blob: 27720140820ef4e9f758bed25f40899ada6adabf [file] [log] [blame]
Thomas Gleixner2874c5f2019-05-27 08:55:01 +02001// SPDX-License-Identifier: GPL-2.0-or-later
Hye-Shik Change2ee95b2007-08-21 20:01:03 +08002/*
3 * Cryptographic API.
4 *
5 * SEED Cipher Algorithm.
6 *
Hye-Shik Change2ee95b2007-08-21 20:01:03 +08007 * Documentation of SEED can be found in RFC 4269.
8 * Copyright (C) 2007 Korea Information Security Agency (KISA).
9 */
10
11#include <linux/module.h>
12#include <linux/init.h>
13#include <linux/types.h>
14#include <linux/errno.h>
15#include <linux/crypto.h>
16#include <asm/byteorder.h>
17
18#define SEED_NUM_KCONSTANTS 16
19#define SEED_KEY_SIZE 16
20#define SEED_BLOCK_SIZE 16
21#define SEED_KEYSCHED_LEN 32
22
23/*
24 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
25 */
26static inline u8
27byte(const u32 x, const unsigned n)
28{
29 return x >> (n << 3);
30}
31
32struct seed_ctx {
33 u32 keysched[SEED_KEYSCHED_LEN];
34};
35
36static const u32 SS0[256] = {
37 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
38 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
39 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
40 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
41 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
42 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
43 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
44 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
45 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
46 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
47 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
48 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
49 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
50 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
51 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
52 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
53 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
54 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
55 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
56 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
57 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
58 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
59 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
60 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
61 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
62 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
63 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
64 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
65 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
66 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
67 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
68 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
69 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
70 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
71 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
72 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
73 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
74 0x36063234, 0x15051114, 0x22022220, 0x38083038,
75 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
76 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
77 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
78 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
79 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
80 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
81 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
82 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
83 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
84 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
85 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
86 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
87 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
88 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
89 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
90 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
91 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
92 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
93 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
94 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
95 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
96 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
97 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
98 0x22426260, 0x29092128, 0x07070304, 0x33033330,
99 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
100 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
101};
102
103static const u32 SS1[256] = {
104 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
105 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
106 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
107 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
108 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
109 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
110 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
111 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
112 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
113 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
114 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
115 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
116 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
117 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
118 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
119 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
120 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
121 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
122 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
123 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
124 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
125 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
126 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
127 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
128 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
129 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
130 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
131 0x20220222, 0x04040400, 0x68284860, 0x70314171,
132 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
133 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
134 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
135 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
136 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
137 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
138 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
139 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
140 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
141 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
142 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
143 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
144 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
145 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
146 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
147 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
148 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
149 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
150 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
151 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
152 0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
153 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
154 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
155 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
156 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
157 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
158 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
159 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
160 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
161 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
162 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
163 0x30320232, 0x84048480, 0x68294961, 0x90138393,
164 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
165 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
166 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
167 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
168};
169
170static const u32 SS2[256] = {
171 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
172 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
173 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
174 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
175 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
176 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
177 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
178 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
179 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
180 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
181 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
182 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
183 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
184 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
185 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
186 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
187 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
188 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
189 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
190 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
191 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
192 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
193 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
194 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
195 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
196 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
197 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
198 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
199 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
200 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
201 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
202 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
203 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
204 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
205 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
206 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
207 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
208 0x32343606, 0x11141505, 0x22202202, 0x30383808,
209 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
210 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
211 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
212 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
213 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
214 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
215 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
216 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
217 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
218 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
219 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
220 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
221 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
222 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
223 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
224 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
225 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
226 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
227 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
228 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
229 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
230 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
231 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
232 0x62602242, 0x21282909, 0x03040707, 0x33303303,
233 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
234 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
235};
236
237static const u32 SS3[256] = {
238 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
239 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
240 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
241 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
242 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
243 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
244 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
245 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
246 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
247 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
248 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
249 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
250 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
251 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
252 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
253 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
254 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
255 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
256 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
257 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
258 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
259 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
260 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
261 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
262 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
263 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
264 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
265 0x02222022, 0x04000404, 0x48606828, 0x41717031,
266 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
267 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
268 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
269 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
270 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
271 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
272 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
273 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
274 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
275 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
276 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
277 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
278 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
279 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
280 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
281 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
282 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
283 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
284 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
285 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
286 0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
287 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
288 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
289 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
290 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
291 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
292 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
293 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
294 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
295 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
296 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
297 0x02323032, 0x84808404, 0x49616829, 0x83939013,
298 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
299 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
300 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
301 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
302};
303
304static const u32 KC[SEED_NUM_KCONSTANTS] = {
305 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
306 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
307 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
308 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
309};
310
311#define OP(X1, X2, X3, X4, rbase) \
312 t0 = X3 ^ ks[rbase]; \
313 t1 = X4 ^ ks[rbase+1]; \
314 t1 ^= t0; \
315 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
316 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
317 t0 += t1; \
318 t0 = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^ \
319 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)]; \
320 t1 += t0; \
321 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
322 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
323 t0 += t1; \
324 X1 ^= t0; \
Tom Rix1069e972020-11-27 08:23:45 -0800325 X2 ^= t1
Hye-Shik Change2ee95b2007-08-21 20:01:03 +0800326
327static int seed_set_key(struct crypto_tfm *tfm, const u8 *in_key,
328 unsigned int key_len)
329{
330 struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
331 u32 *keyout = ctx->keysched;
332 const __be32 *key = (const __be32 *)in_key;
333 u32 i, t0, t1, x1, x2, x3, x4;
334
335 x1 = be32_to_cpu(key[0]);
336 x2 = be32_to_cpu(key[1]);
337 x3 = be32_to_cpu(key[2]);
338 x4 = be32_to_cpu(key[3]);
339
340 for (i = 0; i < SEED_NUM_KCONSTANTS; i++) {
341 t0 = x1 + x3 - KC[i];
342 t1 = x2 + KC[i] - x4;
343 *(keyout++) = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^
344 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)];
345 *(keyout++) = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^
346 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];
347
348 if (i % 2 == 0) {
349 t0 = x1;
350 x1 = (x1 >> 8) ^ (x2 << 24);
351 x2 = (x2 >> 8) ^ (t0 << 24);
352 } else {
353 t0 = x3;
354 x3 = (x3 << 8) ^ (x4 >> 24);
355 x4 = (x4 << 8) ^ (t0 >> 24);
356 }
357 }
358
359 return 0;
360}
361
362/* encrypt a block of text */
363
364static void seed_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
365{
366 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
367 const __be32 *src = (const __be32 *)in;
368 __be32 *dst = (__be32 *)out;
369 u32 x1, x2, x3, x4, t0, t1;
370 const u32 *ks = ctx->keysched;
371
372 x1 = be32_to_cpu(src[0]);
373 x2 = be32_to_cpu(src[1]);
374 x3 = be32_to_cpu(src[2]);
375 x4 = be32_to_cpu(src[3]);
376
377 OP(x1, x2, x3, x4, 0);
378 OP(x3, x4, x1, x2, 2);
379 OP(x1, x2, x3, x4, 4);
380 OP(x3, x4, x1, x2, 6);
381 OP(x1, x2, x3, x4, 8);
382 OP(x3, x4, x1, x2, 10);
383 OP(x1, x2, x3, x4, 12);
384 OP(x3, x4, x1, x2, 14);
385 OP(x1, x2, x3, x4, 16);
386 OP(x3, x4, x1, x2, 18);
387 OP(x1, x2, x3, x4, 20);
388 OP(x3, x4, x1, x2, 22);
389 OP(x1, x2, x3, x4, 24);
390 OP(x3, x4, x1, x2, 26);
391 OP(x1, x2, x3, x4, 28);
392 OP(x3, x4, x1, x2, 30);
393
394 dst[0] = cpu_to_be32(x3);
395 dst[1] = cpu_to_be32(x4);
396 dst[2] = cpu_to_be32(x1);
397 dst[3] = cpu_to_be32(x2);
398}
399
400/* decrypt a block of text */
401
402static void seed_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
403{
404 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
405 const __be32 *src = (const __be32 *)in;
406 __be32 *dst = (__be32 *)out;
407 u32 x1, x2, x3, x4, t0, t1;
408 const u32 *ks = ctx->keysched;
409
410 x1 = be32_to_cpu(src[0]);
411 x2 = be32_to_cpu(src[1]);
412 x3 = be32_to_cpu(src[2]);
413 x4 = be32_to_cpu(src[3]);
414
415 OP(x1, x2, x3, x4, 30);
416 OP(x3, x4, x1, x2, 28);
417 OP(x1, x2, x3, x4, 26);
418 OP(x3, x4, x1, x2, 24);
419 OP(x1, x2, x3, x4, 22);
420 OP(x3, x4, x1, x2, 20);
421 OP(x1, x2, x3, x4, 18);
422 OP(x3, x4, x1, x2, 16);
423 OP(x1, x2, x3, x4, 14);
424 OP(x3, x4, x1, x2, 12);
425 OP(x1, x2, x3, x4, 10);
426 OP(x3, x4, x1, x2, 8);
427 OP(x1, x2, x3, x4, 6);
428 OP(x3, x4, x1, x2, 4);
429 OP(x1, x2, x3, x4, 2);
430 OP(x3, x4, x1, x2, 0);
431
432 dst[0] = cpu_to_be32(x3);
433 dst[1] = cpu_to_be32(x4);
434 dst[2] = cpu_to_be32(x1);
435 dst[3] = cpu_to_be32(x2);
436}
437
438
439static struct crypto_alg seed_alg = {
440 .cra_name = "seed",
441 .cra_driver_name = "seed-generic",
442 .cra_priority = 100,
443 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
444 .cra_blocksize = SEED_BLOCK_SIZE,
445 .cra_ctxsize = sizeof(struct seed_ctx),
446 .cra_alignmask = 3,
447 .cra_module = THIS_MODULE,
Hye-Shik Change2ee95b2007-08-21 20:01:03 +0800448 .cra_u = {
449 .cipher = {
450 .cia_min_keysize = SEED_KEY_SIZE,
451 .cia_max_keysize = SEED_KEY_SIZE,
452 .cia_setkey = seed_set_key,
453 .cia_encrypt = seed_encrypt,
454 .cia_decrypt = seed_decrypt
455 }
456 }
457};
458
459static int __init seed_init(void)
460{
461 return crypto_register_alg(&seed_alg);
462}
463
464static void __exit seed_fini(void)
465{
466 crypto_unregister_alg(&seed_alg);
467}
468
Eric Biggersc4741b22019-04-11 21:57:42 -0700469subsys_initcall(seed_init);
Hye-Shik Change2ee95b2007-08-21 20:01:03 +0800470module_exit(seed_fini);
471
472MODULE_DESCRIPTION("SEED Cipher Algorithm");
473MODULE_LICENSE("GPL");
474MODULE_AUTHOR("Hye-Shik Chang <perky@FreeBSD.org>, Kim Hyun <hkim@kisa.or.kr>");
Kees Cook5d26a102014-11-20 17:05:53 -0800475MODULE_ALIAS_CRYPTO("seed");