ilen = 32,
- .result = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47"
- "\x95\xf4\x58\x38\x14\x83\x27\x01"
- "\x4c\xed\x32\x2c\xf7\xd6\x31\xf7"
- "\x38\x1b\x2c\xc9\xb6\x31\xce\xaa"
- "\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf"
- "\x51\x52\x77\xf2\x5e\x85\x80\x41",
- .rlen = 48,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .klen = 16,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
- .assoc = "\xd5",
- .alen = 1,
- .input = "",
- .ilen = 0,
- .result = "\xfb\xd4\x83\x71\x9e\x63\xad\x60"
- "\xb9\xf9\xeb\x34\x52\x49\xcf\xb7",
- .rlen = 16,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .klen = 16,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .input = "",
- .ilen = 0,
- .result = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71"
- "\x7d\x3a\x84\xc4\x44\x57\x77\x7e",
- .rlen = 16,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .klen = 16,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .input = "",
- .ilen = 0,
- .result = "\xc7\x87\x09\x3b\xc7\x19\x74\x22"
- "\x22\xa5\x67\x10\xb2\x36\xb3\x45",
- .rlen = 16,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .klen = 16,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .input = "",
- .ilen = 0,
- .result = "\x02\xc6\x3b\x46\x65\xb2\xef\x91"
- "\x31\xf0\x45\x48\x8a\x2a\xed\xe4",
- .rlen = 16,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .klen = 16,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .input = "",
- .ilen = 0,
- .result = "\x20\x85\xa8\xd0\x91\x48\x85\xf3"
- "\x5a\x16\xc0\x57\x68\x47\xdd\xcb",
- .rlen = 16,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .klen = 16,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .input = "",
- .ilen = 0,
- .result = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79"
- "\xc1\x96\xbd\x31\x6e\x69\x1b\x50",
- .rlen = 16,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .klen = 16,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54",
- .assoc = "\x40",
- .alen = 1,
- .input = "\x4f",
- .ilen = 1,
- .result = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83"
- "\x70\x45\xe3\x2a\x9d\x5c\x63\x98"
- "\x39",
- .rlen = 17,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .klen = 16,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .ilen = 15,
- .result = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a"
- "\xca\x0e\x62\x00\xa8\x21\xb5\x21"
- "\x3d\x36\xdb\xf7\xcc\x31\x94\x9c"
- "\x98\xbd\x71\x7a\xef\xa4\xfa",
- .rlen = 31,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .klen = 16,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .ilen = 16,
- .result = "\xea\xd1\x81\x75\xb4\x13\x1d\x86"
- "\xd4\x17\x26\xe5\xd6\x89\x39\x04"
- "\xa9\x6c\xca\xac\x40\x73\xb2\x4c"
- "\x9c\xb9\x0e\x79\x4c\x40\x65\xc6",
- .rlen = 32,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .klen = 16,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .ilen = 17,
- .result = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c"
- "\x38\x2d\x69\x90\x1c\x71\x38\x98"
- "\x9f\xe1\x19\x3b\x63\x91\xaf\x6e"
- "\x4b\x07\x2c\xac\x53\xc5\xd5\xfe"
- "\x93",
- .rlen = 33,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .klen = 16,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .ilen = 31,
- .result = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb"
- "\x94\xd3\x93\xf2\x41\x86\x16\xdd"
- "\x4c\xe8\xe7\xe0\x62\x48\x89\x40"
- "\xc0\x49\x9b\x63\x32\xec\x8b\xdb"
- "\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04"
- "\xcb\xe5\x47\xbb\xa7\xd1\x9d",
- .rlen = 47,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .klen = 16,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .ilen = 32,
- .result = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33"
- "\x13\xdf\xc0\x46\xf6\x61\x94\xa7"
- "\x60\xd3\xd4\xca\xd9\xbe\x82\xf3"
- "\xf1\x5b\xa0\xfa\x15\xba\xda\xea"
- "\x87\x68\x47\x08\x5d\xdd\x83\xb0"
- "\x60\xf4\x93\x20\xdf\x34\x8f\xea",
- .rlen = 48,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .klen = 16,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .ilen = 65,
- .result = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d"
- "\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7"
- "\x2c\x47\xef\x9d\xb7\x53\x36\xb7"
- "\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7"
- "\x83\x88\xc2\xbd\x2f\xf9\x10\xc0"
- "\xf5\xa1\x6e\xd3\x97\x64\x82\xa3"
- "\xfb\xda\x2c\xb1\x94\xa1\x58\x32"
- "\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1"
- "\x61\xe6\xae\x07\xf2\xe0\xa7\x44"
- "\x96\x28\x3b\xee\x6b\xc6\x16\x31"
- "\x3f",
- .rlen = 81,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .klen = 16,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .ilen = 33,
- .result = "\x8f\x23\x47\xfb\xf2\xac\x23\x83"
- "\x77\x09\xac\x74\xef\xd2\x56\xae"
- "\x20\x7b\x7b\xca\x45\x8e\xc8\xc2"
- "\x50\xbd\xc7\x44\x1c\x54\x98\xd8"
- "\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3"
- "\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e"
- "\x39",
- .rlen = 49,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .klen = 16,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .ilen = 16,
- .result = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56"
- "\xf1\xf5\xe1\x51\x55\x4b\x0a\x45"
- "\x46\xb5\x8d\xac\xb6\x34\xd8\x8b"
- "\xde\x20\x59\x77\xc1\x74\x90",
- .rlen = 31,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .klen = 16,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .ilen = 16,
- .result = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec"
- "\xe2\x94\xa1\x8b\xa0\x2b\x60\x72"
- "\x1d\x04\xdd\x6a\xef\x46\x8f\x68"
- "\xe9\xe0\x17\x45\x70\x12",
- .rlen = 30,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .klen = 16,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .ilen = 16,
- .result = "\x47\xda\x54\x42\x51\x72\xc4\x8b"
- "\xf5\x57\x0f\x2f\x49\x0e\x11\x3b"
- "\x78\x93\xec\xfc\xf4\xff\xe1\x2d",
- .rlen = 24,
+ .clen = 281,
},
};
@@ -19543,7 +19051,7 @@
* https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
* (see crypto_aead/aegis128/)
*/
-static const struct aead_testvec aegis128_dec_tv_template[] = {
+static const struct aead_testvec aegis128_tv_template[] = {
{
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
@@ -19552,11 +19060,11 @@
"\x40\x6d\x59\x48\xfc\x92\x61\x03",
.assoc = "",
.alen = 0,
- .input = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d"
"\xda\xb8\x12\x34\x4c\x53\xd9\x72",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
@@ -19565,12 +19073,12 @@
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
.assoc = "",
.alen = 0,
- .input = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3"
+ .ptext = "\x79",
+ .plen = 1,
+ .ctext = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3"
"\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a"
"\xcc",
- .ilen = 17,
- .result = "\x79",
- .rlen = 1,
+ .clen = 17,
}, {
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
@@ -19579,14 +19087,14 @@
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
.assoc = "",
.alen = 0,
- .input = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7"
+ .ptext = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
+ "\x82\x8e\x16\xb4\xed\x6d\x47",
+ .plen = 15,
+ .ctext = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7"
"\xca\xdd\x6f\xac\x85\x08\xb5\x35"
"\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b"
"\x7a\x21\x16\xb3\xe6\x67\x66",
- .ilen = 31,
- .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .rlen = 15,
+ .clen = 31,
}, {
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
@@ -19595,14 +19103,14 @@
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
.assoc = "",
.alen = 0,
- .input = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d"
+ .ptext = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
+ "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
+ .plen = 16,
+ .ctext = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d"
"\x38\xfd\x3a\xd2\xc2\x58\xa9\x11"
"\x1e\xa8\x30\x9c\x16\xa4\xdb\x65"
"\x51\x10\x16\x27\x70\x9b\x64\x29",
- .ilen = 32,
- .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .rlen = 16,
+ .clen = 32,
}, {
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
@@ -19611,16 +19119,16 @@
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
.assoc = "",
.alen = 0,
- .input = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5"
+ .ptext = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
+ "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
+ "\xd3",
+ .plen = 17,
+ .ctext = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5"
"\x1f\xf0\x89\x2e\x13\xad\xe6\xf6"
"\x46\x80\xb1\x0e\x18\x30\x40\x97"
"\x03\xdf\x64\x3c\xbe\x93\x9e\xc9"
"\x3b",
- .ilen = 33,
- .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .rlen = 17,
+ .clen = 33,
}, {
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
@@ -19629,18 +19137,18 @@
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
.assoc = "",
.alen = 0,
- .input = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c"
+ .ptext = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
+ "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
+ "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
+ "\x88\x11\x39\x12\x1c\x3a\xbb",
+ .plen = 31,
+ .ctext = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c"
"\xe2\x04\x3e\xe4\x85\x14\xb6\x3f"
"\xb1\x8f\x4c\xdb\x41\xa2\x14\x99"
"\xf5\x53\x0f\x73\x86\x7e\x97\xa1"
"\x4b\x56\x5b\x94\xce\xcd\x74\xcd"
"\x75\xc4\x53\x01\x89\x45\x59",
- .ilen = 47,
- .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .rlen = 31,
+ .clen = 47,
}, {
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
@@ -19649,18 +19157,18 @@
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
.assoc = "",
.alen = 0,
- .input = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47"
+ .ptext = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
+ "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
+ "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
+ "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
+ .plen = 32,
+ .ctext = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47"
"\x95\xf4\x58\x38\x14\x83\x27\x01"
"\x4c\xed\x32\x2c\xf7\xd6\x31\xf7"
"\x38\x1b\x2c\xc9\xb6\x31\xce\xaa"
"\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf"
"\x51\x52\x77\xf2\x5e\x85\x80\x41",
- .ilen = 48,
- .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .rlen = 32,
+ .clen = 48,
}, {
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
@@ -19669,11 +19177,11 @@
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
.assoc = "\xd5",
.alen = 1,
- .input = "\xfb\xd4\x83\x71\x9e\x63\xad\x60"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\xfb\xd4\x83\x71\x9e\x63\xad\x60"
"\xb9\xf9\xeb\x34\x52\x49\xcf\xb7",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
@@ -19683,11 +19191,11 @@
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
- .input = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71"
"\x7d\x3a\x84\xc4\x44\x57\x77\x7e",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
@@ -19697,11 +19205,11 @@
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
- .input = "\xc7\x87\x09\x3b\xc7\x19\x74\x22"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\xc7\x87\x09\x3b\xc7\x19\x74\x22"
"\x22\xa5\x67\x10\xb2\x36\xb3\x45",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
@@ -19712,11 +19220,11 @@
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
- .input = "\x02\xc6\x3b\x46\x65\xb2\xef\x91"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\x02\xc6\x3b\x46\x65\xb2\xef\x91"
"\x31\xf0\x45\x48\x8a\x2a\xed\xe4",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
@@ -19728,11 +19236,11 @@
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
- .input = "\x20\x85\xa8\xd0\x91\x48\x85\xf3"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\x20\x85\xa8\xd0\x91\x48\x85\xf3"
"\x5a\x16\xc0\x57\x68\x47\xdd\xcb",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
@@ -19744,11 +19252,11 @@
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
- .input = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79"
+ .ptext = "",
+ .plen = 0,
+ .ctext = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79"
"\xc1\x96\xbd\x31\x6e\x69\x1b\x50",
- .ilen = 16,
- .result = "",
- .rlen = 0,
+ .clen = 16,
}, {
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
@@ -19757,12 +19265,12 @@
"\xcc\x81\x63\xab\xae\x6b\x43\x54",
.assoc = "\x40",
.alen = 1,
- .input = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83"
+ .ptext = "\x4f",
+ .plen = 1,
+ .ctext = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83"
"\x70\x45\xe3\x2a\x9d\x5c\x63\x98"
"\x39",
- .ilen = 17,
- .result = "\x4f",
- .rlen = 1,
+ .clen = 17,
}, {
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
@@ -19772,14 +19280,14 @@
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.alen = 15,
- .input = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a"
+ .ptext = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
+ "\x8d\xc8\x6e\x85\xa5\x21\x67",
+ .plen = 15,
+ .ctext = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a"
"\xca\x0e\x62\x00\xa8\x21\xb5\x21"
"\x3d\x36\xdb\xf7\xcc\x31\x94\x9c"
"\x98\xbd\x71\x7a\xef\xa4\xfa",
- .ilen = 31,
- .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .rlen = 15,
+ .clen = 31,
}, {
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
@@ -19789,14 +19297,14 @@
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.alen = 16,
- .input = "\xea\xd1\x81\x75\xb4\x13\x1d\x86"
+ .ptext = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
+ "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
+ .plen = 16,
+ .ctext = "\xea\xd1\x81\x75\xb4\x13\x1d\x86"
"\xd4\x17\x26\xe5\xd6\x89\x39\x04"
"\xa9\x6c\xca\xac\x40\x73\xb2\x4c"
"\x9c\xb9\x0e\x79\x4c\x40\x65\xc6",
- .ilen = 32,
- .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .rlen = 16,
+ .clen = 32,
}, {
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
@@ -19807,16 +19315,16 @@
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
.alen = 17,
- .input = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c"
+ .ptext = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
+ "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
+ "\xd0",
+ .plen = 17,
+ .ctext = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c"
"\x38\x2d\x69\x90\x1c\x71\x38\x98"
"\x9f\xe1\x19\x3b\x63\x91\xaf\x6e"
"\x4b\x07\x2c\xac\x53\xc5\xd5\xfe"
"\x93",
- .ilen = 33,
- .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .rlen = 17,
+ .clen = 33,
}, {
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
@@ -19828,18 +19336,18 @@
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
.alen = 31,
- .input = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb"
+ .ptext = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
+ "\x10\x57\x85\x39\x93\x8f\xaf\x70"
+ "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
+ "\x98\x34\xab\x37\x56\xae\x32",
+ .plen = 31,
+ .ctext = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb"
"\x94\xd3\x93\xf2\x41\x86\x16\xdd"
"\x4c\xe8\xe7\xe0\x62\x48\x89\x40"
"\xc0\x49\x9b\x63\x32\xec\x8b\xdb"
"\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04"
"\xcb\xe5\x47\xbb\xa7\xd1\x9d",
- .ilen = 47,
- .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .rlen = 31,
+ .clen = 47,
}, {
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
@@ -19851,18 +19359,18 @@
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.alen = 32,
- .input = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33"
+ .ptext = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
+ "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
+ "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
+ "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
+ .plen = 32,
+ .ctext = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33"
"\x13\xdf\xc0\x46\xf6\x61\x94\xa7"
"\x60\xd3\xd4\xca\xd9\xbe\x82\xf3"
"\xf1\x5b\xa0\xfa\x15\xba\xda\xea"
"\x87\x68\x47\x08\x5d\xdd\x83\xb0"
"\x60\xf4\x93\x20\xdf\x34\x8f\xea",
- .ilen = 48,
- .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .rlen = 32,
+ .clen = 48,
}, {
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
@@ -19875,7 +19383,17 @@
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d",
.alen = 33,
- .input = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d"
+ .ptext = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
+ "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
+ "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
+ "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
+ "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
+ "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
+ "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
+ "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
+ "\xbd",
+ .plen = 65,
+ .ctext = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d"
"\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7"
"\x2c\x47\xef\x9d\xb7\x53\x36\xb7"
"\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7"
@@ -19886,17 +19404,7 @@
"\x61\xe6\xae\x07\xf2\xe0\xa7\x44"
"\x96\x28\x3b\xee\x6b\xc6\x16\x31"
"\x3f",
- .ilen = 81,
- .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .rlen = 65,
+ .clen = 81,
}, {
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
@@ -19913,20 +19421,20 @@
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.alen = 65,
- .input = "\x8f\x23\x47\xfb\xf2\xac\x23\x83"
+ .ptext = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
+ "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
+ "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
+ "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
+ "\x2f",
+ .plen = 33,
+ .ctext = "\x8f\x23\x47\xfb\xf2\xac\x23\x83"
"\x77\x09\xac\x74\xef\xd2\x56\xae"
"\x20\x7b\x7b\xca\x45\x8e\xc8\xc2"
"\x50\xbd\xc7\x44\x1c\x54\x98\xd8"
"\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3"
"\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e"
"\x39",
- .ilen = 49,
- .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .rlen = 33,
+ .clen = 49,
}, {
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
@@ -19936,14 +19444,14 @@
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.alen = 16,
- .input = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56"
+ .ptext = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
+ "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
+ .plen = 16,
+ .ctext = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56"
"\xf1\xf5\xe1\x51\x55\x4b\x0a\x45"
"\x46\xb5\x8d\xac\xb6\x34\xd8\x8b"
"\xde\x20\x59\x77\xc1\x74\x90",
- .ilen = 31,
- .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .rlen = 16,
+ .clen = 31,
}, {
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
@@ -19953,14 +19461,14 @@
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.alen = 16,
- .input = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec"
+ .ptext = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
+ "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
+ .plen = 16,
+ .ctext = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec"
"\xe2\x94\xa1\x8b\xa0\x2b\x60\x72"
"\x1d\x04\xdd\x6a\xef\x46\x8f\x68"
"\xe9\xe0\x17\x45\x70\x12",
- .ilen = 30,
- .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .rlen = 16,
+ .clen = 30,
}, {
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
@@ -19970,5367 +19478,13 @@
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
- .input = "\x47\xda\x54\x42\x51\x72\xc4\x8b"
+ .ptext = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
+ "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
+ .plen = 16,
+ .ctext = "\x47\xda\x54\x42\x51\x72\xc4\x8b"
"\xf5\x57\x0f\x2f\x49\x0e\x11\x3b"
"\x78\x93\xec\xfc\xf4\xff\xe1\x2d",
- .ilen = 24,
- .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .rlen = 16,
- },
-};
-
-/*
- * AEGIS-128L test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/aegis128l/)
- */
-static const struct aead_testvec aegis128l_enc_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .klen = 16,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03",
- .assoc = "",
- .alen = 0,
- .input = "",
- .ilen = 0,
- .result = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6"
- "\x20\x72\x78\xdd\x93\xc8\x57\xef",
- .rlen = 16,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .klen = 16,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
- .assoc = "",
- .alen = 0,
- .input = "\x79",
- .ilen = 1,
- .result = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb"
- "\x40\xb3\x71\xc5\x22\x58\x31\x77"
- "\x6d",
- .rlen = 17,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .klen = 16,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
- .assoc = "",
- .alen = 0,
- .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .ilen = 15,
- .result = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03"
- "\x2b\xee\x62\x99\x7b\x98\x13\x1f"
- "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe"
- "\xe1\xa8\x04\x7f\xe1\x71\xbe",
- .rlen = 31,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .klen = 16,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
- .assoc = "",
- .alen = 0,
- .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .ilen = 16,
- .result = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c"
- "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e"
- "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb"
- "\xde\x54\x9b\xf5\x92\x8b\x93\xc5",
- .rlen = 32,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .klen = 16,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
- .assoc = "",
- .alen = 0,
- .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .ilen = 17,
- .result = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b"
- "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2"
- "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9"
- "\x82\x64\xc7\x72\x00\x30\xfc\xf0"
- "\xf8",
- .rlen = 33,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .klen = 16,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
- .assoc = "",
- .alen = 0,
- .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .ilen = 31,
- .result = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5"
- "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1"
- "\x45\x10\x96\xe0\xbf\x55\x0f\x4c"
- "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9"
- "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc"
- "\x59\x28\x88\x3c\x79\x10\x6b",
- .rlen = 47,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .klen = 16,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
- .assoc = "",
- .alen = 0,
- .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .ilen = 32,
- .result = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d"
- "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40"
- "\xde\x11\x59\x3e\xfd\x74\xf6\x42"
- "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6"
- "\x06\xa3\x94\xda\x3d\x7f\x55\x0a"
- "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc",
- .rlen = 48,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .klen = 16,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
- .assoc = "\xd5",
- .alen = 1,
- .input = "",
- .ilen = 0,
- .result = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8"
- "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f",
- .rlen = 16,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .klen = 16,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .input = "",
- .ilen = 0,
- .result = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c"
- "\x84\xfb\x26\xfb\xd5\xca\x62\x39",
- .rlen = 16,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .klen = 16,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .input = "",
- .ilen = 0,
- .result = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1"
- "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a",
- .rlen = 16,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .klen = 16,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .input = "",
- .ilen = 0,
- .result = "\x33\xb1\x42\x97\x8e\x16\x7b\x63"
- "\x06\xba\x5b\xcb\xae\x6d\x8b\x56",
- .rlen = 16,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .klen = 16,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .input = "",
- .ilen = 0,
- .result = "\xda\x44\x08\x8c\x2a\xa5\x07\x35"
- "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f",
- .rlen = 16,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .klen = 16,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .input = "",
- .ilen = 0,
- .result = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88"
- "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0",
- .rlen = 16,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .klen = 16,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54",
- .assoc = "\x40",
- .alen = 1,
- .input = "\x4f",
- .ilen = 1,
- .result = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9"
- "\xa0\x98\x09\x85\xbe\x56\x8e\x79"
- "\xf4",
- .rlen = 17,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .klen = 16,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .ilen = 15,
- .result = "\x99\x2e\x84\x50\x64\x5c\xab\x29"
- "\x20\xba\xb9\x2f\x62\x3a\xce\x2a"
- "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc"
- "\x20\x63\x0b\x49\x7e\x97\x08",
- .rlen = 31,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .klen = 16,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .ilen = 16,
- .result = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee"
- "\x78\x08\x12\xec\x09\xaf\x53\x14"
- "\x90\x3e\x3d\x76\xad\x71\x21\x08"
- "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb",
- .rlen = 32,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .klen = 16,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .ilen = 17,
- .result = "\xf3\xe7\x95\x86\xcf\x34\x95\x96"
- "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a"
- "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c"
- "\x05\xd3\xb4\x2e\x4a\x74\x59\x49"
- "\x7d",
- .rlen = 33,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .klen = 16,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .ilen = 31,
- .result = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24"
- "\x0d\x19\x15\x61\x65\x3b\x06\x26"
- "\x71\xe8\x7e\x16\xdb\x96\x01\x01"
- "\x52\xcd\x49\x5b\x07\x33\x4e\xe7"
- "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5"
- "\xed\x90\xce\xb9\xcd\xcc\xa1",
- .rlen = 47,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .klen = 16,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .ilen = 32,
- .result = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1"
- "\xbc\x0f\x35\x97\x97\x0c\x4b\x18"
- "\xce\x58\xc8\x3b\xd4\x85\x93\x79"
- "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c"
- "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56"
- "\x64\x4e\x47\xce\xb2\xb4\x92\xb4",
- .rlen = 48,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .klen = 16,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .ilen = 65,
- .result = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8"
- "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f"
- "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63"
- "\x42\x8e\x99\x5a\x9c\x0b\x84\x77"
- "\xbc\x46\x76\x48\x82\xc7\x57\x96"
- "\xe1\x65\xd1\xed\x1d\xdd\x80\x24"
- "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e"
- "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a"
- "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d"
- "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35"
- "\x01",
- .rlen = 81,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .klen = 16,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .ilen = 33,
- .result = "\x4c\xa9\xac\x71\xed\x10\xa6\x24"
- "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb"
- "\x05\xc9\xd6\x97\xb6\x10\x7f\x17"
- "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99"
- "\xf2\x62\x25\x28\x01\x23\x6f\x8b"
- "\x04\x52\xbc\xb0\x3e\x66\x52\x90"
- "\x9f",
- .rlen = 49,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .klen = 16,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .ilen = 16,
- .result = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5"
- "\x96\xe6\x97\xe4\x10\xeb\x40\x95"
- "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec"
- "\x05\xa8\x31\x50\x11\x19\x44",
- .rlen = 31,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .klen = 16,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .ilen = 16,
- .result = "\x30\x95\x7d\xea\xdc\x62\xc0\x88"
- "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7"
- "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb"
- "\x21\x93\x2e\x31\x84\x83",
- .rlen = 30,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .klen = 16,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .ilen = 16,
- .result = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16"
- "\x63\x0d\x43\xd5\x49\xca\xa8\x85"
- "\x49\xc0\xae\x13\xbc\x26\x1d\x4b",
- .rlen = 24,
- },
-};
-
-static const struct aead_testvec aegis128l_dec_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .klen = 16,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03",
- .assoc = "",
- .alen = 0,
- .input = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6"
- "\x20\x72\x78\xdd\x93\xc8\x57\xef",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .klen = 16,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
- .assoc = "",
- .alen = 0,
- .input = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb"
- "\x40\xb3\x71\xc5\x22\x58\x31\x77"
- "\x6d",
- .ilen = 17,
- .result = "\x79",
- .rlen = 1,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .klen = 16,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
- .assoc = "",
- .alen = 0,
- .input = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03"
- "\x2b\xee\x62\x99\x7b\x98\x13\x1f"
- "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe"
- "\xe1\xa8\x04\x7f\xe1\x71\xbe",
- .ilen = 31,
- .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .rlen = 15,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .klen = 16,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
- .assoc = "",
- .alen = 0,
- .input = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c"
- "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e"
- "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb"
- "\xde\x54\x9b\xf5\x92\x8b\x93\xc5",
- .ilen = 32,
- .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .rlen = 16,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .klen = 16,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
- .assoc = "",
- .alen = 0,
- .input = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b"
- "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2"
- "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9"
- "\x82\x64\xc7\x72\x00\x30\xfc\xf0"
- "\xf8",
- .ilen = 33,
- .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .rlen = 17,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .klen = 16,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
- .assoc = "",
- .alen = 0,
- .input = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5"
- "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1"
- "\x45\x10\x96\xe0\xbf\x55\x0f\x4c"
- "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9"
- "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc"
- "\x59\x28\x88\x3c\x79\x10\x6b",
- .ilen = 47,
- .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .rlen = 31,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .klen = 16,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
- .assoc = "",
- .alen = 0,
- .input = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d"
- "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40"
- "\xde\x11\x59\x3e\xfd\x74\xf6\x42"
- "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6"
- "\x06\xa3\x94\xda\x3d\x7f\x55\x0a"
- "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc",
- .ilen = 48,
- .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .rlen = 32,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .klen = 16,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
- .assoc = "\xd5",
- .alen = 1,
- .input = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8"
- "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .klen = 16,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .input = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c"
- "\x84\xfb\x26\xfb\xd5\xca\x62\x39",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .klen = 16,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .input = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1"
- "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .klen = 16,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .input = "\x33\xb1\x42\x97\x8e\x16\x7b\x63"
- "\x06\xba\x5b\xcb\xae\x6d\x8b\x56",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .klen = 16,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .input = "\xda\x44\x08\x8c\x2a\xa5\x07\x35"
- "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .klen = 16,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .input = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88"
- "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .klen = 16,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54",
- .assoc = "\x40",
- .alen = 1,
- .input = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9"
- "\xa0\x98\x09\x85\xbe\x56\x8e\x79"
- "\xf4",
- .ilen = 17,
- .result = "\x4f",
- .rlen = 1,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .klen = 16,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .input = "\x99\x2e\x84\x50\x64\x5c\xab\x29"
- "\x20\xba\xb9\x2f\x62\x3a\xce\x2a"
- "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc"
- "\x20\x63\x0b\x49\x7e\x97\x08",
- .ilen = 31,
- .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .rlen = 15,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .klen = 16,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .input = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee"
- "\x78\x08\x12\xec\x09\xaf\x53\x14"
- "\x90\x3e\x3d\x76\xad\x71\x21\x08"
- "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb",
- .ilen = 32,
- .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .rlen = 16,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .klen = 16,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .input = "\xf3\xe7\x95\x86\xcf\x34\x95\x96"
- "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a"
- "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c"
- "\x05\xd3\xb4\x2e\x4a\x74\x59\x49"
- "\x7d",
- .ilen = 33,
- .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .rlen = 17,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .klen = 16,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .input = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24"
- "\x0d\x19\x15\x61\x65\x3b\x06\x26"
- "\x71\xe8\x7e\x16\xdb\x96\x01\x01"
- "\x52\xcd\x49\x5b\x07\x33\x4e\xe7"
- "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5"
- "\xed\x90\xce\xb9\xcd\xcc\xa1",
- .ilen = 47,
- .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .rlen = 31,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .klen = 16,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .input = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1"
- "\xbc\x0f\x35\x97\x97\x0c\x4b\x18"
- "\xce\x58\xc8\x3b\xd4\x85\x93\x79"
- "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c"
- "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56"
- "\x64\x4e\x47\xce\xb2\xb4\x92\xb4",
- .ilen = 48,
- .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .rlen = 32,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .klen = 16,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .input = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8"
- "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f"
- "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63"
- "\x42\x8e\x99\x5a\x9c\x0b\x84\x77"
- "\xbc\x46\x76\x48\x82\xc7\x57\x96"
- "\xe1\x65\xd1\xed\x1d\xdd\x80\x24"
- "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e"
- "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a"
- "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d"
- "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35"
- "\x01",
- .ilen = 81,
- .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .rlen = 65,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .klen = 16,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .input = "\x4c\xa9\xac\x71\xed\x10\xa6\x24"
- "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb"
- "\x05\xc9\xd6\x97\xb6\x10\x7f\x17"
- "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99"
- "\xf2\x62\x25\x28\x01\x23\x6f\x8b"
- "\x04\x52\xbc\xb0\x3e\x66\x52\x90"
- "\x9f",
- .ilen = 49,
- .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .rlen = 33,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .klen = 16,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .input = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5"
- "\x96\xe6\x97\xe4\x10\xeb\x40\x95"
- "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec"
- "\x05\xa8\x31\x50\x11\x19\x44",
- .ilen = 31,
- .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .rlen = 16,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .klen = 16,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .input = "\x30\x95\x7d\xea\xdc\x62\xc0\x88"
- "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7"
- "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb"
- "\x21\x93\x2e\x31\x84\x83",
- .ilen = 30,
- .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .rlen = 16,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .klen = 16,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .input = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16"
- "\x63\x0d\x43\xd5\x49\xca\xa8\x85"
- "\x49\xc0\xae\x13\xbc\x26\x1d\x4b",
- .ilen = 24,
- .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .rlen = 16,
- },
-};
-
-/*
- * AEGIS-256 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/aegis256/)
- */
-static const struct aead_testvec aegis256_enc_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81"
- "\xca\xb0\x82\x21\x41\xa8\xe0\x06"
- "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5",
- .klen = 32,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03"
- "\x95\x61\x05\x42\x82\x50\xc0\x0c"
- "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b",
- .assoc = "",
- .alen = 0,
- .input = "",
- .ilen = 0,
- .result = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa"
- "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2",
- .rlen = 16,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87"
- "\xf4\x72\x8e\xa5\x46\x48\x62\x20"
- "\xf1\x38\x16\xce\x90\x76\x87\x8c",
- .klen = 32,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09"
- "\xbf\x23\x11\xc6\x87\xf0\x42\x26"
- "\x22\x44\x4e\xc4\x47\x8e\x6e\x41",
- .assoc = "",
- .alen = 0,
- .input = "\x79",
- .ilen = 1,
- .result = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16"
- "\x9e\x89\xd9\x06\xa6\xa8\x14\x29"
- "\x8b",
- .rlen = 17,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e"
- "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39"
- "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62",
- .klen = 32,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f"
- "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40"
- "\xe3\x71\x2d\x9c\x21\xed\x0e\x18",
- .assoc = "",
- .alen = 0,
- .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .ilen = 15,
- .result = "\x09\x94\x1f\xa6\x13\xc3\x74\x75"
- "\x17\xad\x8a\x0e\xd8\x66\x9a\x28"
- "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a"
- "\x9f\x3b\xd7\xdd\x66\xd1\x2b",
- .rlen = 31,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94"
- "\x49\xf7\xa5\xad\x50\x88\x66\x53"
- "\x74\x94\xd4\x7f\x44\x34\xc5\x39",
- .klen = 32,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15"
- "\x14\xa8\x28\xce\x92\x30\x46\x59"
- "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee",
- .assoc = "",
- .alen = 0,
- .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .ilen = 16,
- .result = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f"
- "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70"
- "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1"
- "\x29\x17\xc8\x3b\x52\xa4\x98\x72",
- .rlen = 32,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a"
- "\x74\xb9\xb1\x32\x55\x28\xe8\x6d"
- "\x35\xc1\xb3\x57\x1f\x93\x64\x0f",
- .klen = 32,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c"
- "\x3e\x6a\x34\x53\x97\xd0\xc8\x73"
- "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5",
- .assoc = "",
- .alen = 0,
- .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .ilen = 17,
- .result = "\x71\x6b\x37\x0b\x02\x61\x28\x12"
- "\x83\xab\x66\x90\x84\xc7\xd1\xc5"
- "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2"
- "\xc0\x00\x39\x13\xb5\x51\x68\x44"
- "\xad",
- .rlen = 33,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0"
- "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86"
- "\xf7\xef\x91\x30\xf9\xf2\x04\xe6",
- .klen = 32,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22"
- "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d"
- "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c",
- .assoc = "",
- .alen = 0,
- .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .ilen = 31,
- .result = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f"
- "\x06\x3b\x52\x18\x49\x75\x1b\xf0"
- "\x53\x09\x72\x7b\x45\x79\xe0\xbe"
- "\x89\x85\x23\x15\xb8\x79\x07\x4c"
- "\x53\x7a\x15\x37\x0a\xee\xb7\xfb"
- "\xc4\x1f\x12\x27\xcf\x77\x90",
- .rlen = 47,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6"
- "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0"
- "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd",
- .klen = 32,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28"
- "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6"
- "\xe8\x28\xa8\xfe\x89\x69\x8b\x72",
- .assoc = "",
- .alen = 0,
- .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .ilen = 32,
- .result = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4"
- "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7"
- "\xeb\x0f\x05\x2b\xba\xb3\xca\xef"
- "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5"
- "\xbf\x7a\x3e\xcc\x31\x76\x09\x80"
- "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3",
- .rlen = 48,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad"
- "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9"
- "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93",
- .klen = 32,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e"
- "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0"
- "\xaa\x55\x87\xd6\x63\xc8\x2a\x49",
- .assoc = "\xd5",
- .alen = 1,
- .input = "",
- .ilen = 0,
- .result = "\x96\x43\x30\xca\x6c\x4f\xd7\x12"
- "\xba\xd9\xb3\x18\x86\xdf\xc3\x52",
- .rlen = 16,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3"
- "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3"
- "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a",
- .klen = 32,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
- "\xe8\x73\x62\x64\xab\x50\xd0\xda"
- "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .input = "",
- .ilen = 0,
- .result = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83"
- "\x11\x9f\xb0\x74\xee\xc7\x03\xdd",
- .rlen = 16,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9"
- "\x47\x85\xeb\xc7\x6f\x48\x72\xed"
- "\xfc\xa5\x0d\x91\x61\x6e\x81\x40",
- .klen = 32,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
- "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
- "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .input = "",
- .ilen = 0,
- .result = "\x16\x44\x73\x33\x5d\xf2\xb9\x04"
- "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1",
- .rlen = 16,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf"
- "\x72\x47\xf6\x4b\x74\xe8\xf4\x06"
- "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17",
- .klen = 32,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
- "\xee\xde\x23\x60\xf2\xe5\x08\xcc",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .input = "",
- .ilen = 0,
- .result = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45"
- "\x98\x54\x8c\xed\x3d\x17\xf0\xdd",
- .rlen = 16,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6"
- "\x9c\x0a\x02\xd0\x79\x88\x76\x20"
- "\x7f\x00\xca\x42\x15\x2c\xbf\xed",
- .klen = 32,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .input = "",
- .ilen = 0,
- .result = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0"
- "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc",
- .rlen = 16,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc"
- "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a"
- "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4",
- .klen = 32,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .input = "",
- .ilen = 0,
- .result = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1"
- "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0",
- .rlen = 16,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2"
- "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53"
- "\x02\x5b\x88\xf3\xca\xea\xfe\x9b",
- .klen = 32,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54"
- "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a"
- "\x32\x67\xc0\xe9\x80\x02\xe5\x50",
- .assoc = "\x40",
- .alen = 1,
- .input = "\x4f",
- .ilen = 1,
- .result = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b"
- "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83"
- "\xc7",
- .rlen = 17,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8"
- "\x1b\x50\x25\x5d\x89\x68\xfc\x6d"
- "\xc3\x89\x67\xcb\xa4\x49\x9d\x71",
- .klen = 32,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
- "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
- "\xf4\x94\x9f\xc1\x5a\x61\x85\x27",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .ilen = 15,
- .result = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba"
- "\x7e\x98\x83\x02\x34\x23\xf7\x94"
- "\xde\x35\xe6\x1d\x14\x18\xe5\x38"
- "\x14\x80\x6a\xa7\x1b\xae\x1d",
- .rlen = 31,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf"
- "\x46\x13\x31\xe1\x8e\x08\x7e\x87"
- "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48",
- .klen = 32,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
- "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
- "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .ilen = 16,
- .result = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01"
- "\xbe\x28\x98\x10\x6f\xe9\x61\x32"
- "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9"
- "\x46\x2d\x55\xe3\x42\x67\xf2\xaf",
- .rlen = 32,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5"
- "\x70\xd5\x3c\x65\x93\xa8\x00\xa0"
- "\x46\xe4\x25\x7c\x58\x08\xdb\x1e",
- .klen = 32,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
- "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .ilen = 17,
- .result = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8"
- "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e"
- "\x87\x9d\x26\xdf\xff\x81\x11\xd2"
- "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b"
- "\x55",
- .rlen = 33,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb"
- "\x9a\x97\x48\xe9\x98\x48\x82\xba"
- "\x07\x11\x04\x54\x32\x67\x7b\xf5",
- .klen = 32,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .ilen = 31,
- .result = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5"
- "\x69\x7f\x7a\xdd\x8c\x46\xda\xba"
- "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2"
- "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66"
- "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b"
- "\xdf\xb8\xea\xd8\xa9\x38\xed",
- .rlen = 47,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1"
- "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4"
- "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb",
- .klen = 32,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .ilen = 32,
- .result = "\xd3\x68\x14\x70\x3c\x01\x43\x86"
- "\x02\xab\xbe\x75\xaa\xe7\xf5\x53"
- "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61"
- "\x8f\x69\x05\x75\x8e\xca\x60\x0c"
- "\x5b\xa2\x48\x61\x32\x74\x11\x2b"
- "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a",
- .rlen = 48,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7"
- "\xef\x1c\x5f\xf2\xa3\x88\x86\xed"
- "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2",
- .klen = 32,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .ilen = 65,
- .result = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2"
- "\x15\x3a\x6c\x72\x83\x9b\xb1\x75"
- "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4"
- "\x1a\x93\x33\x79\x97\x82\x81\xc0"
- "\x96\xc2\x00\xab\x39\xae\xa1\x62"
- "\x53\xa3\x86\xc9\x07\x8c\xaf\x22"
- "\x47\x31\x29\xca\x4a\x95\xf5\xd5"
- "\x20\x63\x5a\x54\x80\x2c\x4a\x63"
- "\xfb\x18\x73\x31\x4f\x08\x21\x5d"
- "\x20\xe9\xc3\x7e\xea\x25\x77\x3a"
- "\x65",
- .rlen = 81,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe"
- "\x19\xde\x6b\x76\xa8\x28\x08\x07"
- "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79",
- .klen = 32,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .ilen = 33,
- .result = "\x33\xc1\xda\xfa\x15\x21\x07\x8e"
- "\x93\x68\xea\x64\x7b\x3d\x4b\x6b"
- "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2"
- "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81"
- "\x26\x3a\x5a\x09\xe8\xce\x73\x72"
- "\xde\x7b\x58\x9e\x85\xb9\xa4\x28"
- "\xda",
- .rlen = 49,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04"
- "\x44\xa1\x76\xfb\xad\xc8\x8a\x21"
- "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f",
- .klen = 32,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
- "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
- "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .ilen = 16,
- .result = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02"
- "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99"
- "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b"
- "\xc7\xff\xbd\xbc\x85\x09\x0b",
- .rlen = 31,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a"
- "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a"
- "\xce\xf5\x5e\x8e\x75\x42\x97\x26",
- .klen = 32,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
- "\x39\x14\x05\xa0\xf3\x10\xec\x41"
- "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .ilen = 16,
- .result = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e"
- "\x6c\xd9\x84\x63\x70\x97\x61\x37"
- "\x08\x2f\x16\x90\x9e\x62\x30\x0d"
- "\x62\xd5\xc8\xf0\x46\x1a",
- .rlen = 30,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10"
- "\x98\x25\x8d\x03\xb7\x08\x8e\x54"
- "\x90\x23\x3d\x67\x4f\xa1\x36\xfc",
- .klen = 32,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92"
- "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
- "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .ilen = 16,
- .result = "\xce\xf3\x17\x87\x49\xc2\x00\x46"
- "\xc6\x12\x5c\x8f\x81\x38\xaa\x55"
- "\xf8\x67\x75\xf1\x75\xe3\x2a\x24",
- .rlen = 24,
- },
-};
-
-static const struct aead_testvec aegis256_dec_tv_template[] = {
- {
- .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81"
- "\xca\xb0\x82\x21\x41\xa8\xe0\x06"
- "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5",
- .klen = 32,
- .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
- "\x40\x6d\x59\x48\xfc\x92\x61\x03"
- "\x95\x61\x05\x42\x82\x50\xc0\x0c"
- "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b",
- .assoc = "",
- .alen = 0,
- .input = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa"
- "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87"
- "\xf4\x72\x8e\xa5\x46\x48\x62\x20"
- "\xf1\x38\x16\xce\x90\x76\x87\x8c",
- .klen = 32,
- .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
- "\xc1\x47\x0b\xda\xf6\xb6\x23\x09"
- "\xbf\x23\x11\xc6\x87\xf0\x42\x26"
- "\x22\x44\x4e\xc4\x47\x8e\x6e\x41",
- .assoc = "",
- .alen = 0,
- .input = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16"
- "\x9e\x89\xd9\x06\xa6\xa8\x14\x29"
- "\x8b",
- .ilen = 17,
- .result = "\x79",
- .rlen = 1,
- }, {
- .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e"
- "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39"
- "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62",
- .klen = 32,
- .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
- "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f"
- "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40"
- "\xe3\x71\x2d\x9c\x21\xed\x0e\x18",
- .assoc = "",
- .alen = 0,
- .input = "\x09\x94\x1f\xa6\x13\xc3\x74\x75"
- "\x17\xad\x8a\x0e\xd8\x66\x9a\x28"
- "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a"
- "\x9f\x3b\xd7\xdd\x66\xd1\x2b",
- .ilen = 31,
- .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47",
- .rlen = 15,
- }, {
- .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94"
- "\x49\xf7\xa5\xad\x50\x88\x66\x53"
- "\x74\x94\xd4\x7f\x44\x34\xc5\x39",
- .klen = 32,
- .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
- "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15"
- "\x14\xa8\x28\xce\x92\x30\x46\x59"
- "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee",
- .assoc = "",
- .alen = 0,
- .input = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f"
- "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70"
- "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1"
- "\x29\x17\xc8\x3b\x52\xa4\x98\x72",
- .ilen = 32,
- .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .rlen = 16,
- }, {
- .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a"
- "\x74\xb9\xb1\x32\x55\x28\xe8\x6d"
- "\x35\xc1\xb3\x57\x1f\x93\x64\x0f",
- .klen = 32,
- .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
- "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c"
- "\x3e\x6a\x34\x53\x97\xd0\xc8\x73"
- "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5",
- .assoc = "",
- .alen = 0,
- .input = "\x71\x6b\x37\x0b\x02\x61\x28\x12"
- "\x83\xab\x66\x90\x84\xc7\xd1\xc5"
- "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2"
- "\xc0\x00\x39\x13\xb5\x51\x68\x44"
- "\xad",
- .ilen = 33,
- .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
- "\xd3",
- .rlen = 17,
- }, {
- .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0"
- "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86"
- "\xf7\xef\x91\x30\xf9\xf2\x04\xe6",
- .klen = 32,
- .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
- "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22"
- "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d"
- "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c",
- .assoc = "",
- .alen = 0,
- .input = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f"
- "\x06\x3b\x52\x18\x49\x75\x1b\xf0"
- "\x53\x09\x72\x7b\x45\x79\xe0\xbe"
- "\x89\x85\x23\x15\xb8\x79\x07\x4c"
- "\x53\x7a\x15\x37\x0a\xee\xb7\xfb"
- "\xc4\x1f\x12\x27\xcf\x77\x90",
- .ilen = 47,
- .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
- "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
- "\x88\x11\x39\x12\x1c\x3a\xbb",
- .rlen = 31,
- }, {
- .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6"
- "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0"
- "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd",
- .klen = 32,
- .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
- "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28"
- "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6"
- "\xe8\x28\xa8\xfe\x89\x69\x8b\x72",
- .assoc = "",
- .alen = 0,
- .input = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4"
- "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7"
- "\xeb\x0f\x05\x2b\xba\xb3\xca\xef"
- "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5"
- "\xbf\x7a\x3e\xcc\x31\x76\x09\x80"
- "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3",
- .ilen = 48,
- .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
- "\x28\x50\x51\x9d\x24\x60\x8d\xb3"
- "\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
- .rlen = 32,
- }, {
- .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad"
- "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9"
- "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93",
- .klen = 32,
- .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
- "\xc6\x64\x37\x42\xd2\x90\xb3\x2e"
- "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0"
- "\xaa\x55\x87\xd6\x63\xc8\x2a\x49",
- .assoc = "\xd5",
- .alen = 1,
- .input = "\x96\x43\x30\xca\x6c\x4f\xd7\x12"
- "\xba\xd9\xb3\x18\x86\xdf\xc3\x52",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3"
- "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3"
- "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a",
- .klen = 32,
- .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
- "\xe8\x73\x62\x64\xab\x50\xd0\xda"
- "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f",
- .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
- "\x68\x75\x16\xf8\xcb\x7e\xa7",
- .alen = 15,
- .input = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83"
- "\x11\x9f\xb0\x74\xee\xc7\x03\xdd",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9"
- "\x47\x85\xeb\xc7\x6f\x48\x72\xed"
- "\xfc\xa5\x0d\x91\x61\x6e\x81\x40",
- .klen = 32,
- .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
- "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
- "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
- .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
- "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
- .alen = 16,
- .input = "\x16\x44\x73\x33\x5d\xf2\xb9\x04"
- "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf"
- "\x72\x47\xf6\x4b\x74\xe8\xf4\x06"
- "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17",
- .klen = 32,
- .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
- "\xee\xde\x23\x60\xf2\xe5\x08\xcc",
- .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
- "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
- "\x07",
- .alen = 17,
- .input = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45"
- "\x98\x54\x8c\xed\x3d\x17\xf0\xdd",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6"
- "\x9c\x0a\x02\xd0\x79\x88\x76\x20"
- "\x7f\x00\xca\x42\x15\x2c\xbf\xed",
- .klen = 32,
- .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3",
- .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
- "\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
- "\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
- "\xe0\x17\x3a\x2e\x83\x5c\x8f",
- .alen = 31,
- .input = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0"
- "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc"
- "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a"
- "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4",
- .klen = 32,
- .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
- .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
- "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
- "\x5c\x2d\x14\x96\x01\x78\xb9\x47"
- "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
- .alen = 32,
- .input = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1"
- "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2"
- "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53"
- "\x02\x5b\x88\xf3\xca\xea\xfe\x9b",
- .klen = 32,
- .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
- "\xcc\x81\x63\xab\xae\x6b\x43\x54"
- "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a"
- "\x32\x67\xc0\xe9\x80\x02\xe5\x50",
- .assoc = "\x40",
- .alen = 1,
- .input = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b"
- "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83"
- "\xc7",
- .ilen = 17,
- .result = "\x4f",
- .rlen = 1,
- }, {
- .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8"
- "\x1b\x50\x25\x5d\x89\x68\xfc\x6d"
- "\xc3\x89\x67\xcb\xa4\x49\x9d\x71",
- .klen = 32,
- .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
- "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
- "\xf4\x94\x9f\xc1\x5a\x61\x85\x27",
- .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .alen = 15,
- .input = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba"
- "\x7e\x98\x83\x02\x34\x23\xf7\x94"
- "\xde\x35\xe6\x1d\x14\x18\xe5\x38"
- "\x14\x80\x6a\xa7\x1b\xae\x1d",
- .ilen = 31,
- .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67",
- .rlen = 15,
- }, {
- .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf"
- "\x46\x13\x31\xe1\x8e\x08\x7e\x87"
- "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48",
- .klen = 32,
- .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
- "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
- "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
- .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .alen = 16,
- .input = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01"
- "\xbe\x28\x98\x10\x6f\xe9\x61\x32"
- "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9"
- "\x46\x2d\x55\xe3\x42\x67\xf2\xaf",
- .ilen = 32,
- .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .rlen = 16,
- }, {
- .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5"
- "\x70\xd5\x3c\x65\x93\xa8\x00\xa0"
- "\x46\xe4\x25\x7c\x58\x08\xdb\x1e",
- .klen = 32,
- .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
- "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4",
- .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .alen = 17,
- .input = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8"
- "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e"
- "\x87\x9d\x26\xdf\xff\x81\x11\xd2"
- "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b"
- "\x55",
- .ilen = 33,
- .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
- "\xd0",
- .rlen = 17,
- }, {
- .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb"
- "\x9a\x97\x48\xe9\x98\x48\x82\xba"
- "\x07\x11\x04\x54\x32\x67\x7b\xf5",
- .klen = 32,
- .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa",
- .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .alen = 31,
- .input = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5"
- "\x69\x7f\x7a\xdd\x8c\x46\xda\xba"
- "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2"
- "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66"
- "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b"
- "\xdf\xb8\xea\xd8\xa9\x38\xed",
- .ilen = 47,
- .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70"
- "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
- "\x98\x34\xab\x37\x56\xae\x32",
- .rlen = 31,
- }, {
- .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1"
- "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4"
- "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb",
- .klen = 32,
- .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
- .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .alen = 32,
- .input = "\xd3\x68\x14\x70\x3c\x01\x43\x86"
- "\x02\xab\xbe\x75\xaa\xe7\xf5\x53"
- "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61"
- "\x8f\x69\x05\x75\x8e\xca\x60\x0c"
- "\x5b\xa2\x48\x61\x32\x74\x11\x2b"
- "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a",
- .ilen = 48,
- .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76"
- "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
- "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
- .rlen = 32,
- }, {
- .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7"
- "\xef\x1c\x5f\xf2\xa3\x88\x86\xed"
- "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2",
- .klen = 32,
- .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58",
- .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d",
- .alen = 33,
- .input = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2"
- "\x15\x3a\x6c\x72\x83\x9b\xb1\x75"
- "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4"
- "\x1a\x93\x33\x79\x97\x82\x81\xc0"
- "\x96\xc2\x00\xab\x39\xae\xa1\x62"
- "\x53\xa3\x86\xc9\x07\x8c\xaf\x22"
- "\x47\x31\x29\xca\x4a\x95\xf5\xd5"
- "\x20\x63\x5a\x54\x80\x2c\x4a\x63"
- "\xfb\x18\x73\x31\x4f\x08\x21\x5d"
- "\x20\xe9\xc3\x7e\xea\x25\x77\x3a"
- "\x65",
- .ilen = 81,
- .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
- "\x4f\x2e\xe8\x55\x66\x80\x27\x00"
- "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
- "\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
- "\x0a\x34\x97\xff\x47\x37\xb0\x2a"
- "\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
- "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
- "\xbd",
- .rlen = 65,
- }, {
- .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe"
- "\x19\xde\x6b\x76\xa8\x28\x08\x07"
- "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79",
- .klen = 32,
- .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e",
- .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .alen = 65,
- .input = "\x33\xc1\xda\xfa\x15\x21\x07\x8e"
- "\x93\x68\xea\x64\x7b\x3d\x4b\x6b"
- "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2"
- "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81"
- "\x26\x3a\x5a\x09\xe8\xce\x73\x72"
- "\xde\x7b\x58\x9e\x85\xb9\xa4\x28"
- "\xda",
- .ilen = 49,
- .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
- "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
- "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
- "\x2f",
- .rlen = 33,
- }, {
- .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04"
- "\x44\xa1\x76\xfb\xad\xc8\x8a\x21"
- "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f",
- .klen = 32,
- .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
- "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
- "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
- .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .alen = 16,
- .input = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02"
- "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99"
- "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b"
- "\xc7\xff\xbd\xbc\x85\x09\x0b",
- .ilen = 31,
- .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .rlen = 16,
- }, {
- .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a"
- "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a"
- "\xce\xf5\x5e\x8e\x75\x42\x97\x26",
- .klen = 32,
- .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
- "\x39\x14\x05\xa0\xf3\x10\xec\x41"
- "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
- .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .alen = 16,
- .input = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e"
- "\x6c\xd9\x84\x63\x70\x97\x61\x37"
- "\x08\x2f\x16\x90\x9e\x62\x30\x0d"
- "\x62\xd5\xc8\xf0\x46\x1a",
- .ilen = 30,
- .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .rlen = 16,
- }, {
- .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10"
- "\x98\x25\x8d\x03\xb7\x08\x8e\x54"
- "\x90\x23\x3d\x67\x4f\xa1\x36\xfc",
- .klen = 32,
- .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92"
- "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
- "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
- .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .alen = 16,
- .input = "\xce\xf3\x17\x87\x49\xc2\x00\x46"
- "\xc6\x12\x5c\x8f\x81\x38\xaa\x55"
- "\xf8\x67\x75\xf1\x75\xe3\x2a\x24",
- .ilen = 24,
- .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .rlen = 16,
- },
-};
-
-/*
- * MORUS-640 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/morus640128v2/)
- */
-static const struct aead_testvec morus640_enc_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 16,
- .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .assoc = "",
- .alen = 0,
- .input = "",
- .ilen = 0,
- .result = "\x89\x62\x7d\xf3\x07\x9d\x52\x05"
- "\x53\xc3\x04\x60\x93\xb4\x37\x9a",
- .rlen = 16,
- }, {
- .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
- "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
- .klen = 16,
- .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .assoc = "",
- .alen = 0,
- .input = "\x69",
- .ilen = 1,
- .result = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78"
- "\xb6\x10\x9a\x59\x5f\x61\x37\x70"
- "\x09",
- .rlen = 17,
- }, {
- .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
- "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
- .klen = 16,
- .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .assoc = "",
- .alen = 0,
- .input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
- "\x62\x58\xe9\x8f\xef\xa4\x17",
- .ilen = 15,
- .result = "\x76\xdd\xb9\x05\x3d\xce\x61\x38"
- "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5"
- "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b"
- "\xd4\x6e\xfe\xd9\xc8\x63\x4b",
- .rlen = 31,
- }, {
- .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
- .klen = 16,
- .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .assoc = "",
- .alen = 0,
- .input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
- "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97",
- .ilen = 16,
- .result = "\xdc\x72\xe8\x14\xfb\x63\xad\x72"
- "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6"
- "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c"
- "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c",
- .rlen = 32,
- }, {
- .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .klen = 16,
- .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .assoc = "",
- .alen = 0,
- .input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
- "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
- "\x09",
- .ilen = 17,
- .result = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82"
- "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f"
- "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2"
- "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2"
- "\x0d",
- .rlen = 33,
- }, {
- .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
- .klen = 16,
- .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .assoc = "",
- .alen = 0,
- .input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
- "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
- "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
- "\x57\x05\x01\x1c\x66\x22\xd3",
- .ilen = 31,
- .result = "\x59\xd1\x0f\x6b\xee\x27\x84\x92"
- "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5"
- "\x50\x32\xb4\x9a\x2e\x35\x83\x55"
- "\x36\x12\x12\xed\xa3\x31\xc5\x30"
- "\xa7\xe2\x4a\x6d\x05\x59\x43\x91"
- "\x75\xfa\x6c\x17\xc6\x73\xca",
- .rlen = 47,
- }, {
- .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
- .klen = 16,
- .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .assoc = "",
- .alen = 0,
- .input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
- "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
- "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
- "\x19\x33\xe0\xf4\x40\x81\x72\x28",
- .ilen = 32,
- .result = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1"
- "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69"
- "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39"
- "\x1b\xde\x68\x38\xcc\x27\x52\xc5"
- "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c"
- "\x65\x9e\x58\xe6\x52\xa2\xfe\x59",
- .rlen = 48,
- }, {
- .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
- .klen = 16,
- .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .assoc = "\xc5",
- .alen = 1,
- .input = "",
- .ilen = 0,
- .result = "\x56\xe7\x24\x52\xdd\x95\x60\x5b"
- "\x09\x48\x39\x69\x9c\xb3\x62\x46",
- .rlen = 16,
- }, {
- .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
- "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
- .klen = 16,
- .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76",
- .alen = 15,
- .input = "",
- .ilen = 0,
- .result = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01"
- "\x13\xe5\x73\x46\x46\xf2\x5c\xe1",
- .rlen = 16,
- }, {
- .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
- "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
- .klen = 16,
- .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .alen = 16,
- .input = "",
- .ilen = 0,
- .result = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac"
- "\xa9\x21\x45\x0b\x16\x52\xf7\xe1",
- .rlen = 16,
- }, {
- .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
- "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
- .klen = 16,
- .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c",
- .alen = 17,
- .input = "",
- .ilen = 0,
- .result = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9"
- "\xbb\xa8\x62\xad\x0a\xf5\x48\x60",
- .rlen = 16,
- }, {
- .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
- "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
- .klen = 16,
- .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7",
- .alen = 31,
- .input = "",
- .ilen = 0,
- .result = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d"
- "\x4b\xef\x75\x16\x0a\x99\xae\x6b",
- .rlen = 16,
- }, {
- .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
- "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
- .klen = 16,
- .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
- .alen = 32,
- .input = "",
- .ilen = 0,
- .result = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f"
- "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0",
- .rlen = 16,
- }, {
- .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
- "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
- .klen = 16,
- .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .assoc = "\x31",
- .alen = 1,
- .input = "\x40",
- .ilen = 1,
- .result = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38"
- "\x01\xfe\x84\x14\x85\xf8\xd1\xe3"
- "\x22",
- .rlen = 17,
- }, {
- .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
- "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
- .klen = 16,
- .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06",
- .alen = 15,
- .input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .ilen = 15,
- .result = "\x77\x32\x61\xeb\xb4\x33\x29\x92"
- "\x29\x95\xc5\x8e\x85\x76\xab\xfc"
- "\x07\x95\xa7\x44\x74\xf7\x22\xff"
- "\xd8\xd8\x36\x3d\x8a\x7f\x9e",
- .rlen = 31,
- }, {
- .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
- .klen = 16,
- .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .alen = 16,
- .input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .ilen = 16,
- .result = "\xd8\xfd\x44\x45\xf6\x42\x12\x38"
- "\xf2\x0b\xea\x4f\x9e\x11\x61\x07"
- "\x48\x67\x98\x18\x9b\xd0\x0c\x59"
- "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70",
- .rlen = 32,
- }, {
- .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .klen = 16,
- .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b",
- .alen = 17,
- .input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .ilen = 17,
- .result = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6"
- "\x71\x3a\x00\x9f\x41\x88\xb0\xb2"
- "\x71\x83\x85\x5f\xc8\x79\x0a\x99"
- "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9"
- "\x83",
- .rlen = 33,
- }, {
- .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
- .klen = 16,
- .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62",
- .alen = 31,
- .input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .ilen = 31,
- .result = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06"
- "\x5c\x7b\xef\x64\x87\x00\xd1\x37"
- "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0"
- "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a"
- "\x2d\x21\x30\xf9\x02\xdb\x06\x0c"
- "\xf1\x5a\x66\x69\xe0\xca\x83",
- .rlen = 47,
- }, {
- .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70",
- .klen = 16,
- .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
- .alen = 32,
- .input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .ilen = 32,
- .result = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2"
- "\x70\x57\x37\xc5\xc2\x4f\x8d\x14"
- "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2"
- "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54"
- "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa"
- "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81",
- .rlen = 48,
- }, {
- .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
- .klen = 16,
- .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
- "\x1a",
- .alen = 33,
- .input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
- "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
- "\x75\x73\x20\x30\x59\x54\xb2\xf0"
- "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
- "\x8a",
- .ilen = 65,
- .result = "\xc7\xca\x26\x61\x57\xee\xa2\xb9"
- "\xb1\x37\xde\x95\x06\x90\x11\x08"
- "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1"
- "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76"
- "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5"
- "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb"
- "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b"
- "\xef\x35\x25\x48\xed\xcf\x29\xa8"
- "\xac\xc3\xb9\xcb\x61\x8f\x73\x92"
- "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1"
- "\xc4",
- .rlen = 81,
- }, {
- .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
- .klen = 16,
- .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
- "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
- "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
- "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
- "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
- "\x21",
- .alen = 65,
- .input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac",
- .ilen = 33,
- .result = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b"
- "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40"
- "\xf3\x78\x63\x34\x89\x79\x39\x6b"
- "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3"
- "\x54\x0b\xea\x05\xa6\x95\x64\xed"
- "\x3d\x69\xa2\x0c\x27\x56\x2f\x34"
- "\x66",
- .rlen = 49,
- }, {
- .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
- .klen = 16,
- .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .alen = 16,
- .input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .ilen = 16,
- .result = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f"
- "\x33\x98\x87\xde\x08\xb6\xb6\xae"
- "\x3e\xa4\xf8\x19\xf1\x92\x60\x39"
- "\xb9\x6b\x3f\xdf\xc8\xcb\x30",
- .rlen = 31,
- }, {
- .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .klen = 16,
- .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .alen = 16,
- .input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .ilen = 16,
- .result = "\x74\x7d\x70\x07\xe9\xba\x01\xee"
- "\x6c\xc6\x6f\x50\x25\x33\xbe\x50"
- "\x17\xb8\x17\x62\xed\x80\xa2\xf5"
- "\x03\xde\x85\x71\x5d\x34",
- .rlen = 30,
- }, {
- .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .klen = 16,
- .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .alen = 16,
- .input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .ilen = 16,
- .result = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38"
- "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf"
- "\xba\xea\xd4\xfa\x3f\x11\x33\x98",
- .rlen = 24,
- }, {
- .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .klen = 16,
- .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
- "\x36\xab\xde\xc6\x6d\x32\x70\x17",
- .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
- "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98",
- .alen = 16,
- .input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
- "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a",
- .ilen = 16,
- .result = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86"
- "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c"
- "\x6e",
- .rlen = 17,
- },
-};
-
-static const struct aead_testvec morus640_dec_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 16,
- .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .assoc = "",
- .alen = 0,
- .input = "\x89\x62\x7d\xf3\x07\x9d\x52\x05"
- "\x53\xc3\x04\x60\x93\xb4\x37\x9a",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
- "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
- .klen = 16,
- .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .assoc = "",
- .alen = 0,
- .input = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78"
- "\xb6\x10\x9a\x59\x5f\x61\x37\x70"
- "\x09",
- .ilen = 17,
- .result = "\x69",
- .rlen = 1,
- }, {
- .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
- "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
- .klen = 16,
- .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .assoc = "",
- .alen = 0,
- .input = "\x76\xdd\xb9\x05\x3d\xce\x61\x38"
- "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5"
- "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b"
- "\xd4\x6e\xfe\xd9\xc8\x63\x4b",
- .ilen = 31,
- .result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
- "\x62\x58\xe9\x8f\xef\xa4\x17",
- .rlen = 15,
- }, {
- .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
- .klen = 16,
- .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .assoc = "",
- .alen = 0,
- .input = "\xdc\x72\xe8\x14\xfb\x63\xad\x72"
- "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6"
- "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c"
- "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c",
- .ilen = 32,
- .result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
- "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97",
- .rlen = 16,
- }, {
- .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .klen = 16,
- .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .assoc = "",
- .alen = 0,
- .input = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82"
- "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f"
- "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2"
- "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2"
- "\x0d",
- .ilen = 33,
- .result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
- "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
- "\x09",
- .rlen = 17,
- }, {
- .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
- .klen = 16,
- .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .assoc = "",
- .alen = 0,
- .input = "\x59\xd1\x0f\x6b\xee\x27\x84\x92"
- "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5"
- "\x50\x32\xb4\x9a\x2e\x35\x83\x55"
- "\x36\x12\x12\xed\xa3\x31\xc5\x30"
- "\xa7\xe2\x4a\x6d\x05\x59\x43\x91"
- "\x75\xfa\x6c\x17\xc6\x73\xca",
- .ilen = 47,
- .result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
- "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
- "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
- "\x57\x05\x01\x1c\x66\x22\xd3",
- .rlen = 31,
- }, {
- .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
- .klen = 16,
- .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .assoc = "",
- .alen = 0,
- .input = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1"
- "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69"
- "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39"
- "\x1b\xde\x68\x38\xcc\x27\x52\xc5"
- "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c"
- "\x65\x9e\x58\xe6\x52\xa2\xfe\x59",
- .ilen = 48,
- .result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
- "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
- "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
- "\x19\x33\xe0\xf4\x40\x81\x72\x28",
- .rlen = 32,
- }, {
- .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
- .klen = 16,
- .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .assoc = "\xc5",
- .alen = 1,
- .input = "\x56\xe7\x24\x52\xdd\x95\x60\x5b"
- "\x09\x48\x39\x69\x9c\xb3\x62\x46",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
- "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
- .klen = 16,
- .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76",
- .alen = 15,
- .input = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01"
- "\x13\xe5\x73\x46\x46\xf2\x5c\xe1",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
- "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
- .klen = 16,
- .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
- .alen = 16,
- .input = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac"
- "\xa9\x21\x45\x0b\x16\x52\xf7\xe1",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
- "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
- .klen = 16,
- .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c",
- .alen = 17,
- .input = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9"
- "\xbb\xa8\x62\xad\x0a\xf5\x48\x60",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
- "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
- .klen = 16,
- .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7",
- .alen = 31,
- .input = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d"
- "\x4b\xef\x75\x16\x0a\x99\xae\x6b",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
- "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
- .klen = 16,
- .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
- .alen = 32,
- .input = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f"
- "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
- "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
- .klen = 16,
- .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .assoc = "\x31",
- .alen = 1,
- .input = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38"
- "\x01\xfe\x84\x14\x85\xf8\xd1\xe3"
- "\x22",
- .ilen = 17,
- .result = "\x40",
- .rlen = 1,
- }, {
- .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
- "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
- .klen = 16,
- .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06",
- .alen = 15,
- .input = "\x77\x32\x61\xeb\xb4\x33\x29\x92"
- "\x29\x95\xc5\x8e\x85\x76\xab\xfc"
- "\x07\x95\xa7\x44\x74\xf7\x22\xff"
- "\xd8\xd8\x36\x3d\x8a\x7f\x9e",
- .ilen = 31,
- .result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37",
- .rlen = 15,
- }, {
- .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
- .klen = 16,
- .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
- .alen = 16,
- .input = "\xd8\xfd\x44\x45\xf6\x42\x12\x38"
- "\xf2\x0b\xea\x4f\x9e\x11\x61\x07"
- "\x48\x67\x98\x18\x9b\xd0\x0c\x59"
- "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70",
- .ilen = 32,
- .result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
- .rlen = 16,
- }, {
- .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .klen = 16,
- .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b",
- .alen = 17,
- .input = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6"
- "\x71\x3a\x00\x9f\x41\x88\xb0\xb2"
- "\x71\x83\x85\x5f\xc8\x79\x0a\x99"
- "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9"
- "\x83",
- .ilen = 33,
- .result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05",
- .rlen = 17,
- }, {
- .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
- .klen = 16,
- .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62",
- .alen = 31,
- .input = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06"
- "\x5c\x7b\xef\x64\x87\x00\xd1\x37"
- "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0"
- "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a"
- "\x2d\x21\x30\xf9\x02\xdb\x06\x0c"
- "\xf1\x5a\x66\x69\xe0\xca\x83",
- .ilen = 47,
- .result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a",
- .rlen = 31,
- }, {
- .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70",
- .klen = 16,
- .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
- .alen = 32,
- .input = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2"
- "\x70\x57\x37\xc5\xc2\x4f\x8d\x14"
- "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2"
- "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54"
- "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa"
- "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81",
- .ilen = 48,
- .result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37",
- .rlen = 32,
- }, {
- .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
- .klen = 16,
- .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
- "\x1a",
- .alen = 33,
- .input = "\xc7\xca\x26\x61\x57\xee\xa2\xb9"
- "\xb1\x37\xde\x95\x06\x90\x11\x08"
- "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1"
- "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76"
- "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5"
- "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb"
- "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b"
- "\xef\x35\x25\x48\xed\xcf\x29\xa8"
- "\xac\xc3\xb9\xcb\x61\x8f\x73\x92"
- "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1"
- "\xc4",
- .ilen = 81,
- .result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
- "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
- "\x75\x73\x20\x30\x59\x54\xb2\xf0"
- "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
- "\x8a",
- .rlen = 65,
- }, {
- .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
- .klen = 16,
- .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
- "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
- "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
- "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
- "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
- "\x21",
- .alen = 65,
- .input = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b"
- "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40"
- "\xf3\x78\x63\x34\x89\x79\x39\x6b"
- "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3"
- "\x54\x0b\xea\x05\xa6\x95\x64\xed"
- "\x3d\x69\xa2\x0c\x27\x56\x2f\x34"
- "\x66",
- .ilen = 49,
- .result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac",
- .rlen = 33,
- }, {
- .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
- .klen = 16,
- .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
- .alen = 16,
- .input = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f"
- "\x33\x98\x87\xde\x08\xb6\xb6\xae"
- "\x3e\xa4\xf8\x19\xf1\x92\x60\x39"
- "\xb9\x6b\x3f\xdf\xc8\xcb\x30",
- .ilen = 31,
- .result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07",
- .rlen = 16,
- }, {
- .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .klen = 16,
- .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
- .alen = 16,
- .input = "\x74\x7d\x70\x07\xe9\xba\x01\xee"
- "\x6c\xc6\x6f\x50\x25\x33\xbe\x50"
- "\x17\xb8\x17\x62\xed\x80\xa2\xf5"
- "\x03\xde\x85\x71\x5d\x34",
- .ilen = 30,
- .result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
- .rlen = 16,
- }, {
- .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .klen = 16,
- .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92",
- .alen = 16,
- .input = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38"
- "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf"
- "\xba\xea\xd4\xfa\x3f\x11\x33\x98",
- .ilen = 24,
- .result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
- .rlen = 16,
- }, {
- .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .klen = 16,
- .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
- "\x36\xab\xde\xc6\x6d\x32\x70\x17",
- .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
- "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98",
- .alen = 16,
- .input = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86"
- "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c"
- "\x6e",
- .ilen = 17,
- .result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
- "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a",
- .rlen = 16,
- },
-};
-
-/*
- * MORUS-1280 test vectors - generated via reference implementation from
- * SUPERCOP (https://bench.cr.yp.to/supercop.html):
- *
- * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
- * (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ )
- */
-static const struct aead_testvec morus1280_enc_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 16,
- .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .assoc = "",
- .alen = 0,
- .input = "",
- .ilen = 0,
- .result = "\x91\x85\x0f\xf5\x52\x9e\xce\xce"
- "\x65\x99\xc7\xbf\xd3\x76\xe8\x98",
- .rlen = 16,
- }, {
- .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
- "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
- .klen = 16,
- .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .assoc = "",
- .alen = 0,
- .input = "\x69",
- .ilen = 1,
- .result = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13"
- "\x96\xda\x76\x34\x33\x4e\xd5\x39"
- "\x73",
- .rlen = 17,
- }, {
- .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
- "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
- .klen = 16,
- .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .assoc = "",
- .alen = 0,
- .input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
- "\x62\x58\xe9\x8f\xef\xa4\x17\x91"
- "\xb4\x96\x9f\x6b\xce\x38\xa5\x46"
- "\x13\x7d\x64\x93\xd7\x05\xf5",
- .ilen = 31,
- .result = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22"
- "\x75\x0b\x24\xa6\x0e\xc3\xde\x52"
- "\x97\x0b\x64\xd4\xce\x90\x52\xf7"
- "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d"
- "\xe0\x61\x33\x24\xc6\x4d\x51\xbc"
- "\xa4\x21\x74\xcf\x19\x16\x59",
- .rlen = 47,
- }, {
- .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
- .klen = 16,
- .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .assoc = "",
- .alen = 0,
- .input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
- "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97"
- "\xde\x58\xab\xf0\xd3\xd8\x27\x60"
- "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4",
- .ilen = 32,
- .result = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f"
- "\xde\x9f\x77\xb2\xda\x92\x61\x5c"
- "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06"
- "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1"
- "\x9a\xff\x50\xa0\xa2\xff\xc5\xad"
- "\x21\x8e\x84\x5c\x12\x61\xb2\xae",
- .rlen = 48,
- }, {
- .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .klen = 16,
- .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .assoc = "",
- .alen = 0,
- .input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
- "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
- "\x09\x1a\xb7\x74\xd8\x78\xa9\x79"
- "\x96\xd8\x22\x43\x8c\xc3\x34\x7b"
- "\xc4",
- .ilen = 33,
- .result = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17"
- "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f"
- "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f"
- "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3"
- "\x63\xef\x88\xa4\x9b\x0a\x5c\xed"
- "\x2b\x6a\xac\x63\x52\xaa\x10\x94"
- "\xd0",
- .rlen = 49,
- }, {
- .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
- .klen = 16,
- .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .assoc = "",
- .alen = 0,
- .input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
- "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
- "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
- "\x57\x05\x01\x1c\x66\x22\xd3\x51"
- "\xd3\xdf\x18\xc9\x30\x66\xed\xb1"
- "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5"
- "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1"
- "\xe6\x16\xa2\xac\xde\x47\x40",
- .ilen = 63,
- .result = "\x7d\x61\x1a\x35\x20\xcc\x07\x88"
- "\x03\x98\x87\xcf\xc0\x6e\x4d\x19"
- "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a"
- "\x3a\x06\x77\xce\x71\x2c\xcd\xdd"
- "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc"
- "\x6c\xbe\x77\xed\x74\x0e\x20\x85"
- "\xd0\x65\xde\x24\x6f\xe3\x25\xc5"
- "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9"
- "\xe5\x81\x37\xde\x84\x7a\xf6\x84"
- "\x99\x7a\x72\x9c\x54\x31\xa1",
- .rlen = 79,
- }, {
- .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
- .klen = 16,
- .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .assoc = "",
- .alen = 0,
- .input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
- "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
- "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
- "\x19\x33\xe0\xf4\x40\x81\x72\x28"
- "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf"
- "\xb0\x68\x69\xf2\x27\x35\x91\x84"
- "\x2e\x37\x5b\x00\x04\xff\x16\x9c"
- "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a",
- .ilen = 64,
- .result = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c"
- "\xa5\x07\x12\xa7\x12\x39\x60\x66"
- "\x30\x81\x4a\x03\x78\x28\x45\x52"
- "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66"
- "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9"
- "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6"
- "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf"
- "\xeb\x71\x40\xc9\x2c\x40\x45\x6d"
- "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a"
- "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb",
- .rlen = 80,
- }, {
- .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
- .klen = 16,
- .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .assoc = "\xc5",
- .alen = 1,
- .input = "",
- .ilen = 0,
- .result = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e"
- "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3",
- .rlen = 16,
- }, {
- .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
- "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
- .klen = 16,
- .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
- "\xe8\x73\x62\x64\xab\x50\xd0\xda"
- "\x6b\x83\x66\xaf\x3e\x27\xc9",
- .alen = 31,
- .input = "",
- .ilen = 0,
- .result = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38"
- "\x03\x12\xf9\xcc\x9e\x46\x42\x92",
- .rlen = 16,
- }, {
- .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
- "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
- .klen = 16,
- .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
- "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
- "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
- .alen = 32,
- .input = "",
- .ilen = 0,
- .result = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2"
- "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0",
- .rlen = 16,
- }, {
- .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
- "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
- .klen = 16,
- .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
- "\xee\xde\x23\x60\xf2\xe5\x08\xcc"
- "\x97",
- .alen = 33,
- .input = "",
- .ilen = 0,
- .result = "\x28\x64\x78\x51\x55\xd8\x56\x4a"
- "\x58\x3e\xf7\xbe\xee\x21\xfe\x94",
- .rlen = 16,
- }, {
- .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
- "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
- .klen = 16,
- .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3"
- "\xa6\xbf\x31\x93\x60\xcd\xda\x63"
- "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb"
- "\x03\xa1\xe8\xbe\x37\x54\xec\xa2"
- "\xcd\x2c\x45\x58\xbd\x8e\x80",
- .alen = 63,
- .input = "",
- .ilen = 0,
- .result = "\xb3\xa6\x00\x4e\x09\x20\xac\x21"
- "\x77\x72\x69\x76\x2d\x36\xe5\xc8",
- .rlen = 16,
- }, {
- .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
- "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
- .klen = 16,
- .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a"
- "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60"
- "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a"
- "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d"
- "\x9c\x2f\xdb\x97\xb8\x15\x69\x01",
- .alen = 64,
- .input = "",
- .ilen = 0,
- .result = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd"
- "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14",
- .rlen = 16,
- }, {
- .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
- "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
- .klen = 16,
- .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .assoc = "\x31",
- .alen = 1,
- .input = "\x40",
- .ilen = 1,
- .result = "\x1d\x47\x17\x34\x86\xf5\x54\x1a"
- "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9"
- "\xbf",
- .rlen = 17,
- }, {
- .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
- "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
- .klen = 16,
- .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
- "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
- "\xf4\x94\x9f\xc1\x5a\x61\x85",
- .alen = 31,
- .input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37\xdb"
- "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a"
- "\x24\xa0\xd6\xb7\x11\x79\x6c",
- .ilen = 31,
- .result = "\x78\x90\x52\xae\x0f\xf7\x2e\xef"
- "\x63\x09\x08\x58\xb5\x56\xbd\x72"
- "\x6e\x42\xcf\x27\x04\x7c\xdb\x92"
- "\x18\xe9\xa4\x33\x90\xba\x62\xb5"
- "\x70\xd3\x88\x9b\x4f\x05\xa7\x51"
- "\x85\x87\x17\x09\x42\xed\x4e",
- .rlen = 47,
- }, {
- .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
- .klen = 16,
- .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
- "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
- "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
- .alen = 32,
- .input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2"
- "\xdb\x74\x36\x23\x11\x58\x3f\x93"
- "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3",
- .ilen = 32,
- .result = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41"
- "\x2e\x71\xc8\x3b\x92\x43\x58\xaf"
- "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e"
- "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a"
- "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6"
- "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7",
- .rlen = 48,
- }, {
- .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .klen = 16,
- .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
- "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4"
- "\xee",
- .alen = 33,
- .input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05\x36\x42\xa7\x16\xf8\xc1\xad"
- "\xa7\xfb\x94\x68\xc5\x37\xab\x8a"
- "\x72",
- .ilen = 33,
- .result = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc"
- "\xfd\x2e\x4b\x46\x84\xff\x78\x4e"
- "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9"
- "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd"
- "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37"
- "\x08\x06\x5a\xe5\x96\x10\x95\xc2"
- "\x5e",
- .rlen = 49,
- }, {
- .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
- .klen = 16,
- .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa"
- "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54"
- "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45"
- "\x10\x0b\x56\x85\xad\x54\xaa\x66"
- "\xa8\x43\xcd\xd4\x9b\xb7\xfa",
- .alen = 63,
- .input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a\x60"
- "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93"
- "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8"
- "\x1b\xa5\x50\xed\x87\xa9\x72\x59"
- "\x9c\x44\xb2\xa4\x99\x98\x34",
- .ilen = 63,
- .result = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22"
- "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f"
- "\xef\x36\x19\xae\x91\xfa\xd6\x63"
- "\x46\xea\x8a\x39\x14\x21\xa6\x37"
- "\x18\xfc\x97\x3e\x16\xa5\x4d\x39"
- "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d"
- "\x5e\xa2\xbf\xac\x83\x32\x72\x52"
- "\x58\x58\x23\x40\xfd\xa5\xc2\xe6"
- "\xe9\x5a\x50\x98\x00\x58\xc9\x86"
- "\x4f\x20\x37\xdb\x7b\x22\xa3",
- .rlen = 79,
- }, {
- .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70",
- .klen = 16,
- .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81"
- "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51"
- "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4"
- "\x3d\x72\x3e\x26\x16\xa9\xca\x32"
- "\x77\x47\x63\x14\x95\x3d\xe4\x34",
- .alen = 64,
- .input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37"
- "\x8f\xa1\x50\x23\x22\x4f\xe3\x91"
- "\xe9\x21\x5e\xbf\x52\x23\x95\x37"
- "\x48\x0c\x38\x8f\xf0\xff\x92\x24"
- "\x6b\x47\x49\xe3\x94\x1f\x1e\x01",
- .ilen = 64,
- .result = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb"
- "\x23\xec\x35\xe3\xae\xc9\xfb\x0b"
- "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b"
- "\x39\xda\x8b\x48\xec\xb2\x00\x4e"
- "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35"
- "\xea\x5a\xbc\xa2\x36\xa5\x89\x45"
- "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56"
- "\xec\x99\x7d\x61\xb3\x15\x93\xed"
- "\x83\x1e\xd9\x48\x84\x0b\x37\xfe"
- "\x95\x74\x44\xd5\x54\xa6\x27\x06",
- .rlen = 80,
- }, {
- .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
- .klen = 16,
- .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
- "\x1a\x22\x53\x05\x6b\x5c\x71\x4f"
- "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63"
- "\x6a\xda\x26\xc8\x7f\xff\xea\xfd"
- "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68"
- "\x58",
- .alen = 65,
- .input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
- "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
- "\x75\x73\x20\x30\x59\x54\xb2\xf0"
- "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
- "\x8a\xdf\x27\xa0\xe4\x60\x99\xae"
- "\x8e\x43\xd9\x39\x7b\x10\x40\x67"
- "\x5c\x7e\xc9\x70\x63\x34\xca\x59"
- "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d"
- "\x6a\x41\x64\x6f\x16\x7f\x65\x7e"
- "\x89\x84\x68\xeb\xb0\x51\xbe\x55"
- "\x33\x16\x59\x6c\x3b\xef\x88\xad"
- "\x2f\xab\xbc\x25\x76\x87\x41\x2f"
- "\x36",
- .ilen = 129,
- .result = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9"
- "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb"
- "\x52\xb5\xb3\xab\x50\x99\x3f\xa0"
- "\x38\xa4\x74\xa5\x04\x15\x63\x05"
- "\x8f\x54\x81\x06\x5a\x6b\xa4\x63"
- "\x6d\xa7\x21\xcb\xff\x42\x30\x8e"
- "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3"
- "\x42\x01\xe6\xbc\x75\x15\x87\xee"
- "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f"
- "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0"
- "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b"
- "\x72\xef\x94\x8d\x7a\x85\x56\xe5"
- "\x56\x08\x15\x56\xba\xaf\xbd\xf0"
- "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9"
- "\x1c\x3b\x28\x51\x7e\x77\xb2\x18"
- "\x4f\x61\x64\x37\x22\x36\x6d\x78"
- "\xed\xed\x35\xe8\x83\xa5\xec\x25"
- "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc"
- "\x20",
- .rlen = 145,
- }, {
- .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
- .klen = 16,
- .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
- "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
- "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
- "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
- "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
- "\x21\xf7\x42\x89\xac\x12\x2a\x54"
- "\x69\xee\x18\xc7\x8d\xed\xe8\xfd"
- "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1"
- "\x04\x2d\xa9\xa1\x24\x83\xff\xe9"
- "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1"
- "\xd9\x1e\x75\x72\xc1\x9f\xae\x32"
- "\xe1\x6b\xcd\x9e\x61\x19\x23\x86"
- "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9"
- "\x51",
- .alen = 129,
- .input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .ilen = 65,
- .result = "\x36\x78\xb9\x22\xde\x62\x35\x55"
- "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82"
- "\x01\xe9\x5a\x07\xea\x46\xaf\x91"
- "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2"
- "\xdb\xd2\x9d\x59\xde\xfc\x83\x00"
- "\xf5\x46\xac\x97\xd5\x57\xa9\xb9"
- "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c"
- "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4"
- "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19"
- "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf"
- "\xa2",
- .rlen = 81,
- }, {
- .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
- .klen = 16,
- .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
- "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
- "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
- .alen = 32,
- .input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07"
- "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d"
- "\x6e\xde\xee\xa2\x08\x12\xc7\xba",
- .ilen = 32,
- .result = "\x08\x1b\x95\x0e\x41\x95\x02\x4b"
- "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e"
- "\x89\x14\x33\x70\x0a\xbc\xea\x39"
- "\x88\xaa\x2b\xd5\x73\x11\x55\xf5"
- "\x33\x33\x9c\xd7\x42\x34\x49\x8e"
- "\x2f\x03\x30\x05\x47\xaf\x34",
- .rlen = 47,
- }, {
- .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .klen = 16,
- .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
- "\x39\x14\x05\xa0\xf3\x10\xec\x41"
- "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
- .alen = 32,
- .input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d"
- "\x03\xc4\x88\xc1\x35\xb8\xcd\x47"
- "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91",
- .ilen = 32,
- .result = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68"
- "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6"
- "\x25\xd8\xf7\x1f\x10\x15\x48\x61"
- "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6"
- "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98"
- "\xb9\x9c\xe5\xef\xf2\x05",
- .rlen = 46,
- }, {
- .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .klen = 16,
- .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92"
- "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
- "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
- .alen = 32,
- .input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13"
- "\x2e\x86\x93\x45\x3a\x58\x4f\x61"
- "\xf0\x3a\xac\x53\xbc\xd0\x06\x68",
- .ilen = 32,
- .result = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d"
- "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf"
- "\x1a\x5a\x70\x15\x5a\x10\x40\x51"
- "\xca\x47\x4c\x9d\xc9\x97\xf4\x77"
- "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f",
- .rlen = 40,
- }, {
- .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .klen = 16,
- .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
- "\x36\xab\xde\xc6\x6d\x32\x70\x17",
- .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
- "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98"
- "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74"
- "\x81\x5c\x53\x35\xe0\x17\xbd\x88",
- .alen = 32,
- .input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
- "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a"
- "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a"
- "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e",
- .ilen = 32,
- .result = "\xf1\x62\x44\xc7\x5f\x19\xca\x43"
- "\x47\x2c\xaf\x68\x82\xbd\x51\xef"
- "\x3d\x65\xd8\x45\x2d\x06\x07\x78"
- "\x08\x2e\xb3\x23\xcd\x81\x12\x55"
- "\x1a",
- .rlen = 33,
- }, {
- .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7"
- "\x96\x4e\x63\x33\x69\x8d\x02\x9b"
- "\x23\xf9\x22\xeb\x80\xa0\xb1\x81"
- "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4",
- .klen = 32,
- .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e"
- "\xb7\x85\x90\x58\x67\x57\x33\x1d",
- .assoc = "",
- .alen = 0,
- .input = "",
- .ilen = 0,
- .result = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf"
- "\xb9\xd2\x41\xf6\x80\xa1\x52\x70",
- .rlen = 16,
- }, {
- .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3"
- "\x17\x29\x15\xc5\x63\xb2\xc5\xa1"
- "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a"
- "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca",
- .klen = 32,
- .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a"
- "\x38\x5f\x42\xe9\x61\x7b\xf5\x23",
- .assoc = "",
- .alen = 0,
- .input = "\x53",
- .ilen = 1,
- .result = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7"
- "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78"
- "\x53",
- .rlen = 17,
- }, {
- .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef"
- "\x98\x03\xc7\x56\x5d\xd6\x87\xa8"
- "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4"
- "\x65\xce\x80\xd2\x01\x05\xcb\xa1",
- .klen = 32,
- .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75"
- "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29",
- .assoc = "",
- .alen = 0,
- .input = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83"
- "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c"
- "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7"
- "\xf6\xf0\x27\xb4\x25\x4c\x83",
- .ilen = 31,
- .result = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07"
- "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37"
- "\xa5\x64\x31\x5c\xca\x73\x9b\x43"
- "\xe6\x70\x63\x46\x95\xcb\xf7\xb5"
- "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9"
- "\xb8\x4d\x11\x42\xd1\xf8\xf1",
- .rlen = 47,
- }, {
- .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a"
- "\x19\xdd\x79\xe8\x57\xfb\x4a\xae"
- "\xa2\x40\x45\x77\x90\x80\x37\xce"
- "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77",
- .klen = 32,
- .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91"
- "\x39\x14\xa6\x0c\x55\xc4\x7b\x30",
- .assoc = "",
- .alen = 0,
- .input = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f"
- "\x7a\x81\xff\x55\x52\x56\xdc\x33"
- "\x01\x52\xcd\xdb\x53\x78\xd9\xe1"
- "\xb7\x1d\x06\x8d\xff\xab\x22\x98",
- .ilen = 32,
- .result = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37"
- "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f"
- "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a"
- "\xfb\x07\x7a\x82\xb5\xe4\x85\x26"
- "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f"
- "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6",
- .rlen = 48,
- }, {
- .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26"
- "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4"
- "\xcc\x03\x50\xfc\x95\x20\xb9\xe7"
- "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e",
- .klen = 32,
- .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad"
- "\xba\xee\x58\x9d\x4f\xe8\x3d\x36",
- .assoc = "",
- .alen = 0,
- .input = "\x08\x84\x34\x44\x9f\xde\x1c\xbb"
- "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39"
- "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb"
- "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f"
- "\x2e",
- .ilen = 33,
- .result = "\xc2\xf4\x40\x55\xf9\x59\xff\x73"
- "\x08\xf5\x98\x92\x0c\x7b\x35\x9a"
- "\xa8\xf4\x42\x7e\x6f\x93\xca\x22"
- "\x23\x06\x1e\xf8\x89\x22\xf4\x46"
- "\x7c\x7c\x67\x75\xab\xe5\x75\xaa"
- "\x15\xd7\x83\x19\xfd\x31\x59\x5b"
- "\x32",
- .rlen = 49,
- }, {
- .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42"
- "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba"
- "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01"
- "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25",
- .klen = 32,
- .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9"
- "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c",
- .assoc = "",
- .alen = 0,
- .input = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7"
- "\x7c\x35\x63\x77\x46\x9f\x61\x3f"
- "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14"
- "\x3a\x79\xc4\x3e\xb3\x69\x61\x46"
- "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73"
- "\x22\xda\x52\x8b\x7d\x11\x98\xea"
- "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad"
- "\x20\x76\x5a\xdc\x4e\x71\x13",
- .ilen = 63,
- .result = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb"
- "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28"
- "\x2a\xdc\xfa\x01\x84\x87\x9a\x70"
- "\x81\x75\x37\x0a\xd2\x75\xa9\xb6"
- "\x21\x72\xee\x7e\x65\x95\xe5\xcc"
- "\x01\xb7\x39\xa6\x51\x15\xca\xff"
- "\x61\xdc\x97\x38\xcc\xf4\xca\xc7"
- "\x83\x9b\x05\x11\x72\x60\xf0\xb4"
- "\x7e\x06\xab\x0a\xc0\xbb\x59\x23"
- "\xaa\x2d\xfc\x4e\x35\x05\x59",
- .rlen = 79,
- }, {
- .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e"
- "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1"
- "\x21\x87\x67\x04\x9f\x60\xbd\x1b"
- "\x6a\x84\xfc\x34\x6a\x81\x48\xfb",
- .klen = 32,
- .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5"
- "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42",
- .assoc = "",
- .alen = 0,
- .input = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3"
- "\xfd\x0f\x15\x09\x40\xc3\x24\x45"
- "\x81\x99\xf0\x67\x63\x58\x5e\x2e"
- "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c"
- "\x4b\x62\x87\x7c\x15\x38\xda\x70"
- "\x3d\xea\xe7\xf2\x40\xba\xae\x79"
- "\x8f\x48\xfc\xbf\x45\x53\x2e\x78"
- "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c",
- .ilen = 64,
- .result = "\x11\x7c\x7d\xef\xce\x29\x95\xec"
- "\x7e\x9f\x42\xa6\x26\x07\xa1\x75"
- "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa"
- "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc"
- "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20"
- "\x7b\xff\xcd\x82\x60\x84\xf4\xa5"
- "\x20\x9a\x05\x19\x5b\x02\x0a\x72"
- "\x43\x11\x26\x58\xcf\xc5\x41\xcf"
- "\x13\xcc\xde\x32\x92\xfa\x86\xf2"
- "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54",
- .rlen = 80,
- }, {
- .key = "\x90\x96\x36\xea\x03\x74\x18\x7a"
- "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7"
- "\x4b\x4a\x73\x89\xa4\x00\x3f\x34"
- "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2",
- .klen = 32,
- .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01"
- "\x3d\x7c\x6e\x52\x3d\x55\x85\x48",
- .assoc = "\xaf",
- .alen = 1,
- .input = "",
- .ilen = 0,
- .result = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe"
- "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0",
- .rlen = 16,
- }, {
- .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95"
- "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd"
- "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e"
- "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8",
- .klen = 32,
- .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c"
- "\xbe\x57\x20\xe3\x37\x7a\x48\x4f",
- .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3"
- "\xde\x8d\x4d\x07\x36\x43\x78\xd0"
- "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b"
- "\x4e\xf6\x29\xd1\x8b\x6f\x56",
- .alen = 31,
- .input = "",
- .ilen = 0,
- .result = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d"
- "\x2e\x9a\xd6\x61\x43\xc0\x74\x69",
- .rlen = 16,
- }, {
- .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1"
- "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3"
- "\xa0\xce\x8a\x91\xae\x40\x43\x68"
- "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f",
- .klen = 32,
- .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38"
- "\x3f\x31\xd2\x74\x31\x9e\x0a\x55",
- .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf"
- "\x5f\x67\xff\x99\x30\x67\x3b\xd6"
- "\x35\x2f\x90\xd3\x31\x90\x04\x74"
- "\x0f\x23\x08\xa9\x65\xce\xf6\xea",
- .alen = 32,
- .input = "",
- .ilen = 0,
- .result = "\xb9\x57\x13\x3e\x82\x31\x61\x65"
- "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2",
- .rlen = 16,
- }, {
- .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd"
- "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda"
- "\xca\x91\x96\x15\xb4\xe0\xc5\x81"
- "\x70\x3a\x77\x95\xd2\xfd\xc5\x55",
- .klen = 32,
- .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54"
- "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b",
- .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb"
- "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd"
- "\x5f\xf2\x9c\x58\x36\x30\x86\x8e"
- "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1"
- "\x01",
- .alen = 33,
- .input = "",
- .ilen = 0,
- .result = "\x81\x96\x34\xde\xbb\x36\xdd\x3e"
- "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1",
- .rlen = 16,
- }, {
- .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9"
- "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0"
- "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b"
- "\x31\x68\x56\x6e\xac\x5c\x65\x2c",
- .klen = 32,
- .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70"
- "\x41\xe5\x36\x97\x25\xe7\x90\x61",
- .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7"
- "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3"
- "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8"
- "\x92\x7f\xc5\x5a\x19\x8c\x34\x97"
- "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24"
- "\xb9\x33\x28\x18\xe1\x9d\x14\xe0"
- "\x64\xb2\x89\x7d\x78\xa8\x05\x7e"
- "\x07\x8c\xfc\x88\x2d\xb8\x53",
- .alen = 63,
- .input = "",
- .ilen = 0,
- .result = "\x2e\x99\xb6\x79\x57\x56\x80\x36"
- "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c",
- .rlen = 16,
- }, {
- .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05"
- "\xa1\x89\xbc\x04\x21\x42\x22\xe6"
- "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4"
- "\xf3\x95\x35\x46\x86\xbb\x04\x03",
- .klen = 32,
- .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c"
- "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68",
- .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13"
- "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9"
- "\xb4\x76\xb3\x60\x40\x70\x8a\xc1"
- "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e"
- "\x1e\x42\xa0\x46\x45\x9f\xc7\x22"
- "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f"
- "\x91\x19\x70\x1e\xe1\xfe\x25\x49"
- "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03",
- .alen = 64,
- .input = "",
- .ilen = 0,
- .result = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce"
- "\x3b\x89\x40\x36\xba\x6d\x0e\xa2",
- .rlen = 16,
- }, {
- .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21"
- "\x22\x63\x6e\x96\x1b\x67\xe4\xec"
- "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce"
- "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9",
- .klen = 32,
- .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7"
- "\x42\x9a\x9a\xba\x19\x30\x15\x6e",
- .assoc = "\x1a",
- .alen = 1,
- .input = "\x29",
- .ilen = 1,
- .result = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6"
- "\x17\x75\x81\x16\xdf\x26\xff\x67"
- "\x92",
- .rlen = 17,
- }, {
- .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c"
- "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2"
- "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8"
- "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0",
- .klen = 32,
- .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3"
- "\xc3\x74\x4c\x4c\x13\x54\xd8\x74",
- .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a"
- "\xe4\xaa\x79\x70\x12\x1d\x08\xf6"
- "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5"
- "\xd6\x07\x62\xe3\xa8\xa9\x12",
- .alen = 31,
- .input = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1"
- "\x04\xe1\xa6\x94\x10\xe6\x39\x77"
- "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb"
- "\x06\x13\x9a\xd9\x5e\xc0\xfa",
- .ilen = 31,
- .result = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd"
- "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda"
- "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01"
- "\x57\xe7\xf3\x7b\x73\xe7\x54\x10"
- "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6"
- "\x76\xc3\xf5\x3a\x76\xfd\x4a",
- .rlen = 47,
- }, {
- .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58"
- "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9"
- "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01"
- "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86",
- .klen = 32,
- .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf"
- "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a",
- .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66"
- "\x65\x84\x2b\x01\x0b\x42\xcb\xfc"
- "\x33\xbd\xd6\xed\x50\x50\x10\x0e"
- "\x97\x35\x41\xbb\x82\x08\xb1\xf2",
- .alen = 32,
- .input = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed"
- "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d"
- "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15"
- "\xc8\x40\x78\xb1\x38\x1f\x99\xa7",
- .ilen = 32,
- .result = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a"
- "\x71\xce\xe4\xaa\x45\x70\xe6\x84"
- "\x62\x48\x08\x64\x86\x6a\xdf\xec"
- "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4"
- "\x2b\x7b\x36\x73\xec\x54\xa9\x1e"
- "\x30\x85\xdb\xe4\xac\xe9\x2c\xca",
- .rlen = 48,
- }, {
- .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74"
- "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff"
- "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b"
- "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d",
- .klen = 32,
- .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb"
- "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81",
- .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82"
- "\xe5\x5f\xdd\x93\x05\x66\x8e\x02"
- "\x5e\x80\xe1\x71\x55\xf0\x92\x28"
- "\x59\x62\x20\x94\x5c\x67\x50\xc8"
- "\x58",
- .alen = 33,
- .input = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09"
- "\x06\x95\x0a\xb7\x04\x2f\xbe\x84"
- "\x28\x30\x64\x92\x96\x98\x72\x2e"
- "\x89\x6e\x57\x8a\x13\x7e\x38\x7e"
- "\xdb",
- .ilen = 33,
- .result = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60"
- "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34"
- "\xe9\xf8\x80\x65\x53\xd0\x72\x70"
- "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c"
- "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67"
- "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4"
- "\xc3",
- .rlen = 49,
- }, {
- .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90"
- "\x26\xcc\x36\xdc\x02\xf8\xef\x05"
- "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35"
- "\xb9\x79\x8f\x80\xc9\x96\x20\x33",
- .klen = 32,
- .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17"
- "\x46\x02\x63\x00\x01\xc1\x20\x87",
- .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e"
- "\x66\x39\x8f\x24\xff\x8a\x50\x08"
- "\x88\x42\xed\xf6\x5a\x90\x14\x42"
- "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f"
- "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15"
- "\x55\x90\xa2\x7e\x77\x94\x96\x3a"
- "\x71\x1c\xf7\x44\xee\xa8\xc3\x42"
- "\xe2\xa3\x84\x04\x0b\xe1\xce",
- .alen = 63,
- .input = "\x1b\x61\x23\x5b\x71\x26\xae\x25"
- "\x87\x6f\xbc\x49\xfe\x53\x81\x8a"
- "\x53\xf2\x70\x17\x9b\x38\xf4\x48"
- "\x4b\x9b\x36\x62\xed\xdd\xd8\x54"
- "\xea\xcb\xb6\x79\x45\xfc\xaa\x54"
- "\x5c\x94\x47\x58\xa7\xff\x9c\x9e"
- "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35"
- "\xd5\xa4\x6a\xd4\x09\xc2\x08",
- .ilen = 63,
- .result = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a"
- "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8"
- "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b"
- "\x59\xc0\x79\xbc\x17\xa0\x15\x01"
- "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3"
- "\x1b\x49\x21\x34\x23\x63\x55\x5e"
- "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c"
- "\xed\x0b\x23\xea\x9b\xda\x57\x2f"
- "\xf6\xa9\xae\x0d\x4e\x40\x96\x45"
- "\x7f\xfa\xf0\xbf\xc4\x98\x78",
- .rlen = 79,
- }, {
- .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac"
- "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b"
- "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e"
- "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a",
- .klen = 32,
- .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33"
- "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d",
- .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba"
- "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f"
- "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b"
- "\xdc\xbd\xdd\x44\x10\x25\x8f\x75"
- "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13"
- "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9"
- "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e"
- "\xb1\xa7\x1b\x44\x05\x67\xb7\x37",
- .alen = 64,
- .input = "\x58\x85\x5c\xfa\x81\xa1\x57\x40"
- "\x08\x4a\x6e\xda\xf8\x78\x44\x90"
- "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62"
- "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b"
- "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52"
- "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d"
- "\xa9\x1d\xd8\x4e\x31\x53\xab\x00"
- "\xa5\xa7\x01\x13\x04\x49\xf2\x04",
- .ilen = 64,
- .result = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1"
- "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb"
- "\x35\x35\x60\x9d\x06\x40\x65\xc1"
- "\x93\xe8\xb3\x82\x50\x29\xdd\xb5"
- "\x2b\xcb\xde\x18\x78\x6b\x42\xbe"
- "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f"
- "\x4a\x18\x98\xad\x8c\xf2\x97\xb4"
- "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06"
- "\xce\x9e\x34\x81\xf0\x89\x11\x13"
- "\x02\x65\xa1\x7c\xdf\x07\x33\x06",
- .rlen = 80,
- }, {
- .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7"
- "\x28\x80\x9a\xfe\xf6\x41\x74\x12"
- "\x48\x65\xfe\xbc\xe2\x80\x57\x68"
- "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1",
- .klen = 32,
- .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e"
- "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93",
- .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5"
- "\x68\xed\xf3\x47\xf3\xd3\xd6\x15"
- "\xdd\xc7\x04\xfe\x64\xd0\x18\x75"
- "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c"
- "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10"
- "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58"
- "\xca\xea\xc6\x87\xc0\x53\x03\xd9"
- "\x80\xaa\xb2\x83\xff\xee\xa1\x6a"
- "\x04",
- .alen = 65,
- .input = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c"
- "\x88\x24\x20\x6b\xf2\x9c\x06\x96"
- "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b"
- "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02"
- "\x07\x24\xbf\xd5\x08\x20\xd0\x4f"
- "\x90\xb3\x70\x24\x2f\x51\xc7\xbb"
- "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc"
- "\x74\xab\x97\x53\xfe\xd0\xdb\x37"
- "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3"
- "\x1b\x34\x6d\x51\x72\x2b\x17\xe7"
- "\x4d\xaa\x2c\x18\xda\xa3\x33\x89"
- "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f"
- "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0"
- "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2"
- "\x27\x7f\xe3\x34\x80\x02\x49\x4b"
- "\x07\x68\x22\x2a\x88\x25\x53\xb2"
- "\x2f",
- .ilen = 129,
- .result = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6"
- "\x85\x43\x88\xd0\xd7\x78\x60\x19"
- "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec"
- "\xf7\x84\x85\xc7\x27\x0f\x74\x57"
- "\x28\x9e\xdd\x90\x3c\x43\x12\xc5"
- "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b"
- "\x57\x04\xf1\x6d\xfe\x9b\x84\x27"
- "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49"
- "\x1a\x55\x5e\x50\x56\x4d\x94\xda"
- "\x20\xf8\x12\x54\x50\xb3\x11\xda"
- "\xed\x44\x27\x67\xd5\xd1\x8b\x4b"
- "\x38\x67\x56\x65\x59\xda\xe6\x97"
- "\x81\xae\x2f\x92\x3b\xae\x22\x1c"
- "\x91\x59\x38\x18\x00\xe8\xba\x92"
- "\x04\x19\x56\xdf\xb0\x82\xeb\x6f"
- "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90"
- "\x4c\x50\x10\x62\xba\x7a\xb1\x68"
- "\x37\xd7\x87\x4e\xe4\x66\x09\x1f"
- "\xa5",
- .rlen = 145,
- }, {
- .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3"
- "\xa9\x5a\x4c\x90\xf0\x65\x37\x18"
- "\x72\x28\x0a\x40\xe7\x20\xd9\x82"
- "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7",
- .klen = 32,
- .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a"
- "\xc9\x91\x79\xb4\xef\x2e\x68\x99",
- .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1"
- "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b"
- "\x07\x89\x10\x82\x6a\x70\x9a\x8f"
- "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22"
- "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e"
- "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7"
- "\xf7\x52\xae\x28\x29\xa8\x22\xa4"
- "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e"
- "\xce\x83\x2a\x88\x07\x55\xbb\x89"
- "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d"
- "\xac\x30\x8b\x8e\x02\xac\x00\xf1"
- "\x30\x46\xe1\xbc\x75\xbf\x49\xbb"
- "\x26\x4e\x29\xf0\x2f\x21\xc6\x13"
- "\x92\xd9\x3d\x11\xe4\x10\x00\x8e"
- "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25"
- "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c"
- "\x4b",
- .alen = 129,
- .input = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78"
- "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d"
- "\xd2\x39\x93\xa3\xab\x18\x7a\x95"
- "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8"
- "\x15\xd1\xc3\x04\x69\x32\xe3\x4d"
- "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a"
- "\x02\xeb\xa8\x90\x03\xfd\xea\x97"
- "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a"
- "\x00",
- .ilen = 65,
- .result = "\x7d\xde\x53\x22\xe4\x23\x3b\x30"
- "\x78\xde\x35\x90\x7a\xd9\x0b\x93"
- "\xf6\x0e\x0b\xed\x40\xee\x10\x9c"
- "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf"
- "\x63\x7f\x2d\x0c\xcf\x96\xec\x64"
- "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b"
- "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0"
- "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17"
- "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6"
- "\x20\x13\x83\x46\xaf\xff\xe3\x0f"
- "\x72",
- .rlen = 81,
- }, {
- .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff"
- "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e"
- "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b"
- "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e",
- .klen = 32,
- .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86"
- "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0",
- .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d"
- "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21"
- "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8"
- "\x20\x46\x7a\xce\x9f\x42\x6d\xf9",
- .alen = 32,
- .input = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94"
- "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3"
- "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf"
- "\x50\x52\xb1\xc4\x55\x59\x55\xaf",
- .ilen = 32,
- .result = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe"
- "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4"
- "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc"
- "\xbb\x51\x7e\x9c\x89\x73\xde\x4e"
- "\x24\xf8\x52\x7c\x15\x41\x0e\xba"
- "\x69\x0e\x36\x5f\x2f\x22\x8c",
- .rlen = 47,
- }, {
- .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b"
- "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24"
- "\xc7\xac\x21\x49\xf1\x60\xdd\xb5"
- "\x80\x5d\xe9\xba\x0c\x71\x3c\x64",
- .klen = 32,
- .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2"
- "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6",
- .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29"
- "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27"
- "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2"
- "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0",
- .alen = 32,
- .input = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0"
- "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9"
- "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8"
- "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85",
- .ilen = 32,
- .result = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51"
- "\xb8\xda\x92\x3c\xfd\xda\xac\x8e"
- "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1"
- "\xab\xd6\x7c\x76\xad\xea\x7d\x76"
- "\x53\xee\xb0\xcd\xd0\x02\xbb\x70"
- "\x5b\x6f\x7b\xe2\x8c\xe8",
- .rlen = 46,
- }, {
- .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37"
- "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b"
- "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf"
- "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b",
- .klen = 32,
- .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe"
- "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac",
- .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45"
- "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e"
- "\x86\xd0\x32\x0f\x79\x50\x20\xdb"
- "\xa2\xa1\x37\x7e\x53\x00\xab\xa6",
- .alen = 32,
- .input = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc"
- "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf"
- "\x51\x80\xb5\x30\xba\xf8\x00\xe2"
- "\xd3\xad\x6f\x75\x09\x18\x93\x5c",
- .ilen = 32,
- .result = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b"
- "\xe7\x68\x81\x51\xbb\xfb\xdf\x60"
- "\xbb\xac\xe8\xc1\xdc\x68\xae\x68"
- "\x3a\xcd\x7a\x06\x49\xfe\x80\x11"
- "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf",
- .rlen = 40,
- }, {
- .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53"
- "\xac\xc3\x15\xd6\xd8\xf7\x42\x31"
- "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8"
- "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11",
- .klen = 32,
- .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9"
- "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2",
- .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60"
- "\xed\x30\x6e\x1e\xd5\x89\xa3\x34"
- "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5"
- "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d",
- .alen = 32,
- .input = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7"
- "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5"
- "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc"
- "\x94\xda\x4e\x4d\xe4\x77\x32\x32",
- .ilen = 32,
- .result = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e"
- "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c"
- "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70"
- "\xc7\x4f\x96\x16\x03\xfc\xea\xfb"
- "\x56",
- .rlen = 33,
- },
-};
-
-static const struct aead_testvec morus1280_dec_tv_template[] = {
- {
- .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- .klen = 16,
- .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
- "\x20\x36\x2c\x24\xfe\xc9\x30\x81",
- .assoc = "",
- .alen = 0,
- .input = "\x91\x85\x0f\xf5\x52\x9e\xce\xce"
- "\x65\x99\xc7\xbf\xd3\x76\xe8\x98",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
- "\x80\xda\xb2\x91\xf9\x24\xc2\x06",
- .klen = 16,
- .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
- "\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
- .assoc = "",
- .alen = 0,
- .input = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13"
- "\x96\xda\x76\x34\x33\x4e\xd5\x39"
- "\x73",
- .ilen = 17,
- .result = "\x69",
- .rlen = 1,
- }, {
- .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
- "\x01\xb4\x64\x22\xf3\x48\x85\x0c",
- .klen = 16,
- .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
- "\x22\xea\x90\x47\xf2\x11\xb5\x8e",
- .assoc = "",
- .alen = 0,
- .input = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22"
- "\x75\x0b\x24\xa6\x0e\xc3\xde\x52"
- "\x97\x0b\x64\xd4\xce\x90\x52\xf7"
- "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d"
- "\xe0\x61\x33\x24\xc6\x4d\x51\xbc"
- "\xa4\x21\x74\xcf\x19\x16\x59",
- .ilen = 47,
- .result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
- "\x62\x58\xe9\x8f\xef\xa4\x17\x91"
- "\xb4\x96\x9f\x6b\xce\x38\xa5\x46"
- "\x13\x7d\x64\x93\xd7\x05\xf5",
- .rlen = 31,
- }, {
- .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
- "\x82\x8e\x16\xb4\xed\x6d\x47\x12",
- .klen = 16,
- .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
- "\xa2\xc5\x42\xd8\xec\x36\x78\x94",
- .assoc = "",
- .alen = 0,
- .input = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f"
- "\xde\x9f\x77\xb2\xda\x92\x61\x5c"
- "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06"
- "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1"
- "\x9a\xff\x50\xa0\xa2\xff\xc5\xad"
- "\x21\x8e\x84\x5c\x12\x61\xb2\xae",
- .ilen = 48,
- .result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
- "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97"
- "\xde\x58\xab\xf0\xd3\xd8\x27\x60"
- "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4",
- .rlen = 32,
- }, {
- .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
- "\x03\x68\xc8\x45\xe7\x91\x0a\x18",
- .klen = 16,
- .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
- "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
- .assoc = "",
- .alen = 0,
- .input = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17"
- "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f"
- "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f"
- "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3"
- "\x63\xef\x88\xa4\x9b\x0a\x5c\xed"
- "\x2b\x6a\xac\x63\x52\xaa\x10\x94"
- "\xd0",
- .ilen = 49,
- .result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
- "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
- "\x09\x1a\xb7\x74\xd8\x78\xa9\x79"
- "\x96\xd8\x22\x43\x8c\xc3\x34\x7b"
- "\xc4",
- .rlen = 33,
- }, {
- .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
- "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
- .klen = 16,
- .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
- "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
- .assoc = "",
- .alen = 0,
- .input = "\x7d\x61\x1a\x35\x20\xcc\x07\x88"
- "\x03\x98\x87\xcf\xc0\x6e\x4d\x19"
- "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a"
- "\x3a\x06\x77\xce\x71\x2c\xcd\xdd"
- "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc"
- "\x6c\xbe\x77\xed\x74\x0e\x20\x85"
- "\xd0\x65\xde\x24\x6f\xe3\x25\xc5"
- "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9"
- "\xe5\x81\x37\xde\x84\x7a\xf6\x84"
- "\x99\x7a\x72\x9c\x54\x31\xa1",
- .ilen = 79,
- .result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
- "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
- "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
- "\x57\x05\x01\x1c\x66\x22\xd3\x51"
- "\xd3\xdf\x18\xc9\x30\x66\xed\xb1"
- "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5"
- "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1"
- "\xe6\x16\xa2\xac\xde\x47\x40",
- .rlen = 63,
- }, {
- .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
- "\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
- .klen = 16,
- .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
- "\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
- .assoc = "",
- .alen = 0,
- .input = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c"
- "\xa5\x07\x12\xa7\x12\x39\x60\x66"
- "\x30\x81\x4a\x03\x78\x28\x45\x52"
- "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66"
- "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9"
- "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6"
- "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf"
- "\xeb\x71\x40\xc9\x2c\x40\x45\x6d"
- "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a"
- "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb",
- .ilen = 80,
- .result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
- "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
- "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
- "\x19\x33\xe0\xf4\x40\x81\x72\x28"
- "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf"
- "\xb0\x68\x69\xf2\x27\x35\x91\x84"
- "\x2e\x37\x5b\x00\x04\xff\x16\x9c"
- "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a",
- .rlen = 64,
- }, {
- .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
- "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
- .klen = 16,
- .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
- "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
- .assoc = "\xc5",
- .alen = 1,
- .input = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e"
- "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
- "\x07\xd1\x90\x8b\xcf\x23\x15\x31",
- .klen = 16,
- .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
- "\x27\x08\xbd\xaf\xce\xec\x45\xb3",
- .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
- "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
- "\xe8\x73\x62\x64\xab\x50\xd0\xda"
- "\x6b\x83\x66\xaf\x3e\x27\xc9",
- .alen = 31,
- .input = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38"
- "\x03\x12\xf9\xcc\x9e\x46\x42\x92",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
- "\x88\xab\x42\x1c\xc9\x47\xd7\x38",
- .klen = 16,
- .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
- "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
- .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
- "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
- "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
- "\x2d\xb0\x45\x87\x18\x86\x68\xf6",
- .alen = 32,
- .input = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2"
- "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
- "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
- .klen = 16,
- .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
- "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
- .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
- "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
- "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
- "\xee\xde\x23\x60\xf2\xe5\x08\xcc"
- "\x97",
- .alen = 33,
- .input = "\x28\x64\x78\x51\x55\xd8\x56\x4a"
- "\x58\x3e\xf7\xbe\xee\x21\xfe\x94",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
- "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
- .klen = 16,
- .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
- "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
- .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
- "\xca\xcd\xff\x88\xba\x22\xbe\x47"
- "\x67\xba\x85\xf1\xbb\x30\x56\x26"
- "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3"
- "\xa6\xbf\x31\x93\x60\xcd\xda\x63"
- "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb"
- "\x03\xa1\xe8\xbe\x37\x54\xec\xa2"
- "\xcd\x2c\x45\x58\xbd\x8e\x80",
- .alen = 63,
- .input = "\xb3\xa6\x00\x4e\x09\x20\xac\x21"
- "\x77\x72\x69\x76\x2d\x36\xe5\xc8",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
- "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
- .klen = 16,
- .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
- "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
- .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
- "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
- "\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
- "\x71\x39\xe1\x10\xa6\xa3\x46\x7a"
- "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60"
- "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a"
- "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d"
- "\x9c\x2f\xdb\x97\xb8\x15\x69\x01",
- .alen = 64,
- .input = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd"
- "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
- "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
- .klen = 16,
- .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
- "\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
- .assoc = "\x31",
- .alen = 1,
- .input = "\x1d\x47\x17\x34\x86\xf5\x54\x1a"
- "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9"
- "\xbf",
- .ilen = 17,
- .result = "\x40",
- .rlen = 1,
- }, {
- .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
- "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
- .klen = 16,
- .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
- "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
- .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
- "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
- "\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
- "\xf4\x94\x9f\xc1\x5a\x61\x85",
- .alen = 31,
- .input = "\x78\x90\x52\xae\x0f\xf7\x2e\xef"
- "\x63\x09\x08\x58\xb5\x56\xbd\x72"
- "\x6e\x42\xcf\x27\x04\x7c\xdb\x92"
- "\x18\xe9\xa4\x33\x90\xba\x62\xb5"
- "\x70\xd3\x88\x9b\x4f\x05\xa7\x51"
- "\x85\x87\x17\x09\x42\xed\x4e",
- .ilen = 47,
- .result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
- "\x6d\x92\x42\x61\xa7\x58\x37\xdb"
- "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a"
- "\x24\xa0\xd6\xb7\x11\x79\x6c",
- .rlen = 31,
- }, {
- .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
- "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
- .klen = 16,
- .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
- "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
- .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
- "\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
- "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
- "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
- .alen = 32,
- .input = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41"
- "\x2e\x71\xc8\x3b\x92\x43\x58\xaf"
- "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e"
- "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a"
- "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6"
- "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7",
- .ilen = 48,
- .result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
- "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2"
- "\xdb\x74\x36\x23\x11\x58\x3f\x93"
- "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3",
- .rlen = 32,
- }, {
- .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
- "\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
- .klen = 16,
- .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
- "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
- .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
- "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
- "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
- "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4"
- "\xee",
- .alen = 33,
- .input = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc"
- "\xfd\x2e\x4b\x46\x84\xff\x78\x4e"
- "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9"
- "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd"
- "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37"
- "\x08\x06\x5a\xe5\x96\x10\x95\xc2"
- "\x5e",
- .ilen = 49,
- .result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
- "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
- "\x05\x36\x42\xa7\x16\xf8\xc1\xad"
- "\xa7\xfb\x94\x68\xc5\x37\xab\x8a"
- "\x72",
- .rlen = 33,
- }, {
- .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
- "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
- .klen = 16,
- .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
- "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
- .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
- "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
- "\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
- "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa"
- "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54"
- "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45"
- "\x10\x0b\x56\x85\xad\x54\xaa\x66"
- "\xa8\x43\xcd\xd4\x9b\xb7\xfa",
- .alen = 63,
- .input = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22"
- "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f"
- "\xef\x36\x19\xae\x91\xfa\xd6\x63"
- "\x46\xea\x8a\x39\x14\x21\xa6\x37"
- "\x18\xfc\x97\x3e\x16\xa5\x4d\x39"
- "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d"
- "\x5e\xa2\xbf\xac\x83\x32\x72\x52"
- "\x58\x58\x23\x40\xfd\xa5\xc2\xe6"
- "\xe9\x5a\x50\x98\x00\x58\xc9\x86"
- "\x4f\x20\x37\xdb\x7b\x22\xa3",
- .ilen = 79,
- .result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
- "\xf0\x20\x58\x15\x95\xc6\x7f\xee"
- "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
- "\x68\x28\x73\x40\x9f\x96\x4a\x60"
- "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93"
- "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8"
- "\x1b\xa5\x50\xed\x87\xa9\x72\x59"
- "\x9c\x44\xb2\xa4\x99\x98\x34",
- .rlen = 63,
- }, {
- .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
- "\x10\x57\x85\x39\x93\x8f\xaf\x70",
- .klen = 16,
- .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
- "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
- .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
- "\x50\xc4\xde\x82\x90\x21\x11\x73"
- "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
- "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81"
- "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51"
- "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4"
- "\x3d\x72\x3e\x26\x16\xa9\xca\x32"
- "\x77\x47\x63\x14\x95\x3d\xe4\x34",
- .alen = 64,
- .input = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb"
- "\x23\xec\x35\xe3\xae\xc9\xfb\x0b"
- "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b"
- "\x39\xda\x8b\x48\xec\xb2\x00\x4e"
- "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35"
- "\xea\x5a\xbc\xa2\x36\xa5\x89\x45"
- "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56"
- "\xec\x99\x7d\x61\xb3\x15\x93\xed"
- "\x83\x1e\xd9\x48\x84\x0b\x37\xfe"
- "\x95\x74\x44\xd5\x54\xa6\x27\x06",
- .ilen = 80,
- .result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
- "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
- "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
- "\x29\x56\x52\x19\x79\xf5\xe9\x37"
- "\x8f\xa1\x50\x23\x22\x4f\xe3\x91"
- "\xe9\x21\x5e\xbf\x52\x23\x95\x37"
- "\x48\x0c\x38\x8f\xf0\xff\x92\x24"
- "\x6b\x47\x49\xe3\x94\x1f\x1e\x01",
- .rlen = 64,
- }, {
- .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
- "\x91\x31\x37\xcb\x8d\xb3\x72\x76",
- .klen = 16,
- .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
- "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
- .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
- "\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
- "\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
- "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
- "\x1a\x22\x53\x05\x6b\x5c\x71\x4f"
- "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63"
- "\x6a\xda\x26\xc8\x7f\xff\xea\xfd"
- "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68"
- "\x58",
- .alen = 65,
- .input = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9"
- "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb"
- "\x52\xb5\xb3\xab\x50\x99\x3f\xa0"
- "\x38\xa4\x74\xa5\x04\x15\x63\x05"
- "\x8f\x54\x81\x06\x5a\x6b\xa4\x63"
- "\x6d\xa7\x21\xcb\xff\x42\x30\x8e"
- "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3"
- "\x42\x01\xe6\xbc\x75\x15\x87\xee"
- "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f"
- "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0"
- "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b"
- "\x72\xef\x94\x8d\x7a\x85\x56\xe5"
- "\x56\x08\x15\x56\xba\xaf\xbd\xf0"
- "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9"
- "\x1c\x3b\x28\x51\x7e\x77\xb2\x18"
- "\x4f\x61\x64\x37\x22\x36\x6d\x78"
- "\xed\xed\x35\xe8\x83\xa5\xec\x25"
- "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc"
- "\x20",
- .ilen = 145,
- .result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
- "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
- "\x84\x7d\x65\x34\x25\xd8\x47\xfa"
- "\xeb\x83\x31\xf1\x54\x54\x89\x0d"
- "\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
- "\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
- "\x75\x73\x20\x30\x59\x54\xb2\xf0"
- "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
- "\x8a\xdf\x27\xa0\xe4\x60\x99\xae"
- "\x8e\x43\xd9\x39\x7b\x10\x40\x67"
- "\x5c\x7e\xc9\x70\x63\x34\xca\x59"
- "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d"
- "\x6a\x41\x64\x6f\x16\x7f\x65\x7e"
- "\x89\x84\x68\xeb\xb0\x51\xbe\x55"
- "\x33\x16\x59\x6c\x3b\xef\x88\xad"
- "\x2f\xab\xbc\x25\x76\x87\x41\x2f"
- "\x36",
- .rlen = 129,
- }, {
- .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
- "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
- .klen = 16,
- .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
- "\x32\x42\x15\x80\x85\xa1\x65\xfe",
- .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
- "\x52\x79\x42\xa5\x84\x6a\x96\x7f"
- "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
- "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
- "\x28\xce\x57\x34\xcd\x6e\x84\x4c"
- "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
- "\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
- "\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
- "\x21\xf7\x42\x89\xac\x12\x2a\x54"
- "\x69\xee\x18\xc7\x8d\xed\xe8\xfd"
- "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1"
- "\x04\x2d\xa9\xa1\x24\x83\xff\xe9"
- "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1"
- "\xd9\x1e\x75\x72\xc1\x9f\xae\x32"
- "\xe1\x6b\xcd\x9e\x61\x19\x23\x86"
- "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9"
- "\x51",
- .alen = 129,
- .input = "\x36\x78\xb9\x22\xde\x62\x35\x55"
- "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82"
- "\x01\xe9\x5a\x07\xea\x46\xaf\x91"
- "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2"
- "\xdb\xd2\x9d\x59\xde\xfc\x83\x00"
- "\xf5\x46\xac\x97\xd5\x57\xa9\xb9"
- "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c"
- "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4"
- "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19"
- "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf"
- "\xa2",
- .ilen = 81,
- .result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
- "\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
- "\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
- "\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
- "\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
- "\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
- "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
- "\x09\x4f\x77\x62\x88\x2d\xf2\x68"
- "\x54",
- .rlen = 65,
- }, {
- .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
- "\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
- .klen = 16,
- .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
- "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
- .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
- "\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
- "\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
- "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
- .alen = 32,
- .input = "\x08\x1b\x95\x0e\x41\x95\x02\x4b"
- "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e"
- "\x89\x14\x33\x70\x0a\xbc\xea\x39"
- "\x88\xaa\x2b\xd5\x73\x11\x55\xf5"
- "\x33\x33\x9c\xd7\x42\x34\x49\x8e"
- "\x2f\x03\x30\x05\x47\xaf\x34",
- .ilen = 47,
- .result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
- "\xf3\x89\x20\x5b\x7c\x57\x89\x07"
- "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d"
- "\x6e\xde\xee\xa2\x08\x12\xc7\xba",
- .rlen = 32,
- }, {
- .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
- "\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
- .klen = 16,
- .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
- "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
- .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
- "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
- "\x39\x14\x05\xa0\xf3\x10\xec\x41"
- "\xff\x01\x95\x84\x2b\x59\x7f\xdb",
- .alen = 32,
- .input = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68"
- "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6"
- "\x25\xd8\xf7\x1f\x10\x15\x48\x61"
- "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6"
- "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98"
- "\xb9\x9c\xe5\xef\xf2\x05",
- .ilen = 46,
- .result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
- "\x74\x63\xd2\xec\x76\x7c\x4c\x0d"
- "\x03\xc4\x88\xc1\x35\xb8\xcd\x47"
- "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91",
- .rlen = 32,
- }, {
- .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
- "\x95\x9a\xff\x10\x75\x45\x7d\x8f",
- .klen = 16,
- .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
- "\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
- .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
- "\xd5\x07\x58\x59\x72\xd7\xde\x92"
- "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
- "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
- .alen = 32,
- .input = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d"
- "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf"
- "\x1a\x5a\x70\x15\x5a\x10\x40\x51"
- "\xca\x47\x4c\x9d\xc9\x97\xf4\x77"
- "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f",
- .ilen = 40,
- .result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
- "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13"
- "\x2e\x86\x93\x45\x3a\x58\x4f\x61"
- "\xf0\x3a\xac\x53\xbc\xd0\x06\x68",
- .rlen = 32,
- }, {
- .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
- "\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
- .klen = 16,
- .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
- "\x36\xab\xde\xc6\x6d\x32\x70\x17",
- .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
- "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98"
- "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74"
- "\x81\x5c\x53\x35\xe0\x17\xbd\x88",
- .alen = 32,
- .input = "\xf1\x62\x44\xc7\x5f\x19\xca\x43"
- "\x47\x2c\xaf\x68\x82\xbd\x51\xef"
- "\x3d\x65\xd8\x45\x2d\x06\x07\x78"
- "\x08\x2e\xb3\x23\xcd\x81\x12\x55"
- "\x1a",
- .ilen = 33,
- .result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
- "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a"
- "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a"
- "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e",
- .rlen = 32,
- }, {
- .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7"
- "\x96\x4e\x63\x33\x69\x8d\x02\x9b"
- "\x23\xf9\x22\xeb\x80\xa0\xb1\x81"
- "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4",
- .klen = 32,
- .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e"
- "\xb7\x85\x90\x58\x67\x57\x33\x1d",
- .assoc = "",
- .alen = 0,
- .input = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf"
- "\xb9\xd2\x41\xf6\x80\xa1\x52\x70",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3"
- "\x17\x29\x15\xc5\x63\xb2\xc5\xa1"
- "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a"
- "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca",
- .klen = 32,
- .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a"
- "\x38\x5f\x42\xe9\x61\x7b\xf5\x23",
- .assoc = "",
- .alen = 0,
- .input = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7"
- "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78"
- "\x53",
- .ilen = 17,
- .result = "\x53",
- .rlen = 1,
- }, {
- .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef"
- "\x98\x03\xc7\x56\x5d\xd6\x87\xa8"
- "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4"
- "\x65\xce\x80\xd2\x01\x05\xcb\xa1",
- .klen = 32,
- .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75"
- "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29",
- .assoc = "",
- .alen = 0,
- .input = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07"
- "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37"
- "\xa5\x64\x31\x5c\xca\x73\x9b\x43"
- "\xe6\x70\x63\x46\x95\xcb\xf7\xb5"
- "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9"
- "\xb8\x4d\x11\x42\xd1\xf8\xf1",
- .ilen = 47,
- .result = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83"
- "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c"
- "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7"
- "\xf6\xf0\x27\xb4\x25\x4c\x83",
- .rlen = 31,
- }, {
- .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a"
- "\x19\xdd\x79\xe8\x57\xfb\x4a\xae"
- "\xa2\x40\x45\x77\x90\x80\x37\xce"
- "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77",
- .klen = 32,
- .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91"
- "\x39\x14\xa6\x0c\x55\xc4\x7b\x30",
- .assoc = "",
- .alen = 0,
- .input = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37"
- "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f"
- "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a"
- "\xfb\x07\x7a\x82\xb5\xe4\x85\x26"
- "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f"
- "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6",
- .ilen = 48,
- .result = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f"
- "\x7a\x81\xff\x55\x52\x56\xdc\x33"
- "\x01\x52\xcd\xdb\x53\x78\xd9\xe1"
- "\xb7\x1d\x06\x8d\xff\xab\x22\x98",
- .rlen = 32,
- }, {
- .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26"
- "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4"
- "\xcc\x03\x50\xfc\x95\x20\xb9\xe7"
- "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e",
- .klen = 32,
- .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad"
- "\xba\xee\x58\x9d\x4f\xe8\x3d\x36",
- .assoc = "",
- .alen = 0,
- .input = "\xc2\xf4\x40\x55\xf9\x59\xff\x73"
- "\x08\xf5\x98\x92\x0c\x7b\x35\x9a"
- "\xa8\xf4\x42\x7e\x6f\x93\xca\x22"
- "\x23\x06\x1e\xf8\x89\x22\xf4\x46"
- "\x7c\x7c\x67\x75\xab\xe5\x75\xaa"
- "\x15\xd7\x83\x19\xfd\x31\x59\x5b"
- "\x32",
- .ilen = 49,
- .result = "\x08\x84\x34\x44\x9f\xde\x1c\xbb"
- "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39"
- "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb"
- "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f"
- "\x2e",
- .rlen = 33,
- }, {
- .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42"
- "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba"
- "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01"
- "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25",
- .klen = 32,
- .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9"
- "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c",
- .assoc = "",
- .alen = 0,
- .input = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb"
- "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28"
- "\x2a\xdc\xfa\x01\x84\x87\x9a\x70"
- "\x81\x75\x37\x0a\xd2\x75\xa9\xb6"
- "\x21\x72\xee\x7e\x65\x95\xe5\xcc"
- "\x01\xb7\x39\xa6\x51\x15\xca\xff"
- "\x61\xdc\x97\x38\xcc\xf4\xca\xc7"
- "\x83\x9b\x05\x11\x72\x60\xf0\xb4"
- "\x7e\x06\xab\x0a\xc0\xbb\x59\x23"
- "\xaa\x2d\xfc\x4e\x35\x05\x59",
- .ilen = 79,
- .result = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7"
- "\x7c\x35\x63\x77\x46\x9f\x61\x3f"
- "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14"
- "\x3a\x79\xc4\x3e\xb3\x69\x61\x46"
- "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73"
- "\x22\xda\x52\x8b\x7d\x11\x98\xea"
- "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad"
- "\x20\x76\x5a\xdc\x4e\x71\x13",
- .rlen = 63,
- }, {
- .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e"
- "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1"
- "\x21\x87\x67\x04\x9f\x60\xbd\x1b"
- "\x6a\x84\xfc\x34\x6a\x81\x48\xfb",
- .klen = 32,
- .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5"
- "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42",
- .assoc = "",
- .alen = 0,
- .input = "\x11\x7c\x7d\xef\xce\x29\x95\xec"
- "\x7e\x9f\x42\xa6\x26\x07\xa1\x75"
- "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa"
- "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc"
- "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20"
- "\x7b\xff\xcd\x82\x60\x84\xf4\xa5"
- "\x20\x9a\x05\x19\x5b\x02\x0a\x72"
- "\x43\x11\x26\x58\xcf\xc5\x41\xcf"
- "\x13\xcc\xde\x32\x92\xfa\x86\xf2"
- "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54",
- .ilen = 80,
- .result = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3"
- "\xfd\x0f\x15\x09\x40\xc3\x24\x45"
- "\x81\x99\xf0\x67\x63\x58\x5e\x2e"
- "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c"
- "\x4b\x62\x87\x7c\x15\x38\xda\x70"
- "\x3d\xea\xe7\xf2\x40\xba\xae\x79"
- "\x8f\x48\xfc\xbf\x45\x53\x2e\x78"
- "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c",
- .rlen = 64,
- }, {
- .key = "\x90\x96\x36\xea\x03\x74\x18\x7a"
- "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7"
- "\x4b\x4a\x73\x89\xa4\x00\x3f\x34"
- "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2",
- .klen = 32,
- .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01"
- "\x3d\x7c\x6e\x52\x3d\x55\x85\x48",
- .assoc = "\xaf",
- .alen = 1,
- .input = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe"
- "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95"
- "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd"
- "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e"
- "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8",
- .klen = 32,
- .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c"
- "\xbe\x57\x20\xe3\x37\x7a\x48\x4f",
- .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3"
- "\xde\x8d\x4d\x07\x36\x43\x78\xd0"
- "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b"
- "\x4e\xf6\x29\xd1\x8b\x6f\x56",
- .alen = 31,
- .input = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d"
- "\x2e\x9a\xd6\x61\x43\xc0\x74\x69",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1"
- "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3"
- "\xa0\xce\x8a\x91\xae\x40\x43\x68"
- "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f",
- .klen = 32,
- .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38"
- "\x3f\x31\xd2\x74\x31\x9e\x0a\x55",
- .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf"
- "\x5f\x67\xff\x99\x30\x67\x3b\xd6"
- "\x35\x2f\x90\xd3\x31\x90\x04\x74"
- "\x0f\x23\x08\xa9\x65\xce\xf6\xea",
- .alen = 32,
- .input = "\xb9\x57\x13\x3e\x82\x31\x61\x65"
- "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd"
- "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda"
- "\xca\x91\x96\x15\xb4\xe0\xc5\x81"
- "\x70\x3a\x77\x95\xd2\xfd\xc5\x55",
- .klen = 32,
- .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54"
- "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b",
- .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb"
- "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd"
- "\x5f\xf2\x9c\x58\x36\x30\x86\x8e"
- "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1"
- "\x01",
- .alen = 33,
- .input = "\x81\x96\x34\xde\xbb\x36\xdd\x3e"
- "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9"
- "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0"
- "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b"
- "\x31\x68\x56\x6e\xac\x5c\x65\x2c",
- .klen = 32,
- .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70"
- "\x41\xe5\x36\x97\x25\xe7\x90\x61",
- .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7"
- "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3"
- "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8"
- "\x92\x7f\xc5\x5a\x19\x8c\x34\x97"
- "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24"
- "\xb9\x33\x28\x18\xe1\x9d\x14\xe0"
- "\x64\xb2\x89\x7d\x78\xa8\x05\x7e"
- "\x07\x8c\xfc\x88\x2d\xb8\x53",
- .alen = 63,
- .input = "\x2e\x99\xb6\x79\x57\x56\x80\x36"
- "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05"
- "\xa1\x89\xbc\x04\x21\x42\x22\xe6"
- "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4"
- "\xf3\x95\x35\x46\x86\xbb\x04\x03",
- .klen = 32,
- .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c"
- "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68",
- .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13"
- "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9"
- "\xb4\x76\xb3\x60\x40\x70\x8a\xc1"
- "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e"
- "\x1e\x42\xa0\x46\x45\x9f\xc7\x22"
- "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f"
- "\x91\x19\x70\x1e\xe1\xfe\x25\x49"
- "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03",
- .alen = 64,
- .input = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce"
- "\x3b\x89\x40\x36\xba\x6d\x0e\xa2",
- .ilen = 16,
- .result = "",
- .rlen = 0,
- }, {
- .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21"
- "\x22\x63\x6e\x96\x1b\x67\xe4\xec"
- "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce"
- "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9",
- .klen = 32,
- .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7"
- "\x42\x9a\x9a\xba\x19\x30\x15\x6e",
- .assoc = "\x1a",
- .alen = 1,
- .input = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6"
- "\x17\x75\x81\x16\xdf\x26\xff\x67"
- "\x92",
- .ilen = 17,
- .result = "\x29",
- .rlen = 1,
- }, {
- .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c"
- "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2"
- "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8"
- "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0",
- .klen = 32,
- .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3"
- "\xc3\x74\x4c\x4c\x13\x54\xd8\x74",
- .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a"
- "\xe4\xaa\x79\x70\x12\x1d\x08\xf6"
- "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5"
- "\xd6\x07\x62\xe3\xa8\xa9\x12",
- .alen = 31,
- .input = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd"
- "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda"
- "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01"
- "\x57\xe7\xf3\x7b\x73\xe7\x54\x10"
- "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6"
- "\x76\xc3\xf5\x3a\x76\xfd\x4a",
- .ilen = 47,
- .result = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1"
- "\x04\xe1\xa6\x94\x10\xe6\x39\x77"
- "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb"
- "\x06\x13\x9a\xd9\x5e\xc0\xfa",
- .rlen = 31,
- }, {
- .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58"
- "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9"
- "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01"
- "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86",
- .klen = 32,
- .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf"
- "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a",
- .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66"
- "\x65\x84\x2b\x01\x0b\x42\xcb\xfc"
- "\x33\xbd\xd6\xed\x50\x50\x10\x0e"
- "\x97\x35\x41\xbb\x82\x08\xb1\xf2",
- .alen = 32,
- .input = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a"
- "\x71\xce\xe4\xaa\x45\x70\xe6\x84"
- "\x62\x48\x08\x64\x86\x6a\xdf\xec"
- "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4"
- "\x2b\x7b\x36\x73\xec\x54\xa9\x1e"
- "\x30\x85\xdb\xe4\xac\xe9\x2c\xca",
- .ilen = 48,
- .result = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed"
- "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d"
- "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15"
- "\xc8\x40\x78\xb1\x38\x1f\x99\xa7",
- .rlen = 32,
- }, {
- .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74"
- "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff"
- "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b"
- "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d",
- .klen = 32,
- .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb"
- "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81",
- .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82"
- "\xe5\x5f\xdd\x93\x05\x66\x8e\x02"
- "\x5e\x80\xe1\x71\x55\xf0\x92\x28"
- "\x59\x62\x20\x94\x5c\x67\x50\xc8"
- "\x58",
- .alen = 33,
- .input = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60"
- "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34"
- "\xe9\xf8\x80\x65\x53\xd0\x72\x70"
- "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c"
- "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67"
- "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4"
- "\xc3",
- .ilen = 49,
- .result = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09"
- "\x06\x95\x0a\xb7\x04\x2f\xbe\x84"
- "\x28\x30\x64\x92\x96\x98\x72\x2e"
- "\x89\x6e\x57\x8a\x13\x7e\x38\x7e"
- "\xdb",
- .rlen = 33,
- }, {
- .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90"
- "\x26\xcc\x36\xdc\x02\xf8\xef\x05"
- "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35"
- "\xb9\x79\x8f\x80\xc9\x96\x20\x33",
- .klen = 32,
- .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17"
- "\x46\x02\x63\x00\x01\xc1\x20\x87",
- .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e"
- "\x66\x39\x8f\x24\xff\x8a\x50\x08"
- "\x88\x42\xed\xf6\x5a\x90\x14\x42"
- "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f"
- "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15"
- "\x55\x90\xa2\x7e\x77\x94\x96\x3a"
- "\x71\x1c\xf7\x44\xee\xa8\xc3\x42"
- "\xe2\xa3\x84\x04\x0b\xe1\xce",
- .alen = 63,
- .input = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a"
- "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8"
- "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b"
- "\x59\xc0\x79\xbc\x17\xa0\x15\x01"
- "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3"
- "\x1b\x49\x21\x34\x23\x63\x55\x5e"
- "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c"
- "\xed\x0b\x23\xea\x9b\xda\x57\x2f"
- "\xf6\xa9\xae\x0d\x4e\x40\x96\x45"
- "\x7f\xfa\xf0\xbf\xc4\x98\x78",
- .ilen = 79,
- .result = "\x1b\x61\x23\x5b\x71\x26\xae\x25"
- "\x87\x6f\xbc\x49\xfe\x53\x81\x8a"
- "\x53\xf2\x70\x17\x9b\x38\xf4\x48"
- "\x4b\x9b\x36\x62\xed\xdd\xd8\x54"
- "\xea\xcb\xb6\x79\x45\xfc\xaa\x54"
- "\x5c\x94\x47\x58\xa7\xff\x9c\x9e"
- "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35"
- "\xd5\xa4\x6a\xd4\x09\xc2\x08",
- .rlen = 63,
- }, {
- .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac"
- "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b"
- "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e"
- "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a",
- .klen = 32,
- .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33"
- "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d",
- .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba"
- "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f"
- "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b"
- "\xdc\xbd\xdd\x44\x10\x25\x8f\x75"
- "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13"
- "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9"
- "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e"
- "\xb1\xa7\x1b\x44\x05\x67\xb7\x37",
- .alen = 64,
- .input = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1"
- "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb"
- "\x35\x35\x60\x9d\x06\x40\x65\xc1"
- "\x93\xe8\xb3\x82\x50\x29\xdd\xb5"
- "\x2b\xcb\xde\x18\x78\x6b\x42\xbe"
- "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f"
- "\x4a\x18\x98\xad\x8c\xf2\x97\xb4"
- "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06"
- "\xce\x9e\x34\x81\xf0\x89\x11\x13"
- "\x02\x65\xa1\x7c\xdf\x07\x33\x06",
- .ilen = 80,
- .result = "\x58\x85\x5c\xfa\x81\xa1\x57\x40"
- "\x08\x4a\x6e\xda\xf8\x78\x44\x90"
- "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62"
- "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b"
- "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52"
- "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d"
- "\xa9\x1d\xd8\x4e\x31\x53\xab\x00"
- "\xa5\xa7\x01\x13\x04\x49\xf2\x04",
- .rlen = 64,
- }, {
- .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7"
- "\x28\x80\x9a\xfe\xf6\x41\x74\x12"
- "\x48\x65\xfe\xbc\xe2\x80\x57\x68"
- "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1",
- .klen = 32,
- .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e"
- "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93",
- .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5"
- "\x68\xed\xf3\x47\xf3\xd3\xd6\x15"
- "\xdd\xc7\x04\xfe\x64\xd0\x18\x75"
- "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c"
- "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10"
- "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58"
- "\xca\xea\xc6\x87\xc0\x53\x03\xd9"
- "\x80\xaa\xb2\x83\xff\xee\xa1\x6a"
- "\x04",
- .alen = 65,
- .input = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6"
- "\x85\x43\x88\xd0\xd7\x78\x60\x19"
- "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec"
- "\xf7\x84\x85\xc7\x27\x0f\x74\x57"
- "\x28\x9e\xdd\x90\x3c\x43\x12\xc5"
- "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b"
- "\x57\x04\xf1\x6d\xfe\x9b\x84\x27"
- "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49"
- "\x1a\x55\x5e\x50\x56\x4d\x94\xda"
- "\x20\xf8\x12\x54\x50\xb3\x11\xda"
- "\xed\x44\x27\x67\xd5\xd1\x8b\x4b"
- "\x38\x67\x56\x65\x59\xda\xe6\x97"
- "\x81\xae\x2f\x92\x3b\xae\x22\x1c"
- "\x91\x59\x38\x18\x00\xe8\xba\x92"
- "\x04\x19\x56\xdf\xb0\x82\xeb\x6f"
- "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90"
- "\x4c\x50\x10\x62\xba\x7a\xb1\x68"
- "\x37\xd7\x87\x4e\xe4\x66\x09\x1f"
- "\xa5",
- .ilen = 145,
- .result = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c"
- "\x88\x24\x20\x6b\xf2\x9c\x06\x96"
- "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b"
- "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02"
- "\x07\x24\xbf\xd5\x08\x20\xd0\x4f"
- "\x90\xb3\x70\x24\x2f\x51\xc7\xbb"
- "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc"
- "\x74\xab\x97\x53\xfe\xd0\xdb\x37"
- "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3"
- "\x1b\x34\x6d\x51\x72\x2b\x17\xe7"
- "\x4d\xaa\x2c\x18\xda\xa3\x33\x89"
- "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f"
- "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0"
- "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2"
- "\x27\x7f\xe3\x34\x80\x02\x49\x4b"
- "\x07\x68\x22\x2a\x88\x25\x53\xb2"
- "\x2f",
- .rlen = 129,
- }, {
- .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3"
- "\xa9\x5a\x4c\x90\xf0\x65\x37\x18"
- "\x72\x28\x0a\x40\xe7\x20\xd9\x82"
- "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7",
- .klen = 32,
- .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a"
- "\xc9\x91\x79\xb4\xef\x2e\x68\x99",
- .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1"
- "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b"
- "\x07\x89\x10\x82\x6a\x70\x9a\x8f"
- "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22"
- "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e"
- "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7"
- "\xf7\x52\xae\x28\x29\xa8\x22\xa4"
- "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e"
- "\xce\x83\x2a\x88\x07\x55\xbb\x89"
- "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d"
- "\xac\x30\x8b\x8e\x02\xac\x00\xf1"
- "\x30\x46\xe1\xbc\x75\xbf\x49\xbb"
- "\x26\x4e\x29\xf0\x2f\x21\xc6\x13"
- "\x92\xd9\x3d\x11\xe4\x10\x00\x8e"
- "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25"
- "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c"
- "\x4b",
- .alen = 129,
- .input = "\x7d\xde\x53\x22\xe4\x23\x3b\x30"
- "\x78\xde\x35\x90\x7a\xd9\x0b\x93"
- "\xf6\x0e\x0b\xed\x40\xee\x10\x9c"
- "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf"
- "\x63\x7f\x2d\x0c\xcf\x96\xec\x64"
- "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b"
- "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0"
- "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17"
- "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6"
- "\x20\x13\x83\x46\xaf\xff\xe3\x0f"
- "\x72",
- .ilen = 81,
- .result = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78"
- "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d"
- "\xd2\x39\x93\xa3\xab\x18\x7a\x95"
- "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8"
- "\x15\xd1\xc3\x04\x69\x32\xe3\x4d"
- "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a"
- "\x02\xeb\xa8\x90\x03\xfd\xea\x97"
- "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a"
- "\x00",
- .rlen = 65,
- }, {
- .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff"
- "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e"
- "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b"
- "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e",
- .klen = 32,
- .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86"
- "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0",
- .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d"
- "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21"
- "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8"
- "\x20\x46\x7a\xce\x9f\x42\x6d\xf9",
- .alen = 32,
- .input = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe"
- "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4"
- "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc"
- "\xbb\x51\x7e\x9c\x89\x73\xde\x4e"
- "\x24\xf8\x52\x7c\x15\x41\x0e\xba"
- "\x69\x0e\x36\x5f\x2f\x22\x8c",
- .ilen = 47,
- .result = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94"
- "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3"
- "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf"
- "\x50\x52\xb1\xc4\x55\x59\x55\xaf",
- .rlen = 32,
- }, {
- .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b"
- "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24"
- "\xc7\xac\x21\x49\xf1\x60\xdd\xb5"
- "\x80\x5d\xe9\xba\x0c\x71\x3c\x64",
- .klen = 32,
- .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2"
- "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6",
- .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29"
- "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27"
- "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2"
- "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0",
- .alen = 32,
- .input = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51"
- "\xb8\xda\x92\x3c\xfd\xda\xac\x8e"
- "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1"
- "\xab\xd6\x7c\x76\xad\xea\x7d\x76"
- "\x53\xee\xb0\xcd\xd0\x02\xbb\x70"
- "\x5b\x6f\x7b\xe2\x8c\xe8",
- .ilen = 46,
- .result = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0"
- "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9"
- "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8"
- "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85",
- .rlen = 32,
- }, {
- .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37"
- "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b"
- "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf"
- "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b",
- .klen = 32,
- .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe"
- "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac",
- .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45"
- "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e"
- "\x86\xd0\x32\x0f\x79\x50\x20\xdb"
- "\xa2\xa1\x37\x7e\x53\x00\xab\xa6",
- .alen = 32,
- .input = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b"
- "\xe7\x68\x81\x51\xbb\xfb\xdf\x60"
- "\xbb\xac\xe8\xc1\xdc\x68\xae\x68"
- "\x3a\xcd\x7a\x06\x49\xfe\x80\x11"
- "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf",
- .ilen = 40,
- .result = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc"
- "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf"
- "\x51\x80\xb5\x30\xba\xf8\x00\xe2"
- "\xd3\xad\x6f\x75\x09\x18\x93\x5c",
- .rlen = 32,
- }, {
- .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53"
- "\xac\xc3\x15\xd6\xd8\xf7\x42\x31"
- "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8"
- "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11",
- .klen = 32,
- .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9"
- "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2",
- .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60"
- "\xed\x30\x6e\x1e\xd5\x89\xa3\x34"
- "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5"
- "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d",
- .alen = 32,
- .input = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e"
- "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c"
- "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70"
- "\xc7\x4f\x96\x16\x03\xfc\xea\xfb"
- "\x56",
- .ilen = 33,
- .result = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7"
- "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5"
- "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc"
- "\x94\xda\x4e\x4d\xe4\x77\x32\x32",
- .rlen = 32,
+ .clen = 24,
},
};
@@ -25352,7 +19506,7 @@
.ctext = "\xf6\x85\x94\x81\x6f\x64\xca\xa3"
"\xf5\x6f\xab\xea\x25\x48\xf5\xfb",
.len = 16,
- .iv = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d",
+ .iv_out = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d",
.generates_iv = true,
}, {
.key = "\x80\xaa\x99\x73\x27\xa4\x80\x6b"
@@ -25365,7 +19519,7 @@
.ctext = "\xd3\x3d\x3d\x97\x7b\xf0\xa9\x15"
"\x59\xf9\x9c\x8a\xcd\x29\x3d\x43",
.len = 16,
- .iv = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1",
+ .iv_out = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1",
.generates_iv = true,
},
};
@@ -26444,9 +20598,6 @@
"\x4F\xFE\x24\x9C\x9A\x02\xE5\x57"
"\xF5\xBC\x25\xD6\x02\x56\x57\x1C",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -26456,6 +20607,7 @@
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
+ .iv_out = "\x1D\x18\x66\x44\x5B\x8F\x14\xEB",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -26581,9 +20733,6 @@
"\x15\x5F\xDB\xE9\xB1\x83\xD2\xE6"
"\x1D\x18\x66\x44\x5B\x8F\x14\xEB",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -26593,6 +20742,7 @@
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x62",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A",
@@ -26605,6 +20755,7 @@
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x9D",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -26730,9 +20881,6 @@
"\x8C\x98\xDB\xDE\xFC\x72\x94\xAA"
"\xC0\x0D\x96\xAA\x23\xF8\xFE\x13",
.len = 496,
- .also_non_np = 1,
- .np = 3,
- .tap = { 496 - 20, 4, 16 },
},
};
@@ -26993,6 +21141,8 @@
.key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe",
.klen = 16,
+ .iv_out = "\x86\xd8\xb5\x6f\x98\x5e\x8a\x66"
+ "\x4f\x1f\x78\xa1\xbb\x37\xf1\xbe",
.ptext = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
@@ -27009,6 +21159,8 @@
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35",
.klen = 40,
+ .iv_out = "\xa2\xbc\x06\x98\xc6\x4b\xda\x75"
+ "\x2e\xaa\xbe\x58\xce\x01\x5b\xc7",
.ptext = "\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
@@ -27105,20 +21257,6 @@
"\x19\x89\x09\x1c\x2a\x8e\x8c\x94"
"\xfc\xc7\x68\xe4\x88\xaa\xde\x0f",
.len = 48,
- }, { /* split-page version */
- .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
- .klen = 8,
- .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
- .ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
- .ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c"
- "\x01\x88\x7f\x3e\x31\x6e\x62\x9d"
- "\xd8\xe0\x57\xa3\x06\x3a\x42\x58"
- "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0"
- "\x19\x89\x09\x1c\x2a\x8e\x8c\x94"
- "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f",
- .len = 48,
- .np = 2,
- .tap = { 20, 28 },
}
};
@@ -27415,9 +21553,6 @@
"\xF8\xB2\xAA\x7A\xD6\xFF\xFA\x55"
"\x33\x1A\xBB\xD3\xA2\x7E\x97\x66",
.len = 1008,
- .also_non_np = 1,
- .np = 3,
- .tap = { 1008 - 20, 4, 16 },
},
};
@@ -27428,6 +21563,8 @@
.klen = 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
+ .iv_out = "\xea\x32\x12\x76\x3b\x50\x10\xe7"
+ "\x18\xf6\xfd\x5d\xf6\x8f\x13\x51",
.ptext = "Single block msg",
.ctext = "\xea\x32\x12\x76\x3b\x50\x10\xe7"
"\x18\xf6\xfd\x5d\xf6\x8f\x13\x51",
@@ -27438,6 +21575,8 @@
.klen = 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
+ .iv_out = "\x19\xb4\x3e\x57\x1c\x02\x5e\xa0"
+ "\x15\x78\xe0\x5e\xf2\xcb\x87\x16",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
@@ -27455,6 +21594,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\x55\x01\xD4\x58\xB2\xF2\x85\x49"
+ "\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -27708,9 +21849,6 @@
"\x55\x01\xD4\x58\xB2\xF2\x85\x49"
"\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C",
.len = 1008,
- .also_non_np = 1,
- .np = 3,
- .tap = { 1008 - 20, 4, 16 },
},
};
@@ -27723,6 +21861,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -27856,6 +21996,8 @@
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
+ .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
+ "\xC4\x29\x8E\xF3\x35\x9A\xFF\xA4",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -28111,9 +22253,6 @@
"\xE7\x2C\x49\x08\x8B\x72\xFA\x5C"
"\xF1\x6B\xD9",
.len = 1011,
- .also_non_np = 1,
- .np = 2,
- .tap = { 1011 - 16, 16 },
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
@@ -28122,6 +22261,8 @@
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
+ .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x3C",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
@@ -28616,9 +22757,6 @@
"\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9"
"\x5a\xa8\x92\x7f\xba\xe6\x0c\x95",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -28953,9 +23091,6 @@
"\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e"
"\xd5\xc6\x99\xcc\x4e\x6c\x94\x95",
.len = 512,
- .also_non_np = 1,
- .np = 3,
- .tap = { 512 - 20, 4, 16 },
},
};
@@ -30159,8 +24294,6 @@
"\x87\x13\xc6\x5b\x59\x8d\xf2\xc8"
"\xaf\xdf\x11\x95",
.len = 4100,
- .np = 2,
- .tap = { 4064, 36 },
},
};
@@ -30293,9 +24426,6 @@
"\x5b\x86\x2f\x37\x30\xe3\x7c\xfd"
"\xc4\xfd\x80\x6c\x22\xf2\x21",
.len = 375,
- .also_non_np = 1,
- .np = 3,
- .tap = { 375 - 20, 4, 16 },
}, { /* RFC7539 A.2. Test Vector #3 */
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
@@ -30669,12 +24799,4627 @@
"\xa1\xed\xad\xd5\x76\xfa\x24\x8f"
"\x98",
.len = 1281,
- .also_non_np = 1,
- .np = 3,
- .tap = { 1200, 1, 80 },
},
};
+static const struct cipher_testvec xchacha20_tv_template[] = {
+ { /* from libsodium test/default/xchacha20.c */
+ .key = "\x79\xc9\x97\x98\xac\x67\x30\x0b"
+ "\xbb\x27\x04\xc9\x5c\x34\x1e\x32"
+ "\x45\xf3\xdc\xb2\x17\x61\xb9\x8e"
+ "\x52\xff\x45\xb2\x4f\x30\x4f\xc4",
+ .klen = 32,
+ .iv = "\xb3\x3f\xfd\x30\x96\x47\x9b\xcf"
+ "\xbc\x9a\xee\x49\x41\x76\x88\xa0"
+ "\xa2\x55\x4f\x8d\x95\x38\x94\x19"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00",
+ .ctext = "\xc6\xe9\x75\x81\x60\x08\x3a\xc6"
+ "\x04\xef\x90\xe7\x12\xce\x6e\x75"
+ "\xd7\x79\x75\x90\x74\x4e\x0c\xf0"
+ "\x60\xf0\x13\x73\x9c",
+ .len = 29,
+ }, { /* from libsodium test/default/xchacha20.c */
+ .key = "\x9d\x23\xbd\x41\x49\xcb\x97\x9c"
+ "\xcf\x3c\x5c\x94\xdd\x21\x7e\x98"
+ "\x08\xcb\x0e\x50\xcd\x0f\x67\x81"
+ "\x22\x35\xea\xaf\x60\x1d\x62\x32",
+ .klen = 32,
+ .iv = "\xc0\x47\x54\x82\x66\xb7\xc3\x70"
+ "\xd3\x35\x66\xa2\x42\x5c\xbf\x30"
+ "\xd8\x2d\x1e\xaf\x52\x94\x10\x9e"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00",
+ .ctext = "\xa2\x12\x09\x09\x65\x94\xde\x8c"
+ "\x56\x67\xb1\xd1\x3a\xd9\x3f\x74"
+ "\x41\x06\xd0\x54\xdf\x21\x0e\x47"
+ "\x82\xcd\x39\x6f\xec\x69\x2d\x35"
+ "\x15\xa2\x0b\xf3\x51\xee\xc0\x11"
+ "\xa9\x2c\x36\x78\x88\xbc\x46\x4c"
+ "\x32\xf0\x80\x7a\xcd\x6c\x20\x3a"
+ "\x24\x7e\x0d\xb8\x54\x14\x84\x68"
+ "\xe9\xf9\x6b\xee\x4c\xf7\x18\xd6"
+ "\x8d\x5f\x63\x7c\xbd\x5a\x37\x64"
+ "\x57\x78\x8e\x6f\xae\x90\xfc\x31"
+ "\x09\x7c\xfc",
+ .len = 91,
+ }, { /* Taken from the ChaCha20 test vectors, appended 12 random bytes
+ to the nonce, zero-padded the stream position from 4 to 8 bytes,
+ and recomputed the ciphertext using libsodium's XChaCha20 */
+ .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x67\xc6\x69\x73"
+ "\x51\xff\x4a\xec\x29\xcd\xba\xab"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ctext = "\x9c\x49\x2a\xe7\x8a\x2f\x93\xc7"
+ "\xb3\x33\x6f\x82\x17\xd8\xc4\x1e"
+ "\xad\x80\x11\x11\x1d\x4c\x16\x18"
+ "\x07\x73\x9b\x4f\xdb\x7c\xcb\x47"
+ "\xfd\xef\x59\x74\xfa\x3f\xe5\x4c"
+ "\x9b\xd0\xea\xbc\xba\x56\xad\x32"
+ "\x03\xdc\xf8\x2b\xc1\xe1\x75\x67"
+ "\x23\x7b\xe6\xfc\xd4\x03\x86\x54",
+ .len = 64,
+ }, { /* Derived from a ChaCha20 test vector, via the process above */
+ .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x01",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x02\xf2\xfb\xe3\x46"
+ "\x7c\xc2\x54\xf8\x1b\xe8\xe7\x8d"
+ "\x01\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
+ "\x69\x73\x73\x69\x6f\x6e\x20\x74"
+ "\x6f\x20\x74\x68\x65\x20\x49\x45"
+ "\x54\x46\x20\x69\x6e\x74\x65\x6e"
+ "\x64\x65\x64\x20\x62\x79\x20\x74"
+ "\x68\x65\x20\x43\x6f\x6e\x74\x72"
+ "\x69\x62\x75\x74\x6f\x72\x20\x66"
+ "\x6f\x72\x20\x70\x75\x62\x6c\x69"
+ "\x63\x61\x74\x69\x6f\x6e\x20\x61"
+ "\x73\x20\x61\x6c\x6c\x20\x6f\x72"
+ "\x20\x70\x61\x72\x74\x20\x6f\x66"
+ "\x20\x61\x6e\x20\x49\x45\x54\x46"
+ "\x20\x49\x6e\x74\x65\x72\x6e\x65"
+ "\x74\x2d\x44\x72\x61\x66\x74\x20"
+ "\x6f\x72\x20\x52\x46\x43\x20\x61"
+ "\x6e\x64\x20\x61\x6e\x79\x20\x73"
+ "\x74\x61\x74\x65\x6d\x65\x6e\x74"
+ "\x20\x6d\x61\x64\x65\x20\x77\x69"
+ "\x74\x68\x69\x6e\x20\x74\x68\x65"
+ "\x20\x63\x6f\x6e\x74\x65\x78\x74"
+ "\x20\x6f\x66\x20\x61\x6e\x20\x49"
+ "\x45\x54\x46\x20\x61\x63\x74\x69"
+ "\x76\x69\x74\x79\x20\x69\x73\x20"
+ "\x63\x6f\x6e\x73\x69\x64\x65\x72"
+ "\x65\x64\x20\x61\x6e\x20\x22\x49"
+ "\x45\x54\x46\x20\x43\x6f\x6e\x74"
+ "\x72\x69\x62\x75\x74\x69\x6f\x6e"
+ "\x22\x2e\x20\x53\x75\x63\x68\x20"
+ "\x73\x74\x61\x74\x65\x6d\x65\x6e"
+ "\x74\x73\x20\x69\x6e\x63\x6c\x75"
+ "\x64\x65\x20\x6f\x72\x61\x6c\x20"
+ "\x73\x74\x61\x74\x65\x6d\x65\x6e"
+ "\x74\x73\x20\x69\x6e\x20\x49\x45"
+ "\x54\x46\x20\x73\x65\x73\x73\x69"
+ "\x6f\x6e\x73\x2c\x20\x61\x73\x20"
+ "\x77\x65\x6c\x6c\x20\x61\x73\x20"
+ "\x77\x72\x69\x74\x74\x65\x6e\x20"
+ "\x61\x6e\x64\x20\x65\x6c\x65\x63"
+ "\x74\x72\x6f\x6e\x69\x63\x20\x63"
+ "\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
+ "\x74\x69\x6f\x6e\x73\x20\x6d\x61"
+ "\x64\x65\x20\x61\x74\x20\x61\x6e"
+ "\x79\x20\x74\x69\x6d\x65\x20\x6f"
+ "\x72\x20\x70\x6c\x61\x63\x65\x2c"
+ "\x20\x77\x68\x69\x63\x68\x20\x61"
+ "\x72\x65\x20\x61\x64\x64\x72\x65"
+ "\x73\x73\x65\x64\x20\x74\x6f",
+ .ctext = "\xf9\xab\x7a\x4a\x60\xb8\x5f\xa0"
+ "\x50\xbb\x57\xce\xef\x8c\xc1\xd9"
+ "\x24\x15\xb3\x67\x5e\x7f\x01\xf6"
+ "\x1c\x22\xf6\xe5\x71\xb1\x43\x64"
+ "\x63\x05\xd5\xfc\x5c\x3d\xc0\x0e"
+ "\x23\xef\xd3\x3b\xd9\xdc\x7f\xa8"
+ "\x58\x26\xb3\xd0\xc2\xd5\x04\x3f"
+ "\x0a\x0e\x8f\x17\xe4\xcd\xf7\x2a"
+ "\xb4\x2c\x09\xe4\x47\xec\x8b\xfb"
+ "\x59\x37\x7a\xa1\xd0\x04\x7e\xaa"
+ "\xf1\x98\x5f\x24\x3d\x72\x9a\x43"
+ "\xa4\x36\x51\x92\x22\x87\xff\x26"
+ "\xce\x9d\xeb\x59\x78\x84\x5e\x74"
+ "\x97\x2e\x63\xc0\xef\x29\xf7\x8a"
+ "\xb9\xee\x35\x08\x77\x6a\x35\x9a"
+ "\x3e\xe6\x4f\x06\x03\x74\x1b\xc1"
+ "\x5b\xb3\x0b\x89\x11\x07\xd3\xb7"
+ "\x53\xd6\x25\x04\xd9\x35\xb4\x5d"
+ "\x4c\x33\x5a\xc2\x42\x4c\xe6\xa4"
+ "\x97\x6e\x0e\xd2\xb2\x8b\x2f\x7f"
+ "\x28\xe5\x9f\xac\x4b\x2e\x02\xab"
+ "\x85\xfa\xa9\x0d\x7c\x2d\x10\xe6"
+ "\x91\xab\x55\x63\xf0\xde\x3a\x94"
+ "\x25\x08\x10\x03\xc2\x68\xd1\xf4"
+ "\xaf\x7d\x9c\x99\xf7\x86\x96\x30"
+ "\x60\xfc\x0b\xe6\xa8\x80\x15\xb0"
+ "\x81\xb1\x0c\xbe\xb9\x12\x18\x25"
+ "\xe9\x0e\xb1\xe7\x23\xb2\xef\x4a"
+ "\x22\x8f\xc5\x61\x89\xd4\xe7\x0c"
+ "\x64\x36\x35\x61\xb6\x34\x60\xf7"
+ "\x7b\x61\x37\x37\x12\x10\xa2\xf6"
+ "\x7e\xdb\x7f\x39\x3f\xb6\x8e\x89"
+ "\x9e\xf3\xfe\x13\x98\xbb\x66\x5a"
+ "\xec\xea\xab\x3f\x9c\x87\xc4\x8c"
+ "\x8a\x04\x18\x49\xfc\x77\x11\x50"
+ "\x16\xe6\x71\x2b\xee\xc0\x9c\xb6"
+ "\x87\xfd\x80\xff\x0b\x1d\x73\x38"
+ "\xa4\x1d\x6f\xae\xe4\x12\xd7\x93"
+ "\x9d\xcd\x38\x26\x09\x40\x52\xcd"
+ "\x67\x01\x67\x26\xe0\x3e\x98\xa8"
+ "\xe8\x1a\x13\x41\xbb\x90\x4d\x87"
+ "\xbb\x42\x82\x39\xce\x3a\xd0\x18"
+ "\x6d\x7b\x71\x8f\xbb\x2c\x6a\xd1"
+ "\xbd\xf5\xc7\x8a\x7e\xe1\x1e\x0f"
+ "\x0d\x0d\x13\x7c\xd9\xd8\x3c\x91"
+ "\xab\xff\x1f\x12\xc3\xee\xe5\x65"
+ "\x12\x8d\x7b\x61\xe5\x1f\x98",
+ .len = 375,
+
+ }, { /* Derived from a ChaCha20 test vector, via the process above */
+ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
+ "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
+ "\x47\x39\x17\xc1\x40\x2b\x80\x09"
+ "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x02\x76\x5a\x2e\x63"
+ "\x33\x9f\xc9\x9a\x66\x32\x0d\xb7"
+ "\x2a\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
+ "\x69\x6c\x6c\x69\x67\x2c\x20\x61"
+ "\x6e\x64\x20\x74\x68\x65\x20\x73"
+ "\x6c\x69\x74\x68\x79\x20\x74\x6f"
+ "\x76\x65\x73\x0a\x44\x69\x64\x20"
+ "\x67\x79\x72\x65\x20\x61\x6e\x64"
+ "\x20\x67\x69\x6d\x62\x6c\x65\x20"
+ "\x69\x6e\x20\x74\x68\x65\x20\x77"
+ "\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
+ "\x20\x6d\x69\x6d\x73\x79\x20\x77"
+ "\x65\x72\x65\x20\x74\x68\x65\x20"
+ "\x62\x6f\x72\x6f\x67\x6f\x76\x65"
+ "\x73\x2c\x0a\x41\x6e\x64\x20\x74"
+ "\x68\x65\x20\x6d\x6f\x6d\x65\x20"
+ "\x72\x61\x74\x68\x73\x20\x6f\x75"
+ "\x74\x67\x72\x61\x62\x65\x2e",
+ .ctext = "\x95\xb9\x51\xe7\x8f\xb4\xa4\x03"
+ "\xca\x37\xcc\xde\x60\x1d\x8c\xe2"
+ "\xf1\xbb\x8a\x13\x7f\x61\x85\xcc"
+ "\xad\xf4\xf0\xdc\x86\xa6\x1e\x10"
+ "\xbc\x8e\xcb\x38\x2b\xa5\xc8\x8f"
+ "\xaa\x03\x3d\x53\x4a\x42\xb1\x33"
+ "\xfc\xd3\xef\xf0\x8e\x7e\x10\x9c"
+ "\x6f\x12\x5e\xd4\x96\xfe\x5b\x08"
+ "\xb6\x48\xf0\x14\x74\x51\x18\x7c"
+ "\x07\x92\xfc\xac\x9d\xf1\x94\xc0"
+ "\xc1\x9d\xc5\x19\x43\x1f\x1d\xbb"
+ "\x07\xf0\x1b\x14\x25\x45\xbb\xcb"
+ "\x5c\xe2\x8b\x28\xf3\xcf\x47\x29"
+ "\x27\x79\x67\x24\xa6\x87\xc2\x11"
+ "\x65\x03\xfa\x45\xf7\x9e\x53\x7a"
+ "\x99\xf1\x82\x25\x4f\x8d\x07",
+ .len = 127,
+ }, { /* Derived from a ChaCha20 test vector, via the process above */
+ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
+ "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
+ "\x47\x39\x17\xc1\x40\x2b\x80\x09"
+ "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x01\x31\x58\xa3\x5a"
+ "\x25\x5d\x05\x17\x58\xe9\x5e\xd4"
+ "\x1c\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
+ "\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
+ "\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
+ "\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
+ "\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
+ "\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
+ "\x01\xc6\x67\xda\x03\x91\x18\x90"
+ "\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
+ "\x74\x92\xd3\x53\x47\xc8\xdd\x25"
+ "\x53\x6c\x02\x03\x87\x0d\x11\x0c"
+ "\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
+ "\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
+ "\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
+ "\x33\x97\xc3\x77\xba\xc5\x70\xde"
+ "\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
+ "\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
+ "\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
+ "\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
+ "\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
+ "\x79\x49\x41\xf4\x58\x18\xcb\x86"
+ "\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
+ "\x75\xeb\x88\x84\x40\x3c\xad\x4f"
+ "\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
+ "\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
+ "\x78\xf6\x79\xa1\x59\x47\x12\x4e"
+ "\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
+ "\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
+ "\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
+ "\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
+ "\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
+ "\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
+ "\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
+ "\xf4\xe6\x33\x43\x84\x93\xa5\x67"
+ "\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
+ "\x24\x74\x75\x7f\x95\x81\xb7\x30"
+ "\x7a\x33\xa7\xf7\x94\x87\x32\x27"
+ "\x10\x5d\x14\x4c\x43\x29\xdd\x26"
+ "\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
+ "\xea\x6b\x64\xfd\x73\xc6\xed\xec"
+ "\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
+ "\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
+ "\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
+ "\xec\xca\x60\x09\x4c\x6a\xd5\x09"
+ "\x49\x46\x00\x88\x22\x8d\xce\xea"
+ "\xb1\x17\x11\xde\x42\xd2\x23\xc1"
+ "\x72\x11\xf5\x50\x73\x04\x40\x47"
+ "\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
+ "\x3f\x58\xc1\x52\xab\x12\x67\x9d"
+ "\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
+ "\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
+ "\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
+ "\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
+ "\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
+ "\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
+ "\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
+ "\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
+ "\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
+ "\x8b\x10\x67\xa3\x01\x57\x94\x25"
+ "\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
+ "\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
+ "\x58\xb1\x47\x90\xfe\x42\x21\x72"
+ "\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
+ "\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
+ "\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
+ "\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
+ "\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
+ "\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
+ "\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
+ "\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
+ "\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
+ "\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
+ "\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
+ "\x65\x69\x8a\x45\x29\xef\x74\x85"
+ "\xde\x79\xc7\x08\xae\x30\xb0\xf4"
+ "\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
+ "\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
+ "\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
+ "\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
+ "\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
+ "\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
+ "\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
+ "\x97\x82\x14\xfb\xaa\x04\x22\xfa"
+ "\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
+ "\x78\x33\x5a\x7c\xad\xdb\x29\xce"
+ "\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
+ "\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
+ "\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
+ "\x10\x26\x38\x07\xe5\xc7\x36\x80"
+ "\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
+ "\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
+ "\x1e\x7c\xad\x73\x78\x18\x63\xe0"
+ "\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
+ "\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
+ "\x83\x66\x80\x47\x80\xe8\xfd\x35"
+ "\x1c\x97\x6f\xae\x49\x10\x66\xcc"
+ "\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
+ "\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
+ "\x25\x94\x10\x5f\x40\x00\x64\x99"
+ "\xdc\xae\xd7\x21\x09\x78\x50\x15"
+ "\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
+ "\x87\x6e\x6d\xab\xde\x08\x51\x16"
+ "\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
+ "\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
+ "\xb6\x98\x37\xb2\x43\xed\xde\xdf"
+ "\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
+ "\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
+ "\x80\x55\xc9\x34\x91\xd1\x59\xe8"
+ "\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
+ "\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
+ "\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
+ "\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
+ "\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
+ "\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
+ "\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
+ "\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
+ "\x82\x6b\x37\x04\xeb\x74\xbe\x79"
+ "\xb9\x83\x90\xef\x20\x59\x46\xff"
+ "\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
+ "\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
+ "\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
+ "\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
+ "\xb1\xb9\x07\x6d\x16\x72\xae\x46"
+ "\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
+ "\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
+ "\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
+ "\x94\x97\xea\xdd\x58\x9e\xae\x76"
+ "\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
+ "\xf7\x32\x87\xcd\x93\xbf\x11\x56"
+ "\x11\xbe\x08\x74\xe1\x69\xad\xe2"
+ "\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
+ "\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
+ "\x35\xea\x5d\x85\x81\xaf\x85\xeb"
+ "\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
+ "\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
+ "\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
+ "\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
+ "\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
+ "\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
+ "\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
+ "\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
+ "\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
+ "\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
+ "\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
+ "\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
+ "\x06\x52\x95\x52\xb2\xe9\x25\x2e"
+ "\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
+ "\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
+ "\xac\xf3\x13\x53\x27\x45\xaf\x64"
+ "\x46\xdc\xea\x23\xda\x97\xd1\xab"
+ "\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
+ "\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
+ "\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
+ "\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
+ "\xca\x34\x83\x27\x10\x5b\x68\x45"
+ "\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
+ "\xe3\xc0\x66\x05\x42\x91\x5f\x58"
+ "\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
+ "\x04\xa9\x08\x4b\x57\xfc\x67\x53"
+ "\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
+ "\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
+ "\x72",
+ .ctext = "\x3a\x92\xee\x53\x31\xaf\x2b\x60"
+ "\x5f\x55\x8d\x00\x5d\xfc\x74\x97"
+ "\x28\x54\xf4\xa5\x75\xf1\x9b\x25"
+ "\x62\x1c\xc0\xe0\x13\xc8\x87\x53"
+ "\xd0\xf3\xa7\x97\x1f\x3b\x1e\xea"
+ "\xe0\xe5\x2a\xd1\xdd\xa4\x3b\x50"
+ "\x45\xa3\x0d\x7e\x1b\xc9\xa0\xad"
+ "\xb9\x2c\x54\xa6\xc7\x55\x16\xd0"
+ "\xc5\x2e\x02\x44\x35\xd0\x7e\x67"
+ "\xf2\xc4\x9b\xcd\x95\x10\xcc\x29"
+ "\x4b\xfa\x86\x87\xbe\x40\x36\xbe"
+ "\xe1\xa3\x52\x89\x55\x20\x9b\xc2"
+ "\xab\xf2\x31\x34\x16\xad\xc8\x17"
+ "\x65\x24\xc0\xff\x12\x37\xfe\x5a"
+ "\x62\x3b\x59\x47\x6c\x5f\x3a\x8e"
+ "\x3b\xd9\x30\xc8\x7f\x2f\x88\xda"
+ "\x80\xfd\x02\xda\x7f\x9a\x7a\x73"
+ "\x59\xc5\x34\x09\x9a\x11\xcb\xa7"
+ "\xfc\xf6\xa1\xa0\x60\xfb\x43\xbb"
+ "\xf1\xe9\xd7\xc6\x79\x27\x4e\xff"
+ "\x22\xb4\x24\xbf\x76\xee\x47\xb9"
+ "\x6d\x3f\x8b\xb0\x9c\x3c\x43\xdd"
+ "\xff\x25\x2e\x6d\xa4\x2b\xfb\x5d"
+ "\x1b\x97\x6c\x55\x0a\x82\x7a\x7b"
+ "\x94\x34\xc2\xdb\x2f\x1f\xc1\xea"
+ "\xd4\x4d\x17\x46\x3b\x51\x69\x09"
+ "\xe4\x99\x32\x25\xfd\x94\xaf\xfb"
+ "\x10\xf7\x4f\xdd\x0b\x3c\x8b\x41"
+ "\xb3\x6a\xb7\xd1\x33\xa8\x0c\x2f"
+ "\x62\x4c\x72\x11\xd7\x74\xe1\x3b"
+ "\x38\x43\x66\x7b\x6c\x36\x48\xe7"
+ "\xe3\xe7\x9d\xb9\x42\x73\x7a\x2a"
+ "\x89\x20\x1a\x41\x80\x03\xf7\x8f"
+ "\x61\x78\x13\xbf\xfe\x50\xf5\x04"
+ "\x52\xf9\xac\x47\xf8\x62\x4b\xb2"
+ "\x24\xa9\xbf\x64\xb0\x18\x69\xd2"
+ "\xf5\xe4\xce\xc8\xb1\x87\x75\xd6"
+ "\x2c\x24\x79\x00\x7d\x26\xfb\x44"
+ "\xe7\x45\x7a\xee\x58\xa5\x83\xc1"
+ "\xb4\x24\xab\x23\x2f\x4d\xd7\x4f"
+ "\x1c\xc7\xaa\xa9\x50\xf4\xa3\x07"
+ "\x12\x13\x89\x74\xdc\x31\x6a\xb2"
+ "\xf5\x0f\x13\x8b\xb9\xdb\x85\x1f"
+ "\xf5\xbc\x88\xd9\x95\xea\x31\x6c"
+ "\x36\x60\xb6\x49\xdc\xc4\xf7\x55"
+ "\x3f\x21\xc1\xb5\x92\x18\x5e\xbc"
+ "\x9f\x87\x7f\xe7\x79\x25\x40\x33"
+ "\xd6\xb9\x33\xd5\x50\xb3\xc7\x89"
+ "\x1b\x12\xa0\x46\xdd\xa7\xd8\x3e"
+ "\x71\xeb\x6f\x66\xa1\x26\x0c\x67"
+ "\xab\xb2\x38\x58\x17\xd8\x44\x3b"
+ "\x16\xf0\x8e\x62\x8d\x16\x10\x00"
+ "\x32\x8b\xef\xb9\x28\xd3\xc5\xad"
+ "\x0a\x19\xa2\xe4\x03\x27\x7d\x94"
+ "\x06\x18\xcd\xd6\x27\x00\xf9\x1f"
+ "\xb6\xb3\xfe\x96\x35\x5f\xc4\x1c"
+ "\x07\x62\x10\x79\x68\x50\xf1\x7e"
+ "\x29\xe7\xc4\xc4\xe7\xee\x54\xd6"
+ "\x58\x76\x84\x6d\x8d\xe4\x59\x31"
+ "\xe9\xf4\xdc\xa1\x1f\xe5\x1a\xd6"
+ "\xe6\x64\x46\xf5\x77\x9c\x60\x7a"
+ "\x5e\x62\xe3\x0a\xd4\x9f\x7a\x2d"
+ "\x7a\xa5\x0a\x7b\x29\x86\x7a\x74"
+ "\x74\x71\x6b\xca\x7d\x1d\xaa\xba"
+ "\x39\x84\x43\x76\x35\xfe\x4f\x9b"
+ "\xbb\xbb\xb5\x6a\x32\xb5\x5d\x41"
+ "\x51\xf0\x5b\x68\x03\x47\x4b\x8a"
+ "\xca\x88\xf6\x37\xbd\x73\x51\x70"
+ "\x66\xfe\x9e\x5f\x21\x9c\xf3\xdd"
+ "\xc3\xea\x27\xf9\x64\x94\xe1\x19"
+ "\xa0\xa9\xab\x60\xe0\x0e\xf7\x78"
+ "\x70\x86\xeb\xe0\xd1\x5c\x05\xd3"
+ "\xd7\xca\xe0\xc0\x47\x47\x34\xee"
+ "\x11\xa3\xa3\x54\x98\xb7\x49\x8e"
+ "\x84\x28\x70\x2c\x9e\xfb\x55\x54"
+ "\x4d\xf8\x86\xf7\x85\x7c\xbd\xf3"
+ "\x17\xd8\x47\xcb\xac\xf4\x20\x85"
+ "\x34\x66\xad\x37\x2d\x5e\x52\xda"
+ "\x8a\xfe\x98\x55\x30\xe7\x2d\x2b"
+ "\x19\x10\x8e\x7b\x66\x5e\xdc\xe0"
+ "\x45\x1f\x7b\xb4\x08\xfb\x8f\xf6"
+ "\x8c\x89\x21\x34\x55\x27\xb2\x76"
+ "\xb2\x07\xd9\xd6\x68\x9b\xea\x6b"
+ "\x2d\xb4\xc4\x35\xdd\xd2\x79\xae"
+ "\xc7\xd6\x26\x7f\x12\x01\x8c\xa7"
+ "\xe3\xdb\xa8\xf4\xf7\x2b\xec\x99"
+ "\x11\x00\xf1\x35\x8c\xcf\xd5\xc9"
+ "\xbd\x91\x36\x39\x70\xcf\x7d\x70"
+ "\x47\x1a\xfc\x6b\x56\xe0\x3f\x9c"
+ "\x60\x49\x01\x72\xa9\xaf\x2c\x9c"
+ "\xe8\xab\xda\x8c\x14\x19\xf3\x75"
+ "\x07\x17\x9d\x44\x67\x7a\x2e\xef"
+ "\xb7\x83\x35\x4a\xd1\x3d\x1c\x84"
+ "\x32\xdd\xaa\xea\xca\x1d\xdc\x72"
+ "\x2c\xcc\x43\xcd\x5d\xe3\x21\xa4"
+ "\xd0\x8a\x4b\x20\x12\xa3\xd5\x86"
+ "\x76\x96\xff\x5f\x04\x57\x0f\xe6"
+ "\xba\xe8\x76\x50\x0c\x64\x1d\x83"
+ "\x9c\x9b\x9a\x9a\x58\x97\x9c\x5c"
+ "\xb4\xa4\xa6\x3e\x19\xeb\x8f\x5a"
+ "\x61\xb2\x03\x7b\x35\x19\xbe\xa7"
+ "\x63\x0c\xfd\xdd\xf9\x90\x6c\x08"
+ "\x19\x11\xd3\x65\x4a\xf5\x96\x92"
+ "\x59\xaa\x9c\x61\x0c\x29\xa7\xf8"
+ "\x14\x39\x37\xbf\x3c\xf2\x16\x72"
+ "\x02\xfa\xa2\xf3\x18\x67\x5d\xcb"
+ "\xdc\x4d\xbb\x96\xff\x70\x08\x2d"
+ "\xc2\xa8\x52\xe1\x34\x5f\x72\xfe"
+ "\x64\xbf\xca\xa7\x74\x38\xfb\x74"
+ "\x55\x9c\xfa\x8a\xed\xfb\x98\xeb"
+ "\x58\x2e\x6c\xe1\x52\x76\x86\xd7"
+ "\xcf\xa1\xa4\xfc\xb2\x47\x41\x28"
+ "\xa3\xc1\xe5\xfd\x53\x19\x28\x2b"
+ "\x37\x04\x65\x96\x99\x7a\x28\x0f"
+ "\x07\x68\x4b\xc7\x52\x0a\x55\x35"
+ "\x40\x19\x95\x61\xe8\x59\x40\x1f"
+ "\x9d\xbf\x78\x7d\x8f\x84\xff\x6f"
+ "\xd0\xd5\x63\xd2\x22\xbd\xc8\x4e"
+ "\xfb\xe7\x9f\x06\xe6\xe7\x39\x6d"
+ "\x6a\x96\x9f\xf0\x74\x7e\xc9\x35"
+ "\xb7\x26\xb8\x1c\x0a\xa6\x27\x2c"
+ "\xa2\x2b\xfe\xbe\x0f\x07\x73\xae"
+ "\x7f\x7f\x54\xf5\x7c\x6a\x0a\x56"
+ "\x49\xd4\x81\xe5\x85\x53\x99\x1f"
+ "\x95\x05\x13\x58\x8d\x0e\x1b\x90"
+ "\xc3\x75\x48\x64\x58\x98\x67\x84"
+ "\xae\xe2\x21\xa2\x8a\x04\x0a\x0b"
+ "\x61\xaa\xb0\xd4\x28\x60\x7a\xf8"
+ "\xbc\x52\xfb\x24\x7f\xed\x0d\x2a"
+ "\x0a\xb2\xf9\xc6\x95\xb5\x11\xc9"
+ "\xf4\x0f\x26\x11\xcf\x2a\x57\x87"
+ "\x7a\xf3\xe7\x94\x65\xc2\xb5\xb3"
+ "\xab\x98\xe3\xc1\x2b\x59\x19\x7c"
+ "\xd6\xf3\xf9\xbf\xff\x6d\xc6\x82"
+ "\x13\x2f\x4a\x2e\xcd\x26\xfe\x2d"
+ "\x01\x70\xf4\xc2\x7f\x1f\x4c\xcb"
+ "\x47\x77\x0c\xa0\xa3\x03\xec\xda"
+ "\xa9\xbf\x0d\x2d\xae\xe4\xb8\x7b"
+ "\xa9\xbc\x08\xb4\x68\x2e\xc5\x60"
+ "\x8d\x87\x41\x2b\x0f\x69\xf0\xaf"
+ "\x5f\xba\x72\x20\x0f\x33\xcd\x6d"
+ "\x36\x7d\x7b\xd5\x05\xf1\x4b\x05"
+ "\xc4\xfc\x7f\x80\xb9\x4d\xbd\xf7"
+ "\x7c\x84\x07\x01\xc2\x40\x66\x5b"
+ "\x98\xc7\x2c\xe3\x97\xfa\xdf\x87"
+ "\xa0\x1f\xe9\x21\x42\x0f\x3b\xeb"
+ "\x89\x1c\x3b\xca\x83\x61\x77\x68"
+ "\x84\xbb\x60\x87\x38\x2e\x25\xd5"
+ "\x9e\x04\x41\x70\xac\xda\xc0\x9c"
+ "\x9c\x69\xea\x8d\x4e\x55\x2a\x29"
+ "\xed\x05\x4b\x7b\x73\x71\x90\x59"
+ "\x4d\xc8\xd8\x44\xf0\x4c\xe1\x5e"
+ "\x84\x47\x55\xcc\x32\x3f\xe7\x97"
+ "\x42\xc6\x32\xac\x40\xe5\xa5\xc7"
+ "\x8b\xed\xdb\xf7\x83\xd6\xb1\xc2"
+ "\x52\x5e\x34\xb7\xeb\x6e\xd9\xfc"
+ "\xe5\x93\x9a\x97\x3e\xb0\xdc\xd9"
+ "\xd7\x06\x10\xb6\x1d\x80\x59\xdd"
+ "\x0d\xfe\x64\x35\xcd\x5d\xec\xf0"
+ "\xba\xd0\x34\xc9\x2d\x91\xc5\x17"
+ "\x11",
+ .len = 1281,
+ }, { /* test vector from https://tools.ietf.org/html/draft-arciszewski-xchacha-02#appendix-A.3.2 */
+ .key = "\x80\x81\x82\x83\x84\x85\x86\x87"
+ "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
+ "\x90\x91\x92\x93\x94\x95\x96\x97"
+ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
+ .klen = 32,
+ .iv = "\x40\x41\x42\x43\x44\x45\x46\x47"
+ "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
+ "\x50\x51\x52\x53\x54\x55\x56\x58"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x54\x68\x65\x20\x64\x68\x6f\x6c"
+ "\x65\x20\x28\x70\x72\x6f\x6e\x6f"
+ "\x75\x6e\x63\x65\x64\x20\x22\x64"
+ "\x6f\x6c\x65\x22\x29\x20\x69\x73"
+ "\x20\x61\x6c\x73\x6f\x20\x6b\x6e"
+ "\x6f\x77\x6e\x20\x61\x73\x20\x74"
+ "\x68\x65\x20\x41\x73\x69\x61\x74"
+ "\x69\x63\x20\x77\x69\x6c\x64\x20"
+ "\x64\x6f\x67\x2c\x20\x72\x65\x64"
+ "\x20\x64\x6f\x67\x2c\x20\x61\x6e"
+ "\x64\x20\x77\x68\x69\x73\x74\x6c"
+ "\x69\x6e\x67\x20\x64\x6f\x67\x2e"
+ "\x20\x49\x74\x20\x69\x73\x20\x61"
+ "\x62\x6f\x75\x74\x20\x74\x68\x65"
+ "\x20\x73\x69\x7a\x65\x20\x6f\x66"
+ "\x20\x61\x20\x47\x65\x72\x6d\x61"
+ "\x6e\x20\x73\x68\x65\x70\x68\x65"
+ "\x72\x64\x20\x62\x75\x74\x20\x6c"
+ "\x6f\x6f\x6b\x73\x20\x6d\x6f\x72"
+ "\x65\x20\x6c\x69\x6b\x65\x20\x61"
+ "\x20\x6c\x6f\x6e\x67\x2d\x6c\x65"
+ "\x67\x67\x65\x64\x20\x66\x6f\x78"
+ "\x2e\x20\x54\x68\x69\x73\x20\x68"
+ "\x69\x67\x68\x6c\x79\x20\x65\x6c"
+ "\x75\x73\x69\x76\x65\x20\x61\x6e"
+ "\x64\x20\x73\x6b\x69\x6c\x6c\x65"
+ "\x64\x20\x6a\x75\x6d\x70\x65\x72"
+ "\x20\x69\x73\x20\x63\x6c\x61\x73"
+ "\x73\x69\x66\x69\x65\x64\x20\x77"
+ "\x69\x74\x68\x20\x77\x6f\x6c\x76"
+ "\x65\x73\x2c\x20\x63\x6f\x79\x6f"
+ "\x74\x65\x73\x2c\x20\x6a\x61\x63"
+ "\x6b\x61\x6c\x73\x2c\x20\x61\x6e"
+ "\x64\x20\x66\x6f\x78\x65\x73\x20"
+ "\x69\x6e\x20\x74\x68\x65\x20\x74"
+ "\x61\x78\x6f\x6e\x6f\x6d\x69\x63"
+ "\x20\x66\x61\x6d\x69\x6c\x79\x20"
+ "\x43\x61\x6e\x69\x64\x61\x65\x2e",
+ .ctext = "\x45\x59\xab\xba\x4e\x48\xc1\x61"
+ "\x02\xe8\xbb\x2c\x05\xe6\x94\x7f"
+ "\x50\xa7\x86\xde\x16\x2f\x9b\x0b"
+ "\x7e\x59\x2a\x9b\x53\xd0\xd4\xe9"
+ "\x8d\x8d\x64\x10\xd5\x40\xa1\xa6"
+ "\x37\x5b\x26\xd8\x0d\xac\xe4\xfa"
+ "\xb5\x23\x84\xc7\x31\xac\xbf\x16"
+ "\xa5\x92\x3c\x0c\x48\xd3\x57\x5d"
+ "\x4d\x0d\x2c\x67\x3b\x66\x6f\xaa"
+ "\x73\x10\x61\x27\x77\x01\x09\x3a"
+ "\x6b\xf7\xa1\x58\xa8\x86\x42\x92"
+ "\xa4\x1c\x48\xe3\xa9\xb4\xc0\xda"
+ "\xec\xe0\xf8\xd9\x8d\x0d\x7e\x05"
+ "\xb3\x7a\x30\x7b\xbb\x66\x33\x31"
+ "\x64\xec\x9e\x1b\x24\xea\x0d\x6c"
+ "\x3f\xfd\xdc\xec\x4f\x68\xe7\x44"
+ "\x30\x56\x19\x3a\x03\xc8\x10\xe1"
+ "\x13\x44\xca\x06\xd8\xed\x8a\x2b"
+ "\xfb\x1e\x8d\x48\xcf\xa6\xbc\x0e"
+ "\xb4\xe2\x46\x4b\x74\x81\x42\x40"
+ "\x7c\x9f\x43\x1a\xee\x76\x99\x60"
+ "\xe1\x5b\xa8\xb9\x68\x90\x46\x6e"
+ "\xf2\x45\x75\x99\x85\x23\x85\xc6"
+ "\x61\xf7\x52\xce\x20\xf9\xda\x0c"
+ "\x09\xab\x6b\x19\xdf\x74\xe7\x6a"
+ "\x95\x96\x74\x46\xf8\xd0\xfd\x41"
+ "\x5e\x7b\xee\x2a\x12\xa1\x14\xc2"
+ "\x0e\xb5\x29\x2a\xe7\xa3\x49\xae"
+ "\x57\x78\x20\xd5\x52\x0a\x1f\x3f"
+ "\xb6\x2a\x17\xce\x6a\x7e\x68\xfa"
+ "\x7c\x79\x11\x1d\x88\x60\x92\x0b"
+ "\xc0\x48\xef\x43\xfe\x84\x48\x6c"
+ "\xcb\x87\xc2\x5f\x0a\xe0\x45\xf0"
+ "\xcc\xe1\xe7\x98\x9a\x9a\xa2\x20"
+ "\xa2\x8b\xdd\x48\x27\xe7\x51\xa2"
+ "\x4a\x6d\x5c\x62\xd7\x90\xa6\x63"
+ "\x93\xb9\x31\x11\xc1\xa5\x5d\xd7"
+ "\x42\x1a\x10\x18\x49\x74\xc7\xc5",
+ .len = 304,
+ }
+};
+
+/*
+ * Same as XChaCha20 test vectors above, but recomputed the ciphertext with
+ * XChaCha12, using a modified libsodium.
+ */
+static const struct cipher_testvec xchacha12_tv_template[] = {
+ {
+ .key = "\x79\xc9\x97\x98\xac\x67\x30\x0b"
+ "\xbb\x27\x04\xc9\x5c\x34\x1e\x32"
+ "\x45\xf3\xdc\xb2\x17\x61\xb9\x8e"
+ "\x52\xff\x45\xb2\x4f\x30\x4f\xc4",
+ .klen = 32,
+ .iv = "\xb3\x3f\xfd\x30\x96\x47\x9b\xcf"
+ "\xbc\x9a\xee\x49\x41\x76\x88\xa0"
+ "\xa2\x55\x4f\x8d\x95\x38\x94\x19"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00",
+ .ctext = "\x1b\x78\x7f\xd7\xa1\x41\x68\xab"
+ "\x3d\x3f\xd1\x7b\x69\x56\xb2\xd5"
+ "\x43\xce\xeb\xaf\x36\xf0\x29\x9d"
+ "\x3a\xfb\x18\xae\x1b",
+ .len = 29,
+ }, {
+ .key = "\x9d\x23\xbd\x41\x49\xcb\x97\x9c"
+ "\xcf\x3c\x5c\x94\xdd\x21\x7e\x98"
+ "\x08\xcb\x0e\x50\xcd\x0f\x67\x81"
+ "\x22\x35\xea\xaf\x60\x1d\x62\x32",
+ .klen = 32,
+ .iv = "\xc0\x47\x54\x82\x66\xb7\xc3\x70"
+ "\xd3\x35\x66\xa2\x42\x5c\xbf\x30"
+ "\xd8\x2d\x1e\xaf\x52\x94\x10\x9e"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00",
+ .ctext = "\xfb\x32\x09\x1d\x83\x05\xae\x4c"
+ "\x13\x1f\x12\x71\xf2\xca\xb2\xeb"
+ "\x5b\x83\x14\x7d\x83\xf6\x57\x77"
+ "\x2e\x40\x1f\x92\x2c\xf9\xec\x35"
+ "\x34\x1f\x93\xdf\xfb\x30\xd7\x35"
+ "\x03\x05\x78\xc1\x20\x3b\x7a\xe3"
+ "\x62\xa3\x89\xdc\x11\x11\x45\xa8"
+ "\x82\x89\xa0\xf1\x4e\xc7\x0f\x11"
+ "\x69\xdd\x0c\x84\x2b\x89\x5c\xdc"
+ "\xf0\xde\x01\xef\xc5\x65\x79\x23"
+ "\x87\x67\xd6\x50\xd9\x8d\xd9\x92"
+ "\x54\x5b\x0e",
+ .len = 91,
+ }, {
+ .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x67\xc6\x69\x73"
+ "\x51\xff\x4a\xec\x29\xcd\xba\xab"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ctext = "\xdf\x2d\xc6\x21\x2a\x9d\xa1\xbb"
+ "\xc2\x77\x66\x0c\x5c\x46\xef\xa7"
+ "\x79\x1b\xb9\xdf\x55\xe2\xf9\x61"
+ "\x4c\x7b\xa4\x52\x24\xaf\xa2\xda"
+ "\xd1\x8f\x8f\xa2\x9e\x53\x4d\xc4"
+ "\xb8\x55\x98\x08\x7c\x08\xd4\x18"
+ "\x67\x8f\xef\x50\xb1\x5f\xa5\x77"
+ "\x4c\x25\xe7\x86\x26\x42\xca\x44",
+ .len = 64,
+ }, {
+ .key = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x01",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x02\xf2\xfb\xe3\x46"
+ "\x7c\xc2\x54\xf8\x1b\xe8\xe7\x8d"
+ "\x01\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
+ "\x69\x73\x73\x69\x6f\x6e\x20\x74"
+ "\x6f\x20\x74\x68\x65\x20\x49\x45"
+ "\x54\x46\x20\x69\x6e\x74\x65\x6e"
+ "\x64\x65\x64\x20\x62\x79\x20\x74"
+ "\x68\x65\x20\x43\x6f\x6e\x74\x72"
+ "\x69\x62\x75\x74\x6f\x72\x20\x66"
+ "\x6f\x72\x20\x70\x75\x62\x6c\x69"
+ "\x63\x61\x74\x69\x6f\x6e\x20\x61"
+ "\x73\x20\x61\x6c\x6c\x20\x6f\x72"
+ "\x20\x70\x61\x72\x74\x20\x6f\x66"
+ "\x20\x61\x6e\x20\x49\x45\x54\x46"
+ "\x20\x49\x6e\x74\x65\x72\x6e\x65"
+ "\x74\x2d\x44\x72\x61\x66\x74\x20"
+ "\x6f\x72\x20\x52\x46\x43\x20\x61"
+ "\x6e\x64\x20\x61\x6e\x79\x20\x73"
+ "\x74\x61\x74\x65\x6d\x65\x6e\x74"
+ "\x20\x6d\x61\x64\x65\x20\x77\x69"
+ "\x74\x68\x69\x6e\x20\x74\x68\x65"
+ "\x20\x63\x6f\x6e\x74\x65\x78\x74"
+ "\x20\x6f\x66\x20\x61\x6e\x20\x49"
+ "\x45\x54\x46\x20\x61\x63\x74\x69"
+ "\x76\x69\x74\x79\x20\x69\x73\x20"
+ "\x63\x6f\x6e\x73\x69\x64\x65\x72"
+ "\x65\x64\x20\x61\x6e\x20\x22\x49"
+ "\x45\x54\x46\x20\x43\x6f\x6e\x74"
+ "\x72\x69\x62\x75\x74\x69\x6f\x6e"
+ "\x22\x2e\x20\x53\x75\x63\x68\x20"
+ "\x73\x74\x61\x74\x65\x6d\x65\x6e"
+ "\x74\x73\x20\x69\x6e\x63\x6c\x75"
+ "\x64\x65\x20\x6f\x72\x61\x6c\x20"
+ "\x73\x74\x61\x74\x65\x6d\x65\x6e"
+ "\x74\x73\x20\x69\x6e\x20\x49\x45"
+ "\x54\x46\x20\x73\x65\x73\x73\x69"
+ "\x6f\x6e\x73\x2c\x20\x61\x73\x20"
+ "\x77\x65\x6c\x6c\x20\x61\x73\x20"
+ "\x77\x72\x69\x74\x74\x65\x6e\x20"
+ "\x61\x6e\x64\x20\x65\x6c\x65\x63"
+ "\x74\x72\x6f\x6e\x69\x63\x20\x63"
+ "\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
+ "\x74\x69\x6f\x6e\x73\x20\x6d\x61"
+ "\x64\x65\x20\x61\x74\x20\x61\x6e"
+ "\x79\x20\x74\x69\x6d\x65\x20\x6f"
+ "\x72\x20\x70\x6c\x61\x63\x65\x2c"
+ "\x20\x77\x68\x69\x63\x68\x20\x61"
+ "\x72\x65\x20\x61\x64\x64\x72\x65"
+ "\x73\x73\x65\x64\x20\x74\x6f",
+ .ctext = "\xe4\xa6\xc8\x30\xc4\x23\x13\xd6"
+ "\x08\x4d\xc9\xb7\xa5\x64\x7c\xb9"
+ "\x71\xe2\xab\x3e\xa8\x30\x8a\x1c"
+ "\x4a\x94\x6d\x9b\xe0\xb3\x6f\xf1"
+ "\xdc\xe3\x1b\xb3\xa9\x6d\x0d\xd6"
+ "\xd0\xca\x12\xef\xe7\x5f\xd8\x61"
+ "\x3c\x82\xd3\x99\x86\x3c\x6f\x66"
+ "\x02\x06\xdc\x55\xf9\xed\xdf\x38"
+ "\xb4\xa6\x17\x00\x7f\xef\xbf\x4f"
+ "\xf8\x36\xf1\x60\x7e\x47\xaf\xdb"
+ "\x55\x9b\x12\xcb\x56\x44\xa7\x1f"
+ "\xd3\x1a\x07\x3b\x00\xec\xe6\x4c"
+ "\xa2\x43\x27\xdf\x86\x19\x4f\x16"
+ "\xed\xf9\x4a\xf3\x63\x6f\xfa\x7f"
+ "\x78\x11\xf6\x7d\x97\x6f\xec\x6f"
+ "\x85\x0f\x5c\x36\x13\x8d\x87\xe0"
+ "\x80\xb1\x69\x0b\x98\x89\x9c\x4e"
+ "\xf8\xdd\xee\x5c\x0a\x85\xce\xd4"
+ "\xea\x1b\x48\xbe\x08\xf8\xe2\xa8"
+ "\xa5\xb0\x3c\x79\xb1\x15\xb4\xb9"
+ "\x75\x10\x95\x35\x81\x7e\x26\xe6"
+ "\x78\xa4\x88\xcf\xdb\x91\x34\x18"
+ "\xad\xd7\x8e\x07\x7d\xab\x39\xf9"
+ "\xa3\x9e\xa5\x1d\xbb\xed\x61\xfd"
+ "\xdc\xb7\x5a\x27\xfc\xb5\xc9\x10"
+ "\xa8\xcc\x52\x7f\x14\x76\x90\xe7"
+ "\x1b\x29\x60\x74\xc0\x98\x77\xbb"
+ "\xe0\x54\xbb\x27\x49\x59\x1e\x62"
+ "\x3d\xaf\x74\x06\xa4\x42\x6f\xc6"
+ "\x52\x97\xc4\x1d\xc4\x9f\xe2\xe5"
+ "\x38\x57\x91\xd1\xa2\x28\xcc\x40"
+ "\xcc\x70\x59\x37\xfc\x9f\x4b\xda"
+ "\xa0\xeb\x97\x9a\x7d\xed\x14\x5c"
+ "\x9c\xb7\x93\x26\x41\xa8\x66\xdd"
+ "\x87\x6a\xc0\xd3\xc2\xa9\x3e\xae"
+ "\xe9\x72\xfe\xd1\xb3\xac\x38\xea"
+ "\x4d\x15\xa9\xd5\x36\x61\xe9\x96"
+ "\x6c\x23\xf8\x43\xe4\x92\x29\xd9"
+ "\x8b\x78\xf7\x0a\x52\xe0\x19\x5b"
+ "\x59\x69\x5b\x5d\xa1\x53\xc4\x68"
+ "\xe1\xbb\xac\x89\x14\xe2\xe2\x85"
+ "\x41\x18\xf5\xb3\xd1\xfa\x68\x19"
+ "\x44\x78\xdc\xcf\xe7\x88\x2d\x52"
+ "\x5f\x40\xb5\x7e\xf8\x88\xa2\xae"
+ "\x4a\xb2\x07\x35\x9d\x9b\x07\x88"
+ "\xb7\x00\xd0\x0c\xb6\xa0\x47\x59"
+ "\xda\x4e\xc9\xab\x9b\x8a\x7b",
+
+ .len = 375,
+
+ }, {
+ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
+ "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
+ "\x47\x39\x17\xc1\x40\x2b\x80\x09"
+ "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x02\x76\x5a\x2e\x63"
+ "\x33\x9f\xc9\x9a\x66\x32\x0d\xb7"
+ "\x2a\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
+ "\x69\x6c\x6c\x69\x67\x2c\x20\x61"
+ "\x6e\x64\x20\x74\x68\x65\x20\x73"
+ "\x6c\x69\x74\x68\x79\x20\x74\x6f"
+ "\x76\x65\x73\x0a\x44\x69\x64\x20"
+ "\x67\x79\x72\x65\x20\x61\x6e\x64"
+ "\x20\x67\x69\x6d\x62\x6c\x65\x20"
+ "\x69\x6e\x20\x74\x68\x65\x20\x77"
+ "\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
+ "\x20\x6d\x69\x6d\x73\x79\x20\x77"
+ "\x65\x72\x65\x20\x74\x68\x65\x20"
+ "\x62\x6f\x72\x6f\x67\x6f\x76\x65"
+ "\x73\x2c\x0a\x41\x6e\x64\x20\x74"
+ "\x68\x65\x20\x6d\x6f\x6d\x65\x20"
+ "\x72\x61\x74\x68\x73\x20\x6f\x75"
+ "\x74\x67\x72\x61\x62\x65\x2e",
+ .ctext = "\xb9\x68\xbc\x6a\x24\xbc\xcc\xd8"
+ "\x9b\x2a\x8d\x5b\x96\xaf\x56\xe3"
+ "\x11\x61\xe7\xa7\x9b\xce\x4e\x7d"
+ "\x60\x02\x48\xac\xeb\xd5\x3a\x26"
+ "\x9d\x77\x3b\xb5\x32\x13\x86\x8e"
+ "\x20\x82\x26\x72\xae\x64\x1b\x7e"
+ "\x2e\x01\x68\xb4\x87\x45\xa1\x24"
+ "\xe4\x48\x40\xf0\xaa\xac\xee\xa9"
+ "\xfc\x31\xad\x9d\x89\xa3\xbb\xd2"
+ "\xe4\x25\x13\xad\x0f\x5e\xdf\x3c"
+ "\x27\xab\xb8\x62\x46\x22\x30\x48"
+ "\x55\x2c\x4e\x84\x78\x1d\x0d\x34"
+ "\x8d\x3c\x91\x0a\x7f\x5b\x19\x9f"
+ "\x97\x05\x4c\xa7\x62\x47\x8b\xc5"
+ "\x44\x2e\x20\x33\xdd\xa0\x82\xa9"
+ "\x25\x76\x37\xe6\x3c\x67\x5b",
+ .len = 127,
+ }, {
+ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
+ "\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
+ "\x47\x39\x17\xc1\x40\x2b\x80\x09"
+ "\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
+ .klen = 32,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x01\x31\x58\xa3\x5a"
+ "\x25\x5d\x05\x17\x58\xe9\x5e\xd4"
+ "\x1c\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
+ "\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
+ "\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
+ "\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
+ "\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
+ "\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
+ "\x01\xc6\x67\xda\x03\x91\x18\x90"
+ "\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
+ "\x74\x92\xd3\x53\x47\xc8\xdd\x25"
+ "\x53\x6c\x02\x03\x87\x0d\x11\x0c"
+ "\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
+ "\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
+ "\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
+ "\x33\x97\xc3\x77\xba\xc5\x70\xde"
+ "\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
+ "\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
+ "\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
+ "\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
+ "\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
+ "\x79\x49\x41\xf4\x58\x18\xcb\x86"
+ "\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
+ "\x75\xeb\x88\x84\x40\x3c\xad\x4f"
+ "\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
+ "\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
+ "\x78\xf6\x79\xa1\x59\x47\x12\x4e"
+ "\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
+ "\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
+ "\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
+ "\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
+ "\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
+ "\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
+ "\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
+ "\xf4\xe6\x33\x43\x84\x93\xa5\x67"
+ "\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
+ "\x24\x74\x75\x7f\x95\x81\xb7\x30"
+ "\x7a\x33\xa7\xf7\x94\x87\x32\x27"
+ "\x10\x5d\x14\x4c\x43\x29\xdd\x26"
+ "\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
+ "\xea\x6b\x64\xfd\x73\xc6\xed\xec"
+ "\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
+ "\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
+ "\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
+ "\xec\xca\x60\x09\x4c\x6a\xd5\x09"
+ "\x49\x46\x00\x88\x22\x8d\xce\xea"
+ "\xb1\x17\x11\xde\x42\xd2\x23\xc1"
+ "\x72\x11\xf5\x50\x73\x04\x40\x47"
+ "\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
+ "\x3f\x58\xc1\x52\xab\x12\x67\x9d"
+ "\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
+ "\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
+ "\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
+ "\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
+ "\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
+ "\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
+ "\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
+ "\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
+ "\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
+ "\x8b\x10\x67\xa3\x01\x57\x94\x25"
+ "\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
+ "\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
+ "\x58\xb1\x47\x90\xfe\x42\x21\x72"
+ "\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
+ "\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
+ "\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
+ "\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
+ "\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
+ "\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
+ "\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
+ "\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
+ "\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
+ "\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
+ "\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
+ "\x65\x69\x8a\x45\x29\xef\x74\x85"
+ "\xde\x79\xc7\x08\xae\x30\xb0\xf4"
+ "\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
+ "\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
+ "\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
+ "\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
+ "\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
+ "\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
+ "\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
+ "\x97\x82\x14\xfb\xaa\x04\x22\xfa"
+ "\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
+ "\x78\x33\x5a\x7c\xad\xdb\x29\xce"
+ "\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
+ "\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
+ "\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
+ "\x10\x26\x38\x07\xe5\xc7\x36\x80"
+ "\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
+ "\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
+ "\x1e\x7c\xad\x73\x78\x18\x63\xe0"
+ "\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
+ "\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
+ "\x83\x66\x80\x47\x80\xe8\xfd\x35"
+ "\x1c\x97\x6f\xae\x49\x10\x66\xcc"
+ "\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
+ "\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
+ "\x25\x94\x10\x5f\x40\x00\x64\x99"
+ "\xdc\xae\xd7\x21\x09\x78\x50\x15"
+ "\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
+ "\x87\x6e\x6d\xab\xde\x08\x51\x16"
+ "\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
+ "\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
+ "\xb6\x98\x37\xb2\x43\xed\xde\xdf"
+ "\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
+ "\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
+ "\x80\x55\xc9\x34\x91\xd1\x59\xe8"
+ "\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
+ "\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
+ "\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
+ "\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
+ "\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
+ "\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
+ "\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
+ "\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
+ "\x82\x6b\x37\x04\xeb\x74\xbe\x79"
+ "\xb9\x83\x90\xef\x20\x59\x46\xff"
+ "\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
+ "\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
+ "\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
+ "\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
+ "\xb1\xb9\x07\x6d\x16\x72\xae\x46"
+ "\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
+ "\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
+ "\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
+ "\x94\x97\xea\xdd\x58\x9e\xae\x76"
+ "\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
+ "\xf7\x32\x87\xcd\x93\xbf\x11\x56"
+ "\x11\xbe\x08\x74\xe1\x69\xad\xe2"
+ "\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
+ "\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
+ "\x35\xea\x5d\x85\x81\xaf\x85\xeb"
+ "\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
+ "\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
+ "\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
+ "\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
+ "\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
+ "\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
+ "\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
+ "\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
+ "\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
+ "\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
+ "\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
+ "\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
+ "\x06\x52\x95\x52\xb2\xe9\x25\x2e"
+ "\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
+ "\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
+ "\xac\xf3\x13\x53\x27\x45\xaf\x64"
+ "\x46\xdc\xea\x23\xda\x97\xd1\xab"
+ "\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
+ "\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
+ "\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
+ "\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
+ "\xca\x34\x83\x27\x10\x5b\x68\x45"
+ "\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
+ "\xe3\xc0\x66\x05\x42\x91\x5f\x58"
+ "\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
+ "\x04\xa9\x08\x4b\x57\xfc\x67\x53"
+ "\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
+ "\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
+ "\x72",
+ .ctext = "\xe1\xb6\x8b\x5c\x80\xb8\xcc\x08"
+ "\x1b\x84\xb2\xd1\xad\xa4\x70\xac"
+ "\x67\xa9\x39\x27\xac\xb4\x5b\xb7"
+ "\x4c\x26\x77\x23\x1d\xce\x0a\xbe"
+ "\x18\x9e\x42\x8b\xbd\x7f\xd6\xf1"
+ "\xf1\x6b\xe2\x6d\x7f\x92\x0e\xcb"
+ "\xb8\x79\xba\xb4\xac\x7e\x2d\xc0"
+ "\x9e\x83\x81\x91\xd5\xea\xc3\x12"
+ "\x8d\xa4\x26\x70\xa4\xf9\x71\x0b"
+ "\xbd\x2e\xe1\xb3\x80\x42\x25\xb3"
+ "\x0b\x31\x99\xe1\x0d\xde\xa6\x90"
+ "\xf2\xa3\x10\xf7\xe5\xf3\x83\x1e"
+ "\x2c\xfb\x4d\xf0\x45\x3d\x28\x3c"
+ "\xb8\xf1\xcb\xbf\x67\xd8\x43\x5a"
+ "\x9d\x7b\x73\x29\x88\x0f\x13\x06"
+ "\x37\x50\x0d\x7c\xe6\x9b\x07\xdd"
+ "\x7e\x01\x1f\x81\x90\x10\x69\xdb"
+ "\xa4\xad\x8a\x5e\xac\x30\x72\xf2"
+ "\x36\xcd\xe3\x23\x49\x02\x93\xfa"
+ "\x3d\xbb\xe2\x98\x83\xeb\xe9\x8d"
+ "\xb3\x8f\x11\xaa\x53\xdb\xaf\x2e"
+ "\x95\x13\x99\x3d\x71\xbd\x32\x92"
+ "\xdd\xfc\x9d\x5e\x6f\x63\x2c\xee"
+ "\x91\x1f\x4c\x64\x3d\x87\x55\x0f"
+ "\xcc\x3d\x89\x61\x53\x02\x57\x8f"
+ "\xe4\x77\x29\x32\xaf\xa6\x2f\x0a"
+ "\xae\x3c\x3f\x3f\xf4\xfb\x65\x52"
+ "\xc5\xc1\x78\x78\x53\x28\xad\xed"
+ "\xd1\x67\x37\xc7\x59\x70\xcd\x0a"
+ "\xb8\x0f\x80\x51\x9f\xc0\x12\x5e"
+ "\x06\x0a\x7e\xec\x24\x5f\x73\x00"
+ "\xb1\x0b\x31\x47\x4f\x73\x8d\xb4"
+ "\xce\xf3\x55\x45\x6c\x84\x27\xba"
+ "\xb9\x6f\x03\x4a\xeb\x98\x88\x6e"
+ "\x53\xed\x25\x19\x0d\x8f\xfe\xca"
+ "\x60\xe5\x00\x93\x6e\x3c\xff\x19"
+ "\xae\x08\x3b\x8a\xa6\x84\x05\xfe"
+ "\x9b\x59\xa0\x8c\xc8\x05\x45\xf5"
+ "\x05\x37\xdc\x45\x6f\x8b\x95\x8c"
+ "\x4e\x11\x45\x7a\xce\x21\xa5\xf7"
+ "\x71\x67\xb9\xce\xd7\xf9\xe9\x5e"
+ "\x60\xf5\x53\x7a\xa8\x85\x14\x03"
+ "\xa0\x92\xec\xf3\x51\x80\x84\xc4"
+ "\xdc\x11\x9e\x57\xce\x4b\x45\xcf"
+ "\x90\x95\x85\x0b\x96\xe9\xee\x35"
+ "\x10\xb8\x9b\xf2\x59\x4a\xc6\x7e"
+ "\x85\xe5\x6f\x38\x51\x93\x40\x0c"
+ "\x99\xd7\x7f\x32\xa8\x06\x27\xd1"
+ "\x2b\xd5\xb5\x3a\x1a\xe1\x5e\xda"
+ "\xcd\x5a\x50\x30\x3c\xc7\xe7\x65"
+ "\xa6\x07\x0b\x98\x91\xc6\x20\x27"
+ "\x2a\x03\x63\x1b\x1e\x3d\xaf\xc8"
+ "\x71\x48\x46\x6a\x64\x28\xf9\x3d"
+ "\xd1\x1d\xab\xc8\x40\x76\xc2\x39"
+ "\x4e\x00\x75\xd2\x0e\x82\x58\x8c"
+ "\xd3\x73\x5a\xea\x46\x89\xbe\xfd"
+ "\x4e\x2c\x0d\x94\xaa\x9b\x68\xac"
+ "\x86\x87\x30\x7e\xa9\x16\xcd\x59"
+ "\xd2\xa6\xbe\x0a\xd8\xf5\xfd\x2d"
+ "\x49\x69\xd2\x1a\x90\xd2\x1b\xed"
+ "\xff\x71\x04\x87\x87\x21\xc4\xb8"
+ "\x1f\x5b\x51\x33\xd0\xd6\x59\x9a"
+ "\x03\x0e\xd3\x8b\xfb\x57\x73\xfd"
+ "\x5a\x52\x63\x82\xc8\x85\x2f\xcb"
+ "\x74\x6d\x4e\xd9\x68\x37\x85\x6a"
+ "\xd4\xfb\x94\xed\x8d\xd1\x1a\xaf"
+ "\x76\xa7\xb7\x88\xd0\x2b\x4e\xda"
+ "\xec\x99\x94\x27\x6f\x87\x8c\xdf"
+ "\x4b\x5e\xa6\x66\xdd\xcb\x33\x7b"
+ "\x64\x94\x31\xa8\x37\xa6\x1d\xdb"
+ "\x0d\x5c\x93\xa4\x40\xf9\x30\x53"
+ "\x4b\x74\x8d\xdd\xf6\xde\x3c\xac"
+ "\x5c\x80\x01\x3a\xef\xb1\x9a\x02"
+ "\x0c\x22\x8e\xe7\x44\x09\x74\x4c"
+ "\xf2\x9a\x27\x69\x7f\x12\x32\x36"
+ "\xde\x92\xdf\xde\x8f\x5b\x31\xab"
+ "\x4a\x01\x26\xe0\xb1\xda\xe8\x37"
+ "\x21\x64\xe8\xff\x69\xfc\x9e\x41"
+ "\xd2\x96\x2d\x18\x64\x98\x33\x78"
+ "\x24\x61\x73\x9b\x47\x29\xf1\xa7"
+ "\xcb\x27\x0f\xf0\x85\x6d\x8c\x9d"
+ "\x2c\x95\x9e\xe5\xb2\x8e\x30\x29"
+ "\x78\x8a\x9d\x65\xb4\x8e\xde\x7b"
+ "\xd9\x00\x50\xf5\x7f\x81\xc3\x1b"
+ "\x25\x85\xeb\xc2\x8c\x33\x22\x1e"
+ "\x68\x38\x22\x30\xd8\x2e\x00\x98"
+ "\x85\x16\x06\x56\xb4\x81\x74\x20"
+ "\x95\xdb\x1c\x05\x19\xe8\x23\x4d"
+ "\x65\x5d\xcc\xd8\x7f\xc4\x2d\x0f"
+ "\x57\x26\x71\x07\xad\xaa\x71\x9f"
+ "\x19\x76\x2f\x25\x51\x88\xe4\xc0"
+ "\x82\x6e\x08\x05\x37\x04\xee\x25"
+ "\x23\x90\xe9\x4e\xce\x9b\x16\xc1"
+ "\x31\xe7\x6e\x2c\x1b\xe1\x85\x9a"
+ "\x0c\x8c\xbb\x12\x1e\x68\x7b\x93"
+ "\xa9\x3c\x39\x56\x23\x3e\x6e\xc7"
+ "\x77\x84\xd3\xe0\x86\x59\xaa\xb9"
+ "\xd5\x53\x58\xc9\x0a\x83\x5f\x85"
+ "\xd8\x47\x14\x67\x8a\x3c\x17\xe0"
+ "\xab\x02\x51\xea\xf1\xf0\x4f\x30"
+ "\x7d\xe0\x92\xc2\x5f\xfb\x19\x5a"
+ "\x3f\xbd\xf4\x39\xa4\x31\x0c\x39"
+ "\xd1\xae\x4e\xf7\x65\x7f\x1f\xce"
+ "\xc2\x39\xd1\x84\xd4\xe5\x02\xe0"
+ "\x58\xaa\xf1\x5e\x81\xaf\x7f\x72"
+ "\x0f\x08\x99\x43\xb9\xd8\xac\x41"
+ "\x35\x55\xf2\xb2\xd4\x98\xb8\x3b"
+ "\x2b\x3c\x3e\x16\x06\x31\xfc\x79"
+ "\x47\x38\x63\x51\xc5\xd0\x26\xd7"
+ "\x43\xb4\x2b\xd9\xc5\x05\xf2\x9d"
+ "\x18\xc9\x26\x82\x56\xd2\x11\x05"
+ "\xb6\x89\xb4\x43\x9c\xb5\x9d\x11"
+ "\x6c\x83\x37\x71\x27\x1c\xae\xbf"
+ "\xcd\x57\xd2\xee\x0d\x5a\x15\x26"
+ "\x67\x88\x80\x80\x1b\xdc\xc1\x62"
+ "\xdd\x4c\xff\x92\x5c\x6c\xe1\xa0"
+ "\xe3\x79\xa9\x65\x8c\x8c\x14\x42"
+ "\xe5\x11\xd2\x1a\xad\xa9\x56\x6f"
+ "\x98\xfc\x8a\x7b\x56\x1f\xc6\xc1"
+ "\x52\x12\x92\x9b\x41\x0f\x4b\xae"
+ "\x1b\x4a\xbc\xfe\x23\xb6\x94\x70"
+ "\x04\x30\x9e\x69\x47\xbe\xb8\x8f"
+ "\xca\x45\xd7\x8a\xf4\x78\x3e\xaa"
+ "\x71\x17\xd8\x1e\xb8\x11\x8f\xbc"
+ "\xc8\x1a\x65\x7b\x41\x89\x72\xc7"
+ "\x5f\xbe\xc5\x2a\xdb\x5c\x54\xf9"
+ "\x25\xa3\x7a\x80\x56\x9c\x8c\xab"
+ "\x26\x19\x10\x36\xa6\xf3\x14\x79"
+ "\x40\x98\x70\x68\xb7\x35\xd9\xb9"
+ "\x27\xd4\xe7\x74\x5b\x3d\x97\xb4"
+ "\xd9\xaa\xd9\xf2\xb5\x14\x84\x1f"
+ "\xa9\xde\x12\x44\x5b\x00\xc0\xbc"
+ "\xc8\x11\x25\x1b\x67\x7a\x15\x72"
+ "\xa6\x31\x6f\xf4\x68\x7a\x86\x9d"
+ "\x43\x1c\x5f\x16\xd3\xad\x2e\x52"
+ "\xf3\xb4\xc3\xfa\x27\x2e\x68\x6c"
+ "\x06\xe7\x4c\x4f\xa2\xe0\xe4\x21"
+ "\x5d\x9e\x33\x58\x8d\xbf\xd5\x70"
+ "\xf8\x80\xa5\xdd\xe7\x18\x79\xfa"
+ "\x7b\xfd\x09\x69\x2c\x37\x32\xa8"
+ "\x65\xfa\x8d\x8b\x5c\xcc\xe8\xf3"
+ "\x37\xf6\xa6\xc6\x5c\xa2\x66\x79"
+ "\xfa\x8a\xa7\xd1\x0b\x2e\x1b\x5e"
+ "\x95\x35\x00\x76\xae\x42\xf7\x50"
+ "\x51\x78\xfb\xb4\x28\x24\xde\x1a"
+ "\x70\x8b\xed\xca\x3c\x5e\xe4\xbd"
+ "\x28\xb5\xf3\x76\x4f\x67\x5d\x81"
+ "\xb2\x60\x87\xd9\x7b\x19\x1a\xa7"
+ "\x79\xa2\xfa\x3f\x9e\xa9\xd7\x25"
+ "\x61\xe1\x74\x31\xa2\x77\xa0\x1b"
+ "\xf6\xf7\xcb\xc5\xaa\x9e\xce\xf9"
+ "\x9b\x96\xef\x51\xc3\x1a\x44\x96"
+ "\xae\x17\x50\xab\x29\x08\xda\xcc"
+ "\x1a\xb3\x12\xd0\x24\xe4\xe2\xe0"
+ "\xc6\xe3\xcc\x82\xd0\xba\x47\x4c"
+ "\x3f\x49\xd7\xe8\xb6\x61\xaa\x65"
+ "\x25\x18\x40\x2d\x62\x25\x02\x71"
+ "\x61\xa2\xc1\xb2\x13\xd2\x71\x3f"
+ "\x43\x1a\xc9\x09\x92\xff\xd5\x57"
+ "\xf0\xfc\x5e\x1c\xf1\xf5\xf9\xf3"
+ "\x5b",
+ .len = 1281,
+ }, {
+ .key = "\x80\x81\x82\x83\x84\x85\x86\x87"
+ "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
+ "\x90\x91\x92\x93\x94\x95\x96\x97"
+ "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
+ .klen = 32,
+ .iv = "\x40\x41\x42\x43\x44\x45\x46\x47"
+ "\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
+ "\x50\x51\x52\x53\x54\x55\x56\x58"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x54\x68\x65\x20\x64\x68\x6f\x6c"
+ "\x65\x20\x28\x70\x72\x6f\x6e\x6f"
+ "\x75\x6e\x63\x65\x64\x20\x22\x64"
+ "\x6f\x6c\x65\x22\x29\x20\x69\x73"
+ "\x20\x61\x6c\x73\x6f\x20\x6b\x6e"
+ "\x6f\x77\x6e\x20\x61\x73\x20\x74"
+ "\x68\x65\x20\x41\x73\x69\x61\x74"
+ "\x69\x63\x20\x77\x69\x6c\x64\x20"
+ "\x64\x6f\x67\x2c\x20\x72\x65\x64"
+ "\x20\x64\x6f\x67\x2c\x20\x61\x6e"
+ "\x64\x20\x77\x68\x69\x73\x74\x6c"
+ "\x69\x6e\x67\x20\x64\x6f\x67\x2e"
+ "\x20\x49\x74\x20\x69\x73\x20\x61"
+ "\x62\x6f\x75\x74\x20\x74\x68\x65"
+ "\x20\x73\x69\x7a\x65\x20\x6f\x66"
+ "\x20\x61\x20\x47\x65\x72\x6d\x61"
+ "\x6e\x20\x73\x68\x65\x70\x68\x65"
+ "\x72\x64\x20\x62\x75\x74\x20\x6c"
+ "\x6f\x6f\x6b\x73\x20\x6d\x6f\x72"
+ "\x65\x20\x6c\x69\x6b\x65\x20\x61"
+ "\x20\x6c\x6f\x6e\x67\x2d\x6c\x65"
+ "\x67\x67\x65\x64\x20\x66\x6f\x78"
+ "\x2e\x20\x54\x68\x69\x73\x20\x68"
+ "\x69\x67\x68\x6c\x79\x20\x65\x6c"
+ "\x75\x73\x69\x76\x65\x20\x61\x6e"
+ "\x64\x20\x73\x6b\x69\x6c\x6c\x65"
+ "\x64\x20\x6a\x75\x6d\x70\x65\x72"
+ "\x20\x69\x73\x20\x63\x6c\x61\x73"
+ "\x73\x69\x66\x69\x65\x64\x20\x77"
+ "\x69\x74\x68\x20\x77\x6f\x6c\x76"
+ "\x65\x73\x2c\x20\x63\x6f\x79\x6f"
+ "\x74\x65\x73\x2c\x20\x6a\x61\x63"
+ "\x6b\x61\x6c\x73\x2c\x20\x61\x6e"
+ "\x64\x20\x66\x6f\x78\x65\x73\x20"
+ "\x69\x6e\x20\x74\x68\x65\x20\x74"
+ "\x61\x78\x6f\x6e\x6f\x6d\x69\x63"
+ "\x20\x66\x61\x6d\x69\x6c\x79\x20"
+ "\x43\x61\x6e\x69\x64\x61\x65\x2e",
+ .ctext = "\x9f\x1a\xab\x8a\x95\xf4\x7e\xcd"
+ "\xee\x34\xc0\x39\xd6\x23\x43\x94"
+ "\xf6\x01\xc1\x7f\x60\x91\xa5\x23"
+ "\x4a\x8a\xe6\xb1\x14\x8b\xd7\x58"
+ "\xee\x02\xad\xab\xce\x1e\x7d\xdf"
+ "\xf9\x49\x27\x69\xd0\x8d\x0c\x20"
+ "\x6e\x17\xc4\xae\x87\x7a\xc6\x61"
+ "\x91\xe2\x8e\x0a\x1d\x61\xcc\x38"
+ "\x02\x64\x43\x49\xc6\xb2\x59\x59"
+ "\x42\xe7\x9d\x83\x00\x60\x90\xd2"
+ "\xb9\xcd\x97\x6e\xc7\x95\x71\xbc"
+ "\x23\x31\x58\x07\xb3\xb4\xac\x0b"
+ "\x87\x64\x56\xe5\xe3\xec\x63\xa1"
+ "\x71\x8c\x08\x48\x33\x20\x29\x81"
+ "\xea\x01\x25\x20\xc3\xda\xe6\xee"
+ "\x6a\x03\xf6\x68\x4d\x26\xa0\x91"
+ "\x9e\x44\xb8\xc1\xc0\x8f\x5a\x6a"
+ "\xc0\xcd\xbf\x24\x5e\x40\x66\xd2"
+ "\x42\x24\xb5\xbf\xc1\xeb\x12\x60"
+ "\x56\xbe\xb1\xa6\xc4\x0f\xfc\x49"
+ "\x69\x9f\xcc\x06\x5c\xe3\x26\xd7"
+ "\x52\xc0\x42\xe8\xb4\x76\xc3\xee"
+ "\xb2\x97\xe3\x37\x61\x29\x5a\xb5"
+ "\x8e\xe8\x8c\xc5\x38\xcc\xcb\xec"
+ "\x64\x1a\xa9\x12\x5f\xf7\x79\xdf"
+ "\x64\xca\x77\x4e\xbd\xf9\x83\xa0"
+ "\x13\x27\x3f\x31\x03\x63\x30\x26"
+ "\x27\x0b\x3e\xb3\x23\x13\x61\x0b"
+ "\x70\x1d\xd4\xad\x85\x1e\xbf\xdf"
+ "\xc6\x8e\x4d\x08\xcc\x7e\x77\xbd"
+ "\x1e\x18\x77\x38\x3a\xfe\xc0\x5d"
+ "\x16\xfc\xf0\xa9\x2f\xe9\x17\xc7"
+ "\xd3\x23\x17\x18\xa3\xe6\x54\x77"
+ "\x6f\x1b\xbe\x8a\x6e\x7e\xca\x97"
+ "\x08\x05\x36\x76\xaf\x12\x7a\x42"
+ "\xf7\x7a\xc2\x35\xc3\xb4\x93\x40"
+ "\x54\x14\x90\xa0\x4d\x65\x1c\x37"
+ "\x50\x70\x44\x29\x6d\x6e\x62\x68",
+ .len = 304,
+ }
+};
+
+/* Adiantum test vectors from https://github.com/google/adiantum */
+static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = {
+ {
+ .key = "\x9e\xeb\xb2\x49\x3c\x1c\xf5\xf4"
+ "\x6a\x99\xc2\xc4\xdf\xb1\xf4\xdd"
+ "\x75\x20\x57\xea\x2c\x4f\xcd\xb2"
+ "\xa5\x3d\x7b\x49\x1e\xab\xfd\x0f",
+ .klen = 32,
+ .iv = "\xdf\x63\xd4\xab\xd2\x49\xf3\xd8"
+ "\x33\x81\x37\x60\x7d\xfa\x73\x08"
+ "\xd8\x49\x6d\x80\xe8\x2f\x62\x54"
+ "\xeb\x0e\xa9\x39\x5b\x45\x7f\x8a",
+ .ptext = "\x67\xc9\xf2\x30\x84\x41\x8e\x43"
+ "\xfb\xf3\xb3\x3e\x79\x36\x7f\xe8",
+ .ctext = "\x6d\x32\x86\x18\x67\x86\x0f\x3f"
+ "\x96\x7c\x9d\x28\x0d\x53\xec\x9f",
+ .len = 16,
+ }, {
+ .key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99"
+ "\x5f\x1a\x5a\x44\x1d\x92\x0f\x27"
+ "\xcc\x16\xd7\x2b\x85\x63\x99\xd3"
+ "\xba\x96\xa1\xdb\xd2\x60\x68\xda",
+ .klen = 32,
+ .iv = "\xef\x58\x69\xb1\x2c\x5e\x9a\x47"
+ "\x24\xc1\xb1\x69\xe1\x12\x93\x8f"
+ "\x43\x3d\x6d\x00\xdb\x5e\xd8\xd9"
+ "\x12\x9a\xfe\xd9\xff\x2d\xaa\xc4",
+ .ptext = "\x5e\xa8\x68\x19\x85\x98\x12\x23"
+ "\x26\x0a\xcc\xdb\x0a\x04\xb9\xdf"
+ "\x4d\xb3\x48\x7b\xb0\xe3\xc8\x19"
+ "\x43\x5a\x46\x06\x94\x2d\xf2",
+ .ctext = "\xc7\xc6\xf1\x73\x8f\xc4\xff\x4a"
+ "\x39\xbe\x78\xbe\x8d\x28\xc8\x89"
+ "\x46\x63\xe7\x0c\x7d\x87\xe8\x4e"
+ "\xc9\x18\x7b\xbe\x18\x60\x50",
+ .len = 31,
+ }, {
+ .key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7"
+ "\x05\x91\x8f\xee\x85\x1f\x35\x7f"
+ "\x80\x3d\xfc\x9b\x94\xf6\xfc\x9e"
+ "\x19\x09\x00\xa9\x04\x31\x4f\x11",
+ .klen = 32,
+ .iv = "\xa1\xba\x49\x95\xff\x34\x6d\xb8"
+ "\xcd\x87\x5d\x5e\xfd\xea\x85\xdb"
+ "\x8a\x7b\x5e\xb2\x5d\x57\xdd\x62"
+ "\xac\xa9\x8c\x41\x42\x94\x75\xb7",
+ .ptext = "\x69\xb4\xe8\x8c\x37\xe8\x67\x82"
+ "\xf1\xec\x5d\x04\xe5\x14\x91\x13"
+ "\xdf\xf2\x87\x1b\x69\x81\x1d\x71"
+ "\x70\x9e\x9c\x3b\xde\x49\x70\x11"
+ "\xa0\xa3\xdb\x0d\x54\x4f\x66\x69"
+ "\xd7\xdb\x80\xa7\x70\x92\x68\xce"
+ "\x81\x04\x2c\xc6\xab\xae\xe5\x60"
+ "\x15\xe9\x6f\xef\xaa\x8f\xa7\xa7"
+ "\x63\x8f\xf2\xf0\x77\xf1\xa8\xea"
+ "\xe1\xb7\x1f\x9e\xab\x9e\x4b\x3f"
+ "\x07\x87\x5b\x6f\xcd\xa8\xaf\xb9"
+ "\xfa\x70\x0b\x52\xb8\xa8\xa7\x9e"
+ "\x07\x5f\xa6\x0e\xb3\x9b\x79\x13"
+ "\x79\xc3\x3e\x8d\x1c\x2c\x68\xc8"
+ "\x51\x1d\x3c\x7b\x7d\x79\x77\x2a"
+ "\x56\x65\xc5\x54\x23\x28\xb0\x03",
+ .ctext = "\x9e\x16\xab\xed\x4b\xa7\x42\x5a"
+ "\xc6\xfb\x4e\x76\xff\xbe\x03\xa0"
+ "\x0f\xe3\xad\xba\xe4\x98\x2b\x0e"
+ "\x21\x48\xa0\xb8\x65\x48\x27\x48"
+ "\x84\x54\x54\xb2\x9a\x94\x7b\xe6"
+ "\x4b\x29\xe9\xcf\x05\x91\x80\x1a"
+ "\x3a\xf3\x41\x96\x85\x1d\x9f\x74"
+ "\x51\x56\x63\xfa\x7c\x28\x85\x49"
+ "\xf7\x2f\xf9\xf2\x18\x46\xf5\x33"
+ "\x80\xa3\x3c\xce\xb2\x57\x93\xf5"
+ "\xae\xbd\xa9\xf5\x7b\x30\xc4\x93"
+ "\x66\xe0\x30\x77\x16\xe4\xa0\x31"
+ "\xba\x70\xbc\x68\x13\xf5\xb0\x9a"
+ "\xc1\xfc\x7e\xfe\x55\x80\x5c\x48"
+ "\x74\xa6\xaa\xa3\xac\xdc\xc2\xf5"
+ "\x8d\xde\x34\x86\x78\x60\x75\x8d",
+ .len = 128,
+ }, {
+ .key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a"
+ "\x25\x74\x29\x0d\x51\x8a\x0e\x13"
+ "\xc1\x53\x5d\x30\x8d\xee\x75\x0d"
+ "\x14\xd6\x69\xc9\x15\xa9\x0c\x60",
+ .klen = 32,
+ .iv = "\x65\x9b\xd4\xa8\x7d\x29\x1d\xf4"
+ "\xc4\xd6\x9b\x6a\x28\xab\x64\xe2"
+ "\x62\x81\x97\xc5\x81\xaa\xf9\x44"
+ "\xc1\x72\x59\x82\xaf\x16\xc8\x2c",
+ .ptext = "\xc7\x6b\x52\x6a\x10\xf0\xcc\x09"
+ "\xc1\x12\x1d\x6d\x21\xa6\x78\xf5"
+ "\x05\xa3\x69\x60\x91\x36\x98\x57"
+ "\xba\x0c\x14\xcc\xf3\x2d\x73\x03"
+ "\xc6\xb2\x5f\xc8\x16\x27\x37\x5d"
+ "\xd0\x0b\x87\xb2\x50\x94\x7b\x58"
+ "\x04\xf4\xe0\x7f\x6e\x57\x8e\xc9"
+ "\x41\x84\xc1\xb1\x7e\x4b\x91\x12"
+ "\x3a\x8b\x5d\x50\x82\x7b\xcb\xd9"
+ "\x9a\xd9\x4e\x18\x06\x23\x9e\xd4"
+ "\xa5\x20\x98\xef\xb5\xda\xe5\xc0"
+ "\x8a\x6a\x83\x77\x15\x84\x1e\xae"
+ "\x78\x94\x9d\xdf\xb7\xd1\xea\x67"
+ "\xaa\xb0\x14\x15\xfa\x67\x21\x84"
+ "\xd3\x41\x2a\xce\xba\x4b\x4a\xe8"
+ "\x95\x62\xa9\x55\xf0\x80\xad\xbd"
+ "\xab\xaf\xdd\x4f\xa5\x7c\x13\x36"
+ "\xed\x5e\x4f\x72\xad\x4b\xf1\xd0"
+ "\x88\x4e\xec\x2c\x88\x10\x5e\xea"
+ "\x12\xc0\x16\x01\x29\xa3\xa0\x55"
+ "\xaa\x68\xf3\xe9\x9d\x3b\x0d\x3b"
+ "\x6d\xec\xf8\xa0\x2d\xf0\x90\x8d"
+ "\x1c\xe2\x88\xd4\x24\x71\xf9\xb3"
+ "\xc1\x9f\xc5\xd6\x76\x70\xc5\x2e"
+ "\x9c\xac\xdb\x90\xbd\x83\x72\xba"
+ "\x6e\xb5\xa5\x53\x83\xa9\xa5\xbf"
+ "\x7d\x06\x0e\x3c\x2a\xd2\x04\xb5"
+ "\x1e\x19\x38\x09\x16\xd2\x82\x1f"
+ "\x75\x18\x56\xb8\x96\x0b\xa6\xf9"
+ "\xcf\x62\xd9\x32\x5d\xa9\xd7\x1d"
+ "\xec\xe4\xdf\x1b\xbe\xf1\x36\xee"
+ "\xe3\x7b\xb5\x2f\xee\xf8\x53\x3d"
+ "\x6a\xb7\x70\xa9\xfc\x9c\x57\x25"
+ "\xf2\x89\x10\xd3\xb8\xa8\x8c\x30"
+ "\xae\x23\x4f\x0e\x13\x66\x4f\xe1"
+ "\xb6\xc0\xe4\xf8\xef\x93\xbd\x6e"
+ "\x15\x85\x6b\xe3\x60\x81\x1d\x68"
+ "\xd7\x31\x87\x89\x09\xab\xd5\x96"
+ "\x1d\xf3\x6d\x67\x80\xca\x07\x31"
+ "\x5d\xa7\xe4\xfb\x3e\xf2\x9b\x33"
+ "\x52\x18\xc8\x30\xfe\x2d\xca\x1e"
+ "\x79\x92\x7a\x60\x5c\xb6\x58\x87"
+ "\xa4\x36\xa2\x67\x92\x8b\xa4\xb7"
+ "\xf1\x86\xdf\xdc\xc0\x7e\x8f\x63"
+ "\xd2\xa2\xdc\x78\xeb\x4f\xd8\x96"
+ "\x47\xca\xb8\x91\xf9\xf7\x94\x21"
+ "\x5f\x9a\x9f\x5b\xb8\x40\x41\x4b"
+ "\x66\x69\x6a\x72\xd0\xcb\x70\xb7"
+ "\x93\xb5\x37\x96\x05\x37\x4f\xe5"
+ "\x8c\xa7\x5a\x4e\x8b\xb7\x84\xea"
+ "\xc7\xfc\x19\x6e\x1f\x5a\xa1\xac"
+ "\x18\x7d\x52\x3b\xb3\x34\x62\x99"
+ "\xe4\x9e\x31\x04\x3f\xc0\x8d\x84"
+ "\x17\x7c\x25\x48\x52\x67\x11\x27"
+ "\x67\xbb\x5a\x85\xca\x56\xb2\x5c"
+ "\xe6\xec\xd5\x96\x3d\x15\xfc\xfb"
+ "\x22\x25\xf4\x13\xe5\x93\x4b\x9a"
+ "\x77\xf1\x52\x18\xfa\x16\x5e\x49"
+ "\x03\x45\xa8\x08\xfa\xb3\x41\x92"
+ "\x79\x50\x33\xca\xd0\xd7\x42\x55"
+ "\xc3\x9a\x0c\x4e\xd9\xa4\x3c\x86"
+ "\x80\x9f\x53\xd1\xa4\x2e\xd1\xbc"
+ "\xf1\x54\x6e\x93\xa4\x65\x99\x8e"
+ "\xdf\x29\xc0\x64\x63\x07\xbb\xea",
+ .ctext = "\x15\x97\xd0\x86\x18\x03\x9c\x51"
+ "\xc5\x11\x36\x62\x13\x92\xe6\x73"
+ "\x29\x79\xde\xa1\x00\x3e\x08\x64"
+ "\x17\x1a\xbc\xd5\xfe\x33\x0e\x0c"
+ "\x7c\x94\xa7\xc6\x3c\xbe\xac\xa2"
+ "\x89\xe6\xbc\xdf\x0c\x33\x27\x42"
+ "\x46\x73\x2f\xba\x4e\xa6\x46\x8f"
+ "\xe4\xee\x39\x63\x42\x65\xa3\x88"
+ "\x7a\xad\x33\x23\xa9\xa7\x20\x7f"
+ "\x0b\xe6\x6a\xc3\x60\xda\x9e\xb4"
+ "\xd6\x07\x8a\x77\x26\xd1\xab\x44"
+ "\x99\x55\x03\x5e\xed\x8d\x7b\xbd"
+ "\xc8\x21\xb7\x21\x30\x3f\xc0\xb5"
+ "\xc8\xec\x6c\x23\xa6\xa3\x6d\xf1"
+ "\x30\x0a\xd0\xa6\xa9\x28\x69\xae"
+ "\x2a\xe6\x54\xac\x82\x9d\x6a\x95"
+ "\x6f\x06\x44\xc5\x5a\x77\x6e\xec"
+ "\xf8\xf8\x63\xb2\xe6\xaa\xbd\x8e"
+ "\x0e\x8a\x62\x00\x03\xc8\x84\xdd"
+ "\x47\x4a\xc3\x55\xba\xb7\xe7\xdf"
+ "\x08\xbf\x62\xf5\xe8\xbc\xb6\x11"
+ "\xe4\xcb\xd0\x66\x74\x32\xcf\xd4"
+ "\xf8\x51\x80\x39\x14\x05\x12\xdb"
+ "\x87\x93\xe2\x26\x30\x9c\x3a\x21"
+ "\xe5\xd0\x38\x57\x80\x15\xe4\x08"
+ "\x58\x05\x49\x7d\xe6\x92\x77\x70"
+ "\xfb\x1e\x2d\x6a\x84\x00\xc8\x68"
+ "\xf7\x1a\xdd\xf0\x7b\x38\x1e\xd8"
+ "\x2c\x78\x78\x61\xcf\xe3\xde\x69"
+ "\x1f\xd5\x03\xd5\x1a\xb4\xcf\x03"
+ "\xc8\x7a\x70\x68\x35\xb4\xf6\xbe"
+ "\x90\x62\xb2\x28\x99\x86\xf5\x44"
+ "\x99\xeb\x31\xcf\xca\xdf\xd0\x21"
+ "\xd6\x60\xf7\x0f\x40\xb4\x80\xb7"
+ "\xab\xe1\x9b\x45\xba\x66\xda\xee"
+ "\xdd\x04\x12\x40\x98\xe1\x69\xe5"
+ "\x2b\x9c\x59\x80\xe7\x7b\xcc\x63"
+ "\xa6\xc0\x3a\xa9\xfe\x8a\xf9\x62"
+ "\x11\x34\x61\x94\x35\xfe\xf2\x99"
+ "\xfd\xee\x19\xea\x95\xb6\x12\xbf"
+ "\x1b\xdf\x02\x1a\xcc\x3e\x7e\x65"
+ "\x78\x74\x10\x50\x29\x63\x28\xea"
+ "\x6b\xab\xd4\x06\x4d\x15\x24\x31"
+ "\xc7\x0a\xc9\x16\xb6\x48\xf0\xbf"
+ "\x49\xdb\x68\x71\x31\x8f\x87\xe2"
+ "\x13\x05\x64\xd6\x22\x0c\xf8\x36"
+ "\x84\x24\x3e\x69\x5e\xb8\x9e\x16"
+ "\x73\x6c\x83\x1e\xe0\x9f\x9e\xba"
+ "\xe5\x59\x21\x33\x1b\xa9\x26\xc2"
+ "\xc7\xd9\x30\x73\xb6\xa6\x73\x82"
+ "\x19\xfa\x44\x4d\x40\x8b\x69\x04"
+ "\x94\x74\xea\x6e\xb3\x09\x47\x01"
+ "\x2a\xb9\x78\x34\x43\x11\xed\xd6"
+ "\x8c\x95\x65\x1b\x85\x67\xa5\x40"
+ "\xac\x9c\x05\x4b\x57\x4a\xa9\x96"
+ "\x0f\xdd\x4f\xa1\xe0\xcf\x6e\xc7"
+ "\x1b\xed\xa2\xb4\x56\x8c\x09\x6e"
+ "\xa6\x65\xd7\x55\x81\xb7\xed\x11"
+ "\x9b\x40\x75\xa8\x6b\x56\xaf\x16"
+ "\x8b\x3d\xf4\xcb\xfe\xd5\x1d\x3d"
+ "\x85\xc2\xc0\xde\x43\x39\x4a\x96"
+ "\xba\x88\x97\xc0\xd6\x00\x0e\x27"
+ "\x21\xb0\x21\x52\xba\xa7\x37\xaa"
+ "\xcc\xbf\x95\xa8\xf4\xd0\x91\xf6",
+ .len = 512,
+ }, {
+ .key = "\xeb\xe5\x11\x3a\x72\xeb\x10\xbe"
+ "\x70\xcf\xe3\xea\xc2\x74\xa4\x48"
+ "\x29\x0f\x8f\x3f\xcf\x4c\x28\x2a"
+ "\x4e\x1e\x3c\xc3\x27\x9f\x16\x13",
+ .klen = 32,
+ .iv = "\x84\x3e\xa2\x7c\x06\x72\xb2\xad"
+ "\x88\x76\x65\xb4\x1a\x29\x27\x12"
+ "\x45\xb6\x8d\x0e\x4b\x87\x04\xfc"
+ "\xb5\xcd\x1c\x4d\xe8\x06\xf1\xcb",
+ .ptext = "\x8e\xb6\x07\x9b\x7c\xe4\xa4\xa2"
+ "\x41\x6c\x24\x1d\xc0\x77\x4e\xd9"
+ "\x4a\xa4\x2c\xb6\xe4\x55\x02\x7f"
+ "\xc4\xec\xab\xc2\x5c\x63\x40\x92"
+ "\x38\x24\x62\xdb\x65\x82\x10\x7f"
+ "\x21\xa5\x39\x3a\x3f\x38\x7e\xad"
+ "\x6c\x7b\xc9\x3f\x89\x8f\xa8\x08"
+ "\xbd\x31\x57\x3c\x7a\x45\x67\x30"
+ "\xa9\x27\x58\x34\xbe\xe3\xa4\xc3"
+ "\xff\xc2\x9f\x43\xf0\x04\xba\x1e"
+ "\xb6\xf3\xc4\xce\x09\x7a\x2e\x42"
+ "\x7d\xad\x97\xc9\x77\x9a\x3a\x78"
+ "\x6c\xaf\x7c\x2a\x46\xb4\x41\x86"
+ "\x1a\x20\xf2\x5b\x1a\x60\xc9\xc4"
+ "\x47\x5d\x10\xa4\xd2\x15\x6a\x19"
+ "\x4f\xd5\x51\x37\xd5\x06\x70\x1a"
+ "\x3e\x78\xf0\x2e\xaa\xb5\x2a\xbd"
+ "\x83\x09\x7c\xcb\x29\xac\xd7\x9c"
+ "\xbf\x80\xfd\x9d\xd4\xcf\x64\xca"
+ "\xf8\xc9\xf1\x77\x2e\xbb\x39\x26"
+ "\xac\xd9\xbe\xce\x24\x7f\xbb\xa2"
+ "\x82\xba\xeb\x5f\x65\xc5\xf1\x56"
+ "\x8a\x52\x02\x4d\x45\x23\x6d\xeb"
+ "\xb0\x60\x7b\xd8\x6e\xb2\x98\xd2"
+ "\xaf\x76\xf2\x33\x9b\xf3\xbb\x95"
+ "\xc0\x50\xaa\xc7\x47\xf6\xb3\xf3"
+ "\x77\x16\xcb\x14\x95\xbf\x1d\x32"
+ "\x45\x0c\x75\x52\x2c\xe8\xd7\x31"
+ "\xc0\x87\xb0\x97\x30\x30\xc5\x5e"
+ "\x50\x70\x6e\xb0\x4b\x4e\x38\x19"
+ "\x46\xca\x38\x6a\xca\x7d\xfe\x05"
+ "\xc8\x80\x7c\x14\x6c\x24\xb5\x42"
+ "\x28\x04\x4c\xff\x98\x20\x08\x10"
+ "\x90\x31\x03\x78\xd8\xa1\xe6\xf9"
+ "\x52\xc2\xfc\x3e\xa7\x68\xce\xeb"
+ "\x59\x5d\xeb\xd8\x64\x4e\xf8\x8b"
+ "\x24\x62\xcf\x17\x36\x84\xc0\x72"
+ "\x60\x4f\x3e\x47\xda\x72\x3b\x0e"
+ "\xce\x0b\xa9\x9c\x51\xdc\xa5\xb9"
+ "\x71\x73\x08\x4e\x22\x31\xfd\x88"
+ "\x29\xfc\x8d\x17\x3a\x7a\xe5\xb9"
+ "\x0b\x9c\x6d\xdb\xce\xdb\xde\x81"
+ "\x73\x5a\x16\x9d\x3c\x72\x88\x51"
+ "\x10\x16\xf3\x11\x6e\x32\x5f\x4c"
+ "\x87\xce\x88\x2c\xd2\xaf\xf5\xb7"
+ "\xd8\x22\xed\xc9\xae\x68\x7f\xc5"
+ "\x30\x62\xbe\xc9\xe0\x27\xa1\xb5"
+ "\x57\x74\x36\x60\xb8\x6b\x8c\xec"
+ "\x14\xad\xed\x69\xc9\xd8\xa5\x5b"
+ "\x38\x07\x5b\xf3\x3e\x74\x48\x90"
+ "\x61\x17\x23\xdd\x44\xbc\x9d\x12"
+ "\x0a\x3a\x63\xb2\xab\x86\xb8\x67"
+ "\x85\xd6\xb2\x5d\xde\x4a\xc1\x73"
+ "\x2a\x7c\x53\x8e\xd6\x7d\x0e\xe4"
+ "\x3b\xab\xc5\x3d\x32\x79\x18\xb7"
+ "\xd6\x50\x4d\xf0\x8a\x37\xbb\xd3"
+ "\x8d\xd8\x08\xd7\x7d\xaa\x24\x52"
+ "\xf7\x90\xe3\xaa\xd6\x49\x7a\x47"
+ "\xec\x37\xad\x74\x8b\xc1\xb7\xfe"
+ "\x4f\x70\x14\x62\x22\x8c\x63\xc2"
+ "\x1c\x4e\x38\xc3\x63\xb7\xbf\x53"
+ "\xbd\x1f\xac\xa6\x94\xc5\x81\xfa"
+ "\xe0\xeb\x81\xe9\xd9\x1d\x32\x3c"
+ "\x85\x12\xca\x61\x65\xd1\x66\xd8"
+ "\xe2\x0e\xc3\xa3\xff\x0d\xd3\xee"
+ "\xdf\xcc\x3e\x01\xf5\x9b\x45\x5c"
+ "\x33\xb5\xb0\x8d\x36\x1a\xdf\xf8"
+ "\xa3\x81\xbe\xdb\x3d\x4b\xf6\xc6"
+ "\xdf\x7f\xb0\x89\xbd\x39\x32\x50"
+ "\xbb\xb2\xe3\x5c\xbb\x4b\x18\x98"
+ "\x08\x66\x51\xe7\x4d\xfb\xfc\x4e"
+ "\x22\x42\x6f\x61\xdb\x7f\x27\x88"
+ "\x29\x3f\x02\xa9\xc6\x83\x30\xcc"
+ "\x8b\xd5\x64\x7b\x7c\x76\x16\xbe"
+ "\xb6\x8b\x26\xb8\x83\x16\xf2\x6b"
+ "\xd1\xdc\x20\x6b\x42\x5a\xef\x7a"
+ "\xa9\x60\xb8\x1a\xd3\x0d\x4e\xcb"
+ "\x75\x6b\xc5\x80\x43\x38\x7f\xad"
+ "\x9c\x56\xd9\xc4\xf1\x01\x74\xf0"
+ "\x16\x53\x8d\x69\xbe\xf2\x5d\x92"
+ "\x34\x38\xc8\x84\xf9\x1a\xfc\x26"
+ "\x16\xcb\xae\x7d\x38\x21\x67\x74"
+ "\x4c\x40\xaa\x6b\x97\xe0\xb0\x2f"
+ "\xf5\x3e\xf6\xe2\x24\xc8\x22\xa4"
+ "\xa8\x88\x27\x86\x44\x75\x5b\x29"
+ "\x34\x08\x4b\xa1\xfe\x0c\x26\xe5"
+ "\xac\x26\xf6\x21\x0c\xfb\xde\x14"
+ "\xfe\xd7\xbe\xee\x48\x93\xd6\x99"
+ "\x56\x9c\xcf\x22\xad\xa2\x53\x41"
+ "\xfd\x58\xa1\x68\xdc\xc4\xef\x20"
+ "\xa1\xee\xcf\x2b\x43\xb6\x57\xd8"
+ "\xfe\x01\x80\x25\xdf\xd2\x35\x44"
+ "\x0d\x15\x15\xc3\xfc\x49\xbf\xd0"
+ "\xbf\x2f\x95\x81\x09\xa6\xb6\xd7"
+ "\x21\x03\xfe\x52\xb7\xa8\x32\x4d"
+ "\x75\x1e\x46\x44\xbc\x2b\x61\x04"
+ "\x1b\x1c\xeb\x39\x86\x8f\xe9\x49"
+ "\xce\x78\xa5\x5e\x67\xc5\xe9\xef"
+ "\x43\xf8\xf1\x35\x22\x43\x61\xc1"
+ "\x27\xb5\x09\xb2\xb8\xe1\x5e\x26"
+ "\xcc\xf3\x6f\xb2\xb7\x55\x30\x98"
+ "\x87\xfc\xe7\xa8\xc8\x94\x86\xa1"
+ "\xd9\xa0\x3c\x74\x16\xb3\x25\x98"
+ "\xba\xc6\x84\x4a\x27\xa6\x58\xfe"
+ "\xe1\x68\x04\x30\xc8\xdb\x44\x52"
+ "\x4e\xb2\xa4\x6f\xf7\x63\xf2\xd6"
+ "\x63\x36\x17\x04\xf8\x06\xdb\xeb"
+ "\x99\x17\xa5\x1b\x61\x90\xa3\x9f"
+ "\x05\xae\x3e\xe4\xdb\xc8\x1c\x8e"
+ "\x77\x27\x88\xdf\xd3\x22\x5a\xc5"
+ "\x9c\xd6\x22\xf8\xc4\xd8\x92\x9d"
+ "\x16\xcc\x54\x25\x3b\x6f\xdb\xc0"
+ "\x78\xd8\xe3\xb3\x03\x69\xd7\x5d"
+ "\xf8\x08\x04\x63\x61\x9d\x76\xf9"
+ "\xad\x1d\xc4\x30\x9f\x75\x89\x6b"
+ "\xfb\x62\xba\xae\xcb\x1b\x6c\xe5"
+ "\x7e\xea\x58\x6b\xae\xce\x9b\x48"
+ "\x4b\x80\xd4\x5e\x71\x53\xa7\x24"
+ "\x73\xca\xf5\x3e\xbb\x5e\xd3\x1c"
+ "\x33\xe3\xec\x5b\xa0\x32\x9d\x25"
+ "\x0e\x0c\x28\x29\x39\x51\xc5\x70"
+ "\xec\x60\x8f\x77\xfc\x06\x7a\x33"
+ "\x19\xd5\x7a\x6e\x94\xea\xa3\xeb"
+ "\x13\xa4\x2e\x09\xd8\x81\x65\x83"
+ "\x03\x63\x8b\xb5\xc9\x89\x98\x73"
+ "\x69\x53\x8e\xab\xf1\xd2\x2f\x67"
+ "\xbd\xa6\x16\x6e\xd0\x8b\xc1\x25"
+ "\x93\xd2\x50\x7c\x1f\xe1\x11\xd0"
+ "\x58\x0d\x2f\x72\xe7\x5e\xdb\xa2"
+ "\x55\x9a\xe0\x09\x21\xac\x61\x85"
+ "\x4b\x20\x95\x73\x63\x26\xe3\x83"
+ "\x4b\x5b\x40\x03\x14\xb0\x44\x16"
+ "\xbd\xe0\x0e\xb7\x66\x56\xd7\x30"
+ "\xb3\xfd\x8a\xd3\xda\x6a\xa7\x3d"
+ "\x98\x09\x11\xb7\x00\x06\x24\x5a"
+ "\xf7\x42\x94\xa6\x0e\xb1\x6d\x48"
+ "\x74\xb1\xa7\xe6\x92\x0a\x15\x9a"
+ "\xf5\xfa\x55\x1a\x6c\xdd\x71\x08"
+ "\xd0\xf7\x8d\x0e\x7c\x67\x4d\xc6"
+ "\xe6\xde\x78\x88\x88\x3c\x5e\x23"
+ "\x46\xd2\x25\xa4\xfb\xa3\x26\x3f"
+ "\x2b\xfd\x9c\x20\xda\x72\xe1\x81"
+ "\x8f\xe6\xae\x08\x1d\x67\x15\xde"
+ "\x86\x69\x1d\xc6\x1e\x6d\xb7\x5c"
+ "\xdd\x43\x72\x5a\x7d\xa7\xd8\xd7"
+ "\x1e\x66\xc5\x90\xf6\x51\x76\x91"
+ "\xb3\xe3\x39\x81\x75\x08\xfa\xc5"
+ "\x06\x70\x69\x1b\x2c\x20\x74\xe0"
+ "\x53\xb0\x0c\x9d\xda\xa9\x5b\xdd"
+ "\x1c\x38\x6c\x9e\x3b\xc4\x7a\x82"
+ "\x93\x9e\xbb\x75\xfb\x19\x4a\x55"
+ "\x65\x7a\x3c\xda\xcb\x66\x5c\x13"
+ "\x17\x97\xe8\xbd\xae\x24\xd9\x76"
+ "\xfb\x8c\x73\xde\xbd\xb4\x1b\xe0"
+ "\xb9\x2c\xe8\xe0\x1d\x3f\xa8\x2c"
+ "\x1e\x81\x5b\x77\xe7\xdf\x6d\x06"
+ "\x7c\x9a\xf0\x2b\x5d\xfc\x86\xd5"
+ "\xb1\xad\xbc\xa8\x73\x48\x61\x67"
+ "\xd6\xba\xc8\xe8\xe2\xb8\xee\x40"
+ "\x36\x22\x3e\x61\xf6\xc8\x16\xe4"
+ "\x0e\x88\xad\x71\x53\x58\xe1\x6c"
+ "\x8f\x4f\x89\x4b\x3e\x9c\x7f\xe9"
+ "\xad\xc2\x28\xc2\x3a\x29\xf3\xec"
+ "\xa9\x28\x39\xba\xc2\x86\xe1\x06"
+ "\xf3\x8b\xe3\x95\x0c\x87\xb8\x1b"
+ "\x72\x35\x8e\x8f\x6d\x18\xc8\x1c"
+ "\xa5\x5d\x57\x9d\x73\x8a\xbb\x9e"
+ "\x21\x05\x12\xd7\xe0\x21\x1c\x16"
+ "\x3a\x95\x85\xbc\xb0\x71\x0b\x36"
+ "\x6c\x44\x8d\xef\x3b\xec\x3f\x8e"
+ "\x24\xa9\xe3\xa7\x63\x23\xca\x09"
+ "\x62\x96\x79\x0c\x81\x05\x41\xf2"
+ "\x07\x20\x26\xe5\x8e\x10\x54\x03"
+ "\x05\x7b\xfe\x0c\xcc\x8c\x50\xe5"
+ "\xca\x33\x4d\x48\x7a\x03\xd5\x64"
+ "\x49\x09\xf2\x5c\x5d\xfe\x2b\x30"
+ "\xbf\x29\x14\x29\x8b\x9b\x7c\x96"
+ "\x47\x07\x86\x4d\x4e\x4d\xf1\x47"
+ "\xd1\x10\x2a\xa8\xd3\x15\x8c\xf2"
+ "\x2f\xf4\x3a\xdf\xd0\xa7\xcb\x5a"
+ "\xad\x99\x39\x4a\xdf\x60\xbe\xf9"
+ "\x91\x4e\xf5\x94\xef\xc5\x56\x32"
+ "\x33\x86\x78\xa3\xd6\x4c\x29\x7c"
+ "\xe8\xac\x06\xb5\xf5\x01\x5c\x9f"
+ "\x02\xc8\xe8\xbf\x5c\x1a\x7f\x4d"
+ "\x28\xa5\xb9\xda\xa9\x5e\xe7\x4b"
+ "\xf4\x3d\xe9\x1d\x28\xaa\x1a\x8a"
+ "\x76\xc8\x6c\x19\x61\x3c\x9e\x29"
+ "\xcd\xbe\xff\xe0\x1c\xb8\x67\xb5"
+ "\xa4\x46\xf8\xb9\x8a\xa2\xf6\x7c"
+ "\xef\x23\x73\x0c\xe9\x72\x0a\x0d"
+ "\x9b\x40\xd8\xfb\x0c\x9c\xab\xa8",
+ .ctext = "\xcb\x78\x87\x9c\xc7\x13\xc1\x30"
+ "\xdd\x2c\x7d\xb2\x97\xab\x06\x69"
+ "\x47\x87\x8a\x12\x2b\x5d\x86\xd7"
+ "\x2e\xe6\x7a\x0d\x58\x5d\xe7\x01"
+ "\x78\x0e\xff\xc7\xc5\xd2\x94\xd6"
+ "\xdd\x6b\x38\x1f\xa4\xe3\x3d\xe7"
+ "\xc5\x8a\xb5\xbe\x65\x11\x2b\xe1"
+ "\x2b\x8e\x84\xe8\xe0\x00\x7f\xdd"
+ "\x15\x15\xab\xbd\x22\x94\xf7\xce"
+ "\x99\x6f\xfd\x0e\x9b\x16\xeb\xeb"
+ "\x24\xc7\xbb\xc6\xe1\x6c\x57\xba"
+ "\x84\xab\x16\xf2\x57\xd6\x42\x9d"
+ "\x56\x92\x5b\x44\x18\xd4\xa2\x1b"
+ "\x1e\xa9\xdc\x7a\x16\x88\xc4\x4f"
+ "\x6d\x77\x9a\x2e\x82\xa9\xc3\xee"
+ "\xa4\xca\x05\x1b\x0e\xdc\x48\x96"
+ "\xd0\x50\x21\x1f\x46\xc7\xc7\x70"
+ "\x53\xcd\x1e\x4e\x5f\x2d\x4b\xb2"
+ "\x86\xe5\x3a\xe6\x1d\xec\x7b\x9d"
+ "\x8f\xd6\x41\xc6\xbb\x00\x4f\xe6"
+ "\x02\x47\x07\x73\x50\x6b\xcf\xb2"
+ "\x9e\x1c\x01\xc9\x09\xcc\xc3\x52"
+ "\x27\xe6\x63\xe0\x5b\x55\x60\x4d"
+ "\x72\xd0\xda\x4b\xec\xcb\x72\x5d"
+ "\x37\x4a\xf5\xb8\xd9\xe2\x08\x10"
+ "\xf3\xb9\xdc\x07\xc0\x02\x10\x14"
+ "\x9f\xe6\x8f\xc4\xc4\xe1\x39\x7b"
+ "\x47\xea\xae\x7c\xdd\x27\xa8\x4c"
+ "\x6b\x0f\x4c\xf8\xff\x16\x4e\xcb"
+ "\xec\x88\x33\x0d\x15\x10\x82\x66"
+ "\xa7\x3d\x2c\xb6\xbc\x2e\xe4\xce"
+ "\x4c\x2f\x4b\x46\x0f\x67\x78\xa5"
+ "\xff\x6a\x7d\x0d\x5e\x6d\xab\xfb"
+ "\x59\x99\xd8\x1f\x30\xd4\x33\xe8"
+ "\x7d\x11\xae\xe3\xba\xd0\x3f\xa7"
+ "\xa5\x5e\x43\xda\xf3\x0f\x3a\x5f"
+ "\xba\xb0\x47\xb2\x08\x60\xf4\xed"
+ "\x35\x23\x0c\xe9\x4f\x81\xc4\xc5"
+ "\xa8\x35\xdc\x99\x52\x33\x19\xd4"
+ "\x00\x01\x8d\x5a\x10\x82\x39\x78"
+ "\xfc\x72\x24\x63\x4a\x38\xc5\x6f"
+ "\xfe\xec\x2f\x26\x0c\x3c\x1c\xf6"
+ "\x4d\x99\x7a\x77\x59\xfe\x10\xa5"
+ "\xa1\x35\xbf\x2f\x15\xfa\x4e\x52"
+ "\xe6\xd5\x1c\x88\x90\x75\xd5\xcc"
+ "\xdb\x2a\xb1\xf0\x70\x54\x89\xc7"
+ "\xeb\x1d\x6e\x61\x45\xa3\x50\x48"
+ "\xcd\xdb\x32\xba\x7f\x6b\xaf\xef"
+ "\x50\xcb\x0d\x36\xf7\x29\x3a\x10"
+ "\x02\x73\xca\x8f\x3f\x5d\x82\x17"
+ "\x91\x9a\xd8\x15\x15\xe3\xe1\x41"
+ "\x43\xef\x85\xa6\xb0\xc7\x3b\x0f"
+ "\xf0\xa5\xaa\x66\x77\x70\x5e\x70"
+ "\xce\x17\x84\x68\x45\x39\x2c\x25"
+ "\xc6\xc1\x5f\x7e\xe8\xfa\xe4\x3a"
+ "\x47\x51\x7b\x9d\x54\x84\x98\x04"
+ "\x5f\xf7\x5f\x3c\x34\xe7\xa3\x1d"
+ "\xea\xb7\x6d\x05\xab\x28\xe4\x2c"
+ "\xb1\x7f\x08\xa8\x5d\x07\xbf\xfe"
+ "\x39\x72\x44\x87\x51\xc5\x73\xe4"
+ "\x9a\x5f\xdd\x46\xbc\x4e\xb1\x39"
+ "\xe4\x78\xb8\xbf\xdc\x5b\x88\x9b"
+ "\xc1\x3f\xd9\xd0\xb3\x5a\xdf\xaa"
+ "\x53\x6a\x91\x6d\x2a\x09\xf0\x0b"
+ "\x5e\xe8\xb2\xa0\xb4\x73\x07\x1d"
+ "\xc8\x33\x84\xe6\xda\xe6\xad\xd6"
+ "\xad\x91\x01\x4e\x14\x42\x34\x2c"
+ "\xe5\xf9\x99\x21\x56\x1f\x6c\x2b"
+ "\x4c\xe3\xd5\x9e\x04\xdc\x9a\x16"
+ "\xd1\x54\xe9\xc2\xf7\xc0\xd5\x06"
+ "\x2f\xa1\x38\x2a\x55\x88\x23\xf8"
+ "\xb0\xdb\x87\x32\xc9\x4e\xb0\x0c"
+ "\xc5\x05\x78\x58\xa1\x2e\x75\x75"
+ "\x68\xdc\xea\xdd\x0c\x33\x16\x5e"
+ "\xe7\xdc\xfd\x42\x74\xbe\xae\x60"
+ "\x3c\x37\x4b\x27\xf5\x2c\x5f\x55"
+ "\x4a\x0b\x64\xfd\xa2\x01\x65\x9c"
+ "\x27\x9f\x5e\x87\xd5\x95\x88\x66"
+ "\x09\x84\x42\xab\x00\xe2\x58\xc3"
+ "\x97\x45\xf1\x93\xe2\x34\x37\x3d"
+ "\xfe\x93\x8c\x17\xb9\x79\x65\x06"
+ "\xf7\x58\xe5\x1b\x3b\x4e\xda\x36"
+ "\x17\xe3\x56\xec\x26\x0f\x2e\xfa"
+ "\xd1\xb9\x2b\x3e\x7f\x1d\xe3\x4b"
+ "\x67\xdf\x43\x53\x10\xba\xa3\xfb"
+ "\x5d\x5a\xd8\xc4\xab\x19\x7e\x12"
+ "\xaa\x83\xf1\xc0\xa1\xe0\xbf\x72"
+ "\x5f\xe8\x68\x39\xef\x1a\xbe\xee"
+ "\x6f\x47\x79\x19\xed\xf2\xa1\x4a"
+ "\xe5\xfc\xb5\x58\xae\x63\x82\xcb"
+ "\x16\x0b\x94\xbb\x3e\x02\x49\xc4"
+ "\x3c\x33\xf1\xec\x1b\x11\x71\x9b"
+ "\x5b\x80\xf1\x6f\x88\x1c\x05\x36"
+ "\xa8\xd8\xee\x44\xb5\x18\xc3\x14"
+ "\x62\xba\x98\xb9\xc0\x2a\x70\x93"
+ "\xb3\xd8\x11\x69\x95\x1d\x43\x7b"
+ "\x39\xc1\x91\x05\xc4\xe3\x1e\xc2"
+ "\x1e\x5d\xe7\xde\xbe\xfd\xae\x99"
+ "\x4b\x8f\x83\x1e\xf4\x9b\xb0\x2b"
+ "\x66\x6e\x62\x24\x8d\xe0\x1b\x22"
+ "\x59\xeb\xbd\x2a\x6b\x2e\x37\x17"
+ "\x9e\x1f\x66\xcb\x66\xb4\xfb\x2c"
+ "\x36\x22\x5d\x73\x56\xc1\xb0\x27"
+ "\xe0\xf0\x1b\xe4\x47\x8b\xc6\xdc"
+ "\x7c\x0c\x3d\x29\xcb\x33\x10\xfe"
+ "\xc3\xc3\x1e\xff\x4c\x9b\x27\x86"
+ "\xe2\xb0\xaf\xb7\x89\xce\x61\x69"
+ "\xe7\x00\x3e\x92\xea\x5f\x9e\xc1"
+ "\xfa\x6b\x20\xe2\x41\x23\x82\xeb"
+ "\x07\x76\x4c\x4c\x2a\x96\x33\xbe"
+ "\x89\xa9\xa8\xb9\x9a\x7d\x27\x18"
+ "\x48\x23\x70\x46\xf3\x87\xa7\x91"
+ "\x58\xb8\x74\xba\xed\xc6\xb2\xa1"
+ "\x4d\xb6\x43\x9a\xe1\xa2\x41\xa5"
+ "\x35\xd3\x90\x8a\xc7\x4d\xb7\x88"
+ "\x0b\xe3\x74\x9f\x84\xfc\xd9\x73"
+ "\xf2\x86\x0c\xad\xeb\x5d\x70\xac"
+ "\x65\x07\x14\x8e\x57\xf6\xdc\xb4"
+ "\xc2\x02\x7c\xd6\x89\xe2\x8a\x3e"
+ "\x8e\x08\x3c\x12\x37\xaf\xe1\xa8"
+ "\x04\x11\x5c\xae\x5a\x2b\x60\xa0"
+ "\x03\x3c\x7a\xa2\x38\x92\xbe\xce"
+ "\x09\xa2\x5e\x0f\xc2\xb2\xb5\x06"
+ "\xc2\x97\x97\x9b\x09\x2f\x04\xfe"
+ "\x2c\xe7\xa3\xc4\x42\xe9\xa3\x40"
+ "\xa5\x52\x07\x2c\x3b\x89\x1a\xa5"
+ "\x28\xb1\x93\x05\x98\x0c\x2f\x3d"
+ "\xc6\xf5\x83\xac\x24\x1d\x28\x9f"
+ "\x32\x66\x4d\x70\xb7\xe0\xab\xb8"
+ "\x75\xc5\xf3\xd2\x7b\x26\x3e\xec"
+ "\x64\xe6\xf7\x70\xe7\xf8\x10\x8e"
+ "\x67\xd2\xb3\x87\x69\x40\x06\x9a"
+ "\x2f\x6a\x1a\xfd\x62\x0c\xee\x31"
+ "\x2e\xbe\x58\x97\x77\xd1\x09\x08"
+ "\x1f\x8d\x42\x29\x34\xd5\xd8\xb5"
+ "\x1f\xd7\x21\x18\xe3\xe7\x2e\x4a"
+ "\x42\xfc\xdb\x19\xe9\xee\xb9\x22"
+ "\xad\x5c\x07\xe9\xc8\x07\xe5\xe9"
+ "\x95\xa2\x0d\x30\x46\xe2\x65\x51"
+ "\x01\xa5\x74\x85\xe2\x52\x6e\x07"
+ "\xc9\xf5\x33\x09\xde\x78\x62\xa9"
+ "\x30\x2a\xd3\x86\xe5\x46\x2e\x60"
+ "\xff\x74\xb0\x5f\xec\x76\xb7\xd1"
+ "\x5e\x4d\x61\x97\x3c\x9c\x99\xc3"
+ "\x41\x65\x21\x47\xf9\xb1\x06\xec"
+ "\x18\xf8\x3f\xc7\x38\xfa\x7b\x14"
+ "\x62\x79\x6a\x0b\x0c\xf5\x2c\xb7"
+ "\xab\xcf\x63\x49\x6d\x1f\x46\xa8"
+ "\xbc\x7d\x42\x53\x75\x6b\xca\x38"
+ "\xac\x8b\xe7\xa1\xa1\x92\x19\x6b"
+ "\x0d\x75\x80\x5b\x7d\x35\x86\x70"
+ "\x12\x6b\xe5\x3e\xe5\x85\xa0\xa4"
+ "\xd6\x77\x5e\x4d\x24\x57\x84\xa9"
+ "\xe5\xa4\xbf\x25\xfb\x36\x65\x3b"
+ "\x81\x39\x61\xec\x5e\x4a\x7e\x10"
+ "\x58\x19\x13\x5c\x0f\x79\xec\xcf"
+ "\xbb\x5f\x69\x21\xc3\xa7\x5a\xff"
+ "\x3b\xc7\x85\x9b\x47\xbc\x3e\xad"
+ "\xbf\x54\x60\xb6\x5b\x3f\xfc\x50"
+ "\x68\x83\x76\x24\xb0\xc3\x3f\x93"
+ "\x0d\xce\x36\x0a\x58\x9d\xcc\xe9"
+ "\x52\xbb\xd0\x0b\x65\xe5\x0f\x62"
+ "\x82\x16\xaa\xd2\xba\x5a\x4c\xd0"
+ "\x67\xb5\x4e\x84\x1c\x02\x6e\xa3"
+ "\xaa\x22\x54\x96\xc8\xd9\x9c\x58"
+ "\x15\x63\xf4\x98\x1a\xa1\xd9\x11"
+ "\x64\x25\x56\xb5\x03\x8e\x29\x85"
+ "\x75\x88\xd1\xd2\xe4\xe6\x27\x48"
+ "\x13\x9c\x2b\xaa\xfb\xd3\x6e\x2c"
+ "\xe6\xd4\xe4\x8b\xd9\xf7\x01\x16"
+ "\x46\xf9\x5c\x88\x7a\x93\x9e\x2d"
+ "\xa6\xeb\x01\x2a\x72\xe4\x7f\xb4"
+ "\x78\x0c\x50\x18\xd3\x8e\x65\xa7"
+ "\x1b\xf9\x28\x5d\x89\x70\x96\x2f"
+ "\xa1\xc2\x9b\x34\xfc\x7c\x27\x63"
+ "\x93\xe6\xe3\xa4\x9d\x17\x97\x7e"
+ "\x13\x79\x9c\x4b\x2c\x23\x91\x2c"
+ "\x4f\xb1\x1d\x4b\xb4\x61\x6e\xe8"
+ "\x32\x35\xc3\x41\x7a\x50\x60\xc8"
+ "\x3e\xd8\x3f\x38\xfc\xc2\xa2\xe0"
+ "\x3a\x21\x25\x8f\xc2\x22\xed\x04"
+ "\x31\xb8\x72\x69\xaf\x6c\x6d\xab"
+ "\x25\x16\x95\x87\x92\xc7\x46\x3f"
+ "\x47\x05\x6c\xad\xa0\xa6\x1d\xf0"
+ "\x66\x2e\x01\x1a\xc3\xbe\xe4\xf6"
+ "\x51\xec\xa3\x95\x81\xe1\xcc\xab"
+ "\xc1\x71\x65\x0a\xe6\x53\xfb\xb8"
+ "\x53\x69\xad\x8b\xab\x8b\xa7\xcd"
+ "\x8f\x15\x01\x25\xb1\x1f\x9c\x3b"
+ "\x9b\x47\xad\x38\x38\x89\x6b\x1c"
+ "\x8a\x33\xdd\x8a\x06\x23\x06\x0b"
+ "\x7f\x70\xbe\x7e\xa1\x80\xbc\x7a",
+ .len = 1536,
+ }, {
+ .key = "\x60\xd5\x36\xb0\x8e\x5d\x0e\x5f"
+ "\x70\x47\x8c\xea\x87\x30\x1d\x58"
+ "\x2a\xb2\xe8\xc6\xcb\x60\xe7\x6f"
+ "\x56\x95\x83\x98\x38\x80\x84\x8a",
+ .klen = 32,
+ .iv = "\x43\xfe\x63\x3c\xdc\x9e\x0c\xa6"
+ "\xee\x9c\x0b\x97\x65\xc2\x56\x1d"
+ "\x5d\xd0\xbf\xa3\x9f\x1e\xfb\x78"
+ "\xbf\x51\x1b\x18\x73\x27\x27\x8c",
+ .ptext = "\x0b\x77\xd8\xa3\x8c\xa6\xb2\x2d"
+ "\x3e\xdd\xcc\x7c\x4a\x3e\x61\xc4"
+ "\x9a\x7f\x73\xb0\xb3\x29\x32\x61"
+ "\x13\x25\x62\xcc\x59\x4c\xf4\xdb"
+ "\xd7\xf5\xf4\xac\x75\x51\xb2\x83"
+ "\x64\x9d\x1c\x8b\xd1\x8b\x0c\x06"
+ "\xf1\x9f\xba\x9d\xae\x62\xd4\xd8"
+ "\x96\xbe\x3c\x4c\x32\xe4\x82\x44"
+ "\x47\x5a\xec\xb8\x8a\x5b\xd5\x35"
+ "\x57\x1e\x5c\x80\x6f\x77\xa9\xb9"
+ "\xf2\x4f\x71\x1e\x48\x51\x86\x43"
+ "\x0d\xd5\x5b\x52\x30\x40\xcd\xbb"
+ "\x2c\x25\xc1\x47\x8b\xb7\x13\xc2"
+ "\x3a\x11\x40\xfc\xed\x45\xa4\xf0"
+ "\xd6\xfd\x32\x99\x13\x71\x47\x2e"
+ "\x4c\xb0\x81\xac\x95\x31\xd6\x23"
+ "\xa4\x2f\xa9\xe8\x5a\x62\xdc\x96"
+ "\xcf\x49\xa7\x17\x77\x76\x8a\x8c"
+ "\x04\x22\xaf\xaf\x6d\xd9\x16\xba"
+ "\x35\x21\x66\x78\x3d\xb6\x65\x83"
+ "\xc6\xc1\x67\x8c\x32\xd6\xc0\xc7"
+ "\xf5\x8a\xfc\x47\xd5\x87\x09\x2f"
+ "\x51\x9d\x57\x6c\x29\x0b\x1c\x32"
+ "\x47\x6e\x47\xb5\xf3\x81\xc8\x82"
+ "\xca\x5d\xe3\x61\x38\xa0\xdc\xcc"
+ "\x35\x73\xfd\xb3\x92\x5c\x72\xd2"
+ "\x2d\xad\xf6\xcd\x20\x36\xff\x49"
+ "\x48\x80\x21\xd3\x2f\x5f\xe9\xd8"
+ "\x91\x20\x6b\xb1\x38\x52\x1e\xbc"
+ "\x88\x48\xa1\xde\xc0\xa5\x46\xce"
+ "\x9f\x32\x29\xbc\x2b\x51\x0b\xae"
+ "\x7a\x44\x4e\xed\xeb\x95\x63\x99"
+ "\x96\x87\xc9\x34\x02\x26\xde\x20"
+ "\xe4\xcb\x59\x0c\xb5\x55\xbd\x55"
+ "\x3f\xa9\x15\x25\xa7\x5f\xab\x10"
+ "\xbe\x9a\x59\x6c\xd5\x27\xf3\xf0"
+ "\x73\x4a\xb3\xe4\x08\x11\x00\xeb"
+ "\xf1\xae\xc8\x0d\xef\xcd\xb5\xfc"
+ "\x0d\x7e\x03\x67\xad\x0d\xec\xf1"
+ "\x9a\xfd\x31\x60\x3e\xa2\xfa\x1c"
+ "\x93\x79\x31\x31\xd6\x66\x7a\xbd"
+ "\x85\xfd\x22\x08\x00\xae\x72\x10"
+ "\xd6\xb0\xf4\xb8\x4a\x72\x5b\x9c"
+ "\xbf\x84\xdd\xeb\x13\x05\x28\xb7"
+ "\x61\x60\xfd\x7f\xf0\xbe\x4d\x18"
+ "\x7d\xc9\xba\xb0\x01\x59\x74\x18"
+ "\xe4\xf6\xa6\x74\x5d\x3f\xdc\xa0"
+ "\x9e\x57\x93\xbf\x16\x6c\xf6\xbd"
+ "\x93\x45\x38\x95\xb9\x69\xe9\x62"
+ "\x21\x73\xbd\x81\x73\xac\x15\x74"
+ "\x9e\x68\x28\x91\x38\xb7\xd4\x47"
+ "\xc7\xab\xc9\x14\xad\x52\xe0\x4c"
+ "\x17\x1c\x42\xc1\xb4\x9f\xac\xcc"
+ "\xc8\x12\xea\xa9\x9e\x30\x21\x14"
+ "\xa8\x74\xb4\x74\xec\x8d\x40\x06"
+ "\x82\xb7\x92\xd7\x42\x5b\xf2\xf9"
+ "\x6a\x1e\x75\x6e\x44\x55\xc2\x8d"
+ "\x73\x5b\xb8\x8c\x3c\xef\x97\xde"
+ "\x24\x43\xb3\x0e\xba\xad\x63\x63"
+ "\x16\x0a\x77\x03\x48\xcf\x02\x8d"
+ "\x76\x83\xa3\xba\x73\xbe\x80\x3f"
+ "\x8f\x6e\x76\x24\xc1\xff\x2d\xb4"
+ "\x20\x06\x9b\x67\xea\x29\xb5\xe0"
+ "\x57\xda\x30\x9d\x38\xa2\x7d\x1e"
+ "\x8f\xb9\xa8\x17\x64\xea\xbe\x04"
+ "\x84\xd1\xce\x2b\xfd\x84\xf9\x26"
+ "\x1f\x26\x06\x5c\x77\x6d\xc5\x9d"
+ "\xe6\x37\x76\x60\x7d\x3e\xf9\x02"
+ "\xba\xa6\xf3\x7f\xd3\x95\xb4\x0e"
+ "\x52\x1c\x6a\x00\x8f\x3a\x0b\xce"
+ "\x30\x98\xb2\x63\x2f\xff\x2d\x3b"
+ "\x3a\x06\x65\xaf\xf4\x2c\xef\xbb"
+ "\x88\xff\x2d\x4c\xa9\xf4\xff\x69"
+ "\x9d\x46\xae\x67\x00\x3b\x40\x94"
+ "\xe9\x7a\xf7\x0b\xb7\x3c\xa2\x2f"
+ "\xc3\xde\x5e\x29\x01\xde\xca\xfa"
+ "\xc6\xda\xd7\x19\xc7\xde\x4a\x16"
+ "\x93\x6a\xb3\x9b\x47\xe9\xd2\xfc"
+ "\xa1\xc3\x95\x9c\x0b\xa0\x2b\xd4"
+ "\xd3\x1e\xd7\x21\x96\xf9\x1e\xf4"
+ "\x59\xf4\xdf\x00\xf3\x37\x72\x7e"
+ "\xd8\xfd\x49\xd4\xcd\x61\x7b\x22"
+ "\x99\x56\x94\xff\x96\xcd\x9b\xb2"
+ "\x76\xca\x9f\x56\xae\x04\x2e\x75"
+ "\x89\x4e\x1b\x60\x52\xeb\x84\xf4"
+ "\xd1\x33\xd2\x6c\x09\xb1\x1c\x43"
+ "\x08\x67\x02\x01\xe3\x64\x82\xee"
+ "\x36\xcd\xd0\x70\xf1\x93\xd5\x63"
+ "\xef\x48\xc5\x56\xdb\x0a\x35\xfe"
+ "\x85\x48\xb6\x97\x97\x02\x43\x1f"
+ "\x7d\xc9\xa8\x2e\x71\x90\x04\x83"
+ "\xe7\x46\xbd\x94\x52\xe3\xc5\xd1"
+ "\xce\x6a\x2d\x6b\x86\x9a\xf5\x31"
+ "\xcd\x07\x9c\xa2\xcd\x49\xf5\xec"
+ "\x01\x3e\xdf\xd5\xdc\x15\x12\x9b"
+ "\x0c\x99\x19\x7b\x2e\x83\xfb\xd8"
+ "\x89\x3a\x1c\x1e\xb4\xdb\xeb\x23"
+ "\xd9\x42\xae\x47\xfc\xda\x37\xe0"
+ "\xd2\xb7\x47\xd9\xe8\xb5\xf6\x20"
+ "\x42\x8a\x9d\xaf\xb9\x46\x80\xfd"
+ "\xd4\x74\x6f\x38\x64\xf3\x8b\xed"
+ "\x81\x94\x56\xe7\xf1\x1a\x64\x17"
+ "\xd4\x27\x59\x09\xdf\x9b\x74\x05"
+ "\x79\x6e\x13\x29\x2b\x9e\x1b\x86"
+ "\x73\x9f\x40\xbe\x6e\xff\x92\x4e"
+ "\xbf\xaa\xf4\xd0\x88\x8b\x6f\x73"
+ "\x9d\x8b\xbf\xe5\x8a\x85\x45\x67"
+ "\xd3\x13\x72\xc6\x2a\x63\x3d\xb1"
+ "\x35\x7c\xb4\x38\xbb\x31\xe3\x77"
+ "\x37\xad\x75\xa9\x6f\x84\x4e\x4f"
+ "\xeb\x5b\x5d\x39\x6d\xed\x0a\xad"
+ "\x6c\x1b\x8e\x1f\x57\xfa\xc7\x7c"
+ "\xbf\xcf\xf2\xd1\x72\x3b\x70\x78"
+ "\xee\x8e\xf3\x4f\xfd\x61\x30\x9f"
+ "\x56\x05\x1d\x7d\x94\x9b\x5f\x8c"
+ "\xa1\x0f\xeb\xc3\xa9\x9e\xb8\xa0"
+ "\xc6\x4e\x1e\xb1\xbc\x0a\x87\xa8"
+ "\x52\xa9\x1e\x3d\x58\x8e\xc6\x95"
+ "\x85\x58\xa3\xc3\x3a\x43\x32\x50"
+ "\x6c\xb3\x61\xe1\x0c\x7d\x02\x63"
+ "\x5f\x8b\xdf\xef\x13\xf8\x66\xea"
+ "\x89\x00\x1f\xbd\x5b\x4c\xd5\x67"
+ "\x8f\x89\x84\x33\x2d\xd3\x70\x94"
+ "\xde\x7b\xd4\xb0\xeb\x07\x96\x98"
+ "\xc5\xc0\xbf\xc8\xcf\xdc\xc6\x5c"
+ "\xd3\x7d\x78\x30\x0e\x14\xa0\x86"
+ "\xd7\x8a\xb7\x53\xa3\xec\x71\xbf"
+ "\x85\xf2\xea\xbd\x77\xa6\xd1\xfd"
+ "\x5a\x53\x0c\xc3\xff\xf5\x1d\x46"
+ "\x37\xb7\x2d\x88\x5c\xeb\x7a\x0c"
+ "\x0d\x39\xc6\x40\x08\x90\x1f\x58"
+ "\x36\x12\x35\x28\x64\x12\xe7\xbb"
+ "\x50\xac\x45\x15\x7b\x16\x23\x5e"
+ "\xd4\x11\x2a\x8e\x17\x47\xe1\xd0"
+ "\x69\xc6\xd2\x5c\x2c\x76\xe6\xbb"
+ "\xf7\xe7\x34\x61\x8e\x07\x36\xc8"
+ "\xce\xcf\x3b\xeb\x0a\x55\xbd\x4e"
+ "\x59\x95\xc9\x32\x5b\x79\x7a\x86"
+ "\x03\x74\x4b\x10\x87\xb3\x60\xf6"
+ "\x21\xa4\xa6\xa8\x9a\xc9\x3a\x6f"
+ "\xd8\x13\xc9\x18\xd4\x38\x2b\xc2"
+ "\xa5\x7e\x6a\x09\x0f\x06\xdf\x53"
+ "\x9a\x44\xd9\x69\x2d\x39\x61\xb7"
+ "\x1c\x36\x7f\x9e\xc6\x44\x9f\x42"
+ "\x18\x0b\x99\xe6\x27\xa3\x1e\xa6"
+ "\xd0\xb9\x9a\x2b\x6f\x60\x75\xbd"
+ "\x52\x4a\x91\xd4\x7b\x8f\x95\x9f"
+ "\xdd\x74\xed\x8b\x20\x00\xdd\x08"
+ "\x6e\x5b\x61\x7b\x06\x6a\x19\x84"
+ "\x1c\xf9\x86\x65\xcd\x1c\x73\x3f"
+ "\x28\x5c\x8a\x93\x1a\xf3\xa3\x6c"
+ "\x6c\xa9\x7c\xea\x3c\xd4\x15\x45"
+ "\x7f\xbc\xe3\xbb\x42\xf0\x2e\x10"
+ "\xcd\x0c\x8b\x44\x1a\x82\x83\x0c"
+ "\x58\xb1\x24\x28\xa0\x11\x2f\x63"
+ "\xa5\x82\xc5\x9f\x86\x42\xf4\x4d"
+ "\x89\xdb\x76\x4a\xc3\x7f\xc4\xb8"
+ "\xdd\x0d\x14\xde\xd2\x62\x02\xcb"
+ "\x70\xb7\xee\xf4\x6a\x09\x12\x5e"
+ "\xd1\x26\x1a\x2c\x20\x71\x31\xef"
+ "\x7d\x65\x57\x65\x98\xff\x8b\x02"
+ "\x9a\xb5\xa4\xa1\xaf\x03\xc4\x50"
+ "\x33\xcf\x1b\x25\xfa\x7a\x79\xcc"
+ "\x55\xe3\x21\x63\x0c\x6d\xeb\x5b"
+ "\x1c\xad\x61\x0b\xbd\xb0\x48\xdb"
+ "\xb3\xc8\xa0\x87\x7f\x8b\xac\xfd"
+ "\xd2\x68\x9e\xb4\x11\x3c\x6f\xb1"
+ "\xfe\x25\x7d\x84\x5a\xae\xc9\x31"
+ "\xc3\xe5\x6a\x6f\xbc\xab\x41\xd9"
+ "\xde\xce\xf9\xfa\xd5\x7c\x47\xd2"
+ "\x66\x30\xc9\x97\xf2\x67\xdf\x59"
+ "\xef\x4e\x11\xbc\x4e\x70\xe3\x46"
+ "\x53\xbe\x16\x6d\x33\xfb\x57\x98"
+ "\x4e\x34\x79\x3b\xc7\x3b\xaf\x94"
+ "\xc1\x87\x4e\x47\x11\x1b\x22\x41"
+ "\x99\x12\x61\xe0\xe0\x8c\xa9\xbd"
+ "\x79\xb6\x06\x4d\x90\x3b\x0d\x30"
+ "\x1a\x00\xaa\x0e\xed\x7c\x16\x2f"
+ "\x0d\x1a\xfb\xf8\xad\x51\x4c\xab"
+ "\x98\x4c\x80\xb6\x92\x03\xcb\xa9"
+ "\x99\x9d\x16\xab\x43\x8c\x3f\x52"
+ "\x96\x53\x63\x7e\xbb\xd2\x76\xb7"
+ "\x6b\x77\xab\x52\x80\x33\xe3\xdf"
+ "\x4b\x3c\x23\x1a\x33\xe1\x43\x40"
+ "\x39\x1a\xe8\xbd\x3c\x6a\x77\x42"
+ "\x88\x9f\xc6\xaa\x65\x28\xf2\x1e"
+ "\xb0\x7c\x8e\x10\x41\x31\xe9\xd5"
+ "\x9d\xfd\x28\x7f\xfb\x61\xd3\x39"
+ "\x5f\x7e\xb4\xfb\x9c\x7d\x98\xb7"
+ "\x37\x2f\x18\xd9\x3b\x83\xaf\x4e"
+ "\xbb\xd5\x49\x69\x46\x93\x3a\x21"
+ "\x46\x1d\xad\x84\xb5\xe7\x8c\xff"
+ "\xbf\x81\x7e\x22\xf6\x88\x8c\x82"
+ "\xf5\xde\xfe\x18\xc9\xfb\x58\x07"
+ "\xe4\x68\xff\x9c\xf4\xe0\x24\x20"
+ "\x90\x92\x01\x49\xc2\x38\xe1\x7c"
+ "\xac\x61\x0b\x96\x36\xa4\x77\xe9"
+ "\x29\xd4\x97\xae\x15\x13\x7c\x6c"
+ "\x2d\xf1\xc5\x83\x97\x02\xa8\x2e"
+ "\x0b\x0f\xaf\xb5\x42\x18\x8a\x8c"
+ "\xb8\x28\x85\x28\x1b\x2a\x12\xa5"
+ "\x4b\x0a\xaf\xd2\x72\x37\x66\x23"
+ "\x28\xe6\x71\xa0\x77\x85\x7c\xff"
+ "\xf3\x8d\x2f\x0c\x33\x30\xcd\x7f"
+ "\x61\x64\x23\xb2\xe9\x79\x05\xb8"
+ "\x61\x47\xb1\x2b\xda\xf7\x9a\x24"
+ "\x94\xf6\xcf\x07\x78\xa2\x80\xaa"
+ "\x6e\xe9\x58\x97\x19\x0c\x58\x73"
+ "\xaf\xee\x2d\x6e\x26\x67\x18\x8a"
+ "\xc6\x6d\xf6\xbc\x65\xa9\xcb\xe7"
+ "\x53\xf1\x61\x97\x63\x52\x38\x86"
+ "\x0e\xdd\x33\xa5\x30\xe9\x9f\x32"
+ "\x43\x64\xbc\x2d\xdc\x28\x43\xd8"
+ "\x6c\xcd\x00\x2c\x87\x9a\x33\x79"
+ "\xbd\x63\x6d\x4d\xf9\x8a\x91\x83"
+ "\x9a\xdb\xf7\x9a\x11\xe1\xd1\x93"
+ "\x4a\x54\x0d\x51\x38\x30\x84\x0b"
+ "\xc5\x29\x8d\x92\x18\x6c\x28\xfe"
+ "\x1b\x07\x57\xec\x94\x74\x0b\x2c"
+ "\x21\x01\xf6\x23\xf9\xb0\xa0\xaf"
+ "\xb1\x3e\x2e\xa8\x0d\xbc\x2a\x68"
+ "\x59\xde\x0b\x2d\xde\x74\x42\xa1"
+ "\xb4\xce\xaf\xd8\x42\xeb\x59\xbd"
+ "\x61\xcc\x27\x28\xc6\xf2\xde\x3e"
+ "\x68\x64\x13\xd3\xc3\xc0\x31\xe0"
+ "\x5d\xf9\xb4\xa1\x09\x20\x46\x8b"
+ "\x48\xb9\x27\x62\x00\x12\xc5\x03"
+ "\x28\xfd\x55\x27\x1c\x31\xfc\xdb"
+ "\xc1\xcb\x7e\x67\x91\x2e\x50\x0c"
+ "\x61\xf8\x9f\x31\x26\x5a\x3d\x2e"
+ "\xa0\xc7\xef\x2a\xb6\x24\x48\xc9"
+ "\xbb\x63\x99\xf4\x7c\x4e\xc5\x94"
+ "\x99\xd5\xff\x34\x93\x8f\x31\x45"
+ "\xae\x5e\x7b\xfd\xf4\x81\x84\x65"
+ "\x5b\x41\x70\x0b\xe5\xaa\xec\x95"
+ "\x6b\x3d\xe3\xdc\x12\x78\xf8\x28"
+ "\x26\xec\x3a\x64\xc4\xab\x74\x97"
+ "\x3d\xcf\x21\x7d\xcf\x59\xd3\x15"
+ "\x47\x94\xe4\xd9\x48\x4c\x02\x49"
+ "\x68\x50\x22\x16\x96\x2f\xc4\x23"
+ "\x80\x47\x27\xd1\xee\x10\x3b\xa7"
+ "\x19\xae\xe1\x40\x5f\x3a\xde\x5d"
+ "\x97\x1c\x59\xce\xe1\xe7\x32\xa7"
+ "\x20\x89\xef\x44\x22\x38\x3c\x14"
+ "\x99\x3f\x1b\xd6\x37\xfe\x93\xbf"
+ "\x34\x13\x86\xd7\x9b\xe5\x2a\x37"
+ "\x72\x16\xa4\xdf\x7f\xe4\xa4\x66"
+ "\x9d\xf2\x0b\x29\xa1\xe2\x9d\x36"
+ "\xe1\x9d\x56\x95\x73\xe1\x91\x58"
+ "\x0f\x64\xf8\x90\xbb\x0c\x48\x0f"
+ "\xf5\x52\xae\xd9\xeb\x95\xb7\xdd"
+ "\xae\x0b\x20\x55\x87\x3d\xf0\x69"
+ "\x3c\x0a\x54\x61\xea\x00\xbd\xba"
+ "\x5f\x7e\x25\x8c\x3e\x61\xee\xb2"
+ "\x1a\xc8\x0e\x0b\xa5\x18\x49\xf2"
+ "\x6e\x1d\x3f\x83\xc3\xf1\x1a\xcb"
+ "\x9f\xc9\x82\x4e\x7b\x26\xfd\x68"
+ "\x28\x25\x8d\x22\x17\xab\xf8\x4e"
+ "\x1a\xa9\x81\x48\xb0\x9f\x52\x75"
+ "\xe4\xef\xdd\xbd\x5b\xbe\xab\x3c"
+ "\x43\x76\x23\x62\xce\xb8\xc2\x5b"
+ "\xc6\x31\xe6\x81\xb4\x42\xb2\xfd"
+ "\xf3\x74\xdd\x02\x3c\xa0\xd7\x97"
+ "\xb0\xe7\xe9\xe0\xce\xef\xe9\x1c"
+ "\x09\xa2\x6d\xd3\xc4\x60\xd6\xd6"
+ "\x9e\x54\x31\x45\x76\xc9\x14\xd4"
+ "\x95\x17\xe9\xbe\x69\x92\x71\xcb"
+ "\xde\x7c\xf1\xbd\x2b\xef\x8d\xaf"
+ "\x51\xe8\x28\xec\x48\x7f\xf8\xfa"
+ "\x9f\x9f\x5e\x52\x61\xc3\xfc\x9a"
+ "\x7e\xeb\xe3\x30\xb6\xfe\xc4\x4a"
+ "\x87\x1a\xff\x54\x64\xc7\xaa\xa2"
+ "\xfa\xb7\xb2\xe7\x25\xce\x95\xb4"
+ "\x15\x93\xbd\x24\xb6\xbc\xe4\x62"
+ "\x93\x7f\x44\x40\x72\xcb\xfb\xb2"
+ "\xbf\xe8\x03\xa5\x87\x12\x27\xfd"
+ "\xc6\x21\x8a\x8f\xc2\x48\x48\xb9"
+ "\x6b\xb6\xf0\xf0\x0e\x0a\x0e\xa4"
+ "\x40\xa9\xd8\x23\x24\xd0\x7f\xe2"
+ "\xf9\xed\x76\xf0\x91\xa5\x83\x3c"
+ "\x55\xe1\x92\xb8\xb6\x32\x9e\x63"
+ "\x60\x81\x75\x29\x9e\xce\x2a\x70"
+ "\x28\x0c\x87\xe5\x46\x73\x76\x66"
+ "\xbc\x4b\x6c\x37\xc7\xd0\x1a\xa0"
+ "\x9d\xcf\x04\xd3\x8c\x42\xae\x9d"
+ "\x35\x5a\xf1\x40\x4c\x4e\x81\xaa"
+ "\xfe\xd5\x83\x4f\x29\x19\xf3\x6c"
+ "\x9e\xd0\x53\xe5\x05\x8f\x14\xfb"
+ "\x68\xec\x0a\x3a\x85\xcd\x3e\xb4"
+ "\x4a\xc2\x5b\x92\x2e\x0b\x58\x64"
+ "\xde\xca\x64\x86\x53\xdb\x7f\x4e"
+ "\x54\xc6\x5e\xaa\xe5\x82\x3b\x98"
+ "\x5b\x01\xa7\x1f\x7b\x3d\xcc\x19"
+ "\xf1\x11\x02\x64\x09\x25\x7c\x26"
+ "\xee\xad\x50\x68\x31\x26\x16\x0f"
+ "\xb6\x7b\x6f\xa2\x17\x1a\xba\xbe"
+ "\xc3\x60\xdc\xd2\x44\xe0\xb4\xc4"
+ "\xfe\xff\x69\xdb\x60\xa6\xaf\x39"
+ "\x0a\xbd\x6e\x41\xd1\x9f\x87\x71"
+ "\xcc\x43\xa8\x47\x10\xbc\x2b\x7d"
+ "\x40\x12\x43\x31\xb8\x12\xe0\x95"
+ "\x6f\x9d\xf8\x75\x51\x3d\x61\xbe"
+ "\xa0\xd1\x0b\x8d\x50\xc7\xb8\xe7"
+ "\xab\x03\xda\x41\xab\xc5\x4e\x33"
+ "\x5a\x63\x94\x90\x22\x72\x54\x26"
+ "\x93\x65\x99\x45\x55\xd3\x55\x56"
+ "\xc5\x39\xe4\xb4\xb1\xea\xd8\xf9"
+ "\xb5\x31\xf7\xeb\x80\x1a\x9e\x8d"
+ "\xd2\x40\x01\xea\x33\xb9\xf2\x7a"
+ "\x43\x41\x72\x0c\xbf\x20\xab\xf7"
+ "\xfa\x65\xec\x3e\x35\x57\x1e\xef"
+ "\x2a\x81\xfa\x10\xb2\xdb\x8e\xfa"
+ "\x7f\xe7\xaf\x73\xfc\xbb\x57\xa2"
+ "\xaf\x6f\x41\x11\x30\xd8\xaf\x94"
+ "\x53\x8d\x4c\x23\xa5\x20\x63\xcf"
+ "\x0d\x00\xe0\x94\x5e\x92\xaa\xb5"
+ "\xe0\x4e\x96\x3c\xf4\x26\x2f\xf0"
+ "\x3f\xd7\xed\x75\x2c\x63\xdf\xc8"
+ "\xfb\x20\xb5\xae\x44\x83\xc0\xab"
+ "\x05\xf9\xbb\xa7\x62\x7d\x21\x5b"
+ "\x04\x80\x93\x84\x5f\x1d\x9e\xcd"
+ "\xa2\x07\x7e\x22\x2f\x55\x94\x23"
+ "\x74\x35\xa3\x0f\x03\xbe\x07\x62"
+ "\xe9\x16\x69\x7e\xae\x38\x0e\x9b"
+ "\xad\x6e\x83\x90\x21\x10\xb8\x07"
+ "\xdc\xc1\x44\x20\xa5\x88\x00\xdc"
+ "\xe1\x82\x16\xf1\x0c\xdc\xed\x8c"
+ "\x32\xb5\x49\xab\x11\x41\xd5\xd2"
+ "\x35\x2c\x70\x73\xce\xeb\xe3\xd6"
+ "\xe4\x7d\x2c\xe8\x8c\xec\x8a\x92"
+ "\x50\x87\x51\xbd\x2d\x9d\xf2\xf0"
+ "\x3c\x7d\xb1\x87\xf5\x01\xb0\xed"
+ "\x02\x5a\x20\x4d\x43\x08\x71\x49"
+ "\x77\x72\x9b\xe6\xef\x30\xc9\xa2"
+ "\x66\x66\xb8\x68\x9d\xdf\xc6\x16"
+ "\xa5\x78\xee\x3c\x47\xa6\x7a\x31"
+ "\x07\x6d\xce\x7b\x86\xf8\xb2\x31"
+ "\xa8\xa4\x77\x3c\x63\x36\xe8\xd3"
+ "\x7d\x40\x56\xd8\x48\x56\x9e\x3e"
+ "\x56\xf6\x3d\xd2\x12\x6e\x35\x29"
+ "\xd4\x7a\xdb\xff\x97\x4c\xeb\x3c"
+ "\x28\x2a\xeb\xe9\x43\x40\x61\x06"
+ "\xb8\xa8\x6d\x18\xc8\xbc\xc7\x23"
+ "\x53\x2b\x8b\xcc\xce\x88\xdf\xf8"
+ "\xff\xf8\x94\xe4\x5c\xee\xcf\x39"
+ "\xe0\xf6\x1a\xae\xf2\xd5\x41\x6a"
+ "\x09\x5a\x50\x66\xc4\xf4\x66\xdc"
+ "\x6a\x69\xee\xc8\x47\xe6\x87\x52"
+ "\x9e\x28\xe4\x39\x02\x0d\xc4\x7e"
+ "\x18\xe6\xc6\x09\x07\x03\x30\xb9"
+ "\xd1\xb0\x48\xe6\x80\xe8\x8c\xe6"
+ "\xc7\x2c\x33\xca\x64\xe5\xc0\x6e"
+ "\xac\x14\x4b\xe1\xf6\xeb\xce\xe4"
+ "\xc1\x8c\xea\x5b\x8d\x3c\x86\x91"
+ "\xd1\xd7\x16\x9c\x09\x9c\x6a\x51"
+ "\xe5\xcd\xe3\xb0\x33\x1f\x03\xcd"
+ "\xe5\xd8\x40\x9b\xdc\x29\xbe\xfa"
+ "\x24\xcc\xf1\x55\x68\x3a\x89\x0d"
+ "\x08\x48\xfd\x9b\x47\x41\x10\xae"
+ "\x53\x3a\x83\x87\xd4\x89\xe7\x38"
+ "\x47\xee\xd7\xbe\xe2\x58\x37\xd2"
+ "\xfc\x21\x1d\x20\xa5\x2d\x69\x0c"
+ "\x36\x5b\x2f\xcd\xa1\xa6\xe4\xa1"
+ "\x00\x4d\xf7\xc8\x2d\xc7\x16\x6c"
+ "\x6d\xad\x32\x8c\x8f\x74\xf9\xfa"
+ "\x78\x1c\x9a\x0f\x6e\x93\x9c\x20"
+ "\x43\xb9\xe4\xda\xc4\xc7\x90\x47"
+ "\x86\x68\xb7\x6f\x82\x59\x4a\x30"
+ "\xf1\xfd\x31\x0f\xa1\xea\x9b\x6b"
+ "\x18\x5c\x39\xb0\xc7\x80\x64\xff"
+ "\x6d\x5b\xb4\x8b\xba\x90\xea\x4e"
+ "\x9a\x04\xd2\x68\x18\x50\xb5\x91"
+ "\x45\x4f\x58\x5a\xe5\xc6\x7c\xab"
+ "\x61\x3e\x3d\xec\x18\x87\xfc\xea"
+ "\x26\x35\x4c\x99\x8a\x3f\x00\x7b"
+ "\xf5\x89\x62\xda\xdd\xf1\x43\xef"
+ "\x2c\x1d\x92\xfa\x9a\xd0\x37\x03"
+ "\x69\x9c\xd8\x1f\x41\x44\xb7\x73"
+ "\x54\x14\x91\x12\x41\x41\x54\xa2"
+ "\x91\x55\xb6\xf7\x23\x41\xc9\xc2"
+ "\x5b\x53\xf2\x61\x63\x0d\xa9\x87"
+ "\x1a\xbb\x11\x1f\x3c\xbb\xa8\x1f"
+ "\xe2\x66\x56\x88\x06\x3c\xd2\x0f"
+ "\x3b\xc4\xd6\x8c\xbe\x54\x9f\xa8"
+ "\x9c\x89\xfb\x88\x05\xef\xcd\xe7"
+ "\xc1\xc4\x21\x36\x22\x8d\x9a\x5d"
+ "\x1b\x1e\x4a\xc0\x89\xdd\x76\x16"
+ "\x5a\xce\xcd\x1e\x6a\x1f\xa0\x2b"
+ "\x83\xf6\x5e\x28\x8e\x65\xb5\x86"
+ "\x72\x8f\xc5\xf2\x54\x81\x10\x8d"
+ "\x63\x7b\x42\x7d\x06\x08\x16\xb3"
+ "\xb0\x60\x65\x41\x49\xdb\x0d\xc1"
+ "\xe2\xef\x72\x72\x06\xe7\x60\x5c"
+ "\x95\x1c\x7d\x52\xec\x82\xee\xd3"
+ "\x5b\xab\x61\xa4\x1f\x61\x64\x0c"
+ "\x28\x32\x21\x7a\x81\xe7\x81\xf3"
+ "\xdb\xc0\x18\xd9\xae\x0b\x3c\x9a"
+ "\x58\xec\x70\x4f\x40\x25\x2b\xba"
+ "\x96\x59\xac\x34\x45\x29\xc6\x57"
+ "\xc1\xc3\x93\x60\x77\x92\xbb\x83"
+ "\x8a\xa7\x72\x45\x2a\xc9\x35\xe7"
+ "\x66\xd6\xa9\xe9\x43\x87\x20\x11"
+ "\x6a\x2f\x87\xac\xe0\x93\x82\xe5"
+ "\x6c\x57\xa9\x4c\x9e\x56\x57\x33"
+ "\x1c\xd8\x7e\x25\x27\x41\x89\x97"
+ "\xea\xa5\x56\x02\x5b\x93\x13\x46"
+ "\xdc\x53\x3d\x95\xef\xaf\x9f\xf0"
+ "\x0a\x8a\xfe\x0c\xbf\xf0\x25\x5f"
+ "\xb4\x9f\x1b\x72\x9c\x37\xba\x46"
+ "\x4e\xcc\xcc\x02\x5c\xec\x3f\x98"
+ "\xff\x56\x1a\xc2\x7a\x65\x8f\xf6"
+ "\xd2\x81\x37\x7a\x0a\xfc\x79\xb9"
+ "\xcb\x8c\xc8\x1a\xd0\xba\x5d\x55"
+ "\xbc\x6d\x2e\xb2\x2f\x75\x29\x3f"
+ "\x1a\x4b\xa8\xd7\xe8\xf6\xf4\x2a"
+ "\xa5\xa1\x68\xec\xf3\xd5\xdd\x0f"
+ "\xad\x57\xae\x98\x83\xd5\x92\x4e"
+ "\x76\x86\x8e\x5e\x4b\x87\x7b\xf7"
+ "\x2d\x79\x3f\x12\x6a\x24\x58\xc8"
+ "\xab\x9a\x65\x75\x82\x6f\xa5\x39"
+ "\x72\xb0\xdf\x93\xb5\xa2\xf3\xdd"
+ "\x1f\x32\xfa\xdb\xfe\x1b\xbf\x0a"
+ "\xd9\x95\xdd\x02\xf1\x23\x54\xb1"
+ "\xa5\xbb\x24\x04\x5c\x2a\x97\x92"
+ "\xe6\xe0\x10\x61\xe3\x46\xc7\x0c"
+ "\xcb\xbc\x51\x9a\x35\x16\xd9\x42"
+ "\x62\xb3\x5e\xa4\x3c\x84\xa0\x7f"
+ "\xb8\x7f\x70\xd1\x8b\x03\xdf\x27"
+ "\x32\x06\x3f\x12\x23\x19\x22\x82"
+ "\x2d\x37\xa5\x00\x31\x9b\xa9\x21"
+ "\x8e\x34\x8c\x8e\x4f\xe8\xd4\x63"
+ "\x6c\xb2\xa9\x6e\xf6\x7c\x96\xf1"
+ "\x0e\x64\xab\x14\x3d\x8f\x74\xb3"
+ "\x35\x79\x84\x78\x06\x68\x97\x30"
+ "\xe0\x22\x55\xd6\xc5\x5b\x38\xb2"
+ "\x75\x24\x0c\x52\xb6\x57\xcc\x0a"
+ "\xbd\x3c\xd0\x73\x47\xd1\x25\xd6"
+ "\x1c\xfd\x27\x05\x3f\x70\xe1\xa7"
+ "\x69\x3b\xee\xc9\x9f\xfd\x2a\x7e"
+ "\xab\x58\xe6\x0b\x35\x5e\x52\xf9"
+ "\xff\xac\x5b\x82\x88\xa7\x65\xbc"
+ "\x61\x29\xdc\xa1\x94\x42\xd1\xd3"
+ "\xa0\xd8\xba\x3b\x49\xc8\xa7\xce"
+ "\x01\x6c\xb7\x3f\xe3\x98\x4d\xd1"
+ "\x9f\x46\x0d\xb3\xf2\x43\x33\x49"
+ "\xb7\x27\xbd\xba\xcc\x3f\x09\x56"
+ "\xfa\x64\x18\xb8\x17\x28\xde\x0d"
+ "\x29\xfa\x1f\xad\x60\x3b\x90\xa7"
+ "\x05\x9f\x4c\xc4\xdc\x05\x3b\x17"
+ "\x58\xea\x99\xfd\x6b\x8a\x93\x77"
+ "\xa5\x44\xbd\x8d\x29\x44\x29\x89"
+ "\x52\x1d\x89\x8b\x44\x8f\xb9\x68"
+ "\xeb\x93\xfd\x92\xd9\x14\x35\x9c"
+ "\x28\x3a\x9f\x1d\xd8\xe0\x2a\x76"
+ "\x51\xc1\xf0\xa9\x1d\xb4\xf8\xb9"
+ "\xfc\x14\x78\x5a\xa2\xb1\xdb\x94"
+ "\xcb\x18\xb9\x34\xbd\x0c\x65\x1d"
+ "\x64\xde\xd0\x3a\xe4\x68\x0e\xbc"
+ "\x13\xa7\x47\x89\x62\xa3\x03\x19"
+ "\x64\xa1\x02\x27\x3a\x8d\x43\xfa"
+ "\x68\xff\xda\x8b\x40\xe9\x19\x8b"
+ "\x56\xbe\x1c\x9b\xe6\xf6\x3f\x60"
+ "\xdb\x7a\xd5\xab\x82\xd8\xd9\x99"
+ "\xe3\x5b\x0c\x0c\x69\x18\x5c\xed"
+ "\x03\xf9\xc1\x61\xc4\x7b\xd4\x90"
+ "\x43\xc3\x39\xec\xac\xcb\x1f\x4b"
+ "\x23\xf8\xa9\x98\x2f\xf6\x48\x90"
+ "\x6c\x2b\x94\xad\x14\xdd\xcc\xa2"
+ "\x3d\xc7\x86\x0f\x7f\x1c\x0b\x93"
+ "\x4b\x74\x1f\x80\x75\xb4\x91\xdf"
+ "\xa8\x26\xf9\x06\x2b\x3a\x2c\xfd"
+ "\x3c\x31\x40\x1e\x5b\xa6\x86\x01"
+ "\xc4\xa2\x80\x4f\xf5\xa2\xf4\xff"
+ "\xf6\x07\x8c\x92\xf7\x74\xbd\x42"
+ "\xb0\x3f\x6b\x05\xca\x40\xeb\x04"
+ "\x20\xa9\x37\x78\x32\x03\x60\xcc"
+ "\xf3\xec\xb2\x2d\xb5\x80\x7c\xe4"
+ "\x37\x53\x25\xd1\xe8\x91\x6a\xe5"
+ "\xdf\xdd\xb0\xab\x69\xc7\xa1\xb2"
+ "\xfc\xb3\xd1\x9e\xda\xa8\x0d\x68"
+ "\xfe\x7d\xdc\x56\x33\x65\x99\xd2"
+ "\xec\xa5\xa0\xa1\x26\xc9\xec\xbd"
+ "\x22\x20\x5e\x0d\xcb\x93\x64\x7a"
+ "\x56\x75\xed\xe5\x45\xa2\xbd\x16"
+ "\x59\xf7\x43\xd9\x5b\x2c\xdd\xb6"
+ "\x1d\xa8\x05\x89\x2f\x65\x2e\x66"
+ "\xfe\xad\x93\xeb\x85\x8f\xe8\x4c"
+ "\x00\x44\x71\x03\x0e\x26\xaf\xfd"
+ "\xfa\x56\x0f\xdc\x9c\xf3\x2e\xab"
+ "\x88\x26\x61\xc6\x13\xfe\xba\xc1"
+ "\xd8\x8a\x38\xc3\xb6\x4e\x6d\x80"
+ "\x4c\x65\x93\x2f\xf5\x54\xff\x63"
+ "\xbe\xdf\x9a\xe3\x4f\xca\xc9\x71"
+ "\x12\xab\x95\x66\xec\x09\x64\xea"
+ "\xdc\x9f\x01\x61\x24\x88\xd1\xa7"
+ "\xd0\x69\x26\xf0\x80\xb0\xec\x86"
+ "\xc2\x58\x2f\x6a\xc5\xfd\xfc\x2a"
+ "\xf6\x3e\x23\x77\x3b\x7e\xc5\xc5"
+ "\xe7\xf9\x4d\xcc\x68\x53\x11\xc8"
+ "\x5b\x44\xbd\x48\x0f\xb3\x35\x1a"
+ "\x93\x4a\x80\x16\xa3\x0d\x50\x85"
+ "\xa6\xc4\xd4\x74\x4d\x87\x59\x51"
+ "\xd7\xf7\x7d\xee\xd0\x9b\xd1\x83"
+ "\x25\x2b\xc6\x39\x27\x6a\xb3\x41"
+ "\x5f\xd2\x24\xd4\xd6\xfa\x8c\x3e"
+ "\xb2\xf9\x11\x71\x7a\x9e\x5e\x7b"
+ "\x5b\x9a\x47\x80\xca\x1c\xbe\x04"
+ "\x5d\x34\xc4\xa2\x2d\x41\xfe\x73"
+ "\x53\x15\x9f\xdb\xe7\x7d\x82\x19"
+ "\x21\x1b\x67\x2a\x74\x7a\x21\x4a"
+ "\xc4\x96\x6f\x00\x92\x69\xf1\x99"
+ "\x50\xf1\x4a\x16\x11\xf1\x16\x51",
+ .ctext = "\x57\xd1\xcf\x26\xe5\x07\x7a\x3f"
+ "\xa5\x5e\xd4\xa8\x12\xe9\x4e\x36"
+ "\x9c\x28\x65\xe0\xbd\xef\xf1\x49"
+ "\x04\xd4\xd4\x01\x4d\xf5\xfc\x2a"
+ "\x32\xd8\x19\x21\xcd\x58\x2a\x1a"
+ "\x43\x78\xa4\x57\x69\xa0\x52\xeb"
+ "\xcd\xa5\x9c\x4d\x03\x28\xef\x8b"
+ "\x54\xc6\x6c\x31\xab\x3e\xaf\x6d"
+ "\x0a\x87\x83\x3d\xb7\xea\x6b\x3d"
+ "\x11\x58\x7d\x5f\xaf\xc9\xfc\x50"
+ "\x58\x9a\x84\xa1\xcf\x76\xdc\x77"
+ "\x83\x9a\x28\x74\x69\xc9\x0c\xc2"
+ "\x7b\x1e\x4e\xe4\x25\x41\x23\x0d"
+ "\x4e\x0e\x2d\x7a\x87\xaa\x0f\x7c"
+ "\x98\xad\xf0\x6f\xbf\xcb\xd5\x1a"
+ "\x3e\xcf\x0e\xc5\xde\xbd\x8d\xf1"
+ "\xaa\x19\x16\xb8\xc5\x25\x02\x33"
+ "\xbd\x5a\x85\xe2\xc0\x77\x71\xda"
+ "\x12\x4c\xdf\x7f\xce\xc0\x32\x95"
+ "\x1a\xde\xcb\x0a\x70\xd0\x9e\x89"
+ "\xc5\x97\x18\x04\xab\x8c\x38\x56"
+ "\x69\xe5\xf6\xa5\x76\x2c\x52\x7a"
+ "\x49\xd2\x9a\x95\xa6\xa8\x82\x42"
+ "\x20\x1f\x58\x57\x4e\x22\xdb\x92"
+ "\xec\xbd\x4a\x21\x66\x9b\x7a\xcb"
+ "\x73\xcd\x6d\x15\x07\xc9\x97\xb8"
+ "\x11\x35\xee\x29\xa4\x90\xfc\x46"
+ "\x0f\x39\x56\xc6\x4a\x3a\xcf\xcc"
+ "\xb1\xbf\x62\x1c\x16\xc5\x12\x6c"
+ "\x0e\x69\x89\xce\xcf\x11\x4e\xe5"
+ "\x7e\x4e\x7c\x8f\xb4\xc9\xe6\x54"
+ "\x42\x89\x28\x27\xe6\xec\x50\xb7"
+ "\x69\x91\x44\x3e\x46\xd4\x64\xf6"
+ "\x25\x4c\x4d\x2f\x60\xd9\x9a\xd3"
+ "\x1c\x70\xf4\xd8\x24\x1e\xdb\xcf"
+ "\xa8\xc0\x22\xe6\x82\x57\xf6\xf0"
+ "\xe1\x1e\x38\x66\xec\xdc\x20\xdb"
+ "\x6a\x57\x68\xb1\x43\x61\xe1\x12"
+ "\x18\x5f\x31\x57\x39\xcb\xea\x3c"
+ "\x6e\x5d\x9a\xe0\xa6\x70\x4d\xd8"
+ "\xf9\x47\x4e\xef\x31\xa5\x66\x9b"
+ "\xb7\xf1\xd9\x59\x85\xfc\xdb\x7e"
+ "\xa2\x7a\x70\x25\x0c\xfd\x18\x0d"
+ "\x00\x42\xc9\x48\x8a\xbd\x74\xc5"
+ "\x3e\xe1\x20\x5a\x5d\x2e\xe5\x32"
+ "\x1d\x1c\x08\x65\x80\x69\xae\x24"
+ "\x80\xde\xb6\xdf\x97\xaa\x42\x8d"
+ "\xce\x39\x07\xe6\x69\x94\x5a\x75"
+ "\x39\xda\x5e\x1a\xed\x4a\x4c\x23"
+ "\x66\x1f\xf3\xb1\x6e\x8f\x21\x94"
+ "\x45\xc4\x63\xbd\x06\x93\x5e\x30"
+ "\xe7\x8f\xcb\xe0\xbb\x2a\x27\xcf"
+ "\x57\xa9\xa6\x28\xaf\xae\xcb\xa5"
+ "\x7b\x36\x61\x77\x3a\x4f\xec\x51"
+ "\x71\xfd\x52\x9e\x32\x7b\x98\x09"
+ "\xae\x27\xbc\x93\x96\xab\xb6\x02"
+ "\xf7\x21\xd3\x42\x00\x7e\x7a\x92"
+ "\x17\xfe\x1b\x3d\xcf\xb6\xfe\x1e"
+ "\x40\xc3\x10\x25\xac\x22\x9e\xcc"
+ "\xc2\x02\x61\xf5\x0a\x4b\xc3\xec"
+ "\xb1\x44\x06\x05\xb8\xd6\xcb\xd5"
+ "\xf1\xf5\xb5\x65\xbc\x1a\x19\xa2"
+ "\x7d\x60\x87\x11\x06\x83\x25\xe3"
+ "\x5e\xf0\xeb\x15\x93\xb6\x8e\xab"
+ "\x49\x52\xe8\xdb\xde\xd1\x8e\xa2"
+ "\x3a\x64\x13\x30\xaa\x20\xaf\x81"
+ "\x8d\x3c\x24\x2a\x76\x6d\xca\x32"
+ "\x63\x51\x6b\x8e\x4b\xa7\xf6\xad"
+ "\xa5\x94\x16\x82\xa6\x97\x3b\xe5"
+ "\x41\xcd\x87\x33\xdc\xc1\x48\xca"
+ "\x4e\xa2\x82\xad\x8e\x1b\xae\xcb"
+ "\x12\x93\x27\xa3\x2b\xfa\xe6\x26"
+ "\x43\xbd\xb0\x00\x01\x22\x1d\xd3"
+ "\x28\x9d\x69\xe0\xd4\xf8\x5b\x01"
+ "\x40\x7d\x54\xe5\xe2\xbd\x78\x5a"
+ "\x0e\xab\x51\xfc\xd4\xde\xba\xbc"
+ "\xa4\x7a\x74\x6d\xf8\x36\xc2\x70"
+ "\x03\x27\x36\xa2\xc0\xde\xf2\xc7"
+ "\x55\xd4\x66\xee\x9a\x9e\xaa\x99"
+ "\x2b\xeb\xa2\x6f\x17\x80\x60\x64"
+ "\xed\x73\xdb\xc1\x70\xda\xde\x67"
+ "\xcd\x6e\xc9\xfa\x3f\xef\x49\xd9"
+ "\x18\x42\xf1\x87\x6e\x2c\xac\xe1"
+ "\x12\x26\x52\xbe\x3e\xf1\xcc\x85"
+ "\x9a\xd1\x9e\xc1\x02\xd3\xca\x2b"
+ "\x99\xe7\xe8\x95\x7f\x91\x4b\xc0"
+ "\xab\xd4\x5a\xf7\x88\x1c\x7e\xea"
+ "\xd3\x15\x38\x26\xb5\xa3\xf2\xfc"
+ "\xc4\x12\x70\x5a\x37\x83\x49\xac"
+ "\xf4\x5e\x4c\xc8\x64\x03\x98\xad"
+ "\xd2\xbb\x8d\x90\x01\x80\xa1\x2a"
+ "\x23\xd1\x8d\x26\x43\x7d\x2b\xd0"
+ "\x87\xe1\x8e\x6a\xb3\x73\x9d\xc2"
+ "\x66\x75\xee\x2b\x41\x1a\xa0\x3b"
+ "\x1b\xdd\xb9\x21\x69\x5c\xef\x52"
+ "\x21\x57\xd6\x53\x31\x67\x7e\xd1"
+ "\xd0\x67\x8b\xc0\x97\x2c\x0a\x09"
+ "\x1d\xd4\x35\xc5\xd4\x11\x68\xf8"
+ "\x5e\x75\xaf\x0c\xc3\x9d\xa7\x09"
+ "\x38\xf5\x77\xb9\x80\xa9\x6b\xbd"
+ "\x0c\x98\xb4\x8d\xf0\x35\x5a\x19"
+ "\x1d\xf8\xb3\x5b\x45\xad\x4e\x4e"
+ "\xd5\x59\xf5\xd7\x53\x63\x3e\x97"
+ "\x7f\x91\x50\x65\x61\x21\xa9\xb7"
+ "\x65\x12\xdc\x01\x56\x40\xe0\xb1"
+ "\xe1\x23\xba\x9d\xb9\xc4\x8b\x1f"
+ "\xa6\xfe\x24\x19\xe9\x42\x9f\x9b"
+ "\x02\x48\xaa\x60\x0b\xf5\x7f\x8f"
+ "\x35\x70\xed\x85\xb8\xc4\xdc\xb7"
+ "\x16\xb7\x03\xe0\x2e\xa0\x25\xab"
+ "\x02\x1f\x97\x8e\x5a\x48\xb6\xdb"
+ "\x25\x7a\x16\xf6\x4c\xec\xec\xa6"
+ "\xc1\x4e\xe3\x4e\xe3\x27\x78\xc8"
+ "\xb6\xd7\x01\x61\x98\x1b\x38\xaa"
+ "\x36\x93\xac\x6d\x05\x61\x4d\x5a"
+ "\xc9\xe5\x27\xa9\x22\xf2\x38\x5e"
+ "\x9e\xe5\xf7\x4a\x64\xd2\x14\x15"
+ "\x71\x7c\x65\x6e\x90\x31\xc7\x49"
+ "\x25\xec\x9f\xf1\xb2\xd6\xbc\x20"
+ "\x6a\x13\xd5\x70\x65\xfc\x8b\x66"
+ "\x2c\xf1\x57\xc2\xe7\xb8\x89\xf7"
+ "\x17\xb2\x45\x64\xe0\xb3\x8c\x0d"
+ "\x69\x57\xf9\x5c\xff\xc2\x3c\x18"
+ "\x1e\xfd\x4b\x5e\x0d\x20\x01\x1a"
+ "\xa3\xa3\xb3\x76\x98\x9c\x92\x41"
+ "\xb4\xcd\x9f\x8f\x88\xcb\xb1\xb5"
+ "\x25\x87\x45\x4c\x07\xa7\x15\x99"
+ "\x24\x85\x15\x9e\xfc\x28\x98\x2b"
+ "\xd0\x22\x0a\xcc\x62\x12\x86\x0a"
+ "\xa8\x0e\x7d\x15\x32\x98\xae\x2d"
+ "\x95\x25\x55\x33\x41\x5b\x8d\x75"
+ "\x46\x61\x01\xa4\xfb\xf8\x6e\xe5"
+ "\xec\x24\xfe\xd2\xd2\x46\xe2\x3a"
+ "\x77\xf3\xa1\x39\xd3\x39\x32\xd8"
+ "\x2a\x6b\x44\xd7\x70\x36\x23\x89"
+ "\x4f\x75\x85\x42\x70\xd4\x2d\x4f"
+ "\xea\xfc\xc9\xfe\xb4\x86\xd8\x73"
+ "\x1d\xeb\xf7\x54\x0a\x47\x7e\x2c"
+ "\x04\x7b\x47\xea\x52\x8f\x13\x1a"
+ "\xf0\x19\x65\xe2\x0a\x1c\xae\x89"
+ "\xe1\xc5\x87\x6e\x5d\x7f\xf8\x79"
+ "\x08\xbf\xd2\x7f\x2c\x95\x22\xba"
+ "\x32\x78\xa9\xf6\x03\x98\x18\xed"
+ "\x15\xbf\x49\xb0\x6c\xa1\x4b\xb0"
+ "\xf3\x17\xd5\x35\x5d\x19\x57\x5b"
+ "\xf1\x07\x1e\xaa\x4d\xef\xd0\xd6"
+ "\x72\x12\x6b\xd9\xbc\x10\x49\xc5"
+ "\x28\xd4\xec\xe9\x8a\xb1\x6d\x50"
+ "\x4b\xf3\x44\xb8\x49\x04\x62\xe9"
+ "\xa4\xd8\x5a\xe7\x90\x02\xb7\x1e"
+ "\x66\x89\xbc\x5a\x71\x4e\xbd\xf8"
+ "\x18\xfb\x34\x2f\x67\xa2\x65\x71"
+ "\x00\x63\x22\xef\x3a\xa5\x18\x0e"
+ "\x54\x76\xaa\x58\xae\x87\x23\x93"
+ "\xb0\x3c\xa2\xa4\x07\x77\x3e\xd7"
+ "\x1a\x9c\xfe\x32\xc3\x54\x04\x4e"
+ "\xd6\x98\x44\xda\x98\xf8\xd3\xc8"
+ "\x1c\x07\x4b\xcd\x97\x5d\x96\x95"
+ "\x9a\x1d\x4a\xfc\x19\xcb\x0b\xd0"
+ "\x6d\x43\x3a\x9a\x39\x1c\xa8\x90"
+ "\x9f\x53\x8b\xc4\x41\x75\xb5\xb9"
+ "\x91\x5f\x02\x0a\x57\x6c\x8f\xc3"
+ "\x1b\x0b\x3a\x8b\x58\x3b\xbe\x2e"
+ "\xdc\x4c\x23\x71\x2e\x14\x06\x21"
+ "\x0b\x3b\x58\xb8\x97\xd1\x00\x62"
+ "\x2e\x74\x3e\x6e\x21\x8a\xcf\x60"
+ "\xda\x0c\xf8\x7c\xfd\x07\x55\x7f"
+ "\xb9\x1d\xda\x34\xc7\x27\xbf\x2a"
+ "\xd9\xba\x41\x9b\x37\xa1\xc4\x5d"
+ "\x03\x01\xce\xbb\x58\xff\xee\x74"
+ "\x08\xbd\x0b\x80\xb1\xd5\xf8\xb5"
+ "\x92\xf9\xbb\xbe\x03\xb5\xec\xbe"
+ "\x17\xee\xd7\x4e\x87\x2b\x61\x1b"
+ "\x27\xc3\x51\x50\xa0\x02\x73\x00"
+ "\x1a\xea\x2a\x2b\xf8\xf6\xe6\x96"
+ "\x75\x00\x56\xcc\xcb\x7a\x24\x29"
+ "\xe8\xdb\x95\xbf\x4e\x8f\x0a\x78"
+ "\xb8\xeb\x5a\x90\x37\xd0\x21\x94"
+ "\x6a\x89\x6b\x41\x3a\x1b\xa7\x20"
+ "\x43\x37\xda\xad\x81\xdd\xb4\xfc"
+ "\xe9\x60\x82\x77\x44\x3f\x89\x23"
+ "\x35\x04\x8f\xa1\xe8\xc0\xb6\x9f"
+ "\x56\xa7\x86\x3d\x65\x9c\x57\xbb"
+ "\x27\xdb\xe1\xb2\x13\x07\x9c\xb1"
+ "\x60\x8b\x38\x6b\x7f\x24\x28\x14"
+ "\xfe\xbf\xc0\xda\x61\x6e\xc2\xc7"
+ "\x63\x36\xa8\x02\x54\x93\xb0\xba"
+ "\xbd\x4d\x29\x14\x5a\x8b\xbc\x78"
+ "\xb3\xa6\xc5\x15\x5d\x36\x4d\x38"
+ "\x20\x9c\x1e\x98\x2e\x16\x89\x33"
+ "\x66\xa2\x54\x57\xcc\xde\x12\xa6"
+ "\x3b\x44\xf1\xac\x36\x3b\x97\xc1"
+ "\x96\x94\xf2\x67\x57\x23\x9c\x29"
+ "\xcd\xb7\x24\x2a\x8c\x86\xee\xaa"
+ "\x0f\xee\xaf\xa0\xec\x40\x8c\x08"
+ "\x18\xa1\xb4\x2c\x09\x46\x11\x7e"
+ "\x97\x84\xb1\x03\xa5\x3e\x59\x05"
+ "\x07\xc5\xf0\xcc\xb6\x71\x72\x2a"
+ "\xa2\x02\x78\x60\x0b\xc4\x47\x93"
+ "\xab\xcd\x67\x2b\xf5\xc5\x67\xa0"
+ "\xc0\x3c\x6a\xd4\x7e\xc9\x93\x0c"
+ "\x02\xdc\x15\x87\x48\x16\x26\x18"
+ "\x4e\x0b\x16\x0e\xb3\x02\x3e\x4b"
+ "\xc2\xe4\x49\x08\x9f\xb9\x8b\x1a"
+ "\xca\x10\xe8\x6c\x58\xa9\x7e\xb8"
+ "\xbe\xff\x58\x0e\x8a\xfb\x35\x93"
+ "\xcc\x76\x7d\xd9\x44\x7c\x31\x96"
+ "\xc0\x29\x73\xd3\x91\x0a\xc0\x65"
+ "\x5c\xbe\xe7\x4e\xda\x31\x85\xf2"
+ "\x72\xee\x34\xbe\x41\x90\xd4\x07"
+ "\x50\x64\x56\x81\xe3\x27\xfb\xcc"
+ "\xb7\x5c\x36\xb4\x6e\xbd\x23\xf8"
+ "\xe8\x71\xce\xa8\x73\x77\x82\x74"
+ "\xab\x8d\x0e\xe5\x93\x68\xb1\xd2"
+ "\x51\xc2\x18\x58\xd5\x3f\x29\x6b"
+ "\x2e\xd0\x88\x7f\x4a\x9d\xa2\xb8"
+ "\xae\x96\x09\xbf\x47\xae\x7d\x12"
+ "\x70\x67\xf1\xdd\xda\xdf\x47\x57"
+ "\xc9\x2c\x0f\xcb\xf3\x57\xd4\xda"
+ "\x00\x2e\x13\x48\x8f\xc0\xaa\x46"
+ "\xe1\xc1\x57\x75\x1e\xce\x74\xc2"
+ "\x82\xef\x31\x85\x8e\x38\x56\xff"
+ "\xcb\xab\xe0\x78\x40\x51\xd3\xc5"
+ "\xc3\xb1\xee\x9b\xd7\x72\x7f\x13"
+ "\x83\x7f\x45\x49\x45\xa1\x05\x8e"
+ "\xdc\x83\x81\x3c\x24\x28\x87\x08"
+ "\xa0\x70\x73\x80\x42\xcf\x5c\x26"
+ "\x39\xa5\xc5\x90\x5c\x56\xda\x58"
+ "\x93\x45\x5d\x45\x64\x59\x16\x3f"
+ "\xf1\x20\xf7\xa8\x2a\xd4\x3d\xbd"
+ "\x17\xfb\x90\x01\xcf\x1e\x71\xab"
+ "\x22\xa2\x24\xb5\x80\xac\xa2\x9a"
+ "\x9c\x2d\x85\x69\xa7\x87\x33\x55"
+ "\x65\x72\xc0\x91\x2a\x3d\x05\x33"
+ "\x25\x0d\x29\x25\x9f\x45\x4e\xfa"
+ "\x5d\x90\x3f\x34\x08\x54\xdb\x7d"
+ "\x94\x20\xa2\x3b\x10\x01\xa4\x89"
+ "\x1e\x90\x4f\x36\x3f\xc2\x40\x07"
+ "\x3f\xab\x2e\x89\xce\x80\xe1\xf5"
+ "\xac\xaf\x17\x10\x18\x0f\x4d\xe3"
+ "\xfc\x82\x2b\xbe\xe2\x91\xfa\x5b"
+ "\x9a\x9b\x2a\xd7\x99\x8d\x8f\xdc"
+ "\x54\x99\xc4\xa3\x97\xfd\xd3\xdb"
+ "\xd1\x51\x7c\xce\x13\x5c\x3b\x74"
+ "\xda\x9a\xe3\xdc\xdc\x87\x84\x98"
+ "\x16\x6d\xb0\x3d\x65\x57\x0b\xb2"
+ "\xb8\x04\xd4\xea\x49\x72\xc3\x66"
+ "\xbc\xdc\x91\x05\x2b\xa6\x5e\xeb"
+ "\x55\x72\x3e\x34\xd4\x28\x4b\x9c"
+ "\x07\x51\xf7\x30\xf3\xca\x04\xc1"
+ "\xd3\x69\x50\x2c\x27\x27\xc4\xb9"
+ "\x56\xc7\xa2\xd2\x66\x29\xea\xe0"
+ "\x25\xb8\x49\xd1\x60\xc9\x5e\xb5"
+ "\xed\x87\xb8\x74\x98\x0d\x16\x86"
+ "\x2a\x02\x24\xde\xb9\xa9\x5e\xf0"
+ "\xdd\xf7\x55\xb0\x26\x7a\x93\xd4"
+ "\xe6\x7d\xd2\x43\xb2\x8f\x7e\x9a"
+ "\x5d\x81\xe6\x28\xe5\x96\x7d\xc8"
+ "\x33\xe0\x56\x57\xe2\xa0\xf2\x1d"
+ "\x61\x78\x60\xd5\x81\x70\xa4\x11"
+ "\x43\x36\xe9\xd1\x68\x27\x21\x3c"
+ "\xb2\xa2\xad\x5f\x04\xd4\x55\x00"
+ "\x25\x71\x91\xed\x3a\xc9\x7b\x57"
+ "\x7b\xd1\x8a\xfb\x0e\xf5\x7b\x08"
+ "\xa9\x26\x4f\x24\x5f\xdd\x79\xed"
+ "\x19\xc4\xe1\xd5\xa8\x66\x60\xfc"
+ "\x5d\x48\x11\xb0\xa3\xc3\xe6\xc0"
+ "\xc6\x16\x7d\x20\x3f\x7c\x25\x52"
+ "\xdf\x05\xdd\xb5\x0b\x92\xee\xc5"
+ "\xe6\xd2\x7c\x3e\x2e\xd5\xac\xda"
+ "\xdb\x48\x31\xac\x87\x13\x8c\xfa"
+ "\xac\x18\xbc\xd1\x7f\x2d\xc6\x19"
+ "\x8a\xfa\xa0\x97\x89\x26\x50\x46"
+ "\x9c\xca\xe1\x73\x97\x26\x0a\x50"
+ "\x95\xec\x79\x19\xf6\xbd\x9a\xa1"
+ "\xcf\xc9\xab\xf7\x85\x84\xb2\xf5"
+ "\x2c\x7c\x73\xaa\xe2\xc2\xfb\xcd"
+ "\x5f\x08\x46\x2f\x8e\xd9\xff\xfd"
+ "\x19\xf6\xf4\x5d\x2b\x4b\x54\xe2"
+ "\x27\xaa\xfd\x2c\x5f\x75\x7c\xf6"
+ "\x2c\x95\x77\xcc\x90\xa2\xda\x1e"
+ "\x85\x37\x18\x34\x1d\xcf\x1b\xf2"
+ "\x86\xda\x71\xfb\x72\xab\x87\x0f"
+ "\x1e\x10\xb3\xba\x51\xea\x29\xd3"
+ "\x8c\x87\xce\x4b\x66\xbf\x60\x6d"
+ "\x81\x7c\xb8\x9c\xcc\x2e\x35\x02"
+ "\x02\x32\x4a\x7a\x24\xc4\x9f\xce"
+ "\xf0\x8a\x85\x90\xf3\x24\x95\x02"
+ "\xec\x13\xc1\xa4\xdd\x44\x01\xef"
+ "\xf6\xaa\x30\x70\xbf\x4e\x1a\xb9"
+ "\xc0\xff\x3b\x57\x5d\x12\xfe\xc3"
+ "\x1d\x5c\x3f\x74\xf9\xd9\x64\x61"
+ "\x20\xb2\x76\x79\x38\xd2\x21\xfb"
+ "\xc9\x32\xe8\xcc\x8e\x5f\xd7\x01"
+ "\x9e\x25\x76\x4d\xa7\xc1\x33\x21"
+ "\xfa\xcf\x98\x40\xd2\x1d\x48\xbd"
+ "\xd0\xc0\x38\x90\x27\x9b\x89\x4a"
+ "\x10\x1e\xaf\xa0\x78\x7d\x87\x2b"
+ "\x72\x10\x02\xf0\x5d\x22\x8b\x22"
+ "\xd7\x56\x7c\xd7\x6d\xcd\x9b\xc6"
+ "\xbc\xb2\xa6\x36\xde\xac\x87\x14"
+ "\x92\x93\x47\xca\x7d\xf4\x0b\x88"
+ "\xea\xbf\x3f\x2f\xa9\x94\x24\x13"
+ "\xa1\x52\x29\xfd\x5d\xa9\x76\x85"
+ "\x21\x62\x39\xa3\xf0\xf7\xb5\xa3"
+ "\xe0\x6c\x1b\xcb\xdb\x41\x91\xc6"
+ "\x4f\xaa\x26\x8b\x15\xd5\x84\x3a"
+ "\xda\xd6\x05\xc8\x8c\x0f\xe9\x19"
+ "\x00\x81\x38\xfb\x8f\xdf\xb0\x63"
+ "\x75\xe0\xe8\x8f\xef\x4a\xe0\x83"
+ "\x34\xe9\x4e\x06\xd7\xbb\xcd\xed"
+ "\x70\x0c\x72\x80\x64\x94\x67\xad"
+ "\x4a\xda\x82\xcf\x60\xfc\x92\x43"
+ "\xe3\x2f\xd1\x1e\x81\x1d\xdc\x62"
+ "\xec\xb1\xb0\xad\x4f\x43\x1d\x38"
+ "\x4e\x0d\x90\x40\x29\x1b\x98\xf1"
+ "\xbc\x70\x4e\x5a\x08\xbe\x88\x3a"
+ "\x55\xfb\x8c\x33\x1f\x0a\x7d\x2d"
+ "\xdc\x75\x03\xd2\x3b\xe8\xb8\x32"
+ "\x13\xab\x04\xbc\xe2\x33\x44\xa6"
+ "\xff\x6e\xba\xbd\xdc\xe2\xbf\x54"
+ "\x99\x71\x76\x59\x3b\x7a\xbc\xde"
+ "\xa1\x6e\x73\x62\x96\x73\x56\x66"
+ "\xfb\x1a\x56\x91\x2a\x8b\x12\xb0"
+ "\x82\x9f\x9b\x0c\x42\xc7\x22\x2c"
+ "\xbc\x49\xc5\x3c\x3b\xbf\x52\x64"
+ "\xd6\xd4\x03\x52\xf3\xfd\x13\x98"
+ "\xcc\xd8\xaa\x3e\x1d\x1f\x04\x8a"
+ "\x03\x41\x19\x5b\x31\xf3\x48\x83"
+ "\x49\xa3\xdd\xc9\x7c\x01\x34\x64"
+ "\xe5\xf3\xdf\xc9\x7f\x17\xa2\xf5"
+ "\x9c\x21\x79\x93\x91\x93\xbf\x9b"
+ "\xa5\xa5\xda\x1d\x55\x32\x72\x78"
+ "\xa6\x45\x2d\x21\x97\x6b\xfe\xbc"
+ "\xd0\xe7\x8e\x97\x66\x85\x9e\x41"
+ "\xfa\x2c\x8a\xee\x0d\x5a\x18\xf2"
+ "\x15\x89\x8f\xfb\xbc\xd8\xa6\x0c"
+ "\x83\xcc\x20\x08\xce\x70\xe5\xe6"
+ "\xbb\x7d\x9f\x11\x5f\x1e\x16\x68"
+ "\x18\xad\xa9\x4b\x04\x97\x8c\x18"
+ "\xed\x2a\x70\x79\x39\xcf\x36\x72"
+ "\x1e\x3e\x6d\x3c\x19\xce\x13\x19"
+ "\xb5\x13\xe7\x02\xd8\x5c\xec\x0c"
+ "\x81\xc5\xe5\x86\x10\x83\x9e\x67"
+ "\x3b\x74\x29\x63\xda\x23\xbc\x43"
+ "\xe9\x73\xa6\x2d\x25\x77\x66\xd0"
+ "\x2e\x05\x38\xae\x2e\x0e\x7f\xaf"
+ "\x82\xed\xef\x28\x39\x4c\x4b\x6f"
+ "\xdb\xa1\xb5\x79\xd0\x5b\x50\x77"
+ "\x6d\x75\x9f\x3c\xcf\xde\x41\xb8"
+ "\xa9\x13\x11\x60\x19\x23\xc7\x35"
+ "\x48\xbc\x14\x08\xf9\x57\xfe\x15"
+ "\xfd\xb2\xbb\x8c\x44\x3b\xf1\x62"
+ "\xbc\x0e\x01\x45\x39\xc0\xbb\xce"
+ "\xf5\xb7\xe1\x16\x7b\xcc\x8d\x7f"
+ "\xd3\x15\x36\xef\x8e\x4b\xaa\xee"
+ "\x49\x0c\x6e\x9b\x8c\x0e\x9f\xe0"
+ "\xd5\x7b\xdd\xbc\xb3\x67\x53\x6d"
+ "\x8b\xbe\xa3\xcd\x1e\x37\x9d\xc3"
+ "\x61\x36\xf4\x77\xec\x2b\xc7\x8b"
+ "\xd7\xad\x8d\x23\xdd\xf7\x9d\xf1"
+ "\x61\x1c\xbf\x09\xa5\x5e\xb9\x14"
+ "\xa6\x3f\x1a\xd9\x12\xb4\xef\x56"
+ "\x20\xa0\x77\x3e\xab\xf1\xb9\x91"
+ "\x5a\x92\x85\x5c\x92\x15\xb2\x1f"
+ "\xaf\xb0\x92\x23\x2d\x27\x8b\x7e"
+ "\x12\xcc\x56\xaa\x62\x85\x15\xd7"
+ "\x41\x89\x62\xd6\xd9\xd0\x6d\xbd"
+ "\x21\xa8\x49\xb6\x35\x40\x2f\x8d"
+ "\x2e\xfa\x24\x1e\x30\x12\x9c\x05"
+ "\x59\xfa\xe1\xad\xc0\x53\x09\xda"
+ "\xc0\x2e\x9d\x24\x0e\x4b\x6e\xd7"
+ "\x68\x32\x6a\xa0\x3c\x23\xb6\x5a"
+ "\x90\xb1\x1f\x62\xc8\x37\x36\x88"
+ "\xa4\x4d\x91\x12\x8d\x51\x8d\x81"
+ "\x44\x21\xfe\xd3\x61\x8d\xea\x5b"
+ "\x87\x24\xa9\xe9\x87\xde\x75\x77"
+ "\xc6\xa0\xd3\xf6\x99\x8b\x32\x56"
+ "\x47\xc6\x60\x65\xb6\x4f\xd1\x59"
+ "\x08\xb2\xe0\x15\x3e\xcb\x2c\xd6"
+ "\x8d\xc6\xbf\xda\x63\xe2\x04\x88"
+ "\x30\x9f\x37\x38\x98\x1c\x3e\x7a"
+ "\xa8\x8f\x3e\x2c\xcf\x90\x15\x6e"
+ "\x5d\xe9\x76\xd5\xdf\xc6\x2f\xf6"
+ "\xf5\x4a\x86\xbd\x36\x2a\xda\xdf"
+ "\x2f\xd8\x6e\x15\x18\x6b\xe9\xdb"
+ "\x26\x54\x6e\x60\x3b\xb8\xf9\x91"
+ "\xc1\x1d\xc0\x4f\x26\x8b\xdf\x55"
+ "\x47\x2f\xce\xdd\x4e\x93\x58\x3f"
+ "\x70\xdc\xf9\x4e\x9b\x37\x5e\x4f"
+ "\x39\xb9\x30\xe6\xce\xdb\xaf\x46"
+ "\xca\xfa\x52\xc9\x75\x3e\xd6\x96"
+ "\xe8\x97\xf1\xb1\x64\x31\x71\x1e"
+ "\x9f\xb6\xff\x69\xd6\xcd\x85\x4e"
+ "\x20\xf5\xfc\x84\x3c\xaf\xcc\x8d"
+ "\x5b\x52\xb8\xa2\x1c\x38\x47\x82"
+ "\x96\xff\x06\x4c\xaf\x8a\xf4\x8f"
+ "\xf8\x15\x97\xf6\xc3\xbc\x8c\x9e"
+ "\xc2\x06\xd9\x64\xb8\x1b\x0d\xd1"
+ "\x53\x55\x83\x7d\xcb\x8b\x7d\x20"
+ "\xa7\x70\xcb\xaa\x25\xae\x5a\x4f"
+ "\xdc\x66\xad\xe4\x54\xff\x09\xef"
+ "\x25\xcb\xac\x59\x89\x1d\x06\xcf"
+ "\xc7\x74\xe0\x5d\xa6\xd0\x04\xb4"
+ "\x41\x75\x34\x80\x6c\x4c\xc9\xd0"
+ "\x51\x0c\x0f\x84\x26\x75\x69\x23"
+ "\x81\x67\xde\xbf\x6c\x57\x8a\xc4"
+ "\xba\x91\xba\x8c\x2c\x75\xeb\x55"
+ "\xe5\x1b\x13\xbc\xaa\xec\x31\xdb"
+ "\xcc\x00\x3b\xe6\x50\xd8\xc3\xcc"
+ "\x9c\xb8\x6e\xb4\x9b\x16\xee\x74"
+ "\x26\x51\xda\x39\xe6\x31\xa1\xb2"
+ "\xd7\x6f\xcb\xae\x7d\x9f\x38\x7d"
+ "\x86\x49\x2a\x16\x5c\xc0\x08\xea"
+ "\x6b\x55\x85\x47\xbb\x90\xba\x69"
+ "\x56\xa5\x44\x62\x5b\xe6\x3b\xcc"
+ "\xe7\x6d\x1e\xca\x4b\xf3\x86\xe0"
+ "\x09\x76\x51\x83\x0a\x46\x19\x61"
+ "\xf0\xce\xe1\x06\x7d\x06\xb4\xfe"
+ "\xd9\xd3\x64\x8e\x0f\xd9\x64\x9e"
+ "\x74\x44\x97\x5d\x92\x7b\xe3\xcf"
+ "\x51\x44\xe7\xf2\xe7\xc0\x0c\xc2"
+ "\xf1\xf7\xa6\x36\x52\x2f\x7c\x09"
+ "\xfe\x8c\x59\x77\x52\x6a\x7e\xb3"
+ "\x2b\xb9\x17\x78\xe4\xf2\x82\x62"
+ "\x7f\x68\x8e\x04\xb4\x8f\x60\xd2"
+ "\xc6\x22\x1e\x0f\x3a\x8e\x3c\xb2"
+ "\x60\xbc\xa9\xb3\xda\xbd\x50\xe4"
+ "\x33\x98\xdd\x6f\xe9\x3b\x77\x57"
+ "\xeb\x7c\x8f\xbc\xfc\x34\x34\xb9"
+ "\x40\x31\x67\xcf\xfe\x22\x20\xa5"
+ "\x97\xe8\x4c\xa2\xc3\x94\xc6\x28"
+ "\xa6\x24\xe5\xa6\xb5\xd8\x24\xef"
+ "\x16\xa1\xc9\xe5\x92\xe6\x8c\x45"
+ "\x24\x24\x51\x22\x1e\xad\xef\x2f"
+ "\xb6\xbe\xfc\x92\x20\xac\x45\xe6"
+ "\xc0\xb0\xc8\xfb\x21\x34\xd4\x05"
+ "\x54\xb3\x99\xa4\xfe\xa9\xd5\xb5"
+ "\x3b\x72\x83\xf6\xe2\xf9\x88\x0e"
+ "\x20\x80\x3e\x4e\x8f\xa1\x75\x69"
+ "\x43\x5a\x7c\x38\x62\x51\xb5\xb7"
+ "\x84\x95\x3f\x6d\x24\xcc\xfd\x4b"
+ "\x4a\xaa\x97\x83\x6d\x16\xa8\xc5"
+ "\x18\xd9\xb9\xfe\xe2\x3f\xe8\xbd"
+ "\x37\x44\xdf\x79\x3b\x34\x19\x1a"
+ "\x65\x5e\xc7\x61\x1f\x17\x5e\x84"
+ "\x20\x72\x32\x98\x8c\x9e\xac\x1f"
+ "\x6e\x32\xae\x86\x46\x4f\x0f\x64"
+ "\x3f\xce\x96\xe6\x02\x41\x53\x1f"
+ "\x35\x30\x57\x7f\xfe\xb7\x47\xb9"
+ "\x0c\x2f\x14\x34\x9b\x1c\x88\x17"
+ "\xb5\xe5\x94\x17\x3e\xdc\x4d\x49"
+ "\xe1\x5d\x75\x3e\xa6\x16\x42\xd4"
+ "\x59\xb5\x24\x7c\x4c\x54\x1c\xf9"
+ "\xd6\xed\x69\x22\x5f\x74\xc9\xa9"
+ "\x7c\xb8\x09\xa7\xf9\x2b\x0d\x5f"
+ "\x42\xff\x4e\x57\xde\x0c\x67\x45"
+ "\xa4\x6e\xa0\x7e\x28\x34\xc5\xfe"
+ "\x58\x7e\xda\xec\x9f\x0b\x31\x2a"
+ "\x1f\x1b\x98\xad\x14\xcf\x9f\x96"
+ "\xf8\x87\x0e\x14\x19\x81\x23\x53"
+ "\x5f\x38\x08\xd9\xc1\xcb\xb2\xc5"
+ "\x19\x72\x75\x01\xd4\xcf\xd9\x91"
+ "\xfc\x48\xcc\xa3\x3c\xe6\x4c\xc6"
+ "\x73\xde\x5e\x90\xce\x6c\x85\x43"
+ "\x0d\xdf\xe3\x8c\x02\x62\xef\xac"
+ "\xb8\x05\x80\x81\xf6\x22\x30\xad"
+ "\x30\xa8\xcb\x55\x1e\xe6\x05\x7f"
+ "\xc5\x58\x1a\x78\xb7\x2f\x8e\x3c"
+ "\x80\x09\xca\xa2\x9a\x72\xeb\x10"
+ "\x84\x54\xaa\x98\x35\x5e\xb1\xc2"
+ "\xb7\x73\x14\x69\xef\xf8\x28\x43"
+ "\x36\xd3\x10\x0a\xd6\x69\xf8\xc8"
+ "\xbb\xe9\xe9\xf9\x29\x52\xf8\x6f"
+ "\x12\x78\xf9\xc6\xb2\x12\xfd\x39"
+ "\xa9\xeb\xe2\x47\xb9\x22\xc5\x8f"
+ "\x4d\xb1\x17\x40\x02\x84\xed\x53"
+ "\xc5\xfa\xc1\xcd\x59\x56\x93\xaa"
+ "\x3f\x23\x3f\x02\xb7\xe9\x6e\xa0"
+ "\xbc\x96\xb8\xb2\xf8\x04\x19\x87"
+ "\xe9\x4f\x29\xbf\x3a\xcb\x6d\x48"
+ "\xc9\xe7\x1f\xb7\xa8\xf8\xd4\xb4"
+ "\x6d\x0f\xb4\xf6\x44\x11\x0f\xf7"
+ "\x3d\xd2\x36\x05\x67\xa1\x46\x81"
+ "\x90\xe9\x60\x64\xfa\x52\x87\x37"
+ "\x44\x01\xbd\x58\xe1\xda\xda\x1e"
+ "\xa7\x09\xf7\x43\x31\x2b\x4b\x55"
+ "\xbd\x0d\x53\x7f\x12\x6c\xf5\x07"
+ "\xfc\x61\xda\xd6\x0a\xbd\x89\x5f"
+ "\x2c\xf5\xa8\x1f\x0d\x60\xe4\x3c"
+ "\x5d\x94\x8a\x1f\x64\xce\xd5\x16"
+ "\x73\xbc\xbe\xb1\x85\x28\xcb\x0b"
+ "\x47\x5c\x1f\x66\x25\x89\x61\x6a"
+ "\xa7\xcd\xf8\x1b\x31\x88\x42\x71"
+ "\x58\x65\x53\xd5\xc0\xa3\x56\x2e"
+ "\xb6\x86\x9e\x13\x78\x34\x36\x85"
+ "\xbb\xce\x6e\x54\x33\xb9\x97\xc5"
+ "\x72\xb8\xe0\x13\x34\x04\xbf\x83"
+ "\xbf\x78\x1d\x7c\x23\x34\x90\xe0"
+ "\x57\xd4\x3f\xc6\x61\xe3\xca\x96"
+ "\x13\xdd\x9e\x20\x51\x18\x73\x37"
+ "\x69\x37\xfb\xe5\x60\x1f\xf2\xa1"
+ "\xef\xa2\x6e\x16\x32\x8e\xc3\xb6"
+ "\x21\x5e\xc2\x1c\xb6\xc6\x96\x72"
+ "\x4f\xa6\x85\x69\xa9\x5d\xb2\x2e"
+ "\xac\xfe\x6e\xc3\xe7\xb3\x51\x08"
+ "\x66\x2a\xac\x59\xb3\x73\x86\xae"
+ "\x6d\x85\x97\x37\x68\xef\xa7\x85"
+ "\xb7\xdd\xdd\xd9\x85\xc9\x57\x01"
+ "\x10\x2b\x9a\x1e\x44\x12\x87\xa5"
+ "\x60\x1f\x88\xae\xbf\x14\x2d\x05"
+ "\x4c\x60\x85\x8a\x45\xac\x0f\xc2",
+ .len = 4096,
+ }
+};
+
+/* Adiantum with XChaCha20 instead of XChaCha12 */
+/* Test vectors from https://github.com/google/adiantum */
+static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = {
+ {
+ .key = "\x9e\xeb\xb2\x49\x3c\x1c\xf5\xf4"
+ "\x6a\x99\xc2\xc4\xdf\xb1\xf4\xdd"
+ "\x75\x20\x57\xea\x2c\x4f\xcd\xb2"
+ "\xa5\x3d\x7b\x49\x1e\xab\xfd\x0f",
+ .klen = 32,
+ .iv = "\xdf\x63\xd4\xab\xd2\x49\xf3\xd8"
+ "\x33\x81\x37\x60\x7d\xfa\x73\x08"
+ "\xd8\x49\x6d\x80\xe8\x2f\x62\x54"
+ "\xeb\x0e\xa9\x39\x5b\x45\x7f\x8a",
+ .ptext = "\x67\xc9\xf2\x30\x84\x41\x8e\x43"
+ "\xfb\xf3\xb3\x3e\x79\x36\x7f\xe8",
+ .ctext = "\xf6\x78\x97\xd6\xaa\x94\x01\x27"
+ "\x2e\x4d\x83\xe0\x6e\x64\x9a\xdf",
+ .len = 16,
+ }, {
+ .key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99"
+ "\x5f\x1a\x5a\x44\x1d\x92\x0f\x27"
+ "\xcc\x16\xd7\x2b\x85\x63\x99\xd3"
+ "\xba\x96\xa1\xdb\xd2\x60\x68\xda",
+ .klen = 32,
+ .iv = "\xef\x58\x69\xb1\x2c\x5e\x9a\x47"
+ "\x24\xc1\xb1\x69\xe1\x12\x93\x8f"
+ "\x43\x3d\x6d\x00\xdb\x5e\xd8\xd9"
+ "\x12\x9a\xfe\xd9\xff\x2d\xaa\xc4",
+ .ptext = "\x5e\xa8\x68\x19\x85\x98\x12\x23"
+ "\x26\x0a\xcc\xdb\x0a\x04\xb9\xdf"
+ "\x4d\xb3\x48\x7b\xb0\xe3\xc8\x19"
+ "\x43\x5a\x46\x06\x94\x2d\xf2",
+ .ctext = "\x4b\xb8\x90\x10\xdf\x7f\x64\x08"
+ "\x0e\x14\x42\x5f\x00\x74\x09\x36"
+ "\x57\x72\xb5\xfd\xb5\x5d\xb8\x28"
+ "\x0c\x04\x91\x14\x91\xe9\x37",
+ .len = 31,
+ }, {
+ .key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7"
+ "\x05\x91\x8f\xee\x85\x1f\x35\x7f"
+ "\x80\x3d\xfc\x9b\x94\xf6\xfc\x9e"
+ "\x19\x09\x00\xa9\x04\x31\x4f\x11",
+ .klen = 32,
+ .iv = "\xa1\xba\x49\x95\xff\x34\x6d\xb8"
+ "\xcd\x87\x5d\x5e\xfd\xea\x85\xdb"
+ "\x8a\x7b\x5e\xb2\x5d\x57\xdd\x62"
+ "\xac\xa9\x8c\x41\x42\x94\x75\xb7",
+ .ptext = "\x69\xb4\xe8\x8c\x37\xe8\x67\x82"
+ "\xf1\xec\x5d\x04\xe5\x14\x91\x13"
+ "\xdf\xf2\x87\x1b\x69\x81\x1d\x71"
+ "\x70\x9e\x9c\x3b\xde\x49\x70\x11"
+ "\xa0\xa3\xdb\x0d\x54\x4f\x66\x69"
+ "\xd7\xdb\x80\xa7\x70\x92\x68\xce"
+ "\x81\x04\x2c\xc6\xab\xae\xe5\x60"
+ "\x15\xe9\x6f\xef\xaa\x8f\xa7\xa7"
+ "\x63\x8f\xf2\xf0\x77\xf1\xa8\xea"
+ "\xe1\xb7\x1f\x9e\xab\x9e\x4b\x3f"
+ "\x07\x87\x5b\x6f\xcd\xa8\xaf\xb9"
+ "\xfa\x70\x0b\x52\xb8\xa8\xa7\x9e"
+ "\x07\x5f\xa6\x0e\xb3\x9b\x79\x13"
+ "\x79\xc3\x3e\x8d\x1c\x2c\x68\xc8"
+ "\x51\x1d\x3c\x7b\x7d\x79\x77\x2a"
+ "\x56\x65\xc5\x54\x23\x28\xb0\x03",
+ .ctext = "\xb1\x8b\xa0\x05\x77\xa8\x4d\x59"
+ "\x1b\x8e\x21\xfc\x3a\x49\xfa\xd4"
+ "\xeb\x36\xf3\xc4\xdf\xdc\xae\x67"
+ "\x07\x3f\x70\x0e\xe9\x66\xf5\x0c"
+ "\x30\x4d\x66\xc9\xa4\x2f\x73\x9c"
+ "\x13\xc8\x49\x44\xcc\x0a\x90\x9d"
+ "\x7c\xdd\x19\x3f\xea\x72\x8d\x58"
+ "\xab\xe7\x09\x2c\xec\xb5\x44\xd2"
+ "\xca\xa6\x2d\x7a\x5c\x9c\x2b\x15"
+ "\xec\x2a\xa6\x69\x91\xf9\xf3\x13"
+ "\xf7\x72\xc1\xc1\x40\xd5\xe1\x94"
+ "\xf4\x29\xa1\x3e\x25\x02\xa8\x3e"
+ "\x94\xc1\x91\x14\xa1\x14\xcb\xbe"
+ "\x67\x4c\xb9\x38\xfe\xa7\xaa\x32"
+ "\x29\x62\x0d\xb2\xf6\x3c\x58\x57"
+ "\xc1\xd5\x5a\xbb\xd6\xa6\x2a\xe5",
+ .len = 128,
+ }, {
+ .key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a"
+ "\x25\x74\x29\x0d\x51\x8a\x0e\x13"
+ "\xc1\x53\x5d\x30\x8d\xee\x75\x0d"
+ "\x14\xd6\x69\xc9\x15\xa9\x0c\x60",
+ .klen = 32,
+ .iv = "\x65\x9b\xd4\xa8\x7d\x29\x1d\xf4"
+ "\xc4\xd6\x9b\x6a\x28\xab\x64\xe2"
+ "\x62\x81\x97\xc5\x81\xaa\xf9\x44"
+ "\xc1\x72\x59\x82\xaf\x16\xc8\x2c",
+ .ptext = "\xc7\x6b\x52\x6a\x10\xf0\xcc\x09"
+ "\xc1\x12\x1d\x6d\x21\xa6\x78\xf5"
+ "\x05\xa3\x69\x60\x91\x36\x98\x57"
+ "\xba\x0c\x14\xcc\xf3\x2d\x73\x03"
+ "\xc6\xb2\x5f\xc8\x16\x27\x37\x5d"
+ "\xd0\x0b\x87\xb2\x50\x94\x7b\x58"
+ "\x04\xf4\xe0\x7f\x6e\x57\x8e\xc9"
+ "\x41\x84\xc1\xb1\x7e\x4b\x91\x12"
+ "\x3a\x8b\x5d\x50\x82\x7b\xcb\xd9"
+ "\x9a\xd9\x4e\x18\x06\x23\x9e\xd4"
+ "\xa5\x20\x98\xef\xb5\xda\xe5\xc0"
+ "\x8a\x6a\x83\x77\x15\x84\x1e\xae"
+ "\x78\x94\x9d\xdf\xb7\xd1\xea\x67"
+ "\xaa\xb0\x14\x15\xfa\x67\x21\x84"
+ "\xd3\x41\x2a\xce\xba\x4b\x4a\xe8"
+ "\x95\x62\xa9\x55\xf0\x80\xad\xbd"
+ "\xab\xaf\xdd\x4f\xa5\x7c\x13\x36"
+ "\xed\x5e\x4f\x72\xad\x4b\xf1\xd0"
+ "\x88\x4e\xec\x2c\x88\x10\x5e\xea"
+ "\x12\xc0\x16\x01\x29\xa3\xa0\x55"
+ "\xaa\x68\xf3\xe9\x9d\x3b\x0d\x3b"
+ "\x6d\xec\xf8\xa0\x2d\xf0\x90\x8d"
+ "\x1c\xe2\x88\xd4\x24\x71\xf9\xb3"
+ "\xc1\x9f\xc5\xd6\x76\x70\xc5\x2e"
+ "\x9c\xac\xdb\x90\xbd\x83\x72\xba"
+ "\x6e\xb5\xa5\x53\x83\xa9\xa5\xbf"
+ "\x7d\x06\x0e\x3c\x2a\xd2\x04\xb5"
+ "\x1e\x19\x38\x09\x16\xd2\x82\x1f"
+ "\x75\x18\x56\xb8\x96\x0b\xa6\xf9"
+ "\xcf\x62\xd9\x32\x5d\xa9\xd7\x1d"
+ "\xec\xe4\xdf\x1b\xbe\xf1\x36\xee"
+ "\xe3\x7b\xb5\x2f\xee\xf8\x53\x3d"
+ "\x6a\xb7\x70\xa9\xfc\x9c\x57\x25"
+ "\xf2\x89\x10\xd3\xb8\xa8\x8c\x30"
+ "\xae\x23\x4f\x0e\x13\x66\x4f\xe1"
+ "\xb6\xc0\xe4\xf8\xef\x93\xbd\x6e"
+ "\x15\x85\x6b\xe3\x60\x81\x1d\x68"
+ "\xd7\x31\x87\x89\x09\xab\xd5\x96"
+ "\x1d\xf3\x6d\x67\x80\xca\x07\x31"
+ "\x5d\xa7\xe4\xfb\x3e\xf2\x9b\x33"
+ "\x52\x18\xc8\x30\xfe\x2d\xca\x1e"
+ "\x79\x92\x7a\x60\x5c\xb6\x58\x87"
+ "\xa4\x36\xa2\x67\x92\x8b\xa4\xb7"
+ "\xf1\x86\xdf\xdc\xc0\x7e\x8f\x63"
+ "\xd2\xa2\xdc\x78\xeb\x4f\xd8\x96"
+ "\x47\xca\xb8\x91\xf9\xf7\x94\x21"
+ "\x5f\x9a\x9f\x5b\xb8\x40\x41\x4b"
+ "\x66\x69\x6a\x72\xd0\xcb\x70\xb7"
+ "\x93\xb5\x37\x96\x05\x37\x4f\xe5"
+ "\x8c\xa7\x5a\x4e\x8b\xb7\x84\xea"
+ "\xc7\xfc\x19\x6e\x1f\x5a\xa1\xac"
+ "\x18\x7d\x52\x3b\xb3\x34\x62\x99"
+ "\xe4\x9e\x31\x04\x3f\xc0\x8d\x84"
+ "\x17\x7c\x25\x48\x52\x67\x11\x27"
+ "\x67\xbb\x5a\x85\xca\x56\xb2\x5c"
+ "\xe6\xec\xd5\x96\x3d\x15\xfc\xfb"
+ "\x22\x25\xf4\x13\xe5\x93\x4b\x9a"
+ "\x77\xf1\x52\x18\xfa\x16\x5e\x49"
+ "\x03\x45\xa8\x08\xfa\xb3\x41\x92"
+ "\x79\x50\x33\xca\xd0\xd7\x42\x55"
+ "\xc3\x9a\x0c\x4e\xd9\xa4\x3c\x86"
+ "\x80\x9f\x53\xd1\xa4\x2e\xd1\xbc"
+ "\xf1\x54\x6e\x93\xa4\x65\x99\x8e"
+ "\xdf\x29\xc0\x64\x63\x07\xbb\xea",
+ .ctext = "\xe0\x33\xf6\xe0\xb4\xa5\xdd\x2b"
+ "\xdd\xce\xfc\x12\x1e\xfc\x2d\xf2"
+ "\x8b\xc7\xeb\xc1\xc4\x2a\xe8\x44"
+ "\x0f\x3d\x97\x19\x2e\x6d\xa2\x38"
+ "\x9d\xa6\xaa\xe1\x96\xb9\x08\xe8"
+ "\x0b\x70\x48\x5c\xed\xb5\x9b\xcb"
+ "\x8b\x40\x88\x7e\x69\x73\xf7\x16"
+ "\x71\xbb\x5b\xfc\xa3\x47\x5d\xa6"
+ "\xae\x3a\x64\xc4\xe7\xb8\xa8\xe7"
+ "\xb1\x32\x19\xdb\xe3\x01\xb8\xf0"
+ "\xa4\x86\xb4\x4c\xc2\xde\x5c\xd2"
+ "\x6c\x77\xd2\xe8\x18\xb7\x0a\xc9"
+ "\x3d\x53\xb5\xc4\x5c\xf0\x8c\x06"
+ "\xdc\x90\xe0\x74\x47\x1b\x0b\xf6"
+ "\xd2\x71\x6b\xc4\xf1\x97\x00\x2d"
+ "\x63\x57\x44\x1f\x8c\xf4\xe6\x9b"
+ "\xe0\x7a\xdd\xec\x32\x73\x42\x32"
+ "\x7f\x35\x67\x60\x0d\xcf\x10\x52"
+ "\x61\x22\x53\x8d\x8e\xbb\x33\x76"
+ "\x59\xd9\x10\xce\xdf\xef\xc0\x41"
+ "\xd5\x33\x29\x6a\xda\x46\xa4\x51"
+ "\xf0\x99\x3d\x96\x31\xdd\xb5\xcb"
+ "\x3e\x2a\x1f\xc7\x5c\x79\xd3\xc5"
+ "\x20\xa1\xb1\x39\x1b\xc6\x0a\x70"
+ "\x26\x39\x95\x07\xad\x7a\xc9\x69"
+ "\xfe\x81\xc7\x88\x08\x38\xaf\xad"
+ "\x9e\x8d\xfb\xe8\x24\x0d\x22\xb8"
+ "\x0e\xed\xbe\x37\x53\x7c\xa6\xc6"
+ "\x78\x62\xec\xa3\x59\xd9\xc6\x9d"
+ "\xb8\x0e\x69\x77\x84\x2d\x6a\x4c"
+ "\xc5\xd9\xb2\xa0\x2b\xa8\x80\xcc"
+ "\xe9\x1e\x9c\x5a\xc4\xa1\xb2\x37"
+ "\x06\x9b\x30\x32\x67\xf7\xe7\xd2"
+ "\x42\xc7\xdf\x4e\xd4\xcb\xa0\x12"
+ "\x94\xa1\x34\x85\x93\x50\x4b\x0a"
+ "\x3c\x7d\x49\x25\x01\x41\x6b\x96"
+ "\xa9\x12\xbb\x0b\xc0\xd7\xd0\x93"
+ "\x1f\x70\x38\xb8\x21\xee\xf6\xa7"
+ "\xee\xeb\xe7\x81\xa4\x13\xb4\x87"
+ "\xfa\xc1\xb0\xb5\x37\x8b\x74\xa2"
+ "\x4e\xc7\xc2\xad\x3d\x62\x3f\xf8"
+ "\x34\x42\xe5\xae\x45\x13\x63\xfe"
+ "\xfc\x2a\x17\x46\x61\xa9\xd3\x1c"
+ "\x4c\xaf\xf0\x09\x62\x26\x66\x1e"
+ "\x74\xcf\xd6\x68\x3d\x7d\xd8\xb7"
+ "\xe7\xe6\xf8\xf0\x08\x20\xf7\x47"
+ "\x1c\x52\xaa\x0f\x3e\x21\xa3\xf2"
+ "\xbf\x2f\x95\x16\xa8\xc8\xc8\x8c"
+ "\x99\x0f\x5d\xfb\xfa\x2b\x58\x8a"
+ "\x7e\xd6\x74\x02\x60\xf0\xd0\x5b"
+ "\x65\xa8\xac\xea\x8d\x68\x46\x34"
+ "\x26\x9d\x4f\xb1\x9a\x8e\xc0\x1a"
+ "\xf1\xed\xc6\x7a\x83\xfd\x8a\x57"
+ "\xf2\xe6\xe4\xba\xfc\xc6\x3c\xad"
+ "\x5b\x19\x50\x2f\x3a\xcc\x06\x46"
+ "\x04\x51\x3f\x91\x97\xf0\xd2\x07"
+ "\xe7\x93\x89\x7e\xb5\x32\x0f\x03"
+ "\xe5\x58\x9e\x74\x72\xeb\xc2\x38"
+ "\x00\x0c\x91\x72\x69\xed\x7d\x6d"
+ "\xc8\x71\xf0\xec\xff\x80\xd9\x1c"
+ "\x9e\xd2\xfa\x15\xfc\x6c\x4e\xbc"
+ "\xb1\xa6\xbd\xbd\x70\x40\xca\x20"
+ "\xb8\x78\xd2\xa3\xc6\xf3\x79\x9c"
+ "\xc7\x27\xe1\x6a\x29\xad\xa4\x03",
+ .len = 512,
+ }, {
+ .key = "\xeb\xe5\x11\x3a\x72\xeb\x10\xbe"
+ "\x70\xcf\xe3\xea\xc2\x74\xa4\x48"
+ "\x29\x0f\x8f\x3f\xcf\x4c\x28\x2a"
+ "\x4e\x1e\x3c\xc3\x27\x9f\x16\x13",
+ .klen = 32,
+ .iv = "\x84\x3e\xa2\x7c\x06\x72\xb2\xad"
+ "\x88\x76\x65\xb4\x1a\x29\x27\x12"
+ "\x45\xb6\x8d\x0e\x4b\x87\x04\xfc"
+ "\xb5\xcd\x1c\x4d\xe8\x06\xf1\xcb",
+ .ptext = "\x8e\xb6\x07\x9b\x7c\xe4\xa4\xa2"
+ "\x41\x6c\x24\x1d\xc0\x77\x4e\xd9"
+ "\x4a\xa4\x2c\xb6\xe4\x55\x02\x7f"
+ "\xc4\xec\xab\xc2\x5c\x63\x40\x92"
+ "\x38\x24\x62\xdb\x65\x82\x10\x7f"
+ "\x21\xa5\x39\x3a\x3f\x38\x7e\xad"
+ "\x6c\x7b\xc9\x3f\x89\x8f\xa8\x08"
+ "\xbd\x31\x57\x3c\x7a\x45\x67\x30"
+ "\xa9\x27\x58\x34\xbe\xe3\xa4\xc3"
+ "\xff\xc2\x9f\x43\xf0\x04\xba\x1e"
+ "\xb6\xf3\xc4\xce\x09\x7a\x2e\x42"
+ "\x7d\xad\x97\xc9\x77\x9a\x3a\x78"
+ "\x6c\xaf\x7c\x2a\x46\xb4\x41\x86"
+ "\x1a\x20\xf2\x5b\x1a\x60\xc9\xc4"
+ "\x47\x5d\x10\xa4\xd2\x15\x6a\x19"
+ "\x4f\xd5\x51\x37\xd5\x06\x70\x1a"
+ "\x3e\x78\xf0\x2e\xaa\xb5\x2a\xbd"
+ "\x83\x09\x7c\xcb\x29\xac\xd7\x9c"
+ "\xbf\x80\xfd\x9d\xd4\xcf\x64\xca"
+ "\xf8\xc9\xf1\x77\x2e\xbb\x39\x26"
+ "\xac\xd9\xbe\xce\x24\x7f\xbb\xa2"
+ "\x82\xba\xeb\x5f\x65\xc5\xf1\x56"
+ "\x8a\x52\x02\x4d\x45\x23\x6d\xeb"
+ "\xb0\x60\x7b\xd8\x6e\xb2\x98\xd2"
+ "\xaf\x76\xf2\x33\x9b\xf3\xbb\x95"
+ "\xc0\x50\xaa\xc7\x47\xf6\xb3\xf3"
+ "\x77\x16\xcb\x14\x95\xbf\x1d\x32"
+ "\x45\x0c\x75\x52\x2c\xe8\xd7\x31"
+ "\xc0\x87\xb0\x97\x30\x30\xc5\x5e"
+ "\x50\x70\x6e\xb0\x4b\x4e\x38\x19"
+ "\x46\xca\x38\x6a\xca\x7d\xfe\x05"
+ "\xc8\x80\x7c\x14\x6c\x24\xb5\x42"
+ "\x28\x04\x4c\xff\x98\x20\x08\x10"
+ "\x90\x31\x03\x78\xd8\xa1\xe6\xf9"
+ "\x52\xc2\xfc\x3e\xa7\x68\xce\xeb"
+ "\x59\x5d\xeb\xd8\x64\x4e\xf8\x8b"
+ "\x24\x62\xcf\x17\x36\x84\xc0\x72"
+ "\x60\x4f\x3e\x47\xda\x72\x3b\x0e"
+ "\xce\x0b\xa9\x9c\x51\xdc\xa5\xb9"
+ "\x71\x73\x08\x4e\x22\x31\xfd\x88"
+ "\x29\xfc\x8d\x17\x3a\x7a\xe5\xb9"
+ "\x0b\x9c\x6d\xdb\xce\xdb\xde\x81"
+ "\x73\x5a\x16\x9d\x3c\x72\x88\x51"
+ "\x10\x16\xf3\x11\x6e\x32\x5f\x4c"
+ "\x87\xce\x88\x2c\xd2\xaf\xf5\xb7"
+ "\xd8\x22\xed\xc9\xae\x68\x7f\xc5"
+ "\x30\x62\xbe\xc9\xe0\x27\xa1\xb5"
+ "\x57\x74\x36\x60\xb8\x6b\x8c\xec"
+ "\x14\xad\xed\x69\xc9\xd8\xa5\x5b"
+ "\x38\x07\x5b\xf3\x3e\x74\x48\x90"
+ "\x61\x17\x23\xdd\x44\xbc\x9d\x12"
+ "\x0a\x3a\x63\xb2\xab\x86\xb8\x67"
+ "\x85\xd6\xb2\x5d\xde\x4a\xc1\x73"
+ "\x2a\x7c\x53\x8e\xd6\x7d\x0e\xe4"
+ "\x3b\xab\xc5\x3d\x32\x79\x18\xb7"
+ "\xd6\x50\x4d\xf0\x8a\x37\xbb\xd3"
+ "\x8d\xd8\x08\xd7\x7d\xaa\x24\x52"
+ "\xf7\x90\xe3\xaa\xd6\x49\x7a\x47"
+ "\xec\x37\xad\x74\x8b\xc1\xb7\xfe"
+ "\x4f\x70\x14\x62\x22\x8c\x63\xc2"
+ "\x1c\x4e\x38\xc3\x63\xb7\xbf\x53"
+ "\xbd\x1f\xac\xa6\x94\xc5\x81\xfa"
+ "\xe0\xeb\x81\xe9\xd9\x1d\x32\x3c"
+ "\x85\x12\xca\x61\x65\xd1\x66\xd8"
+ "\xe2\x0e\xc3\xa3\xff\x0d\xd3\xee"
+ "\xdf\xcc\x3e\x01\xf5\x9b\x45\x5c"
+ "\x33\xb5\xb0\x8d\x36\x1a\xdf\xf8"
+ "\xa3\x81\xbe\xdb\x3d\x4b\xf6\xc6"
+ "\xdf\x7f\xb0\x89\xbd\x39\x32\x50"
+ "\xbb\xb2\xe3\x5c\xbb\x4b\x18\x98"
+ "\x08\x66\x51\xe7\x4d\xfb\xfc\x4e"
+ "\x22\x42\x6f\x61\xdb\x7f\x27\x88"
+ "\x29\x3f\x02\xa9\xc6\x83\x30\xcc"
+ "\x8b\xd5\x64\x7b\x7c\x76\x16\xbe"
+ "\xb6\x8b\x26\xb8\x83\x16\xf2\x6b"
+ "\xd1\xdc\x20\x6b\x42\x5a\xef\x7a"
+ "\xa9\x60\xb8\x1a\xd3\x0d\x4e\xcb"
+ "\x75\x6b\xc5\x80\x43\x38\x7f\xad"
+ "\x9c\x56\xd9\xc4\xf1\x01\x74\xf0"
+ "\x16\x53\x8d\x69\xbe\xf2\x5d\x92"
+ "\x34\x38\xc8\x84\xf9\x1a\xfc\x26"
+ "\x16\xcb\xae\x7d\x38\x21\x67\x74"
+ "\x4c\x40\xaa\x6b\x97\xe0\xb0\x2f"
+ "\xf5\x3e\xf6\xe2\x24\xc8\x22\xa4"
+ "\xa8\x88\x27\x86\x44\x75\x5b\x29"
+ "\x34\x08\x4b\xa1\xfe\x0c\x26\xe5"
+ "\xac\x26\xf6\x21\x0c\xfb\xde\x14"
+ "\xfe\xd7\xbe\xee\x48\x93\xd6\x99"
+ "\x56\x9c\xcf\x22\xad\xa2\x53\x41"
+ "\xfd\x58\xa1\x68\xdc\xc4\xef\x20"
+ "\xa1\xee\xcf\x2b\x43\xb6\x57\xd8"
+ "\xfe\x01\x80\x25\xdf\xd2\x35\x44"
+ "\x0d\x15\x15\xc3\xfc\x49\xbf\xd0"
+ "\xbf\x2f\x95\x81\x09\xa6\xb6\xd7"
+ "\x21\x03\xfe\x52\xb7\xa8\x32\x4d"
+ "\x75\x1e\x46\x44\xbc\x2b\x61\x04"
+ "\x1b\x1c\xeb\x39\x86\x8f\xe9\x49"
+ "\xce\x78\xa5\x5e\x67\xc5\xe9\xef"
+ "\x43\xf8\xf1\x35\x22\x43\x61\xc1"
+ "\x27\xb5\x09\xb2\xb8\xe1\x5e\x26"
+ "\xcc\xf3\x6f\xb2\xb7\x55\x30\x98"
+ "\x87\xfc\xe7\xa8\xc8\x94\x86\xa1"
+ "\xd9\xa0\x3c\x74\x16\xb3\x25\x98"
+ "\xba\xc6\x84\x4a\x27\xa6\x58\xfe"
+ "\xe1\x68\x04\x30\xc8\xdb\x44\x52"
+ "\x4e\xb2\xa4\x6f\xf7\x63\xf2\xd6"
+ "\x63\x36\x17\x04\xf8\x06\xdb\xeb"
+ "\x99\x17\xa5\x1b\x61\x90\xa3\x9f"
+ "\x05\xae\x3e\xe4\xdb\xc8\x1c\x8e"
+ "\x77\x27\x88\xdf\xd3\x22\x5a\xc5"
+ "\x9c\xd6\x22\xf8\xc4\xd8\x92\x9d"
+ "\x16\xcc\x54\x25\x3b\x6f\xdb\xc0"
+ "\x78\xd8\xe3\xb3\x03\x69\xd7\x5d"
+ "\xf8\x08\x04\x63\x61\x9d\x76\xf9"
+ "\xad\x1d\xc4\x30\x9f\x75\x89\x6b"
+ "\xfb\x62\xba\xae\xcb\x1b\x6c\xe5"
+ "\x7e\xea\x58\x6b\xae\xce\x9b\x48"
+ "\x4b\x80\xd4\x5e\x71\x53\xa7\x24"
+ "\x73\xca\xf5\x3e\xbb\x5e\xd3\x1c"
+ "\x33\xe3\xec\x5b\xa0\x32\x9d\x25"
+ "\x0e\x0c\x28\x29\x39\x51\xc5\x70"
+ "\xec\x60\x8f\x77\xfc\x06\x7a\x33"
+ "\x19\xd5\x7a\x6e\x94\xea\xa3\xeb"
+ "\x13\xa4\x2e\x09\xd8\x81\x65\x83"
+ "\x03\x63\x8b\xb5\xc9\x89\x98\x73"
+ "\x69\x53\x8e\xab\xf1\xd2\x2f\x67"
+ "\xbd\xa6\x16\x6e\xd0\x8b\xc1\x25"
+ "\x93\xd2\x50\x7c\x1f\xe1\x11\xd0"
+ "\x58\x0d\x2f\x72\xe7\x5e\xdb\xa2"
+ "\x55\x9a\xe0\x09\x21\xac\x61\x85"
+ "\x4b\x20\x95\x73\x63\x26\xe3\x83"
+ "\x4b\x5b\x40\x03\x14\xb0\x44\x16"
+ "\xbd\xe0\x0e\xb7\x66\x56\xd7\x30"
+ "\xb3\xfd\x8a\xd3\xda\x6a\xa7\x3d"
+ "\x98\x09\x11\xb7\x00\x06\x24\x5a"
+ "\xf7\x42\x94\xa6\x0e\xb1\x6d\x48"
+ "\x74\xb1\xa7\xe6\x92\x0a\x15\x9a"
+ "\xf5\xfa\x55\x1a\x6c\xdd\x71\x08"
+ "\xd0\xf7\x8d\x0e\x7c\x67\x4d\xc6"
+ "\xe6\xde\x78\x88\x88\x3c\x5e\x23"
+ "\x46\xd2\x25\xa4\xfb\xa3\x26\x3f"
+ "\x2b\xfd\x9c\x20\xda\x72\xe1\x81"
+ "\x8f\xe6\xae\x08\x1d\x67\x15\xde"
+ "\x86\x69\x1d\xc6\x1e\x6d\xb7\x5c"
+ "\xdd\x43\x72\x5a\x7d\xa7\xd8\xd7"
+ "\x1e\x66\xc5\x90\xf6\x51\x76\x91"
+ "\xb3\xe3\x39\x81\x75\x08\xfa\xc5"
+ "\x06\x70\x69\x1b\x2c\x20\x74\xe0"
+ "\x53\xb0\x0c\x9d\xda\xa9\x5b\xdd"
+ "\x1c\x38\x6c\x9e\x3b\xc4\x7a\x82"
+ "\x93\x9e\xbb\x75\xfb\x19\x4a\x55"
+ "\x65\x7a\x3c\xda\xcb\x66\x5c\x13"
+ "\x17\x97\xe8\xbd\xae\x24\xd9\x76"
+ "\xfb\x8c\x73\xde\xbd\xb4\x1b\xe0"
+ "\xb9\x2c\xe8\xe0\x1d\x3f\xa8\x2c"
+ "\x1e\x81\x5b\x77\xe7\xdf\x6d\x06"
+ "\x7c\x9a\xf0\x2b\x5d\xfc\x86\xd5"
+ "\xb1\xad\xbc\xa8\x73\x48\x61\x67"
+ "\xd6\xba\xc8\xe8\xe2\xb8\xee\x40"
+ "\x36\x22\x3e\x61\xf6\xc8\x16\xe4"
+ "\x0e\x88\xad\x71\x53\x58\xe1\x6c"
+ "\x8f\x4f\x89\x4b\x3e\x9c\x7f\xe9"
+ "\xad\xc2\x28\xc2\x3a\x29\xf3\xec"
+ "\xa9\x28\x39\xba\xc2\x86\xe1\x06"
+ "\xf3\x8b\xe3\x95\x0c\x87\xb8\x1b"
+ "\x72\x35\x8e\x8f\x6d\x18\xc8\x1c"
+ "\xa5\x5d\x57\x9d\x73\x8a\xbb\x9e"
+ "\x21\x05\x12\xd7\xe0\x21\x1c\x16"
+ "\x3a\x95\x85\xbc\xb0\x71\x0b\x36"
+ "\x6c\x44\x8d\xef\x3b\xec\x3f\x8e"
+ "\x24\xa9\xe3\xa7\x63\x23\xca\x09"
+ "\x62\x96\x79\x0c\x81\x05\x41\xf2"
+ "\x07\x20\x26\xe5\x8e\x10\x54\x03"
+ "\x05\x7b\xfe\x0c\xcc\x8c\x50\xe5"
+ "\xca\x33\x4d\x48\x7a\x03\xd5\x64"
+ "\x49\x09\xf2\x5c\x5d\xfe\x2b\x30"
+ "\xbf\x29\x14\x29\x8b\x9b\x7c\x96"
+ "\x47\x07\x86\x4d\x4e\x4d\xf1\x47"
+ "\xd1\x10\x2a\xa8\xd3\x15\x8c\xf2"
+ "\x2f\xf4\x3a\xdf\xd0\xa7\xcb\x5a"
+ "\xad\x99\x39\x4a\xdf\x60\xbe\xf9"
+ "\x91\x4e\xf5\x94\xef\xc5\x56\x32"
+ "\x33\x86\x78\xa3\xd6\x4c\x29\x7c"
+ "\xe8\xac\x06\xb5\xf5\x01\x5c\x9f"
+ "\x02\xc8\xe8\xbf\x5c\x1a\x7f\x4d"
+ "\x28\xa5\xb9\xda\xa9\x5e\xe7\x4b"
+ "\xf4\x3d\xe9\x1d\x28\xaa\x1a\x8a"
+ "\x76\xc8\x6c\x19\x61\x3c\x9e\x29"
+ "\xcd\xbe\xff\xe0\x1c\xb8\x67\xb5"
+ "\xa4\x46\xf8\xb9\x8a\xa2\xf6\x7c"
+ "\xef\x23\x73\x0c\xe9\x72\x0a\x0d"
+ "\x9b\x40\xd8\xfb\x0c\x9c\xab\xa8",
+ .ctext = "\xfc\x02\x83\x13\x73\x06\x70\x3f"
+ "\x71\x28\x98\x61\xe5\x2c\x45\x49"
+ "\x18\xa2\x0e\x17\xc9\xdb\x4d\xf6"
+ "\xbe\x05\x02\x35\xc1\x18\x61\x28"
+ "\xff\x28\x0a\xd9\x00\xb8\xed\xec"
+ "\x14\x80\x88\x56\xcf\x98\x32\xcc"
+ "\xb0\xee\xb4\x5e\x2d\x61\x59\xcb"
+ "\x48\xc9\x25\xaa\x7e\x5f\xe5\x4f"
+ "\x95\x8f\x5d\x47\xe8\xc3\x09\xb4"
+ "\xce\xe7\x74\xcd\xc6\x09\x5c\xfc"
+ "\xc7\x79\xc9\x39\xe4\xe3\x9b\x59"
+ "\x67\x61\x10\xc9\xb7\x7a\xa8\x11"
+ "\x59\xf6\x7a\x67\x1c\x3a\x70\x76"
+ "\x2e\x0e\xbd\x10\x93\x01\x06\xea"
+ "\x51\xc6\x5c\xa7\xda\xd1\x7d\x06"
+ "\x8b\x1d\x5b\xb6\x87\xf0\x32\xbe"
+ "\xff\x55\xaa\x58\x5a\x28\xd1\x64"
+ "\x45\x3b\x0b\x5c\xee\xc4\x12\x2d"
+ "\x1f\xb7\xa5\x73\xf5\x20\xf5\xa8"
+ "\x10\x9d\xd8\x16\xd2\x05\x4d\x49"
+ "\x99\x4a\x71\x56\xec\xa3\xc7\x27"
+ "\xb0\x98\xcd\x59\x3c\x8a\xd1\x9e"
+ "\x33\xa5\x92\xf2\xb7\x87\x23\x5d"
+ "\x53\x9a\x8e\x7c\x63\x57\x5e\x9a"
+ "\x21\x54\x7a\x3c\x5a\xd5\x68\x69"
+ "\x35\x17\x51\x06\x19\x82\x9d\x44"
+ "\x9e\x8a\x75\xc5\x16\x55\xa4\x78"
+ "\x95\x63\xc3\xf0\x91\x73\x77\x44"
+ "\x0c\xff\xb9\xb3\xa7\x5f\xcf\x2a"
+ "\xa2\x54\x9c\xe3\x8b\x7e\x9d\x65"
+ "\xe5\x64\x8b\xbe\x06\x3a\x90\x31"
+ "\xdb\x42\x78\xe9\xe6\x8a\xae\xba"
+ "\x8f\xfb\xc9\x3d\xd9\xc2\x3e\x57"
+ "\xd5\x58\xfe\x70\x44\xe5\x2a\xd5"
+ "\x87\xcf\x9f\x6a\x02\xde\x48\xe9"
+ "\x13\xed\x8d\x2b\xf2\xa1\x56\x07"
+ "\x36\x2d\xcf\xc3\x5c\xd4\x4b\x20"
+ "\xb0\xdf\x1a\x70\xed\x0a\xe4\x2e"
+ "\x9a\xfc\x88\xa1\xc4\x2d\xd6\xb8"
+ "\xf1\x6e\x2c\x5c\xdc\x0e\xb0\x21"
+ "\x2d\x76\xb8\xc3\x05\x4c\xf5\xc5"
+ "\x9a\x14\xab\x08\xc2\x67\x59\x30"
+ "\x7a\xef\xd8\x4a\x89\x49\xd4\xf0"
+ "\x22\x39\xf2\x61\xaa\x70\x36\xcf"
+ "\x65\xee\x43\x83\x2e\x32\xe4\xc9"
+ "\xc2\xf1\xc7\x08\x28\x59\x10\x6f"
+ "\x7a\xeb\x8f\x78\x9e\xdf\x07\x0f"
+ "\xca\xc7\x02\x6a\x2e\x2a\xf0\x64"
+ "\xfa\x4c\x8c\x4c\xfc\x13\x23\x63"
+ "\x54\xeb\x1d\x41\xdf\x88\xd6\x66"
+ "\xae\x5e\x31\x74\x5d\x84\x65\xb8"
+ "\x61\x1c\x88\x1b\x8f\xb6\x14\x4e"
+ "\x73\x23\x27\x71\x85\x04\x07\x59"
+ "\x18\xa3\x2b\x69\x2a\x42\x81\xbf"
+ "\x40\xf4\x40\xdf\x04\xb8\x6c\x2e"
+ "\x21\x5b\x22\x25\x61\x01\x96\xce"
+ "\xfb\xbc\x75\x25\x2c\x03\x55\xea"
+ "\xb6\x56\x31\x03\xc8\x98\x77\xd6"
+ "\x30\x19\x9e\x45\x05\xfd\xca\xdf"
+ "\xae\x89\x30\xa3\xc1\x65\x41\x67"
+ "\x12\x8e\xa4\x61\xd0\x87\x04\x0a"
+ "\xe6\xf3\x43\x3a\x38\xce\x22\x36"
+ "\x41\xdc\xe1\x7d\xd2\xa6\xe2\x66"
+ "\x21\x8d\xc9\x59\x73\x52\x34\xd8"
+ "\x1f\xf1\x87\x00\x9b\x12\x74\xeb"
+ "\xbb\xa9\x34\x0c\x8e\x79\x74\x64"
+ "\xbf\x94\x97\xe4\x94\xda\xf0\x39"
+ "\x66\xa8\xd9\x82\xe3\x11\x3d\xe7"
+ "\xb3\x9a\x40\x7a\x6f\x71\xc7\x0f"
+ "\x7b\x6d\x59\x79\x18\x2f\x11\x60"
+ "\x1e\xe0\xae\x1b\x1b\xb4\xad\x4d"
+ "\x63\xd9\x3e\xa0\x8f\xe3\x66\x8c"
+ "\xfe\x5a\x73\x07\x95\x27\x1a\x07"
+ "\x6e\xd6\x14\x3f\xbe\xc5\x99\x94"
+ "\xcf\x40\xf4\x39\x1c\xf2\x99\x5b"
+ "\xb7\xfb\xb4\x4e\x5f\x21\x10\x04"
+ "\x24\x08\xd4\x0d\x10\x7a\x2f\x52"
+ "\x7d\x91\xc3\x38\xd3\x16\xf0\xfd"
+ "\x53\xba\xda\x88\xa5\xf6\xc7\xfd"
+ "\x63\x4a\x9f\x48\xb5\x31\xc2\xe1"
+ "\x7b\x3e\xac\x8d\xc9\x95\x02\x92"
+ "\xcc\xbd\x0e\x15\x2d\x97\x08\x82"
+ "\xa6\x99\xbc\x2c\x96\x91\xde\xa4"
+ "\x9c\xf5\x2c\xef\x12\x29\xb0\x72"
+ "\x5f\x60\x5d\x3d\xf3\x85\x59\x79"
+ "\xac\x06\x63\x74\xcc\x1a\x8d\x0e"
+ "\xa7\x5f\xd9\x3e\x84\xf7\xbb\xde"
+ "\x06\xd9\x4b\xab\xee\xb2\x03\xbe"
+ "\x68\x49\x72\x84\x8e\xf8\x45\x2b"
+ "\x59\x99\x17\xd3\xe9\x32\x79\xc3"
+ "\x83\x4c\x7a\x6c\x71\x53\x8c\x09"
+ "\x76\xfb\x3e\x80\x99\xbc\x2c\x7d"
+ "\x42\xe5\x70\x08\x80\xc7\xaf\x15"
+ "\x90\xda\x98\x98\x81\x04\x1c\x4d"
+ "\x78\xf1\xf3\xcc\x1b\x3a\x7b\xef"
+ "\xea\xe1\xee\x0e\xd2\x32\xb6\x63"
+ "\xbf\xb2\xb5\x86\x8d\x16\xd3\x23"
+ "\x04\x59\x51\xbb\x17\x03\xc0\x07"
+ "\x93\xbf\x72\x58\x30\xf2\x0a\xa2"
+ "\xbc\x60\x86\x3b\x68\x91\x67\x14"
+ "\x10\x76\xda\xa3\x98\x2d\xfc\x8a"
+ "\xb8\x95\xf7\xd2\x8b\x97\x8b\xfc"
+ "\xf2\x9e\x86\x20\xb6\xdf\x93\x41"
+ "\x06\x5e\x37\x3e\xe2\xb8\xd5\x06"
+ "\x59\xd2\x8d\x43\x91\x5a\xed\x94"
+ "\x54\xc2\x77\xbc\x0b\xb4\x29\x80"
+ "\x22\x19\xe7\x35\x1f\x29\x4f\xd8"
+ "\x02\x98\xee\x83\xca\x4c\x94\xa3"
+ "\xec\xde\x4b\xf5\xca\x57\x93\xa3"
+ "\x72\x69\xfe\x27\x7d\x39\x24\x9a"
+ "\x60\x19\x72\xbe\x24\xb2\x2d\x99"
+ "\x8c\xb7\x32\xf8\x74\x77\xfc\x8d"
+ "\xb2\xc1\x7a\x88\x28\x26\xea\xb7"
+ "\xad\xf0\x38\x49\x88\x78\x73\xcd"
+ "\x01\xef\xb9\x30\x1a\x33\xa3\x24"
+ "\x9b\x0b\xc5\x89\x64\x3f\xbe\x76"
+ "\xd5\xa5\x28\x74\xa2\xc6\xa0\xa0"
+ "\xdd\x13\x81\x64\x2f\xd1\xab\x15"
+ "\xab\x13\xb5\x68\x59\xa4\x9f\x0e"
+ "\x1e\x0a\xaf\xf7\x0b\x6e\x6b\x0b"
+ "\xf7\x95\x4c\xbc\x1d\x40\x6d\x9c"
+ "\x08\x42\xef\x07\x03\xb7\xa3\xea"
+ "\x2a\x5f\xec\x41\x3c\x72\x31\x9d"
+ "\xdc\x6b\x3a\x5e\x35\x3d\x12\x09"
+ "\x27\xe8\x63\xbe\xcf\xb3\xbc\x01"
+ "\x2d\x0c\x86\xb2\xab\x4a\x69\xe5"
+ "\xf8\x45\x97\x76\x0e\x31\xe5\xc6"
+ "\x4c\x4f\x94\xa5\x26\x19\x9f\x1b"
+ "\xe1\xf4\x79\x04\xb4\x93\x92\xdc"
+ "\xa5\x2a\x66\x25\x0d\xb2\x9e\xea"
+ "\xa8\xf6\x02\x77\x2d\xd1\x3f\x59"
+ "\x5c\x04\xe2\x36\x52\x5f\xa1\x27"
+ "\x0a\x07\x56\xb6\x2d\xd5\x90\x32"
+ "\x64\xee\x3f\x42\x8f\x61\xf8\xa0"
+ "\xc1\x8b\x1e\x0b\xa2\x73\xa9\xf3"
+ "\xc9\x0e\xb1\x96\x3a\x67\x5f\x1e"
+ "\xd1\x98\x57\xa2\xba\xb3\x23\x9d"
+ "\xa3\xc6\x3c\x7d\x5e\x3e\xb3\xe8"
+ "\x80\xae\x2d\xda\x85\x90\x69\x3c"
+ "\xf0\xe7\xdd\x9e\x20\x10\x52\xdb"
+ "\xc3\xa0\x15\x73\xee\xb1\xf1\x0f"
+ "\xf1\xf8\x3f\x40\xe5\x17\x80\x4e"
+ "\x91\x95\xc7\xec\xd1\x9c\xd9\x1a"
+ "\x8b\xac\xec\xc9\x0c\x07\xf4\xdc"
+ "\x77\x2d\xa2\xc4\xf8\x27\xb5\x41"
+ "\x2f\x85\xa6\x48\xad\x2a\x58\xc5"
+ "\xea\xfa\x1c\xdb\xfd\xb7\x70\x45"
+ "\xfc\xad\x11\xaf\x05\xed\xbf\xb6"
+ "\x3c\xe1\x57\xb8\x72\x4a\xa0\x6b"
+ "\x40\xd3\xda\xa9\xbc\xa5\x02\x95"
+ "\x8c\xf0\x4e\x67\xb2\x58\x66\xea"
+ "\x58\x0e\xc4\x88\xbc\x1d\x3b\x15"
+ "\x17\xc8\xf5\xd0\x69\x08\x0a\x01"
+ "\x80\x2e\x9e\x69\x4c\x37\x0b\xba"
+ "\xfb\x1a\xa9\xc3\x5f\xec\x93\x7c"
+ "\x4f\x72\x68\x1a\x05\xa1\x32\xe1"
+ "\x16\x57\x9e\xa6\xe0\x42\xfa\x76"
+ "\xc2\xf6\xd3\x9b\x37\x0d\xa3\x58"
+ "\x30\x27\xe7\xea\xb1\xc3\x43\xfb"
+ "\x67\x04\x70\x86\x0a\x71\x69\x34"
+ "\xca\xb1\xe3\x4a\x56\xc9\x29\xd1"
+ "\x12\x6a\xee\x89\xfd\x27\x83\xdf"
+ "\x32\x1a\xc2\xe9\x94\xcc\x44\x2e"
+ "\x0f\x3e\xc8\xc1\x70\x5b\xb0\xe8"
+ "\x6d\x47\xe3\x39\x75\xd5\x45\x8a"
+ "\x48\x4c\x64\x76\x6f\xae\x24\x6f"
+ "\xae\x77\x33\x5b\xf5\xca\x9c\x30"
+ "\x2c\x27\x15\x5e\x9c\x65\xad\x2a"
+ "\x88\xb1\x36\xf6\xcd\x5e\x73\x72"
+ "\x99\x5c\xe2\xe4\xb8\x3e\x12\xfb"
+ "\x55\x86\xfa\xab\x53\x12\xdc\x6a"
+ "\xe3\xfe\x6a\xeb\x9b\x5d\xeb\x72"
+ "\x9d\xf1\xbb\x80\x80\x76\x2d\x57"
+ "\x11\xde\xcf\xae\x46\xad\xdb\xcd"
+ "\x62\x66\x3d\x7b\x7f\xcb\xc4\x43"
+ "\x81\x0c\x7e\xb9\xb7\x47\x1a\x40"
+ "\xfd\x08\x51\xbe\x01\x1a\xd8\x31"
+ "\x43\x5e\x24\x91\xa2\x53\xa1\xc5"
+ "\x8a\xe4\xbc\x00\x8e\xf7\x0c\x30"
+ "\xdf\x03\x34\x2f\xce\xe4\x2e\xda"
+ "\x2b\x87\xfc\xf8\x9b\x50\xd5\xb0"
+ "\x5b\x08\xc6\x17\xa0\xae\x6b\x24"
+ "\xe2\x1d\xd0\x47\xbe\xc4\x8f\x62"
+ "\x1d\x12\x26\xc7\x78\xd4\xf2\xa3"
+ "\xea\x39\x8c\xcb\x54\x3e\x2b\xb9"
+ "\x9a\x8f\x97\xcf\x68\x53\x40\x02"
+ "\x56\xac\x52\xbb\x62\x3c\xc6\x3f"
+ "\x3a\x53\x3c\xe8\x21\x9a\x60\x65"
+ "\x10\x6e\x59\xc3\x4f\xc3\x07\xc8"
+ "\x61\x1c\xea\x62\x6e\xa2\x5a\x12"
+ "\xd6\x10\x91\xbe\x5e\x58\x73\xbe"
+ "\x77\xb8\xb7\x98\xc7\x7e\x78\x9a",
+ .len = 1536,
+ }, {
+ .key = "\x60\xd5\x36\xb0\x8e\x5d\x0e\x5f"
+ "\x70\x47\x8c\xea\x87\x30\x1d\x58"
+ "\x2a\xb2\xe8\xc6\xcb\x60\xe7\x6f"
+ "\x56\x95\x83\x98\x38\x80\x84\x8a",
+ .klen = 32,
+ .iv = "\x43\xfe\x63\x3c\xdc\x9e\x0c\xa6"
+ "\xee\x9c\x0b\x97\x65\xc2\x56\x1d"
+ "\x5d\xd0\xbf\xa3\x9f\x1e\xfb\x78"
+ "\xbf\x51\x1b\x18\x73\x27\x27\x8c",
+ .ptext = "\x0b\x77\xd8\xa3\x8c\xa6\xb2\x2d"
+ "\x3e\xdd\xcc\x7c\x4a\x3e\x61\xc4"
+ "\x9a\x7f\x73\xb0\xb3\x29\x32\x61"
+ "\x13\x25\x62\xcc\x59\x4c\xf4\xdb"
+ "\xd7\xf5\xf4\xac\x75\x51\xb2\x83"
+ "\x64\x9d\x1c\x8b\xd1\x8b\x0c\x06"
+ "\xf1\x9f\xba\x9d\xae\x62\xd4\xd8"
+ "\x96\xbe\x3c\x4c\x32\xe4\x82\x44"
+ "\x47\x5a\xec\xb8\x8a\x5b\xd5\x35"
+ "\x57\x1e\x5c\x80\x6f\x77\xa9\xb9"
+ "\xf2\x4f\x71\x1e\x48\x51\x86\x43"
+ "\x0d\xd5\x5b\x52\x30\x40\xcd\xbb"
+ "\x2c\x25\xc1\x47\x8b\xb7\x13\xc2"
+ "\x3a\x11\x40\xfc\xed\x45\xa4\xf0"
+ "\xd6\xfd\x32\x99\x13\x71\x47\x2e"
+ "\x4c\xb0\x81\xac\x95\x31\xd6\x23"
+ "\xa4\x2f\xa9\xe8\x5a\x62\xdc\x96"
+ "\xcf\x49\xa7\x17\x77\x76\x8a\x8c"
+ "\x04\x22\xaf\xaf\x6d\xd9\x16\xba"
+ "\x35\x21\x66\x78\x3d\xb6\x65\x83"
+ "\xc6\xc1\x67\x8c\x32\xd6\xc0\xc7"
+ "\xf5\x8a\xfc\x47\xd5\x87\x09\x2f"
+ "\x51\x9d\x57\x6c\x29\x0b\x1c\x32"
+ "\x47\x6e\x47\xb5\xf3\x81\xc8\x82"
+ "\xca\x5d\xe3\x61\x38\xa0\xdc\xcc"
+ "\x35\x73\xfd\xb3\x92\x5c\x72\xd2"
+ "\x2d\xad\xf6\xcd\x20\x36\xff\x49"
+ "\x48\x80\x21\xd3\x2f\x5f\xe9\xd8"
+ "\x91\x20\x6b\xb1\x38\x52\x1e\xbc"
+ "\x88\x48\xa1\xde\xc0\xa5\x46\xce"
+ "\x9f\x32\x29\xbc\x2b\x51\x0b\xae"
+ "\x7a\x44\x4e\xed\xeb\x95\x63\x99"
+ "\x96\x87\xc9\x34\x02\x26\xde\x20"
+ "\xe4\xcb\x59\x0c\xb5\x55\xbd\x55"
+ "\x3f\xa9\x15\x25\xa7\x5f\xab\x10"
+ "\xbe\x9a\x59\x6c\xd5\x27\xf3\xf0"
+ "\x73\x4a\xb3\xe4\x08\x11\x00\xeb"
+ "\xf1\xae\xc8\x0d\xef\xcd\xb5\xfc"
+ "\x0d\x7e\x03\x67\xad\x0d\xec\xf1"
+ "\x9a\xfd\x31\x60\x3e\xa2\xfa\x1c"
+ "\x93\x79\x31\x31\xd6\x66\x7a\xbd"
+ "\x85\xfd\x22\x08\x00\xae\x72\x10"
+ "\xd6\xb0\xf4\xb8\x4a\x72\x5b\x9c"
+ "\xbf\x84\xdd\xeb\x13\x05\x28\xb7"
+ "\x61\x60\xfd\x7f\xf0\xbe\x4d\x18"
+ "\x7d\xc9\xba\xb0\x01\x59\x74\x18"
+ "\xe4\xf6\xa6\x74\x5d\x3f\xdc\xa0"
+ "\x9e\x57\x93\xbf\x16\x6c\xf6\xbd"
+ "\x93\x45\x38\x95\xb9\x69\xe9\x62"
+ "\x21\x73\xbd\x81\x73\xac\x15\x74"
+ "\x9e\x68\x28\x91\x38\xb7\xd4\x47"
+ "\xc7\xab\xc9\x14\xad\x52\xe0\x4c"
+ "\x17\x1c\x42\xc1\xb4\x9f\xac\xcc"
+ "\xc8\x12\xea\xa9\x9e\x30\x21\x14"
+ "\xa8\x74\xb4\x74\xec\x8d\x40\x06"
+ "\x82\xb7\x92\xd7\x42\x5b\xf2\xf9"
+ "\x6a\x1e\x75\x6e\x44\x55\xc2\x8d"
+ "\x73\x5b\xb8\x8c\x3c\xef\x97\xde"
+ "\x24\x43\xb3\x0e\xba\xad\x63\x63"
+ "\x16\x0a\x77\x03\x48\xcf\x02\x8d"
+ "\x76\x83\xa3\xba\x73\xbe\x80\x3f"
+ "\x8f\x6e\x76\x24\xc1\xff\x2d\xb4"
+ "\x20\x06\x9b\x67\xea\x29\xb5\xe0"
+ "\x57\xda\x30\x9d\x38\xa2\x7d\x1e"
+ "\x8f\xb9\xa8\x17\x64\xea\xbe\x04"
+ "\x84\xd1\xce\x2b\xfd\x84\xf9\x26"
+ "\x1f\x26\x06\x5c\x77\x6d\xc5\x9d"
+ "\xe6\x37\x76\x60\x7d\x3e\xf9\x02"
+ "\xba\xa6\xf3\x7f\xd3\x95\xb4\x0e"
+ "\x52\x1c\x6a\x00\x8f\x3a\x0b\xce"
+ "\x30\x98\xb2\x63\x2f\xff\x2d\x3b"
+ "\x3a\x06\x65\xaf\xf4\x2c\xef\xbb"
+ "\x88\xff\x2d\x4c\xa9\xf4\xff\x69"
+ "\x9d\x46\xae\x67\x00\x3b\x40\x94"
+ "\xe9\x7a\xf7\x0b\xb7\x3c\xa2\x2f"
+ "\xc3\xde\x5e\x29\x01\xde\xca\xfa"
+ "\xc6\xda\xd7\x19\xc7\xde\x4a\x16"
+ "\x93\x6a\xb3\x9b\x47\xe9\xd2\xfc"
+ "\xa1\xc3\x95\x9c\x0b\xa0\x2b\xd4"
+ "\xd3\x1e\xd7\x21\x96\xf9\x1e\xf4"
+ "\x59\xf4\xdf\x00\xf3\x37\x72\x7e"
+ "\xd8\xfd\x49\xd4\xcd\x61\x7b\x22"
+ "\x99\x56\x94\xff\x96\xcd\x9b\xb2"
+ "\x76\xca\x9f\x56\xae\x04\x2e\x75"
+ "\x89\x4e\x1b\x60\x52\xeb\x84\xf4"
+ "\xd1\x33\xd2\x6c\x09\xb1\x1c\x43"
+ "\x08\x67\x02\x01\xe3\x64\x82\xee"
+ "\x36\xcd\xd0\x70\xf1\x93\xd5\x63"
+ "\xef\x48\xc5\x56\xdb\x0a\x35\xfe"
+ "\x85\x48\xb6\x97\x97\x02\x43\x1f"
+ "\x7d\xc9\xa8\x2e\x71\x90\x04\x83"
+ "\xe7\x46\xbd\x94\x52\xe3\xc5\xd1"
+ "\xce\x6a\x2d\x6b\x86\x9a\xf5\x31"
+ "\xcd\x07\x9c\xa2\xcd\x49\xf5\xec"
+ "\x01\x3e\xdf\xd5\xdc\x15\x12\x9b"
+ "\x0c\x99\x19\x7b\x2e\x83\xfb\xd8"
+ "\x89\x3a\x1c\x1e\xb4\xdb\xeb\x23"
+ "\xd9\x42\xae\x47\xfc\xda\x37\xe0"
+ "\xd2\xb7\x47\xd9\xe8\xb5\xf6\x20"
+ "\x42\x8a\x9d\xaf\xb9\x46\x80\xfd"
+ "\xd4\x74\x6f\x38\x64\xf3\x8b\xed"
+ "\x81\x94\x56\xe7\xf1\x1a\x64\x17"
+ "\xd4\x27\x59\x09\xdf\x9b\x74\x05"
+ "\x79\x6e\x13\x29\x2b\x9e\x1b\x86"
+ "\x73\x9f\x40\xbe\x6e\xff\x92\x4e"
+ "\xbf\xaa\xf4\xd0\x88\x8b\x6f\x73"
+ "\x9d\x8b\xbf\xe5\x8a\x85\x45\x67"
+ "\xd3\x13\x72\xc6\x2a\x63\x3d\xb1"
+ "\x35\x7c\xb4\x38\xbb\x31\xe3\x77"
+ "\x37\xad\x75\xa9\x6f\x84\x4e\x4f"
+ "\xeb\x5b\x5d\x39\x6d\xed\x0a\xad"
+ "\x6c\x1b\x8e\x1f\x57\xfa\xc7\x7c"
+ "\xbf\xcf\xf2\xd1\x72\x3b\x70\x78"
+ "\xee\x8e\xf3\x4f\xfd\x61\x30\x9f"
+ "\x56\x05\x1d\x7d\x94\x9b\x5f\x8c"
+ "\xa1\x0f\xeb\xc3\xa9\x9e\xb8\xa0"
+ "\xc6\x4e\x1e\xb1\xbc\x0a\x87\xa8"
+ "\x52\xa9\x1e\x3d\x58\x8e\xc6\x95"
+ "\x85\x58\xa3\xc3\x3a\x43\x32\x50"
+ "\x6c\xb3\x61\xe1\x0c\x7d\x02\x63"
+ "\x5f\x8b\xdf\xef\x13\xf8\x66\xea"
+ "\x89\x00\x1f\xbd\x5b\x4c\xd5\x67"
+ "\x8f\x89\x84\x33\x2d\xd3\x70\x94"
+ "\xde\x7b\xd4\xb0\xeb\x07\x96\x98"
+ "\xc5\xc0\xbf\xc8\xcf\xdc\xc6\x5c"
+ "\xd3\x7d\x78\x30\x0e\x14\xa0\x86"
+ "\xd7\x8a\xb7\x53\xa3\xec\x71\xbf"
+ "\x85\xf2\xea\xbd\x77\xa6\xd1\xfd"
+ "\x5a\x53\x0c\xc3\xff\xf5\x1d\x46"
+ "\x37\xb7\x2d\x88\x5c\xeb\x7a\x0c"
+ "\x0d\x39\xc6\x40\x08\x90\x1f\x58"
+ "\x36\x12\x35\x28\x64\x12\xe7\xbb"
+ "\x50\xac\x45\x15\x7b\x16\x23\x5e"
+ "\xd4\x11\x2a\x8e\x17\x47\xe1\xd0"
+ "\x69\xc6\xd2\x5c\x2c\x76\xe6\xbb"
+ "\xf7\xe7\x34\x61\x8e\x07\x36\xc8"
+ "\xce\xcf\x3b\xeb\x0a\x55\xbd\x4e"
+ "\x59\x95\xc9\x32\x5b\x79\x7a\x86"
+ "\x03\x74\x4b\x10\x87\xb3\x60\xf6"
+ "\x21\xa4\xa6\xa8\x9a\xc9\x3a\x6f"
+ "\xd8\x13\xc9\x18\xd4\x38\x2b\xc2"
+ "\xa5\x7e\x6a\x09\x0f\x06\xdf\x53"
+ "\x9a\x44\xd9\x69\x2d\x39\x61\xb7"
+ "\x1c\x36\x7f\x9e\xc6\x44\x9f\x42"
+ "\x18\x0b\x99\xe6\x27\xa3\x1e\xa6"
+ "\xd0\xb9\x9a\x2b\x6f\x60\x75\xbd"
+ "\x52\x4a\x91\xd4\x7b\x8f\x95\x9f"
+ "\xdd\x74\xed\x8b\x20\x00\xdd\x08"
+ "\x6e\x5b\x61\x7b\x06\x6a\x19\x84"
+ "\x1c\xf9\x86\x65\xcd\x1c\x73\x3f"
+ "\x28\x5c\x8a\x93\x1a\xf3\xa3\x6c"
+ "\x6c\xa9\x7c\xea\x3c\xd4\x15\x45"
+ "\x7f\xbc\xe3\xbb\x42\xf0\x2e\x10"
+ "\xcd\x0c\x8b\x44\x1a\x82\x83\x0c"
+ "\x58\xb1\x24\x28\xa0\x11\x2f\x63"
+ "\xa5\x82\xc5\x9f\x86\x42\xf4\x4d"
+ "\x89\xdb\x76\x4a\xc3\x7f\xc4\xb8"
+ "\xdd\x0d\x14\xde\xd2\x62\x02\xcb"
+ "\x70\xb7\xee\xf4\x6a\x09\x12\x5e"
+ "\xd1\x26\x1a\x2c\x20\x71\x31\xef"
+ "\x7d\x65\x57\x65\x98\xff\x8b\x02"
+ "\x9a\xb5\xa4\xa1\xaf\x03\xc4\x50"
+ "\x33\xcf\x1b\x25\xfa\x7a\x79\xcc"
+ "\x55\xe3\x21\x63\x0c\x6d\xeb\x5b"
+ "\x1c\xad\x61\x0b\xbd\xb0\x48\xdb"
+ "\xb3\xc8\xa0\x87\x7f\x8b\xac\xfd"
+ "\xd2\x68\x9e\xb4\x11\x3c\x6f\xb1"
+ "\xfe\x25\x7d\x84\x5a\xae\xc9\x31"
+ "\xc3\xe5\x6a\x6f\xbc\xab\x41\xd9"
+ "\xde\xce\xf9\xfa\xd5\x7c\x47\xd2"
+ "\x66\x30\xc9\x97\xf2\x67\xdf\x59"
+ "\xef\x4e\x11\xbc\x4e\x70\xe3\x46"
+ "\x53\xbe\x16\x6d\x33\xfb\x57\x98"
+ "\x4e\x34\x79\x3b\xc7\x3b\xaf\x94"
+ "\xc1\x87\x4e\x47\x11\x1b\x22\x41"
+ "\x99\x12\x61\xe0\xe0\x8c\xa9\xbd"
+ "\x79\xb6\x06\x4d\x90\x3b\x0d\x30"
+ "\x1a\x00\xaa\x0e\xed\x7c\x16\x2f"
+ "\x0d\x1a\xfb\xf8\xad\x51\x4c\xab"
+ "\x98\x4c\x80\xb6\x92\x03\xcb\xa9"
+ "\x99\x9d\x16\xab\x43\x8c\x3f\x52"
+ "\x96\x53\x63\x7e\xbb\xd2\x76\xb7"
+ "\x6b\x77\xab\x52\x80\x33\xe3\xdf"
+ "\x4b\x3c\x23\x1a\x33\xe1\x43\x40"
+ "\x39\x1a\xe8\xbd\x3c\x6a\x77\x42"
+ "\x88\x9f\xc6\xaa\x65\x28\xf2\x1e"
+ "\xb0\x7c\x8e\x10\x41\x31\xe9\xd5"
+ "\x9d\xfd\x28\x7f\xfb\x61\xd3\x39"
+ "\x5f\x7e\xb4\xfb\x9c\x7d\x98\xb7"
+ "\x37\x2f\x18\xd9\x3b\x83\xaf\x4e"
+ "\xbb\xd5\x49\x69\x46\x93\x3a\x21"
+ "\x46\x1d\xad\x84\xb5\xe7\x8c\xff"
+ "\xbf\x81\x7e\x22\xf6\x88\x8c\x82"
+ "\xf5\xde\xfe\x18\xc9\xfb\x58\x07"
+ "\xe4\x68\xff\x9c\xf4\xe0\x24\x20"
+ "\x90\x92\x01\x49\xc2\x38\xe1\x7c"
+ "\xac\x61\x0b\x96\x36\xa4\x77\xe9"
+ "\x29\xd4\x97\xae\x15\x13\x7c\x6c"
+ "\x2d\xf1\xc5\x83\x97\x02\xa8\x2e"
+ "\x0b\x0f\xaf\xb5\x42\x18\x8a\x8c"
+ "\xb8\x28\x85\x28\x1b\x2a\x12\xa5"
+ "\x4b\x0a\xaf\xd2\x72\x37\x66\x23"
+ "\x28\xe6\x71\xa0\x77\x85\x7c\xff"
+ "\xf3\x8d\x2f\x0c\x33\x30\xcd\x7f"
+ "\x61\x64\x23\xb2\xe9\x79\x05\xb8"
+ "\x61\x47\xb1\x2b\xda\xf7\x9a\x24"
+ "\x94\xf6\xcf\x07\x78\xa2\x80\xaa"
+ "\x6e\xe9\x58\x97\x19\x0c\x58\x73"
+ "\xaf\xee\x2d\x6e\x26\x67\x18\x8a"
+ "\xc6\x6d\xf6\xbc\x65\xa9\xcb\xe7"
+ "\x53\xf1\x61\x97\x63\x52\x38\x86"
+ "\x0e\xdd\x33\xa5\x30\xe9\x9f\x32"
+ "\x43\x64\xbc\x2d\xdc\x28\x43\xd8"
+ "\x6c\xcd\x00\x2c\x87\x9a\x33\x79"
+ "\xbd\x63\x6d\x4d\xf9\x8a\x91\x83"
+ "\x9a\xdb\xf7\x9a\x11\xe1\xd1\x93"
+ "\x4a\x54\x0d\x51\x38\x30\x84\x0b"
+ "\xc5\x29\x8d\x92\x18\x6c\x28\xfe"
+ "\x1b\x07\x57\xec\x94\x74\x0b\x2c"
+ "\x21\x01\xf6\x23\xf9\xb0\xa0\xaf"
+ "\xb1\x3e\x2e\xa8\x0d\xbc\x2a\x68"
+ "\x59\xde\x0b\x2d\xde\x74\x42\xa1"
+ "\xb4\xce\xaf\xd8\x42\xeb\x59\xbd"
+ "\x61\xcc\x27\x28\xc6\xf2\xde\x3e"
+ "\x68\x64\x13\xd3\xc3\xc0\x31\xe0"
+ "\x5d\xf9\xb4\xa1\x09\x20\x46\x8b"
+ "\x48\xb9\x27\x62\x00\x12\xc5\x03"
+ "\x28\xfd\x55\x27\x1c\x31\xfc\xdb"
+ "\xc1\xcb\x7e\x67\x91\x2e\x50\x0c"
+ "\x61\xf8\x9f\x31\x26\x5a\x3d\x2e"
+ "\xa0\xc7\xef\x2a\xb6\x24\x48\xc9"
+ "\xbb\x63\x99\xf4\x7c\x4e\xc5\x94"
+ "\x99\xd5\xff\x34\x93\x8f\x31\x45"
+ "\xae\x5e\x7b\xfd\xf4\x81\x84\x65"
+ "\x5b\x41\x70\x0b\xe5\xaa\xec\x95"
+ "\x6b\x3d\xe3\xdc\x12\x78\xf8\x28"
+ "\x26\xec\x3a\x64\xc4\xab\x74\x97"
+ "\x3d\xcf\x21\x7d\xcf\x59\xd3\x15"
+ "\x47\x94\xe4\xd9\x48\x4c\x02\x49"
+ "\x68\x50\x22\x16\x96\x2f\xc4\x23"
+ "\x80\x47\x27\xd1\xee\x10\x3b\xa7"
+ "\x19\xae\xe1\x40\x5f\x3a\xde\x5d"
+ "\x97\x1c\x59\xce\xe1\xe7\x32\xa7"
+ "\x20\x89\xef\x44\x22\x38\x3c\x14"
+ "\x99\x3f\x1b\xd6\x37\xfe\x93\xbf"
+ "\x34\x13\x86\xd7\x9b\xe5\x2a\x37"
+ "\x72\x16\xa4\xdf\x7f\xe4\xa4\x66"
+ "\x9d\xf2\x0b\x29\xa1\xe2\x9d\x36"
+ "\xe1\x9d\x56\x95\x73\xe1\x91\x58"
+ "\x0f\x64\xf8\x90\xbb\x0c\x48\x0f"
+ "\xf5\x52\xae\xd9\xeb\x95\xb7\xdd"
+ "\xae\x0b\x20\x55\x87\x3d\xf0\x69"
+ "\x3c\x0a\x54\x61\xea\x00\xbd\xba"
+ "\x5f\x7e\x25\x8c\x3e\x61\xee\xb2"
+ "\x1a\xc8\x0e\x0b\xa5\x18\x49\xf2"
+ "\x6e\x1d\x3f\x83\xc3\xf1\x1a\xcb"
+ "\x9f\xc9\x82\x4e\x7b\x26\xfd\x68"
+ "\x28\x25\x8d\x22\x17\xab\xf8\x4e"
+ "\x1a\xa9\x81\x48\xb0\x9f\x52\x75"
+ "\xe4\xef\xdd\xbd\x5b\xbe\xab\x3c"
+ "\x43\x76\x23\x62\xce\xb8\xc2\x5b"
+ "\xc6\x31\xe6\x81\xb4\x42\xb2\xfd"
+ "\xf3\x74\xdd\x02\x3c\xa0\xd7\x97"
+ "\xb0\xe7\xe9\xe0\xce\xef\xe9\x1c"
+ "\x09\xa2\x6d\xd3\xc4\x60\xd6\xd6"
+ "\x9e\x54\x31\x45\x76\xc9\x14\xd4"
+ "\x95\x17\xe9\xbe\x69\x92\x71\xcb"
+ "\xde\x7c\xf1\xbd\x2b\xef\x8d\xaf"
+ "\x51\xe8\x28\xec\x48\x7f\xf8\xfa"
+ "\x9f\x9f\x5e\x52\x61\xc3\xfc\x9a"
+ "\x7e\xeb\xe3\x30\xb6\xfe\xc4\x4a"
+ "\x87\x1a\xff\x54\x64\xc7\xaa\xa2"
+ "\xfa\xb7\xb2\xe7\x25\xce\x95\xb4"
+ "\x15\x93\xbd\x24\xb6\xbc\xe4\x62"
+ "\x93\x7f\x44\x40\x72\xcb\xfb\xb2"
+ "\xbf\xe8\x03\xa5\x87\x12\x27\xfd"
+ "\xc6\x21\x8a\x8f\xc2\x48\x48\xb9"
+ "\x6b\xb6\xf0\xf0\x0e\x0a\x0e\xa4"
+ "\x40\xa9\xd8\x23\x24\xd0\x7f\xe2"
+ "\xf9\xed\x76\xf0\x91\xa5\x83\x3c"
+ "\x55\xe1\x92\xb8\xb6\x32\x9e\x63"
+ "\x60\x81\x75\x29\x9e\xce\x2a\x70"
+ "\x28\x0c\x87\xe5\x46\x73\x76\x66"
+ "\xbc\x4b\x6c\x37\xc7\xd0\x1a\xa0"
+ "\x9d\xcf\x04\xd3\x8c\x42\xae\x9d"
+ "\x35\x5a\xf1\x40\x4c\x4e\x81\xaa"
+ "\xfe\xd5\x83\x4f\x29\x19\xf3\x6c"
+ "\x9e\xd0\x53\xe5\x05\x8f\x14\xfb"
+ "\x68\xec\x0a\x3a\x85\xcd\x3e\xb4"
+ "\x4a\xc2\x5b\x92\x2e\x0b\x58\x64"
+ "\xde\xca\x64\x86\x53\xdb\x7f\x4e"
+ "\x54\xc6\x5e\xaa\xe5\x82\x3b\x98"
+ "\x5b\x01\xa7\x1f\x7b\x3d\xcc\x19"
+ "\xf1\x11\x02\x64\x09\x25\x7c\x26"
+ "\xee\xad\x50\x68\x31\x26\x16\x0f"
+ "\xb6\x7b\x6f\xa2\x17\x1a\xba\xbe"
+ "\xc3\x60\xdc\xd2\x44\xe0\xb4\xc4"
+ "\xfe\xff\x69\xdb\x60\xa6\xaf\x39"
+ "\x0a\xbd\x6e\x41\xd1\x9f\x87\x71"
+ "\xcc\x43\xa8\x47\x10\xbc\x2b\x7d"
+ "\x40\x12\x43\x31\xb8\x12\xe0\x95"
+ "\x6f\x9d\xf8\x75\x51\x3d\x61\xbe"
+ "\xa0\xd1\x0b\x8d\x50\xc7\xb8\xe7"
+ "\xab\x03\xda\x41\xab\xc5\x4e\x33"
+ "\x5a\x63\x94\x90\x22\x72\x54\x26"
+ "\x93\x65\x99\x45\x55\xd3\x55\x56"
+ "\xc5\x39\xe4\xb4\xb1\xea\xd8\xf9"
+ "\xb5\x31\xf7\xeb\x80\x1a\x9e\x8d"
+ "\xd2\x40\x01\xea\x33\xb9\xf2\x7a"
+ "\x43\x41\x72\x0c\xbf\x20\xab\xf7"
+ "\xfa\x65\xec\x3e\x35\x57\x1e\xef"
+ "\x2a\x81\xfa\x10\xb2\xdb\x8e\xfa"
+ "\x7f\xe7\xaf\x73\xfc\xbb\x57\xa2"
+ "\xaf\x6f\x41\x11\x30\xd8\xaf\x94"
+ "\x53\x8d\x4c\x23\xa5\x20\x63\xcf"
+ "\x0d\x00\xe0\x94\x5e\x92\xaa\xb5"
+ "\xe0\x4e\x96\x3c\xf4\x26\x2f\xf0"
+ "\x3f\xd7\xed\x75\x2c\x63\xdf\xc8"
+ "\xfb\x20\xb5\xae\x44\x83\xc0\xab"
+ "\x05\xf9\xbb\xa7\x62\x7d\x21\x5b"
+ "\x04\x80\x93\x84\x5f\x1d\x9e\xcd"
+ "\xa2\x07\x7e\x22\x2f\x55\x94\x23"
+ "\x74\x35\xa3\x0f\x03\xbe\x07\x62"
+ "\xe9\x16\x69\x7e\xae\x38\x0e\x9b"
+ "\xad\x6e\x83\x90\x21\x10\xb8\x07"
+ "\xdc\xc1\x44\x20\xa5\x88\x00\xdc"
+ "\xe1\x82\x16\xf1\x0c\xdc\xed\x8c"
+ "\x32\xb5\x49\xab\x11\x41\xd5\xd2"
+ "\x35\x2c\x70\x73\xce\xeb\xe3\xd6"
+ "\xe4\x7d\x2c\xe8\x8c\xec\x8a\x92"
+ "\x50\x87\x51\xbd\x2d\x9d\xf2\xf0"
+ "\x3c\x7d\xb1\x87\xf5\x01\xb0\xed"
+ "\x02\x5a\x20\x4d\x43\x08\x71\x49"
+ "\x77\x72\x9b\xe6\xef\x30\xc9\xa2"
+ "\x66\x66\xb8\x68\x9d\xdf\xc6\x16"
+ "\xa5\x78\xee\x3c\x47\xa6\x7a\x31"
+ "\x07\x6d\xce\x7b\x86\xf8\xb2\x31"
+ "\xa8\xa4\x77\x3c\x63\x36\xe8\xd3"
+ "\x7d\x40\x56\xd8\x48\x56\x9e\x3e"
+ "\x56\xf6\x3d\xd2\x12\x6e\x35\x29"
+ "\xd4\x7a\xdb\xff\x97\x4c\xeb\x3c"
+ "\x28\x2a\xeb\xe9\x43\x40\x61\x06"
+ "\xb8\xa8\x6d\x18\xc8\xbc\xc7\x23"
+ "\x53\x2b\x8b\xcc\xce\x88\xdf\xf8"
+ "\xff\xf8\x94\xe4\x5c\xee\xcf\x39"
+ "\xe0\xf6\x1a\xae\xf2\xd5\x41\x6a"
+ "\x09\x5a\x50\x66\xc4\xf4\x66\xdc"
+ "\x6a\x69\xee\xc8\x47\xe6\x87\x52"
+ "\x9e\x28\xe4\x39\x02\x0d\xc4\x7e"
+ "\x18\xe6\xc6\x09\x07\x03\x30\xb9"
+ "\xd1\xb0\x48\xe6\x80\xe8\x8c\xe6"
+ "\xc7\x2c\x33\xca\x64\xe5\xc0\x6e"
+ "\xac\x14\x4b\xe1\xf6\xeb\xce\xe4"
+ "\xc1\x8c\xea\x5b\x8d\x3c\x86\x91"
+ "\xd1\xd7\x16\x9c\x09\x9c\x6a\x51"
+ "\xe5\xcd\xe3\xb0\x33\x1f\x03\xcd"
+ "\xe5\xd8\x40\x9b\xdc\x29\xbe\xfa"
+ "\x24\xcc\xf1\x55\x68\x3a\x89\x0d"
+ "\x08\x48\xfd\x9b\x47\x41\x10\xae"
+ "\x53\x3a\x83\x87\xd4\x89\xe7\x38"
+ "\x47\xee\xd7\xbe\xe2\x58\x37\xd2"
+ "\xfc\x21\x1d\x20\xa5\x2d\x69\x0c"
+ "\x36\x5b\x2f\xcd\xa1\xa6\xe4\xa1"
+ "\x00\x4d\xf7\xc8\x2d\xc7\x16\x6c"
+ "\x6d\xad\x32\x8c\x8f\x74\xf9\xfa"
+ "\x78\x1c\x9a\x0f\x6e\x93\x9c\x20"
+ "\x43\xb9\xe4\xda\xc4\xc7\x90\x47"
+ "\x86\x68\xb7\x6f\x82\x59\x4a\x30"
+ "\xf1\xfd\x31\x0f\xa1\xea\x9b\x6b"
+ "\x18\x5c\x39\xb0\xc7\x80\x64\xff"
+ "\x6d\x5b\xb4\x8b\xba\x90\xea\x4e"
+ "\x9a\x04\xd2\x68\x18\x50\xb5\x91"
+ "\x45\x4f\x58\x5a\xe5\xc6\x7c\xab"
+ "\x61\x3e\x3d\xec\x18\x87\xfc\xea"
+ "\x26\x35\x4c\x99\x8a\x3f\x00\x7b"
+ "\xf5\x89\x62\xda\xdd\xf1\x43\xef"
+ "\x2c\x1d\x92\xfa\x9a\xd0\x37\x03"
+ "\x69\x9c\xd8\x1f\x41\x44\xb7\x73"
+ "\x54\x14\x91\x12\x41\x41\x54\xa2"
+ "\x91\x55\xb6\xf7\x23\x41\xc9\xc2"
+ "\x5b\x53\xf2\x61\x63\x0d\xa9\x87"
+ "\x1a\xbb\x11\x1f\x3c\xbb\xa8\x1f"
+ "\xe2\x66\x56\x88\x06\x3c\xd2\x0f"
+ "\x3b\xc4\xd6\x8c\xbe\x54\x9f\xa8"
+ "\x9c\x89\xfb\x88\x05\xef\xcd\xe7"
+ "\xc1\xc4\x21\x36\x22\x8d\x9a\x5d"
+ "\x1b\x1e\x4a\xc0\x89\xdd\x76\x16"
+ "\x5a\xce\xcd\x1e\x6a\x1f\xa0\x2b"
+ "\x83\xf6\x5e\x28\x8e\x65\xb5\x86"
+ "\x72\x8f\xc5\xf2\x54\x81\x10\x8d"
+ "\x63\x7b\x42\x7d\x06\x08\x16\xb3"
+ "\xb0\x60\x65\x41\x49\xdb\x0d\xc1"
+ "\xe2\xef\x72\x72\x06\xe7\x60\x5c"
+ "\x95\x1c\x7d\x52\xec\x82\xee\xd3"
+ "\x5b\xab\x61\xa4\x1f\x61\x64\x0c"
+ "\x28\x32\x21\x7a\x81\xe7\x81\xf3"
+ "\xdb\xc0\x18\xd9\xae\x0b\x3c\x9a"
+ "\x58\xec\x70\x4f\x40\x25\x2b\xba"
+ "\x96\x59\xac\x34\x45\x29\xc6\x57"
+ "\xc1\xc3\x93\x60\x77\x92\xbb\x83"
+ "\x8a\xa7\x72\x45\x2a\xc9\x35\xe7"
+ "\x66\xd6\xa9\xe9\x43\x87\x20\x11"
+ "\x6a\x2f\x87\xac\xe0\x93\x82\xe5"
+ "\x6c\x57\xa9\x4c\x9e\x56\x57\x33"
+ "\x1c\xd8\x7e\x25\x27\x41\x89\x97"
+ "\xea\xa5\x56\x02\x5b\x93\x13\x46"
+ "\xdc\x53\x3d\x95\xef\xaf\x9f\xf0"
+ "\x0a\x8a\xfe\x0c\xbf\xf0\x25\x5f"
+ "\xb4\x9f\x1b\x72\x9c\x37\xba\x46"
+ "\x4e\xcc\xcc\x02\x5c\xec\x3f\x98"
+ "\xff\x56\x1a\xc2\x7a\x65\x8f\xf6"
+ "\xd2\x81\x37\x7a\x0a\xfc\x79\xb9"
+ "\xcb\x8c\xc8\x1a\xd0\xba\x5d\x55"
+ "\xbc\x6d\x2e\xb2\x2f\x75\x29\x3f"
+ "\x1a\x4b\xa8\xd7\xe8\xf6\xf4\x2a"
+ "\xa5\xa1\x68\xec\xf3\xd5\xdd\x0f"
+ "\xad\x57\xae\x98\x83\xd5\x92\x4e"
+ "\x76\x86\x8e\x5e\x4b\x87\x7b\xf7"
+ "\x2d\x79\x3f\x12\x6a\x24\x58\xc8"
+ "\xab\x9a\x65\x75\x82\x6f\xa5\x39"
+ "\x72\xb0\xdf\x93\xb5\xa2\xf3\xdd"
+ "\x1f\x32\xfa\xdb\xfe\x1b\xbf\x0a"
+ "\xd9\x95\xdd\x02\xf1\x23\x54\xb1"
+ "\xa5\xbb\x24\x04\x5c\x2a\x97\x92"
+ "\xe6\xe0\x10\x61\xe3\x46\xc7\x0c"
+ "\xcb\xbc\x51\x9a\x35\x16\xd9\x42"
+ "\x62\xb3\x5e\xa4\x3c\x84\xa0\x7f"
+ "\xb8\x7f\x70\xd1\x8b\x03\xdf\x27"
+ "\x32\x06\x3f\x12\x23\x19\x22\x82"
+ "\x2d\x37\xa5\x00\x31\x9b\xa9\x21"
+ "\x8e\x34\x8c\x8e\x4f\xe8\xd4\x63"
+ "\x6c\xb2\xa9\x6e\xf6\x7c\x96\xf1"
+ "\x0e\x64\xab\x14\x3d\x8f\x74\xb3"
+ "\x35\x79\x84\x78\x06\x68\x97\x30"
+ "\xe0\x22\x55\xd6\xc5\x5b\x38\xb2"
+ "\x75\x24\x0c\x52\xb6\x57\xcc\x0a"
+ "\xbd\x3c\xd0\x73\x47\xd1\x25\xd6"
+ "\x1c\xfd\x27\x05\x3f\x70\xe1\xa7"
+ "\x69\x3b\xee\xc9\x9f\xfd\x2a\x7e"
+ "\xab\x58\xe6\x0b\x35\x5e\x52\xf9"
+ "\xff\xac\x5b\x82\x88\xa7\x65\xbc"
+ "\x61\x29\xdc\xa1\x94\x42\xd1\xd3"
+ "\xa0\xd8\xba\x3b\x49\xc8\xa7\xce"
+ "\x01\x6c\xb7\x3f\xe3\x98\x4d\xd1"
+ "\x9f\x46\x0d\xb3\xf2\x43\x33\x49"
+ "\xb7\x27\xbd\xba\xcc\x3f\x09\x56"
+ "\xfa\x64\x18\xb8\x17\x28\xde\x0d"
+ "\x29\xfa\x1f\xad\x60\x3b\x90\xa7"
+ "\x05\x9f\x4c\xc4\xdc\x05\x3b\x17"
+ "\x58\xea\x99\xfd\x6b\x8a\x93\x77"
+ "\xa5\x44\xbd\x8d\x29\x44\x29\x89"
+ "\x52\x1d\x89\x8b\x44\x8f\xb9\x68"
+ "\xeb\x93\xfd\x92\xd9\x14\x35\x9c"
+ "\x28\x3a\x9f\x1d\xd8\xe0\x2a\x76"
+ "\x51\xc1\xf0\xa9\x1d\xb4\xf8\xb9"
+ "\xfc\x14\x78\x5a\xa2\xb1\xdb\x94"
+ "\xcb\x18\xb9\x34\xbd\x0c\x65\x1d"
+ "\x64\xde\xd0\x3a\xe4\x68\x0e\xbc"
+ "\x13\xa7\x47\x89\x62\xa3\x03\x19"
+ "\x64\xa1\x02\x27\x3a\x8d\x43\xfa"
+ "\x68\xff\xda\x8b\x40\xe9\x19\x8b"
+ "\x56\xbe\x1c\x9b\xe6\xf6\x3f\x60"
+ "\xdb\x7a\xd5\xab\x82\xd8\xd9\x99"
+ "\xe3\x5b\x0c\x0c\x69\x18\x5c\xed"
+ "\x03\xf9\xc1\x61\xc4\x7b\xd4\x90"
+ "\x43\xc3\x39\xec\xac\xcb\x1f\x4b"
+ "\x23\xf8\xa9\x98\x2f\xf6\x48\x90"
+ "\x6c\x2b\x94\xad\x14\xdd\xcc\xa2"
+ "\x3d\xc7\x86\x0f\x7f\x1c\x0b\x93"
+ "\x4b\x74\x1f\x80\x75\xb4\x91\xdf"
+ "\xa8\x26\xf9\x06\x2b\x3a\x2c\xfd"
+ "\x3c\x31\x40\x1e\x5b\xa6\x86\x01"
+ "\xc4\xa2\x80\x4f\xf5\xa2\xf4\xff"
+ "\xf6\x07\x8c\x92\xf7\x74\xbd\x42"
+ "\xb0\x3f\x6b\x05\xca\x40\xeb\x04"
+ "\x20\xa9\x37\x78\x32\x03\x60\xcc"
+ "\xf3\xec\xb2\x2d\xb5\x80\x7c\xe4"
+ "\x37\x53\x25\xd1\xe8\x91\x6a\xe5"
+ "\xdf\xdd\xb0\xab\x69\xc7\xa1\xb2"
+ "\xfc\xb3\xd1\x9e\xda\xa8\x0d\x68"
+ "\xfe\x7d\xdc\x56\x33\x65\x99\xd2"
+ "\xec\xa5\xa0\xa1\x26\xc9\xec\xbd"
+ "\x22\x20\x5e\x0d\xcb\x93\x64\x7a"
+ "\x56\x75\xed\xe5\x45\xa2\xbd\x16"
+ "\x59\xf7\x43\xd9\x5b\x2c\xdd\xb6"
+ "\x1d\xa8\x05\x89\x2f\x65\x2e\x66"
+ "\xfe\xad\x93\xeb\x85\x8f\xe8\x4c"
+ "\x00\x44\x71\x03\x0e\x26\xaf\xfd"
+ "\xfa\x56\x0f\xdc\x9c\xf3\x2e\xab"
+ "\x88\x26\x61\xc6\x13\xfe\xba\xc1"
+ "\xd8\x8a\x38\xc3\xb6\x4e\x6d\x80"
+ "\x4c\x65\x93\x2f\xf5\x54\xff\x63"
+ "\xbe\xdf\x9a\xe3\x4f\xca\xc9\x71"
+ "\x12\xab\x95\x66\xec\x09\x64\xea"
+ "\xdc\x9f\x01\x61\x24\x88\xd1\xa7"
+ "\xd0\x69\x26\xf0\x80\xb0\xec\x86"
+ "\xc2\x58\x2f\x6a\xc5\xfd\xfc\x2a"
+ "\xf6\x3e\x23\x77\x3b\x7e\xc5\xc5"
+ "\xe7\xf9\x4d\xcc\x68\x53\x11\xc8"
+ "\x5b\x44\xbd\x48\x0f\xb3\x35\x1a"
+ "\x93\x4a\x80\x16\xa3\x0d\x50\x85"
+ "\xa6\xc4\xd4\x74\x4d\x87\x59\x51"
+ "\xd7\xf7\x7d\xee\xd0\x9b\xd1\x83"
+ "\x25\x2b\xc6\x39\x27\x6a\xb3\x41"
+ "\x5f\xd2\x24\xd4\xd6\xfa\x8c\x3e"
+ "\xb2\xf9\x11\x71\x7a\x9e\x5e\x7b"
+ "\x5b\x9a\x47\x80\xca\x1c\xbe\x04"
+ "\x5d\x34\xc4\xa2\x2d\x41\xfe\x73"
+ "\x53\x15\x9f\xdb\xe7\x7d\x82\x19"
+ "\x21\x1b\x67\x2a\x74\x7a\x21\x4a"
+ "\xc4\x96\x6f\x00\x92\x69\xf1\x99"
+ "\x50\xf1\x4a\x16\x11\xf1\x16\x51",
+ .ctext = "\x2c\xf5\x4c\xc9\x99\x19\x83\x84"
+ "\x09\xbc\xe6\xad\xbe\xb6\x6b\x1b"
+ "\x75\x0b\x3d\x33\x10\xb4\x8b\xf7"
+ "\xa7\xc7\xba\x9f\x6e\xd7\xc7\xfd"
+ "\x58\xef\x24\xf4\xdc\x26\x3f\x35"
+ "\x02\x98\xf2\x8c\x96\xca\xfc\xca"
+ "\xca\xfa\x27\xe6\x23\x1f\xf0\xc7"
+ "\xe3\x46\xbf\xca\x7b\x4e\x24\xcd"
+ "\xd0\x13\x3f\x80\xd6\x5b\x0b\xdc"
+ "\xad\xc6\x49\x77\xd7\x58\xf5\xfd"
+ "\x58\xba\x72\x0d\x9e\x0b\x63\xc3"
+ "\x86\xac\x06\x97\x70\x42\xec\x3a"
+ "\x0d\x53\x27\x17\xbd\x3e\xcb\xe0"
+ "\xaa\x19\xb4\xfe\x5d\x1b\xcb\xd7"
+ "\x99\xc3\x19\x45\x6f\xdf\x64\x44"
+ "\x9f\xf8\x55\x1b\x72\x8d\x78\x51"
+ "\x3c\x83\x48\x8f\xaf\x05\x60\x7d"
+ "\x22\xce\x07\x53\xfd\x91\xcf\xfa"
+ "\x5f\x86\x66\x3e\x72\x67\x7f\xc1"
+ "\x49\x82\xc7\x1c\x91\x1e\x48\xcd"
+ "\x5e\xc6\x5f\xd9\xc9\x43\x88\x35"
+ "\x80\xba\x91\xe1\x54\x4b\x14\xbe"
+ "\xbd\x75\x48\xb8\xde\x22\x64\xb5"
+ "\x8c\xcb\x5e\x92\x99\x8f\x4a\xab"
+ "\x00\x6c\xb4\x2e\x03\x3b\x0e\xee"
+ "\x4d\x39\x05\xbc\x94\x80\xbb\xb2"
+ "\x36\x16\xa3\xd9\x8f\x61\xd7\x67"
+ "\xb5\x90\x46\x85\xe1\x4e\x71\x84"
+ "\xd0\x84\xc0\xc0\x8f\xad\xdb\xeb"
+ "\x44\xf4\x66\x35\x3f\x92\xa2\x05"
+ "\xa4\x9c\xb8\xdc\x77\x6c\x85\x34"
+ "\xd2\x6a\xea\x32\xb8\x08\xf6\x13"
+ "\x78\x1e\x29\xef\x12\x54\x16\x28"
+ "\x25\xf8\x32\x0e\x4f\x94\xe6\xb3"
+ "\x0b\x97\x79\x97\xb3\xb0\x37\x61"
+ "\xa4\x10\x6f\x15\x9c\x7d\x22\x41"
+ "\xe2\xd7\xa7\xa0\xfc\xc5\x62\x55"
+ "\xed\x68\x39\x7b\x09\xd2\x17\xaa"
+ "\xf2\xb8\xc9\x1d\xa2\x23\xfd\xaa"
+ "\x9c\x57\x16\x0d\xe3\x63\x3c\x2b"
+ "\x13\xdd\xa2\xf0\x8e\xd3\x02\x81"
+ "\x09\xba\x80\x02\xdb\x97\xfe\x0f"
+ "\x77\x8d\x18\xf1\xf4\x59\x27\x79"
+ "\xa3\x46\x88\xda\x51\x67\xd0\xe9"
+ "\x5d\x22\x98\xc1\xe4\xea\x08\xda"
+ "\xf7\xb9\x16\x71\x36\xbd\x43\x8a"
+ "\x4b\x6e\xf3\xaa\xb0\xba\x1a\xbc"
+ "\xaa\xca\xde\x5c\xc0\xa5\x11\x6d"
+ "\x8a\x8f\xcc\x04\xfc\x6c\x89\x75"
+ "\x4b\x2c\x29\x6f\x41\xc7\x6e\xda"
+ "\xea\xa6\xaf\xb0\xb1\x46\x9e\x30"
+ "\x5e\x11\x46\x07\x3b\xd6\xaa\x36"
+ "\xa4\x01\x84\x1d\xb9\x8e\x58\x9d"
+ "\xa9\xb6\x1c\x56\x5c\x5a\xde\xfa"
+ "\x66\x96\xe6\x29\x26\xd4\x68\xd0"
+ "\x1a\xcb\x98\xbb\xce\x19\xbb\x87"
+ "\x00\x6c\x59\x17\xe3\xd1\xe6\x5c"
+ "\xd0\x98\xe1\x91\xc4\x28\xaf\xbf"
+ "\xbb\xdf\x75\x4e\xd9\x9d\x99\x0f"
+ "\xc6\x0c\x03\x24\x3e\xb6\xd7\x3f"
+ "\xd5\x43\x4a\x47\x26\xab\xf6\x3f"
+ "\x7f\xf1\x15\x0c\xde\x68\xa0\x5f"
+ "\x63\xf9\xe2\x5e\x5d\x42\xf1\x36"
+ "\x38\x90\x06\x18\x84\xf2\xfa\x81"
+ "\x36\x33\x29\x18\xaa\x8c\x49\x0e"
+ "\xda\x27\x38\x9c\x12\x8b\x83\xfa"
+ "\x40\xd0\xb6\x0a\x72\x85\xf0\xc7"
+ "\xaa\x5f\x30\x1a\x6f\x45\xe4\x35"
+ "\x4c\xf3\x4c\xe4\x1c\xd7\x48\x77"
+ "\xdd\x3e\xe4\x73\x44\xb1\xb8\x1c"
+ "\x42\x40\x90\x61\xb1\x6d\x8b\x20"
+ "\x2d\x30\x63\x01\x26\x71\xbc\x5a"
+ "\x76\xce\xc1\xfb\x13\xf9\x4c\x6e"
+ "\x7a\x16\x8a\x53\xcb\x07\xaa\xa1"
+ "\xba\xd0\x68\x7a\x2d\x25\x48\x85"
+ "\xb7\x6b\x0a\x05\xf2\xdf\x0e\x46"
+ "\x4e\xc8\xcd\x59\x5b\x9a\x2e\x9e"
+ "\xdb\x4a\xf6\xfd\x7b\xa4\x5c\x4d"
+ "\x78\x8d\xe7\xb0\x84\x3f\xf0\xc1"
+ "\x47\x39\xbf\x1e\x8c\xc2\x11\x0d"
+ "\x90\xd1\x17\x42\xb3\x50\xeb\xaa"
+ "\xcd\xc0\x98\x36\x84\xd0\xfe\x75"
+ "\xf8\x8f\xdc\xa0\xa1\x53\xe5\x8c"
+ "\xf2\x0f\x4a\x31\x48\xae\x3d\xaf"
+ "\x19\x4b\x75\x2e\xc1\xe3\xcd\x4d"
+ "\x2c\xa4\x54\x7b\x4d\x5e\x93\xa2"
+ "\xe7\x1f\x34\x19\x9f\xb2\xbf\x22"
+ "\x65\x1a\x03\x48\x12\x66\x50\x3e"
+ "\x0e\x5d\x60\x29\x44\x69\x90\xee"
+ "\x9d\x8b\x55\x78\xdf\x63\x31\xc3"
+ "\x1b\x21\x7d\x06\x21\x86\x60\xb0"
+ "\x9d\xdb\x3d\xcc\xe2\x20\xf4\x88"
+ "\x20\x62\x2e\xe8\xa9\xea\x42\x41"
+ "\xb0\xab\x73\x61\x40\x39\xac\x11"
+ "\x55\x27\x51\x5f\x11\xef\xb1\x23"
+ "\xff\x81\x99\x86\x0c\x6f\x16\xaf"
+ "\xf6\x89\x86\xd8\xf6\x41\xc2\x80"
+ "\x21\xf4\xd5\x6d\xef\xa3\x0c\x4d"
+ "\x59\xfd\xdc\x93\x1a\x4f\xe6\x22"
+ "\x83\x40\x0c\x98\x67\xba\x7c\x93"
+ "\x0b\xa9\x89\xfc\x3e\xff\x84\x12"
+ "\x3e\x27\xa3\x8a\x48\x17\xd6\x08"
+ "\x85\x2f\xf1\xa8\x90\x90\x71\xbe"
+ "\x44\xd6\x34\xbf\x74\x52\x0a\x17"
+ "\x39\x64\x78\x1a\xbc\x81\xbe\xc8"
+ "\xea\x7f\x0b\x5a\x2c\x77\xff\xac"
+ "\xdd\x37\x35\x78\x09\x28\x29\x4a"
+ "\xd1\xd6\x6c\xc3\xd5\x70\xdd\xfc"
+ "\x21\xcd\xce\xeb\x51\x11\xf7\xbc"
+ "\x12\x43\x1e\x6c\xa1\xa3\x79\xe6"
+ "\x1d\x63\x52\xff\xf0\xbb\xcf\xec"
+ "\x56\x58\x63\xe2\x21\x0b\x2d\x5c"
+ "\x64\x09\xf3\xee\x05\x42\x34\x93"
+ "\x38\xa8\x60\xea\x1d\x95\x90\x65"
+ "\xad\x2f\xda\x1d\xdd\x21\x1a\xf1"
+ "\x94\xe0\x6a\x81\xa1\xd3\x63\x31"
+ "\x45\x73\xce\x54\x4e\xb1\x75\x26"
+ "\x59\x18\xc2\x31\x73\xe6\xf5\x7d"
+ "\x06\x5b\x65\x67\xe5\x69\x90\xdf"
+ "\x27\x6a\xbf\x81\x7d\x92\xbe\xd1"
+ "\x4e\x0b\xa8\x18\x94\x72\xe1\xd0"
+ "\xb6\x2a\x16\x08\x7a\x34\xb8\xf2"
+ "\xe1\xac\x08\x66\xe6\x78\x66\xfd"
+ "\x36\xbd\xee\xc6\x71\xa4\x09\x4e"
+ "\x3b\x09\xf2\x8e\x3a\x90\xba\xa0"
+ "\xc2\x1d\x9f\xad\x52\x0e\xc9\x10"
+ "\x99\x40\x90\xd5\x7d\x73\x56\xef"
+ "\x48\x1e\x56\x5c\x7d\x3c\xcb\x84"
+ "\x10\x0a\xcc\xda\xce\xad\xd8\xa8"
+ "\x79\xc7\x29\x95\x31\x3b\xd9\x9b"
+ "\xb6\x84\x3e\x03\x74\xc5\x76\xba"
+ "\x4b\xd9\x4f\x7c\xc4\x5f\x7f\x70"
+ "\xc5\xe3\x6e\xd0\x14\x32\xec\x60"
+ "\xb0\x69\x78\xb7\xef\xda\x5a\xe7"
+ "\x4e\x50\x97\xd4\x94\x58\x67\x57"
+ "\x4e\x7c\x75\xe0\xcf\x8d\xe1\x78"
+ "\x97\x52\xc8\x73\x81\xf9\xb6\x02"
+ "\x54\x72\x6d\xc0\x70\xff\xe2\xeb"
+ "\x6c\xe1\x30\x0a\x94\xd0\x55\xec"
+ "\xed\x61\x9c\x6d\xd9\xa0\x92\x62"
+ "\x4e\xfd\xd8\x79\x27\x02\x4e\x13"
+ "\xb2\x04\xba\x00\x9a\x77\xed\xc3"
+ "\x5b\xa4\x22\x02\xa9\xed\xaf\xac"
+ "\x4f\xe1\x74\x73\x51\x36\x78\x8b"
+ "\xdb\xf5\x32\xfd\x0d\xb9\xcb\x15"
+ "\x4c\xae\x43\x72\xeb\xbe\xc0\xf8"
+ "\x91\x67\xf1\x4f\x5a\xd4\xa4\x69"
+ "\x8f\x3e\x16\xd2\x09\x31\x72\x5a"
+ "\x5e\x0a\xc4\xbc\x44\xd4\xbb\x82"
+ "\x7a\xdf\x52\x25\x8c\x45\xdc\xe4"
+ "\xe0\x71\x84\xe4\xe0\x3d\x59\x30"
+ "\x5b\x94\x12\x33\x78\x85\x90\x84"
+ "\x52\x05\x33\xa7\xa7\x16\xe0\x4d"
+ "\x6a\xf7\xfa\x03\x98\x6c\x4f\xb0"
+ "\x06\x66\x06\xa1\xdd\x3c\xbe\xbb"
+ "\xb2\x62\xab\x64\xd3\xbf\x2c\x30"
+ "\x0e\xfc\xd9\x95\x32\x32\xf3\x3b"
+ "\x39\x7e\xda\x62\x62\x0f\xc3\xfe"
+ "\x55\x76\x09\xf5\x8a\x09\x91\x93"
+ "\x32\xea\xbc\x2b\x0b\xcf\x1d\x65"
+ "\x48\x33\xba\xeb\x0f\xd4\xf9\x3b"
+ "\x1e\x90\x74\x6d\x93\x52\x61\x81"
+ "\xa3\xf2\xb5\xea\x1d\x61\x86\x68"
+ "\x00\x40\xcc\x58\xdd\xf2\x64\x01"
+ "\xab\xfd\x94\xc0\xa3\x83\x83\x33"
+ "\xa4\xb0\xb8\xd3\x9d\x08\x3c\x7f"
+ "\x8e\xa8\xaf\x87\xa5\xe7\xcd\x36"
+ "\x92\x96\xdc\xa1\xf2\xea\xe6\xd1"
+ "\x1e\xe9\x65\xa4\xff\xda\x17\x96"
+ "\xad\x91\x4a\xc5\x26\xb4\x1d\x1c"
+ "\x2b\x50\x48\x26\xc8\x86\x3f\x05"
+ "\xb8\x87\x1b\x3f\xee\x2e\x55\x61"
+ "\x0d\xdc\xcf\x56\x0e\xe2\xcc\xda"
+ "\x87\xee\xc5\xcd\x0e\xf4\xa4\xaf"
+ "\x8a\x02\xee\x16\x0b\xc4\xdd\x6d"
+ "\x80\x3e\xf3\xfe\x95\xb4\xfe\x97"
+ "\x0d\xe2\xab\xbb\x27\x84\xee\x25"
+ "\x39\x74\xb0\xfb\xdc\x5a\x0f\x65"
+ "\x31\x2a\x89\x08\xa4\x8c\x9f\x25"
+ "\x5f\x93\x83\x39\xda\xb4\x22\x17"
+ "\xbd\xd2\x0d\xfc\xde\xf8\x00\x34"
+ "\xc2\x48\x55\x06\x4c\x8b\x79\xe5"
+ "\xba\x0c\x50\x4f\x98\xa3\x59\x3d"
+ "\xc4\xec\xd1\x85\xf3\x60\x41\x16"
+ "\x0a\xe2\xf4\x38\x33\x24\xc1\xe0"
+ "\x0d\x86\x1f\x5a\xd2\xba\x7c\x5f"
+ "\x97\x60\x54\xa3\x52\x31\x78\x57"
+ "\x7a\xc0\xc7\x1e\xd4\x11\x8f\xef"
+ "\x86\x0a\x60\x26\x4a\x8f\x06\xf7"
+ "\x1f\x47\x45\x6e\x87\x13\x15\xf3"
+ "\x91\x08\xbf\x2a\x6e\x71\x21\x8e"
+ "\x92\x90\xde\x01\x97\x81\x46\x87"
+ "\x8a\xfc\xab\x12\x0c\x60\x3e\x9d"
+ "\xbd\x40\x0a\x45\x3f\x5b\x83\x04"
+ "\xb5\x8f\x42\x78\x68\xfe\x3a\xd1"
+ "\x59\xf7\x12\xaa\x86\x86\x1c\x77"
+ "\xfc\xc6\x64\x47\x0f\x7e\xd3\xbc"
+ "\x95\x90\x23\xb3\x60\xdc\x0d\xf4"
+ "\x67\xe6\x32\xee\xad\xbf\x60\x07"
+ "\xbd\xdb\x6e\x3f\x55\x88\xdb\x93"
+ "\x62\x41\xd6\xeb\x34\xd6\xa3\x96"
+ "\xd2\xbc\x29\xaa\x75\x65\x41\x9f"
+ "\x70\x43\xbb\x6d\xd9\xa5\x95\x22"
+ "\x3e\xf9\x07\xa0\x7d\x75\xba\xb8"
+ "\xcd\x81\x3b\x94\x01\x19\xc3\x67"
+ "\x9d\xa4\x7f\xa0\x99\xcc\x4a\xc4"
+ "\xfa\x76\x3f\xab\x5c\xea\x26\xdf"
+ "\xa2\x4c\x5b\x11\x55\xa3\x6a\x70"
+ "\xcb\xbc\x93\x11\x48\x38\x73\x7a"
+ "\x40\xbf\xbc\x04\x05\xb0\x2d\x9b"
+ "\x9a\x23\x57\xa5\xf6\x63\xfa\xc7"
+ "\xd8\x4d\xc2\xc0\xf8\xbd\xfb\x7d"
+ "\xea\x20\xa2\xe0\x4d\xaa\x63\x1e"
+ "\x9a\xa2\xed\x54\xe6\x49\xaf\x52"
+ "\xaf\x7e\x94\x57\x19\x07\x06\x74"
+ "\x57\x5b\x62\x61\x99\x20\xe7\x95"
+ "\x14\x19\xcf\x42\x83\x6a\x94\xf5"
+ "\xab\xa7\xf2\x48\xf6\x0b\x40\x3d"
+ "\x93\x8d\x3d\x14\x5d\xf2\x45\x2c"
+ "\xac\x1c\x0b\x12\xc9\x56\x3f\x7c"
+ "\x17\xeb\x1d\xed\x7e\x5c\xaa\x37"
+ "\xe3\xb4\x56\xf9\x0e\xb9\x8e\xc8"
+ "\x16\x70\x3e\xff\x95\xb9\x89\x9c"
+ "\x19\x0d\x0d\x48\xbd\xb9\xe3\x73"
+ "\xdf\x4e\x67\x9d\x93\x6c\x0b\x75"
+ "\x8a\x2d\x89\x5c\x32\x9d\x75\x05"
+ "\xd9\x13\xbe\x14\x5f\xf0\xb7\xb4"
+ "\xd9\x2c\x02\x22\x41\xf2\x9c\x1f"
+ "\xc1\x8c\xf5\x6a\x8c\xd5\xa5\x6b"
+ "\x54\x47\xec\x3a\x76\x08\xf6\xf7"
+ "\xed\x7c\x7e\x3b\x55\xb8\xa9\x20"
+ "\xa6\xec\x2d\x8c\x03\x38\x9d\x74"
+ "\xe9\x36\xe7\x05\x40\xec\xf4\xa1"
+ "\xa7\x70\xa7\x6f\x1f\x93\xc2\x1d"
+ "\x2c\x4e\x5f\xe8\x04\x6d\x91\x67"
+ "\x23\xd9\x47\xb4\xf6\xbc\x35\x25"
+ "\x1b\xa8\xe1\x17\xa8\x21\x38\xd8"
+ "\x7a\x55\xd9\xc6\x6f\x0a\x1b\xcb"
+ "\xde\xf8\x1e\x20\x8c\xa1\x14\x49"
+ "\x49\x00\x00\x31\x0f\xa8\x24\x67"
+ "\x97\x7a\x1f\x04\xb9\x6b\x60\xd0"
+ "\x32\xc3\xf4\xf9\x4f\xb2\xfd\x7b"
+ "\xf9\xb3\x43\xd8\x23\xaa\x21\x37"
+ "\x9e\x91\xc5\xa4\xce\xd8\xe4\xf5"
+ "\x55\x3e\xc9\xe4\xc5\x51\xd3\x4d"
+ "\xc6\x83\xe9\x23\x8e\x3e\x21\xe0"
+ "\x40\x23\x4e\x2b\x2d\x89\xc4\x5d"
+ "\x58\xdc\x43\x03\x8e\x9a\xfb\xef"
+ "\x76\xac\x78\x57\xc3\xb8\xf7\x9f"
+ "\xf5\xb1\xc2\xa4\x0c\xee\x58\x52"
+ "\x45\xdf\x1a\xd9\x0e\xe0\x56\x1f"
+ "\x23\x79\x99\x5f\x34\xad\x9f\x41"
+ "\x67\x2a\xc7\x8b\xe7\x82\x6e\x67"
+ "\x58\xb5\xae\x18\xd7\x2f\x8f\x57"
+ "\x0e\xa4\x21\x3c\x84\x21\x05\x50"
+ "\x57\xb0\xd1\xb1\xc8\x9d\xd4\x44"
+ "\x25\x40\x6b\xd5\x6f\x18\x92\x89"
+ "\x6d\x5b\xe9\x5a\x3c\x74\xc0\x33"
+ "\x2c\x7a\xa7\x99\x71\x4e\x9d\x1b"
+ "\xe1\x1d\xcb\x62\x8b\x3c\x07\x07"
+ "\x67\xf6\xa6\x54\x10\x72\x3f\xea"
+ "\xe5\xcd\xe6\xf1\xeb\x3d\x43\x0b"
+ "\xfe\x4b\xc7\x1d\x3d\xd9\xa3\xe2"
+ "\x9b\x79\x47\xc7\xab\x28\xcc\x4d"
+ "\xa8\x77\x9c\xec\xef\x56\xf8\x92"
+ "\x07\x48\x1b\x21\x04\xa8\x24\xb0"
+ "\x82\x7d\xd1\x17\xa4\xaf\x5f\xfa"
+ "\x92\xbf\x6a\xb7\x7e\xc7\xb7\x75"
+ "\x40\x3c\x14\x09\x57\xae\xe0\x4e"
+ "\xf8\xc9\xda\x1e\x5d\x27\xc4\x8c"
+ "\x27\xe3\x4d\xe3\x55\x8c\xd2\xef"
+ "\x0c\xab\x67\x53\x96\xd3\x48\xfb"
+ "\x75\x4f\x74\x9e\xcb\x82\xa4\x96"
+ "\x91\x41\x48\xaa\x65\xdb\x34\x72"
+ "\xc9\xee\xa2\x77\x8b\x6e\x44\x12"
+ "\x4e\x51\x51\xc3\xf5\xef\x6a\x50"
+ "\x99\x26\x41\x1e\x66\xa4\x2b\xb9"
+ "\x21\x15\x38\xc2\x0b\x7f\x37\xb6"
+ "\x89\x8b\x27\x70\xae\xa1\x90\x28"
+ "\x04\xe7\xd5\x17\xcb\x60\x99\xb4"
+ "\xe2\xd7\x04\xd3\x11\x27\x86\xe4"
+ "\xd0\x0d\x36\x04\x68\xe0\xb4\x71"
+ "\xe8\x86\x4b\x9f\xa3\xd2\xda\x87"
+ "\xc2\x2c\xad\x66\xfa\x53\x18\xf8"
+ "\xec\x10\x74\xc5\xb6\x53\x09\x93"
+ "\x21\x09\xbd\x77\x2d\x2a\x12\x4c"
+ "\x86\xfe\x50\x8e\xd1\x16\xab\xb1"
+ "\xfd\xd7\x87\xde\xc3\x6f\x7c\x16"
+ "\xe2\x88\x3d\x41\xac\x36\x7e\xf8"
+ "\xc2\x3b\x46\xd5\x44\x3d\x9d\xe8"
+ "\xe9\x0c\xb7\xb3\xc6\xb9\xe5\xe7"
+ "\x27\x17\x78\x03\xd4\xda\xe4\x73"
+ "\x38\x34\xe7\x53\x29\xc4\xcb\x93"
+ "\xc9\xa1\x10\x8a\xb2\xfc\x0b\x07"
+ "\x47\xb8\xb1\x13\x49\x86\x24\x8b"
+ "\x10\xb1\xd9\x5f\xbb\xd8\x90\x37"
+ "\x06\x03\xe0\x76\xff\x19\x1a\x16"
+ "\xd8\x2d\xa7\x4a\xea\x22\x64\xbe"
+ "\xed\x1c\xc8\x33\xb4\xf4\xb1\x48"
+ "\x95\xb5\x2f\xaa\x05\xc7\x03\xa0"
+ "\xf1\xa4\xf3\x63\x4b\xbe\x79\xb9"
+ "\x4b\x67\x7e\x4e\x3e\x81\x8f\xef"
+ "\xe9\x55\x99\x30\xd0\x26\xec\x5d"
+ "\x89\xb6\x3f\x28\x38\x81\x7a\x00"
+ "\x89\x85\xb8\xff\x19\x0f\x8f\x5d"
+ "\x5c\x6d\x6a\x3d\x6c\xb9\xfb\x7c"
+ "\x0c\x4b\x7e\xbc\x0c\xc4\xad\xbb"
+ "\x0a\x8b\xc8\x48\xb7\xfa\x4d\x53"
+ "\x82\x10\xd6\x29\x58\x83\x50\x3c"
+ "\xd4\x5a\xfd\x14\xa3\xb5\x88\xfb"
+ "\x23\xee\xc9\xcc\xab\x92\x52\xb3"
+ "\x0b\x07\xf3\x1e\x9a\x2a\x2e\x35"
+ "\x32\x37\xa5\x86\xd0\xe5\x5f\xdd"
+ "\x3d\x67\x70\xb4\x9a\xc9\x93\xdc"
+ "\x31\x33\xe3\x3a\xc5\xcf\xd9\x44"
+ "\x2f\x3f\x87\xb2\x0c\x36\x55\x17"
+ "\xa9\xda\xb1\xca\x00\x09\x87\xe6"
+ "\x66\x34\xb3\x9f\x52\x37\x98\x10"
+ "\x2e\x5d\xa4\x14\x7f\x63\xa6\xcd"
+ "\x6c\x2d\x7c\x74\x4c\xae\x9c\x65"
+ "\xe0\x79\xc0\xd6\xc3\xfe\xa8\xf4"
+ "\x1a\x4f\xf5\xbc\xea\x7a\x92\x40"
+ "\x51\xa7\x05\x45\x40\xd8\x9c\x3c"
+ "\xde\x5f\x0b\x6e\x10\x5c\x1c\xdc"
+ "\xd2\x65\x60\xbb\x70\x68\x5c\xa9"
+ "\x59\x25\x0e\x4e\x93\xb8\x49\x89"
+ "\xf6\xae\xeb\x1f\x8b\x56\xc8\x56"
+ "\xb0\xb5\xc9\xee\xa5\x15\x07\x4d"
+ "\x8a\xcc\xad\x04\x4d\x99\x8c\x49"
+ "\x8d\x7c\xe0\xa5\x7d\x7f\x33\x61"
+ "\xf2\xfc\xe7\x88\x3f\x2b\x73\xab"
+ "\x2e\x38\x17\x48\xa9\x86\xdd\x81"
+ "\x21\x45\xbc\x98\x1d\xe5\xa5\xbc"
+ "\x0d\x0b\x18\x8e\x86\x1e\x76\x0a"
+ "\x30\x12\x21\xf0\x51\xed\xc1\xcd"
+ "\x9a\xf1\x7e\x7e\x64\xb2\xa3\xd6"
+ "\x37\xe7\xc6\xde\x97\xb9\x5d\x05"
+ "\xf5\x50\xe2\x0a\xaa\x68\x16\xa6"
+ "\x26\x9c\x7d\xff\x4c\x05\xce\x48"
+ "\xa7\xff\x10\x19\x5e\xef\x46\x54"
+ "\xec\xe4\x7b\xb6\x12\x23\xae\x93"
+ "\x4f\x79\xf8\x3c\x1c\x07\x15\x66"
+ "\x07\xc1\x52\xde\x7f\xda\x51\x7b"
+ "\xfe\x13\x67\xab\x8d\x56\xdc\xc1"
+ "\x70\x4b\x13\xd2\x30\x00\xc1\x97"
+ "\x22\xa7\x83\xf8\x18\xd9\x6d\x40"
+ "\x54\xe0\xc1\xdb\x3e\x83\x73\x12"
+ "\xe1\x48\x49\xb9\xd4\x20\x0c\x06"
+ "\x1c\x82\xb5\xbe\x5a\xae\x60\x5e"
+ "\xe2\x09\xba\x05\xbb\x9a\x80\x63"
+ "\xf2\xc4\x4b\x41\x39\x16\x76\x26"
+ "\xb1\x03\x06\x23\x65\x37\x33\x92"
+ "\xca\xf9\x72\xf5\xcd\x95\xc1\xc0"
+ "\x91\x5a\xfd\x28\xb9\x62\x59\x84"
+ "\x87\x9d\x82\xcb\xe0\x67\x7c\x26"
+ "\xb8\x00\x16\xd9\x5d\xb4\x74\xd4"
+ "\x75\x8c\x75\xf8\x87\x3b\xa8\x77"
+ "\xcd\x82\x3d\x7b\xb9\x63\x44\x0f"
+ "\x44\x83\x55\x5b\xc7\xdc\x18\x0b"
+ "\x8c\x36\xb3\x59\xeb\x58\x13\x38"
+ "\x4b\x8a\xb7\xa3\x9a\xa2\xf3\xeb"
+ "\xc6\x30\x84\x86\x0a\xcf\x8b\xfa"
+ "\x36\x66\x26\xbc\xd0\x96\xa3\xb4"
+ "\x8d\x6b\xf7\x5b\x75\x59\xbb\xd3"
+ "\x14\x78\x57\x2f\x27\xa8\x95\xcf"
+ "\xa2\xa5\x76\x28\xbd\xab\x8b\x59"
+ "\x04\x91\x8a\xc5\x3c\xc3\xa7\xcf"
+ "\xe0\xfb\xdd\x7a\xbb\x10\xde\x36"
+ "\x43\x1c\x59\xf7\x41\xb6\xa5\x80"
+ "\x72\x7b\xe3\x7a\xa3\x01\xc3\x8c"
+ "\x7e\xf3\xf2\x42\x1a\x0c\x7e\xf3"
+ "\xfc\x5b\x6e\x1f\x20\xf1\x32\x76"
+ "\x83\x71\x36\x3e\x7e\xa7\xf7\xdd"
+ "\x25\x2e\xe6\x04\xe2\x5b\x44\xb5"
+ "\x16\xfb\xdf\x9b\x46\x2a\xa8\x81"
+ "\x89\x15\x3e\xb5\xb0\x09\x40\x33"
+ "\x60\xc7\x37\x63\x14\x09\xc1\x6e"
+ "\x56\x52\xbe\xe4\x88\xe0\x75\xbc"
+ "\x49\x62\x8c\xf1\xdf\x62\xe6\xac"
+ "\xd5\x87\xf7\xc9\x92\x52\x36\x59"
+ "\x22\x6f\x31\x99\x76\xdb\x41\xb6"
+ "\x26\x91\x79\x7e\xd2\x78\xaf\x07"
+ "\x78\x4b\xed\x54\x30\xb2\xff\xbc"
+ "\x2c\x0a\x1a\xbe\xbf\xd5\x5a\x4d"
+ "\xd1\xbc\x30\xc2\xf4\xf1\xc1\x9e"
+ "\x9a\x96\x89\x00\x50\xfc\xf6\xaf"
+ "\xfa\x60\xbf\x1a\x32\x8f\x57\x36"
+ "\x2f\x02\xb7\x28\x50\xc3\xd3\xfd"
+ "\x6b\xc4\xe6\xbb\xc9\xec\xed\x86"
+ "\xdf\x27\x45\x2c\x0c\x6d\x65\x3b"
+ "\x6e\x63\x96\xc7\xd6\xb5\xb2\x05"
+ "\x8b\xe0\x02\x2a\xfa\x20\x0c\x82"
+ "\xa5\x45\x75\x12\x01\x40\xff\x3e"
+ "\xfd\xfc\xfb\xbc\x30\x49\xe8\x99"
+ "\x8d\x48\x8e\x49\x65\x2a\xe3\xa5"
+ "\x06\xe3\x22\x68\x3b\xd9\xa4\xcf"
+ "\x84\x6f\xfa\x2b\xb1\xd8\x8c\x30"
+ "\xd5\x5d\x0c\x63\x32\x59\x28\x6e"
+ "\x2a\x60\xa4\x57\x12\xf8\xc2\x95"
+ "\x0a\xf6\xc6\x48\x23\xce\x72\x40"
+ "\x0d\x75\xa0\xd4\x48\x03\xf5\xc4"
+ "\xcd\x26\xe7\x83\xcc\x0d\xcf\x7f"
+ "\x22\x5f\x91\xb3\x42\x02\x9a\x26"
+ "\x12\x26\x68\x12\x25\x0b\x08\x61"
+ "\xcb\x25\x86\x95\xfc\x57\x4d\xb6"
+ "\x36\x6c\xb4\xdc\xa9\x2d\x76\x7f"
+ "\x25\x06\xa2\x08\x69\x09\xd9\x09"
+ "\x3c\x40\xe1\xfd\x30\x8f\xc2\x13"
+ "\x92\xd4\xb5\x3b\x0c\xb2\x32\x4f"
+ "\x10\xc9\x1a\x41\xa6\xb2\x11\xf6"
+ "\x3b\x1b\x88\x56\xbf\x61\x3c\xb2"
+ "\xe6\xdb\x24\x9a\x55\x7e\x35\xf8"
+ "\x82\x5e\x52\xe3\xf2\xb3\x40\x1c"
+ "\xdd\xe3\x29\x37\xe0\x85\x08\x8b"
+ "\xb2\x8b\x09\x38\xac\xa9\x85\xe5"
+ "\x9e\x36\xb8\x95\x0b\x84\x9d\x10"
+ "\xcc\xae\xe2\x06\x56\x3c\x85\xce"
+ "\xc0\xdc\x36\x59\x17\xf9\x48\xf4"
+ "\x5b\x08\x8e\x86\x00\xa0\xf5\xdd"
+ "\x0c\xb6\x63\xfd\x5a\xe5\x1e\xa6"
+ "\x0a\xef\x76\xc2\xc7\x9b\x96\x2f"
+ "\x66\x2b\x7d\x50\xa6\x0c\x42\xc6"
+ "\xa5\x05\x05\x10\xeb\xd8\xda\x15"
+ "\x03\xbe\x2f\x24\x34\x8f\x84\xd8"
+ "\x58\xb8\xa3\xf2\x63\xc8\xc3\xf6"
+ "\xc2\xde\x27\x58\x69\xf9\x07\xca"
+ "\x12\x3e\xe2\xf4\xc8\x29\x60\x30"
+ "\x2f\x87\xf4\x50\xc2\x25\xcc\xfd"
+ "\xdc\x76\x4f\x56\x1c\xb2\xd9\x78"
+ "\x11\x6b\x6e\xb4\x67\xbf\x25\xc4"
+ "\xae\x7d\x50\x7f\xb2\x5c\x69\x26"
+ "\xed\x6b\xd2\x3b\x42\x64\xe3\x0c"
+ "\x15\xa6\xd1\xb6\x3e\x23\x76\x09"
+ "\x48\xd2\x08\x41\x76\xc9\x7d\x5f"
+ "\x50\x5d\x8e\xf9\x04\x96\xed\x3a"
+ "\xf8\x7c\x3b\x7d\x84\xba\xea\xe6"
+ "\x24\xd2\x0f\x7f\x5a\x0b\x6f\xd9"
+ "\x33\x14\x67\xfb\x9f\xe7\x44\x4e"
+ "\x3b\x4b\x06\xaa\xb4\x7a\x8b\x83"
+ "\x82\x74\xa6\x5e\x10\xea\xd6\x4b"
+ "\x56\x32\xd7\x79\x7c\x05\xf4\x64"
+ "\x9c\x64\x25\x9c\xc2\xda\x21\x9a"
+ "\xd8\xde\x37\x83\x3f\xd8\x83\xa2"
+ "\x1e\x3c\x1e\x41\x7e\xf2\x97\x84"
+ "\xe5\xa2\x02\x2b\x6e\xc5\xd7\x91"
+ "\x24\x66\xc1\xf0\x05\x1c\x0f\x3d"
+ "\xcf\x63\x94\x10\x2e\x0e\x89\xda"
+ "\x0d\xe9\x58\x2a\x48\x0c\xc8\x36"
+ "\xc4\x7b\xf0\xd3\xe2\x5b\xf1\xf6"
+ "\xad\x3d\xe7\x25\x6b\x83\x08\x5c"
+ "\xd9\x79\xde\x93\x37\x93\x92\x46"
+ "\xe7\xf4\x1c\x9e\x94\x91\x30\xd9"
+ "\xb6\x57\xf1\x04\xb5\x2f\xe3\xb9"
+ "\x0a\x78\xfe\xcb\xb5\x31\xc1\xc6"
+ "\x99\xb3\xaf\x73\xfb\x69\xcb\x49"
+ "\xd2\xec\xea\xd3\x0f\x45\x13\x23"
+ "\xc8\xae\x92\x29\xce\x71\xd0\xba"
+ "\xcf\xfd\xb2\x14\x61\xfd\xf6\x7b"
+ "\xdf\x05\xe5\xbb\x58\xf7\x41\x3b"
+ "\x6e\xd2\x14\x28\x7c\x15\xb7\x70"
+ "\xca\xc7\x7a\xd7\x4e\x4b\x35\x6e"
+ "\x9e\x09\x24\x33\xaf\xca\x41\x1f"
+ "\x0d\xe3\xf1\x7c\x35\xcb\xe2\x0a"
+ "\xb2\xeb\x94\x7a\xbc\x53\xd7\xe1"
+ "\x5e\xbc\xa1\x55\xef\x3c\x37\xef"
+ "\x6d\xfe\x3a\xcd\xcf\x48\x36\x26"
+ "\xdb\x3e\x44\xdd\xc8\x03\xa6\xa6"
+ "\x85\xb5\xfe\xf3\xec\x44\xb3\x22"
+ "\x9d\x21\x82\xc6\x0b\x1a\x7c\xc6"
+ "\xf7\xa9\x8e\x7e\x13\x1a\x85\x1f"
+ "\x93\x81\x38\x47\xc0\x83\x21\xa3"
+ "\xde\xec\xc0\x8f\x4c\x3b\x57\x2f"
+ "\x92\xbb\x66\xe3\x24\xeb\xae\x1e"
+ "\xb3\x18\x57\xf2\xf3\x4a\x50\x52"
+ "\xe9\x91\x08\x1f\x85\x44\xc1\x07"
+ "\xa1\xd3\x62\xe9\xe0\x82\x38\xfd"
+ "\x27\x3f\x7e\x10\x7d\xaf\xa1\x7a"
+ "\xf0\xaa\x79\xee\x6e\xa2\xc0\xbb"
+ "\x01\xda\xfb\xc4\x85\x26\x85\x31"
+ "\x15\xf4\x3c\xe0\x96\x79\x0e\xd7"
+ "\x50\x68\x37\x57\xb5\x31\xf7\x3c"
+ "\xbd\xaa\xcc\x2c\x8f\x57\x59\xa5"
+ "\xd4\x4b\xc6\x45\xc0\x32\x3d\x85"
+ "\x6d\xee\xf4\x6b\x63\xf9\x3a\xfb"
+ "\x2f\xdb\xb8\x42\x19\x8e\x88\x1f"
+ "\xfd\x7d\x0b\x69\x14\x8f\x36\xb2"
+ "\xd9\x27\x34\x53\x9c\x52\x00\x94"
+ "\xcc\x8b\x37\x82\xaf\x8e\xb3\xc0"
+ "\x8a\xcf\x44\xc6\x3a\x19\xbe\x1f"
+ "\x23\x33\x68\xc4\xb6\xbb\x13\x20"
+ "\xec\x6a\x87\x5b\xc2\x7c\xd3\x04"
+ "\x34\x97\x32\xd5\x11\x02\x06\x45"
+ "\x98\x0b\xaa\xab\xbe\xfb\xd0\x2c"
+ "\x0e\xf1\x8b\x7f\x1c\x70\x85\x67"
+ "\x60\x50\x66\x79\xbb\x45\x21\xc4"
+ "\xb5\xd3\xb9\x4f\xe5\x41\x49\x86"
+ "\x6b\x20\xef\xac\x16\x74\xe9\x23"
+ "\xa5\x2d\x5c\x2b\x85\xb2\x33\xe8"
+ "\x2a\xd1\x24\xd1\x5b\x9b\x7f\xfc"
+ "\x2f\x3b\xf7\x6a\x8b\xde\x55\x7e"
+ "\xda\x13\x1b\xd6\x90\x74\xb0\xbe"
+ "\x46\x0d\xcf\xc7\x78\x33\x31\xdc"
+ "\x6a\x6a\x50\x3e\x4c\xe2\xab\x48"
+ "\xbc\x4e\x7d\x62\xb9\xfc\xdd\x85"
+ "\x1c\x5d\x93\x15\x5e\x01\xd9\x2b"
+ "\x48\x71\x82\xd6\x44\xd6\x0e\x92"
+ "\x6e\x75\xc9\x3c\x1d\x31\x18\x6f"
+ "\x8b\xd7\x18\xf3\x09\x08\x45\xb1"
+ "\x3e\xa4\x25\xc6\x34\x48\xaf\x42"
+ "\x77\x33\x03\x65\x3e\x2f\xff\x8f"
+ "\xe9\xe1\xa0\xfe\xb2\xc3\x80\x77"
+ "\x20\x05\xe4\x9b\x47\x3b\xb2\xbd",
+ .len = 4096,
+ }
+};
+
/*
* CTS (Cipher Text Stealing) mode tests
*/
@@ -31018,6 +29763,86 @@
},
};
+static const struct comp_testvec lzorle_comp_tv_template[] = {
+ {
+ .inlen = 70,
+ .outlen = 59,
+ .input = "Join us now and share the software "
+ "Join us now and share the software ",
+ .output = "\x11\x01\x00\x0d\x4a\x6f\x69\x6e"
+ "\x20\x75\x73\x20\x6e\x6f\x77\x20"
+ "\x61\x6e\x64\x20\x73\x68\x61\x72"
+ "\x65\x20\x74\x68\x65\x20\x73\x6f"
+ "\x66\x74\x77\x70\x01\x32\x88\x00"
+ "\x0c\x65\x20\x74\x68\x65\x20\x73"
+ "\x6f\x66\x74\x77\x61\x72\x65\x20"
+ "\x11\x00\x00",
+ }, {
+ .inlen = 159,
+ .outlen = 133,
+ .input = "This document describes a compression method based on the LZO "
+ "compression algorithm. This document defines the application of "
+ "the LZO algorithm used in UBIFS.",
+ .output = "\x11\x01\x00\x2c\x54\x68\x69\x73"
+ "\x20\x64\x6f\x63\x75\x6d\x65\x6e"
+ "\x74\x20\x64\x65\x73\x63\x72\x69"
+ "\x62\x65\x73\x20\x61\x20\x63\x6f"
+ "\x6d\x70\x72\x65\x73\x73\x69\x6f"
+ "\x6e\x20\x6d\x65\x74\x68\x6f\x64"
+ "\x20\x62\x61\x73\x65\x64\x20\x6f"
+ "\x6e\x20\x74\x68\x65\x20\x4c\x5a"
+ "\x4f\x20\x2a\x8c\x00\x09\x61\x6c"
+ "\x67\x6f\x72\x69\x74\x68\x6d\x2e"
+ "\x20\x20\x2e\x54\x01\x03\x66\x69"
+ "\x6e\x65\x73\x20\x74\x06\x05\x61"
+ "\x70\x70\x6c\x69\x63\x61\x74\x76"
+ "\x0a\x6f\x66\x88\x02\x60\x09\x27"
+ "\xf0\x00\x0c\x20\x75\x73\x65\x64"
+ "\x20\x69\x6e\x20\x55\x42\x49\x46"
+ "\x53\x2e\x11\x00\x00",
+ },
+};
+
+static const struct comp_testvec lzorle_decomp_tv_template[] = {
+ {
+ .inlen = 133,
+ .outlen = 159,
+ .input = "\x00\x2b\x54\x68\x69\x73\x20\x64"
+ "\x6f\x63\x75\x6d\x65\x6e\x74\x20"
+ "\x64\x65\x73\x63\x72\x69\x62\x65"
+ "\x73\x20\x61\x20\x63\x6f\x6d\x70"
+ "\x72\x65\x73\x73\x69\x6f\x6e\x20"
+ "\x6d\x65\x74\x68\x6f\x64\x20\x62"
+ "\x61\x73\x65\x64\x20\x6f\x6e\x20"
+ "\x74\x68\x65\x20\x4c\x5a\x4f\x2b"
+ "\x8c\x00\x0d\x61\x6c\x67\x6f\x72"
+ "\x69\x74\x68\x6d\x2e\x20\x20\x54"
+ "\x68\x69\x73\x2a\x54\x01\x02\x66"
+ "\x69\x6e\x65\x73\x94\x06\x05\x61"
+ "\x70\x70\x6c\x69\x63\x61\x74\x76"
+ "\x0a\x6f\x66\x88\x02\x60\x09\x27"
+ "\xf0\x00\x0c\x20\x75\x73\x65\x64"
+ "\x20\x69\x6e\x20\x55\x42\x49\x46"
+ "\x53\x2e\x11\x00\x00",
+ .output = "This document describes a compression method based on the LZO "
+ "compression algorithm. This document defines the application of "
+ "the LZO algorithm used in UBIFS.",
+ }, {
+ .inlen = 59,
+ .outlen = 70,
+ .input = "\x11\x01\x00\x0d\x4a\x6f\x69\x6e"
+ "\x20\x75\x73\x20\x6e\x6f\x77\x20"
+ "\x61\x6e\x64\x20\x73\x68\x61\x72"
+ "\x65\x20\x74\x68\x65\x20\x73\x6f"
+ "\x66\x74\x77\x70\x01\x32\x88\x00"
+ "\x0c\x65\x20\x74\x68\x65\x20\x73"
+ "\x6f\x66\x74\x77\x61\x72\x65\x20"
+ "\x11\x00\x00",
+ .output = "Join us now and share the software "
+ "Join us now and share the software ",
+ },
+};
+
/*
* Michael MIC test vectors from IEEE 802.11i
*/
@@ -31243,8 +30068,6 @@
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 240,
.digest = "\x6c\xc6\x56\xde",
- .np = 2,
- .tap = { 31, 209 }
}, {
.key = "\xff\xff\xff\xff",
.ksize = 4,
@@ -31684,8 +30507,6 @@
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 240,
.digest = "\x75\xd3\xc5\x24",
- .np = 2,
- .tap = { 31, 209 }
}, {
.key = "\xff\xff\xff\xff",
.ksize = 4,
@@ -31950,6 +30771,112 @@
}
};
+static const struct hash_testvec xxhash64_tv_template[] = {
+ {
+ .psize = 0,
+ .digest = "\x99\xe9\xd8\x51\x37\xdb\x46\xef",
+ },
+ {
+ .plaintext = "\x40",
+ .psize = 1,
+ .digest = "\x20\x5c\x91\xaa\x88\xeb\x59\xd0",
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b",
+ .psize = 14,
+ .digest = "\xa8\xe8\x2b\xa9\x92\xa1\x37\x4a",
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b\x42\xe0"
+ "\xd4\x38\xa5\x2a\x26\xa5\x19\x4b"
+ "\x57\x65\x7f\xad\xc3\x7d\xca\x40"
+ "\x31\x65\x05\xbb\x31\xae\x51\x11"
+ "\xa8\xc0\xb3\x28\x42\xeb\x3c\x46"
+ "\xc8\xed\xed\x0f\x8d\x0b\xfa\x6e"
+ "\xbc\xe3\x88\x53\xca\x8f\xc8\xd9"
+ "\x41\x26\x7a\x3d\x21\xdb\x1a\x3c"
+ "\x01\x1d\xc9\xe9\xb7\x3a\x78\x67"
+ "\x57\x20\x94\xf1\x1e\xfd\xce\x39"
+ "\x99\x57\x69\x39\xa5\xd0\x8d\xd9"
+ "\x43\xfe\x1d\x66\x04\x3c\x27\x6a"
+ "\xe1\x0d\xe7\xc9\xfa\xc9\x07\x56"
+ "\xa5\xb3\xec\xd9\x1f\x42\x65\x66"
+ "\xaa\xbf\x87\x9b\xc5\x41\x9c\x27"
+ "\x3f\x2f\xa9\x55\x93\x01\x27\x33"
+ "\x43\x99\x4d\x81\x85\xae\x82\x00"
+ "\x6c\xd0\xd1\xa3\x57\x18\x06\xcc"
+ "\xec\x72\xf7\x8e\x87\x2d\x1f\x5e"
+ "\xd7\x5b\x1f\x36\x4c\xfa\xfd\x18"
+ "\x89\x76\xd3\x5e\xb5\x5a\xc0\x01"
+ "\xd2\xa1\x9a\x50\xe6\x08\xb4\x76"
+ "\x56\x4f\x0e\xbc\x54\xfc\x67\xe6"
+ "\xb9\xc0\x28\x4b\xb5\xc3\xff\x79"
+ "\x52\xea\xa1\x90\xc3\xaf\x08\x70"
+ "\x12\x02\x0c\xdb\x94\x00\x38\x95"
+ "\xed\xfd\x08\xf7\xe8\x04",
+ .psize = 222,
+ .digest = "\x41\xfc\xd4\x29\xfe\xe7\x85\x17",
+ },
+ {
+ .psize = 0,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\xef\x17\x9b\x92\xa2\xfd\x75\xac",
+ },
+
+ {
+ .plaintext = "\x40",
+ .psize = 1,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\xd1\x70\x4f\x14\x02\xc4\x9e\x71",
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b",
+ .psize = 14,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\xa4\xcd\xfe\x8e\x37\xe2\x1c\x64"
+ },
+ {
+ .plaintext = "\x40\x8b\xb8\x41\xe4\x42\x15\x2d"
+ "\x88\xc7\x9a\x09\x1a\x9b\x42\xe0"
+ "\xd4\x38\xa5\x2a\x26\xa5\x19\x4b"
+ "\x57\x65\x7f\xad\xc3\x7d\xca\x40"
+ "\x31\x65\x05\xbb\x31\xae\x51\x11"
+ "\xa8\xc0\xb3\x28\x42\xeb\x3c\x46"
+ "\xc8\xed\xed\x0f\x8d\x0b\xfa\x6e"
+ "\xbc\xe3\x88\x53\xca\x8f\xc8\xd9"
+ "\x41\x26\x7a\x3d\x21\xdb\x1a\x3c"
+ "\x01\x1d\xc9\xe9\xb7\x3a\x78\x67"
+ "\x57\x20\x94\xf1\x1e\xfd\xce\x39"
+ "\x99\x57\x69\x39\xa5\xd0\x8d\xd9"
+ "\x43\xfe\x1d\x66\x04\x3c\x27\x6a"
+ "\xe1\x0d\xe7\xc9\xfa\xc9\x07\x56"
+ "\xa5\xb3\xec\xd9\x1f\x42\x65\x66"
+ "\xaa\xbf\x87\x9b\xc5\x41\x9c\x27"
+ "\x3f\x2f\xa9\x55\x93\x01\x27\x33"
+ "\x43\x99\x4d\x81\x85\xae\x82\x00"
+ "\x6c\xd0\xd1\xa3\x57\x18\x06\xcc"
+ "\xec\x72\xf7\x8e\x87\x2d\x1f\x5e"
+ "\xd7\x5b\x1f\x36\x4c\xfa\xfd\x18"
+ "\x89\x76\xd3\x5e\xb5\x5a\xc0\x01"
+ "\xd2\xa1\x9a\x50\xe6\x08\xb4\x76"
+ "\x56\x4f\x0e\xbc\x54\xfc\x67\xe6"
+ "\xb9\xc0\x28\x4b\xb5\xc3\xff\x79"
+ "\x52\xea\xa1\x90\xc3\xaf\x08\x70"
+ "\x12\x02\x0c\xdb\x94\x00\x38\x95"
+ "\xed\xfd\x08\xf7\xe8\x04",
+ .psize = 222,
+ .key = "\xb1\x79\x37\x9e\x00\x00\x00\x00",
+ .ksize = 8,
+ .digest = "\x58\xbc\x55\xf2\x42\x81\x5c\xf0"
+ },
+};
+
static const struct comp_testvec lz4_comp_tv_template[] = {
{
.inlen = 255,
@@ -32143,4 +31070,501 @@
"functions.",
},
};
+
+/* based on aes_cbc_tv_template */
+static const struct cipher_testvec essiv_aes_cbc_tv_template[] = {
+ {
+ .key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+ "\x51\x2e\x03\xd5\x34\x12\x00\x06",
+ .klen = 16,
+ .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "Single block msg",
+ .ctext = "\xfa\x59\xe7\x5f\x41\x56\x65\xc3"
+ "\x36\xca\x6b\x72\x10\x9f\x8c\xd4",
+ .len = 16,
+ }, {
+ .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
+ "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
+ .klen = 16,
+ .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .ctext = "\xc8\x59\x9a\xfe\x79\xe6\x7b\x20"
+ "\x06\x7d\x55\x0a\x5e\xc7\xb5\xa7"
+ "\x0b\x9c\x80\xd2\x15\xa1\xb8\x6d"
+ "\xc6\xab\x7b\x65\xd9\xfd\x88\xeb",
+ .len = 32,
+ }, {
+ .key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
+ "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+ .klen = 24,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\x96\x6d\xa9\x7a\x42\xe6\x01\xc7"
+ "\x17\xfc\xa7\x41\xd3\x38\x0b\xe5"
+ "\x51\x48\xf7\x7e\x5e\x26\xa9\xfe"
+ "\x45\x72\x1c\xd9\xde\xab\xf3\x4d"
+ "\x39\x47\xc5\x4f\x97\x3a\x55\x63"
+ "\x80\x29\x64\x4c\x33\xe8\x21\x8a"
+ "\x6a\xef\x6b\x6a\x8f\x43\xc0\xcb"
+ "\xf0\xf3\x6e\x74\x54\x44\x92\x44",
+ .len = 64,
+ }, {
+ .key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
+ "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
+ "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+ .klen = 32,
+ .iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .ctext = "\x24\x52\xf1\x48\x74\xd0\xa7\x93"
+ "\x75\x9b\x63\x46\xc0\x1c\x1e\x17"
+ "\x4d\xdc\x5b\x3a\x27\x93\x2a\x63"
+ "\xf7\xf1\xc7\xb3\x54\x56\x5b\x50"
+ "\xa3\x31\xa5\x8b\xd6\xfd\xb6\x3c"
+ "\x8b\xf6\xf2\x45\x05\x0c\xc8\xbb"
+ "\x32\x0b\x26\x1c\xe9\x8b\x02\xc0"
+ "\xb2\x6f\x37\xa7\x5b\xa8\xa9\x42",
+ .len = 64,
+ }, {
+ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55"
+ "\x0F\x32\x55\x78\x9B\xBE\x78\x9B"
+ "\xBE\xE1\x04\x27\xE1\x04\x27\x4A"
+ "\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9",
+ .klen = 32,
+ .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
+ "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
+ "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
+ "\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
+ "\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
+ "\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
+ "\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
+ "\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
+ "\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
+ "\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
+ "\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
+ "\x22\x8B\x17\x80\xE9\x52\xDE\x47"
+ "\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
+ "\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
+ "\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
+ "\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
+ "\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
+ "\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
+ "\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
+ "\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
+ "\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
+ "\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
+ "\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
+ "\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
+ "\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
+ "\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
+ "\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
+ "\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
+ "\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
+ "\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
+ "\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
+ "\xC6\x2F\xBB\x24\x8D\x19\x82\xEB"
+ "\x54\xE0\x49\xB2\x1B\xA7\x10\x79"
+ "\x05\x6E\xD7\x40\xCC\x35\x9E\x07"
+ "\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8"
+ "\x21\x8A\x16\x7F\xE8\x51\xDD\x46"
+ "\xAF\x18\xA4\x0D\x76\x02\x6B\xD4"
+ "\x3D\xC9\x32\x9B\x04\x90\xF9\x62"
+ "\xEE\x57\xC0\x29\xB5\x1E\x87\x13"
+ "\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1"
+ "\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F"
+ "\x98\x01\x8D\xF6\x5F\xEB\x54\xBD"
+ "\x26\xB2\x1B\x84\x10\x79\xE2\x4B"
+ "\xD7\x40\xA9\x12\x9E\x07\x70\xFC"
+ "\x65\xCE\x37\xC3\x2C\x95\x21\x8A"
+ "\xF3\x5C\xE8\x51\xBA\x23\xAF\x18"
+ "\x81\x0D\x76\xDF\x48\xD4\x3D\xA6"
+ "\x0F\x9B\x04\x6D\xF9\x62\xCB\x34"
+ "\xC0\x29\x92\x1E\x87\xF0\x59\xE5"
+ "\x4E\xB7\x20\xAC\x15\x7E\x0A\x73"
+ "\xDC\x45\xD1\x3A\xA3\x0C\x98\x01"
+ "\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F"
+ "\x1B\x84\xED\x56\xE2\x4B\xB4\x1D"
+ "\xA9\x12\x7B\x07\x70\xD9\x42\xCE"
+ "\x37\xA0\x09\x95\xFE\x67\xF3\x5C"
+ "\xC5\x2E\xBA\x23\x8C\x18\x81\xEA"
+ "\x53\xDF\x48\xB1\x1A\xA6\x0F\x78"
+ "\x04\x6D\xD6\x3F\xCB\x34\x9D\x06"
+ "\x92\xFB\x64\xF0\x59\xC2\x2B\xB7"
+ "\x20\x89\x15\x7E\xE7\x50\xDC\x45"
+ "\xAE\x17\xA3\x0C\x75\x01\x6A\xD3"
+ "\x3C\xC8\x31\x9A\x03\x8F\xF8\x61"
+ "\xED\x56\xBF\x28\xB4\x1D\x86\x12",
+ .ctext = "\x97\x7f\x69\x0f\x0f\x34\xa6\x33"
+ "\x66\x49\x7e\xd0\x4d\x1b\xc9\x64"
+ "\xf9\x61\x95\x98\x11\x00\x88\xf8"
+ "\x2e\x88\x01\x0f\x2b\xe1\xae\x3e"
+ "\xfe\xd6\x47\x30\x11\x68\x7d\x99"
+ "\xad\x69\x6a\xe8\x41\x5f\x1e\x16"
+ "\x00\x3a\x47\xdf\x8e\x7d\x23\x1c"
+ "\x19\x5b\x32\x76\x60\x03\x05\xc1"
+ "\xa0\xff\xcf\xcc\x74\x39\x46\x63"
+ "\xfe\x5f\xa6\x35\xa7\xb4\xc1\xf9"
+ "\x4b\x5e\x38\xcc\x8c\xc1\xa2\xcf"
+ "\x9a\xc3\xae\x55\x42\x46\x93\xd9"
+ "\xbd\x22\xd3\x8a\x19\x96\xc3\xb3"
+ "\x7d\x03\x18\xf9\x45\x09\x9c\xc8"
+ "\x90\xf3\x22\xb3\x25\x83\x9a\x75"
+ "\xbb\x04\x48\x97\x3a\x63\x08\x04"
+ "\xa0\x69\xf6\x52\xd4\x89\x93\x69"
+ "\xb4\x33\xa2\x16\x58\xec\x4b\x26"
+ "\x76\x54\x10\x0b\x6e\x53\x1e\xbc"
+ "\x16\x18\x42\xb1\xb1\xd3\x4b\xda"
+ "\x06\x9f\x8b\x77\xf7\xab\xd6\xed"
+ "\xa3\x1d\x90\xda\x49\x38\x20\xb8"
+ "\x6c\xee\xae\x3e\xae\x6c\x03\xb8"
+ "\x0b\xed\xc8\xaa\x0e\xc5\x1f\x90"
+ "\x60\xe2\xec\x1b\x76\xd0\xcf\xda"
+ "\x29\x1b\xb8\x5a\xbc\xf4\xba\x13"
+ "\x91\xa6\xcb\x83\x3f\xeb\xe9\x7b"
+ "\x03\xba\x40\x9e\xe6\x7a\xb2\x4a"
+ "\x73\x49\xfc\xed\xfb\x55\xa4\x24"
+ "\xc7\xa4\xd7\x4b\xf5\xf7\x16\x62"
+ "\x80\xd3\x19\x31\x52\x25\xa8\x69"
+ "\xda\x9a\x87\xf5\xf2\xee\x5d\x61"
+ "\xc1\x12\x72\x3e\x52\x26\x45\x3a"
+ "\xd8\x9d\x57\xfa\x14\xe2\x9b\x2f"
+ "\xd4\xaa\x5e\x31\xf4\x84\x89\xa4"
+ "\xe3\x0e\xb0\x58\x41\x75\x6a\xcb"
+ "\x30\x01\x98\x90\x15\x80\xf5\x27"
+ "\x92\x13\x81\xf0\x1c\x1e\xfc\xb1"
+ "\x33\xf7\x63\xb0\x67\xec\x2e\x5c"
+ "\x85\xe3\x5b\xd0\x43\x8a\xb8\x5f"
+ "\x44\x9f\xec\x19\xc9\x8f\xde\xdf"
+ "\x79\xef\xf8\xee\x14\x87\xb3\x34"
+ "\x76\x00\x3a\x9b\xc7\xed\xb1\x3d"
+ "\xef\x07\xb0\xe4\xfd\x68\x9e\xeb"
+ "\xc2\xb4\x1a\x85\x9a\x7d\x11\x88"
+ "\xf8\xab\x43\x55\x2b\x8a\x4f\x60"
+ "\x85\x9a\xf4\xba\xae\x48\x81\xeb"
+ "\x93\x07\x97\x9e\xde\x2a\xfc\x4e"
+ "\x31\xde\xaa\x44\xf7\x2a\xc3\xee"
+ "\x60\xa2\x98\x2c\x0a\x88\x50\xc5"
+ "\x6d\x89\xd3\xe4\xb6\xa7\xf4\xb0"
+ "\xcf\x0e\x89\xe3\x5e\x8f\x82\xf4"
+ "\x9d\xd1\xa9\x51\x50\x8a\xd2\x18"
+ "\x07\xb2\xaa\x3b\x7f\x58\x9b\xf4"
+ "\xb7\x24\x39\xd3\x66\x2f\x1e\xc0"
+ "\x11\xa3\x56\x56\x2a\x10\x73\xbc"
+ "\xe1\x23\xbf\xa9\x37\x07\x9c\xc3"
+ "\xb2\xc9\xa8\x1c\x5b\x5c\x58\xa4"
+ "\x77\x02\x26\xad\xc3\x40\x11\x53"
+ "\x93\x68\x72\xde\x05\x8b\x10\xbc"
+ "\xa6\xd4\x1b\xd9\x27\xd8\x16\x12"
+ "\x61\x2b\x31\x2a\x44\x87\x96\x58",
+ .len = 496,
+ },
+};
+
+/* based on hmac_sha256_aes_cbc_tv_temp */
+static const struct aead_testvec essiv_hmac_sha256_aes_cbc_tv_temp[] = {
+ {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+ "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
+ "\x51\x2e\x03\xd5\x34\x12\x00\x06",
+ .klen = 8 + 32 + 16,
+ .iv = "\xb3\x0c\x5a\x11\x41\xad\xc1\x04"
+ "\xbc\x1e\x7e\x35\xb0\x5d\x78\x29",
+ .assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
+ "\xb4\x22\xda\x80\x2c\x9f\xac\x41",
+ .alen = 16,
+ .ptext = "Single block msg",
+ .plen = 16,
+ .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
+ "\x27\x08\x94\x2d\xbe\x77\x18\x1a"
+ "\xcc\xde\x2d\x6a\xae\xf1\x0b\xcc"
+ "\x38\x06\x38\x51\xb4\xb8\xf3\x5b"
+ "\x5c\x34\xa6\xa3\x6e\x0b\x05\xe5"
+ "\x6a\x6d\x44\xaa\x26\xa8\x44\xa5",
+ .clen = 16 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x20\x21\x22\x23\x24\x25\x26\x27"
+ "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
+ "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
+ "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
+ .klen = 8 + 32 + 16,
+ .iv = "\x56\xe8\x14\xa5\x74\x18\x75\x13"
+ "\x2f\x79\xe7\xc8\x65\xe3\x48\x45",
+ .assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
+ "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
+ .alen = 16,
+ .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
+ .plen = 32,
+ .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
+ "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
+ "\x75\x86\x60\x2d\x25\x3c\xff\xf9"
+ "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
+ "\xf5\x33\x53\xf3\x68\x85\x2a\x99"
+ "\x0e\x06\x58\x8f\xba\xf6\x06\xda"
+ "\x49\x69\x0d\x5b\xd4\x36\x06\x62"
+ "\x35\x5e\x54\x58\x53\x4d\xdf\xbf",
+ .clen = 32 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x6c\x3e\xa0\x47\x76\x30\xce\x21"
+ "\xa2\xce\x33\x4a\xa7\x46\xc2\xcd",
+ .klen = 8 + 32 + 16,
+ .iv = "\x1f\x6b\xfb\xd6\x6b\x72\x2f\xc9"
+ "\xb6\x9f\x8c\x10\xa8\x96\x15\x64",
+ .assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
+ "\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
+ .alen = 16,
+ .ptext = "This is a 48-byte message (exactly 3 AES blocks)",
+ .plen = 48,
+ .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
+ "\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
+ "\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
+ "\x50\x69\x39\x27\x67\x72\xf8\xd5"
+ "\x02\x1c\x19\x21\x6b\xad\x52\x5c"
+ "\x85\x79\x69\x5d\x83\xba\x26\x84"
+ "\x68\xb9\x3e\x90\x38\xa0\x88\x01"
+ "\xe7\xc6\xce\x10\x31\x2f\x9b\x1d"
+ "\x24\x78\xfb\xbe\x02\xe0\x4f\x40"
+ "\x10\xbd\xaa\xc6\xa7\x79\xe0\x1a",
+ .clen = 48 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x56\xe4\x7a\x38\xc5\x59\x89\x74"
+ "\xbc\x46\x90\x3d\xba\x29\x03\x49",
+ .klen = 8 + 32 + 16,
+ .iv = "\x13\xe5\xf2\xef\x61\x97\x59\x35"
+ "\x9b\x36\x84\x46\x4e\x63\xd1\x41",
+ .assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
+ "\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
+ .alen = 16,
+ .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
+ "\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
+ "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
+ "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
+ "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
+ "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
+ "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
+ "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
+ .plen = 64,
+ .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
+ "\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
+ "\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
+ "\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
+ "\x35\x90\x7a\xa6\x32\xc3\xff\xdf"
+ "\x86\x8b\xb7\xb2\x9d\x3d\x46\xad"
+ "\x83\xce\x9f\x9a\x10\x2e\xe9\x9d"
+ "\x49\xa5\x3e\x87\xf4\xc3\xda\x55"
+ "\x7a\x1b\xd4\x3c\xdb\x17\x95\xe2"
+ "\xe0\x93\xec\xc9\x9f\xf7\xce\xd8"
+ "\x3f\x54\xe2\x49\x39\xe3\x71\x25"
+ "\x2b\x6c\xe9\x5d\xec\xec\x2b\x64",
+ .clen = 64 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x10" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x90\xd3\x82\xb4\x10\xee\xba\x7a"
+ "\xd9\x38\xc4\x6c\xec\x1a\x82\xbf",
+ .klen = 8 + 32 + 16,
+ .iv = "\xe4\x13\xa1\x15\xe9\x6b\xb8\x23"
+ "\x81\x7a\x94\x29\xab\xfd\xd2\x2c",
+ .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
+ "\xe9\x6e\x8c\x08\xab\x46\x57\x63"
+ "\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
+ .alen = 24,
+ .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
+ "\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+ "\x10\x11\x12\x13\x14\x15\x16\x17"
+ "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
+ "\x20\x21\x22\x23\x24\x25\x26\x27"
+ "\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
+ "\x30\x31\x32\x33\x34\x35\x36\x37"
+ "\x01\x02\x03\x04\x05\x06\x07\x08"
+ "\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
+ .plen = 80,
+ .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
+ "\xa9\x45\x3e\x19\x4e\x12\x08\x49"
+ "\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
+ "\x33\x00\x13\xb4\x89\x8d\xc8\x56"
+ "\xa4\x69\x9e\x52\x3a\x55\xdb\x08"
+ "\x0b\x59\xec\x3a\x8e\x4b\x7e\x52"
+ "\x77\x5b\x07\xd1\xdb\x34\xed\x9c"
+ "\x53\x8a\xb5\x0c\x55\x1b\x87\x4a"
+ "\xa2\x69\xad\xd0\x47\xad\x2d\x59"
+ "\x13\xac\x19\xb7\xcf\xba\xd4\xa6"
+ "\xbb\xd4\x0f\xbe\xa3\x3b\x4c\xb8"
+ "\x3a\xd2\xe1\x03\x86\xa5\x59\xb7"
+ "\x73\xc3\x46\x20\x2c\xb1\xef\x68"
+ "\xbb\x8a\x32\x7e\x12\x8c\x69\xcf",
+ .clen = 80 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x18" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
+ "\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
+ "\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
+ .klen = 8 + 32 + 24,
+ .iv = "\x49\xca\x41\xc9\x6b\xbf\x6c\x98"
+ "\x38\x2f\xa7\x3d\x4d\x80\x49\xb0",
+ .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .alen = 16,
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .plen = 64,
+ .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
+ "\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
+ "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
+ "\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
+ "\x57\x1b\x24\x20\x12\xfb\x7a\xe0"
+ "\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
+ "\x08\xb0\xe2\x79\x88\x59\x88\x81"
+ "\xd9\x20\xa9\xe6\x4f\x56\x15\xcd"
+ "\x2f\xee\x5f\xdb\x66\xfe\x79\x09"
+ "\x61\x81\x31\xea\x5b\x3d\x8e\xfb"
+ "\xca\x71\x85\x93\xf7\x85\x55\x8b"
+ "\x7a\xe4\x94\xca\x8b\xba\x19\x33",
+ .clen = 64 + 32,
+ }, {
+#ifdef __LITTLE_ENDIAN
+ .key = "\x08\x00" /* rta length */
+ "\x01\x00" /* rta type */
+#else
+ .key = "\x00\x08" /* rta length */
+ "\x00\x01" /* rta type */
+#endif
+ "\x00\x00\x00\x20" /* enc key length */
+ "\x11\x22\x33\x44\x55\x66\x77\x88"
+ "\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
+ "\x22\x33\x44\x55\x66\x77\x88\x99"
+ "\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
+ "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
+ "\x2b\x73\xae\xf0\x85\x7d\x77\x81"
+ "\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
+ "\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
+ .klen = 8 + 32 + 32,
+ .iv = "\xdf\xab\xf2\x7c\xdc\xe0\x33\x4c"
+ "\xf9\x75\xaf\xf9\x2f\x60\x3a\x9b",
+ .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
+ "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+ .alen = 16,
+ .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
+ "\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
+ "\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
+ "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
+ "\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
+ "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
+ "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
+ "\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
+ .plen = 64,
+ .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
+ "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
+ "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
+ "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
+ "\x39\xf2\x33\x69\xa9\xd9\xba\xcf"
+ "\xa5\x30\xe2\x63\x04\x23\x14\x61"
+ "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
+ "\xda\x6c\x19\x07\x8c\x6a\x9d\x1b"
+ "\x24\x29\xed\xc2\x31\x49\xdb\xb1"
+ "\x8f\x74\xbd\x17\x92\x03\xbe\x8f"
+ "\xf3\x61\xde\x1c\xe9\xdb\xcd\xd0"
+ "\xcc\xce\xe9\x85\x57\xcf\x6f\x5f",
+ .clen = 64 + 32,
+ },
+};
+
#endif /* _CRYPTO_TESTMGR_H */
diff --git a/crypto/tgr192.c b/crypto/tgr192.c
index 022d3dd..052648e 100644
--- a/crypto/tgr192.c
+++ b/crypto/tgr192.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Cryptographic API.
*
@@ -14,19 +15,14 @@
*
* Adapted for Linux Kernel Crypto by Aaron Grothe
* ajgrothe@yahoo.com, February 22, 2005
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
*/
#include <crypto/internal/hash.h>
#include <linux/init.h>
#include <linux/module.h>
#include <linux/mm.h>
-#include <asm/byteorder.h>
#include <linux/types.h>
+#include <asm/byteorder.h>
+#include <asm/unaligned.h>
#define TGR192_DIGEST_SIZE 24
#define TGR160_DIGEST_SIZE 20
@@ -468,10 +464,9 @@
u64 a, b, c, aa, bb, cc;
u64 x[8];
int i;
- const __le64 *ptr = (const __le64 *)data;
for (i = 0; i < 8; i++)
- x[i] = le64_to_cpu(ptr[i]);
+ x[i] = get_unaligned_le64(data + i * sizeof(__le64));
/* save */
a = aa = tctx->a;
@@ -635,9 +630,10 @@
.final = tgr192_final,
.descsize = sizeof(struct tgr192_ctx),
.base = {
- .cra_name = "tgr192",
- .cra_blocksize = TGR192_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "tgr192",
+ .cra_driver_name = "tgr192-generic",
+ .cra_blocksize = TGR192_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = TGR160_DIGEST_SIZE,
@@ -646,9 +642,10 @@
.final = tgr160_final,
.descsize = sizeof(struct tgr192_ctx),
.base = {
- .cra_name = "tgr160",
- .cra_blocksize = TGR192_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "tgr160",
+ .cra_driver_name = "tgr160-generic",
+ .cra_blocksize = TGR192_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = TGR128_DIGEST_SIZE,
@@ -657,9 +654,10 @@
.final = tgr128_final,
.descsize = sizeof(struct tgr192_ctx),
.base = {
- .cra_name = "tgr128",
- .cra_blocksize = TGR192_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "tgr128",
+ .cra_driver_name = "tgr128-generic",
+ .cra_blocksize = TGR192_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
} };
@@ -677,7 +675,7 @@
MODULE_ALIAS_CRYPTO("tgr160");
MODULE_ALIAS_CRYPTO("tgr128");
-module_init(tgr192_mod_init);
+subsys_initcall(tgr192_mod_init);
module_exit(tgr192_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/twofish_common.c b/crypto/twofish_common.c
index f3a0dd2..222fc76 100644
--- a/crypto/twofish_common.c
+++ b/crypto/twofish_common.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Common Twofish algorithm parts shared between the c and assembler
* implementations
@@ -13,20 +14,6 @@
* code and thus put it in the public domain. The subsequent authors
* have put this under the GNU General Public License.
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- *
* This code is a "clean room" implementation, written from the paper
* _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
* Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
diff --git a/crypto/twofish_generic.c b/crypto/twofish_generic.c
index 07e6243..4f7c033 100644
--- a/crypto/twofish_generic.c
+++ b/crypto/twofish_generic.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Twofish for CryptoAPI
*
@@ -12,20 +13,6 @@
* code and thus put it in the public domain. The subsequent authors
* have put this under the GNU General Public License.
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
- *
* This code is a "clean room" implementation, written from the paper
* _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
* Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
@@ -205,7 +192,7 @@
crypto_unregister_alg(&alg);
}
-module_init(twofish_mod_init);
+subsys_initcall(twofish_mod_init);
module_exit(twofish_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/vmac.c b/crypto/vmac.c
index 5f436df..f50a850 100644
--- a/crypto/vmac.c
+++ b/crypto/vmac.c
@@ -690,7 +690,7 @@
crypto_unregister_template(&vmac64_tmpl);
}
-module_init(vmac_module_init);
+subsys_initcall(vmac_module_init);
module_exit(vmac_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/wp512.c b/crypto/wp512.c
index 149e577..feadc13 100644
--- a/crypto/wp512.c
+++ b/crypto/wp512.c
@@ -1126,9 +1126,10 @@
.final = wp512_final,
.descsize = sizeof(struct wp512_ctx),
.base = {
- .cra_name = "wp512",
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "wp512",
+ .cra_driver_name = "wp512-generic",
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = WP384_DIGEST_SIZE,
@@ -1137,9 +1138,10 @@
.final = wp384_final,
.descsize = sizeof(struct wp512_ctx),
.base = {
- .cra_name = "wp384",
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "wp384",
+ .cra_driver_name = "wp384-generic",
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
}, {
.digestsize = WP256_DIGEST_SIZE,
@@ -1148,9 +1150,10 @@
.final = wp256_final,
.descsize = sizeof(struct wp512_ctx),
.base = {
- .cra_name = "wp256",
- .cra_blocksize = WP512_BLOCK_SIZE,
- .cra_module = THIS_MODULE,
+ .cra_name = "wp256",
+ .cra_driver_name = "wp256-generic",
+ .cra_blocksize = WP512_BLOCK_SIZE,
+ .cra_module = THIS_MODULE,
}
} };
@@ -1168,7 +1171,7 @@
MODULE_ALIAS_CRYPTO("wp384");
MODULE_ALIAS_CRYPTO("wp256");
-module_init(wp512_mod_init);
+subsys_initcall(wp512_mod_init);
module_exit(wp512_mod_fini);
MODULE_LICENSE("GPL");
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 25c75af..0bb26e8 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -1,19 +1,7 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* Copyright (C)2006 USAGI/WIDE Project
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
* Author:
* Kazunori Miyazawa <miyazawa@linux-ipv6.org>
*/
@@ -57,15 +45,17 @@
u8 ctx[];
};
+#define XCBC_BLOCKSIZE 16
+
static int crypto_xcbc_digest_setkey(struct crypto_shash *parent,
const u8 *inkey, unsigned int keylen)
{
unsigned long alignmask = crypto_shash_alignmask(parent);
struct xcbc_tfm_ctx *ctx = crypto_shash_ctx(parent);
- int bs = crypto_shash_blocksize(parent);
u8 *consts = PTR_ALIGN(&ctx->ctx[0], alignmask + 1);
int err = 0;
- u8 key1[bs];
+ u8 key1[XCBC_BLOCKSIZE];
+ int bs = sizeof(key1);
if ((err = crypto_cipher_setkey(ctx->child, inkey, keylen)))
return err;
@@ -212,7 +202,7 @@
return PTR_ERR(alg);
switch(alg->cra_blocksize) {
- case 16:
+ case XCBC_BLOCKSIZE:
break;
default:
goto out_put_alg;
@@ -280,7 +270,7 @@
crypto_unregister_template(&crypto_xcbc_tmpl);
}
-module_init(crypto_xcbc_module_init);
+subsys_initcall(crypto_xcbc_module_init);
module_exit(crypto_xcbc_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/xor.c b/crypto/xor.c
index bce9fe7..ea7349e 100644
--- a/crypto/xor.c
+++ b/crypto/xor.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/*
* xor.c : Multiple Devices driver for Linux
*
@@ -5,15 +6,6 @@
* Ingo Molnar, Matti Aarnio, Jakub Jelinek, Richard Henderson.
*
* Dispatch optimized RAID-5 checksumming functions.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2, or (at your option)
- * any later version.
- *
- * You should have received a copy of the GNU General Public License
- * (for example /usr/src/linux/COPYING); if not, write to the Free
- * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#define BH_TRACE 0
diff --git a/crypto/xts.c b/crypto/xts.c
index ccf55fb..ab11763 100644
--- a/crypto/xts.c
+++ b/crypto/xts.c
@@ -1,17 +1,11 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
/* XTS: as defined in IEEE1619/D16
* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
- * (sector sizes which are not a multiple of 16 bytes are,
- * however currently unsupported)
*
* Copyright (c) 2007 Rik Snel <rsnel@cube.dyndns.org>
*
* Based on ecb.c
* Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
*/
#include <crypto/internal/skcipher.h>
#include <crypto/scatterwalk.h>
@@ -26,8 +20,6 @@
#include <crypto/b128ops.h>
#include <crypto/gf128mul.h>
-#define XTS_BUFFER_SIZE 128u
-
struct priv {
struct crypto_skcipher *child;
struct crypto_cipher *tweak;
@@ -39,19 +31,9 @@
};
struct rctx {
- le128 buf[XTS_BUFFER_SIZE / sizeof(le128)];
-
le128 t;
-
- le128 *ext;
-
- struct scatterlist srcbuf[2];
- struct scatterlist dstbuf[2];
- struct scatterlist *src;
- struct scatterlist *dst;
-
- unsigned int left;
-
+ struct scatterlist *tail;
+ struct scatterlist sg[2];
struct skcipher_request subreq;
};
@@ -96,81 +78,28 @@
return err;
}
-static int post_crypt(struct skcipher_request *req)
+/*
+ * We compute the tweak masks twice (both before and after the ECB encryption or
+ * decryption) to avoid having to allocate a temporary buffer and/or make
+ * mutliple calls to the 'ecb(..)' instance, which usually would be slower than
+ * just doing the gf128mul_x_ble() calls again.
+ */
+static int xor_tweak(struct skcipher_request *req, bool second_pass, bool enc)
{
struct rctx *rctx = skcipher_request_ctx(req);
- le128 *buf = rctx->ext ?: rctx->buf;
- struct skcipher_request *subreq;
+ struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req);
+ const bool cts = (req->cryptlen % XTS_BLOCK_SIZE);
const int bs = XTS_BLOCK_SIZE;
struct skcipher_walk w;
- struct scatterlist *sg;
- unsigned offset;
+ le128 t = rctx->t;
int err;
- subreq = &rctx->subreq;
- err = skcipher_walk_virt(&w, subreq, false);
-
- while (w.nbytes) {
- unsigned int avail = w.nbytes;
- le128 *wdst;
-
- wdst = w.dst.virt.addr;
-
- do {
- le128_xor(wdst, buf++, wdst);
- wdst++;
- } while ((avail -= bs) >= bs);
-
- err = skcipher_walk_done(&w, avail);
+ if (second_pass) {
+ req = &rctx->subreq;
+ /* set to our TFM to enforce correct alignment: */
+ skcipher_request_set_tfm(req, tfm);
}
-
- rctx->left -= subreq->cryptlen;
-
- if (err || !rctx->left)
- goto out;
-
- rctx->dst = rctx->dstbuf;
-
- scatterwalk_done(&w.out, 0, 1);
- sg = w.out.sg;
- offset = w.out.offset;
-
- if (rctx->dst != sg) {
- rctx->dst[0] = *sg;
- sg_unmark_end(rctx->dst);
- scatterwalk_crypto_chain(rctx->dst, sg_next(sg), 2);
- }
- rctx->dst[0].length -= offset - sg->offset;
- rctx->dst[0].offset = offset;
-
-out:
- return err;
-}
-
-static int pre_crypt(struct skcipher_request *req)
-{
- struct rctx *rctx = skcipher_request_ctx(req);
- le128 *buf = rctx->ext ?: rctx->buf;
- struct skcipher_request *subreq;
- const int bs = XTS_BLOCK_SIZE;
- struct skcipher_walk w;
- struct scatterlist *sg;
- unsigned cryptlen;
- unsigned offset;
- bool more;
- int err;
-
- subreq = &rctx->subreq;
- cryptlen = subreq->cryptlen;
-
- more = rctx->left > cryptlen;
- if (!more)
- cryptlen = rctx->left;
-
- skcipher_request_set_crypt(subreq, rctx->src, rctx->dst,
- cryptlen, NULL);
-
- err = skcipher_walk_virt(&w, subreq, false);
+ err = skcipher_walk_virt(&w, req, false);
while (w.nbytes) {
unsigned int avail = w.nbytes;
@@ -181,65 +110,147 @@
wdst = w.dst.virt.addr;
do {
- *buf++ = rctx->t;
- le128_xor(wdst++, &rctx->t, wsrc++);
- gf128mul_x_ble(&rctx->t, &rctx->t);
+ if (unlikely(cts) &&
+ w.total - w.nbytes + avail < 2 * XTS_BLOCK_SIZE) {
+ if (!enc) {
+ if (second_pass)
+ rctx->t = t;
+ gf128mul_x_ble(&t, &t);
+ }
+ le128_xor(wdst, &t, wsrc);
+ if (enc && second_pass)
+ gf128mul_x_ble(&rctx->t, &t);
+ skcipher_walk_done(&w, avail - bs);
+ return 0;
+ }
+
+ le128_xor(wdst++, &t, wsrc++);
+ gf128mul_x_ble(&t, &t);
} while ((avail -= bs) >= bs);
err = skcipher_walk_done(&w, avail);
}
- skcipher_request_set_crypt(subreq, rctx->dst, rctx->dst,
- cryptlen, NULL);
-
- if (err || !more)
- goto out;
-
- rctx->src = rctx->srcbuf;
-
- scatterwalk_done(&w.in, 0, 1);
- sg = w.in.sg;
- offset = w.in.offset;
-
- if (rctx->src != sg) {
- rctx->src[0] = *sg;
- sg_unmark_end(rctx->src);
- scatterwalk_crypto_chain(rctx->src, sg_next(sg), 2);
- }
- rctx->src[0].length -= offset - sg->offset;
- rctx->src[0].offset = offset;
-
-out:
return err;
}
-static int init_crypt(struct skcipher_request *req, crypto_completion_t done)
+static int xor_tweak_pre(struct skcipher_request *req, bool enc)
+{
+ return xor_tweak(req, false, enc);
+}
+
+static int xor_tweak_post(struct skcipher_request *req, bool enc)
+{
+ return xor_tweak(req, true, enc);
+}
+
+static void cts_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+ le128 b;
+
+ if (!err) {
+ struct rctx *rctx = skcipher_request_ctx(req);
+
+ scatterwalk_map_and_copy(&b, rctx->tail, 0, XTS_BLOCK_SIZE, 0);
+ le128_xor(&b, &rctx->t, &b);
+ scatterwalk_map_and_copy(&b, rctx->tail, 0, XTS_BLOCK_SIZE, 1);
+ }
+
+ skcipher_request_complete(req, err);
+}
+
+static int cts_final(struct skcipher_request *req,
+ int (*crypt)(struct skcipher_request *req))
+{
+ struct priv *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
+ int offset = req->cryptlen & ~(XTS_BLOCK_SIZE - 1);
+ struct rctx *rctx = skcipher_request_ctx(req);
+ struct skcipher_request *subreq = &rctx->subreq;
+ int tail = req->cryptlen % XTS_BLOCK_SIZE;
+ le128 b[2];
+ int err;
+
+ rctx->tail = scatterwalk_ffwd(rctx->sg, req->dst,
+ offset - XTS_BLOCK_SIZE);
+
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE, 0);
+ memcpy(b + 1, b, tail);
+ scatterwalk_map_and_copy(b, req->src, offset, tail, 0);
+
+ le128_xor(b, &rctx->t, b);
+
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE + tail, 1);
+
+ skcipher_request_set_tfm(subreq, ctx->child);
+ skcipher_request_set_callback(subreq, req->base.flags, cts_done, req);
+ skcipher_request_set_crypt(subreq, rctx->tail, rctx->tail,
+ XTS_BLOCK_SIZE, NULL);
+
+ err = crypt(subreq);
+ if (err)
+ return err;
+
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE, 0);
+ le128_xor(b, &rctx->t, b);
+ scatterwalk_map_and_copy(b, rctx->tail, 0, XTS_BLOCK_SIZE, 1);
+
+ return 0;
+}
+
+static void encrypt_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ if (!err) {
+ struct rctx *rctx = skcipher_request_ctx(req);
+
+ rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = xor_tweak_post(req, true);
+
+ if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) {
+ err = cts_final(req, crypto_skcipher_encrypt);
+ if (err == -EINPROGRESS)
+ return;
+ }
+ }
+
+ skcipher_request_complete(req, err);
+}
+
+static void decrypt_done(struct crypto_async_request *areq, int err)
+{
+ struct skcipher_request *req = areq->data;
+
+ if (!err) {
+ struct rctx *rctx = skcipher_request_ctx(req);
+
+ rctx->subreq.base.flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;
+ err = xor_tweak_post(req, false);
+
+ if (!err && unlikely(req->cryptlen % XTS_BLOCK_SIZE)) {
+ err = cts_final(req, crypto_skcipher_decrypt);
+ if (err == -EINPROGRESS)
+ return;
+ }
+ }
+
+ skcipher_request_complete(req, err);
+}
+
+static int init_crypt(struct skcipher_request *req, crypto_completion_t compl)
{
struct priv *ctx = crypto_skcipher_ctx(crypto_skcipher_reqtfm(req));
struct rctx *rctx = skcipher_request_ctx(req);
- struct skcipher_request *subreq;
- gfp_t gfp;
+ struct skcipher_request *subreq = &rctx->subreq;
- subreq = &rctx->subreq;
+ if (req->cryptlen < XTS_BLOCK_SIZE)
+ return -EINVAL;
+
skcipher_request_set_tfm(subreq, ctx->child);
- skcipher_request_set_callback(subreq, req->base.flags, done, req);
-
- gfp = req->base.flags & CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL :
- GFP_ATOMIC;
- rctx->ext = NULL;
-
- subreq->cryptlen = XTS_BUFFER_SIZE;
- if (req->cryptlen > XTS_BUFFER_SIZE) {
- unsigned int n = min(req->cryptlen, (unsigned int)PAGE_SIZE);
-
- rctx->ext = kmalloc(n, gfp);
- if (rctx->ext)
- subreq->cryptlen = n;
- }
-
- rctx->src = req->src;
- rctx->dst = req->dst;
- rctx->left = req->cryptlen;
+ skcipher_request_set_callback(subreq, req->base.flags, compl, req);
+ skcipher_request_set_crypt(subreq, req->dst, req->dst,
+ req->cryptlen & ~(XTS_BLOCK_SIZE - 1), NULL);
/* calculate first value of T */
crypto_cipher_encrypt_one(ctx->tweak, (u8 *)&rctx->t, req->iv);
@@ -247,114 +258,38 @@
return 0;
}
-static void exit_crypt(struct skcipher_request *req)
-{
- struct rctx *rctx = skcipher_request_ctx(req);
-
- rctx->left = 0;
-
- if (rctx->ext)
- kzfree(rctx->ext);
-}
-
-static int do_encrypt(struct skcipher_request *req, int err)
-{
- struct rctx *rctx = skcipher_request_ctx(req);
- struct skcipher_request *subreq;
-
- subreq = &rctx->subreq;
-
- while (!err && rctx->left) {
- err = pre_crypt(req) ?:
- crypto_skcipher_encrypt(subreq) ?:
- post_crypt(req);
-
- if (err == -EINPROGRESS || err == -EBUSY)
- return err;
- }
-
- exit_crypt(req);
- return err;
-}
-
-static void encrypt_done(struct crypto_async_request *areq, int err)
-{
- struct skcipher_request *req = areq->data;
- struct skcipher_request *subreq;
- struct rctx *rctx;
-
- rctx = skcipher_request_ctx(req);
-
- if (err == -EINPROGRESS) {
- if (rctx->left != req->cryptlen)
- return;
- goto out;
- }
-
- subreq = &rctx->subreq;
- subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
-
- err = do_encrypt(req, err ?: post_crypt(req));
- if (rctx->left)
- return;
-
-out:
- skcipher_request_complete(req, err);
-}
-
static int encrypt(struct skcipher_request *req)
{
- return do_encrypt(req, init_crypt(req, encrypt_done));
-}
-
-static int do_decrypt(struct skcipher_request *req, int err)
-{
struct rctx *rctx = skcipher_request_ctx(req);
- struct skcipher_request *subreq;
+ struct skcipher_request *subreq = &rctx->subreq;
+ int err;
- subreq = &rctx->subreq;
+ err = init_crypt(req, encrypt_done) ?:
+ xor_tweak_pre(req, true) ?:
+ crypto_skcipher_encrypt(subreq) ?:
+ xor_tweak_post(req, true);
- while (!err && rctx->left) {
- err = pre_crypt(req) ?:
- crypto_skcipher_decrypt(subreq) ?:
- post_crypt(req);
+ if (err || likely((req->cryptlen % XTS_BLOCK_SIZE) == 0))
+ return err;
- if (err == -EINPROGRESS || err == -EBUSY)
- return err;
- }
-
- exit_crypt(req);
- return err;
-}
-
-static void decrypt_done(struct crypto_async_request *areq, int err)
-{
- struct skcipher_request *req = areq->data;
- struct skcipher_request *subreq;
- struct rctx *rctx;
-
- rctx = skcipher_request_ctx(req);
-
- if (err == -EINPROGRESS) {
- if (rctx->left != req->cryptlen)
- return;
- goto out;
- }
-
- subreq = &rctx->subreq;
- subreq->base.flags &= CRYPTO_TFM_REQ_MAY_BACKLOG;
-
- err = do_decrypt(req, err ?: post_crypt(req));
- if (rctx->left)
- return;
-
-out:
- skcipher_request_complete(req, err);
+ return cts_final(req, crypto_skcipher_encrypt);
}
static int decrypt(struct skcipher_request *req)
{
- return do_decrypt(req, init_crypt(req, decrypt_done));
+ struct rctx *rctx = skcipher_request_ctx(req);
+ struct skcipher_request *subreq = &rctx->subreq;
+ int err;
+
+ err = init_crypt(req, decrypt_done) ?:
+ xor_tweak_pre(req, false) ?:
+ crypto_skcipher_decrypt(subreq) ?:
+ xor_tweak_post(req, false);
+
+ if (err || likely((req->cryptlen % XTS_BLOCK_SIZE) == 0))
+ return err;
+
+ return cts_final(req, crypto_skcipher_decrypt);
}
static int init_tfm(struct crypto_skcipher *tfm)
@@ -536,7 +471,7 @@
crypto_unregister_template(&crypto_tmpl);
}
-module_init(crypto_module_init);
+subsys_initcall(crypto_module_init);
module_exit(crypto_module_exit);
MODULE_LICENSE("GPL");
diff --git a/crypto/xxhash_generic.c b/crypto/xxhash_generic.c
new file mode 100644
index 0000000..4aad2c0
--- /dev/null
+++ b/crypto/xxhash_generic.c
@@ -0,0 +1,108 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <crypto/internal/hash.h>
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/xxhash.h>
+#include <asm/unaligned.h>
+
+#define XXHASH64_BLOCK_SIZE 32
+#define XXHASH64_DIGEST_SIZE 8
+
+struct xxhash64_tfm_ctx {
+ u64 seed;
+};
+
+struct xxhash64_desc_ctx {
+ struct xxh64_state xxhstate;
+};
+
+static int xxhash64_setkey(struct crypto_shash *tfm, const u8 *key,
+ unsigned int keylen)
+{
+ struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(tfm);
+
+ if (keylen != sizeof(tctx->seed)) {
+ crypto_shash_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ return -EINVAL;
+ }
+ tctx->seed = get_unaligned_le64(key);
+ return 0;
+}
+
+static int xxhash64_init(struct shash_desc *desc)
+{
+ struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
+ struct xxhash64_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ xxh64_reset(&dctx->xxhstate, tctx->seed);
+
+ return 0;
+}
+
+static int xxhash64_update(struct shash_desc *desc, const u8 *data,
+ unsigned int length)
+{
+ struct xxhash64_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ xxh64_update(&dctx->xxhstate, data, length);
+
+ return 0;
+}
+
+static int xxhash64_final(struct shash_desc *desc, u8 *out)
+{
+ struct xxhash64_desc_ctx *dctx = shash_desc_ctx(desc);
+
+ put_unaligned_le64(xxh64_digest(&dctx->xxhstate), out);
+
+ return 0;
+}
+
+static int xxhash64_digest(struct shash_desc *desc, const u8 *data,
+ unsigned int length, u8 *out)
+{
+ struct xxhash64_tfm_ctx *tctx = crypto_shash_ctx(desc->tfm);
+
+ put_unaligned_le64(xxh64(data, length, tctx->seed), out);
+
+ return 0;
+}
+
+static struct shash_alg alg = {
+ .digestsize = XXHASH64_DIGEST_SIZE,
+ .setkey = xxhash64_setkey,
+ .init = xxhash64_init,
+ .update = xxhash64_update,
+ .final = xxhash64_final,
+ .digest = xxhash64_digest,
+ .descsize = sizeof(struct xxhash64_desc_ctx),
+ .base = {
+ .cra_name = "xxhash64",
+ .cra_driver_name = "xxhash64-generic",
+ .cra_priority = 100,
+ .cra_flags = CRYPTO_ALG_OPTIONAL_KEY,
+ .cra_blocksize = XXHASH64_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct xxhash64_tfm_ctx),
+ .cra_module = THIS_MODULE,
+ }
+};
+
+static int __init xxhash_mod_init(void)
+{
+ return crypto_register_shash(&alg);
+}
+
+static void __exit xxhash_mod_fini(void)
+{
+ crypto_unregister_shash(&alg);
+}
+
+subsys_initcall(xxhash_mod_init);
+module_exit(xxhash_mod_fini);
+
+MODULE_AUTHOR("Nikolay Borisov <nborisov@suse.com>");
+MODULE_DESCRIPTION("xxhash calculations wrapper for lib/xxhash.c");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS_CRYPTO("xxhash64");
+MODULE_ALIAS_CRYPTO("xxhash64-generic");
diff --git a/crypto/zstd.c b/crypto/zstd.c
index 9a76b3e..5a3ff25 100644
--- a/crypto/zstd.c
+++ b/crypto/zstd.c
@@ -1,16 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0-only
/*
* Cryptographic API.
*
* Copyright (c) 2017-present, Facebook, Inc.
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 as published by
- * the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
*/
#include <linux/crypto.h>
#include <linux/init.h>
@@ -214,6 +206,7 @@
static struct crypto_alg alg = {
.cra_name = "zstd",
+ .cra_driver_name = "zstd-generic",
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
.cra_ctxsize = sizeof(struct zstd_ctx),
.cra_module = THIS_MODULE,
@@ -257,7 +250,7 @@
crypto_unregister_scomp(&scomp);
}
-module_init(zstd_mod_init);
+subsys_initcall(zstd_mod_init);
module_exit(zstd_mod_fini);
MODULE_LICENSE("GPL");