From e181a569d8e52d5a5c91cf2ddc3ebcfb81163887 Mon Sep 17 00:00:00 2001 From: Ioana Ciornei Date: Tue, 4 Dec 2018 11:20:27 +0000 Subject: soc: fsl: dpio: cleanup the cpu array on dpaa2_io_down The dpio_by_cpu array should not contain a reference to a freed dpaa2_io object. This patch adds the necessary cleanup in dpaa2_io_down. Signed-off-by: Ioana Ciornei Signed-off-by: Li Yang --- drivers/soc/fsl/dpio/dpio-service.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/soc/fsl/dpio/dpio-service.c b/drivers/soc/fsl/dpio/dpio-service.c index ec0837ff039a..ab046f241d32 100644 --- a/drivers/soc/fsl/dpio/dpio-service.c +++ b/drivers/soc/fsl/dpio/dpio-service.c @@ -160,6 +160,11 @@ struct dpaa2_io *dpaa2_io_create(const struct dpaa2_io_desc *desc) */ void dpaa2_io_down(struct dpaa2_io *d) { + spin_lock(&dpio_list_lock); + dpio_by_cpu[d->dpio_desc.cpu] = NULL; + list_del(&d->node); + spin_unlock(&dpio_list_lock); + kfree(d); } -- cgit From 991e873223e9bcfaf10a0074eec1507c1ddfb6ab Mon Sep 17 00:00:00 2001 From: Ioana Ciornei Date: Tue, 4 Dec 2018 11:20:29 +0000 Subject: soc: fsl: dpio: use a cpumask to identify which cpus are unused The current implementation of the dpio driver uses a static next_cpu variable to keep track of the index of the next cpu available. This approach does not handle well unbinding and binding dpio devices in a random order. For example, unbinding a dpio and then binding it again with the driver, will generate the below error: $ echo dpio.5 > /sys/bus/fsl-mc/drivers/fsl_mc_dpio/unbind $ echo dpio.5 > /sys/bus/fsl-mc/drivers/fsl_mc_dpio/bind [ 103.946380] fsl_mc_dpio dpio.5: probe failed. Number of DPIOs exceeds NR_CPUS. [ 103.955157] fsl_mc_dpio dpio.5: fsl_mc_driver_probe failed: -34 -bash: echo: write error: No such device Fix this error by keeping a global cpumask of unused cpus that will be updated at every dpaa2_dpio_[probe,remove]. Signed-off-by: Ioana Ciornei Signed-off-by: Li Yang --- drivers/soc/fsl/dpio/dpio-driver.c | 25 ++++++++++++++++--------- drivers/soc/fsl/dpio/dpio-service.c | 13 +++++++++++++ include/soc/fsl/dpaa2-io.h | 2 ++ 3 files changed, 31 insertions(+), 9 deletions(-) diff --git a/drivers/soc/fsl/dpio/dpio-driver.c b/drivers/soc/fsl/dpio/dpio-driver.c index e58fcc9096e8..832175cac739 100644 --- a/drivers/soc/fsl/dpio/dpio-driver.c +++ b/drivers/soc/fsl/dpio/dpio-driver.c @@ -30,6 +30,8 @@ struct dpio_priv { struct dpaa2_io *io; }; +static cpumask_var_t cpus_unused_mask; + static irqreturn_t dpio_irq_handler(int irq_num, void *arg) { struct device *dev = (struct device *)arg; @@ -86,7 +88,7 @@ static int dpaa2_dpio_probe(struct fsl_mc_device *dpio_dev) struct dpio_priv *priv; int err = -ENOMEM; struct device *dev = &dpio_dev->dev; - static int next_cpu = -1; + int possible_next_cpu; priv = devm_kzalloc(dev, sizeof(*priv), GFP_KERNEL); if (!priv) @@ -128,17 +130,14 @@ static int dpaa2_dpio_probe(struct fsl_mc_device *dpio_dev) desc.dpio_id = dpio_dev->obj_desc.id; /* get the cpu to use for the affinity hint */ - if (next_cpu == -1) - next_cpu = cpumask_first(cpu_online_mask); - else - next_cpu = cpumask_next(next_cpu, cpu_online_mask); - - if (!cpu_possible(next_cpu)) { + possible_next_cpu = cpumask_first(cpus_unused_mask); + if (possible_next_cpu >= nr_cpu_ids) { dev_err(dev, "probe failed. Number of DPIOs exceeds NR_CPUS.\n"); err = -ERANGE; goto err_allocate_irqs; } - desc.cpu = next_cpu; + desc.cpu = possible_next_cpu; + cpumask_clear_cpu(possible_next_cpu, cpus_unused_mask); /* * Set the CENA regs to be the cache inhibited area of the portal to @@ -211,7 +210,7 @@ static int dpaa2_dpio_remove(struct fsl_mc_device *dpio_dev) { struct device *dev; struct dpio_priv *priv; - int err; + int err = 0, cpu; dev = &dpio_dev->dev; priv = dev_get_drvdata(dev); @@ -220,6 +219,9 @@ static int dpaa2_dpio_remove(struct fsl_mc_device *dpio_dev) dpio_teardown_irqs(dpio_dev); + cpu = dpaa2_io_get_cpu(priv->io); + cpumask_set_cpu(cpu, cpus_unused_mask); + err = fsl_mc_portal_allocate(dpio_dev, 0, &dpio_dev->mc_io); if (err) { dev_err(dev, "MC portal allocation failed\n"); @@ -267,11 +269,16 @@ static struct fsl_mc_driver dpaa2_dpio_driver = { static int dpio_driver_init(void) { + if (!zalloc_cpumask_var(&cpus_unused_mask, GFP_KERNEL)) + return -ENOMEM; + cpumask_copy(cpus_unused_mask, cpu_online_mask); + return fsl_mc_driver_register(&dpaa2_dpio_driver); } static void dpio_driver_exit(void) { + free_cpumask_var(cpus_unused_mask); fsl_mc_driver_unregister(&dpaa2_dpio_driver); } module_init(dpio_driver_init); diff --git a/drivers/soc/fsl/dpio/dpio-service.c b/drivers/soc/fsl/dpio/dpio-service.c index ab046f241d32..c02bfb18a1f0 100644 --- a/drivers/soc/fsl/dpio/dpio-service.c +++ b/drivers/soc/fsl/dpio/dpio-service.c @@ -214,6 +214,19 @@ done: return IRQ_HANDLED; } +/** + * dpaa2_io_get_cpu() - get the cpu associated with a given DPIO object + * + * @d: the given DPIO object. + * + * Return the cpu associated with the DPIO object + */ +int dpaa2_io_get_cpu(struct dpaa2_io *d) +{ + return d->dpio_desc.cpu; +} +EXPORT_SYMBOL(dpaa2_io_get_cpu); + /** * dpaa2_io_service_register() - Prepare for servicing of FQDAN or CDAN * notifications on the given DPIO service. diff --git a/include/soc/fsl/dpaa2-io.h b/include/soc/fsl/dpaa2-io.h index 3fbd71c27ba3..243119c53cdf 100644 --- a/include/soc/fsl/dpaa2-io.h +++ b/include/soc/fsl/dpaa2-io.h @@ -90,6 +90,8 @@ struct dpaa2_io_notification_ctx { void *dpio_private; }; +int dpaa2_io_get_cpu(struct dpaa2_io *d); + int dpaa2_io_service_register(struct dpaa2_io *service, struct dpaa2_io_notification_ctx *ctx); void dpaa2_io_service_deregister(struct dpaa2_io *service, -- cgit From 5b3b9871cc28dbf827c41595d73595627434ff4d Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Thu, 10 Jan 2019 15:58:12 +0200 Subject: crypto: caam - move shared symbols in a common location MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are several issues with symbols shared b/w: -caam/jr and caam/qi drivers on one hand -caam/qi2 driver on the other hand Commit 52813ab24959 ("crypto: caam/qi2 - avoid double export") fixed some of them, however compilation still fails for CRYPTO_DEV_FSL_CAAM=m and CRYPTO_DEV_FSL_DPAA2_CAAM=y. Another issue is related to dependency cycles reported by depmod when CRYPTO_DEV_FSL_CAAM=n and CRYPTO_DEV_FSL_DPAA2_CAAM=m, as mentioned in 82c7b351be3f ("Revert "arm64: defconfig: Enable FSL_MC_BUS and FSL_MC_DPIO"") To fix all these, move the symbols shared by these drivers in a common location. The only existing possibility is error.c file (note that naming doesn't help and should probably change). Fixes: 52813ab24959 ("crypto: caam/qi2 - avoid double export") Reported-by: Arnd Bergmann Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg_qi2.c | 7 ------- drivers/crypto/caam/ctrl.c | 4 ---- drivers/crypto/caam/error.c | 6 ++++++ 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 425d5d974613..cc59814afd29 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -25,13 +25,6 @@ #define CAAM_MAX_KEY_SIZE (AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE + \ SHA512_DIGEST_SIZE * 2) -#if !IS_ENABLED(CONFIG_CRYPTO_DEV_FSL_CAAM) -bool caam_little_end; -EXPORT_SYMBOL(caam_little_end); -bool caam_imx; -EXPORT_SYMBOL(caam_imx); -#endif - /* * This is a a cache of buffers, from which the users of CAAM QI driver * can allocate short buffers. It's speedier than doing kmalloc on the hotpath. diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index 16bbc72f041a..14fb09223156 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c @@ -18,12 +18,8 @@ #include "desc_constr.h" #include "ctrl.h" -bool caam_little_end; -EXPORT_SYMBOL(caam_little_end); bool caam_dpaa2; EXPORT_SYMBOL(caam_dpaa2); -bool caam_imx; -EXPORT_SYMBOL(caam_imx); #ifdef CONFIG_CAAM_QI #include "qi.h" diff --git a/drivers/crypto/caam/error.c b/drivers/crypto/caam/error.c index 7e8d690f2827..21a70fd32f5d 100644 --- a/drivers/crypto/caam/error.c +++ b/drivers/crypto/caam/error.c @@ -50,6 +50,12 @@ void caam_dump_sg(const char *level, const char *prefix_str, int prefix_type, #endif /* DEBUG */ EXPORT_SYMBOL(caam_dump_sg); +bool caam_little_end; +EXPORT_SYMBOL(caam_little_end); + +bool caam_imx; +EXPORT_SYMBOL(caam_imx); + static const struct { u8 value; const char *error_text; -- cgit From bec9ba7f37631e794cbfaa4c2274074d631217a9 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 16 Dec 2018 19:12:18 -0800 Subject: crypto: cipher - remove struct cipher_desc 'struct cipher_desc' is unused. Remove it. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- include/linux/crypto.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/include/linux/crypto.h b/include/linux/crypto.h index 902ec171fc6d..c3c98a62e503 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -188,14 +188,6 @@ struct blkcipher_desc { u32 flags; }; -struct cipher_desc { - struct crypto_tfm *tfm; - void (*crfn)(struct crypto_tfm *tfm, u8 *dst, const u8 *src); - unsigned int (*prfn)(const struct cipher_desc *desc, u8 *dst, - const u8 *src, unsigned int nbytes); - void *info; -}; - /** * DOC: Block Cipher Algorithm Definitions * -- cgit From 8d555c528565ad7261f0ce27c0a808ec9377ad33 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Tue, 18 Dec 2018 02:26:14 +0000 Subject: crypto: chtls - remove set but not used variables 'err, adap, request, hws' Fixes gcc '-Wunused-but-set-variable' warning: drivers/crypto/chelsio/chtls/chtls_io.c: In function 'csk_wait_memory': drivers/crypto/chelsio/chtls/chtls_io.c:925:6: warning: variable 'sndbuf' set but not used [-Wunused-but-set-variable] drivers/crypto/chelsio/chtls/chtls_io.c: In function 'chtls_pt_recvmsg': drivers/crypto/chelsio/chtls/chtls_io.c:1411:6: warning: variable 'request' set but not used [-Wunused-but-set-variable] drivers/crypto/chelsio/chtls/chtls_io.c:1407:18: warning: variable 'adap' set but not used [-Wunused-but-set-variable] drivers/crypto/chelsio/chtls/chtls_io.c: In function 'chtls_recvmsg': drivers/crypto/chelsio/chtls/chtls_io.c:1701:6: warning: variable 'request' set but not used [-Wunused-but-set-variable] drivers/crypto/chelsio/chtls/chtls_io.c:1697:20: warning: variable 'hws' set but not used [-Wunused-but-set-variable] Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chtls/chtls_io.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/drivers/crypto/chelsio/chtls/chtls_io.c b/drivers/crypto/chelsio/chtls/chtls_io.c index 18f553fcc167..1285a1bceda7 100644 --- a/drivers/crypto/chelsio/chtls/chtls_io.c +++ b/drivers/crypto/chelsio/chtls/chtls_io.c @@ -922,14 +922,13 @@ static int csk_wait_memory(struct chtls_dev *cdev, struct sock *sk, long *timeo_p) { DEFINE_WAIT_FUNC(wait, woken_wake_function); - int sndbuf, err = 0; + int err = 0; long current_timeo; long vm_wait = 0; bool noblock; current_timeo = *timeo_p; noblock = (*timeo_p ? false : true); - sndbuf = cdev->max_host_sndbuf; if (csk_mem_free(cdev, sk)) { current_timeo = (prandom_u32() % (HZ / 5)) + 2; vm_wait = (prandom_u32() % (HZ / 5)) + 2; @@ -1401,23 +1400,18 @@ static int chtls_pt_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, int nonblock, int flags, int *addr_len) { struct chtls_sock *csk = rcu_dereference_sk_user_data(sk); - struct net_device *dev = csk->egress_dev; struct chtls_hws *hws = &csk->tlshws; struct tcp_sock *tp = tcp_sk(sk); - struct adapter *adap; unsigned long avail; int buffers_freed; int copied = 0; - int request; int target; long timeo; - adap = netdev2adap(dev); buffers_freed = 0; timeo = sock_rcvtimeo(sk, nonblock); target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); - request = len; if (unlikely(csk_flag(sk, CSK_UPDATE_RCV_WND))) chtls_cleanup_rbuf(sk, copied); @@ -1694,11 +1688,9 @@ int chtls_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, { struct tcp_sock *tp = tcp_sk(sk); struct chtls_sock *csk; - struct chtls_hws *hws; unsigned long avail; /* amount of available data in current skb */ int buffers_freed; int copied = 0; - int request; long timeo; int target; /* Read at least this many bytes */ @@ -1718,7 +1710,6 @@ int chtls_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, lock_sock(sk); csk = rcu_dereference_sk_user_data(sk); - hws = &csk->tlshws; if (is_tls_rx(csk)) return chtls_pt_recvmsg(sk, msg, len, nonblock, @@ -1726,7 +1717,6 @@ int chtls_recvmsg(struct sock *sk, struct msghdr *msg, size_t len, timeo = sock_rcvtimeo(sk, nonblock); target = sock_rcvlowat(sk, flags & MSG_WAITALL, len); - request = len; if (unlikely(csk_flag(sk, CSK_UPDATE_RCV_WND))) chtls_cleanup_rbuf(sk, copied); -- cgit From fa5cd1c72e32bd4f9c52626d9a9a2b0ca635b3bc Mon Sep 17 00:00:00 2001 From: "Hook, Gary" Date: Tue, 18 Dec 2018 15:48:29 +0000 Subject: crypto: ccp - Update copyright notices and dates Correct copyright dates for files that have had code added to them in 2018. Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu --- drivers/crypto/ccp/ccp-crypto-aes-cmac.c | 2 +- drivers/crypto/ccp/ccp-crypto-sha.c | 2 +- drivers/crypto/ccp/ccp-ops.c | 2 +- drivers/crypto/ccp/psp-dev.c | 2 +- drivers/crypto/ccp/psp-dev.h | 2 +- drivers/crypto/ccp/sp-dev.c | 2 +- drivers/crypto/ccp/sp-dev.h | 2 +- drivers/crypto/ccp/sp-pci.c | 2 +- drivers/crypto/ccp/sp-platform.c | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c index 9108015e56cc..f6e252c1d6fb 100644 --- a/drivers/crypto/ccp/ccp-crypto-aes-cmac.c +++ b/drivers/crypto/ccp/ccp-crypto-aes-cmac.c @@ -1,7 +1,7 @@ /* * AMD Cryptographic Coprocessor (CCP) AES CMAC crypto API support * - * Copyright (C) 2013 Advanced Micro Devices, Inc. + * Copyright (C) 2013,2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * diff --git a/drivers/crypto/ccp/ccp-crypto-sha.c b/drivers/crypto/ccp/ccp-crypto-sha.c index 2ca64bb57d2e..10a61cd54fce 100644 --- a/drivers/crypto/ccp/ccp-crypto-sha.c +++ b/drivers/crypto/ccp/ccp-crypto-sha.c @@ -1,7 +1,7 @@ /* * AMD Cryptographic Coprocessor (CCP) SHA crypto API support * - * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. + * Copyright (C) 2013,2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * Author: Gary R Hook diff --git a/drivers/crypto/ccp/ccp-ops.c b/drivers/crypto/ccp/ccp-ops.c index 0ea43cdeb05f..267a367bd076 100644 --- a/drivers/crypto/ccp/ccp-ops.c +++ b/drivers/crypto/ccp/ccp-ops.c @@ -1,7 +1,7 @@ /* * AMD Cryptographic Coprocessor (CCP) driver * - * Copyright (C) 2013,2017 Advanced Micro Devices, Inc. + * Copyright (C) 2013,2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * Author: Gary R Hook diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index b16be8a11d92..66566547feff 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -1,7 +1,7 @@ /* * AMD Platform Security Processor (PSP) interface * - * Copyright (C) 2016-2017 Advanced Micro Devices, Inc. + * Copyright (C) 2016,2018 Advanced Micro Devices, Inc. * * Author: Brijesh Singh * diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h index 8b53a9674ecb..f5afeccf42a1 100644 --- a/drivers/crypto/ccp/psp-dev.h +++ b/drivers/crypto/ccp/psp-dev.h @@ -1,7 +1,7 @@ /* * AMD Platform Security Processor (PSP) interface driver * - * Copyright (C) 2017 Advanced Micro Devices, Inc. + * Copyright (C) 2017-2018 Advanced Micro Devices, Inc. * * Author: Brijesh Singh * diff --git a/drivers/crypto/ccp/sp-dev.c b/drivers/crypto/ccp/sp-dev.c index e0459002eb71..b2879767fc98 100644 --- a/drivers/crypto/ccp/sp-dev.c +++ b/drivers/crypto/ccp/sp-dev.c @@ -1,7 +1,7 @@ /* * AMD Secure Processor driver * - * Copyright (C) 2017 Advanced Micro Devices, Inc. + * Copyright (C) 2017-2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * Author: Gary R Hook diff --git a/drivers/crypto/ccp/sp-dev.h b/drivers/crypto/ccp/sp-dev.h index 14398cad1625..5b0790025db3 100644 --- a/drivers/crypto/ccp/sp-dev.h +++ b/drivers/crypto/ccp/sp-dev.h @@ -1,7 +1,7 @@ /* * AMD Secure Processor driver * - * Copyright (C) 2017 Advanced Micro Devices, Inc. + * Copyright (C) 2017-2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * Author: Gary R Hook diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c index 7da93e9bebed..6d730d3e3f6f 100644 --- a/drivers/crypto/ccp/sp-pci.c +++ b/drivers/crypto/ccp/sp-pci.c @@ -1,7 +1,7 @@ /* * AMD Secure Processor device driver * - * Copyright (C) 2013,2016 Advanced Micro Devices, Inc. + * Copyright (C) 2013,2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * Author: Gary R Hook diff --git a/drivers/crypto/ccp/sp-platform.c b/drivers/crypto/ccp/sp-platform.c index b75dc7db2d4a..d24228efbaaa 100644 --- a/drivers/crypto/ccp/sp-platform.c +++ b/drivers/crypto/ccp/sp-platform.c @@ -1,7 +1,7 @@ /* * AMD Secure Processor device driver * - * Copyright (C) 2014,2016 Advanced Micro Devices, Inc. + * Copyright (C) 2014,2018 Advanced Micro Devices, Inc. * * Author: Tom Lendacky * -- cgit From 0f103b37282f48e2221aca955985550b7eabc98b Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 21 Dec 2018 17:59:08 +0200 Subject: crypto: caam - fix error reporting for caam_hash_alloc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix error reporting when preparation of an hmac algorithm for registration fails: print the hmac algorithm name, not the unkeyed hash algorithm name. Signed-off-by: Iuliana Prodan Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index bb1a2cdf1951..17e86e4a6428 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -1873,7 +1873,8 @@ static int __init caam_algapi_hash_init(void) t_alg = caam_hash_alloc(alg, true); if (IS_ERR(t_alg)) { err = PTR_ERR(t_alg); - pr_warn("%s alg allocation failed\n", alg->driver_name); + pr_warn("%s alg allocation failed\n", + alg->hmac_driver_name); continue; } -- cgit From 9a2537d0ebc984bab4f3ff5012dacf42b0ac70a2 Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 21 Dec 2018 17:59:09 +0200 Subject: crypto: caam - create ahash shared descriptors only once MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For keyed hash algorithms, shared descriptors are currently generated twice: -at tfm initialization time, in cra_init() callback -in setkey() callback Since it's mandatory to call setkey() for keyed algorithms, drop the generation in cra_init(). Signed-off-by: Iuliana Prodan Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 17e86e4a6428..4b88af5bea26 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -1725,7 +1725,12 @@ static int caam_hash_cra_init(struct crypto_tfm *tfm) crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), sizeof(struct caam_hash_state)); - return ahash_set_sh_desc(ahash); + + /* + * For keyed hash algorithms shared descriptors + * will be created later in setkey() callback + */ + return alg->setkey ? 0 : ahash_set_sh_desc(ahash); } static void caam_hash_cra_exit(struct crypto_tfm *tfm) -- cgit From 12b8567f6fa489c098024fc75caba2f6b1390a92 Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 21 Dec 2018 17:59:10 +0200 Subject: crypto: caam - add support for xcbc(aes) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add xcbc(aes) offloading support. Due to xcbc algorithm design and HW implementation in CAAM, driver must still have some bytes to send to the crypto engine when ahash_final() is called - such that HW correctly uses either K2 or K3 for the last block. Signed-off-by: Iuliana Prodan Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 189 +++++++++++++++++++++++++++++++++--- drivers/crypto/caam/caamhash_desc.c | 58 ++++++++++- drivers/crypto/caam/caamhash_desc.h | 2 + 3 files changed, 232 insertions(+), 17 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 4b88af5bea26..6c379bef938e 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -98,13 +98,14 @@ struct caam_hash_ctx { u32 sh_desc_update_first[DESC_HASH_MAX_USED_LEN] ____cacheline_aligned; u32 sh_desc_fin[DESC_HASH_MAX_USED_LEN] ____cacheline_aligned; u32 sh_desc_digest[DESC_HASH_MAX_USED_LEN] ____cacheline_aligned; + u8 key[CAAM_MAX_HASH_KEY_SIZE] ____cacheline_aligned; dma_addr_t sh_desc_update_dma ____cacheline_aligned; dma_addr_t sh_desc_update_first_dma; dma_addr_t sh_desc_fin_dma; dma_addr_t sh_desc_digest_dma; + dma_addr_t key_dma; enum dma_data_direction dir; struct device *jrdev; - u8 key[CAAM_MAX_HASH_KEY_SIZE]; int ctx_len; struct alginfo adata; }; @@ -158,6 +159,12 @@ static inline int *alt_buflen(struct caam_hash_state *state) return state->current_buf ? &state->buflen_0 : &state->buflen_1; } +static inline bool is_xcbc_aes(u32 algtype) +{ + return (algtype & (OP_ALG_ALGSEL_MASK | OP_ALG_AAI_MASK)) == + (OP_ALG_ALGSEL_AES | OP_ALG_AAI_XCBC_MAC); +} + /* Common job descriptor seq in/out ptr routines */ /* Map state->caam_ctx, and append seq_out_ptr command that points to it */ @@ -292,6 +299,62 @@ static int ahash_set_sh_desc(struct crypto_ahash *ahash) return 0; } +static int axcbc_set_sh_desc(struct crypto_ahash *ahash) +{ + struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); + int digestsize = crypto_ahash_digestsize(ahash); + struct device *jrdev = ctx->jrdev; + u32 *desc; + + /* key is loaded from memory for UPDATE and FINALIZE states */ + ctx->adata.key_dma = ctx->key_dma; + + /* shared descriptor for ahash_update */ + desc = ctx->sh_desc_update; + cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_UPDATE, ctx->ctx_len, + ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_update_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("axcbc update shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), + 1); + + /* shared descriptor for ahash_{final,finup} */ + desc = ctx->sh_desc_fin; + cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_FINALIZE, digestsize, + ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_fin_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("axcbc finup shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), + 1); + + /* key is immediate data for INIT and INITFINAL states */ + ctx->adata.key_virt = ctx->key; + + /* shared descriptor for first invocation of ahash_update */ + desc = ctx->sh_desc_update_first; + cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_INIT, ctx->ctx_len, + ctx->ctx_len, ctx->key_dma); + dma_sync_single_for_device(jrdev, ctx->sh_desc_update_first_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("axcbc update first shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), + 1); + + /* shared descriptor for ahash_digest */ + desc = ctx->sh_desc_digest; + cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_INITFINAL, digestsize, + ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_digest_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("axcbc digest shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), + 1); + + return 0; +} + /* Digest hash size if it is too large */ static int hash_digest_key(struct caam_hash_ctx *ctx, const u8 *key_in, u32 *keylen, u8 *key_out, u32 digestsize) @@ -424,6 +487,21 @@ static int ahash_setkey(struct crypto_ahash *ahash, return -EINVAL; } +static int axcbc_setkey(struct crypto_ahash *ahash, const u8 *key, + unsigned int keylen) +{ + struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); + struct device *jrdev = ctx->jrdev; + + memcpy(ctx->key, key, keylen); + dma_sync_single_for_device(jrdev, ctx->key_dma, keylen, DMA_TO_DEVICE); + ctx->adata.keylen = keylen; + + print_hex_dump_debug("axcbc ctx.key@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, ctx->key, keylen, 1); + + return axcbc_set_sh_desc(ahash); +} /* * ahash_edesc - s/w-extended ahash descriptor * @dst_dma: physical mapped address of req->result @@ -688,6 +766,7 @@ static int ahash_update_ctx(struct ahash_request *req) u8 *buf = current_buf(state); int *buflen = current_buflen(state); u8 *next_buf = alt_buf(state); + int blocksize = crypto_ahash_blocksize(ahash); int *next_buflen = alt_buflen(state), last_buflen; int in_len = *buflen + req->nbytes, to_hash; u32 *desc; @@ -696,9 +775,19 @@ static int ahash_update_ctx(struct ahash_request *req) int ret = 0; last_buflen = *next_buflen; - *next_buflen = in_len & (crypto_tfm_alg_blocksize(&ahash->base) - 1); + *next_buflen = in_len & (blocksize - 1); to_hash = in_len - *next_buflen; + /* + * For XCBC, if to_hash is multiple of block size, + * keep last block in internal buffer + */ + if (is_xcbc_aes(ctx->adata.algtype) && to_hash >= blocksize && + (*next_buflen == 0)) { + *next_buflen = blocksize; + to_hash -= blocksize; + } + if (to_hash) { src_nents = sg_nents_for_len(req->src, req->nbytes - (*next_buflen)); @@ -1122,6 +1211,7 @@ static int ahash_update_no_ctx(struct ahash_request *req) GFP_KERNEL : GFP_ATOMIC; u8 *buf = current_buf(state); int *buflen = current_buflen(state); + int blocksize = crypto_ahash_blocksize(ahash); u8 *next_buf = alt_buf(state); int *next_buflen = alt_buflen(state); int in_len = *buflen + req->nbytes, to_hash; @@ -1130,9 +1220,19 @@ static int ahash_update_no_ctx(struct ahash_request *req) u32 *desc; int ret = 0; - *next_buflen = in_len & (crypto_tfm_alg_blocksize(&ahash->base) - 1); + *next_buflen = in_len & (blocksize - 1); to_hash = in_len - *next_buflen; + /* + * For XCBC, if to_hash is multiple of block size, + * keep last block in internal buffer + */ + if (is_xcbc_aes(ctx->adata.algtype) && to_hash >= blocksize && + (*next_buflen == 0)) { + *next_buflen = blocksize; + to_hash -= blocksize; + } + if (to_hash) { src_nents = sg_nents_for_len(req->src, req->nbytes - *next_buflen); @@ -1338,15 +1438,25 @@ static int ahash_update_first(struct ahash_request *req) u8 *next_buf = alt_buf(state); int *next_buflen = alt_buflen(state); int to_hash; + int blocksize = crypto_ahash_blocksize(ahash); u32 *desc; int src_nents, mapped_nents; struct ahash_edesc *edesc; int ret = 0; - *next_buflen = req->nbytes & (crypto_tfm_alg_blocksize(&ahash->base) - - 1); + *next_buflen = req->nbytes & (blocksize - 1); to_hash = req->nbytes - *next_buflen; + /* + * For XCBC, if to_hash is multiple of block size, + * keep last block in internal buffer + */ + if (is_xcbc_aes(ctx->adata.algtype) && to_hash >= blocksize && + (*next_buflen == 0)) { + *next_buflen = blocksize; + to_hash -= blocksize; + } + if (to_hash) { src_nents = sg_nents_for_len(req->src, req->nbytes - *next_buflen); @@ -1654,6 +1764,25 @@ static struct caam_hash_template driver_hash[] = { }, }, .alg_type = OP_ALG_ALGSEL_MD5, + }, { + .hmac_name = "xcbc(aes)", + .hmac_driver_name = "xcbc-aes-caam", + .blocksize = AES_BLOCK_SIZE, + .template_ahash = { + .init = ahash_init, + .update = ahash_update, + .final = ahash_final, + .finup = ahash_finup, + .digest = ahash_digest, + .export = ahash_export, + .import = ahash_import, + .setkey = axcbc_setkey, + .halg = { + .digestsize = AES_BLOCK_SIZE, + .statesize = sizeof(struct caam_export_state), + }, + }, + .alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XCBC_MAC, }, }; @@ -1695,7 +1824,28 @@ static int caam_hash_cra_init(struct crypto_tfm *tfm) } priv = dev_get_drvdata(ctx->jrdev->parent); - ctx->dir = priv->era >= 6 ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE; + + if (is_xcbc_aes(caam_hash->alg_type)) { + ctx->dir = DMA_TO_DEVICE; + ctx->adata.algtype = OP_TYPE_CLASS1_ALG | caam_hash->alg_type; + ctx->ctx_len = 48; + + ctx->key_dma = dma_map_single_attrs(ctx->jrdev, ctx->key, + ARRAY_SIZE(ctx->key), + DMA_BIDIRECTIONAL, + DMA_ATTR_SKIP_CPU_SYNC); + if (dma_mapping_error(ctx->jrdev, ctx->key_dma)) { + dev_err(ctx->jrdev, "unable to map key\n"); + caam_jr_free(ctx->jrdev); + return -ENOMEM; + } + } else { + ctx->dir = priv->era >= 6 ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE; + ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam_hash->alg_type; + ctx->ctx_len = runninglen[(ctx->adata.algtype & + OP_ALG_ALGSEL_SUBMASK) >> + OP_ALG_ALGSEL_SHIFT]; + } dma_addr = dma_map_single_attrs(ctx->jrdev, ctx->sh_desc_update, offsetof(struct caam_hash_ctx, @@ -1703,6 +1853,13 @@ static int caam_hash_cra_init(struct crypto_tfm *tfm) ctx->dir, DMA_ATTR_SKIP_CPU_SYNC); if (dma_mapping_error(ctx->jrdev, dma_addr)) { dev_err(ctx->jrdev, "unable to map shared descriptors\n"); + + if (is_xcbc_aes(caam_hash->alg_type)) + dma_unmap_single_attrs(ctx->jrdev, ctx->key_dma, + ARRAY_SIZE(ctx->key), + DMA_BIDIRECTIONAL, + DMA_ATTR_SKIP_CPU_SYNC); + caam_jr_free(ctx->jrdev); return -ENOMEM; } @@ -1716,13 +1873,6 @@ static int caam_hash_cra_init(struct crypto_tfm *tfm) ctx->sh_desc_digest_dma = dma_addr + offsetof(struct caam_hash_ctx, sh_desc_digest); - /* copy descriptor header template value */ - ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam_hash->alg_type; - - ctx->ctx_len = runninglen[(ctx->adata.algtype & - OP_ALG_ALGSEL_SUBMASK) >> - OP_ALG_ALGSEL_SHIFT]; - crypto_ahash_set_reqsize(__crypto_ahash_cast(tfm), sizeof(struct caam_hash_state)); @@ -1738,9 +1888,12 @@ static void caam_hash_cra_exit(struct crypto_tfm *tfm) struct caam_hash_ctx *ctx = crypto_tfm_ctx(tfm); dma_unmap_single_attrs(ctx->jrdev, ctx->sh_desc_update_dma, - offsetof(struct caam_hash_ctx, - sh_desc_update_dma), + offsetof(struct caam_hash_ctx, key), ctx->dir, DMA_ATTR_SKIP_CPU_SYNC); + if (is_xcbc_aes(ctx->adata.algtype)) + dma_unmap_single_attrs(ctx->jrdev, ctx->key_dma, + ARRAY_SIZE(ctx->key), DMA_BIDIRECTIONAL, + DMA_ATTR_SKIP_CPU_SYNC); caam_jr_free(ctx->jrdev); } @@ -1871,7 +2024,8 @@ static int __init caam_algapi_hash_init(void) struct caam_hash_template *alg = driver_hash + i; /* If MD size is not supported by device, skip registration */ - if (alg->template_ahash.halg.digestsize > md_limit) + if (is_mdha(alg->alg_type) && + alg->template_ahash.halg.digestsize > md_limit) continue; /* register hmac version */ @@ -1892,6 +2046,9 @@ static int __init caam_algapi_hash_init(void) } else list_add_tail(&t_alg->entry, &hash_list); + if ((alg->alg_type & OP_ALG_ALGSEL_MASK) == OP_ALG_ALGSEL_AES) + continue; + /* register unkeyed version */ t_alg = caam_hash_alloc(alg, false); if (IS_ERR(t_alg)) { diff --git a/drivers/crypto/caam/caamhash_desc.c b/drivers/crypto/caam/caamhash_desc.c index a12f7959a2c3..053d3a15ef3c 100644 --- a/drivers/crypto/caam/caamhash_desc.c +++ b/drivers/crypto/caam/caamhash_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for ahash algorithms * - * Copyright 2017 NXP + * Copyright 2017-2018 NXP */ #include "compat.h" @@ -75,6 +75,62 @@ void cnstr_shdsc_ahash(u32 * const desc, struct alginfo *adata, u32 state, } EXPORT_SYMBOL(cnstr_shdsc_ahash); +/** + * cnstr_shdsc_axcbc - axcbc shared descriptor + * @desc: pointer to buffer used for descriptor construction + * @adata: pointer to authentication transform definitions. + * @state: algorithm state OP_ALG_AS_{INIT, FINALIZE, INITFINALIZE, UPDATE} + * @digestsize: algorithm's digest size + * @ctx_len: size of Context Register + * @key_dma: I/O Virtual Address of the key + */ +void cnstr_shdsc_axcbc(u32 * const desc, struct alginfo *adata, u32 state, + int digestsize, int ctx_len, dma_addr_t key_dma) +{ + u32 *skip_key_load; + + init_sh_desc(desc, HDR_SHARE_SERIAL | HDR_SAVECTX); + + /* Skip loading of key, context if already shared */ + skip_key_load = append_jump(desc, JUMP_TEST_ALL | JUMP_COND_SHRD); + + if (state == OP_ALG_AS_INIT || state == OP_ALG_AS_INITFINAL) { + append_key_as_imm(desc, adata->key_virt, adata->keylen, + adata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); + } else { /* UPDATE, FINALIZE */ + /* Load K1 */ + append_key(desc, adata->key_dma, adata->keylen, + CLASS_1 | KEY_DEST_CLASS_REG | KEY_ENC); + /* Restore context */ + append_seq_load(desc, ctx_len, LDST_CLASS_1_CCB | + LDST_SRCDST_BYTE_CONTEXT); + } + + set_jump_tgt_here(desc, skip_key_load); + + /* Class 1 operation */ + append_operation(desc, adata->algtype | state | OP_ALG_ENCRYPT); + + /* + * Load from buf and/or src and write to req->result or state->context + * Calculate remaining bytes to read + */ + append_math_add(desc, VARSEQINLEN, SEQINLEN, REG0, CAAM_CMD_SZ); + + /* Read remaining bytes */ + append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLD_TYPE_LAST1 | + FIFOLD_TYPE_MSG | FIFOLDST_VLF); + + /* Save context (partial hash, K2, K3) */ + append_seq_store(desc, digestsize, LDST_CLASS_1_CCB | + LDST_SRCDST_BYTE_CONTEXT); + if (state == OP_ALG_AS_INIT) + /* Save K1 */ + append_fifo_store(desc, key_dma, adata->keylen, + LDST_CLASS_1_CCB | FIFOST_TYPE_KEY_KEK); +} +EXPORT_SYMBOL(cnstr_shdsc_axcbc); + MODULE_LICENSE("Dual BSD/GPL"); MODULE_DESCRIPTION("FSL CAAM ahash descriptors support"); MODULE_AUTHOR("NXP Semiconductors"); diff --git a/drivers/crypto/caam/caamhash_desc.h b/drivers/crypto/caam/caamhash_desc.h index 631fc1ac312c..cf4a437d4c02 100644 --- a/drivers/crypto/caam/caamhash_desc.h +++ b/drivers/crypto/caam/caamhash_desc.h @@ -18,4 +18,6 @@ void cnstr_shdsc_ahash(u32 * const desc, struct alginfo *adata, u32 state, int digestsize, int ctx_len, bool import_ctx, int era); +void cnstr_shdsc_axcbc(u32 * const desc, struct alginfo *adata, u32 state, + int digestsize, int ctx_len, dma_addr_t key_dma); #endif /* _CAAMHASH_DESC_H_ */ -- cgit From d072bfa4885354fff86aa1fb1dbc4f1533c9e0bf Mon Sep 17 00:00:00 2001 From: Christian Lamparter Date: Sun, 23 Dec 2018 02:16:13 +0100 Subject: crypto: crypto4xx - add prng crypto support This patch adds support for crypto4xx's ANSI X9.17 Annex C compliant pseudo random number generator which provides a pseudo random source for the purpose of generating Initialization Vectors (IV's) for AES algorithms to the Packet Engine and other pseudo random number requirements. Signed-off-by: Christian Lamparter Signed-off-by: Herbert Xu --- drivers/crypto/amcc/crypto4xx_core.c | 87 +++++++++++++++++++++++++++++++++ drivers/crypto/amcc/crypto4xx_core.h | 4 ++ drivers/crypto/amcc/crypto4xx_reg_def.h | 1 + 3 files changed, 92 insertions(+) diff --git a/drivers/crypto/amcc/crypto4xx_core.c b/drivers/crypto/amcc/crypto4xx_core.c index 63cb6956c948..f869e8cc4e0b 100644 --- a/drivers/crypto/amcc/crypto4xx_core.c +++ b/drivers/crypto/amcc/crypto4xx_core.c @@ -40,9 +40,11 @@ #include #include #include +#include #include #include #include +#include #include #include "crypto4xx_reg_def.h" #include "crypto4xx_core.h" @@ -1035,6 +1037,10 @@ static int crypto4xx_register_alg(struct crypto4xx_device *sec_dev, rc = crypto_register_ahash(&alg->alg.u.hash); break; + case CRYPTO_ALG_TYPE_RNG: + rc = crypto_register_rng(&alg->alg.u.rng); + break; + default: rc = crypto_register_skcipher(&alg->alg.u.cipher); break; @@ -1064,6 +1070,10 @@ static void crypto4xx_unregister_alg(struct crypto4xx_device *sec_dev) crypto_unregister_aead(&alg->alg.u.aead); break; + case CRYPTO_ALG_TYPE_RNG: + crypto_unregister_rng(&alg->alg.u.rng); + break; + default: crypto_unregister_skcipher(&alg->alg.u.cipher); } @@ -1122,6 +1132,69 @@ static irqreturn_t crypto4xx_ce_interrupt_handler_revb(int irq, void *data) PPC4XX_TMO_ERR_INT); } +static int ppc4xx_prng_data_read(struct crypto4xx_device *dev, + u8 *data, unsigned int max) +{ + unsigned int i, curr = 0; + u32 val[2]; + + do { + /* trigger PRN generation */ + writel(PPC4XX_PRNG_CTRL_AUTO_EN, + dev->ce_base + CRYPTO4XX_PRNG_CTRL); + + for (i = 0; i < 1024; i++) { + /* usually 19 iterations are enough */ + if ((readl(dev->ce_base + CRYPTO4XX_PRNG_STAT) & + CRYPTO4XX_PRNG_STAT_BUSY)) + continue; + + val[0] = readl_be(dev->ce_base + CRYPTO4XX_PRNG_RES_0); + val[1] = readl_be(dev->ce_base + CRYPTO4XX_PRNG_RES_1); + break; + } + if (i == 1024) + return -ETIMEDOUT; + + if ((max - curr) >= 8) { + memcpy(data, &val, 8); + data += 8; + curr += 8; + } else { + /* copy only remaining bytes */ + memcpy(data, &val, max - curr); + break; + } + } while (curr < max); + + return curr; +} + +static int crypto4xx_prng_generate(struct crypto_rng *tfm, + const u8 *src, unsigned int slen, + u8 *dstn, unsigned int dlen) +{ + struct rng_alg *alg = crypto_rng_alg(tfm); + struct crypto4xx_alg *amcc_alg; + struct crypto4xx_device *dev; + int ret; + + amcc_alg = container_of(alg, struct crypto4xx_alg, alg.u.rng); + dev = amcc_alg->dev; + + mutex_lock(&dev->core_dev->rng_lock); + ret = ppc4xx_prng_data_read(dev, dstn, dlen); + mutex_unlock(&dev->core_dev->rng_lock); + return ret; +} + + +static int crypto4xx_prng_seed(struct crypto_rng *tfm, const u8 *seed, + unsigned int slen) +{ + return 0; +} + /** * Supported Crypto Algorithms */ @@ -1291,6 +1364,18 @@ static struct crypto4xx_alg_common crypto4xx_alg[] = { .cra_module = THIS_MODULE, }, } }, + { .type = CRYPTO_ALG_TYPE_RNG, .u.rng = { + .base = { + .cra_name = "stdrng", + .cra_driver_name = "crypto4xx_rng", + .cra_priority = 300, + .cra_ctxsize = 0, + .cra_module = THIS_MODULE, + }, + .generate = crypto4xx_prng_generate, + .seed = crypto4xx_prng_seed, + .seedsize = 0, + } }, }; /** @@ -1360,6 +1445,7 @@ static int crypto4xx_probe(struct platform_device *ofdev) core_dev->dev->core_dev = core_dev; core_dev->dev->is_revb = is_revb; core_dev->device = dev; + mutex_init(&core_dev->rng_lock); spin_lock_init(&core_dev->lock); INIT_LIST_HEAD(&core_dev->dev->alg_list); ratelimit_default_init(&core_dev->dev->aead_ratelimit); @@ -1439,6 +1525,7 @@ static int crypto4xx_remove(struct platform_device *ofdev) tasklet_kill(&core_dev->tasklet); /* Un-register with Linux CryptoAPI */ crypto4xx_unregister_alg(core_dev->dev); + mutex_destroy(&core_dev->rng_lock); /* Free all allocated memory */ crypto4xx_stop_all(core_dev); diff --git a/drivers/crypto/amcc/crypto4xx_core.h b/drivers/crypto/amcc/crypto4xx_core.h index e2ca56722f07..18df695ca6b1 100644 --- a/drivers/crypto/amcc/crypto4xx_core.h +++ b/drivers/crypto/amcc/crypto4xx_core.h @@ -23,8 +23,10 @@ #define __CRYPTO4XX_CORE_H__ #include +#include #include #include +#include #include #include "crypto4xx_reg_def.h" #include "crypto4xx_sa.h" @@ -119,6 +121,7 @@ struct crypto4xx_core_device { u32 irq; struct tasklet_struct tasklet; spinlock_t lock; + struct mutex rng_lock; }; struct crypto4xx_ctx { @@ -143,6 +146,7 @@ struct crypto4xx_alg_common { struct skcipher_alg cipher; struct ahash_alg hash; struct aead_alg aead; + struct rng_alg rng; } u; }; diff --git a/drivers/crypto/amcc/crypto4xx_reg_def.h b/drivers/crypto/amcc/crypto4xx_reg_def.h index 472331787e04..80c67490bbf6 100644 --- a/drivers/crypto/amcc/crypto4xx_reg_def.h +++ b/drivers/crypto/amcc/crypto4xx_reg_def.h @@ -100,6 +100,7 @@ #define CRYPTO4XX_ENDIAN_CFG 0x000600d8 #define CRYPTO4XX_PRNG_STAT 0x00070000 +#define CRYPTO4XX_PRNG_STAT_BUSY 0x1 #define CRYPTO4XX_PRNG_CTRL 0x00070004 #define CRYPTO4XX_PRNG_SEED_L 0x00070008 #define CRYPTO4XX_PRNG_SEED_H 0x0007000c -- cgit From be8a54d367bfef7a5b354975f878441383ce9993 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Fri, 28 Dec 2018 06:10:33 +0000 Subject: crypto: ux500 - catch dma submission error Test cookie return by dmaengine_submit() and return error if any. Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- drivers/crypto/ux500/cryp/cryp_core.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/crypto/ux500/cryp/cryp_core.c b/drivers/crypto/ux500/cryp/cryp_core.c index a92a66b1ff46..db94f89d8d11 100644 --- a/drivers/crypto/ux500/cryp/cryp_core.c +++ b/drivers/crypto/ux500/cryp/cryp_core.c @@ -595,6 +595,12 @@ static int cryp_set_dma_transfer(struct cryp_ctx *ctx, } cookie = dmaengine_submit(desc); + if (dma_submit_error(cookie)) { + dev_dbg(ctx->device->dev, "[%s]: DMA submission failed\n", + __func__); + return cookie; + } + dma_async_issue_pending(channel); return 0; -- cgit From 66af86d93ce32ff5b262ace9a6696873cc1bdb3e Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Fri, 28 Dec 2018 14:41:00 +0800 Subject: crypto: chelsio - check set_msg_len overflow in generate_b0 set_msg_len may fails with -EOVERFLOW, It should be propagate to upstream. Fixes: 2debd3325e55 ("crypto: chcr - Add AEAD algos.") Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_algo.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index bcef76508dfa..bdbdce9fdf25 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -2762,7 +2762,7 @@ static int set_msg_len(u8 *block, unsigned int msglen, int csize) return 0; } -static void generate_b0(struct aead_request *req, u8 *ivptr, +static int generate_b0(struct aead_request *req, u8 *ivptr, unsigned short op_type) { unsigned int l, lp, m; @@ -2787,6 +2787,8 @@ static void generate_b0(struct aead_request *req, u8 *ivptr, rc = set_msg_len(b0 + 16 - l, (op_type == CHCR_DECRYPT_OP) ? req->cryptlen - m : req->cryptlen, l); + + return rc; } static inline int crypto_ccm_check_iv(const u8 *iv) @@ -2821,7 +2823,7 @@ static int ccm_format_packet(struct aead_request *req, *((unsigned short *)(reqctx->scratch_pad + 16)) = htons(assoclen); - generate_b0(req, ivptr, op_type); + rc = generate_b0(req, ivptr, op_type); /* zero the ctr value */ memset(ivptr + 15 - ivptr[0], 0, ivptr[0] + 1); return rc; -- cgit From e12468241b19653d87534f3ff0778f1ad4668f5e Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Fri, 28 Dec 2018 06:53:53 +0000 Subject: crypto: chelsio - remove set but not used variables 'adap' Fixes gcc '-Wunused-but-set-variable' warning: drivers/crypto/chelsio/chcr_algo.c: In function 'chcr_device_init': drivers/crypto/chelsio/chcr_algo.c:1371:18: warning: variable 'adap' set but not used [-Wunused-but-set-variable] It not used since commit a1c6fd4308d3 ("crypto: chelsio - Update ntx queue received from cxgb4") Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_algo.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index bdbdce9fdf25..adc1b3069d60 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -1368,7 +1368,6 @@ static int chcr_aes_decrypt(struct ablkcipher_request *req) static int chcr_device_init(struct chcr_context *ctx) { struct uld_ctx *u_ctx = NULL; - struct adapter *adap; unsigned int id; int txq_perchan, txq_idx, ntxq; int err = 0, rxq_perchan, rxq_idx; @@ -1382,7 +1381,6 @@ static int chcr_device_init(struct chcr_context *ctx) goto out; } ctx->dev = &u_ctx->dev; - adap = padap(ctx->dev); ntxq = u_ctx->lldi.ntxq; rxq_perchan = u_ctx->lldi.nrxq / u_ctx->lldi.nchan; txq_perchan = ntxq / u_ctx->lldi.nchan; -- cgit From af8cb01f1e435fc8ba9555afe0c2ce8a2b3cf9c5 Mon Sep 17 00:00:00 2001 From: haco Date: Fri, 28 Dec 2018 10:09:40 +0000 Subject: crypto: Kconfig - Fix typo in "pclmul" Fix typo "plcmul" to "pclmul" Signed-off-by: Huaxuan Mao Signed-off-by: Herbert Xu --- crypto/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index 9511144ac7b5..86960aa53e0f 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -642,7 +642,7 @@ config CRYPTO_CRC32_PCLMUL From Intel Westmere and AMD Bulldozer processor with SSE4.2 and PCLMULQDQ supported, the processor will support CRC32 PCLMULQDQ implementation using hardware accelerated PCLMULQDQ - instruction. This option will create 'crc32-plcmul' module, + instruction. This option will create 'crc32-pclmul' module, which will enable any routine to use the CRC-32-IEEE 802.3 checksum and gain better performance as compared with the table implementation. @@ -671,7 +671,7 @@ config CRYPTO_CRCT10DIF_PCLMUL For x86_64 processors with SSE4.2 and PCLMULQDQ supported, CRC T10 DIF PCLMULQDQ computation can be hardware accelerated PCLMULQDQ instruction. This option will create - 'crct10dif-plcmul' module, which is faster when computing the + 'crct10dif-pclmul' module, which is faster when computing the crct10dif checksum as compared with the generic table implementation. config CRYPTO_CRCT10DIF_VPMSUM -- cgit From 1bb64d867cfe84cc3c255d8fdeff0b4d86341519 Mon Sep 17 00:00:00 2001 From: Colin Ian King Date: Sun, 30 Dec 2018 13:46:21 +0000 Subject: crypto: virtio - clean up indentation, replace spaces with tab A statement is indented with spaces and not indented enough, fix this replacing spaces with a tab. Signed-off-by: Colin Ian King Signed-off-by: Herbert Xu --- drivers/crypto/virtio/virtio_crypto_algs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/virtio/virtio_crypto_algs.c b/drivers/crypto/virtio/virtio_crypto_algs.c index 2c573d1aaa64..0704833ece92 100644 --- a/drivers/crypto/virtio/virtio_crypto_algs.c +++ b/drivers/crypto/virtio/virtio_crypto_algs.c @@ -406,7 +406,7 @@ __virtio_crypto_ablkcipher_do_req(struct virtio_crypto_sym_request *vc_sym_req, } else { req_data->header.session_id = cpu_to_le64(ctx->dec_sess_info.session_id); - req_data->header.opcode = + req_data->header.opcode = cpu_to_le32(VIRTIO_CRYPTO_CIPHER_DECRYPT); } req_data->u.sym_req.op_type = cpu_to_le32(VIRTIO_CRYPTO_SYM_OP_CIPHER); -- cgit From 394a9e044702e6a8958a5e89d2a291605a587a2a Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:10 -0800 Subject: crypto: cfb - add missing 'chunksize' property Like some other block cipher mode implementations, the CFB implementation assumes that while walking through the scatterlist, a partial block does not occur until the end. But the walk is incorrectly being done with a blocksize of 1, as 'cra_blocksize' is set to 1 (since CFB is a stream cipher) but no 'chunksize' is set. This bug causes incorrect encryption/decryption for some scatterlist layouts. Fix it by setting the 'chunksize'. Also extend the CFB test vectors to cover this bug as well as cases where the message length is not a multiple of the block size. Fixes: a7d85e06ed80 ("crypto: cfb - add support for Cipher FeedBack mode") Cc: # v4.17+ Cc: James Bottomley Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cfb.c | 6 ++++++ crypto/testmgr.h | 25 +++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/crypto/cfb.c b/crypto/cfb.c index e81e45673498..183e8a9c3312 100644 --- a/crypto/cfb.c +++ b/crypto/cfb.c @@ -298,6 +298,12 @@ static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb) inst->alg.base.cra_blocksize = 1; inst->alg.base.cra_alignmask = alg->cra_alignmask; + /* + * To simplify the implementation, configure the skcipher walk to only + * give a partial block at the very end, never earlier. + */ + inst->alg.chunksize = alg->cra_blocksize; + inst->alg.ivsize = alg->cra_blocksize; inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; diff --git a/crypto/testmgr.h b/crypto/testmgr.h index e8f47d7b92cd..7f4dae7a57a1 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -12870,6 +12870,31 @@ static const struct cipher_testvec aes_cfb_tv_template[] = { "\x75\xa3\x85\x74\x1a\xb9\xce\xf8" "\x20\x31\x62\x3d\x55\xb1\xe4\x71", .len = 64, + .also_non_np = 1, + .np = 2, + .tap = { 31, 33 }, + }, { /* > 16 bytes, not a multiple of 16 bytes */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae", + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" + "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" + "\xc8", + .len = 17, + }, { /* < 16 bytes */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f", + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad", + .len = 7, }, }; -- cgit From 6c2e322b3621dc8be72e5c86d4fdb587434ba625 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:11 -0800 Subject: crypto: cfb - remove bogus memcpy() with src == dest The memcpy() in crypto_cfb_decrypt_inplace() uses walk->iv as both the source and destination, which has undefined behavior. It is unneeded because walk->iv is already used to hold the previous ciphertext block; thus, walk->iv is already updated to its final value. So, remove it. Also, note that in-place decryption is the only case where the previous ciphertext block is not directly available. Therefore, as a related cleanup I also updated crypto_cfb_encrypt_segment() to directly use the previous ciphertext block rather than save it into walk->iv. This makes it consistent with in-place encryption and out-of-place decryption; now only in-place decryption is different, because it has to be. Fixes: a7d85e06ed80 ("crypto: cfb - add support for Cipher FeedBack mode") Cc: # v4.17+ Cc: James Bottomley Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cfb.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/cfb.c b/crypto/cfb.c index 183e8a9c3312..4abfe32ff845 100644 --- a/crypto/cfb.c +++ b/crypto/cfb.c @@ -77,12 +77,14 @@ static int crypto_cfb_encrypt_segment(struct skcipher_walk *walk, do { crypto_cfb_encrypt_one(tfm, iv, dst); crypto_xor(dst, src, bsize); - memcpy(iv, dst, bsize); + iv = dst; src += bsize; dst += bsize; } while ((nbytes -= bsize) >= bsize); + memcpy(walk->iv, iv, bsize); + return nbytes; } @@ -162,7 +164,7 @@ static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk, const unsigned int bsize = crypto_cfb_bsize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmp[MAX_CIPHER_BLOCKSIZE]; do { @@ -172,8 +174,6 @@ static int crypto_cfb_decrypt_inplace(struct skcipher_walk *walk, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } -- cgit From b3e3e2db7de4a1ffe8845876c3520b866cd48de1 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:12 -0800 Subject: crypto: ofb - fix handling partial blocks and make thread-safe Fix multiple bugs in the OFB implementation: 1. It stored the per-request state 'cnt' in the tfm context, which can be used by multiple threads concurrently (e.g. via AF_ALG). 2. It didn't support messages not a multiple of the block cipher size, despite being a stream cipher. 3. It didn't set cra_blocksize to 1 to indicate it is a stream cipher. To fix these, set the 'chunksize' property to the cipher block size to guarantee that when walking through the scatterlist, a partial block can only occur at the end. Then change the implementation to XOR a block at a time at first, then XOR the partial block at the end if needed. This is the same way CTR and CFB are implemented. As a bonus, this also improves performance in most cases over the current approach. Fixes: e497c51896b3 ("crypto: ofb - add output feedback mode") Cc: # v4.20+ Cc: Gilad Ben-Yossef Signed-off-by: Eric Biggers Reviewed-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- crypto/ofb.c | 91 +++++++++++++++++++++++--------------------------------- crypto/testmgr.h | 28 +++++++++++++++-- 2 files changed, 63 insertions(+), 56 deletions(-) diff --git a/crypto/ofb.c b/crypto/ofb.c index 886631708c5e..cab0b80953fe 100644 --- a/crypto/ofb.c +++ b/crypto/ofb.c @@ -5,9 +5,6 @@ * * Copyright (C) 2018 ARM Limited or its affiliates. * All rights reserved. - * - * Based loosely on public domain code gleaned from libtomcrypt - * (https://github.com/libtom/libtomcrypt). */ #include @@ -21,7 +18,6 @@ struct crypto_ofb_ctx { struct crypto_cipher *child; - int cnt; }; @@ -41,58 +37,40 @@ static int crypto_ofb_setkey(struct crypto_skcipher *parent, const u8 *key, return err; } -static int crypto_ofb_encrypt_segment(struct crypto_ofb_ctx *ctx, - struct skcipher_walk *walk, - struct crypto_cipher *tfm) +static int crypto_ofb_crypt(struct skcipher_request *req) { - int bsize = crypto_cipher_blocksize(tfm); - int nbytes = walk->nbytes; - - u8 *src = walk->src.virt.addr; - u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; - - do { - if (ctx->cnt == bsize) { - if (nbytes < bsize) - break; - crypto_cipher_encrypt_one(tfm, iv, iv); - ctx->cnt = 0; - } - *dst = *src ^ iv[ctx->cnt]; - src++; - dst++; - ctx->cnt++; - } while (--nbytes); - return nbytes; -} - -static int crypto_ofb_encrypt(struct skcipher_request *req) -{ - struct skcipher_walk walk; struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - unsigned int bsize; struct crypto_ofb_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; - int ret = 0; + struct crypto_cipher *cipher = ctx->child; + const unsigned int bsize = crypto_cipher_blocksize(cipher); + struct skcipher_walk walk; + int err; - bsize = crypto_cipher_blocksize(child); - ctx->cnt = bsize; + err = skcipher_walk_virt(&walk, req, false); - ret = skcipher_walk_virt(&walk, req, false); + while (walk.nbytes >= bsize) { + const u8 *src = walk.src.virt.addr; + u8 *dst = walk.dst.virt.addr; + u8 * const iv = walk.iv; + unsigned int nbytes = walk.nbytes; - while (walk.nbytes) { - ret = crypto_ofb_encrypt_segment(ctx, &walk, child); - ret = skcipher_walk_done(&walk, ret); - } + do { + crypto_cipher_encrypt_one(cipher, iv, iv); + crypto_xor_cpy(dst, src, iv, bsize); + dst += bsize; + src += bsize; + } while ((nbytes -= bsize) >= bsize); - return ret; -} + err = skcipher_walk_done(&walk, nbytes); + } -/* OFB encrypt and decrypt are identical */ -static int crypto_ofb_decrypt(struct skcipher_request *req) -{ - return crypto_ofb_encrypt(req); + if (walk.nbytes) { + crypto_cipher_encrypt_one(cipher, walk.iv, walk.iv); + crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr, walk.iv, + walk.nbytes); + err = skcipher_walk_done(&walk, 0); + } + return err; } static int crypto_ofb_init_tfm(struct crypto_skcipher *tfm) @@ -165,13 +143,18 @@ static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb) if (err) goto err_drop_spawn; + /* OFB mode is a stream cipher. */ + inst->alg.base.cra_blocksize = 1; + + /* + * To simplify the implementation, configure the skcipher walk to only + * give a partial block at the very end, never earlier. + */ + inst->alg.chunksize = alg->cra_blocksize; + inst->alg.base.cra_priority = alg->cra_priority; - inst->alg.base.cra_blocksize = alg->cra_blocksize; inst->alg.base.cra_alignmask = alg->cra_alignmask; - /* We access the data as u32s when xoring. */ - inst->alg.base.cra_alignmask |= __alignof__(u32) - 1; - inst->alg.ivsize = alg->cra_blocksize; inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; @@ -182,8 +165,8 @@ static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb) inst->alg.exit = crypto_ofb_exit_tfm; inst->alg.setkey = crypto_ofb_setkey; - inst->alg.encrypt = crypto_ofb_encrypt; - inst->alg.decrypt = crypto_ofb_decrypt; + inst->alg.encrypt = crypto_ofb_crypt; + inst->alg.decrypt = crypto_ofb_crypt; inst->free = crypto_ofb_free; diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 7f4dae7a57a1..ca8e8ebef309 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -16681,8 +16681,7 @@ static const struct cipher_testvec aes_ctr_rfc3686_tv_template[] = { }; static const struct cipher_testvec aes_ofb_tv_template[] = { - /* From NIST Special Publication 800-38A, Appendix F.5 */ - { + { /* From NIST Special Publication 800-38A, Appendix F.5 */ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", .klen = 16, @@ -16705,6 +16704,31 @@ static const struct cipher_testvec aes_ofb_tv_template[] = { "\x30\x4c\x65\x28\xf6\x59\xc7\x78" "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e", .len = 64, + .also_non_np = 1, + .np = 2, + .tap = { 31, 33 }, + }, { /* > 16 bytes, not a multiple of 16 bytes */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" + "\xae", + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20" + "\x33\x34\x49\xf8\xe8\x3c\xfb\x4a" + "\x77", + .len = 17, + }, { /* < 16 bytes */ + .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" + "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", + .klen = 16, + .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f", + .ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad", + .len = 7, } }; -- cgit From 251b7aea34ba3c4d4fdfa9447695642eb8b8b098 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:13 -0800 Subject: crypto: pcbc - remove bogus memcpy()s with src == dest The memcpy()s in the PCBC implementation use walk->iv as both the source and destination, which has undefined behavior. These memcpy()'s are actually unneeded, because walk->iv is already used to hold the previous plaintext block XOR'd with the previous ciphertext block. Thus, walk->iv is already updated to its final value. So remove the broken and unnecessary memcpy()s. Fixes: 91652be5d1b9 ("[CRYPTO] pcbc: Add Propagated CBC template") Cc: # v2.6.21+ Cc: David Howells Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/pcbc.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index 8aa10144407c..1b182dfedc94 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -51,7 +51,7 @@ static int crypto_pcbc_encrypt_segment(struct skcipher_request *req, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { crypto_xor(iv, src, bsize); @@ -72,7 +72,7 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req, int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[MAX_CIPHER_BLOCKSIZE]; do { @@ -84,8 +84,6 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -121,7 +119,7 @@ static int crypto_pcbc_decrypt_segment(struct skcipher_request *req, unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; u8 *dst = walk->dst.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; do { crypto_cipher_decrypt_one(tfm, dst, src); @@ -132,8 +130,6 @@ static int crypto_pcbc_decrypt_segment(struct skcipher_request *req, dst += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } @@ -144,7 +140,7 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req, int bsize = crypto_cipher_blocksize(tfm); unsigned int nbytes = walk->nbytes; u8 *src = walk->src.virt.addr; - u8 *iv = walk->iv; + u8 * const iv = walk->iv; u8 tmpbuf[MAX_CIPHER_BLOCKSIZE] __aligned(__alignof__(u32)); do { @@ -156,8 +152,6 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req, src += bsize; } while ((nbytes -= bsize) >= bsize); - memcpy(walk->iv, iv, bsize); - return nbytes; } -- cgit From 0872da16dd632e5d1d3f80388f7ae6fbeb17ad53 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:14 -0800 Subject: crypto: skcipher - add helper for simple block cipher modes The majority of skcipher templates (including both the existing ones and the ones remaining to be converted from the "blkcipher" API) just wrap a single block cipher algorithm. This includes cbc, cfb, ctr, ecb, kw, ofb, and pcbc. Add a helper function skcipher_alloc_instance_simple() that handles allocating an skcipher instance for this common case. Signed-off-by: Eric Biggers Reviewed-by: Stephan Mueller Signed-off-by: Herbert Xu --- crypto/skcipher.c | 131 +++++++++++++++++++++++++++++++++++++ include/crypto/internal/skcipher.h | 15 +++++ 2 files changed, 146 insertions(+) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index 2a969296bc24..040ae6377b32 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -1058,5 +1058,136 @@ int skcipher_register_instance(struct crypto_template *tmpl, } EXPORT_SYMBOL_GPL(skcipher_register_instance); +static int skcipher_setkey_simple(struct crypto_skcipher *tfm, const u8 *key, + unsigned int keylen) +{ + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); + int err; + + crypto_cipher_clear_flags(cipher, CRYPTO_TFM_REQ_MASK); + crypto_cipher_set_flags(cipher, crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_MASK); + err = crypto_cipher_setkey(cipher, key, keylen); + crypto_skcipher_set_flags(tfm, crypto_cipher_get_flags(cipher) & + CRYPTO_TFM_RES_MASK); + return err; +} + +static int skcipher_init_tfm_simple(struct crypto_skcipher *tfm) +{ + struct skcipher_instance *inst = skcipher_alg_instance(tfm); + struct crypto_spawn *spawn = skcipher_instance_ctx(inst); + struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm); + struct crypto_cipher *cipher; + + cipher = crypto_spawn_cipher(spawn); + if (IS_ERR(cipher)) + return PTR_ERR(cipher); + + ctx->cipher = cipher; + return 0; +} + +static void skcipher_exit_tfm_simple(struct crypto_skcipher *tfm) +{ + struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm); + + crypto_free_cipher(ctx->cipher); +} + +static void skcipher_free_instance_simple(struct skcipher_instance *inst) +{ + crypto_drop_spawn(skcipher_instance_ctx(inst)); + kfree(inst); +} + +/** + * skcipher_alloc_instance_simple - allocate instance of simple block cipher mode + * + * Allocate an skcipher_instance for a simple block cipher mode of operation, + * e.g. cbc or ecb. The instance context will have just a single crypto_spawn, + * that for the underlying cipher. The {min,max}_keysize, ivsize, blocksize, + * alignmask, and priority are set from the underlying cipher but can be + * overridden if needed. The tfm context defaults to skcipher_ctx_simple, and + * default ->setkey(), ->init(), and ->exit() methods are installed. + * + * @tmpl: the template being instantiated + * @tb: the template parameters + * @cipher_alg_ret: on success, a pointer to the underlying cipher algorithm is + * returned here. It must be dropped with crypto_mod_put(). + * + * Return: a pointer to the new instance, or an ERR_PTR(). The caller still + * needs to register the instance. + */ +struct skcipher_instance * +skcipher_alloc_instance_simple(struct crypto_template *tmpl, struct rtattr **tb, + struct crypto_alg **cipher_alg_ret) +{ + struct crypto_attr_type *algt; + struct crypto_alg *cipher_alg; + struct skcipher_instance *inst; + struct crypto_spawn *spawn; + u32 mask; + int err; + + algt = crypto_get_attr_type(tb); + if (IS_ERR(algt)) + return ERR_CAST(algt); + + if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask) + return ERR_PTR(-EINVAL); + + mask = CRYPTO_ALG_TYPE_MASK | + crypto_requires_off(algt->type, algt->mask, + CRYPTO_ALG_NEED_FALLBACK); + + cipher_alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask); + if (IS_ERR(cipher_alg)) + return ERR_CAST(cipher_alg); + + inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); + if (!inst) { + err = -ENOMEM; + goto err_put_cipher_alg; + } + spawn = skcipher_instance_ctx(inst); + + err = crypto_inst_setname(skcipher_crypto_instance(inst), tmpl->name, + cipher_alg); + if (err) + goto err_free_inst; + + err = crypto_init_spawn(spawn, cipher_alg, + skcipher_crypto_instance(inst), + CRYPTO_ALG_TYPE_MASK); + if (err) + goto err_free_inst; + inst->free = skcipher_free_instance_simple; + + /* Default algorithm properties, can be overridden */ + inst->alg.base.cra_blocksize = cipher_alg->cra_blocksize; + inst->alg.base.cra_alignmask = cipher_alg->cra_alignmask; + inst->alg.base.cra_priority = cipher_alg->cra_priority; + inst->alg.min_keysize = cipher_alg->cra_cipher.cia_min_keysize; + inst->alg.max_keysize = cipher_alg->cra_cipher.cia_max_keysize; + inst->alg.ivsize = cipher_alg->cra_blocksize; + + /* Use skcipher_ctx_simple by default, can be overridden */ + inst->alg.base.cra_ctxsize = sizeof(struct skcipher_ctx_simple); + inst->alg.setkey = skcipher_setkey_simple; + inst->alg.init = skcipher_init_tfm_simple; + inst->alg.exit = skcipher_exit_tfm_simple; + + *cipher_alg_ret = cipher_alg; + return inst; + +err_free_inst: + kfree(inst); +err_put_cipher_alg: + crypto_mod_put(cipher_alg); + return ERR_PTR(err); +} +EXPORT_SYMBOL_GPL(skcipher_alloc_instance_simple); + MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("Symmetric key cipher type"); diff --git a/include/crypto/internal/skcipher.h b/include/crypto/internal/skcipher.h index 453e867b4bd9..9de6032209cb 100644 --- a/include/crypto/internal/skcipher.h +++ b/include/crypto/internal/skcipher.h @@ -205,5 +205,20 @@ static inline unsigned int crypto_skcipher_alg_max_keysize( return alg->max_keysize; } +/* Helpers for simple block cipher modes of operation */ +struct skcipher_ctx_simple { + struct crypto_cipher *cipher; /* underlying block cipher */ +}; +static inline struct crypto_cipher * +skcipher_cipher_simple(struct crypto_skcipher *tfm) +{ + struct skcipher_ctx_simple *ctx = crypto_skcipher_ctx(tfm); + + return ctx->cipher; +} +struct skcipher_instance * +skcipher_alloc_instance_simple(struct crypto_template *tmpl, struct rtattr **tb, + struct crypto_alg **cipher_alg_ret); + #endif /* _CRYPTO_INTERNAL_SKCIPHER_H */ -- cgit From a5a84a9dbf3d3319c022ff3c9ea76ed3dc332978 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:15 -0800 Subject: crypto: cbc - convert to skcipher_alloc_instance_simple() The CBC template just wraps a single block cipher algorithm, so simplify it by converting it to use skcipher_alloc_instance_simple(). Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cbc.c | 131 ++++++----------------------------------------------------- 1 file changed, 13 insertions(+), 118 deletions(-) diff --git a/crypto/cbc.c b/crypto/cbc.c index dd5f332fd566..d12efaac9230 100644 --- a/crypto/cbc.c +++ b/crypto/cbc.c @@ -18,34 +18,11 @@ #include #include #include -#include - -struct crypto_cbc_ctx { - struct crypto_cipher *child; -}; - -static int crypto_cbc_setkey(struct crypto_skcipher *parent, const u8 *key, - unsigned int keylen) -{ - struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(parent); - struct crypto_cipher *child = ctx->child; - int err; - - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - return err; -} static inline void crypto_cbc_encrypt_one(struct crypto_skcipher *tfm, const u8 *src, u8 *dst) { - struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_cipher_encrypt_one(ctx->child, dst, src); + crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src); } static int crypto_cbc_encrypt(struct skcipher_request *req) @@ -56,9 +33,7 @@ static int crypto_cbc_encrypt(struct skcipher_request *req) static inline void crypto_cbc_decrypt_one(struct crypto_skcipher *tfm, const u8 *src, u8 *dst) { - struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_cipher_decrypt_one(ctx->child, dst, src); + crypto_cipher_decrypt_one(skcipher_cipher_simple(tfm), dst, src); } static int crypto_cbc_decrypt(struct skcipher_request *req) @@ -78,113 +53,33 @@ static int crypto_cbc_decrypt(struct skcipher_request *req) return err; } -static int crypto_cbc_init_tfm(struct crypto_skcipher *tfm) -{ - struct skcipher_instance *inst = skcipher_alg_instance(tfm); - struct crypto_spawn *spawn = skcipher_instance_ctx(inst); - struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *cipher; - - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - return 0; -} - -static void crypto_cbc_exit_tfm(struct crypto_skcipher *tfm) -{ - struct crypto_cbc_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_free_cipher(ctx->child); -} - -static void crypto_cbc_free(struct skcipher_instance *inst) -{ - crypto_drop_skcipher(skcipher_instance_ctx(inst)); - kfree(inst); -} - static int crypto_cbc_create(struct crypto_template *tmpl, struct rtattr **tb) { struct skcipher_instance *inst; - struct crypto_attr_type *algt; - struct crypto_spawn *spawn; struct crypto_alg *alg; - u32 mask; int err; - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER); - if (err) - return err; - - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); - if (!inst) - return -ENOMEM; - - algt = crypto_get_attr_type(tb); - err = PTR_ERR(algt); - if (IS_ERR(algt)) - goto err_free_inst; - - mask = CRYPTO_ALG_TYPE_MASK | - crypto_requires_off(algt->type, algt->mask, - CRYPTO_ALG_NEED_FALLBACK); - - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask); - err = PTR_ERR(alg); - if (IS_ERR(alg)) - goto err_free_inst; - - spawn = skcipher_instance_ctx(inst); - err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst), - CRYPTO_ALG_TYPE_MASK); - if (err) - goto err_put_alg; - - err = crypto_inst_setname(skcipher_crypto_instance(inst), "cbc", alg); - if (err) - goto err_drop_spawn; + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); + if (IS_ERR(inst)) + return PTR_ERR(inst); err = -EINVAL; if (!is_power_of_2(alg->cra_blocksize)) - goto err_drop_spawn; - - inst->alg.base.cra_priority = alg->cra_priority; - inst->alg.base.cra_blocksize = alg->cra_blocksize; - inst->alg.base.cra_alignmask = alg->cra_alignmask; - - inst->alg.ivsize = alg->cra_blocksize; - inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; - - inst->alg.base.cra_ctxsize = sizeof(struct crypto_cbc_ctx); - - inst->alg.init = crypto_cbc_init_tfm; - inst->alg.exit = crypto_cbc_exit_tfm; + goto out_free_inst; - inst->alg.setkey = crypto_cbc_setkey; inst->alg.encrypt = crypto_cbc_encrypt; inst->alg.decrypt = crypto_cbc_decrypt; - inst->free = crypto_cbc_free; - err = skcipher_register_instance(tmpl, inst); if (err) - goto err_drop_spawn; - crypto_mod_put(alg); + goto out_free_inst; + goto out_put_alg; -out: - return err; - -err_drop_spawn: - crypto_drop_spawn(spawn); -err_put_alg: +out_free_inst: + inst->free(inst); +out_put_alg: crypto_mod_put(alg); -err_free_inst: - kfree(inst); - goto out; + return err; } static struct crypto_template crypto_cbc_tmpl = { @@ -207,5 +102,5 @@ module_init(crypto_cbc_module_init); module_exit(crypto_cbc_module_exit); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("CBC block cipher algorithm"); +MODULE_DESCRIPTION("CBC block cipher mode of operation"); MODULE_ALIAS_CRYPTO("cbc"); -- cgit From 03b8302ddaad4cf59c0f4f1d60d6a9b4baa3b136 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:16 -0800 Subject: crypto: cfb - convert to skcipher_alloc_instance_simple() The CFB template just wraps a single block cipher algorithm, so simplify it by converting it to use skcipher_alloc_instance_simple(). Cc: James Bottomley Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/cfb.c | 127 +++++------------------------------------------------------ 1 file changed, 9 insertions(+), 118 deletions(-) diff --git a/crypto/cfb.c b/crypto/cfb.c index 4abfe32ff845..03ac847f6d6a 100644 --- a/crypto/cfb.c +++ b/crypto/cfb.c @@ -25,28 +25,17 @@ #include #include #include -#include #include -#include - -struct crypto_cfb_ctx { - struct crypto_cipher *child; -}; static unsigned int crypto_cfb_bsize(struct crypto_skcipher *tfm) { - struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; - - return crypto_cipher_blocksize(child); + return crypto_cipher_blocksize(skcipher_cipher_simple(tfm)); } static void crypto_cfb_encrypt_one(struct crypto_skcipher *tfm, const u8 *src, u8 *dst) { - struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_cipher_encrypt_one(ctx->child, dst, src); + crypto_cipher_encrypt_one(skcipher_cipher_simple(tfm), dst, src); } /* final encrypt and decrypt is the same */ @@ -186,22 +175,6 @@ static int crypto_cfb_decrypt_blocks(struct skcipher_walk *walk, return crypto_cfb_decrypt_segment(walk, tfm); } -static int crypto_cfb_setkey(struct crypto_skcipher *parent, const u8 *key, - unsigned int keylen) -{ - struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(parent); - struct crypto_cipher *child = ctx->child; - int err; - - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - return err; -} - static int crypto_cfb_decrypt(struct skcipher_request *req) { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); @@ -224,79 +197,18 @@ static int crypto_cfb_decrypt(struct skcipher_request *req) return err; } -static int crypto_cfb_init_tfm(struct crypto_skcipher *tfm) -{ - struct skcipher_instance *inst = skcipher_alg_instance(tfm); - struct crypto_spawn *spawn = skcipher_instance_ctx(inst); - struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *cipher; - - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - return 0; -} - -static void crypto_cfb_exit_tfm(struct crypto_skcipher *tfm) -{ - struct crypto_cfb_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_free_cipher(ctx->child); -} - -static void crypto_cfb_free(struct skcipher_instance *inst) -{ - crypto_drop_skcipher(skcipher_instance_ctx(inst)); - kfree(inst); -} - static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb) { struct skcipher_instance *inst; - struct crypto_attr_type *algt; - struct crypto_spawn *spawn; struct crypto_alg *alg; - u32 mask; int err; - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER); - if (err) - return err; - - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); - if (!inst) - return -ENOMEM; - - algt = crypto_get_attr_type(tb); - err = PTR_ERR(algt); - if (IS_ERR(algt)) - goto err_free_inst; + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); + if (IS_ERR(inst)) + return PTR_ERR(inst); - mask = CRYPTO_ALG_TYPE_MASK | - crypto_requires_off(algt->type, algt->mask, - CRYPTO_ALG_NEED_FALLBACK); - - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask); - err = PTR_ERR(alg); - if (IS_ERR(alg)) - goto err_free_inst; - - spawn = skcipher_instance_ctx(inst); - err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst), - CRYPTO_ALG_TYPE_MASK); - if (err) - goto err_put_alg; - - err = crypto_inst_setname(skcipher_crypto_instance(inst), "cfb", alg); - if (err) - goto err_drop_spawn; - - inst->alg.base.cra_priority = alg->cra_priority; - /* we're a stream cipher independend of the crypto cra_blocksize */ + /* CFB mode is a stream cipher. */ inst->alg.base.cra_blocksize = 1; - inst->alg.base.cra_alignmask = alg->cra_alignmask; /* * To simplify the implementation, configure the skcipher walk to only @@ -304,36 +216,15 @@ static int crypto_cfb_create(struct crypto_template *tmpl, struct rtattr **tb) */ inst->alg.chunksize = alg->cra_blocksize; - inst->alg.ivsize = alg->cra_blocksize; - inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; - - inst->alg.base.cra_ctxsize = sizeof(struct crypto_cfb_ctx); - - inst->alg.init = crypto_cfb_init_tfm; - inst->alg.exit = crypto_cfb_exit_tfm; - - inst->alg.setkey = crypto_cfb_setkey; inst->alg.encrypt = crypto_cfb_encrypt; inst->alg.decrypt = crypto_cfb_decrypt; - inst->free = crypto_cfb_free; - err = skcipher_register_instance(tmpl, inst); if (err) - goto err_drop_spawn; - crypto_mod_put(alg); - -out: - return err; + inst->free(inst); -err_drop_spawn: - crypto_drop_spawn(spawn); -err_put_alg: crypto_mod_put(alg); -err_free_inst: - kfree(inst); - goto out; + return err; } static struct crypto_template crypto_cfb_tmpl = { @@ -356,5 +247,5 @@ module_init(crypto_cfb_module_init); module_exit(crypto_cfb_module_exit); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("CFB block cipher algorithm"); +MODULE_DESCRIPTION("CFB block cipher mode of operation"); MODULE_ALIAS_CRYPTO("cfb"); -- cgit From 11f14630c4b379279ae3b063ba474d3290914333 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:17 -0800 Subject: crypto: ctr - convert to skcipher API Convert the CTR template from the deprecated "blkcipher" API to the "skcipher" API, taking advantage of skcipher_alloc_instance_simple() to simplify it considerably. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ctr.c | 160 +++++++++++++++-------------------------------------------- 1 file changed, 41 insertions(+), 119 deletions(-) diff --git a/crypto/ctr.c b/crypto/ctr.c index 30f3946efc6d..4c743a96faa4 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -17,14 +17,8 @@ #include #include #include -#include -#include #include -struct crypto_ctr_ctx { - struct crypto_cipher *child; -}; - struct crypto_rfc3686_ctx { struct crypto_skcipher *child; u8 nonce[CTR_RFC3686_NONCE_SIZE]; @@ -35,24 +29,7 @@ struct crypto_rfc3686_req_ctx { struct skcipher_request subreq CRYPTO_MINALIGN_ATTR; }; -static int crypto_ctr_setkey(struct crypto_tfm *parent, const u8 *key, - unsigned int keylen) -{ - struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(parent); - struct crypto_cipher *child = ctx->child; - int err; - - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - - return err; -} - -static void crypto_ctr_crypt_final(struct blkcipher_walk *walk, +static void crypto_ctr_crypt_final(struct skcipher_walk *walk, struct crypto_cipher *tfm) { unsigned int bsize = crypto_cipher_blocksize(tfm); @@ -70,7 +47,7 @@ static void crypto_ctr_crypt_final(struct blkcipher_walk *walk, crypto_inc(ctrblk, bsize); } -static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk, +static int crypto_ctr_crypt_segment(struct skcipher_walk *walk, struct crypto_cipher *tfm) { void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = @@ -96,7 +73,7 @@ static int crypto_ctr_crypt_segment(struct blkcipher_walk *walk, return nbytes; } -static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk, +static int crypto_ctr_crypt_inplace(struct skcipher_walk *walk, struct crypto_cipher *tfm) { void (*fn)(struct crypto_tfm *, u8 *, const u8 *) = @@ -123,135 +100,80 @@ static int crypto_ctr_crypt_inplace(struct blkcipher_walk *walk, return nbytes; } -static int crypto_ctr_crypt(struct blkcipher_desc *desc, - struct scatterlist *dst, struct scatterlist *src, - unsigned int nbytes) +static int crypto_ctr_crypt(struct skcipher_request *req) { - struct blkcipher_walk walk; - struct crypto_blkcipher *tfm = desc->tfm; - struct crypto_ctr_ctx *ctx = crypto_blkcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; - unsigned int bsize = crypto_cipher_blocksize(child); + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); + const unsigned int bsize = crypto_cipher_blocksize(cipher); + struct skcipher_walk walk; + unsigned int nbytes; int err; - blkcipher_walk_init(&walk, dst, src, nbytes); - err = blkcipher_walk_virt_block(desc, &walk, bsize); + err = skcipher_walk_virt(&walk, req, false); while (walk.nbytes >= bsize) { if (walk.src.virt.addr == walk.dst.virt.addr) - nbytes = crypto_ctr_crypt_inplace(&walk, child); + nbytes = crypto_ctr_crypt_inplace(&walk, cipher); else - nbytes = crypto_ctr_crypt_segment(&walk, child); + nbytes = crypto_ctr_crypt_segment(&walk, cipher); - err = blkcipher_walk_done(desc, &walk, nbytes); + err = skcipher_walk_done(&walk, nbytes); } if (walk.nbytes) { - crypto_ctr_crypt_final(&walk, child); - err = blkcipher_walk_done(desc, &walk, 0); + crypto_ctr_crypt_final(&walk, cipher); + err = skcipher_walk_done(&walk, 0); } return err; } -static int crypto_ctr_init_tfm(struct crypto_tfm *tfm) +static int crypto_ctr_create(struct crypto_template *tmpl, struct rtattr **tb) { - struct crypto_instance *inst = (void *)tfm->__crt_alg; - struct crypto_spawn *spawn = crypto_instance_ctx(inst); - struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm); - struct crypto_cipher *cipher; - - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - - return 0; -} - -static void crypto_ctr_exit_tfm(struct crypto_tfm *tfm) -{ - struct crypto_ctr_ctx *ctx = crypto_tfm_ctx(tfm); - - crypto_free_cipher(ctx->child); -} - -static struct crypto_instance *crypto_ctr_alloc(struct rtattr **tb) -{ - struct crypto_instance *inst; - struct crypto_attr_type *algt; + struct skcipher_instance *inst; struct crypto_alg *alg; - u32 mask; int err; - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); - if (err) - return ERR_PTR(err); - - algt = crypto_get_attr_type(tb); - if (IS_ERR(algt)) - return ERR_CAST(algt); - - mask = CRYPTO_ALG_TYPE_MASK | - crypto_requires_off(algt->type, algt->mask, - CRYPTO_ALG_NEED_FALLBACK); - - alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_CIPHER, mask); - if (IS_ERR(alg)) - return ERR_CAST(alg); + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); + if (IS_ERR(inst)) + return PTR_ERR(inst); /* Block size must be >= 4 bytes. */ err = -EINVAL; if (alg->cra_blocksize < 4) - goto out_put_alg; + goto out_free_inst; /* If this is false we'd fail the alignment of crypto_inc. */ if (alg->cra_blocksize % 4) - goto out_put_alg; - - inst = crypto_alloc_instance("ctr", alg); - if (IS_ERR(inst)) - goto out; - - inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; - inst->alg.cra_priority = alg->cra_priority; - inst->alg.cra_blocksize = 1; - inst->alg.cra_alignmask = alg->cra_alignmask; - inst->alg.cra_type = &crypto_blkcipher_type; + goto out_free_inst; - inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; - inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; - - inst->alg.cra_ctxsize = sizeof(struct crypto_ctr_ctx); + /* CTR mode is a stream cipher. */ + inst->alg.base.cra_blocksize = 1; - inst->alg.cra_init = crypto_ctr_init_tfm; - inst->alg.cra_exit = crypto_ctr_exit_tfm; + /* + * To simplify the implementation, configure the skcipher walk to only + * give a partial block at the very end, never earlier. + */ + inst->alg.chunksize = alg->cra_blocksize; - inst->alg.cra_blkcipher.setkey = crypto_ctr_setkey; - inst->alg.cra_blkcipher.encrypt = crypto_ctr_crypt; - inst->alg.cra_blkcipher.decrypt = crypto_ctr_crypt; + inst->alg.encrypt = crypto_ctr_crypt; + inst->alg.decrypt = crypto_ctr_crypt; -out: - crypto_mod_put(alg); - return inst; + err = skcipher_register_instance(tmpl, inst); + if (err) + goto out_free_inst; + goto out_put_alg; +out_free_inst: + inst->free(inst); out_put_alg: - inst = ERR_PTR(err); - goto out; -} - -static void crypto_ctr_free(struct crypto_instance *inst) -{ - crypto_drop_spawn(crypto_instance_ctx(inst)); - kfree(inst); + crypto_mod_put(alg); + return err; } static struct crypto_template crypto_ctr_tmpl = { .name = "ctr", - .alloc = crypto_ctr_alloc, - .free = crypto_ctr_free, + .create = crypto_ctr_create, .module = THIS_MODULE, }; @@ -480,6 +402,6 @@ module_init(crypto_ctr_module_init); module_exit(crypto_ctr_module_exit); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("CTR Counter block mode"); +MODULE_DESCRIPTION("CTR block cipher mode of operation"); MODULE_ALIAS_CRYPTO("rfc3686"); MODULE_ALIAS_CRYPTO("ctr"); -- cgit From 52e9368fe6d91d47a62062032431edb02a2905bc Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:18 -0800 Subject: crypto: ecb - convert to skcipher API Convert the ECB template from the deprecated "blkcipher" API to the "skcipher" API, taking advantage of skcipher_alloc_instance_simple() to simplify it considerably. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ecb.c | 151 ++++++++++++++--------------------------------------------- 1 file changed, 36 insertions(+), 115 deletions(-) diff --git a/crypto/ecb.c b/crypto/ecb.c index 12011aff0971..0732715c8d91 100644 --- a/crypto/ecb.c +++ b/crypto/ecb.c @@ -11,162 +11,83 @@ */ #include +#include #include #include #include #include -#include -#include -struct crypto_ecb_ctx { - struct crypto_cipher *child; -}; - -static int crypto_ecb_setkey(struct crypto_tfm *parent, const u8 *key, - unsigned int keylen) -{ - struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(parent); - struct crypto_cipher *child = ctx->child; - int err; - - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - return err; -} - -static int crypto_ecb_crypt(struct blkcipher_desc *desc, - struct blkcipher_walk *walk, - struct crypto_cipher *tfm, +static int crypto_ecb_crypt(struct skcipher_request *req, + struct crypto_cipher *cipher, void (*fn)(struct crypto_tfm *, u8 *, const u8 *)) { - int bsize = crypto_cipher_blocksize(tfm); + const unsigned int bsize = crypto_cipher_blocksize(cipher); + struct skcipher_walk walk; unsigned int nbytes; int err; - err = blkcipher_walk_virt(desc, walk); + err = skcipher_walk_virt(&walk, req, false); - while ((nbytes = walk->nbytes)) { - u8 *wsrc = walk->src.virt.addr; - u8 *wdst = walk->dst.virt.addr; + while ((nbytes = walk.nbytes) != 0) { + const u8 *src = walk.src.virt.addr; + u8 *dst = walk.dst.virt.addr; do { - fn(crypto_cipher_tfm(tfm), wdst, wsrc); + fn(crypto_cipher_tfm(cipher), dst, src); - wsrc += bsize; - wdst += bsize; + src += bsize; + dst += bsize; } while ((nbytes -= bsize) >= bsize); - err = blkcipher_walk_done(desc, walk, nbytes); + err = skcipher_walk_done(&walk, nbytes); } return err; } -static int crypto_ecb_encrypt(struct blkcipher_desc *desc, - struct scatterlist *dst, struct scatterlist *src, - unsigned int nbytes) +static int crypto_ecb_encrypt(struct skcipher_request *req) { - struct blkcipher_walk walk; - struct crypto_blkcipher *tfm = desc->tfm; - struct crypto_ecb_ctx *ctx = crypto_blkcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; - - blkcipher_walk_init(&walk, dst, src, nbytes); - return crypto_ecb_crypt(desc, &walk, child, - crypto_cipher_alg(child)->cia_encrypt); -} + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); -static int crypto_ecb_decrypt(struct blkcipher_desc *desc, - struct scatterlist *dst, struct scatterlist *src, - unsigned int nbytes) -{ - struct blkcipher_walk walk; - struct crypto_blkcipher *tfm = desc->tfm; - struct crypto_ecb_ctx *ctx = crypto_blkcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; - - blkcipher_walk_init(&walk, dst, src, nbytes); - return crypto_ecb_crypt(desc, &walk, child, - crypto_cipher_alg(child)->cia_decrypt); + return crypto_ecb_crypt(req, cipher, + crypto_cipher_alg(cipher)->cia_encrypt); } -static int crypto_ecb_init_tfm(struct crypto_tfm *tfm) +static int crypto_ecb_decrypt(struct skcipher_request *req) { - struct crypto_instance *inst = (void *)tfm->__crt_alg; - struct crypto_spawn *spawn = crypto_instance_ctx(inst); - struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); - struct crypto_cipher *cipher; + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - return 0; + return crypto_ecb_crypt(req, cipher, + crypto_cipher_alg(cipher)->cia_decrypt); } -static void crypto_ecb_exit_tfm(struct crypto_tfm *tfm) +static int crypto_ecb_create(struct crypto_template *tmpl, struct rtattr **tb) { - struct crypto_ecb_ctx *ctx = crypto_tfm_ctx(tfm); - crypto_free_cipher(ctx->child); -} - -static struct crypto_instance *crypto_ecb_alloc(struct rtattr **tb) -{ - struct crypto_instance *inst; + struct skcipher_instance *inst; struct crypto_alg *alg; int err; - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); - if (err) - return ERR_PTR(err); - - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, - CRYPTO_ALG_TYPE_MASK); - if (IS_ERR(alg)) - return ERR_CAST(alg); - - inst = crypto_alloc_instance("ecb", alg); + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); if (IS_ERR(inst)) - goto out_put_alg; - - inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; - inst->alg.cra_priority = alg->cra_priority; - inst->alg.cra_blocksize = alg->cra_blocksize; - inst->alg.cra_alignmask = alg->cra_alignmask; - inst->alg.cra_type = &crypto_blkcipher_type; - - inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; + return PTR_ERR(inst); - inst->alg.cra_ctxsize = sizeof(struct crypto_ecb_ctx); + inst->alg.ivsize = 0; /* ECB mode doesn't take an IV */ - inst->alg.cra_init = crypto_ecb_init_tfm; - inst->alg.cra_exit = crypto_ecb_exit_tfm; + inst->alg.encrypt = crypto_ecb_encrypt; + inst->alg.decrypt = crypto_ecb_decrypt; - inst->alg.cra_blkcipher.setkey = crypto_ecb_setkey; - inst->alg.cra_blkcipher.encrypt = crypto_ecb_encrypt; - inst->alg.cra_blkcipher.decrypt = crypto_ecb_decrypt; - -out_put_alg: + err = skcipher_register_instance(tmpl, inst); + if (err) + inst->free(inst); crypto_mod_put(alg); - return inst; -} - -static void crypto_ecb_free(struct crypto_instance *inst) -{ - crypto_drop_spawn(crypto_instance_ctx(inst)); - kfree(inst); + return err; } static struct crypto_template crypto_ecb_tmpl = { .name = "ecb", - .alloc = crypto_ecb_alloc, - .free = crypto_ecb_free, + .create = crypto_ecb_create, .module = THIS_MODULE, }; @@ -184,5 +105,5 @@ module_init(crypto_ecb_module_init); module_exit(crypto_ecb_module_exit); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("ECB block cipher algorithm"); +MODULE_DESCRIPTION("ECB block cipher mode of operation"); MODULE_ALIAS_CRYPTO("ecb"); -- cgit From 6b611d98c6f5c5a328f1698c4cad7447544a5da7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:19 -0800 Subject: crypto: keywrap - convert to skcipher API Convert the keywrap template from the deprecated "blkcipher" API to the "skcipher" API, taking advantage of skcipher_alloc_instance_simple() to simplify it considerably. Cc: Stephan Mueller Signed-off-by: Eric Biggers Reviewed-by: Stephan Mueller Signed-off-by: Herbert Xu --- crypto/keywrap.c | 198 ++++++++++++++++++------------------------------------- 1 file changed, 65 insertions(+), 133 deletions(-) diff --git a/crypto/keywrap.c b/crypto/keywrap.c index ec5c6a087c90..a5cfe610d8f4 100644 --- a/crypto/keywrap.c +++ b/crypto/keywrap.c @@ -56,7 +56,7 @@ * u8 *iv = data; * u8 *pt = data + crypto_skcipher_ivsize(tfm); * - * sg_init_one(&sg, ptdata, ptlen); + * sg_init_one(&sg, pt, ptlen); * skcipher_request_set_crypt(req, &sg, &sg, ptlen, iv); * * ==> After encryption, data now contains full KW result as per SP800-38F. @@ -70,8 +70,8 @@ * u8 *iv = data; * u8 *ct = data + crypto_skcipher_ivsize(tfm); * unsigned int ctlen = datalen - crypto_skcipher_ivsize(tfm); - * sg_init_one(&sg, ctdata, ctlen); - * skcipher_request_set_crypt(req, &sg, &sg, ptlen, iv); + * sg_init_one(&sg, ct, ctlen); + * skcipher_request_set_crypt(req, &sg, &sg, ctlen, iv); * * ==> After decryption (which hopefully does not return EBADMSG), the ct * pointer now points to the plaintext of size ctlen. @@ -87,10 +87,6 @@ #include #include -struct crypto_kw_ctx { - struct crypto_cipher *child; -}; - struct crypto_kw_block { #define SEMIBSIZE 8 __be64 A; @@ -124,16 +120,13 @@ static void crypto_kw_scatterlist_ff(struct scatter_walk *walk, } } -static int crypto_kw_decrypt(struct blkcipher_desc *desc, - struct scatterlist *dst, struct scatterlist *src, - unsigned int nbytes) +static int crypto_kw_decrypt(struct skcipher_request *req) { - struct crypto_blkcipher *tfm = desc->tfm; - struct crypto_kw_ctx *ctx = crypto_blkcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); struct crypto_kw_block block; - struct scatterlist *lsrc, *ldst; - u64 t = 6 * ((nbytes) >> 3); + struct scatterlist *src, *dst; + u64 t = 6 * ((req->cryptlen) >> 3); unsigned int i; int ret = 0; @@ -141,27 +134,27 @@ static int crypto_kw_decrypt(struct blkcipher_desc *desc, * Require at least 2 semiblocks (note, the 3rd semiblock that is * required by SP800-38F is the IV. */ - if (nbytes < (2 * SEMIBSIZE) || nbytes % SEMIBSIZE) + if (req->cryptlen < (2 * SEMIBSIZE) || req->cryptlen % SEMIBSIZE) return -EINVAL; /* Place the IV into block A */ - memcpy(&block.A, desc->info, SEMIBSIZE); + memcpy(&block.A, req->iv, SEMIBSIZE); /* * src scatterlist is read-only. dst scatterlist is r/w. During the - * first loop, lsrc points to src and ldst to dst. For any - * subsequent round, the code operates on dst only. + * first loop, src points to req->src and dst to req->dst. For any + * subsequent round, the code operates on req->dst only. */ - lsrc = src; - ldst = dst; + src = req->src; + dst = req->dst; for (i = 0; i < 6; i++) { struct scatter_walk src_walk, dst_walk; - unsigned int tmp_nbytes = nbytes; + unsigned int nbytes = req->cryptlen; - while (tmp_nbytes) { - /* move pointer by tmp_nbytes in the SGL */ - crypto_kw_scatterlist_ff(&src_walk, lsrc, tmp_nbytes); + while (nbytes) { + /* move pointer by nbytes in the SGL */ + crypto_kw_scatterlist_ff(&src_walk, src, nbytes); /* get the source block */ scatterwalk_copychunks(&block.R, &src_walk, SEMIBSIZE, false); @@ -170,21 +163,21 @@ static int crypto_kw_decrypt(struct blkcipher_desc *desc, block.A ^= cpu_to_be64(t); t--; /* perform KW operation: decrypt block */ - crypto_cipher_decrypt_one(child, (u8*)&block, - (u8*)&block); + crypto_cipher_decrypt_one(cipher, (u8 *)&block, + (u8 *)&block); - /* move pointer by tmp_nbytes in the SGL */ - crypto_kw_scatterlist_ff(&dst_walk, ldst, tmp_nbytes); + /* move pointer by nbytes in the SGL */ + crypto_kw_scatterlist_ff(&dst_walk, dst, nbytes); /* Copy block->R into place */ scatterwalk_copychunks(&block.R, &dst_walk, SEMIBSIZE, true); - tmp_nbytes -= SEMIBSIZE; + nbytes -= SEMIBSIZE; } /* we now start to operate on the dst SGL only */ - lsrc = dst; - ldst = dst; + src = req->dst; + dst = req->dst; } /* Perform authentication check */ @@ -196,15 +189,12 @@ static int crypto_kw_decrypt(struct blkcipher_desc *desc, return ret; } -static int crypto_kw_encrypt(struct blkcipher_desc *desc, - struct scatterlist *dst, struct scatterlist *src, - unsigned int nbytes) +static int crypto_kw_encrypt(struct skcipher_request *req) { - struct crypto_blkcipher *tfm = desc->tfm; - struct crypto_kw_ctx *ctx = crypto_blkcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); struct crypto_kw_block block; - struct scatterlist *lsrc, *ldst; + struct scatterlist *src, *dst; u64 t = 1; unsigned int i; @@ -214,7 +204,7 @@ static int crypto_kw_encrypt(struct blkcipher_desc *desc, * This means that the dst memory must be one semiblock larger than src. * Also ensure that the given data is aligned to semiblock. */ - if (nbytes < (2 * SEMIBSIZE) || nbytes % SEMIBSIZE) + if (req->cryptlen < (2 * SEMIBSIZE) || req->cryptlen % SEMIBSIZE) return -EINVAL; /* @@ -225,26 +215,26 @@ static int crypto_kw_encrypt(struct blkcipher_desc *desc, /* * src scatterlist is read-only. dst scatterlist is r/w. During the - * first loop, lsrc points to src and ldst to dst. For any - * subsequent round, the code operates on dst only. + * first loop, src points to req->src and dst to req->dst. For any + * subsequent round, the code operates on req->dst only. */ - lsrc = src; - ldst = dst; + src = req->src; + dst = req->dst; for (i = 0; i < 6; i++) { struct scatter_walk src_walk, dst_walk; - unsigned int tmp_nbytes = nbytes; + unsigned int nbytes = req->cryptlen; - scatterwalk_start(&src_walk, lsrc); - scatterwalk_start(&dst_walk, ldst); + scatterwalk_start(&src_walk, src); + scatterwalk_start(&dst_walk, dst); - while (tmp_nbytes) { + while (nbytes) { /* get the source block */ scatterwalk_copychunks(&block.R, &src_walk, SEMIBSIZE, false); /* perform KW operation: encrypt block */ - crypto_cipher_encrypt_one(child, (u8 *)&block, + crypto_cipher_encrypt_one(cipher, (u8 *)&block, (u8 *)&block); /* perform KW operation: modify IV with counter */ block.A ^= cpu_to_be64(t); @@ -254,117 +244,59 @@ static int crypto_kw_encrypt(struct blkcipher_desc *desc, scatterwalk_copychunks(&block.R, &dst_walk, SEMIBSIZE, true); - tmp_nbytes -= SEMIBSIZE; + nbytes -= SEMIBSIZE; } /* we now start to operate on the dst SGL only */ - lsrc = dst; - ldst = dst; + src = req->dst; + dst = req->dst; } /* establish the IV for the caller to pick up */ - memcpy(desc->info, &block.A, SEMIBSIZE); + memcpy(req->iv, &block.A, SEMIBSIZE); memzero_explicit(&block, sizeof(struct crypto_kw_block)); return 0; } -static int crypto_kw_setkey(struct crypto_tfm *parent, const u8 *key, - unsigned int keylen) +static int crypto_kw_create(struct crypto_template *tmpl, struct rtattr **tb) { - struct crypto_kw_ctx *ctx = crypto_tfm_ctx(parent); - struct crypto_cipher *child = ctx->child; + struct skcipher_instance *inst; + struct crypto_alg *alg; int err; - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - return err; -} - -static int crypto_kw_init_tfm(struct crypto_tfm *tfm) -{ - struct crypto_instance *inst = crypto_tfm_alg_instance(tfm); - struct crypto_spawn *spawn = crypto_instance_ctx(inst); - struct crypto_kw_ctx *ctx = crypto_tfm_ctx(tfm); - struct crypto_cipher *cipher; - - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - return 0; -} - -static void crypto_kw_exit_tfm(struct crypto_tfm *tfm) -{ - struct crypto_kw_ctx *ctx = crypto_tfm_ctx(tfm); - - crypto_free_cipher(ctx->child); -} - -static struct crypto_instance *crypto_kw_alloc(struct rtattr **tb) -{ - struct crypto_instance *inst = NULL; - struct crypto_alg *alg = NULL; - int err; - - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER); - if (err) - return ERR_PTR(err); - - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, - CRYPTO_ALG_TYPE_MASK); - if (IS_ERR(alg)) - return ERR_CAST(alg); + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); + if (IS_ERR(inst)) + return PTR_ERR(inst); - inst = ERR_PTR(-EINVAL); + err = -EINVAL; /* Section 5.1 requirement for KW */ if (alg->cra_blocksize != sizeof(struct crypto_kw_block)) - goto err; + goto out_free_inst; - inst = crypto_alloc_instance("kw", alg); - if (IS_ERR(inst)) - goto err; + inst->alg.base.cra_blocksize = SEMIBSIZE; + inst->alg.base.cra_alignmask = 0; + inst->alg.ivsize = SEMIBSIZE; - inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; - inst->alg.cra_priority = alg->cra_priority; - inst->alg.cra_blocksize = SEMIBSIZE; - inst->alg.cra_alignmask = 0; - inst->alg.cra_type = &crypto_blkcipher_type; - inst->alg.cra_blkcipher.ivsize = SEMIBSIZE; - inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; + inst->alg.encrypt = crypto_kw_encrypt; + inst->alg.decrypt = crypto_kw_decrypt; - inst->alg.cra_ctxsize = sizeof(struct crypto_kw_ctx); - - inst->alg.cra_init = crypto_kw_init_tfm; - inst->alg.cra_exit = crypto_kw_exit_tfm; - - inst->alg.cra_blkcipher.setkey = crypto_kw_setkey; - inst->alg.cra_blkcipher.encrypt = crypto_kw_encrypt; - inst->alg.cra_blkcipher.decrypt = crypto_kw_decrypt; + err = skcipher_register_instance(tmpl, inst); + if (err) + goto out_free_inst; + goto out_put_alg; -err: +out_free_inst: + inst->free(inst); +out_put_alg: crypto_mod_put(alg); - return inst; -} - -static void crypto_kw_free(struct crypto_instance *inst) -{ - crypto_drop_spawn(crypto_instance_ctx(inst)); - kfree(inst); + return err; } static struct crypto_template crypto_kw_tmpl = { .name = "kw", - .alloc = crypto_kw_alloc, - .free = crypto_kw_free, + .create = crypto_kw_create, .module = THIS_MODULE, }; -- cgit From 21f3ca6cd52ecc751b68cd7017d9efd1801f51f9 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:20 -0800 Subject: crypto: ofb - convert to skcipher_alloc_instance_simple() The OFB template just wraps a single block cipher algorithm, so simplify it by converting it to use skcipher_alloc_instance_simple(). Cc: Gilad Ben-Yossef Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ofb.c | 119 ++++------------------------------------------------------- 1 file changed, 7 insertions(+), 112 deletions(-) diff --git a/crypto/ofb.c b/crypto/ofb.c index cab0b80953fe..34b6e1f426f7 100644 --- a/crypto/ofb.c +++ b/crypto/ofb.c @@ -13,35 +13,11 @@ #include #include #include -#include -#include - -struct crypto_ofb_ctx { - struct crypto_cipher *child; -}; - - -static int crypto_ofb_setkey(struct crypto_skcipher *parent, const u8 *key, - unsigned int keylen) -{ - struct crypto_ofb_ctx *ctx = crypto_skcipher_ctx(parent); - struct crypto_cipher *child = ctx->child; - int err; - - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - return err; -} static int crypto_ofb_crypt(struct skcipher_request *req) { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct crypto_ofb_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *cipher = ctx->child; + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); const unsigned int bsize = crypto_cipher_blocksize(cipher); struct skcipher_walk walk; int err; @@ -73,75 +49,15 @@ static int crypto_ofb_crypt(struct skcipher_request *req) return err; } -static int crypto_ofb_init_tfm(struct crypto_skcipher *tfm) -{ - struct skcipher_instance *inst = skcipher_alg_instance(tfm); - struct crypto_spawn *spawn = skcipher_instance_ctx(inst); - struct crypto_ofb_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *cipher; - - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - return 0; -} - -static void crypto_ofb_exit_tfm(struct crypto_skcipher *tfm) -{ - struct crypto_ofb_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_free_cipher(ctx->child); -} - -static void crypto_ofb_free(struct skcipher_instance *inst) -{ - crypto_drop_skcipher(skcipher_instance_ctx(inst)); - kfree(inst); -} - static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb) { struct skcipher_instance *inst; - struct crypto_attr_type *algt; - struct crypto_spawn *spawn; struct crypto_alg *alg; - u32 mask; int err; - err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_SKCIPHER); - if (err) - return err; - - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); - if (!inst) - return -ENOMEM; - - algt = crypto_get_attr_type(tb); - err = PTR_ERR(algt); - if (IS_ERR(algt)) - goto err_free_inst; - - mask = CRYPTO_ALG_TYPE_MASK | - crypto_requires_off(algt->type, algt->mask, - CRYPTO_ALG_NEED_FALLBACK); - - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, mask); - err = PTR_ERR(alg); - if (IS_ERR(alg)) - goto err_free_inst; - - spawn = skcipher_instance_ctx(inst); - err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst), - CRYPTO_ALG_TYPE_MASK); - crypto_mod_put(alg); - if (err) - goto err_free_inst; - - err = crypto_inst_setname(skcipher_crypto_instance(inst), "ofb", alg); - if (err) - goto err_drop_spawn; + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); + if (IS_ERR(inst)) + return PTR_ERR(inst); /* OFB mode is a stream cipher. */ inst->alg.base.cra_blocksize = 1; @@ -152,36 +68,15 @@ static int crypto_ofb_create(struct crypto_template *tmpl, struct rtattr **tb) */ inst->alg.chunksize = alg->cra_blocksize; - inst->alg.base.cra_priority = alg->cra_priority; - inst->alg.base.cra_alignmask = alg->cra_alignmask; - - inst->alg.ivsize = alg->cra_blocksize; - inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; - - inst->alg.base.cra_ctxsize = sizeof(struct crypto_ofb_ctx); - - inst->alg.init = crypto_ofb_init_tfm; - inst->alg.exit = crypto_ofb_exit_tfm; - - inst->alg.setkey = crypto_ofb_setkey; inst->alg.encrypt = crypto_ofb_crypt; inst->alg.decrypt = crypto_ofb_crypt; - inst->free = crypto_ofb_free; - err = skcipher_register_instance(tmpl, inst); if (err) - goto err_drop_spawn; + inst->free(inst); -out: + crypto_mod_put(alg); return err; - -err_drop_spawn: - crypto_drop_spawn(spawn); -err_free_inst: - kfree(inst); - goto out; } static struct crypto_template crypto_ofb_tmpl = { @@ -204,5 +99,5 @@ module_init(crypto_ofb_module_init); module_exit(crypto_ofb_module_exit); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("OFB block cipher algorithm"); +MODULE_DESCRIPTION("OFB block cipher mode of operation"); MODULE_ALIAS_CRYPTO("ofb"); -- cgit From fb6de25c3bdb8cee3c0807bb09a7cd8ec017ab97 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:21 -0800 Subject: crypto: pcbc - remove ability to wrap internal ciphers Following commit 944585a64f5e ("crypto: x86/aes-ni - remove special handling of AES in PCBC mode"), it's no longer needed for the PCBC template to support wrapping a cipher that has the CRYPTO_ALG_INTERNAL flag set. Thus, remove this now-unused functionality to make PCBC consistent with the other single block cipher templates. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/pcbc.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index 1b182dfedc94..4f97a9d069b6 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -219,18 +219,15 @@ static int crypto_pcbc_create(struct crypto_template *tmpl, struct rtattr **tb) if (IS_ERR(algt)) return PTR_ERR(algt); - if (((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask) & - ~CRYPTO_ALG_INTERNAL) + if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask) return -EINVAL; inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); if (!inst) return -ENOMEM; - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER | - (algt->type & CRYPTO_ALG_INTERNAL), - CRYPTO_ALG_TYPE_MASK | - (algt->mask & CRYPTO_ALG_INTERNAL)); + alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, + CRYPTO_ALG_TYPE_MASK); err = PTR_ERR(alg); if (IS_ERR(alg)) goto err_free_inst; @@ -245,7 +242,6 @@ static int crypto_pcbc_create(struct crypto_template *tmpl, struct rtattr **tb) if (err) goto err_drop_spawn; - inst->alg.base.cra_flags = alg->cra_flags & CRYPTO_ALG_INTERNAL; inst->alg.base.cra_priority = alg->cra_priority; inst->alg.base.cra_blocksize = alg->cra_blocksize; inst->alg.base.cra_alignmask = alg->cra_alignmask; -- cgit From 0be487ba2e2f1593f7274b04615367d8830f6461 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:22 -0800 Subject: crypto: pcbc - convert to skcipher_alloc_instance_simple() The PCBC template just wraps a single block cipher algorithm, so simplify it by converting it to use skcipher_alloc_instance_simple(). Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/pcbc.c | 125 ++++++---------------------------------------------------- 1 file changed, 11 insertions(+), 114 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index 4f97a9d069b6..2fa03fc576fe 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -20,28 +20,6 @@ #include #include #include -#include -#include - -struct crypto_pcbc_ctx { - struct crypto_cipher *child; -}; - -static int crypto_pcbc_setkey(struct crypto_skcipher *parent, const u8 *key, - unsigned int keylen) -{ - struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(parent); - struct crypto_cipher *child = ctx->child; - int err; - - crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); - crypto_cipher_set_flags(child, crypto_skcipher_get_flags(parent) & - CRYPTO_TFM_REQ_MASK); - err = crypto_cipher_setkey(child, key, keylen); - crypto_skcipher_set_flags(parent, crypto_cipher_get_flags(child) & - CRYPTO_TFM_RES_MASK); - return err; -} static int crypto_pcbc_encrypt_segment(struct skcipher_request *req, struct skcipher_walk *walk, @@ -90,8 +68,7 @@ static int crypto_pcbc_encrypt_inplace(struct skcipher_request *req, static int crypto_pcbc_encrypt(struct skcipher_request *req) { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); struct skcipher_walk walk; unsigned int nbytes; int err; @@ -101,10 +78,10 @@ static int crypto_pcbc_encrypt(struct skcipher_request *req) while ((nbytes = walk.nbytes)) { if (walk.src.virt.addr == walk.dst.virt.addr) nbytes = crypto_pcbc_encrypt_inplace(req, &walk, - child); + cipher); else nbytes = crypto_pcbc_encrypt_segment(req, &walk, - child); + cipher); err = skcipher_walk_done(&walk, nbytes); } @@ -158,8 +135,7 @@ static int crypto_pcbc_decrypt_inplace(struct skcipher_request *req, static int crypto_pcbc_decrypt(struct skcipher_request *req) { struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); - struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *child = ctx->child; + struct crypto_cipher *cipher = skcipher_cipher_simple(tfm); struct skcipher_walk walk; unsigned int nbytes; int err; @@ -169,113 +145,34 @@ static int crypto_pcbc_decrypt(struct skcipher_request *req) while ((nbytes = walk.nbytes)) { if (walk.src.virt.addr == walk.dst.virt.addr) nbytes = crypto_pcbc_decrypt_inplace(req, &walk, - child); + cipher); else nbytes = crypto_pcbc_decrypt_segment(req, &walk, - child); + cipher); err = skcipher_walk_done(&walk, nbytes); } return err; } -static int crypto_pcbc_init_tfm(struct crypto_skcipher *tfm) -{ - struct skcipher_instance *inst = skcipher_alg_instance(tfm); - struct crypto_spawn *spawn = skcipher_instance_ctx(inst); - struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm); - struct crypto_cipher *cipher; - - cipher = crypto_spawn_cipher(spawn); - if (IS_ERR(cipher)) - return PTR_ERR(cipher); - - ctx->child = cipher; - return 0; -} - -static void crypto_pcbc_exit_tfm(struct crypto_skcipher *tfm) -{ - struct crypto_pcbc_ctx *ctx = crypto_skcipher_ctx(tfm); - - crypto_free_cipher(ctx->child); -} - -static void crypto_pcbc_free(struct skcipher_instance *inst) -{ - crypto_drop_skcipher(skcipher_instance_ctx(inst)); - kfree(inst); -} - static int crypto_pcbc_create(struct crypto_template *tmpl, struct rtattr **tb) { struct skcipher_instance *inst; - struct crypto_attr_type *algt; - struct crypto_spawn *spawn; struct crypto_alg *alg; int err; - algt = crypto_get_attr_type(tb); - if (IS_ERR(algt)) - return PTR_ERR(algt); - - if ((algt->type ^ CRYPTO_ALG_TYPE_SKCIPHER) & algt->mask) - return -EINVAL; - - inst = kzalloc(sizeof(*inst) + sizeof(*spawn), GFP_KERNEL); - if (!inst) - return -ENOMEM; - - alg = crypto_get_attr_alg(tb, CRYPTO_ALG_TYPE_CIPHER, - CRYPTO_ALG_TYPE_MASK); - err = PTR_ERR(alg); - if (IS_ERR(alg)) - goto err_free_inst; - - spawn = skcipher_instance_ctx(inst); - err = crypto_init_spawn(spawn, alg, skcipher_crypto_instance(inst), - CRYPTO_ALG_TYPE_MASK); - if (err) - goto err_put_alg; - - err = crypto_inst_setname(skcipher_crypto_instance(inst), "pcbc", alg); - if (err) - goto err_drop_spawn; + inst = skcipher_alloc_instance_simple(tmpl, tb, &alg); + if (IS_ERR(inst)) + return PTR_ERR(inst); - inst->alg.base.cra_priority = alg->cra_priority; - inst->alg.base.cra_blocksize = alg->cra_blocksize; - inst->alg.base.cra_alignmask = alg->cra_alignmask; - - inst->alg.ivsize = alg->cra_blocksize; - inst->alg.min_keysize = alg->cra_cipher.cia_min_keysize; - inst->alg.max_keysize = alg->cra_cipher.cia_max_keysize; - - inst->alg.base.cra_ctxsize = sizeof(struct crypto_pcbc_ctx); - - inst->alg.init = crypto_pcbc_init_tfm; - inst->alg.exit = crypto_pcbc_exit_tfm; - - inst->alg.setkey = crypto_pcbc_setkey; inst->alg.encrypt = crypto_pcbc_encrypt; inst->alg.decrypt = crypto_pcbc_decrypt; - inst->free = crypto_pcbc_free; - err = skcipher_register_instance(tmpl, inst); if (err) - goto err_drop_spawn; + inst->free(inst); crypto_mod_put(alg); - -out: return err; - -err_drop_spawn: - crypto_drop_spawn(spawn); -err_put_alg: - crypto_mod_put(alg); -err_free_inst: - kfree(inst); - goto out; } static struct crypto_template crypto_pcbc_tmpl = { @@ -298,5 +195,5 @@ module_init(crypto_pcbc_module_init); module_exit(crypto_pcbc_module_exit); MODULE_LICENSE("GPL"); -MODULE_DESCRIPTION("PCBC block cipher algorithm"); +MODULE_DESCRIPTION("PCBC block cipher mode of operation"); MODULE_ALIAS_CRYPTO("pcbc"); -- cgit From 426bcb50856f61f5883b0e2e7f885ca142e7729c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:23 -0800 Subject: crypto: arc4 - convert to skcipher API Convert the "ecb(arc4)" algorithm from the deprecated "blkcipher" API to the "skcipher" API. (Note that this is really a stream cipher and not a block cipher in ECB mode as the name implies, but that's a problem for another day...) Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/arc4.c | 82 ++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 44 insertions(+), 38 deletions(-) diff --git a/crypto/arc4.c b/crypto/arc4.c index f1a81925558f..652d24399afa 100644 --- a/crypto/arc4.c +++ b/crypto/arc4.c @@ -12,10 +12,10 @@ * */ -#include -#include -#include #include +#include +#include +#include #define ARC4_MIN_KEY_SIZE 1 #define ARC4_MAX_KEY_SIZE 256 @@ -50,6 +50,12 @@ static int arc4_set_key(struct crypto_tfm *tfm, const u8 *in_key, return 0; } +static int arc4_set_key_skcipher(struct crypto_skcipher *tfm, const u8 *in_key, + unsigned int key_len) +{ + return arc4_set_key(&tfm->base, in_key, key_len); +} + static void arc4_crypt(struct arc4_ctx *ctx, u8 *out, const u8 *in, unsigned int len) { @@ -92,30 +98,25 @@ static void arc4_crypt_one(struct crypto_tfm *tfm, u8 *out, const u8 *in) arc4_crypt(crypto_tfm_ctx(tfm), out, in, 1); } -static int ecb_arc4_crypt(struct blkcipher_desc *desc, struct scatterlist *dst, - struct scatterlist *src, unsigned int nbytes) +static int ecb_arc4_crypt(struct skcipher_request *req) { - struct arc4_ctx *ctx = crypto_blkcipher_ctx(desc->tfm); - struct blkcipher_walk walk; + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + struct arc4_ctx *ctx = crypto_skcipher_ctx(tfm); + struct skcipher_walk walk; int err; - blkcipher_walk_init(&walk, dst, src, nbytes); - - err = blkcipher_walk_virt(desc, &walk); + err = skcipher_walk_virt(&walk, req, false); while (walk.nbytes > 0) { - u8 *wsrc = walk.src.virt.addr; - u8 *wdst = walk.dst.virt.addr; - - arc4_crypt(ctx, wdst, wsrc, walk.nbytes); - - err = blkcipher_walk_done(desc, &walk, 0); + arc4_crypt(ctx, walk.dst.virt.addr, walk.src.virt.addr, + walk.nbytes); + err = skcipher_walk_done(&walk, 0); } return err; } -static struct crypto_alg arc4_algs[2] = { { +static struct crypto_alg arc4_cipher = { .cra_name = "arc4", .cra_flags = CRYPTO_ALG_TYPE_CIPHER, .cra_blocksize = ARC4_BLOCK_SIZE, @@ -130,34 +131,39 @@ static struct crypto_alg arc4_algs[2] = { { .cia_decrypt = arc4_crypt_one, }, }, -}, { - .cra_name = "ecb(arc4)", - .cra_priority = 100, - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, - .cra_blocksize = ARC4_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct arc4_ctx), - .cra_alignmask = 0, - .cra_type = &crypto_blkcipher_type, - .cra_module = THIS_MODULE, - .cra_u = { - .blkcipher = { - .min_keysize = ARC4_MIN_KEY_SIZE, - .max_keysize = ARC4_MAX_KEY_SIZE, - .setkey = arc4_set_key, - .encrypt = ecb_arc4_crypt, - .decrypt = ecb_arc4_crypt, - }, - }, -} }; +}; + +static struct skcipher_alg arc4_skcipher = { + .base.cra_name = "ecb(arc4)", + .base.cra_priority = 100, + .base.cra_blocksize = ARC4_BLOCK_SIZE, + .base.cra_ctxsize = sizeof(struct arc4_ctx), + .base.cra_module = THIS_MODULE, + .min_keysize = ARC4_MIN_KEY_SIZE, + .max_keysize = ARC4_MAX_KEY_SIZE, + .setkey = arc4_set_key_skcipher, + .encrypt = ecb_arc4_crypt, + .decrypt = ecb_arc4_crypt, +}; static int __init arc4_init(void) { - return crypto_register_algs(arc4_algs, ARRAY_SIZE(arc4_algs)); + int err; + + err = crypto_register_alg(&arc4_cipher); + if (err) + return err; + + err = crypto_register_skcipher(&arc4_skcipher); + if (err) + crypto_unregister_alg(&arc4_cipher); + return err; } static void __exit arc4_exit(void) { - crypto_unregister_algs(arc4_algs, ARRAY_SIZE(arc4_algs)); + crypto_unregister_alg(&arc4_cipher); + crypto_unregister_skcipher(&arc4_skcipher); } module_init(arc4_init); -- cgit From 31d40c20983fd26a41541be208687fb2fc62fec3 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:24 -0800 Subject: crypto: null - convert ecb-cipher_null to skcipher API Convert the "ecb-cipher_null" algorithm from the deprecated "blkcipher" API to the "skcipher" API. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/crypto_null.c | 57 +++++++++++++++++++++++++++++----------------------- 1 file changed, 32 insertions(+), 25 deletions(-) diff --git a/crypto/crypto_null.c b/crypto/crypto_null.c index 0bae59922a80..01630a9c7e01 100644 --- a/crypto/crypto_null.c +++ b/crypto/crypto_null.c @@ -65,6 +65,10 @@ static int null_hash_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) { return 0; } +static int null_skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, + unsigned int keylen) +{ return 0; } + static int null_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) { return 0; } @@ -74,21 +78,18 @@ static void null_crypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) memcpy(dst, src, NULL_BLOCK_SIZE); } -static int skcipher_null_crypt(struct blkcipher_desc *desc, - struct scatterlist *dst, - struct scatterlist *src, unsigned int nbytes) +static int null_skcipher_crypt(struct skcipher_request *req) { - struct blkcipher_walk walk; + struct skcipher_walk walk; int err; - blkcipher_walk_init(&walk, dst, src, nbytes); - err = blkcipher_walk_virt(desc, &walk); + err = skcipher_walk_virt(&walk, req, false); while (walk.nbytes) { if (walk.src.virt.addr != walk.dst.virt.addr) memcpy(walk.dst.virt.addr, walk.src.virt.addr, walk.nbytes); - err = blkcipher_walk_done(desc, &walk, 0); + err = skcipher_walk_done(&walk, 0); } return err; @@ -109,7 +110,22 @@ static struct shash_alg digest_null = { } }; -static struct crypto_alg null_algs[3] = { { +static struct skcipher_alg skcipher_null = { + .base.cra_name = "ecb(cipher_null)", + .base.cra_driver_name = "ecb-cipher_null", + .base.cra_priority = 100, + .base.cra_blocksize = NULL_BLOCK_SIZE, + .base.cra_ctxsize = 0, + .base.cra_module = THIS_MODULE, + .min_keysize = NULL_KEY_SIZE, + .max_keysize = NULL_KEY_SIZE, + .ivsize = NULL_IV_SIZE, + .setkey = null_skcipher_setkey, + .encrypt = null_skcipher_crypt, + .decrypt = null_skcipher_crypt, +}; + +static struct crypto_alg null_algs[] = { { .cra_name = "cipher_null", .cra_flags = CRYPTO_ALG_TYPE_CIPHER, .cra_blocksize = NULL_BLOCK_SIZE, @@ -121,22 +137,6 @@ static struct crypto_alg null_algs[3] = { { .cia_setkey = null_setkey, .cia_encrypt = null_crypt, .cia_decrypt = null_crypt } } -}, { - .cra_name = "ecb(cipher_null)", - .cra_driver_name = "ecb-cipher_null", - .cra_priority = 100, - .cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER, - .cra_blocksize = NULL_BLOCK_SIZE, - .cra_type = &crypto_blkcipher_type, - .cra_ctxsize = 0, - .cra_module = THIS_MODULE, - .cra_u = { .blkcipher = { - .min_keysize = NULL_KEY_SIZE, - .max_keysize = NULL_KEY_SIZE, - .ivsize = NULL_IV_SIZE, - .setkey = null_setkey, - .encrypt = skcipher_null_crypt, - .decrypt = skcipher_null_crypt } } }, { .cra_name = "compress_null", .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, @@ -199,8 +199,14 @@ static int __init crypto_null_mod_init(void) if (ret < 0) goto out_unregister_algs; + ret = crypto_register_skcipher(&skcipher_null); + if (ret < 0) + goto out_unregister_shash; + return 0; +out_unregister_shash: + crypto_unregister_shash(&digest_null); out_unregister_algs: crypto_unregister_algs(null_algs, ARRAY_SIZE(null_algs)); out: @@ -209,8 +215,9 @@ out: static void __exit crypto_null_mod_fini(void) { - crypto_unregister_shash(&digest_null); crypto_unregister_algs(null_algs, ARRAY_SIZE(null_algs)); + crypto_unregister_shash(&digest_null); + crypto_unregister_skcipher(&skcipher_null); } module_init(crypto_null_mod_init); -- cgit From 14aa1a839a33b4ade7479ffcad8a5fabe5cc4000 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 3 Jan 2019 20:16:25 -0800 Subject: crypto: algapi - remove crypto_alloc_instance() Now that all "blkcipher" templates have been converted to "skcipher", crypto_alloc_instance() is no longer used. And it's not useful any longer as it creates an old-style weakly typed instance rather than a new-style strongly typed instance. So remove it, and now that the name is freed up rename crypto_alloc_instance2() to crypto_alloc_instance(). Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/algapi.c | 33 ++------------------------------- include/crypto/algapi.h | 6 ++---- include/crypto/internal/hash.h | 6 +++--- 3 files changed, 7 insertions(+), 38 deletions(-) diff --git a/crypto/algapi.c b/crypto/algapi.c index 8b65ada33e5d..f3d766312bd9 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -845,8 +845,8 @@ int crypto_inst_setname(struct crypto_instance *inst, const char *name, } EXPORT_SYMBOL_GPL(crypto_inst_setname); -void *crypto_alloc_instance2(const char *name, struct crypto_alg *alg, - unsigned int head) +void *crypto_alloc_instance(const char *name, struct crypto_alg *alg, + unsigned int head) { struct crypto_instance *inst; char *p; @@ -869,35 +869,6 @@ err_free_inst: kfree(p); return ERR_PTR(err); } -EXPORT_SYMBOL_GPL(crypto_alloc_instance2); - -struct crypto_instance *crypto_alloc_instance(const char *name, - struct crypto_alg *alg) -{ - struct crypto_instance *inst; - struct crypto_spawn *spawn; - int err; - - inst = crypto_alloc_instance2(name, alg, 0); - if (IS_ERR(inst)) - goto out; - - spawn = crypto_instance_ctx(inst); - err = crypto_init_spawn(spawn, alg, inst, - CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); - - if (err) - goto err_free_inst; - - return inst; - -err_free_inst: - kfree(inst); - inst = ERR_PTR(err); - -out: - return inst; -} EXPORT_SYMBOL_GPL(crypto_alloc_instance); void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen) diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 4a5ad10e75f0..093869f175d6 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -185,10 +185,8 @@ static inline struct crypto_alg *crypto_attr_alg(struct rtattr *rta, int crypto_attr_u32(struct rtattr *rta, u32 *num); int crypto_inst_setname(struct crypto_instance *inst, const char *name, struct crypto_alg *alg); -void *crypto_alloc_instance2(const char *name, struct crypto_alg *alg, - unsigned int head); -struct crypto_instance *crypto_alloc_instance(const char *name, - struct crypto_alg *alg); +void *crypto_alloc_instance(const char *name, struct crypto_alg *alg, + unsigned int head); void crypto_init_queue(struct crypto_queue *queue, unsigned int max_qlen); int crypto_enqueue_request(struct crypto_queue *queue, diff --git a/include/crypto/internal/hash.h b/include/crypto/internal/hash.h index a0b0ad9d585e..e355fdb642a9 100644 --- a/include/crypto/internal/hash.h +++ b/include/crypto/internal/hash.h @@ -170,7 +170,7 @@ static inline unsigned int ahash_instance_headroom(void) static inline struct ahash_instance *ahash_alloc_instance( const char *name, struct crypto_alg *alg) { - return crypto_alloc_instance2(name, alg, ahash_instance_headroom()); + return crypto_alloc_instance(name, alg, ahash_instance_headroom()); } static inline void ahash_request_complete(struct ahash_request *req, int err) @@ -233,8 +233,8 @@ static inline void *shash_instance_ctx(struct shash_instance *inst) static inline struct shash_instance *shash_alloc_instance( const char *name, struct crypto_alg *alg) { - return crypto_alloc_instance2(name, alg, - sizeof(struct shash_alg) - sizeof(*alg)); + return crypto_alloc_instance(name, alg, + sizeof(struct shash_alg) - sizeof(*alg)); } static inline struct crypto_shash *crypto_spawn_shash( -- cgit From 6b476662b09c393936e0f62c97ad9988d410fd36 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 6 Jan 2019 12:46:06 -0800 Subject: crypto: algapi - reject NULL crypto_spawn::inst It took me a while to notice the bug where the adiantum template left crypto_spawn::inst == NULL, because this only caused problems in certain cases where algorithms are dynamically loaded/unloaded. More improvements are needed, but for now make crypto_init_spawn() reject this case and WARN(), so this type of bug will be noticed immediately in the future. Note: I checked all callers and the adiantum template was the only place that had this wrong. So this WARN shouldn't trigger anymore. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/algapi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/algapi.c b/crypto/algapi.c index f3d766312bd9..713baabeb643 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -608,6 +608,9 @@ int crypto_init_spawn(struct crypto_spawn *spawn, struct crypto_alg *alg, { int err = -EAGAIN; + if (WARN_ON_ONCE(inst == NULL)) + return -EINVAL; + spawn->inst = inst; spawn->mask = mask; -- cgit From 11c8bac9b3877fb8d8b4674f4744c1b5937956ba Mon Sep 17 00:00:00 2001 From: Roy Pledge Date: Mon, 10 Dec 2018 16:50:17 +0000 Subject: soc: fsl: dpio: perform DPIO Reset on Probe Invoke a DPIO reset command when a DPIO device is probed. This will ensure the QBMan portal is in the state the driver expects. Signed-off-by: Roy Pledge Signed-off-by: Li Yang --- drivers/soc/fsl/dpio/dpio-cmd.h | 1 + drivers/soc/fsl/dpio/dpio-driver.c | 7 +++++++ drivers/soc/fsl/dpio/dpio.c | 23 +++++++++++++++++++++++ drivers/soc/fsl/dpio/dpio.h | 4 ++++ 4 files changed, 35 insertions(+) diff --git a/drivers/soc/fsl/dpio/dpio-cmd.h b/drivers/soc/fsl/dpio/dpio-cmd.h index ab8f82ee7ee5..5814d2f395a4 100644 --- a/drivers/soc/fsl/dpio/dpio-cmd.h +++ b/drivers/soc/fsl/dpio/dpio-cmd.h @@ -25,6 +25,7 @@ #define DPIO_CMDID_ENABLE DPIO_CMD(0x002) #define DPIO_CMDID_DISABLE DPIO_CMD(0x003) #define DPIO_CMDID_GET_ATTR DPIO_CMD(0x004) +#define DPIO_CMDID_RESET DPIO_CMD(0x005) struct dpio_cmd_open { __le32 dpio_id; diff --git a/drivers/soc/fsl/dpio/dpio-driver.c b/drivers/soc/fsl/dpio/dpio-driver.c index 832175cac739..38ee9dba1c96 100644 --- a/drivers/soc/fsl/dpio/dpio-driver.c +++ b/drivers/soc/fsl/dpio/dpio-driver.c @@ -110,6 +110,12 @@ static int dpaa2_dpio_probe(struct fsl_mc_device *dpio_dev) goto err_open; } + err = dpio_reset(dpio_dev->mc_io, 0, dpio_dev->mc_handle); + if (err) { + dev_err(dev, "dpio_reset() failed\n"); + goto err_reset; + } + err = dpio_get_attributes(dpio_dev->mc_io, 0, dpio_dev->mc_handle, &dpio_attrs); if (err) { @@ -192,6 +198,7 @@ err_register_dpio_irq: err_allocate_irqs: dpio_disable(dpio_dev->mc_io, 0, dpio_dev->mc_handle); err_get_attr: +err_reset: dpio_close(dpio_dev->mc_io, 0, dpio_dev->mc_handle); err_open: fsl_mc_portal_free(dpio_dev->mc_io); diff --git a/drivers/soc/fsl/dpio/dpio.c b/drivers/soc/fsl/dpio/dpio.c index ff37c80e11a0..521bc6946317 100644 --- a/drivers/soc/fsl/dpio/dpio.c +++ b/drivers/soc/fsl/dpio/dpio.c @@ -196,3 +196,26 @@ int dpio_get_api_version(struct fsl_mc_io *mc_io, return 0; } + +/** + * dpio_reset() - Reset the DPIO, returns the object to initial state. + * @mc_io: Pointer to MC portal's I/O object + * @cmd_flags: Command flags; one or more of 'MC_CMD_FLAG_' + * @token: Token of DPIO object + * + * Return: '0' on Success; Error code otherwise. + */ +int dpio_reset(struct fsl_mc_io *mc_io, + u32 cmd_flags, + u16 token) +{ + struct fsl_mc_command cmd = { 0 }; + + /* prepare command */ + cmd.header = mc_encode_cmd_header(DPIO_CMDID_RESET, + cmd_flags, + token); + + /* send command to mc*/ + return mc_send_command(mc_io, &cmd); +} diff --git a/drivers/soc/fsl/dpio/dpio.h b/drivers/soc/fsl/dpio/dpio.h index 49194c8e45f1..b2ac4ba4fb8e 100644 --- a/drivers/soc/fsl/dpio/dpio.h +++ b/drivers/soc/fsl/dpio/dpio.h @@ -80,4 +80,8 @@ int dpio_get_api_version(struct fsl_mc_io *mc_io, u16 *major_ver, u16 *minor_ver); +int dpio_reset(struct fsl_mc_io *mc_io, + u32 cmd_flags, + u16 token); + #endif /* __FSL_DPIO_H */ -- cgit From 9182ee2840a99d8f3bc7b4332fc93c03c2016fd6 Mon Sep 17 00:00:00 2001 From: Ioana Ciornei Date: Mon, 10 Dec 2018 16:50:17 +0000 Subject: soc: fsl: dpio: keep a per dpio device MC portal At the moment, the dpio-driver allocates an MC portal at probe time and frees it right after usage. The same thing happens on the remove path. This behavior could lead to scenarios where an MC portal is available for use at probing but not longer free on the remove path which could lead to unproper unbind of resources. Change the driver's behavior in such a way that an MC portal is allocated at probe and kept until the DPIO device is removed. This will ensure that at any time after a DPIO device was successfully probed, all its dependencies will be met. Signed-off-by: Ioana Ciornei Signed-off-by: Li Yang --- drivers/soc/fsl/dpio/dpio-driver.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/drivers/soc/fsl/dpio/dpio-driver.c b/drivers/soc/fsl/dpio/dpio-driver.c index 38ee9dba1c96..5286723d4a14 100644 --- a/drivers/soc/fsl/dpio/dpio-driver.c +++ b/drivers/soc/fsl/dpio/dpio-driver.c @@ -187,7 +187,6 @@ static int dpaa2_dpio_probe(struct fsl_mc_device *dpio_dev) dev_dbg(dev, " receives_notifications = %d\n", desc.receives_notifications); dpio_close(dpio_dev->mc_io, 0, dpio_dev->mc_handle); - fsl_mc_portal_free(dpio_dev->mc_io); return 0; @@ -229,12 +228,6 @@ static int dpaa2_dpio_remove(struct fsl_mc_device *dpio_dev) cpu = dpaa2_io_get_cpu(priv->io); cpumask_set_cpu(cpu, cpus_unused_mask); - err = fsl_mc_portal_allocate(dpio_dev, 0, &dpio_dev->mc_io); - if (err) { - dev_err(dev, "MC portal allocation failed\n"); - goto err_mcportal; - } - err = dpio_open(dpio_dev->mc_io, 0, dpio_dev->obj_desc.id, &dpio_dev->mc_handle); if (err) { @@ -252,7 +245,7 @@ static int dpaa2_dpio_remove(struct fsl_mc_device *dpio_dev) err_open: fsl_mc_portal_free(dpio_dev->mc_io); -err_mcportal: + return err; } -- cgit From cf9ff75d15a9bbd625519997c2ca864d1fa80227 Mon Sep 17 00:00:00 2001 From: Ioana Ciornei Date: Mon, 10 Dec 2018 16:50:18 +0000 Subject: soc: fsl: dpio: store a backpointer to the device backing the dpaa2_io Add a new field in the dpaa2_io structure to hold a backpointer to the actual DPIO device. Signed-off-by: Ioana Ciornei Signed-off-by: Li Yang --- drivers/soc/fsl/dpio/dpio-driver.c | 2 +- drivers/soc/fsl/dpio/dpio-service.c | 7 ++++++- include/soc/fsl/dpaa2-io.h | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/drivers/soc/fsl/dpio/dpio-driver.c b/drivers/soc/fsl/dpio/dpio-driver.c index 5286723d4a14..2d4af32a0dec 100644 --- a/drivers/soc/fsl/dpio/dpio-driver.c +++ b/drivers/soc/fsl/dpio/dpio-driver.c @@ -176,7 +176,7 @@ static int dpaa2_dpio_probe(struct fsl_mc_device *dpio_dev) if (err) goto err_register_dpio_irq; - priv->io = dpaa2_io_create(&desc); + priv->io = dpaa2_io_create(&desc, dev); if (!priv->io) { dev_err(dev, "dpaa2_io_create failed\n"); err = -ENOMEM; diff --git a/drivers/soc/fsl/dpio/dpio-service.c b/drivers/soc/fsl/dpio/dpio-service.c index c02bfb18a1f0..52d800aa4774 100644 --- a/drivers/soc/fsl/dpio/dpio-service.c +++ b/drivers/soc/fsl/dpio/dpio-service.c @@ -27,6 +27,7 @@ struct dpaa2_io { /* protect notifications list */ spinlock_t lock_notifications; struct list_head notifications; + struct device *dev; }; struct dpaa2_io_store { @@ -98,13 +99,15 @@ EXPORT_SYMBOL_GPL(dpaa2_io_service_select); /** * dpaa2_io_create() - create a dpaa2_io object. * @desc: the dpaa2_io descriptor + * @dev: the actual DPIO device * * Activates a "struct dpaa2_io" corresponding to the given config of an actual * DPIO object. * * Return a valid dpaa2_io object for success, or NULL for failure. */ -struct dpaa2_io *dpaa2_io_create(const struct dpaa2_io_desc *desc) +struct dpaa2_io *dpaa2_io_create(const struct dpaa2_io_desc *desc, + struct device *dev) { struct dpaa2_io *obj = kmalloc(sizeof(*obj), GFP_KERNEL); @@ -146,6 +149,8 @@ struct dpaa2_io *dpaa2_io_create(const struct dpaa2_io_desc *desc) dpio_by_cpu[desc->cpu] = obj; spin_unlock(&dpio_list_lock); + obj->dev = dev; + return obj; } diff --git a/include/soc/fsl/dpaa2-io.h b/include/soc/fsl/dpaa2-io.h index 243119c53cdf..e252066d1f43 100644 --- a/include/soc/fsl/dpaa2-io.h +++ b/include/soc/fsl/dpaa2-io.h @@ -57,7 +57,8 @@ struct dpaa2_io_desc { u32 qman_version; }; -struct dpaa2_io *dpaa2_io_create(const struct dpaa2_io_desc *desc); +struct dpaa2_io *dpaa2_io_create(const struct dpaa2_io_desc *desc, + struct device *dev); void dpaa2_io_down(struct dpaa2_io *d); -- cgit From 47441f7f73b7cf0c2d6e7d6372f026ea81193fd6 Mon Sep 17 00:00:00 2001 From: Ioana Ciornei Date: Mon, 10 Dec 2018 16:50:19 +0000 Subject: soc: fsl: dpio: add a device_link at dpaa2_io_service_register Automatically add a device link between the actual device requesting the dpaa2_io_service_register and the underlying dpaa2_io used. This link will ensure that when a DPIO device, which is indirectly used by other devices, is unbound any consumer devices will be also unbound from their drivers. For example, any DPNI, bound to the dpaa2-eth driver, which is using DPIO devices will be unbound before its supplier device. Also, add a new parameter to the dpaa2_io_service_[de]register functions to specify the requesting device (ie the consumer). Signed-off-by: Ioana Ciornei Reviewed-by: Horia Geanta Reviewed-by: Ioana Radulescu Signed-off-by: Li Yang --- drivers/crypto/caam/caamalg_qi2.c | 6 +++--- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 9 +++++---- drivers/soc/fsl/dpio/dpio-service.c | 16 ++++++++++++++-- include/soc/fsl/dpaa2-io.h | 6 ++++-- 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 425d5d974613..77f4c0045de2 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -4503,7 +4503,7 @@ static int __cold dpaa2_dpseci_dpio_setup(struct dpaa2_caam_priv *priv) nctx->cb = dpaa2_caam_fqdan_cb; /* Register notification callbacks */ - err = dpaa2_io_service_register(NULL, nctx); + err = dpaa2_io_service_register(NULL, nctx, dev); if (unlikely(err)) { dev_dbg(dev, "No affine DPIO for cpu %d\n", cpu); nctx->cb = NULL; @@ -4536,7 +4536,7 @@ err: ppriv = per_cpu_ptr(priv->ppriv, cpu); if (!ppriv->nctx.cb) break; - dpaa2_io_service_deregister(NULL, &ppriv->nctx); + dpaa2_io_service_deregister(NULL, &ppriv->nctx, dev); } for_each_online_cpu(cpu) { @@ -4556,7 +4556,7 @@ static void __cold dpaa2_dpseci_dpio_free(struct dpaa2_caam_priv *priv) for_each_online_cpu(cpu) { ppriv = per_cpu_ptr(priv->ppriv, cpu); - dpaa2_io_service_deregister(NULL, &ppriv->nctx); + dpaa2_io_service_deregister(NULL, &ppriv->nctx, priv->dev); dpaa2_io_store_destroy(ppriv->store); if (++i == priv->num_pairs) diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c index 1ca9a18139ec..c500ea77aaa0 100644 --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c @@ -1902,7 +1902,7 @@ static int setup_dpio(struct dpaa2_eth_priv *priv) /* Register the new context */ channel->dpio = dpaa2_io_service_select(i); - err = dpaa2_io_service_register(channel->dpio, nctx); + err = dpaa2_io_service_register(channel->dpio, nctx, dev); if (err) { dev_dbg(dev, "No affine DPIO for cpu %d\n", i); /* If no affine DPIO for this core, there's probably @@ -1942,7 +1942,7 @@ static int setup_dpio(struct dpaa2_eth_priv *priv) return 0; err_set_cdan: - dpaa2_io_service_deregister(channel->dpio, nctx); + dpaa2_io_service_deregister(channel->dpio, nctx, dev); err_service_reg: free_channel(priv, channel); err_alloc_ch: @@ -1962,13 +1962,14 @@ err_alloc_ch: static void free_dpio(struct dpaa2_eth_priv *priv) { - int i; + struct device *dev = priv->net_dev->dev.parent; struct dpaa2_eth_channel *ch; + int i; /* deregister CDAN notifications and free channels */ for (i = 0; i < priv->num_channels; i++) { ch = priv->channel[i]; - dpaa2_io_service_deregister(ch->dpio, &ch->nctx); + dpaa2_io_service_deregister(ch->dpio, &ch->nctx, dev); free_channel(priv, ch); } } diff --git a/drivers/soc/fsl/dpio/dpio-service.c b/drivers/soc/fsl/dpio/dpio-service.c index 52d800aa4774..bc801934602a 100644 --- a/drivers/soc/fsl/dpio/dpio-service.c +++ b/drivers/soc/fsl/dpio/dpio-service.c @@ -237,6 +237,7 @@ EXPORT_SYMBOL(dpaa2_io_get_cpu); * notifications on the given DPIO service. * @d: the given DPIO service. * @ctx: the notification context. + * @dev: the device that requests the register * * The caller should make the MC command to attach a DPAA2 object to * a DPIO after this function completes successfully. In that way: @@ -251,14 +252,20 @@ EXPORT_SYMBOL(dpaa2_io_get_cpu); * Return 0 for success, or -ENODEV for failure. */ int dpaa2_io_service_register(struct dpaa2_io *d, - struct dpaa2_io_notification_ctx *ctx) + struct dpaa2_io_notification_ctx *ctx, + struct device *dev) { + struct device_link *link; unsigned long irqflags; d = service_select_by_cpu(d, ctx->desired_cpu); if (!d) return -ENODEV; + link = device_link_add(dev, d->dev, DL_FLAG_AUTOREMOVE_CONSUMER); + if (!link) + return -EINVAL; + ctx->dpio_id = d->dpio_desc.dpio_id; ctx->qman64 = (u64)(uintptr_t)ctx; ctx->dpio_private = d; @@ -279,12 +286,14 @@ EXPORT_SYMBOL_GPL(dpaa2_io_service_register); * dpaa2_io_service_deregister - The opposite of 'register'. * @service: the given DPIO service. * @ctx: the notification context. + * @dev: the device that requests to be deregistered * * This function should be called only after sending the MC command to * to detach the notification-producing device from the DPIO. */ void dpaa2_io_service_deregister(struct dpaa2_io *service, - struct dpaa2_io_notification_ctx *ctx) + struct dpaa2_io_notification_ctx *ctx, + struct device *dev) { struct dpaa2_io *d = ctx->dpio_private; unsigned long irqflags; @@ -295,6 +304,9 @@ void dpaa2_io_service_deregister(struct dpaa2_io *service, spin_lock_irqsave(&d->lock_notifications, irqflags); list_del(&ctx->node); spin_unlock_irqrestore(&d->lock_notifications, irqflags); + + if (dev) + device_link_remove(dev, d->dev); } EXPORT_SYMBOL_GPL(dpaa2_io_service_deregister); diff --git a/include/soc/fsl/dpaa2-io.h b/include/soc/fsl/dpaa2-io.h index e252066d1f43..3447fd10a3e6 100644 --- a/include/soc/fsl/dpaa2-io.h +++ b/include/soc/fsl/dpaa2-io.h @@ -94,9 +94,11 @@ struct dpaa2_io_notification_ctx { int dpaa2_io_get_cpu(struct dpaa2_io *d); int dpaa2_io_service_register(struct dpaa2_io *service, - struct dpaa2_io_notification_ctx *ctx); + struct dpaa2_io_notification_ctx *ctx, + struct device *dev); void dpaa2_io_service_deregister(struct dpaa2_io *service, - struct dpaa2_io_notification_ctx *ctx); + struct dpaa2_io_notification_ctx *ctx, + struct device *dev); int dpaa2_io_service_rearm(struct dpaa2_io *service, struct dpaa2_io_notification_ctx *ctx); -- cgit From afb77422819ff60612e9b7d36461b9b2bc8e038e Mon Sep 17 00:00:00 2001 From: Ioana Ciornei Date: Mon, 10 Dec 2018 16:50:19 +0000 Subject: bus: fsl-mc: automatically add a device_link on fsl_mc_[portal,object]_allocate Allocatable devices can be acquired by drivers on the fsl-mc bus using the fsl_mc_portal_allocate or fsl_mc_object_allocate functions. Add a device link between the consumer device and the supplier device so that proper resource management is achieved. Also, adding a link between these devices ensures that a proper unbind order is respected (ie before the supplier device is unbound from its respective driver all consumer devices will be notified and unbound first). Signed-off-by: Ioana Ciornei Reviewed-by: Laurentiu Tudor Signed-off-by: Li Yang --- drivers/bus/fsl-mc/fsl-mc-allocator.c | 11 +++++++++++ drivers/bus/fsl-mc/mc-io.c | 13 +++++++++++++ include/linux/fsl/mc.h | 1 + 3 files changed, 25 insertions(+) diff --git a/drivers/bus/fsl-mc/fsl-mc-allocator.c b/drivers/bus/fsl-mc/fsl-mc-allocator.c index e906ecfe23dd..8ad77246f322 100644 --- a/drivers/bus/fsl-mc/fsl-mc-allocator.c +++ b/drivers/bus/fsl-mc/fsl-mc-allocator.c @@ -295,6 +295,14 @@ int __must_check fsl_mc_object_allocate(struct fsl_mc_device *mc_dev, if (!mc_adev) goto error; + mc_adev->consumer_link = device_link_add(&mc_dev->dev, + &mc_adev->dev, + DL_FLAG_AUTOREMOVE_CONSUMER); + if (!mc_adev->consumer_link) { + error = -EINVAL; + goto error; + } + *new_mc_adev = mc_adev; return 0; error: @@ -321,6 +329,9 @@ void fsl_mc_object_free(struct fsl_mc_device *mc_adev) return; fsl_mc_resource_free(resource); + + device_link_del(mc_adev->consumer_link); + mc_adev->consumer_link = NULL; } EXPORT_SYMBOL_GPL(fsl_mc_object_free); diff --git a/drivers/bus/fsl-mc/mc-io.c b/drivers/bus/fsl-mc/mc-io.c index 7226cfc49b6f..3ae574a58cce 100644 --- a/drivers/bus/fsl-mc/mc-io.c +++ b/drivers/bus/fsl-mc/mc-io.c @@ -209,9 +209,19 @@ int __must_check fsl_mc_portal_allocate(struct fsl_mc_device *mc_dev, if (error < 0) goto error_cleanup_resource; + dpmcp_dev->consumer_link = device_link_add(&mc_dev->dev, + &dpmcp_dev->dev, + DL_FLAG_AUTOREMOVE_CONSUMER); + if (!dpmcp_dev->consumer_link) { + error = -EINVAL; + goto error_cleanup_mc_io; + } + *new_mc_io = mc_io; return 0; +error_cleanup_mc_io: + fsl_destroy_mc_io(mc_io); error_cleanup_resource: fsl_mc_resource_free(resource); return error; @@ -244,6 +254,9 @@ void fsl_mc_portal_free(struct fsl_mc_io *mc_io) fsl_destroy_mc_io(mc_io); fsl_mc_resource_free(resource); + + device_link_del(dpmcp_dev->consumer_link); + dpmcp_dev->consumer_link = NULL; } EXPORT_SYMBOL_GPL(fsl_mc_portal_free); diff --git a/include/linux/fsl/mc.h b/include/linux/fsl/mc.h index 741f567253ef..975553a9f75d 100644 --- a/include/linux/fsl/mc.h +++ b/include/linux/fsl/mc.h @@ -193,6 +193,7 @@ struct fsl_mc_device { struct resource *regions; struct fsl_mc_device_irq **irqs; struct fsl_mc_resource *resource; + struct device_link *consumer_link; }; #define to_fsl_mc_device(_dev) \ -- cgit From ba7d7433a0e998c902132bd47330e355a1eaa894 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 6 Jan 2019 18:47:42 -0800 Subject: crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails Some algorithms have a ->setkey() method that is not atomic, in the sense that setting a key can fail after changes were already made to the tfm context. In this case, if a key was already set the tfm can end up in a state that corresponds to neither the old key nor the new key. It's not feasible to make all ->setkey() methods atomic, especially ones that have to key multiple sub-tfms. Therefore, make the crypto API set CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a key, to prevent the tfm from being used until a new key is set. Note: we can't set CRYPTO_TFM_NEED_KEY for OPTIONAL_KEY algorithms, so ->setkey() for those must nevertheless be atomic. That's fine for now since only the crc32 and crc32c algorithms set OPTIONAL_KEY, and it's not intended that OPTIONAL_KEY be used much. [Cc stable mainly because when introducing the NEED_KEY flag I changed AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG previously didn't have this problem. So these "incompletely keyed" states became theoretically accessible via AF_ALG -- though, the opportunities for causing real mischief seem pretty limited.] Fixes: 9fa68f620041 ("crypto: hash - prevent using keyed hashes without setting key") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ahash.c | 28 +++++++++++++++++++--------- crypto/shash.c | 18 +++++++++++++----- 2 files changed, 32 insertions(+), 14 deletions(-) diff --git a/crypto/ahash.c b/crypto/ahash.c index 5d320a811f75..ca0d3e281fef 100644 --- a/crypto/ahash.c +++ b/crypto/ahash.c @@ -190,6 +190,21 @@ static int ahash_setkey_unaligned(struct crypto_ahash *tfm, const u8 *key, return ret; } +static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key, + unsigned int keylen) +{ + return -ENOSYS; +} + +static void ahash_set_needkey(struct crypto_ahash *tfm) +{ + const struct hash_alg_common *alg = crypto_hash_alg_common(tfm); + + if (tfm->setkey != ahash_nosetkey && + !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) + crypto_ahash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); +} + int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, unsigned int keylen) { @@ -201,20 +216,16 @@ int crypto_ahash_setkey(struct crypto_ahash *tfm, const u8 *key, else err = tfm->setkey(tfm, key, keylen); - if (err) + if (unlikely(err)) { + ahash_set_needkey(tfm); return err; + } crypto_ahash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0; } EXPORT_SYMBOL_GPL(crypto_ahash_setkey); -static int ahash_nosetkey(struct crypto_ahash *tfm, const u8 *key, - unsigned int keylen) -{ - return -ENOSYS; -} - static inline unsigned int ahash_align_buffer_size(unsigned len, unsigned long mask) { @@ -489,8 +500,7 @@ static int crypto_ahash_init_tfm(struct crypto_tfm *tfm) if (alg->setkey) { hash->setkey = alg->setkey; - if (!(alg->halg.base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) - crypto_ahash_set_flags(hash, CRYPTO_TFM_NEED_KEY); + ahash_set_needkey(hash); } return 0; diff --git a/crypto/shash.c b/crypto/shash.c index 44d297b82a8f..40311ccad3fa 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -53,6 +53,13 @@ static int shash_setkey_unaligned(struct crypto_shash *tfm, const u8 *key, return err; } +static void shash_set_needkey(struct crypto_shash *tfm, struct shash_alg *alg) +{ + if (crypto_shash_alg_has_setkey(alg) && + !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) + crypto_shash_set_flags(tfm, CRYPTO_TFM_NEED_KEY); +} + int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, unsigned int keylen) { @@ -65,8 +72,10 @@ int crypto_shash_setkey(struct crypto_shash *tfm, const u8 *key, else err = shash->setkey(tfm, key, keylen); - if (err) + if (unlikely(err)) { + shash_set_needkey(tfm, shash); return err; + } crypto_shash_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0; @@ -373,7 +382,8 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) crt->final = shash_async_final; crt->finup = shash_async_finup; crt->digest = shash_async_digest; - crt->setkey = shash_async_setkey; + if (crypto_shash_alg_has_setkey(alg)) + crt->setkey = shash_async_setkey; crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) & CRYPTO_TFM_NEED_KEY); @@ -395,9 +405,7 @@ static int crypto_shash_init_tfm(struct crypto_tfm *tfm) hash->descsize = alg->descsize; - if (crypto_shash_alg_has_setkey(alg) && - !(alg->base.cra_flags & CRYPTO_ALG_OPTIONAL_KEY)) - crypto_shash_set_flags(hash, CRYPTO_TFM_NEED_KEY); + shash_set_needkey(hash, alg); return 0; } -- cgit From b1f6b4bf416b49f00f3abc49c639371cdecaaad1 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 6 Jan 2019 18:47:43 -0800 Subject: crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails Some algorithms have a ->setkey() method that is not atomic, in the sense that setting a key can fail after changes were already made to the tfm context. In this case, if a key was already set the tfm can end up in a state that corresponds to neither the old key nor the new key. For example, in lrw.c, if gf128mul_init_64k_bbe() fails due to lack of memory, then priv::table will be left NULL. After that, encryption with that tfm will cause a NULL pointer dereference. It's not feasible to make all ->setkey() methods atomic, especially ones that have to key multiple sub-tfms. Therefore, make the crypto API set CRYPTO_TFM_NEED_KEY if ->setkey() fails and the algorithm requires a key, to prevent the tfm from being used until a new key is set. [Cc stable mainly because when introducing the NEED_KEY flag I changed AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG previously didn't have this problem. So these "incompletely keyed" states became theoretically accessible via AF_ALG -- though, the opportunities for causing real mischief seem pretty limited.] Fixes: f8d33fac8480 ("crypto: skcipher - prevent using skciphers without setting key") Cc: # v4.16+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/skcipher.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/crypto/skcipher.c b/crypto/skcipher.c index 040ae6377b32..bcf13d95f54a 100644 --- a/crypto/skcipher.c +++ b/crypto/skcipher.c @@ -585,6 +585,12 @@ static unsigned int crypto_skcipher_extsize(struct crypto_alg *alg) return crypto_alg_extsize(alg); } +static void skcipher_set_needkey(struct crypto_skcipher *tfm) +{ + if (tfm->keysize) + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_NEED_KEY); +} + static int skcipher_setkey_blkcipher(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) { @@ -598,8 +604,10 @@ static int skcipher_setkey_blkcipher(struct crypto_skcipher *tfm, err = crypto_blkcipher_setkey(blkcipher, key, keylen); crypto_skcipher_set_flags(tfm, crypto_blkcipher_get_flags(blkcipher) & CRYPTO_TFM_RES_MASK); - if (err) + if (unlikely(err)) { + skcipher_set_needkey(tfm); return err; + } crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0; @@ -677,8 +685,7 @@ static int crypto_init_skcipher_ops_blkcipher(struct crypto_tfm *tfm) skcipher->ivsize = crypto_blkcipher_ivsize(blkcipher); skcipher->keysize = calg->cra_blkcipher.max_keysize; - if (skcipher->keysize) - crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY); + skcipher_set_needkey(skcipher); return 0; } @@ -698,8 +705,10 @@ static int skcipher_setkey_ablkcipher(struct crypto_skcipher *tfm, crypto_skcipher_set_flags(tfm, crypto_ablkcipher_get_flags(ablkcipher) & CRYPTO_TFM_RES_MASK); - if (err) + if (unlikely(err)) { + skcipher_set_needkey(tfm); return err; + } crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0; @@ -776,8 +785,7 @@ static int crypto_init_skcipher_ops_ablkcipher(struct crypto_tfm *tfm) sizeof(struct ablkcipher_request); skcipher->keysize = calg->cra_ablkcipher.max_keysize; - if (skcipher->keysize) - crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY); + skcipher_set_needkey(skcipher); return 0; } @@ -820,8 +828,10 @@ static int skcipher_setkey(struct crypto_skcipher *tfm, const u8 *key, else err = cipher->setkey(tfm, key, keylen); - if (err) + if (unlikely(err)) { + skcipher_set_needkey(tfm); return err; + } crypto_skcipher_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0; @@ -852,8 +862,7 @@ static int crypto_skcipher_init_tfm(struct crypto_tfm *tfm) skcipher->ivsize = alg->ivsize; skcipher->keysize = alg->max_keysize; - if (skcipher->keysize) - crypto_skcipher_set_flags(skcipher, CRYPTO_TFM_NEED_KEY); + skcipher_set_needkey(skcipher); if (alg->exit) skcipher->base.exit = crypto_skcipher_exit_tfm; -- cgit From 6ebc97006b196aafa9df0497fdfa866cf26f259b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 6 Jan 2019 18:47:44 -0800 Subject: crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails Some algorithms have a ->setkey() method that is not atomic, in the sense that setting a key can fail after changes were already made to the tfm context. In this case, if a key was already set the tfm can end up in a state that corresponds to neither the old key nor the new key. For example, in gcm.c, if the kzalloc() fails due to lack of memory, then the CTR part of GCM will have the new key but GHASH will not. It's not feasible to make all ->setkey() methods atomic, especially ones that have to key multiple sub-tfms. Therefore, make the crypto API set CRYPTO_TFM_NEED_KEY if ->setkey() fails, to prevent the tfm from being used until a new key is set. [Cc stable mainly because when introducing the NEED_KEY flag I changed AF_ALG to rely on it; and unlike in-kernel crypto API users, AF_ALG previously didn't have this problem. So these "incompletely keyed" states became theoretically accessible via AF_ALG -- though, the opportunities for causing real mischief seem pretty limited.] Fixes: dc26c17f743a ("crypto: aead - prevent using AEADs without setting key") Cc: # v4.16+ Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/aead.c b/crypto/aead.c index 189c52d1f63a..4908b5e846f0 100644 --- a/crypto/aead.c +++ b/crypto/aead.c @@ -61,8 +61,10 @@ int crypto_aead_setkey(struct crypto_aead *tfm, else err = crypto_aead_alg(tfm)->setkey(tfm, key, keylen); - if (err) + if (unlikely(err)) { + crypto_aead_set_flags(tfm, CRYPTO_TFM_NEED_KEY); return err; + } crypto_aead_clear_flags(tfm, CRYPTO_TFM_NEED_KEY); return 0; -- cgit From 41a2e94f8157ab52ab36805cfd56cc8dbd08dd39 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 6 Jan 2019 19:07:20 -0800 Subject: crypto: shash - require neither or both ->export() and ->import() Prevent registering shash algorithms that implement ->export() but not ->import(), or ->import() but not ->export(). Such cases don't make sense and could confuse the check that shash_prepare_alg() does for just ->export(). I don't believe this affects any existing algorithms; this is just preventing future mistakes. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/shash.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/crypto/shash.c b/crypto/shash.c index 40311ccad3fa..2bffdecf1f83 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -472,6 +472,9 @@ static int shash_prepare_alg(struct shash_alg *alg) alg->statesize > HASH_MAX_STATESIZE) return -EINVAL; + if ((alg->export && !alg->import) || (alg->import && !alg->export)) + return -EINVAL; + base->cra_type = &crypto_shash_type; base->cra_flags &= ~CRYPTO_ALG_TYPE_MASK; base->cra_flags |= CRYPTO_ALG_TYPE_SHASH; -- cgit From 2b091e32a2d357beb9ffe283c696eec104729c2a Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 6 Jan 2019 19:08:01 -0800 Subject: crypto: shash - remove pointless checks of shash_alg::{export,import} crypto_init_shash_ops_async() only gives the ahash tfm non-NULL ->export() and ->import() if the underlying shash alg has these non-NULL. This doesn't make sense because when an shash algorithm is registered, shash_prepare_alg() sets a default ->export() and ->import() if the implementor didn't provide them. And elsewhere it's assumed that all shash algs and ahash tfms have non-NULL ->export() and ->import(). Therefore, remove these unnecessary, always-true conditions. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/shash.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/crypto/shash.c b/crypto/shash.c index 2bffdecf1f83..15b369c4745f 100644 --- a/crypto/shash.c +++ b/crypto/shash.c @@ -388,10 +388,8 @@ int crypto_init_shash_ops_async(struct crypto_tfm *tfm) crypto_ahash_set_flags(crt, crypto_shash_get_flags(shash) & CRYPTO_TFM_NEED_KEY); - if (alg->export) - crt->export = shash_async_export; - if (alg->import) - crt->import = shash_async_import; + crt->export = shash_async_export; + crt->import = shash_async_import; crt->reqsize = sizeof(struct shash_desc) + crypto_shash_descsize(shash); -- cgit From 0507de9404992edafa3d1d86450a37d6a726399d Mon Sep 17 00:00:00 2001 From: Vitaly Chikunov Date: Mon, 7 Jan 2019 20:54:27 +0300 Subject: crypto: testmgr - split akcipher tests by a key type Before this, if akcipher_testvec have `public_key_vec' set to true (i.e. having a public key) only sign/encrypt test is performed, but verify/decrypt test is skipped. With a public key we could do encrypt and verify, but to sign and decrypt a private key is required. This logic is correct for encrypt/decrypt tests (decrypt is skipped if no private key). But incorrect for sign/verify tests - sign is performed no matter if there is no private key, but verify is skipped if there is a public key. Rework `test_akcipher_one' to arrange tests properly depending on value of `public_key_vec` and `siggen_sigver_test'. No tests were missed since there is only one sign/verify test (which have `siggen_sigver_test' set to true) and it has a private key, but future tests could benefit from this improvement. Signed-off-by: Vitaly Chikunov Signed-off-by: Herbert Xu --- crypto/testmgr.c | 86 +++++++++++++++++++++++++++++++++++++------------------- 1 file changed, 57 insertions(+), 29 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 0f684a414acb..1ce53f8058d2 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2238,6 +2238,9 @@ static int test_akcipher_one(struct crypto_akcipher *tfm, unsigned int out_len_max, out_len = 0; int err = -ENOMEM; struct scatterlist src, dst, src_tab[2]; + const char *m, *c; + unsigned int m_size, c_size; + const char *op; if (testmgr_alloc_buf(xbuf)) return err; @@ -2259,46 +2262,72 @@ static int test_akcipher_one(struct crypto_akcipher *tfm, err = -ENOMEM; out_len_max = crypto_akcipher_maxsize(tfm); + + /* + * First run test which do not require a private key, such as + * encrypt or verify. + */ outbuf_enc = kzalloc(out_len_max, GFP_KERNEL); if (!outbuf_enc) goto free_req; - if (WARN_ON(vecs->m_size > PAGE_SIZE)) - goto free_all; + if (!vecs->siggen_sigver_test) { + m = vecs->m; + m_size = vecs->m_size; + c = vecs->c; + c_size = vecs->c_size; + op = "encrypt"; + } else { + /* Swap args so we could keep plaintext (digest) + * in vecs->m, and cooked signature in vecs->c. + */ + m = vecs->c; /* signature */ + m_size = vecs->c_size; + c = vecs->m; /* digest */ + c_size = vecs->m_size; + op = "verify"; + } - memcpy(xbuf[0], vecs->m, vecs->m_size); + if (WARN_ON(m_size > PAGE_SIZE)) + goto free_all; + memcpy(xbuf[0], m, m_size); sg_init_table(src_tab, 2); sg_set_buf(&src_tab[0], xbuf[0], 8); - sg_set_buf(&src_tab[1], xbuf[0] + 8, vecs->m_size - 8); + sg_set_buf(&src_tab[1], xbuf[0] + 8, m_size - 8); sg_init_one(&dst, outbuf_enc, out_len_max); - akcipher_request_set_crypt(req, src_tab, &dst, vecs->m_size, + akcipher_request_set_crypt(req, src_tab, &dst, m_size, out_len_max); akcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, crypto_req_done, &wait); err = crypto_wait_req(vecs->siggen_sigver_test ? - /* Run asymmetric signature generation */ - crypto_akcipher_sign(req) : + /* Run asymmetric signature verification */ + crypto_akcipher_verify(req) : /* Run asymmetric encrypt */ crypto_akcipher_encrypt(req), &wait); if (err) { - pr_err("alg: akcipher: encrypt test failed. err %d\n", err); + pr_err("alg: akcipher: %s test failed. err %d\n", op, err); goto free_all; } - if (req->dst_len != vecs->c_size) { - pr_err("alg: akcipher: encrypt test failed. Invalid output len\n"); + if (req->dst_len != c_size) { + pr_err("alg: akcipher: %s test failed. Invalid output len\n", + op); err = -EINVAL; goto free_all; } /* verify that encrypted message is equal to expected */ - if (memcmp(vecs->c, outbuf_enc, vecs->c_size)) { - pr_err("alg: akcipher: encrypt test failed. Invalid output\n"); - hexdump(outbuf_enc, vecs->c_size); + if (memcmp(c, outbuf_enc, c_size)) { + pr_err("alg: akcipher: %s test failed. Invalid output\n", op); + hexdump(outbuf_enc, c_size); err = -EINVAL; goto free_all; } - /* Don't invoke decrypt for vectors with public key */ + + /* + * Don't invoke (decrypt or sign) test which require a private key + * for vectors with only a public key. + */ if (vecs->public_key_vec) { err = 0; goto free_all; @@ -2309,37 +2338,36 @@ static int test_akcipher_one(struct crypto_akcipher *tfm, goto free_all; } - if (WARN_ON(vecs->c_size > PAGE_SIZE)) + op = vecs->siggen_sigver_test ? "sign" : "decrypt"; + if (WARN_ON(c_size > PAGE_SIZE)) goto free_all; + memcpy(xbuf[0], c, c_size); - memcpy(xbuf[0], vecs->c, vecs->c_size); - - sg_init_one(&src, xbuf[0], vecs->c_size); + sg_init_one(&src, xbuf[0], c_size); sg_init_one(&dst, outbuf_dec, out_len_max); crypto_init_wait(&wait); - akcipher_request_set_crypt(req, &src, &dst, vecs->c_size, out_len_max); + akcipher_request_set_crypt(req, &src, &dst, c_size, out_len_max); err = crypto_wait_req(vecs->siggen_sigver_test ? - /* Run asymmetric signature verification */ - crypto_akcipher_verify(req) : + /* Run asymmetric signature generation */ + crypto_akcipher_sign(req) : /* Run asymmetric decrypt */ crypto_akcipher_decrypt(req), &wait); if (err) { - pr_err("alg: akcipher: decrypt test failed. err %d\n", err); + pr_err("alg: akcipher: %s test failed. err %d\n", op, err); goto free_all; } out_len = req->dst_len; - if (out_len < vecs->m_size) { - pr_err("alg: akcipher: decrypt test failed. " - "Invalid output len %u\n", out_len); + if (out_len < m_size) { + pr_err("alg: akcipher: %s test failed. Invalid output len %u\n", + op, out_len); err = -EINVAL; goto free_all; } /* verify that decrypted message is equal to the original msg */ - if (memchr_inv(outbuf_dec, 0, out_len - vecs->m_size) || - memcmp(vecs->m, outbuf_dec + out_len - vecs->m_size, - vecs->m_size)) { - pr_err("alg: akcipher: decrypt test failed. Invalid output\n"); + if (memchr_inv(outbuf_dec, 0, out_len - m_size) || + memcmp(m, outbuf_dec + out_len - m_size, m_size)) { + pr_err("alg: akcipher: %s test failed. Invalid output\n", op); hexdump(outbuf_dec, out_len); err = -EINVAL; } -- cgit From 707d0cf8f7cff6dfee9197002859912310532c4f Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Wed, 9 Jan 2019 06:11:18 +0000 Subject: crypto: brcm - Fix some set-but-not-used warning Fixes gcc '-Wunused-but-set-variable' warning: drivers/crypto/bcm/cipher.c: In function 'handle_ahash_req': drivers/crypto/bcm/cipher.c:720:15: warning: variable 'chunk_start' set but not used [-Wunused-but-set-variable] drivers/crypto/bcm/cipher.c: In function 'spu_rx_callback': drivers/crypto/bcm/cipher.c:1679:31: warning: variable 'areq' set but not used [-Wunused-but-set-variable] drivers/crypto/bcm/cipher.c:1678:22: warning: variable 'ctx' set but not used [-Wunused-but-set-variable] Fixes: 9d12ba86f818 ("crypto: brcm - Add Broadcom SPU driver") Signed-off-by: YueHaibing Reviewed-by: Raveendra Padasalagi Signed-off-by: Herbert Xu --- drivers/crypto/bcm/cipher.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c index 5567cbda2798..2099d7bcfd44 100644 --- a/drivers/crypto/bcm/cipher.c +++ b/drivers/crypto/bcm/cipher.c @@ -717,7 +717,7 @@ static int handle_ahash_req(struct iproc_reqctx_s *rctx) */ unsigned int new_data_len; - unsigned int chunk_start = 0; + unsigned int __maybe_unused chunk_start = 0; u32 db_size; /* Length of data field, incl gcm and hash padding */ int pad_len = 0; /* total pad len, including gcm, hash, stat padding */ u32 data_pad_len = 0; /* length of GCM/CCM padding */ @@ -1675,8 +1675,6 @@ static void spu_rx_callback(struct mbox_client *cl, void *msg) struct spu_hw *spu = &iproc_priv.spu; struct brcm_message *mssg = msg; struct iproc_reqctx_s *rctx; - struct iproc_ctx_s *ctx; - struct crypto_async_request *areq; int err = 0; rctx = mssg->ctx; @@ -1686,8 +1684,6 @@ static void spu_rx_callback(struct mbox_client *cl, void *msg) err = -EFAULT; goto cb_finish; } - areq = rctx->parent; - ctx = rctx->ctx; /* process the SPU status */ err = spu->spu_status_process(rctx->msg_buf.rx_stat); -- cgit From 18666550f4c51e331551682d358dcfe3aca76a37 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:52 -0800 Subject: crypto: gcm - use correct endianness type in gcm_hash_len() In gcm_hash_len(), use be128 rather than u128. This fixes the following sparse warnings: crypto/gcm.c:252:19: warning: incorrect type in assignment (different base types) crypto/gcm.c:252:19: expected unsigned long long [usertype] a crypto/gcm.c:252:19: got restricted __be64 [usertype] crypto/gcm.c:253:19: warning: incorrect type in assignment (different base types) crypto/gcm.c:253:19: expected unsigned long long [usertype] b crypto/gcm.c:253:19: got restricted __be64 [usertype] No actual change in behavior. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/gcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/gcm.c b/crypto/gcm.c index e438492db2ca..bbce31f6199b 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -247,7 +247,7 @@ static int gcm_hash_len(struct aead_request *req, u32 flags) struct crypto_gcm_req_priv_ctx *pctx = crypto_gcm_reqctx(req); struct ahash_request *ahreq = &pctx->u.ahreq; struct crypto_gcm_ghash_ctx *gctx = &pctx->ghash_ctx; - u128 lengths; + be128 lengths; lengths.a = cpu_to_be64(req->assoclen * 8); lengths.b = cpu_to_be64(gctx->cryptlen * 8); -- cgit From a1180cffea6a8c54161eb8e9ca8b2aeaa933a910 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:53 -0800 Subject: crypto: rsa-pkcs1pad - include Include internal/rsa.h in rsa-pkcs1pad.c to get the declaration of rsa_pkcs1pad_tmpl. This fixes the following sparse warning: crypto/rsa-pkcs1pad.c:698:24: warning: symbol 'rsa_pkcs1pad_tmpl' was not declared. Should it be static? Cc: Andrzej Zaborowski Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/rsa-pkcs1pad.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index cfc04e15fd97..0a6680ca8cb6 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c @@ -12,6 +12,7 @@ #include #include #include +#include #include #include #include -- cgit From 73381da5f9ec333b1fbe38a156e7764a90e36a74 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:54 -0800 Subject: crypto: streebog - use correct endianness type streebog_uint512::qword needs to be __le64, not u64. This fixes a large number of sparse warnings: crypto/streebog_generic.c:25:9: warning: incorrect type in initializer (different base types) crypto/streebog_generic.c:25:9: expected unsigned long long crypto/streebog_generic.c:25:9: got restricted __le64 [usertype] [omitted many similar warnings] No actual change in behavior. Cc: Vitaly Chikunov Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/streebog_generic.c | 2 +- include/crypto/streebog.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/streebog_generic.c b/crypto/streebog_generic.c index 03272a22afce..5a2eafed9c29 100644 --- a/crypto/streebog_generic.c +++ b/crypto/streebog_generic.c @@ -960,7 +960,7 @@ static int streebog_init(struct shash_desc *desc) memset(ctx, 0, sizeof(struct streebog_state)); for (i = 0; i < 8; i++) { if (digest_size == STREEBOG256_DIGEST_SIZE) - ctx->h.qword[i] = 0x0101010101010101ULL; + ctx->h.qword[i] = cpu_to_le64(0x0101010101010101ULL); } return 0; } diff --git a/include/crypto/streebog.h b/include/crypto/streebog.h index 4af119f7e07b..856e32af8657 100644 --- a/include/crypto/streebog.h +++ b/include/crypto/streebog.h @@ -19,7 +19,7 @@ #define STREEBOG_BLOCK_SIZE 64 struct streebog_uint512 { - u64 qword[8]; + __le64 qword[8]; }; struct streebog_state { -- cgit From cb9dde8801292e31e3964236a72f04926cf500b7 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:55 -0800 Subject: crypto: testmgr - handle endianness correctly in alg_test_crc32c() The crc32c context is in CPU endianness, whereas the final digest is little endian. alg_test_crc32c() got this mixed up. Fix it. The test passes both before and after, but this patch fixes the following sparse warning: crypto/testmgr.c:1912:24: warning: cast to restricted __le32 Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 1ce53f8058d2..fd31cfa872fb 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1889,7 +1889,7 @@ static int alg_test_crc32c(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { struct crypto_shash *tfm; - u32 val; + __le32 val; int err; err = alg_test_hash(desc, driver, type, mask); @@ -1911,7 +1911,7 @@ static int alg_test_crc32c(const struct alg_test_desc *desc, shash->tfm = tfm; shash->flags = 0; - *ctx = le32_to_cpu(420553207); + *ctx = 420553207; err = crypto_shash_final(shash, (u8 *)&val); if (err) { printk(KERN_ERR "alg: crc32c: Operation failed for " @@ -1919,9 +1919,9 @@ static int alg_test_crc32c(const struct alg_test_desc *desc, break; } - if (val != ~420553207) { - printk(KERN_ERR "alg: crc32c: Test failed for %s: " - "%d\n", driver, val); + if (val != cpu_to_le32(~420553207)) { + pr_err("alg: crc32c: Test failed for %s: %u\n", + driver, le32_to_cpu(val)); err = -EINVAL; } } while (0); -- cgit From e17568e15830c6d158f6492b5b60ccdeb0b7b20b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:56 -0800 Subject: crypto: user - forward declare crypto_nlsk Move the declaration of crypto_nlsk into internal/cryptouser.h. This fixes the following sparse warning: crypto/crypto_user_base.c:41:13: warning: symbol 'crypto_nlsk' was not declared. Should it be static? Cc: Corentin Labbe Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/crypto_user_stat.c | 2 -- include/crypto/internal/cryptouser.h | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c index 3e9a53233d80..d4d1cb2bedd7 100644 --- a/crypto/crypto_user_stat.c +++ b/crypto/crypto_user_stat.c @@ -22,8 +22,6 @@ static DEFINE_MUTEX(crypto_cfg_mutex); -extern struct sock *crypto_nlsk; - struct crypto_dump_info { struct sk_buff *in_skb; struct sk_buff *out_skb; diff --git a/include/crypto/internal/cryptouser.h b/include/crypto/internal/cryptouser.h index 40623f4457df..8c602b187c58 100644 --- a/include/crypto/internal/cryptouser.h +++ b/include/crypto/internal/cryptouser.h @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0 */ #include +extern struct sock *crypto_nlsk; + struct crypto_alg *crypto_alg_match(struct crypto_user_alg *p, int exact); #ifdef CONFIG_CRYPTO_STATS -- cgit From 793ff5ffc105a5962ab4c978d08988e3f8dc93aa Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:57 -0800 Subject: crypto: x86/aesni-gcm - make 'struct aesni_gcm_tfm_s' static const Add missing static keywords to fix the following sparse warnings: arch/x86/crypto/aesni-intel_glue.c:197:24: warning: symbol 'aesni_gcm_tfm_sse' was not declared. Should it be static? arch/x86/crypto/aesni-intel_glue.c:246:24: warning: symbol 'aesni_gcm_tfm_avx_gen2' was not declared. Should it be static? arch/x86/crypto/aesni-intel_glue.c:291:24: warning: symbol 'aesni_gcm_tfm_avx_gen4' was not declared. Should it be static? I also made the affected structures 'const', and adjusted the indentation in the struct definition to not be insane. Cc: Dave Watson Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/x86/crypto/aesni-intel_glue.c | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index 1321700d6647..9b5ccde3ef31 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -175,26 +175,18 @@ asmlinkage void aesni_gcm_finalize(void *ctx, struct gcm_context_data *gdata, u8 *auth_tag, unsigned long auth_tag_len); -static struct aesni_gcm_tfm_s { -void (*init)(void *ctx, - struct gcm_context_data *gdata, - u8 *iv, - u8 *hash_subkey, const u8 *aad, - unsigned long aad_len); -void (*enc_update)(void *ctx, - struct gcm_context_data *gdata, u8 *out, - const u8 *in, - unsigned long plaintext_len); -void (*dec_update)(void *ctx, - struct gcm_context_data *gdata, u8 *out, - const u8 *in, - unsigned long ciphertext_len); -void (*finalize)(void *ctx, - struct gcm_context_data *gdata, - u8 *auth_tag, unsigned long auth_tag_len); +static const struct aesni_gcm_tfm_s { + void (*init)(void *ctx, struct gcm_context_data *gdata, u8 *iv, + u8 *hash_subkey, const u8 *aad, unsigned long aad_len); + void (*enc_update)(void *ctx, struct gcm_context_data *gdata, u8 *out, + const u8 *in, unsigned long plaintext_len); + void (*dec_update)(void *ctx, struct gcm_context_data *gdata, u8 *out, + const u8 *in, unsigned long ciphertext_len); + void (*finalize)(void *ctx, struct gcm_context_data *gdata, + u8 *auth_tag, unsigned long auth_tag_len); } *aesni_gcm_tfm; -struct aesni_gcm_tfm_s aesni_gcm_tfm_sse = { +static const struct aesni_gcm_tfm_s aesni_gcm_tfm_sse = { .init = &aesni_gcm_init, .enc_update = &aesni_gcm_enc_update, .dec_update = &aesni_gcm_dec_update, @@ -243,7 +235,7 @@ asmlinkage void aesni_gcm_dec_avx_gen2(void *ctx, const u8 *aad, unsigned long aad_len, u8 *auth_tag, unsigned long auth_tag_len); -struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen2 = { +static const struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen2 = { .init = &aesni_gcm_init_avx_gen2, .enc_update = &aesni_gcm_enc_update_avx_gen2, .dec_update = &aesni_gcm_dec_update_avx_gen2, @@ -288,7 +280,7 @@ asmlinkage void aesni_gcm_dec_avx_gen4(void *ctx, const u8 *aad, unsigned long aad_len, u8 *auth_tag, unsigned long auth_tag_len); -struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen4 = { +static const struct aesni_gcm_tfm_s aesni_gcm_tfm_avx_gen4 = { .init = &aesni_gcm_init_avx_gen4, .enc_update = &aesni_gcm_enc_update_avx_gen4, .dec_update = &aesni_gcm_dec_update_avx_gen4, @@ -778,7 +770,7 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); unsigned long auth_tag_len = crypto_aead_authsize(tfm); - struct aesni_gcm_tfm_s *gcm_tfm = aesni_gcm_tfm; + const struct aesni_gcm_tfm_s *gcm_tfm = aesni_gcm_tfm; struct gcm_context_data data AESNI_ALIGN_ATTR; struct scatter_walk dst_sg_walk = {}; unsigned long left = req->cryptlen; -- cgit From f990f7fb58ac8ac9a43316f09a48cff1a49dda42 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:58 -0800 Subject: crypto: tgr192 - fix unaligned memory access Fix an unaligned memory access in tgr192_transform() by using the unaligned access helpers. Fixes: 06ace7a9bafe ("[CRYPTO] Use standard byte order macros wherever possible") Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/tgr192.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/tgr192.c b/crypto/tgr192.c index 022d3dd76c3b..f8e1d9f9938f 100644 --- a/crypto/tgr192.c +++ b/crypto/tgr192.c @@ -25,8 +25,9 @@ #include #include #include -#include #include +#include +#include #define TGR192_DIGEST_SIZE 24 #define TGR160_DIGEST_SIZE 20 @@ -468,10 +469,9 @@ static void tgr192_transform(struct tgr192_ctx *tctx, const u8 * data) u64 a, b, c, aa, bb, cc; u64 x[8]; int i; - const __le64 *ptr = (const __le64 *)data; for (i = 0; i < 8; i++) - x[i] = le64_to_cpu(ptr[i]); + x[i] = get_unaligned_le64(data + i * sizeof(__le64)); /* save */ a = aa = tctx->a; -- cgit From 554557ce0001fc0371fb88db53d7dfe2a398c6de Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:17:59 -0800 Subject: crypto: stat - remove unused mutex crypto_cfg_mutex in crypto_user_stat.c is unused. Remove it. Cc: Corentin Labbe Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/crypto_user_stat.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/crypto_user_stat.c b/crypto/crypto_user_stat.c index d4d1cb2bedd7..a03f326a63d3 100644 --- a/crypto/crypto_user_stat.c +++ b/crypto/crypto_user_stat.c @@ -20,8 +20,6 @@ #define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) -static DEFINE_MUTEX(crypto_cfg_mutex); - struct crypto_dump_info { struct sk_buff *in_skb; struct sk_buff *out_skb; -- cgit From 466e0759269d31485074126700574230bfff3b1c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:18:00 -0800 Subject: crypto: af_alg - make some functions static Some exported functions in af_alg.c aren't used outside of that file. Therefore, un-export them and make them 'static'. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/af_alg.c | 20 +++++++------------- include/crypto/if_alg.h | 7 ------- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 17eb09d222ff..ccae4a7ada8a 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -425,12 +425,12 @@ int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len) } EXPORT_SYMBOL_GPL(af_alg_make_sg); -void af_alg_link_sg(struct af_alg_sgl *sgl_prev, struct af_alg_sgl *sgl_new) +static void af_alg_link_sg(struct af_alg_sgl *sgl_prev, + struct af_alg_sgl *sgl_new) { sg_unmark_end(sgl_prev->sg + sgl_prev->npages - 1); sg_chain(sgl_prev->sg, sgl_prev->npages + 1, sgl_new->sg); } -EXPORT_SYMBOL_GPL(af_alg_link_sg); void af_alg_free_sg(struct af_alg_sgl *sgl) { @@ -441,7 +441,7 @@ void af_alg_free_sg(struct af_alg_sgl *sgl) } EXPORT_SYMBOL_GPL(af_alg_free_sg); -int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con) +static int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con) { struct cmsghdr *cmsg; @@ -480,7 +480,6 @@ int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con) return 0; } -EXPORT_SYMBOL_GPL(af_alg_cmsg_send); /** * af_alg_alloc_tsgl - allocate the TX SGL @@ -488,7 +487,7 @@ EXPORT_SYMBOL_GPL(af_alg_cmsg_send); * @sk socket of connection to user space * @return: 0 upon success, < 0 upon error */ -int af_alg_alloc_tsgl(struct sock *sk) +static int af_alg_alloc_tsgl(struct sock *sk) { struct alg_sock *ask = alg_sk(sk); struct af_alg_ctx *ctx = ask->private; @@ -517,7 +516,6 @@ int af_alg_alloc_tsgl(struct sock *sk) return 0; } -EXPORT_SYMBOL_GPL(af_alg_alloc_tsgl); /** * aead_count_tsgl - Count number of TX SG entries @@ -654,7 +652,7 @@ EXPORT_SYMBOL_GPL(af_alg_pull_tsgl); * * @areq Request holding the TX and RX SGL */ -void af_alg_free_areq_sgls(struct af_alg_async_req *areq) +static void af_alg_free_areq_sgls(struct af_alg_async_req *areq) { struct sock *sk = areq->sk; struct alg_sock *ask = alg_sk(sk); @@ -683,7 +681,6 @@ void af_alg_free_areq_sgls(struct af_alg_async_req *areq) sock_kfree_s(sk, tsgl, areq->tsgl_entries * sizeof(*tsgl)); } } -EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls); /** * af_alg_wait_for_wmem - wait for availability of writable memory @@ -692,7 +689,7 @@ EXPORT_SYMBOL_GPL(af_alg_free_areq_sgls); * @flags If MSG_DONTWAIT is set, then only report if function would sleep * @return 0 when writable memory is available, < 0 upon error */ -int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags) +static int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags) { DEFINE_WAIT_FUNC(wait, woken_wake_function); int err = -ERESTARTSYS; @@ -717,7 +714,6 @@ int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags) return err; } -EXPORT_SYMBOL_GPL(af_alg_wait_for_wmem); /** * af_alg_wmem_wakeup - wakeup caller when writable memory is available @@ -786,8 +782,7 @@ EXPORT_SYMBOL_GPL(af_alg_wait_for_data); * * @sk socket of connection to user space */ - -void af_alg_data_wakeup(struct sock *sk) +static void af_alg_data_wakeup(struct sock *sk) { struct alg_sock *ask = alg_sk(sk); struct af_alg_ctx *ctx = ask->private; @@ -805,7 +800,6 @@ void af_alg_data_wakeup(struct sock *sk) sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT); rcu_read_unlock(); } -EXPORT_SYMBOL_GPL(af_alg_data_wakeup); /** * af_alg_sendmsg - implementation of sendmsg system call handler diff --git a/include/crypto/if_alg.h b/include/crypto/if_alg.h index 482461d8931d..0d464db74bf5 100644 --- a/include/crypto/if_alg.h +++ b/include/crypto/if_alg.h @@ -169,9 +169,6 @@ int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern); int af_alg_make_sg(struct af_alg_sgl *sgl, struct iov_iter *iter, int len); void af_alg_free_sg(struct af_alg_sgl *sgl); -void af_alg_link_sg(struct af_alg_sgl *sgl_prev, struct af_alg_sgl *sgl_new); - -int af_alg_cmsg_send(struct msghdr *msg, struct af_alg_control *con); static inline struct alg_sock *alg_sk(struct sock *sk) { @@ -230,15 +227,11 @@ static inline bool af_alg_readable(struct sock *sk) return PAGE_SIZE <= af_alg_rcvbuf(sk); } -int af_alg_alloc_tsgl(struct sock *sk); unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset); void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, size_t dst_offset); -void af_alg_free_areq_sgls(struct af_alg_async_req *areq); -int af_alg_wait_for_wmem(struct sock *sk, unsigned int flags); void af_alg_wmem_wakeup(struct sock *sk); int af_alg_wait_for_data(struct sock *sk, unsigned flags); -void af_alg_data_wakeup(struct sock *sk); int af_alg_sendmsg(struct socket *sock, struct msghdr *msg, size_t size, unsigned int ivsize); ssize_t af_alg_sendpage(struct socket *sock, struct page *page, -- cgit From 7c39edfb040078e1ab90e5c546cfeba8ec159bbd Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:18:01 -0800 Subject: crypto: af_alg - use list_for_each_entry() in af_alg_count_tsgl() af_alg_count_tsgl() iterates through a list without modifying it, so use list_for_each_entry() rather than list_for_each_entry_safe(). Also make the pointers 'const' to make it clearer that nothing is modified. No actual change in behavior. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/af_alg.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index ccae4a7ada8a..1dd573a44127 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -530,17 +530,17 @@ static int af_alg_alloc_tsgl(struct sock *sk) */ unsigned int af_alg_count_tsgl(struct sock *sk, size_t bytes, size_t offset) { - struct alg_sock *ask = alg_sk(sk); - struct af_alg_ctx *ctx = ask->private; - struct af_alg_tsgl *sgl, *tmp; + const struct alg_sock *ask = alg_sk(sk); + const struct af_alg_ctx *ctx = ask->private; + const struct af_alg_tsgl *sgl; unsigned int i; unsigned int sgl_count = 0; if (!bytes) return 0; - list_for_each_entry_safe(sgl, tmp, &ctx->tsgl_list, list) { - struct scatterlist *sg = sgl->sg; + list_for_each_entry(sgl, &ctx->tsgl_list, list) { + const struct scatterlist *sg = sgl->sg; for (i = 0; i < sgl->cur; i++) { size_t bytes_count; -- cgit From 6d0d6cfb12e5e1e8d879996b786da718c6ec15e6 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 10 Jan 2019 12:18:02 -0800 Subject: crypto: af_alg - remove redundant initializations of sk_family sk_alloc() already sets sock::sk_family to PF_ALG which is passed as the 'family' argument, so there's no need to set it again. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/af_alg.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index 1dd573a44127..c5937c812799 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -302,8 +302,6 @@ int af_alg_accept(struct sock *sk, struct socket *newsock, bool kern) if (err) goto unlock; - sk2->sk_family = PF_ALG; - if (nokey || !ask->refcnt++) sock_hold(sk); ask->nokey_refcnt += nokey; @@ -380,7 +378,6 @@ static int alg_create(struct net *net, struct socket *sock, int protocol, sock->ops = &alg_proto_ops; sock_init_data(sock, sk); - sk->sk_family = PF_ALG; sk->sk_destruct = alg_sock_destruct; return 0; -- cgit From 5bc3de58c102cae2f3c76f2df222d975fd388d0b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 13 Jan 2019 15:32:24 -0800 Subject: crypto: testmgr - skip AEAD encryption test vectors with novrfy set In preparation for unifying the AEAD encryption and decryption test vectors, skip AEAD test vectors with the 'novrfy' (verification failure expected) flag set when testing encryption rather than decryption. These test vectors only make sense for decryption. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index fd31cfa872fb..09f2f0f582bf 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -671,6 +671,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, for (i = 0, j = 0; i < tcount; i++) { if (template[i].np) continue; + if (enc && template[i].novrfy) + continue; j++; @@ -787,6 +789,9 @@ static int __test_aead(struct crypto_aead *tfm, int enc, if (!template[i].np) continue; + if (enc && template[i].novrfy) + continue; + j++; if (template[i].iv) -- cgit From de845da90350ba5ed404f328aa03d36fbf81f371 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 13 Jan 2019 15:32:25 -0800 Subject: crypto: testmgr - add ccm(aes) decryption tests to encryption tests Some "ccm(aes)" decryption test vectors don't exactly match any of the encryption test vectors with input and result swapped. In preparation for removing the AEAD decryption test vectors and testing AEAD decryption using the encryption test vectors, add these to the encryption test vectors, so we don't lose any test coverage. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 197 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 196 insertions(+), 1 deletion(-) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index ca8e8ebef309..fa0b1af9f751 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -18692,7 +18692,202 @@ static const struct aead_testvec aes_ccm_enc_tv_template[] = { "\x5c\xda\xb2\x33\xe5\x13\xe2\x0d" "\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8", .rlen = 48, - } + }, { + /* This is taken from FIPS CAVS. */ + .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" + "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", + .klen = 16, + .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" + "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", + .alen = 0, + .input = "\x00", + .ilen = 0, + .result = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b", + .rlen = 8, + .novrfy = 1, + }, { + .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" + "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", + .klen = 16, + .iv = "\x03\xaf\x94\x87\x78\x35\x82\x81" + "\x7f\x88\x94\x68\x00\x00\x00\x00", + .alen = 0, + .input = "\x00", + .ilen = 0, + .result = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3", + .rlen = 8, + }, { + .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" + "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", + .klen = 16, + .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" + "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", + .assoc = "\xf3\x94\x87\x78\x35\x82\x81\x7f" + "\x88\x94\x68\xb1\x78\x6b\x2b\xd6" + "\x04\x1f\x4e\xed\x78\xd5\x33\x66" + "\xd8\x94\x99\x91\x81\x54\x62\x57", + .alen = 32, + .input = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb" + "\x33\xe4\x73\xce\xd2\xfb\x95\x79" + "\xe8\xb4\xb5\x77\x11\x10\x62\x6f" + "\x6a\x82\xd1\x13\xec\xf5\xd0\x48", + .ilen = 32, + .result = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55" + "\xd0\xd1\x3d\x1a\xa3\x6d\xe4\x0a" + "\x86\xb0\x87\x6b\x62\x33\x8c\x34" + "\xce\xab\x57\xcc\x79\x0b\xe0\x6f" + "\x5c\x3e\x48\x1f\x6c\x46\xf7\x51" + "\x8b\x84\x83\x2a\xc1\x05\xb8\xc5", + .rlen = 48, + .novrfy = 1, + }, { + .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" + "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", + .klen = 16, + .iv = "\x03\x05\xe0\xc9\x0f\xed\x34\xea" + "\x97\xd4\x3b\xdf\x00\x00\x00\x00", + .assoc = "\x49\x5c\x50\x1f\x1d\x94\xcc\x81" + "\xba\xb7\xb6\x03\xaf\xa5\xc1\xa1" + "\xd8\x5c\x42\x68\xe0\x6c\xda\x89" + "\x05\xac\x56\xac\x1b\x2a\xd3\x86", + .alen = 32, + .input = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60" + "\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7" + "\xf2\xae\x61\x05\x8f\x82\x24\x3f" + "\x9c\x67\x91\xe1\x38\x4f\xe4\x0c", + .ilen = 32, + .result = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c" + "\xad\x83\x52\x6d\x71\x03\x25\x1c" + "\xed\x81\x3a\x9a\x16\x7d\x19\x80" + "\x72\x04\x72\xd0\xf6\xff\x05\x0f" + "\xb7\x14\x30\x00\x32\x9e\xa0\xa6" + "\x9e\x5a\x18\xa1\xb8\xfe\xdb\xd3", + .rlen = 48, + }, { + .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" + "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" + "\xa4\x48\x93\x39\x26\x71\x4a\xc6", + .klen = 24, + .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" + "\x57\xba\xfd\x9e\x00\x00\x00\x00", + .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" + "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" + "\xa4\xf0\x13\x05\xd1\x77\x99\x67" + "\x11\xc4\xc6\xdb\x00\x56\x36\x61", + .alen = 32, + .input = "\x00", + .ilen = 0, + .result = "\x71\x99\xfa\xf4\x44\x12\x68\x9b", + .rlen = 8, + }, { + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" + "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba", + .klen = 24, + .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" + "\x57\xba\xfd\x9e\x00\x00\x00\x00", + .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" + "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" + "\xa4\xf0\x13\x05\xd1\x77\x99\x67" + "\x11\xc4\xc6\xdb\x00\x56\x36\x61", + .alen = 32, + .input = "\x85\x34\x66\x42\xc8\x92\x0f\x36" + "\x58\xe0\x6b\x91\x3c\x98\x5c\xbb" + "\x0a\x85\xcc\x02\xad\x7a\x96\xe9" + "\x65\x43\xa4\xc3\x0f\xdc\x55\x81", + .ilen = 32, + .result = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7" + "\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2" + "\x66\xca\x61\x1e\x96\x7a\x61\xb3" + "\x1c\x16\x45\x52\xba\x04\x9c\x9f" + "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1", + .rlen = 40, + }, { + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" + "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba", + .klen = 24, + .iv = "\x03\xd1\xfc\x57\x9c\xfe\xb8\x9c" + "\xad\x71\xaa\x1f\x00\x00\x00\x00", + .assoc = "\x86\x67\xa5\xa9\x14\x5f\x0d\xc6" + "\xff\x14\xc7\x44\xbf\x6c\x3a\xc3" + "\xff\xb6\x81\xbd\xe2\xd5\x06\xc7" + "\x3c\xa1\x52\x13\x03\x8a\x23\x3a", + .alen = 32, + .input = "\x02\x87\x4d\x28\x80\x6e\xb2\xed" + "\x99\x2a\xa8\xca\x04\x25\x45\x90" + "\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c" + "\x49\xe9\x01\xfe\xa7\x80\x6d\x6b", + .ilen = 32, + .result = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00" + "\xc6\x0e\x6e\xe5\xd6\x98\xa6\x37" + "\x8c\x26\x33\xc6\xb2\xa2\x17\xfa" + "\x64\x19\xc0\x30\xd7\xfc\x14\x6b" + "\xe3\x33\xc2\x04\xb0\x37\xbe\x3f" + "\xa9\xb4\x2d\x68\x03\xa3\x44\xef", + .rlen = 48, + .novrfy = 1, + }, { + .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01" + "\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c" + "\x20\x2c\xad\x30\xc2\x2b\x41\xfb" + "\x0e\x85\xbc\x33\xad\x0f\x2b\xff", + .klen = 32, + .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" + "\x57\xba\xfd\x9e\x00\x00\x00\x00", + .alen = 0, + .input = "\x00", + .ilen = 0, + .result = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2", + .rlen = 8, + }, { + .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" + "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" + "\xa4\x48\x93\x39\x26\x71\x4a\xc6" + "\xae\x8f\x11\x4c\xc2\x9c\x4a\xbb", + .klen = 32, + .iv = "\x03\x85\x34\x66\x42\xc8\x92\x0f" + "\x36\x58\xe0\x6b\x00\x00\x00\x00", + .alen = 0, + .input = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c" + "\xf0\x97\x3a\xfb\x6d\xe7\x32\x99" + "\x3e\xaf\x70\x5e\xb2\x4d\xea\x39" + "\x89\xd4\x75\x7a\x63\xb1\xda\x93", + .ilen = 32, + .result = "\x48\x01\x5e\x02\x24\x04\x66\x47" + "\xa1\xea\x6f\xaf\xe8\xfc\xfb\xdd" + "\xa5\xa9\x87\x8d\x84\xee\x2e\x77" + "\xbb\x86\xb9\xf5\x5c\x6c\xff\xf6" + "\x72\xc3\x8e\xf7\x70\xb1\xb2\x07" + "\xbc\xa8\xa3\xbd\x83\x7c\x1d\x2a", + .rlen = 48, + .novrfy = 1, + }, { + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" + "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba" + "\x0d\x1a\x53\x3b\xb5\xe3\xf8\x8b", + .klen = 32, + .iv = "\x03\xcf\x76\x3f\xd9\x95\x75\x8f" + "\x44\x89\x40\x7b\x00\x00\x00\x00", + .assoc = "\x8f\x86\x6c\x4d\x1d\xc5\x39\x88" + "\xc8\xf3\x5c\x52\x10\x63\x6f\x2b" + "\x8a\x2a\xc5\x6f\x30\x23\x58\x7b" + "\xfb\x36\x03\x11\xb4\xd9\xf2\xfe", + .alen = 32, + .input = "\xc2\x54\xc8\xde\x78\x87\x77\x40" + "\x49\x71\xe4\xb7\xe7\xcb\x76\x61" + "\x0a\x41\xb9\xe9\xc0\x76\x54\xab" + "\x04\x49\x3b\x19\x93\x57\x25\x5d", + .ilen = 32, + .result = "\x48\x58\xd6\xf3\xad\x63\x58\xbf" + "\xae\xc7\x5e\xae\x83\x8f\x7b\xe4" + "\x78\x5c\x4c\x67\x71\x89\x94\xbf" + "\x47\xf1\x63\x7e\x1c\x59\xbd\xc5" + "\x7f\x44\x0a\x0c\x01\x18\x07\x92" + "\xe1\xd3\x51\xce\x32\x6d\x0c\x5b", + .rlen = 48, + }, }; static const struct aead_testvec aes_ccm_dec_tv_template[] = { -- cgit From f38e88854269a5b2c2c837e1e641b842de819363 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 13 Jan 2019 15:32:26 -0800 Subject: crypto: testmgr - add gcm(aes) decryption tests to encryption tests Some "gcm(aes)" decryption test vectors don't exactly match any of the encryption test vectors with input and result swapped. In preparation for removing the AEAD decryption test vectors and testing AEAD decryption using the encryption test vectors, add these to the encryption test vectors, so we don't lose any test coverage. In the case of the chunked test vector, I truncated the last scatterlist element to the end of the plaintext. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 105 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 105 insertions(+) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index fa0b1af9f751..5d8f867b9b83 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -16889,6 +16889,111 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { .result = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9" "\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b", .rlen = 16, + }, { + .key = zeroed_string, + .klen = 32, + .input = zeroed_string, + .ilen = 16, + .result = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" + "\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" + "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0" + "\x26\x5b\x98\xb5\xd4\x8a\xb9\x19", + .rlen = 32, + }, { + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08", + .klen = 32, + .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" + "\xde\xca\xf8\x88", + .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda" + "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53" + "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" + "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", + .ilen = 64, + .result = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" + "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" + "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" + "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" + "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" + "\xa7\xb0\x8b\x10\x56\x82\x88\x38" + "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" + "\xbc\xc9\xf6\x62\x89\x80\x15\xad" + "\xb0\x94\xda\xc5\xd9\x34\x71\xbd" + "\xec\x1a\x50\x22\x70\xe3\xcc\x6c", + .rlen = 80, + }, { + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08", + .klen = 32, + .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" + "\xde\xca\xf8\x88", + .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda" + "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53" + "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" + "\xba\x63\x7b\x39", + .ilen = 60, + .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xab\xad\xda\xd2", + .alen = 20, + .result = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" + "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" + "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" + "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" + "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" + "\xa7\xb0\x8b\x10\x56\x82\x88\x38" + "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" + "\xbc\xc9\xf6\x62" + "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" + "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b", + .rlen = 76, + .np = 2, + .tap = { 48, 12 }, + .anp = 3, + .atap = { 8, 8, 4 } + }, { + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\xfe\xff\xe9\x92\x86\x65\x73\x1c", + .klen = 24, + .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" + "\xde\xca\xf8\x88", + .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" + "\x86\xa7\xa9\x53\x15\x34\xf7\xda" + "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" + "\x1c\x3c\x0c\x95\x95\x68\x09\x53" + "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" + "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" + "\xba\x63\x7b\x39", + .ilen = 60, + .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xfe\xed\xfa\xce\xde\xad\xbe\xef" + "\xab\xad\xda\xd2", + .alen = 20, + .result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" + "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" + "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" + "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" + "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" + "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" + "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" + "\xcc\xda\x27\x10" + "\x25\x19\x49\x8e\x80\xf1\x47\x8f" + "\x37\xba\x55\xbd\x6d\x27\x61\x8c", + .rlen = 76, } }; -- cgit From d7250b41531842cf7eaadf463053275a5d5a01f0 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 13 Jan 2019 15:32:27 -0800 Subject: crypto: testmgr - add rfc4543(gcm(aes)) decryption test to encryption tests One "rfc4543(gcm(aes))" decryption test vector doesn't exactly match any of the encryption test vectors with input and result swapped. In preparation for removing the AEAD decryption test vectors and testing AEAD decryption using the encryption test vectors, add this to the encryption test vectors, so we don't lose any test coverage. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 5d8f867b9b83..8d1c2dfe3bec 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -18454,7 +18454,35 @@ static const struct aead_testvec aes_gcm_rfc4543_enc_tv_template[] = { "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" "\xe4\x09\x9a\xaa", .rlen = 68, - } + }, { /* nearly same as previous, but should fail */ + .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" + "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" + "\x22\x43\x3c\x64", + .klen = 20, + .iv = zeroed_string, + .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .alen = 16, + .input = "\x45\x00\x00\x30\xda\x3a\x00\x00" + "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" + "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6a\x6b\x6c" + "\x6d\x6e\x6f\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01", + .ilen = 52, + .novrfy = 1, + .result = "\x45\x00\x00\x30\xda\x3a\x00\x00" + "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" + "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6a\x6b\x6c" + "\x6d\x6e\x6f\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01\xf2\xa9\xa8\x36" + "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" + "\x00\x00\x00\x00", + .rlen = 68, + }, }; static const struct aead_testvec aes_gcm_rfc4543_dec_tv_template[] = { -- cgit From a0d608ee5ebfa9a9da0e69784e7aa0f86644a02e Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sun, 13 Jan 2019 15:32:28 -0800 Subject: crypto: testmgr - unify the AEAD encryption and decryption test vectors Currently testmgr has separate encryption and decryption test vectors for AEADs. That's massively redundant, since usually the decryption tests are identical to the encryption tests, just with the input/result swapped. And for some algorithms it was forgotten to add decryption test vectors, so for them currently only encryption is being tested. Therefore, eliminate the redundancy by removing the AEAD decryption test vectors and updating testmgr to test both AEAD encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each aead_testvec now has a 'ptext' (plaintext), 'plen' (plaintext length), 'ctext' (ciphertext), and 'clen' (ciphertext length) instead of an 'input', 'ilen', 'result', and 'rlen'. "Ciphertext" here refers to the full ciphertext, including the authentication tag. For now the scatterlist divisions are just given for the plaintext length, not also the ciphertext length. For decryption, the last scatterlist element is just extended by the authentication tag length. In total, this removes over 5000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. The testmgr.h portion of this patch was automatically generated using the following awk script, except that I also manually updated the definition of 'struct aead_testvec' and fixed the location of the comment describing the AEGIS-128 test vectors. BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct aead_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct aead_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC { sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.ilen[[:space:]]*=/, ".plen\t=") sub(/\.rlen[[:space:]]*=/, ".clen\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 1235 insertions(+), 6491 deletions(-)". Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 260 +- crypto/testmgr.h | 12432 ++++++++++++++++------------------------------------- 2 files changed, 3718 insertions(+), 8974 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 09f2f0f582bf..e4f3f5f688e7 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -77,10 +77,8 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) #define DECRYPT 0 struct aead_test_suite { - struct { - const struct aead_testvec *vecs; - unsigned int count; - } enc, dec; + const struct aead_testvec *vecs; + unsigned int count; }; struct cipher_test_suite { @@ -616,9 +614,6 @@ static int __test_aead(struct crypto_aead *tfm, int enc, const char *e, *d; struct crypto_wait wait; unsigned int authsize, iv_len; - void *input; - void *output; - void *assoc; char *iv; char *xbuf[XBUFSIZE]; char *xoutbuf[XBUFSIZE]; @@ -669,27 +664,41 @@ static int __test_aead(struct crypto_aead *tfm, int enc, iv_len = crypto_aead_ivsize(tfm); for (i = 0, j = 0; i < tcount; i++) { + const char *input, *expected_output; + unsigned int inlen, outlen; + char *inbuf, *outbuf, *assocbuf; + if (template[i].np) continue; - if (enc && template[i].novrfy) - continue; + if (enc) { + if (template[i].novrfy) + continue; + input = template[i].ptext; + inlen = template[i].plen; + expected_output = template[i].ctext; + outlen = template[i].clen; + } else { + input = template[i].ctext; + inlen = template[i].clen; + expected_output = template[i].ptext; + outlen = template[i].plen; + } j++; /* some templates have no input data but they will * touch input */ - input = xbuf[0]; - input += align_offset; - assoc = axbuf[0]; + inbuf = xbuf[0] + align_offset; + assocbuf = axbuf[0]; ret = -EINVAL; - if (WARN_ON(align_offset + template[i].ilen > - PAGE_SIZE || template[i].alen > PAGE_SIZE)) + if (WARN_ON(align_offset + template[i].clen > PAGE_SIZE || + template[i].alen > PAGE_SIZE)) goto out; - memcpy(input, template[i].input, template[i].ilen); - memcpy(assoc, template[i].assoc, template[i].alen); + memcpy(inbuf, input, inlen); + memcpy(assocbuf, template[i].assoc, template[i].alen); if (template[i].iv) memcpy(iv, template[i].iv, iv_len); else @@ -716,7 +725,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc, } else if (ret) continue; - authsize = abs(template[i].rlen - template[i].ilen); + authsize = template[i].clen - template[i].plen; ret = crypto_aead_setauthsize(tfm, authsize); if (ret) { pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n", @@ -726,23 +735,20 @@ static int __test_aead(struct crypto_aead *tfm, int enc, k = !!template[i].alen; sg_init_table(sg, k + 1); - sg_set_buf(&sg[0], assoc, template[i].alen); - sg_set_buf(&sg[k], input, - template[i].ilen + (enc ? authsize : 0)); - output = input; + sg_set_buf(&sg[0], assocbuf, template[i].alen); + sg_set_buf(&sg[k], inbuf, template[i].clen); + outbuf = inbuf; if (diff_dst) { sg_init_table(sgout, k + 1); - sg_set_buf(&sgout[0], assoc, template[i].alen); + sg_set_buf(&sgout[0], assocbuf, template[i].alen); - output = xoutbuf[0]; - output += align_offset; - sg_set_buf(&sgout[k], output, - template[i].rlen + (enc ? 0 : authsize)); + outbuf = xoutbuf[0] + align_offset; + sg_set_buf(&sgout[k], outbuf, template[i].clen); } - aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].ilen, iv); + aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, inlen, + iv); aead_request_set_ad(req, template[i].alen); @@ -771,17 +777,19 @@ static int __test_aead(struct crypto_aead *tfm, int enc, goto out; } - q = output; - if (memcmp(q, template[i].result, template[i].rlen)) { + if (memcmp(outbuf, expected_output, outlen)) { pr_err("alg: aead%s: Test %d failed on %s for %s\n", d, j, e, algo); - hexdump(q, template[i].rlen); + hexdump(outbuf, outlen); ret = -EINVAL; goto out; } } for (i = 0, j = 0; i < tcount; i++) { + const char *input, *expected_output; + unsigned int inlen, outlen; + /* alignment tests are only done with continuous buffers */ if (align_offset != 0) break; @@ -789,8 +797,19 @@ static int __test_aead(struct crypto_aead *tfm, int enc, if (!template[i].np) continue; - if (enc && template[i].novrfy) - continue; + if (enc) { + if (template[i].novrfy) + continue; + input = template[i].ptext; + inlen = template[i].plen; + expected_output = template[i].ctext; + outlen = template[i].clen; + } else { + input = template[i].ctext; + inlen = template[i].clen; + expected_output = template[i].ptext; + outlen = template[i].plen; + } j++; @@ -818,7 +837,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc, } else if (ret) continue; - authsize = abs(template[i].rlen - template[i].ilen); + authsize = template[i].clen - template[i].plen; ret = -EINVAL; sg_init_table(sg, template[i].anp + template[i].np); @@ -845,32 +864,32 @@ static int __test_aead(struct crypto_aead *tfm, int enc, } for (k = 0, temp = 0; k < template[i].np; k++) { - if (WARN_ON(offset_in_page(IDX[k]) + - template[i].tap[k] > PAGE_SIZE)) + n = template[i].tap[k]; + if (k == template[i].np - 1 && !enc) + n += authsize; + + if (WARN_ON(offset_in_page(IDX[k]) + n > PAGE_SIZE)) goto out; q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); - memcpy(q, template[i].input + temp, template[i].tap[k]); - sg_set_buf(&sg[template[i].anp + k], - q, template[i].tap[k]); + memcpy(q, input + temp, n); + sg_set_buf(&sg[template[i].anp + k], q, n); if (diff_dst) { q = xoutbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); - memset(q, 0, template[i].tap[k]); + memset(q, 0, n); - sg_set_buf(&sgout[template[i].anp + k], - q, template[i].tap[k]); + sg_set_buf(&sgout[template[i].anp + k], q, n); } - n = template[i].tap[k]; if (k == template[i].np - 1 && enc) n += authsize; if (offset_in_page(q) + n < PAGE_SIZE) q[n] = 0; - temp += template[i].tap[k]; + temp += n; } ret = crypto_aead_setauthsize(tfm, authsize); @@ -895,8 +914,7 @@ static int __test_aead(struct crypto_aead *tfm, int enc, } aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].ilen, - iv); + inlen, iv); aead_request_set_ad(req, template[i].alen); @@ -935,10 +953,10 @@ static int __test_aead(struct crypto_aead *tfm, int enc, offset_in_page(IDX[k]); n = template[i].tap[k]; - if (k == template[i].np - 1) - n += enc ? authsize : -authsize; + if (k == template[i].np - 1 && enc) + n += authsize; - if (memcmp(q, template[i].result + temp, n)) { + if (memcmp(q, expected_output + temp, n)) { pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n", d, j, e, k, algo); hexdump(q, n); @@ -947,9 +965,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, q += n; if (k == template[i].np - 1 && !enc) { - if (!diff_dst && - memcmp(q, template[i].input + - temp + n, authsize)) + if (!diff_dst && memcmp(q, input + temp + n, + authsize)) n = authsize; else n = 0; @@ -1721,8 +1738,9 @@ out: static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { + const struct aead_test_suite *suite = &desc->suite.aead; struct crypto_aead *tfm; - int err = 0; + int err; tfm = crypto_alloc_aead(driver, type, mask); if (IS_ERR(tfm)) { @@ -1731,18 +1749,10 @@ static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, return PTR_ERR(tfm); } - if (desc->suite.aead.enc.vecs) { - err = test_aead(tfm, ENCRYPT, desc->suite.aead.enc.vecs, - desc->suite.aead.enc.count); - if (err) - goto out; - } - - if (!err && desc->suite.aead.dec.vecs) - err = test_aead(tfm, DECRYPT, desc->suite.aead.dec.vecs, - desc->suite.aead.dec.count); + err = test_aead(tfm, ENCRYPT, suite->vecs, suite->count); + if (!err) + err = test_aead(tfm, DECRYPT, suite->vecs, suite->count); -out: crypto_free_aead(tfm); return err; } @@ -2452,28 +2462,19 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "aegis128", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(aegis128_enc_tv_template), - .dec = __VECS(aegis128_dec_tv_template), - } + .aead = __VECS(aegis128_tv_template) } }, { .alg = "aegis128l", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(aegis128l_enc_tv_template), - .dec = __VECS(aegis128l_dec_tv_template), - } + .aead = __VECS(aegis128l_tv_template) } }, { .alg = "aegis256", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(aegis256_enc_tv_template), - .dec = __VECS(aegis256_dec_tv_template), - } + .aead = __VECS(aegis256_tv_template) } }, { .alg = "ansi_cprng", @@ -2485,36 +2486,27 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "authenc(hmac(md5),ecb(cipher_null))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_md5_ecb_cipher_null_enc_tv_template), - .dec = __VECS(hmac_md5_ecb_cipher_null_dec_tv_template) - } + .aead = __VECS(hmac_md5_ecb_cipher_null_tv_template) } }, { .alg = "authenc(hmac(sha1),cbc(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha1_aes_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha1_aes_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha1),cbc(des))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha1_des_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha1_des_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha1),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha1_des3_ede_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha1_des3_ede_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha1),ctr(aes))", @@ -2524,10 +2516,7 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "authenc(hmac(sha1),ecb(cipher_null))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha1_ecb_cipher_null_enc_tv_temp), - .dec = __VECS(hmac_sha1_ecb_cipher_null_dec_tv_temp) - } + .aead = __VECS(hmac_sha1_ecb_cipher_null_tv_temp) } }, { .alg = "authenc(hmac(sha1),rfc3686(ctr(aes)))", @@ -2537,44 +2526,34 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "authenc(hmac(sha224),cbc(des))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha224_des_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha224_des_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha224),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha224_des3_ede_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha224_des3_ede_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha256),cbc(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha256_aes_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha256_aes_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha256),cbc(des))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha256_des_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha256_des_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha256),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha256_des3_ede_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha256_des3_ede_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha256),ctr(aes))", @@ -2588,18 +2567,14 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "authenc(hmac(sha384),cbc(des))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha384_des_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha384_des_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha384),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha384_des3_ede_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha384_des3_ede_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha384),ctr(aes))", @@ -2614,26 +2589,20 @@ static const struct alg_test_desc alg_test_descs[] = { .fips_allowed = 1, .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha512_aes_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha512_aes_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha512),cbc(des))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(hmac_sha512_des_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha512_des_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha512),cbc(des3_ede))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(hmac_sha512_des3_ede_cbc_enc_tv_temp) - } + .aead = __VECS(hmac_sha512_des3_ede_cbc_tv_temp) } }, { .alg = "authenc(hmac(sha512),ctr(aes))", @@ -2730,10 +2699,7 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(aes_ccm_enc_tv_template), - .dec = __VECS(aes_ccm_dec_tv_template) - } + .aead = __VECS(aes_ccm_tv_template) } }, { .alg = "cfb(aes)", @@ -3144,10 +3110,7 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(aes_gcm_enc_tv_template), - .dec = __VECS(aes_gcm_dec_tv_template) - } + .aead = __VECS(aes_gcm_tv_template) } }, { .alg = "ghash", @@ -3342,19 +3305,13 @@ static const struct alg_test_desc alg_test_descs[] = { .alg = "morus1280", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(morus1280_enc_tv_template), - .dec = __VECS(morus1280_dec_tv_template), - } + .aead = __VECS(morus1280_tv_template) } }, { .alg = "morus640", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(morus640_enc_tv_template), - .dec = __VECS(morus640_dec_tv_template), - } + .aead = __VECS(morus640_tv_template) } }, { .alg = "nhpoly1305", @@ -3419,47 +3376,32 @@ static const struct alg_test_desc alg_test_descs[] = { .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(aes_gcm_rfc4106_enc_tv_template), - .dec = __VECS(aes_gcm_rfc4106_dec_tv_template) - } + .aead = __VECS(aes_gcm_rfc4106_tv_template) } }, { .alg = "rfc4309(ccm(aes))", .test = alg_test_aead, .fips_allowed = 1, .suite = { - .aead = { - .enc = __VECS(aes_ccm_rfc4309_enc_tv_template), - .dec = __VECS(aes_ccm_rfc4309_dec_tv_template) - } + .aead = __VECS(aes_ccm_rfc4309_tv_template) } }, { .alg = "rfc4543(gcm(aes))", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(aes_gcm_rfc4543_enc_tv_template), - .dec = __VECS(aes_gcm_rfc4543_dec_tv_template), - } + .aead = __VECS(aes_gcm_rfc4543_tv_template) } }, { .alg = "rfc7539(chacha20,poly1305)", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(rfc7539_enc_tv_template), - .dec = __VECS(rfc7539_dec_tv_template), - } + .aead = __VECS(rfc7539_tv_template) } }, { .alg = "rfc7539esp(chacha20,poly1305)", .test = alg_test_aead, .suite = { - .aead = { - .enc = __VECS(rfc7539esp_enc_tv_template), - .dec = __VECS(rfc7539esp_dec_tv_template), - } + .aead = __VECS(rfc7539esp_tv_template) } }, { .alg = "rmd128", diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 8d1c2dfe3bec..95297240b0f1 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -76,23 +76,45 @@ struct cipher_testvec { bool generates_iv; }; +/* + * aead_testvec: structure to describe an AEAD test + * @key: Pointer to key + * @iv: Pointer to IV. If NULL, an all-zeroes IV is used. + * @ptext: Pointer to plaintext + * @assoc: Pointer to associated data + * @ctext: Pointer to the full authenticated ciphertext. For AEADs that + * produce a separate "ciphertext" and "authentication tag", these + * two parts are concatenated: ciphertext || tag. + * @tap: How to distribute ptext data in @np SGs + * @atap: How to distribute assoc data in @anp SGs + * @np: Numbers of SG to distribute ptext data in + * @anp: Numbers of SG to distribute assoc data in + * @fail: setkey() failure expected? + * @novrfy: Decryption verification failure expected? + * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY? + * (e.g. setkey() needs to fail due to a weak key) + * @klen: Length of @key in bytes + * @plen: Length of @ptext in bytes + * @alen: Length of @assoc in bytes + * @clen: Length of @ctext in bytes + */ struct aead_testvec { const char *key; const char *iv; - const char *input; + const char *ptext; const char *assoc; - const char *result; + const char *ctext; unsigned char tap[MAX_TAP]; unsigned char atap[MAX_TAP]; int np; int anp; bool fail; - unsigned char novrfy; /* ccm dec verification failure expected */ - unsigned char wk; /* weak key flag */ + unsigned char novrfy; + unsigned char wk; unsigned char klen; - unsigned short ilen; + unsigned short plen; + unsigned short clen; unsigned short alen; - unsigned short rlen; }; struct cprng_testvec { @@ -12898,7 +12920,7 @@ static const struct cipher_testvec aes_cfb_tv_template[] = { }, }; -static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = { +static const struct aead_testvec hmac_md5_ecb_cipher_null_tv_template[] = { { /* Input data from RFC 2410 Case 1 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -12912,12 +12934,12 @@ static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 8 + 16 + 0, .iv = "", - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .plen = 8, + .ctext = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\xaa\x42\xfe\x43\x8d\xea\xa3\x5a" "\xb9\x3d\x9f\xb1\xa3\x8e\x9b\xae", - .rlen = 8 + 16, + .clen = 8 + 16, }, { /* Input data from RFC 2410 Case 2 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -12931,58 +12953,16 @@ static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = { "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 8 + 16 + 0, .iv = "", - .input = "Network Security People Have A Strange Sense Of Humor", - .ilen = 53, - .result = "Network Security People Have A Strange Sense Of Humor" - "\x73\xa5\x3e\x1c\x08\x0e\x8a\x8a" - "\x8e\xb5\x5f\x90\x8e\xfe\x13\x23", - .rlen = 53 + 16, - }, -}; - -static const struct aead_testvec hmac_md5_ecb_cipher_null_dec_tv_template[] = { - { -#ifdef __LITTLE_ENDIAN - .key = "\x08\x00" /* rta length */ - "\x01\x00" /* rta type */ -#else - .key = "\x00\x08" /* rta length */ - "\x00\x01" /* rta type */ -#endif - "\x00\x00\x00\x00" /* enc key length */ - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 8 + 16 + 0, - .iv = "", - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\xaa\x42\xfe\x43\x8d\xea\xa3\x5a" - "\xb9\x3d\x9f\xb1\xa3\x8e\x9b\xae", - .ilen = 8 + 16, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { -#ifdef __LITTLE_ENDIAN - .key = "\x08\x00" /* rta length */ - "\x01\x00" /* rta type */ -#else - .key = "\x00\x08" /* rta length */ - "\x00\x01" /* rta type */ -#endif - "\x00\x00\x00\x00" /* enc key length */ - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 8 + 16 + 0, - .iv = "", - .input = "Network Security People Have A Strange Sense Of Humor" + .ptext = "Network Security People Have A Strange Sense Of Humor", + .plen = 53, + .ctext = "Network Security People Have A Strange Sense Of Humor" "\x73\xa5\x3e\x1c\x08\x0e\x8a\x8a" "\x8e\xb5\x5f\x90\x8e\xfe\x13\x23", - .ilen = 53 + 16, - .result = "Network Security People Have A Strange Sense Of Humor", - .rlen = 53, + .clen = 53 + 16, }, }; -static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha1_aes_cbc_tv_temp[] = { { /* RFC 3602 Case 1 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13003,14 +12983,14 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { .assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", .alen = 16, - .input = "Single block msg", - .ilen = 16, - .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" + .ptext = "Single block msg", + .plen = 16, + .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" "\x27\x08\x94\x2d\xbe\x77\x18\x1a" "\x1b\x13\xcb\xaf\x89\x5e\xe1\x2c" "\x13\xc5\x2e\xa3\xcc\xed\xdc\xb5" "\x03\x71\xa2\x06", - .rlen = 16 + 20, + .clen = 16 + 20, }, { /* RFC 3602 Case 2 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13031,19 +13011,19 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { .assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", .alen = 16, - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" + .plen = 32, + .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a" "\x75\x86\x60\x2d\x25\x3c\xff\xf9" "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1" "\xad\x9b\x4c\x5c\x85\xe1\xda\xae" "\xee\x81\x4e\xd7\xdb\x74\xcf\x58" "\x65\x39\xf8\xde", - .rlen = 32 + 20, + .clen = 32 + 20, }, { /* RFC 3602 Case 3 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13064,9 +13044,9 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { .assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb" "\xd9\xcd\x27\xd8\x25\x68\x2c\x81", .alen = 16, - .input = "This is a 48-byte message (exactly 3 AES blocks)", - .ilen = 48, - .result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53" + .ptext = "This is a 48-byte message (exactly 3 AES blocks)", + .plen = 48, + .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53" "\xd4\x93\x66\x5d\x33\xf0\xe8\x86" "\x2d\xea\x54\xcd\xb2\x93\xab\xc7" "\x50\x69\x39\x27\x67\x72\xf8\xd5" @@ -13075,7 +13055,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\xc2\xec\x0c\xf8\x7f\x05\xba\xca" "\xff\xee\x4c\xd0\x93\xe6\x36\x7f" "\x8d\x62\xf2\x1e", - .rlen = 48 + 20, + .clen = 48 + 20, }, { /* RFC 3602 Case 4 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13096,7 +13076,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { .assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c" "\x44\x69\x9e\xd7\xdb\x51\xb7\xd9", .alen = 16, - .input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" + .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" @@ -13104,8 +13084,8 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf", - .ilen = 64, - .result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e" + .plen = 64, + .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e" "\x6a\xff\x6a\xf0\x86\x9f\x71\xaa" "\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6" "\x84\xdb\x20\x7e\xb0\xef\x8e\x4e" @@ -13116,7 +13096,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\x1c\x45\x57\xa9\x56\xcb\xa9\x2d" "\x18\xac\xf1\xc7\x5d\xd1\xcd\x0d" "\x1d\xbe\xc6\xe9", - .rlen = 64 + 20, + .clen = 64 + 20, }, { /* RFC 3602 Case 5 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13138,7 +13118,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\xe9\x6e\x8c\x08\xab\x46\x57\x63" "\xfd\x09\x8d\x45\xdd\x3f\xf8\x93", .alen = 24, - .input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00" + .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00" "\x8e\x9c\x08\x3d\xb9\x5b\x07\x00" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -13148,8 +13128,8 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\x30\x31\x32\x33\x34\x35\x36\x37" "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01", - .ilen = 80, - .result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6" + .plen = 80, + .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6" "\xa9\x45\x3e\x19\x4e\x12\x08\x49" "\xa4\x87\x0b\x66\xcc\x6b\x99\x65" "\x33\x00\x13\xb4\x89\x8d\xc8\x56" @@ -13162,7 +13142,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\x58\xc6\x84\x75\xe4\xe9\x6b\x0c" "\xe1\xc5\x0b\x73\x4d\x82\x55\xa8" "\x85\xe1\x59\xf7", - .rlen = 80 + 20, + .clen = 80 + 20, }, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13184,7 +13164,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .alen = 16, - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -13192,8 +13172,8 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" + .plen = 64, + .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" "\x71\x78\x18\x3a\x9f\xa0\x71\xe8" "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4" "\xe5\xe7\x38\x76\x3f\x69\x14\x5a" @@ -13204,7 +13184,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\x73\xe3\x19\x3f\x8b\xc9\xc6\xf4" "\x5a\xf1\x5b\xa8\x98\x07\xc5\x36" "\x47\x4c\xfc\x36", - .rlen = 64 + 20, + .clen = 64 + 20, }, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13227,7 +13207,7 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .alen = 16, - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -13235,8 +13215,8 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" + .plen = 64, + .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6" "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d" "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d" @@ -13247,11 +13227,11 @@ static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = { "\xa3\xe8\x9b\x17\xe3\xf4\x7f\xde" "\x1b\x9f\xc6\x81\x26\x43\x4a\x87" "\x51\xee\xd6\x4e", - .rlen = 64 + 20, + .clen = 64 + 20, }, }; -static const struct aead_testvec hmac_sha1_ecb_cipher_null_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha1_ecb_cipher_null_tv_temp[] = { { /* Input data from RFC 2410 Case 1 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13266,13 +13246,13 @@ static const struct aead_testvec hmac_sha1_ecb_cipher_null_enc_tv_temp[] = { "\x00\x00\x00\x00", .klen = 8 + 20 + 0, .iv = "", - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .ilen = 8, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef" + .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef", + .plen = 8, + .ctext = "\x01\x23\x45\x67\x89\xab\xcd\xef" "\x40\xc3\x0a\xa1\xc9\xa0\x28\xab" "\x99\x5e\x19\x04\xd1\x72\xef\xb8" "\x8c\x5e\xe4\x08", - .rlen = 8 + 20, + .clen = 8 + 20, }, { /* Input data from RFC 2410 Case 2 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13287,63 +13267,17 @@ static const struct aead_testvec hmac_sha1_ecb_cipher_null_enc_tv_temp[] = { "\x00\x00\x00\x00", .klen = 8 + 20 + 0, .iv = "", - .input = "Network Security People Have A Strange Sense Of Humor", - .ilen = 53, - .result = "Network Security People Have A Strange Sense Of Humor" - "\x75\x6f\x42\x1e\xf8\x50\x21\xd2" - "\x65\x47\xee\x8e\x1a\xef\x16\xf6" - "\x91\x56\xe4\xd6", - .rlen = 53 + 20, - }, -}; - -static const struct aead_testvec hmac_sha1_ecb_cipher_null_dec_tv_temp[] = { - { -#ifdef __LITTLE_ENDIAN - .key = "\x08\x00" /* rta length */ - "\x01\x00" /* rta type */ -#else - .key = "\x00\x08" /* rta length */ - "\x00\x01" /* rta type */ -#endif - "\x00\x00\x00\x00" /* enc key length */ - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00", - .klen = 8 + 20 + 0, - .iv = "", - .input = "\x01\x23\x45\x67\x89\xab\xcd\xef" - "\x40\xc3\x0a\xa1\xc9\xa0\x28\xab" - "\x99\x5e\x19\x04\xd1\x72\xef\xb8" - "\x8c\x5e\xe4\x08", - .ilen = 8 + 20, - .result = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .rlen = 8, - }, { -#ifdef __LITTLE_ENDIAN - .key = "\x08\x00" /* rta length */ - "\x01\x00" /* rta type */ -#else - .key = "\x00\x08" /* rta length */ - "\x00\x01" /* rta type */ -#endif - "\x00\x00\x00\x00" /* enc key length */ - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00", - .klen = 8 + 20 + 0, - .iv = "", - .input = "Network Security People Have A Strange Sense Of Humor" + .ptext = "Network Security People Have A Strange Sense Of Humor", + .plen = 53, + .ctext = "Network Security People Have A Strange Sense Of Humor" "\x75\x6f\x42\x1e\xf8\x50\x21\xd2" "\x65\x47\xee\x8e\x1a\xef\x16\xf6" "\x91\x56\xe4\xd6", - .ilen = 53 + 20, - .result = "Network Security People Have A Strange Sense Of Humor", - .rlen = 53, + .clen = 53 + 20, }, }; -static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha256_aes_cbc_tv_temp[] = { { /* RFC 3602 Case 1 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13365,15 +13299,15 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { .assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", .alen = 16, - .input = "Single block msg", - .ilen = 16, - .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" + .ptext = "Single block msg", + .plen = 16, + .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" "\x27\x08\x94\x2d\xbe\x77\x18\x1a" "\xcc\xde\x2d\x6a\xae\xf1\x0b\xcc" "\x38\x06\x38\x51\xb4\xb8\xf3\x5b" "\x5c\x34\xa6\xa3\x6e\x0b\x05\xe5" "\x6a\x6d\x44\xaa\x26\xa8\x44\xa5", - .rlen = 16 + 32, + .clen = 16 + 32, }, { /* RFC 3602 Case 2 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13395,12 +13329,12 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { .assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", .alen = 16, - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" + .plen = 32, + .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a" "\x75\x86\x60\x2d\x25\x3c\xff\xf9" "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1" @@ -13408,7 +13342,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\x0e\x06\x58\x8f\xba\xf6\x06\xda" "\x49\x69\x0d\x5b\xd4\x36\x06\x62" "\x35\x5e\x54\x58\x53\x4d\xdf\xbf", - .rlen = 32 + 32, + .clen = 32 + 32, }, { /* RFC 3602 Case 3 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13430,9 +13364,9 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { .assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb" "\xd9\xcd\x27\xd8\x25\x68\x2c\x81", .alen = 16, - .input = "This is a 48-byte message (exactly 3 AES blocks)", - .ilen = 48, - .result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53" + .ptext = "This is a 48-byte message (exactly 3 AES blocks)", + .plen = 48, + .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53" "\xd4\x93\x66\x5d\x33\xf0\xe8\x86" "\x2d\xea\x54\xcd\xb2\x93\xab\xc7" "\x50\x69\x39\x27\x67\x72\xf8\xd5" @@ -13442,7 +13376,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\xe7\xc6\xce\x10\x31\x2f\x9b\x1d" "\x24\x78\xfb\xbe\x02\xe0\x4f\x40" "\x10\xbd\xaa\xc6\xa7\x79\xe0\x1a", - .rlen = 48 + 32, + .clen = 48 + 32, }, { /* RFC 3602 Case 4 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13464,7 +13398,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { .assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c" "\x44\x69\x9e\xd7\xdb\x51\xb7\xd9", .alen = 16, - .input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" + .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" @@ -13472,8 +13406,8 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf", - .ilen = 64, - .result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e" + .plen = 64, + .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e" "\x6a\xff\x6a\xf0\x86\x9f\x71\xaa" "\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6" "\x84\xdb\x20\x7e\xb0\xef\x8e\x4e" @@ -13485,7 +13419,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\xe0\x93\xec\xc9\x9f\xf7\xce\xd8" "\x3f\x54\xe2\x49\x39\xe3\x71\x25" "\x2b\x6c\xe9\x5d\xec\xec\x2b\x64", - .rlen = 64 + 32, + .clen = 64 + 32, }, { /* RFC 3602 Case 5 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13508,7 +13442,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\xe9\x6e\x8c\x08\xab\x46\x57\x63" "\xfd\x09\x8d\x45\xdd\x3f\xf8\x93", .alen = 24, - .input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00" + .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00" "\x8e\x9c\x08\x3d\xb9\x5b\x07\x00" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -13518,8 +13452,8 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\x30\x31\x32\x33\x34\x35\x36\x37" "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01", - .ilen = 80, - .result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6" + .plen = 80, + .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6" "\xa9\x45\x3e\x19\x4e\x12\x08\x49" "\xa4\x87\x0b\x66\xcc\x6b\x99\x65" "\x33\x00\x13\xb4\x89\x8d\xc8\x56" @@ -13533,7 +13467,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\x3a\xd2\xe1\x03\x86\xa5\x59\xb7" "\x73\xc3\x46\x20\x2c\xb1\xef\x68" "\xbb\x8a\x32\x7e\x12\x8c\x69\xcf", - .rlen = 80 + 32, + .clen = 80 + 32, }, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13556,7 +13490,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .alen = 16, - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -13564,8 +13498,8 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" + .plen = 64, + .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" "\x71\x78\x18\x3a\x9f\xa0\x71\xe8" "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4" "\xe5\xe7\x38\x76\x3f\x69\x14\x5a" @@ -13577,7 +13511,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\x61\x81\x31\xea\x5b\x3d\x8e\xfb" "\xca\x71\x85\x93\xf7\x85\x55\x8b" "\x7a\xe4\x94\xca\x8b\xba\x19\x33", - .rlen = 64 + 32, + .clen = 64 + 32, }, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13601,7 +13535,7 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .alen = 16, - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -13609,8 +13543,8 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" + .plen = 64, + .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6" "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d" "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d" @@ -13622,11 +13556,11 @@ static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = { "\x8f\x74\xbd\x17\x92\x03\xbe\x8f" "\xf3\x61\xde\x1c\xe9\xdb\xcd\xd0" "\xcc\xce\xe9\x85\x57\xcf\x6f\x5f", - .rlen = 64 + 32, + .clen = 64 + 32, }, }; -static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha512_aes_cbc_tv_temp[] = { { /* RFC 3602 Case 1 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13652,9 +13586,9 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { .assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", .alen = 16, - .input = "Single block msg", - .ilen = 16, - .result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" + .ptext = "Single block msg", + .plen = 16, + .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" "\x27\x08\x94\x2d\xbe\x77\x18\x1a" "\x3f\xdc\xad\x90\x03\x63\x5e\x68" "\xc3\x13\xdd\xa4\x5c\x4d\x54\xa7" @@ -13664,7 +13598,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xe8\x9a\x7c\x06\x3d\xcb\xff\xb2" "\xfa\x20\x89\xdd\x9c\xac\x9e\x16" "\x18\x8a\xa0\x6d\x01\x6c\xa3\x3a", - .rlen = 16 + 64, + .clen = 16 + 64, }, { /* RFC 3602 Case 2 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13690,12 +13624,12 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { .assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", .alen = 16, - .input = "\x00\x01\x02\x03\x04\x05\x06\x07" + .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", - .ilen = 32, - .result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" + .plen = 32, + .ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a" "\x3a\x86\x30\x28\xb5\xe1\xdc\x0a" "\x75\x86\x60\x2d\x25\x3c\xff\xf9" "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1" @@ -13707,7 +13641,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\x46\x32\x7c\x41\x9c\x59\x3e\xe9" "\x8f\x9f\xd4\x31\xd6\x22\xbd\xf8" "\xf7\x0a\x94\xe5\xa9\xc3\xf6\x9d", - .rlen = 32 + 64, + .clen = 32 + 64, }, { /* RFC 3602 Case 3 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13733,9 +13667,9 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { .assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb" "\xd9\xcd\x27\xd8\x25\x68\x2c\x81", .alen = 16, - .input = "This is a 48-byte message (exactly 3 AES blocks)", - .ilen = 48, - .result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53" + .ptext = "This is a 48-byte message (exactly 3 AES blocks)", + .plen = 48, + .ctext = "\xd0\xa0\x2b\x38\x36\x45\x17\x53" "\xd4\x93\x66\x5d\x33\xf0\xe8\x86" "\x2d\xea\x54\xcd\xb2\x93\xab\xc7" "\x50\x69\x39\x27\x67\x72\xf8\xd5" @@ -13749,7 +13683,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\x08\xea\x29\x6c\x74\x67\x3f\xb0" "\xac\x7f\x5c\x1d\xf5\xee\x22\x66" "\x27\xa6\xb6\x13\xba\xba\xf0\xc2", - .rlen = 48 + 64, + .clen = 48 + 64, }, { /* RFC 3602 Case 4 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13775,7 +13709,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { .assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c" "\x44\x69\x9e\xd7\xdb\x51\xb7\xd9", .alen = 16, - .input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" + .ptext = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7" "\xa8\xa9\xaa\xab\xac\xad\xae\xaf" "\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7" "\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf" @@ -13783,8 +13717,8 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf" "\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7" "\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf", - .ilen = 64, - .result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e" + .plen = 64, + .ctext = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e" "\x6a\xff\x6a\xf0\x86\x9f\x71\xaa" "\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6" "\x84\xdb\x20\x7e\xb0\xef\x8e\x4e" @@ -13800,7 +13734,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xbc\x6f\xed\xd5\x8d\xde\x23\x7c" "\x62\x98\x14\xd7\x2f\x37\x8d\xdf" "\xf4\x33\x80\xeb\x8e\xb4\xa4\xda", - .rlen = 64 + 64, + .clen = 64 + 64, }, { /* RFC 3602 Case 5 */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13827,7 +13761,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xe9\x6e\x8c\x08\xab\x46\x57\x63" "\xfd\x09\x8d\x45\xdd\x3f\xf8\x93", .alen = 24, - .input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00" + .ptext = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00" "\x8e\x9c\x08\x3d\xb9\x5b\x07\x00" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -13837,8 +13771,8 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\x30\x31\x32\x33\x34\x35\x36\x37" "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01", - .ilen = 80, - .result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6" + .plen = 80, + .ctext = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6" "\xa9\x45\x3e\x19\x4e\x12\x08\x49" "\xa4\x87\x0b\x66\xcc\x6b\x99\x65" "\x33\x00\x13\xb4\x89\x8d\xc8\x56" @@ -13856,7 +13790,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\x92\x26\xc1\x76\x20\x11\xeb\xba" "\x62\x4f\x9a\x62\x25\xc3\x75\x80" "\xb7\x0a\x17\xf5\xd7\x94\xb4\x14", - .rlen = 80 + 64, + .clen = 80 + 64, }, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13883,7 +13817,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .alen = 16, - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -13891,8 +13825,8 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" + .plen = 64, + .ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d" "\x71\x78\x18\x3a\x9f\xa0\x71\xe8" "\xb4\xd9\xad\xa9\xad\x7d\xed\xf4" "\xe5\xe7\x38\x76\x3f\x69\x14\x5a" @@ -13908,7 +13842,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xba\x03\xd5\x32\xfa\x5f\x41\x58" "\x8d\x43\x98\xa7\x94\x16\x07\x02" "\x0f\xb6\x81\x50\x28\x95\x2e\x75", - .rlen = 64 + 64, + .clen = 64 + 64, }, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13936,7 +13870,7 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", .alen = 16, - .input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" + .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" "\x9e\xb7\x6f\xac\x45\xaf\x8e\x51" @@ -13944,8 +13878,8 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xe5\xfb\xc1\x19\x1a\x0a\x52\xef" "\xf6\x9f\x24\x45\xdf\x4f\x9b\x17" "\xad\x2b\x41\x7b\xe6\x6c\x37\x10", - .ilen = 64, - .result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" + .plen = 64, + .ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba" "\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6" "\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d" "\x67\x9f\x77\x7b\xc6\x70\x2c\x7d" @@ -13961,11 +13895,11 @@ static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = { "\xe3\x8d\x64\xc3\x8d\xff\x7c\x8c" "\xdb\xbf\xa0\xb4\x01\xa2\xa8\xa2" "\x2c\xb1\x62\x2c\x10\xca\xf1\x21", - .rlen = 64 + 64, + .clen = 64 + 64, }, }; -static const struct aead_testvec hmac_sha1_des_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha1_des_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -13984,7 +13918,7 @@ static const struct aead_testvec hmac_sha1_des_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14000,8 +13934,8 @@ static const struct aead_testvec hmac_sha1_des_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" + .plen = 128, + .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" "\x54\x31\x85\x37\xed\x6b\x01\x8d" "\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1" "\x41\xaa\x33\x91\xa7\x7d\x99\x88" @@ -14020,11 +13954,11 @@ static const struct aead_testvec hmac_sha1_des_cbc_enc_tv_temp[] = { "\x95\x16\x20\x09\xf5\x95\x19\xfd" "\x3c\xc7\xe0\x42\xc0\x14\x69\xfa" "\x5c\x44\xa9\x37", - .rlen = 128 + 20, + .clen = 128 + 20, }, }; -static const struct aead_testvec hmac_sha224_des_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha224_des_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14043,7 +13977,7 @@ static const struct aead_testvec hmac_sha224_des_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14059,8 +13993,8 @@ static const struct aead_testvec hmac_sha224_des_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" + .plen = 128, + .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" "\x54\x31\x85\x37\xed\x6b\x01\x8d" "\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1" "\x41\xaa\x33\x91\xa7\x7d\x99\x88" @@ -14079,11 +14013,11 @@ static const struct aead_testvec hmac_sha224_des_cbc_enc_tv_temp[] = { "\x9c\x2d\x7e\xee\x20\x34\x55\x0a" "\xce\xb5\x4e\x64\x53\xe7\xbf\x91" "\xab\xd4\xd9\xda\xc9\x12\xae\xf7", - .rlen = 128 + 24, + .clen = 128 + 24, }, }; -static const struct aead_testvec hmac_sha256_des_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha256_des_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14103,7 +14037,7 @@ static const struct aead_testvec hmac_sha256_des_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14119,8 +14053,8 @@ static const struct aead_testvec hmac_sha256_des_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" + .plen = 128, + .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" "\x54\x31\x85\x37\xed\x6b\x01\x8d" "\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1" "\x41\xaa\x33\x91\xa7\x7d\x99\x88" @@ -14140,11 +14074,11 @@ static const struct aead_testvec hmac_sha256_des_cbc_enc_tv_temp[] = { "\x50\xf6\x5d\xab\x4b\x51\x4e\x5e" "\xde\x63\xde\x76\x52\xde\x9f\xba" "\x90\xcf\x15\xf2\xbb\x6e\x84\x00", - .rlen = 128 + 32, + .clen = 128 + 32, }, }; -static const struct aead_testvec hmac_sha384_des_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha384_des_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14166,7 +14100,7 @@ static const struct aead_testvec hmac_sha384_des_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14182,8 +14116,8 @@ static const struct aead_testvec hmac_sha384_des_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" + .plen = 128, + .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" "\x54\x31\x85\x37\xed\x6b\x01\x8d" "\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1" "\x41\xaa\x33\x91\xa7\x7d\x99\x88" @@ -14205,11 +14139,11 @@ static const struct aead_testvec hmac_sha384_des_cbc_enc_tv_temp[] = { "\x5e\x67\xb5\x74\xe7\xe7\x85\x61" "\x6a\x95\x26\x75\xcc\x53\x89\xf3" "\x74\xc9\x2a\x76\x20\xa2\x64\x62", - .rlen = 128 + 48, + .clen = 128 + 48, }, }; -static const struct aead_testvec hmac_sha512_des_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha512_des_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14233,7 +14167,7 @@ static const struct aead_testvec hmac_sha512_des_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14249,8 +14183,8 @@ static const struct aead_testvec hmac_sha512_des_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" + .plen = 128, + .ctext = "\x70\xd6\xde\x64\x87\x17\xf1\xe8" "\x54\x31\x85\x37\xed\x6b\x01\x8d" "\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1" "\x41\xaa\x33\x91\xa7\x7d\x99\x88" @@ -14274,11 +14208,11 @@ static const struct aead_testvec hmac_sha512_des_cbc_enc_tv_temp[] = { "\x97\xe2\xe3\xb8\xaa\x48\x85\xee" "\x8c\xf6\x07\x95\x1f\xa6\x6c\x96" "\x99\xc7\x5c\x8d\xd8\xb5\x68\x7b", - .rlen = 128 + 64, + .clen = 128 + 64, }, }; -static const struct aead_testvec hmac_sha1_des3_ede_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha1_des3_ede_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14299,7 +14233,7 @@ static const struct aead_testvec hmac_sha1_des3_ede_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14315,8 +14249,8 @@ static const struct aead_testvec hmac_sha1_des3_ede_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" + .plen = 128, + .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" "\x12\x56\x5c\x53\x96\xb6\x00\x7d" @@ -14335,11 +14269,11 @@ static const struct aead_testvec hmac_sha1_des3_ede_cbc_enc_tv_temp[] = { "\x67\x6d\xb1\xf5\xb8\x10\xdc\xc6" "\x75\x86\x96\x6b\xb1\xc5\xe4\xcf" "\xd1\x60\x91\xb3", - .rlen = 128 + 20, + .clen = 128 + 20, }, }; -static const struct aead_testvec hmac_sha224_des3_ede_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha224_des3_ede_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14360,7 +14294,7 @@ static const struct aead_testvec hmac_sha224_des3_ede_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14376,8 +14310,8 @@ static const struct aead_testvec hmac_sha224_des3_ede_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" + .plen = 128, + .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" "\x12\x56\x5c\x53\x96\xb6\x00\x7d" @@ -14396,11 +14330,11 @@ static const struct aead_testvec hmac_sha224_des3_ede_cbc_enc_tv_temp[] = { "\x15\x24\x7f\x5a\x45\x4a\x66\xce" "\x2b\x0b\x93\x99\x2f\x9d\x0c\x6c" "\x56\x1f\xe1\xa6\x41\xb2\x4c\xd0", - .rlen = 128 + 24, + .clen = 128 + 24, }, }; -static const struct aead_testvec hmac_sha256_des3_ede_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha256_des3_ede_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14422,7 +14356,7 @@ static const struct aead_testvec hmac_sha256_des3_ede_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14438,8 +14372,8 @@ static const struct aead_testvec hmac_sha256_des3_ede_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" + .plen = 128, + .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" "\x12\x56\x5c\x53\x96\xb6\x00\x7d" @@ -14459,11 +14393,11 @@ static const struct aead_testvec hmac_sha256_des3_ede_cbc_enc_tv_temp[] = { "\x56\x38\x44\xc0\xdb\xe3\x4f\x71" "\xf7\xce\xd1\xd3\xf8\xbd\x3e\x4f" "\xca\x43\x95\xdf\x80\x61\x81\xa9", - .rlen = 128 + 32, + .clen = 128 + 32, }, }; -static const struct aead_testvec hmac_sha384_des3_ede_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha384_des3_ede_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14487,7 +14421,7 @@ static const struct aead_testvec hmac_sha384_des3_ede_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14503,8 +14437,8 @@ static const struct aead_testvec hmac_sha384_des3_ede_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" + .plen = 128, + .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" "\x12\x56\x5c\x53\x96\xb6\x00\x7d" @@ -14526,11 +14460,11 @@ static const struct aead_testvec hmac_sha384_des3_ede_cbc_enc_tv_temp[] = { "\xa4\x32\x8a\x0b\x46\xd7\xf0\x39" "\x36\x5d\x13\x2f\x86\x10\x78\xd6" "\xd6\xbe\x5c\xb9\x15\x89\xf9\x1b", - .rlen = 128 + 48, + .clen = 128 + 48, }, }; -static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = { +static const struct aead_testvec hmac_sha512_des3_ede_cbc_tv_temp[] = { { /*Generated with cryptopp*/ #ifdef __LITTLE_ENDIAN .key = "\x08\x00" /* rta length */ @@ -14556,7 +14490,7 @@ static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = { .assoc = "\x00\x00\x43\x21\x00\x00\x00\x01" "\x7D\x33\x88\x93\x0F\x93\xB2\x42", .alen = 16, - .input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" + .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" "\x20\x79\x65\x53\x72\x63\x74\x65" @@ -14572,8 +14506,8 @@ static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = { "\x20\x6f\x61\x4d\x79\x6e\x53\x20" "\x63\x65\x65\x72\x73\x74\x54\x20" "\x6f\x6f\x4d\x20\x6e\x61\x0a\x79", - .ilen = 128, - .result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" + .plen = 128, + .ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4" "\x67\x17\x21\xc7\x6e\x8a\xd5\x49" "\x74\xb3\x49\x05\xc5\x1c\xd0\xed" "\x12\x56\x5c\x53\x96\xb6\x00\x7d" @@ -14597,7 +14531,7 @@ static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = { "\x2a\x74\xd4\x65\x12\xcb\x55\xf2" "\xd5\x02\x6d\xe6\xaf\xc9\x2f\xf2" "\x57\xaa\x85\xf7\xf3\x6a\xcb\xdb", - .rlen = 128 + 64, + .clen = 128 + 64, }, }; @@ -16732,30 +16666,30 @@ static const struct cipher_testvec aes_ofb_tv_template[] = { } }; -static const struct aead_testvec aes_gcm_enc_tv_template[] = { +static const struct aead_testvec aes_gcm_tv_template[] = { { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ .key = zeroed_string, .klen = 16, - .result = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61" + .ctext = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61" "\x36\x7f\x1d\x57\xa4\xe7\x45\x5a", - .rlen = 16, + .clen = 16, }, { .key = zeroed_string, .klen = 16, - .input = zeroed_string, - .ilen = 16, - .result = "\x03\x88\xda\xce\x60\xb6\xa3\x92" + .ptext = zeroed_string, + .plen = 16, + .ctext = "\x03\x88\xda\xce\x60\xb6\xa3\x92" "\xf3\x28\xc2\xb9\x71\xb2\xfe\x78" "\xab\x6e\x47\xd4\x2c\xec\x13\xbd" "\xf5\x3a\x67\xb2\x12\x57\xbd\xdf", - .rlen = 32, + .clen = 32, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08", .klen = 16, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16763,8 +16697,8 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", - .ilen = 64, - .result = "\x42\x83\x1e\xc2\x21\x77\x74\x24" + .plen = 64, + .ctext = "\x42\x83\x1e\xc2\x21\x77\x74\x24" "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" @@ -16774,14 +16708,14 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x3d\x58\xe0\x91\x47\x3f\x59\x85" "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6" "\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4", - .rlen = 80, + .clen = 80, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08", .klen = 16, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16789,12 +16723,12 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39", - .ilen = 60, + .plen = 60, .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xab\xad\xda\xd2", .alen = 20, - .result = "\x42\x83\x1e\xc2\x21\x77\x74\x24" + .ctext = "\x42\x83\x1e\xc2\x21\x77\x74\x24" "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" @@ -16804,23 +16738,23 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x3d\x58\xe0\x91" "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb" "\x94\xfa\xe9\x5a\xe7\x12\x1a\x47", - .rlen = 76, + .clen = 76, }, { .key = zeroed_string, .klen = 24, - .result = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b" + .ctext = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b" "\xa0\x0e\xd1\xf3\x12\x57\x24\x35", - .rlen = 16, + .clen = 16, }, { .key = zeroed_string, .klen = 24, - .input = zeroed_string, - .ilen = 16, - .result = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41" + .ptext = zeroed_string, + .plen = 16, + .ctext = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41" "\x1c\x26\x7e\x43\x84\xb0\xf6\x00" "\x2f\xf5\x8d\x80\x03\x39\x27\xab" "\x8e\xf4\xd4\x58\x75\x14\xf0\xfb", - .rlen = 32, + .clen = 32, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -16828,7 +16762,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { .klen = 24, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16836,8 +16770,8 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", - .ilen = 64, - .result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" + .plen = 64, + .ctext = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" @@ -16847,7 +16781,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\xcc\xda\x27\x10\xac\xad\xe2\x56" "\x99\x24\xa7\xc8\x58\x73\x36\xbf" "\xb1\x18\x02\x4d\xb8\x67\x4a\x14", - .rlen = 80, + .clen = 80, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -16855,7 +16789,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { .klen = 24, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16863,12 +16797,12 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39", - .ilen = 60, + .plen = 60, .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xab\xad\xda\xd2", .alen = 20, - .result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" + .ctext = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" @@ -16878,7 +16812,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\xcc\xda\x27\x10" "\x25\x19\x49\x8e\x80\xf1\x47\x8f" "\x37\xba\x55\xbd\x6d\x27\x61\x8c", - .rlen = 76, + .clen = 76, .np = 2, .tap = { 32, 28 }, .anp = 2, @@ -16886,19 +16820,19 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { }, { .key = zeroed_string, .klen = 32, - .result = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9" + .ctext = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9" "\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b", - .rlen = 16, + .clen = 16, }, { .key = zeroed_string, .klen = 32, - .input = zeroed_string, - .ilen = 16, - .result = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" + .ptext = zeroed_string, + .plen = 16, + .ctext = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" "\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0" "\x26\x5b\x98\xb5\xd4\x8a\xb9\x19", - .rlen = 32, + .clen = 32, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -16907,7 +16841,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { .klen = 32, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16915,8 +16849,8 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", - .ilen = 64, - .result = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" + .plen = 64, + .ctext = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" @@ -16926,7 +16860,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\xbc\xc9\xf6\x62\x89\x80\x15\xad" "\xb0\x94\xda\xc5\xd9\x34\x71\xbd" "\xec\x1a\x50\x22\x70\xe3\xcc\x6c", - .rlen = 80, + .clen = 80, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" @@ -16935,7 +16869,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { .klen = 32, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16943,12 +16877,12 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39", - .ilen = 60, + .plen = 60, .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xab\xad\xda\xd2", .alen = 20, - .result = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" + .ctext = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" @@ -16958,7 +16892,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\xbc\xc9\xf6\x62" "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b", - .rlen = 76, + .clen = 76, .np = 2, .tap = { 48, 12 }, .anp = 3, @@ -16970,7 +16904,7 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { .klen = 24, .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" "\xde\xca\xf8\x88", - .input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" + .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" "\x86\xa7\xa9\x53\x15\x34\xf7\xda" "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" @@ -16978,12 +16912,12 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" "\xba\x63\x7b\x39", - .ilen = 60, + .plen = 60, .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xfe\xed\xfa\xce\xde\xad\xbe\xef" "\xab\xad\xda\xd2", .alen = 20, - .result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" + .ctext = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" @@ -16993,300 +16927,98 @@ static const struct aead_testvec aes_gcm_enc_tv_template[] = { "\xcc\xda\x27\x10" "\x25\x19\x49\x8e\x80\xf1\x47\x8f" "\x37\xba\x55\xbd\x6d\x27\x61\x8c", - .rlen = 76, + .clen = 76, } }; -static const struct aead_testvec aes_gcm_dec_tv_template[] = { - { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ +static const struct aead_testvec aes_gcm_rfc4106_tv_template[] = { + { /* Generated using Crypto++ */ .key = zeroed_string, - .klen = 32, - .input = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" - "\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" - "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0" - "\x26\x5b\x98\xb5\xd4\x8a\xb9\x19", - .ilen = 32, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + .klen = 20, + .iv = zeroed_string, + .ptext = zeroed_string, + .plen = 16, + .assoc = zeroed_string, + .alen = 16, + .ctext = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92" + "\xF3\x28\xC2\xB9\x71\xB2\xFE\x78" + "\x97\xFE\x4C\x23\x37\x42\x01\xE0" + "\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B", + .clen = 32, + },{ + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08", - .klen = 32, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .input = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" - "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" - "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" - "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" - "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" - "\xa7\xb0\x8b\x10\x56\x82\x88\x38" - "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" - "\xbc\xc9\xf6\x62\x89\x80\x15\xad" - "\xb0\x94\xda\xc5\xd9\x34\x71\xbd" - "\xec\x1a\x50\x22\x70\xe3\xcc\x6c", - .ilen = 80, - .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", - .rlen = 64, + "\x00\x00\x00\x00", + .klen = 20, + .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", + .ptext = zeroed_string, + .plen = 16, + .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x01", + .alen = 16, + .ctext = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18" + "\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28" + "\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D" + "\x2F\x70\x44\x92\xF7\xF2\xE3\xEF", + .clen = 32, + }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08", - .klen = 32, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .input = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" - "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" - "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" - "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" - "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" - "\xa7\xb0\x8b\x10\x56\x82\x88\x38" - "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" - "\xbc\xc9\xf6\x62" - "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" - "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b", - .ilen = 76, - .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xab\xad\xda\xd2", - .alen = 20, - .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39", - .rlen = 60, - .np = 2, - .tap = { 48, 28 }, - .anp = 3, - .atap = { 8, 8, 4 } + "\x00\x00\x00\x00", + .klen = 20, + .iv = zeroed_string, + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01", + .plen = 16, + .assoc = zeroed_string, + .alen = 16, + .ctext = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE" + "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC" + "\x0B\x8F\x88\x69\x17\xE6\xB4\x3C" + "\xB1\x68\xFD\x14\x52\x64\x61\xB2", + .clen = 32, }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08", - .klen = 16, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .input = "\x42\x83\x1e\xc2\x21\x77\x74\x24" - "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" - "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" - "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" - "\x21\xd5\x14\xb2\x54\x66\x93\x1c" - "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" - "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" - "\x3d\x58\xe0\x91\x47\x3f\x59\x85" - "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6" - "\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4", - .ilen = 80, - .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", - .rlen = 64, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08", - .klen = 16, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .input = "\x42\x83\x1e\xc2\x21\x77\x74\x24" - "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" - "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" - "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" - "\x21\xd5\x14\xb2\x54\x66\x93\x1c" - "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" - "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" - "\x3d\x58\xe0\x91" - "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb" - "\x94\xfa\xe9\x5a\xe7\x12\x1a\x47", - .ilen = 76, - .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xab\xad\xda\xd2", - .alen = 20, - .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39", - .rlen = 60, - }, { - .key = zeroed_string, - .klen = 24, - .input = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41" - "\x1c\x26\x7e\x43\x84\xb0\xf6\x00" - "\x2f\xf5\x8d\x80\x03\x39\x27\xab" - "\x8e\xf4\xd4\x58\x75\x14\xf0\xfb", - .ilen = 32, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\xfe\xff\xe9\x92\x86\x65\x73\x1c", - .klen = 24, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .input = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" - "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" - "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" - "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" - "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" - "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" - "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" - "\xcc\xda\x27\x10\xac\xad\xe2\x56" - "\x99\x24\xa7\xc8\x58\x73\x36\xbf" - "\xb1\x18\x02\x4d\xb8\x67\x4a\x14", - .ilen = 80, - .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39\x1a\xaf\xd2\x55", - .rlen = 64, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\xfe\xff\xe9\x92\x86\x65\x73\x1c", - .klen = 24, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .input = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" - "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" - "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" - "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" - "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" - "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" - "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" - "\xcc\xda\x27\x10" - "\x25\x19\x49\x8e\x80\xf1\x47\x8f" - "\x37\xba\x55\xbd\x6d\x27\x61\x8c", - .ilen = 76, - .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xab\xad\xda\xd2", - .alen = 20, - .result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39", - .rlen = 60, - } -}; - -static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { - { /* Generated using Crypto++ */ - .key = zeroed_string, - .klen = 20, - .iv = zeroed_string, - .input = zeroed_string, - .ilen = 16, - .assoc = zeroed_string, - .alen = 16, - .result = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92" - "\xF3\x28\xC2\xB9\x71\xB2\xFE\x78" - "\x97\xFE\x4C\x23\x37\x42\x01\xE0" - "\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B", - .rlen = 32, - },{ - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", - .klen = 20, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = zeroed_string, - .ilen = 16, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18" - "\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28" - "\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D" - "\x2F\x70\x44\x92\xF7\xF2\xE3\xEF", - .rlen = 32, - - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", - .klen = 20, - .iv = zeroed_string, - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 16, - .assoc = zeroed_string, - .alen = 16, - .result = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE" - "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC" - "\x0B\x8F\x88\x69\x17\xE6\xB4\x3C" - "\xB1\x68\xFD\x14\x52\x64\x61\xB2", - .rlen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", - .klen = 20, - .iv = zeroed_string, - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 16, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .result = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE" - "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC" - "\x90\x92\xB7\xE3\x5F\xA3\x9A\x63" - "\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5", - .rlen = 32, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\x00\x00\x00\x00", + .klen = 20, + .iv = zeroed_string, + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01", + .plen = 16, + .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .alen = 16, + .ctext = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE" + "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC" + "\x90\x92\xB7\xE3\x5F\xA3\x9A\x63" + "\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5", + .clen = 32, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\x00\x00\x00\x00", .klen = 20, .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 16, + .plen = 16, .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" "\x00\x00\x00\x00\x00\x00\x00\x01", .alen = 16, - .result = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19" + .ctext = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19" "\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29" "\x64\x50\xF9\x32\x13\xFB\x74\x61" "\xF4\xED\x52\xD3\xC5\x10\x55\x3C", - .rlen = 32, + .clen = 32, }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" "\x00\x00\x00\x00", .klen = 20, .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" "\x01\x01\x01\x01\x01\x01\x01\x01" "\x01\x01\x01\x01\x01\x01\x01\x01" "\x01\x01\x01\x01\x01\x01\x01\x01" @@ -17294,11 +17026,11 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x01\x01\x01\x01\x01\x01\x01\x01" "\x01\x01\x01\x01\x01\x01\x01\x01" "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 64, + .plen = 64, .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" "\x00\x00\x00\x00\x00\x00\x00\x01", .alen = 16, - .result = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19" + .ctext = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19" "\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29" "\x98\x14\xA1\x42\x37\x80\xFD\x90" "\x68\x12\x01\xA8\x91\x89\xB9\x83" @@ -17308,14 +17040,14 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xDC\xD3\xDA\x65\x73\xAF\x80\xCD" "\xD2\xB6\xC2\x4A\x76\xC2\x92\x85" "\xBD\xCF\x62\x98\x58\x14\xE5\xBD", - .rlen = 80, + .clen = 80, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x00\x00\x00\x00", .klen = 20, .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef", - .input = "\xff\xff\xff\xff\xff\xff\xff\xff" + .ptext = "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff" @@ -17339,12 +17071,12 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff" "\xff\xff\xff\xff\xff\xff\xff\xff", - .ilen = 192, + .plen = 192, .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\x00\x00\x45\x67" "\x89\xab\xcd\xef", .alen = 20, - .result = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE" + .ctext = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE" "\xDE\x89\x3D\x42\xE7\xC9\x69\x8A" "\x44\x6D\xC3\x88\x46\x2E\xC2\x01" "\x5E\xF6\x0C\x39\xF0\xC4\xA5\x82" @@ -17370,14 +17102,14 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x2E\xD5\x03\x2E\x86\x7E\xAA\x3B" "\x37\x08\x1C\xCF\xBA\x5D\x71\x46" "\x80\x72\xB0\x4C\x82\x0D\x60\x3C", - .rlen = 208, + .clen = 208, }, { /* From draft-mcgrew-gcm-test-01 */ .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" "\x2E\x44\x3B\x68", .klen = 20, .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE", - .input = "\x45\x00\x00\x48\x69\x9A\x00\x00" + .ptext = "\x45\x00\x00\x48\x69\x9A\x00\x00" "\x80\x11\x4D\xB7\xC0\xA8\x01\x02" "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56" "\x38\xD3\x01\x00\x00\x01\x00\x00" @@ -17386,12 +17118,12 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x69\x70\x09\x63\x79\x62\x65\x72" "\x63\x69\x74\x79\x02\x64\x6B\x00" "\x00\x21\x00\x01\x01\x02\x02\x01", - .ilen = 72, + .plen = 72, .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" "\x00\x00\x00\x00\x49\x56\xED\x7E" "\x3B\x24\x4C\xFE", .alen = 20, - .result = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07" + .ctext = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07" "\xDC\x30\xDF\x52\x8D\xD2\x2B\x76" "\x8D\x1B\x98\x73\x66\x96\xA6\xFD" "\x34\x85\x09\xFA\x13\xCE\xAC\x34" @@ -17402,14 +17134,14 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x61\xBC\x17\xD7\x68\xFD\x97\x32" "\x45\x90\x18\x14\x8F\x6C\xBE\x72" "\x2F\xD0\x47\x96\x56\x2D\xFD\xB4", - .rlen = 88, + .clen = 88, }, { .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" "\x6D\x6A\x8F\x94\x67\x30\x83\x08" "\xCA\xFE\xBA\xBE", .klen = 20, .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .input = "\x45\x00\x00\x3E\x69\x8F\x00\x00" + .ptext = "\x45\x00\x00\x3E\x69\x8F\x00\x00" "\x80\x11\x4D\xCC\xC0\xA8\x01\x02" "\xC0\xA8\x01\x01\x0A\x98\x00\x35" "\x00\x2A\x23\x43\xB2\xD0\x01\x00" @@ -17417,11 +17149,11 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x03\x73\x69\x70\x09\x63\x79\x62" "\x65\x72\x63\x69\x74\x79\x02\x64" "\x6B\x00\x00\x01\x00\x01\x00\x01", - .ilen = 64, + .plen = 64, .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", .alen = 16, - .result = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1" + .ctext = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1" "\x6E\x3A\x65\xBE\xEB\x8D\xF3\x04" "\xA5\xA5\x89\x7D\x33\xAE\x53\x0F" "\x1B\xA7\x6D\x5D\x11\x4D\x2A\x5C" @@ -17431,7 +17163,7 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xEC\x3B\x9B\xA9\x5D\x91\x8B\xD1" "\x83\xB7\x0D\x3A\xA8\xBC\x6E\xE4" "\xC3\x09\xE9\xD8\x5A\x41\xAD\x4A", - .rlen = 80, + .clen = 80, }, { .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" "\x34\x45\x56\x67\x78\x89\x9A\xAB" @@ -17440,18 +17172,18 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x11\x22\x33\x44", .klen = 36, .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", - .input = "\x45\x00\x00\x30\x69\xA6\x40\x00" + .ptext = "\x45\x00\x00\x30\x69\xA6\x40\x00" "\x80\x06\x26\x90\xC0\xA8\x01\x02" "\x93\x89\x15\x5E\x0A\x9E\x00\x8B" "\x2D\xC5\x7E\xE0\x00\x00\x00\x00" "\x70\x02\x40\x00\x20\xBF\x00\x00" "\x02\x04\x05\xB4\x01\x01\x04\x02" "\x01\x02\x02\x01", - .ilen = 52, + .plen = 52, .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02" "\x01\x02\x03\x04\x05\x06\x07\x08", .alen = 16, - .result = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF" + .ctext = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF" "\x7A\x3B\xCD\x51\x01\x94\xE0\x0D" "\x6A\x78\x10\x7F\x1B\x0B\x1C\xBF" "\x06\xEF\xAE\x9D\x65\xA5\xD7\x63" @@ -17460,14 +17192,14 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xEF\x84\x2D\x8E\xB3\x35\xF4\xEE" "\xCF\xDB\xF8\x31\x82\x4B\x4C\x49" "\x15\x95\x6C\x96", - .rlen = 68, + .clen = 68, }, { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00", .klen = 20, .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x45\x00\x00\x3C\x99\xC5\x00\x00" + .ptext = "\x45\x00\x00\x3C\x99\xC5\x00\x00" "\x80\x01\xCB\x7A\x40\x67\x93\x18" "\x01\x01\x01\x01\x08\x00\x07\x5C" "\x02\x00\x44\x00\x61\x62\x63\x64" @@ -17475,11 +17207,11 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x6D\x6E\x6F\x70\x71\x72\x73\x74" "\x75\x76\x77\x61\x62\x63\x64\x65" "\x66\x67\x68\x69\x01\x02\x02\x01", - .ilen = 64, + .plen = 64, .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01" "\x00\x00\x00\x00\x00\x00\x00\x00", .alen = 16, - .result = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92" + .ctext = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92" "\x73\x29\x09\xC3\x31\xD5\x6D\x60" "\xF6\x94\xAB\xAA\x41\x4B\x5E\x7F" "\xF5\xFD\xCD\xFF\xF5\xE9\xA2\x84" @@ -17489,14 +17221,14 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x1D\x19\xD4\xD5\xC8\xC1\x8A\xF3" "\xF8\x21\xD4\x96\xEE\xB0\x96\xE9" "\x8A\xD2\xB6\x9E\x47\x99\xC7\x1D", - .rlen = 80, + .clen = 80, }, { .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" "\x57\x69\x0E\x43", .klen = 20, .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x3C\x99\xC3\x00\x00" + .ptext = "\x45\x00\x00\x3C\x99\xC3\x00\x00" "\x80\x01\xCB\x7C\x40\x67\x93\x18" "\x01\x01\x01\x01\x08\x00\x08\x5C" "\x02\x00\x43\x00\x61\x62\x63\x64" @@ -17504,12 +17236,12 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x6D\x6E\x6F\x70\x71\x72\x73\x74" "\x75\x76\x77\x61\x62\x63\x64\x65" "\x66\x67\x68\x69\x01\x02\x02\x01", - .ilen = 64, + .plen = 64, .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" "\x10\x10\x10\x10\x4E\x28\x00\x00" "\xA2\xFC\xA1\xA3", .alen = 20, - .result = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0" + .ctext = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0" "\xF2\x2C\xB1\x0D\x86\xDD\x83\xB0" "\xFE\xC7\x56\x91\xCF\x1A\x04\xB0" "\x0D\x11\x38\xEC\x9C\x35\x79\x17" @@ -17519,29 +17251,29 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x1F\x5E\x22\x73\x95\x30\x32\x0A" "\xE0\xD7\x31\xCC\x97\x8E\xCA\xFA" "\xEA\xE8\x8F\x00\xE8\x0D\x6E\x48", - .rlen = 80, + .clen = 80, }, { .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" "\x57\x69\x0E\x43", .klen = 20, .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x1C\x42\xA2\x00\x00" + .ptext = "\x45\x00\x00\x1C\x42\xA2\x00\x00" "\x80\x01\x44\x1F\x40\x67\x93\xB6" "\xE0\x00\x00\x02\x0A\x00\xF5\xFF" "\x01\x02\x02\x01", - .ilen = 28, + .plen = 28, .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" "\x10\x10\x10\x10\x4E\x28\x00\x00" "\xA2\xFC\xA1\xA3", .alen = 20, - .result = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0" + .ctext = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0" "\xF2\x2C\x3E\x6E\x86\xDD\x83\x1E" "\x1F\xC6\x57\x92\xCD\x1A\xF9\x13" "\x0E\x13\x79\xED\x36\x9F\x07\x1F" "\x35\xE0\x34\xBE\x95\xF1\x12\xE4" "\xE7\xD0\x5D\x35", - .rlen = 44, + .clen = 44, }, { .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" "\x6D\x6A\x8F\x94\x67\x30\x83\x08" @@ -17549,30 +17281,30 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xCA\xFE\xBA\xBE", .klen = 28, .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .input = "\x45\x00\x00\x28\xA4\xAD\x40\x00" + .ptext = "\x45\x00\x00\x28\xA4\xAD\x40\x00" "\x40\x06\x78\x80\x0A\x01\x03\x8F" "\x0A\x01\x06\x12\x80\x23\x06\xB8" "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E" "\x50\x10\x16\xD0\x75\x68\x00\x01", - .ilen = 40, + .plen = 40, .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", .alen = 16, - .result = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4" + .ctext = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4" "\x0E\x59\x8B\x81\x22\xDE\x02\x42" "\x09\x38\xB3\xAB\x33\xF8\x28\xE6" "\x87\xB8\x85\x8B\x5B\xFB\xDB\xD0" "\x31\x5B\x27\x45\x21\x44\xCC\x77" "\x95\x45\x7B\x96\x52\x03\x7F\x53" "\x18\x02\x7B\x5B\x4C\xD7\xA6\x36", - .rlen = 56, + .clen = 56, }, { .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" "\x34\x45\x56\x67\x78\x89\x9A\xAB" "\xDE\xCA\xF8\x88", .klen = 20, .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .input = "\x45\x00\x00\x49\x33\xBA\x00\x00" + .ptext = "\x45\x00\x00\x49\x33\xBA\x00\x00" "\x7F\x11\x91\x06\xC3\xFB\x1D\x10" "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" "\x00\x35\xDD\x7B\x80\x03\x02\xD5" @@ -17582,12 +17314,12 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x92\xC9\x63\xBA\xC0\x46\xEC\x95" "\x9B\x62\x66\xC0\x47\x22\xB1\x49" "\x23\x01\x01\x01", - .ilen = 76, + .plen = 76, .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" "\xCE\xFA\xCE\x74", .alen = 20, - .result = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A" + .ctext = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A" "\xB2\xA2\xEA\x90\x1F\x73\xD8\x14" "\xE3\xE7\xF2\x43\xD9\x54\x12\xE1" "\xC3\x49\xC1\xD2\xFB\xEC\x16\x8F" @@ -17599,7 +17331,7 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xE7\x84\x5D\x68\x65\x1F\x57\xE6" "\x5F\x35\x4F\x75\xFF\x17\x01\x57" "\x69\x62\x34\x36", - .rlen = 92, + .clen = 92, }, { .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" "\x34\x45\x56\x67\x78\x89\x9A\xAB" @@ -17608,31 +17340,31 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x73\x61\x6C\x74", .klen = 36, .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .input = "\x45\x08\x00\x28\x73\x2C\x00\x00" + .ptext = "\x45\x08\x00\x28\x73\x2C\x00\x00" "\x40\x06\xE9\xF9\x0A\x01\x06\x12" "\x0A\x01\x03\x8F\x06\xB8\x80\x23" "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02" "\x50\x10\x1F\x64\x6D\x54\x00\x01", - .ilen = 40, + .plen = 40, .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" "\x69\x76\x65\x63", .alen = 20, - .result = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B" + .ctext = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B" "\x8D\x5E\xF3\x8B\xAD\x4D\xA5\x8D" "\x1F\x27\x8F\xDE\x98\xEF\x67\x54" "\x9D\x52\x4A\x30\x18\xD9\xA5\x7F" "\xF4\xD3\xA3\x1C\xE6\x73\x11\x9E" "\x45\x16\x26\xC2\x41\x57\x71\xE3" "\xB7\xEE\xBC\xA6\x14\xC8\x9B\x35", - .rlen = 56, + .clen = 56, }, { .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" "\x57\x69\x0E\x43", .klen = 20, .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x49\x33\x3E\x00\x00" + .ptext = "\x45\x00\x00\x49\x33\x3E\x00\x00" "\x7F\x11\x91\x82\xC3\xFB\x1D\x10" "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" "\x00\x35\xCB\x45\x80\x03\x02\x5B" @@ -17642,12 +17374,12 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32" "\x5A\xE2\x70\xC0\x38\x99\x49\x39" "\x15\x01\x01\x01", - .ilen = 76, + .plen = 76, .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" "\x10\x10\x10\x10\x4E\x28\x00\x00" "\xA2\xFC\xA1\xA3", .alen = 20, - .result = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0" + .ctext = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0" "\x0D\x3C\xEB\xF3\x05\x41\x0D\xB8" "\x3D\x77\x84\xB6\x07\x32\x3D\x22" "\x0F\x24\xB0\xA9\x7D\x54\x18\x28" @@ -17659,7 +17391,7 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\xE5\x16\x09\x75\xCD\xB6\x08\xC5" "\x76\x91\x89\x60\x97\x63\xB8\xE1" "\x8C\xAA\x81\xE2", - .rlen = 92, + .clen = 92, }, { .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" "\x34\x45\x56\x67\x78\x89\x9A\xAB" @@ -17668,7 +17400,7 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x73\x61\x6C\x74", .klen = 36, .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .input = "\x63\x69\x73\x63\x6F\x01\x72\x75" + .ptext = "\x63\x69\x73\x63\x6F\x01\x72\x75" "\x6C\x65\x73\x01\x74\x68\x65\x01" "\x6E\x65\x74\x77\x65\x01\x64\x65" "\x66\x69\x6E\x65\x01\x74\x68\x65" @@ -17677,12 +17409,12 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x74\x77\x69\x6C\x6C\x01\x64\x65" "\x66\x69\x6E\x65\x74\x6F\x6D\x6F" "\x72\x72\x6F\x77\x01\x02\x02\x01", - .ilen = 72, + .plen = 72, .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" "\x69\x76\x65\x63", .alen = 20, - .result = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E" + .ctext = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E" "\xA1\x3D\x69\x73\xD3\x24\xC6\x9E" "\x7B\x43\xF8\x26\xFB\x56\x83\x12" "\x26\x50\x8B\xEB\xD2\xDC\xEB\x18" @@ -17693,42 +17425,42 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x12\xA4\x93\x63\x41\x23\x64\xF8" "\xC0\xCA\xC5\x87\xF2\x49\xE5\x6B" "\x11\xE2\x4F\x30\xE4\x4C\xCC\x76", - .rlen = 88, + .clen = 88, }, { .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25" "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47" "\xD9\x66\x42\x67", .klen = 20, .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .input = "\x01\x02\x02\x01", - .ilen = 4, + .ptext = "\x01\x02\x02\x01", + .plen = 4, .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF" "\x43\x45\x7E\x91\x82\x44\x3B\xC6", .alen = 16, - .result = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F" + .ctext = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F" "\xE9\xB0\x82\x2B\xAC\x96\x1C\x45" "\x04\xBE\xF2\x70", - .rlen = 20, + .clen = 20, }, { .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" "\x34\x45\x56\x67\x78\x89\x9A\xAB" "\xDE\xCA\xF8\x88", .klen = 20, .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .input = "\x74\x6F\x01\x62\x65\x01\x6F\x72" + .ptext = "\x74\x6F\x01\x62\x65\x01\x6F\x72" "\x01\x6E\x6F\x74\x01\x74\x6F\x01" "\x62\x65\x00\x01", - .ilen = 20, + .plen = 20, .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" "\xCE\xFA\xCE\x74", .alen = 20, - .result = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38" + .ctext = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38" "\xCC\xDD\x14\xE2\xDD\xFC\xAA\x05" "\x43\x33\x21\x64\x41\x25\x03\x52" "\x43\x03\xED\x3C\x6C\x5F\x28\x38" "\x43\xAF\x8C\x3E", - .rlen = 36, + .clen = 36, }, { .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65" "\x6D\x61\x72\x69\x6A\x75\x61\x6E" @@ -17737,19 +17469,19 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x74\x75\x72\x6E", .klen = 36, .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D", - .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00" + .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00" "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" "\x02\x00\x07\x00\x61\x62\x63\x64" "\x65\x66\x67\x68\x69\x6A\x6B\x6C" "\x6D\x6E\x6F\x70\x71\x72\x73\x74" "\x01\x02\x02\x01", - .ilen = 52, + .plen = 52, .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\x33\x30\x21\x69" "\x67\x65\x74\x6D", .alen = 20, - .result = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC" + .ctext = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC" "\xE1\x76\x44\xAC\x8C\x78\xE2\x5D" "\xD2\x4D\xED\xBB\x29\xEB\xF1\xB6" "\x4A\x27\x4B\x39\xB4\x9C\x3A\x86" @@ -17758,26 +17490,26 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x1D\xCC\x63\xB9\xD0\x93\x7B\xA2" "\x94\x5F\x66\x93\x68\x66\x1A\x32" "\x9F\xB4\xC0\x53", - .rlen = 68, + .clen = 68, }, { .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" "\x57\x69\x0E\x43", .klen = 20, .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00" + .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00" "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" "\x02\x00\x07\x00\x61\x62\x63\x64" "\x65\x66\x67\x68\x69\x6A\x6B\x6C" "\x6D\x6E\x6F\x70\x71\x72\x73\x74" "\x01\x02\x02\x01", - .ilen = 52, + .plen = 52, .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10" "\x10\x10\x10\x10\x4E\x28\x00\x00" "\xA2\xFC\xA1\xA3", .alen = 20, - .result = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0" + .ctext = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0" "\xF2\x2C\xA5\x4A\x06\x12\x10\xAD" "\x3F\x6E\x57\x91\xCF\x1A\xCA\x21" "\x0D\x11\x7C\xEC\x9C\x35\x79\x17" @@ -17786,7485 +17518,2757 @@ static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = { "\x63\x21\x93\x06\x84\xEE\xCA\xDB" "\x56\x91\x25\x46\xE7\xA9\x5C\x97" "\x40\xD7\xCB\x05", - .rlen = 68, + .clen = 68, }, { .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" "\x22\x43\x3C\x64", .klen = 20, .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD", - .input = "\x08\x00\xC6\xCD\x02\x00\x07\x00" + .ptext = "\x08\x00\xC6\xCD\x02\x00\x07\x00" "\x61\x62\x63\x64\x65\x66\x67\x68" "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70" "\x71\x72\x73\x74\x01\x02\x02\x01", - .ilen = 32, + .plen = 32, .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" "\x00\x00\x00\x07\x48\x55\xEC\x7D" "\x3A\x23\x4B\xFD", .alen = 20, - .result = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C" + .ctext = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C" "\xD7\xC0\xF4\xAC\xC3\x6C\x4B\xFF" "\x84\xB7\xD7\xB9\x8F\x0C\xA8\xB6" "\xAC\xDA\x68\x94\xBC\x61\x90\x69" "\xEF\x9C\xBC\x28\xFE\x1B\x56\xA7" "\xC4\xE0\xD5\x8C\x86\xCD\x2B\xC0", - .rlen = 48, + .clen = 48, } }; -static const struct aead_testvec aes_gcm_rfc4106_dec_tv_template[] = { - { /* Generated using Crypto++ */ - .key = zeroed_string, - .klen = 20, - .iv = zeroed_string, - .input = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92" - "\xF3\x28\xC2\xB9\x71\xB2\xFE\x78" - "\x97\xFE\x4C\x23\x37\x42\x01\xE0" - "\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B", - .ilen = 32, - .assoc = zeroed_string, - .alen = 16, - .result = zeroed_string, - .rlen = 16, - - },{ - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", - .klen = 20, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18" - "\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28" - "\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D" - "\x2F\x70\x44\x92\xF7\xF2\xE3\xEF", - .ilen = 32, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = zeroed_string, - .rlen = 16, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", +static const struct aead_testvec aes_gcm_rfc4543_tv_template[] = { + { /* From draft-mcgrew-gcm-test-01 */ + .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" + "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" + "\x22\x43\x3c\x64", .klen = 20, - .iv = zeroed_string, - .input = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE" - "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC" - "\x0B\x8F\x88\x69\x17\xE6\xB4\x3C" - "\xB1\x68\xFD\x14\x52\x64\x61\xB2", - .ilen = 32, - .assoc = zeroed_string, - .alen = 16, - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 16, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", + .iv = zeroed_string, + .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .alen = 16, + .ptext = "\x45\x00\x00\x30\xda\x3a\x00\x00" + "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" + "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6a\x6b\x6c" + "\x6d\x6e\x6f\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01", + .plen = 52, + .ctext = "\x45\x00\x00\x30\xda\x3a\x00\x00" + "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" + "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6a\x6b\x6c" + "\x6d\x6e\x6f\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01\xf2\xa9\xa8\x36" + "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" + "\xe4\x09\x9a\xaa", + .clen = 68, + }, { /* nearly same as previous, but should fail */ + .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" + "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" + "\x22\x43\x3c\x64", .klen = 20, - .iv = zeroed_string, - .input = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE" - "\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC" - "\x90\x92\xB7\xE3\x5F\xA3\x9A\x63" - "\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5", - .ilen = 32, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" + .iv = zeroed_string, + .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 16, + .alen = 16, + .ptext = "\x45\x00\x00\x30\xda\x3a\x00\x00" + "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" + "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6a\x6b\x6c" + "\x6d\x6e\x6f\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01", + .plen = 52, + .novrfy = 1, + .ctext = "\x45\x00\x00\x30\xda\x3a\x00\x00" + "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" + "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6a\x6b\x6c" + "\x6d\x6e\x6f\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01\xf2\xa9\xa8\x36" + "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" + "\x00\x00\x00\x00", + .clen = 68, + }, +}; +static const struct aead_testvec aes_ccm_tv_template[] = { + { /* From RFC 3610 */ + .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", + .klen = 16, + .iv = "\x01\x00\x00\x00\x03\x02\x01\x00" + "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", + .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07", + .alen = 8, + .ptext = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17" + "\x18\x19\x1a\x1b\x1c\x1d\x1e", + .plen = 23, + .ctext = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2" + "\xf0\x66\xd0\xc2\xc0\xf9\x89\x80" + "\x6d\x5f\x6b\x61\xda\xc3\x84\x17" + "\xe8\xd1\x2c\xfd\xf9\x26\xe0", + .clen = 31, }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", - .klen = 20, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19" - "\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29" - "\x64\x50\xF9\x32\x13\xFB\x74\x61" - "\xF4\xED\x52\xD3\xC5\x10\x55\x3C", - .ilen = 32, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 16, + .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", + .klen = 16, + .iv = "\x01\x00\x00\x00\x07\x06\x05\x04" + "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", + .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b", + .alen = 12, + .ptext = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13" + "\x14\x15\x16\x17\x18\x19\x1a\x1b" + "\x1c\x1d\x1e\x1f", + .plen = 20, + .ctext = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb" + "\x9d\x4e\x13\x12\x53\x65\x8a\xd8" + "\x6e\xbd\xca\x3e\x51\xe8\x3f\x07" + "\x7d\x9c\x2d\x93", + .clen = 28, }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00\x00", - .klen = 20, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19" - "\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29" - "\x98\x14\xA1\x42\x37\x80\xFD\x90" - "\x68\x12\x01\xA8\x91\x89\xB9\x83" - "\x5B\x11\x77\x12\x9B\xFF\x24\x89" - "\x94\x5F\x18\x12\xBA\x27\x09\x39" - "\x99\x96\x76\x42\x15\x1C\xCD\xCB" - "\xDC\xD3\xDA\x65\x73\xAF\x80\xCD" - "\xD2\xB6\xC2\x4A\x76\xC2\x92\x85" - "\xBD\xCF\x62\x98\x58\x14\xE5\xBD", - .ilen = 80, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 64, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x00\x00\x00\x00", - .klen = 20, - .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef", - .input = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE" - "\xDE\x89\x3D\x42\xE7\xC9\x69\x8A" - "\x44\x6D\xC3\x88\x46\x2E\xC2\x01" - "\x5E\xF6\x0C\x39\xF0\xC4\xA5\x82" - "\xCD\xE8\x31\xCC\x0A\x4C\xE4\x44" - "\x41\xA9\x82\x6F\x22\xA1\x23\x1A" - "\xA8\xE3\x16\xFD\x31\x5C\x27\x31" - "\xF1\x7F\x01\x63\xA3\xAF\x70\xA1" - "\xCF\x07\x57\x41\x67\xD0\xC4\x42" - "\xDB\x18\xC6\x4C\x4C\xE0\x3D\x9F" - "\x05\x07\xFB\x13\x7D\x4A\xCA\x5B" - "\xF0\xBF\x64\x7E\x05\xB1\x72\xEE" - "\x7C\x3B\xD4\xCD\x14\x03\xB2\x2C" - "\xD3\xA9\xEE\xFA\x17\xFC\x9C\xDF" - "\xC7\x75\x40\xFF\xAE\xAD\x1E\x59" - "\x2F\x30\x24\xFB\xAD\x6B\x10\xFA" - "\x6C\x9F\x5B\xE7\x25\xD5\xD0\x25" - "\xAC\x4A\x4B\xDA\xFC\x7A\x85\x1B" - "\x7E\x13\x06\x82\x08\x17\xA4\x35" - "\xEC\xC5\x8D\x63\x96\x81\x0A\x8F" - "\xA3\x05\x38\x95\x20\x1A\x47\x04" - "\x6F\x6D\xDA\x8F\xEF\xC1\x76\x35" - "\x6B\xC7\x4D\x0F\x94\x12\xCA\x3E" - "\x2E\xD5\x03\x2E\x86\x7E\xAA\x3B" - "\x37\x08\x1C\xCF\xBA\x5D\x71\x46" - "\x80\x72\xB0\x4C\x82\x0D\x60\x3C", - .ilen = 208, - .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\x00\x00\x45\x67" - "\x89\xab\xcd\xef", - .alen = 20, - .result = "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff", - .rlen = 192, - }, { - .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" - "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" - "\x2E\x44\x3B\x68", - .klen = 20, - .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE", - .result = "\x45\x00\x00\x48\x69\x9A\x00\x00" - "\x80\x11\x4D\xB7\xC0\xA8\x01\x02" - "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56" - "\x38\xD3\x01\x00\x00\x01\x00\x00" - "\x00\x00\x00\x00\x04\x5F\x73\x69" - "\x70\x04\x5F\x75\x64\x70\x03\x73" - "\x69\x70\x09\x63\x79\x62\x65\x72" - "\x63\x69\x74\x79\x02\x64\x6B\x00" - "\x00\x21\x00\x01\x01\x02\x02\x01", - .rlen = 72, - .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" - "\x00\x00\x00\x00\x49\x56\xED\x7E" - "\x3B\x24\x4C\xFE", - .alen = 20, - .input = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07" - "\xDC\x30\xDF\x52\x8D\xD2\x2B\x76" - "\x8D\x1B\x98\x73\x66\x96\xA6\xFD" - "\x34\x85\x09\xFA\x13\xCE\xAC\x34" - "\xCF\xA2\x43\x6F\x14\xA3\xF3\xCF" - "\x65\x92\x5B\xF1\xF4\xA1\x3C\x5D" - "\x15\xB2\x1E\x18\x84\xF5\xFF\x62" - "\x47\xAE\xAB\xB7\x86\xB9\x3B\xCE" - "\x61\xBC\x17\xD7\x68\xFD\x97\x32" - "\x45\x90\x18\x14\x8F\x6C\xBE\x72" - "\x2F\xD0\x47\x96\x56\x2D\xFD\xB4", - .ilen = 88, - }, { - .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\x6D\x6A\x8F\x94\x67\x30\x83\x08" - "\xCA\xFE\xBA\xBE", - .klen = 20, - .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .result = "\x45\x00\x00\x3E\x69\x8F\x00\x00" - "\x80\x11\x4D\xCC\xC0\xA8\x01\x02" - "\xC0\xA8\x01\x01\x0A\x98\x00\x35" - "\x00\x2A\x23\x43\xB2\xD0\x01\x00" - "\x00\x01\x00\x00\x00\x00\x00\x00" - "\x03\x73\x69\x70\x09\x63\x79\x62" - "\x65\x72\x63\x69\x74\x79\x02\x64" - "\x6B\x00\x00\x01\x00\x01\x00\x01", - .rlen = 64, - .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" - "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .alen = 16, - .input = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1" - "\x6E\x3A\x65\xBE\xEB\x8D\xF3\x04" - "\xA5\xA5\x89\x7D\x33\xAE\x53\x0F" - "\x1B\xA7\x6D\x5D\x11\x4D\x2A\x5C" - "\x3D\xE8\x18\x27\xC1\x0E\x9A\x4F" - "\x51\x33\x0D\x0E\xEC\x41\x66\x42" - "\xCF\xBB\x85\xA5\xB4\x7E\x48\xA4" - "\xEC\x3B\x9B\xA9\x5D\x91\x8B\xD1" - "\x83\xB7\x0D\x3A\xA8\xBC\x6E\xE4" - "\xC3\x09\xE9\xD8\x5A\x41\xAD\x4A", - .ilen = 80, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x11\x22\x33\x44", - .klen = 36, - .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", - .result = "\x45\x00\x00\x30\x69\xA6\x40\x00" - "\x80\x06\x26\x90\xC0\xA8\x01\x02" - "\x93\x89\x15\x5E\x0A\x9E\x00\x8B" - "\x2D\xC5\x7E\xE0\x00\x00\x00\x00" - "\x70\x02\x40\x00\x20\xBF\x00\x00" - "\x02\x04\x05\xB4\x01\x01\x04\x02" - "\x01\x02\x02\x01", - .rlen = 52, - .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02" - "\x01\x02\x03\x04\x05\x06\x07\x08", - .alen = 16, - .input = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF" - "\x7A\x3B\xCD\x51\x01\x94\xE0\x0D" - "\x6A\x78\x10\x7F\x1B\x0B\x1C\xBF" - "\x06\xEF\xAE\x9D\x65\xA5\xD7\x63" - "\x74\x8A\x63\x79\x85\x77\x1D\x34" - "\x7F\x05\x45\x65\x9F\x14\xE9\x9D" - "\xEF\x84\x2D\x8E\xB3\x35\xF4\xEE" - "\xCF\xDB\xF8\x31\x82\x4B\x4C\x49" - "\x15\x95\x6C\x96", - .ilen = 68, - }, { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00", - .klen = 20, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .result = "\x45\x00\x00\x3C\x99\xC5\x00\x00" - "\x80\x01\xCB\x7A\x40\x67\x93\x18" - "\x01\x01\x01\x01\x08\x00\x07\x5C" - "\x02\x00\x44\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x75\x76\x77\x61\x62\x63\x64\x65" - "\x66\x67\x68\x69\x01\x02\x02\x01", - .rlen = 64, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92" - "\x73\x29\x09\xC3\x31\xD5\x6D\x60" - "\xF6\x94\xAB\xAA\x41\x4B\x5E\x7F" - "\xF5\xFD\xCD\xFF\xF5\xE9\xA2\x84" - "\x45\x64\x76\x49\x27\x19\xFF\xB6" - "\x4D\xE7\xD9\xDC\xA1\xE1\xD8\x94" - "\xBC\x3B\xD5\x78\x73\xED\x4D\x18" - "\x1D\x19\xD4\xD5\xC8\xC1\x8A\xF3" - "\xF8\x21\xD4\x96\xEE\xB0\x96\xE9" - "\x8A\xD2\xB6\x9E\x47\x99\xC7\x1D", - .ilen = 80, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E\x43", - .klen = 20, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x3C\x99\xC3\x00\x00" - "\x80\x01\xCB\x7C\x40\x67\x93\x18" - "\x01\x01\x01\x01\x08\x00\x08\x5C" - "\x02\x00\x43\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x75\x76\x77\x61\x62\x63\x64\x65" - "\x66\x67\x68\x69\x01\x02\x02\x01", - .rlen = 64, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0" - "\xF2\x2C\xB1\x0D\x86\xDD\x83\xB0" - "\xFE\xC7\x56\x91\xCF\x1A\x04\xB0" - "\x0D\x11\x38\xEC\x9C\x35\x79\x17" - "\x65\xAC\xBD\x87\x01\xAD\x79\x84" - "\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9" - "\x17\x55\xE6\x66\x2B\x4C\x8D\x0D" - "\x1F\x5E\x22\x73\x95\x30\x32\x0A" - "\xE0\xD7\x31\xCC\x97\x8E\xCA\xFA" - "\xEA\xE8\x8F\x00\xE8\x0D\x6E\x48", - .ilen = 80, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E\x43", - .klen = 20, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x1C\x42\xA2\x00\x00" - "\x80\x01\x44\x1F\x40\x67\x93\xB6" - "\xE0\x00\x00\x02\x0A\x00\xF5\xFF" - "\x01\x02\x02\x01", - .rlen = 28, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0" - "\xF2\x2C\x3E\x6E\x86\xDD\x83\x1E" - "\x1F\xC6\x57\x92\xCD\x1A\xF9\x13" - "\x0E\x13\x79\xED\x36\x9F\x07\x1F" - "\x35\xE0\x34\xBE\x95\xF1\x12\xE4" - "\xE7\xD0\x5D\x35", - .ilen = 44, - }, { - .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\x6D\x6A\x8F\x94\x67\x30\x83\x08" - "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\xCA\xFE\xBA\xBE", - .klen = 28, - .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .result = "\x45\x00\x00\x28\xA4\xAD\x40\x00" - "\x40\x06\x78\x80\x0A\x01\x03\x8F" - "\x0A\x01\x06\x12\x80\x23\x06\xB8" - "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E" - "\x50\x10\x16\xD0\x75\x68\x00\x01", - .rlen = 40, - .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" - "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .alen = 16, - .input = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4" - "\x0E\x59\x8B\x81\x22\xDE\x02\x42" - "\x09\x38\xB3\xAB\x33\xF8\x28\xE6" - "\x87\xB8\x85\x8B\x5B\xFB\xDB\xD0" - "\x31\x5B\x27\x45\x21\x44\xCC\x77" - "\x95\x45\x7B\x96\x52\x03\x7F\x53" - "\x18\x02\x7B\x5B\x4C\xD7\xA6\x36", - .ilen = 56, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xDE\xCA\xF8\x88", - .klen = 20, - .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .result = "\x45\x00\x00\x49\x33\xBA\x00\x00" - "\x7F\x11\x91\x06\xC3\xFB\x1D\x10" - "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" - "\x00\x35\xDD\x7B\x80\x03\x02\xD5" - "\x00\x00\x4E\x20\x00\x1E\x8C\x18" - "\xD7\x5B\x81\xDC\x91\xBA\xA0\x47" - "\x6B\x91\xB9\x24\xB2\x80\x38\x9D" - "\x92\xC9\x63\xBA\xC0\x46\xEC\x95" - "\x9B\x62\x66\xC0\x47\x22\xB1\x49" - "\x23\x01\x01\x01", - .rlen = 76, - .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" - "\xCE\xFA\xCE\x74", - .alen = 20, - .input = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A" - "\xB2\xA2\xEA\x90\x1F\x73\xD8\x14" - "\xE3\xE7\xF2\x43\xD9\x54\x12\xE1" - "\xC3\x49\xC1\xD2\xFB\xEC\x16\x8F" - "\x91\x90\xFE\xEB\xAF\x2C\xB0\x19" - "\x84\xE6\x58\x63\x96\x5D\x74\x72" - "\xB7\x9D\xA3\x45\xE0\xE7\x80\x19" - "\x1F\x0D\x2F\x0E\x0F\x49\x6C\x22" - "\x6F\x21\x27\xB2\x7D\xB3\x57\x24" - "\xE7\x84\x5D\x68\x65\x1F\x57\xE6" - "\x5F\x35\x4F\x75\xFF\x17\x01\x57" - "\x69\x62\x34\x36", - .ilen = 92, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x73\x61\x6C\x74", - .klen = 36, - .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .result = "\x45\x08\x00\x28\x73\x2C\x00\x00" - "\x40\x06\xE9\xF9\x0A\x01\x06\x12" - "\x0A\x01\x03\x8F\x06\xB8\x80\x23" - "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02" - "\x50\x10\x1F\x64\x6D\x54\x00\x01", - .rlen = 40, - .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" - "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" - "\x69\x76\x65\x63", - .alen = 20, - .input = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B" - "\x8D\x5E\xF3\x8B\xAD\x4D\xA5\x8D" - "\x1F\x27\x8F\xDE\x98\xEF\x67\x54" - "\x9D\x52\x4A\x30\x18\xD9\xA5\x7F" - "\xF4\xD3\xA3\x1C\xE6\x73\x11\x9E" - "\x45\x16\x26\xC2\x41\x57\x71\xE3" - "\xB7\xEE\xBC\xA6\x14\xC8\x9B\x35", - .ilen = 56, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E\x43", - .klen = 20, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x49\x33\x3E\x00\x00" - "\x7F\x11\x91\x82\xC3\xFB\x1D\x10" - "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" - "\x00\x35\xCB\x45\x80\x03\x02\x5B" - "\x00\x00\x01\xE0\x00\x1E\x8C\x18" - "\xD6\x57\x59\xD5\x22\x84\xA0\x35" - "\x2C\x71\x47\x5C\x88\x80\x39\x1C" - "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32" - "\x5A\xE2\x70\xC0\x38\x99\x49\x39" - "\x15\x01\x01\x01", - .rlen = 76, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0" - "\x0D\x3C\xEB\xF3\x05\x41\x0D\xB8" - "\x3D\x77\x84\xB6\x07\x32\x3D\x22" - "\x0F\x24\xB0\xA9\x7D\x54\x18\x28" - "\x00\xCA\xDB\x0F\x68\xD9\x9E\xF0" - "\xE0\xC0\xC8\x9A\xE9\xBE\xA8\x88" - "\x4E\x52\xD6\x5B\xC1\xAF\xD0\x74" - "\x0F\x74\x24\x44\x74\x7B\x5B\x39" - "\xAB\x53\x31\x63\xAA\xD4\x55\x0E" - "\xE5\x16\x09\x75\xCD\xB6\x08\xC5" - "\x76\x91\x89\x60\x97\x63\xB8\xE1" - "\x8C\xAA\x81\xE2", - .ilen = 92, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x73\x61\x6C\x74", - .klen = 36, - .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .result = "\x63\x69\x73\x63\x6F\x01\x72\x75" - "\x6C\x65\x73\x01\x74\x68\x65\x01" - "\x6E\x65\x74\x77\x65\x01\x64\x65" - "\x66\x69\x6E\x65\x01\x74\x68\x65" - "\x74\x65\x63\x68\x6E\x6F\x6C\x6F" - "\x67\x69\x65\x73\x01\x74\x68\x61" - "\x74\x77\x69\x6C\x6C\x01\x64\x65" - "\x66\x69\x6E\x65\x74\x6F\x6D\x6F" - "\x72\x72\x6F\x77\x01\x02\x02\x01", - .rlen = 72, - .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" - "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" - "\x69\x76\x65\x63", - .alen = 20, - .input = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E" - "\xA1\x3D\x69\x73\xD3\x24\xC6\x9E" - "\x7B\x43\xF8\x26\xFB\x56\x83\x12" - "\x26\x50\x8B\xEB\xD2\xDC\xEB\x18" - "\xD0\xA6\xDF\x10\xE5\x48\x7D\xF0" - "\x74\x11\x3E\x14\xC6\x41\x02\x4E" - "\x3E\x67\x73\xD9\x1A\x62\xEE\x42" - "\x9B\x04\x3A\x10\xE3\xEF\xE6\xB0" - "\x12\xA4\x93\x63\x41\x23\x64\xF8" - "\xC0\xCA\xC5\x87\xF2\x49\xE5\x6B" - "\x11\xE2\x4F\x30\xE4\x4C\xCC\x76", - .ilen = 88, - }, { - .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25" - "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47" - "\xD9\x66\x42\x67", - .klen = 20, - .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .result = "\x01\x02\x02\x01", - .rlen = 4, - .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF" - "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .alen = 16, - .input = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F" - "\xE9\xB0\x82\x2B\xAC\x96\x1C\x45" - "\x04\xBE\xF2\x70", - .ilen = 20, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xDE\xCA\xF8\x88", - .klen = 20, - .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .result = "\x74\x6F\x01\x62\x65\x01\x6F\x72" - "\x01\x6E\x6F\x74\x01\x74\x6F\x01" - "\x62\x65\x00\x01", - .rlen = 20, - .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" - "\xCE\xFA\xCE\x74", - .alen = 20, - .input = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38" - "\xCC\xDD\x14\xE2\xDD\xFC\xAA\x05" - "\x43\x33\x21\x64\x41\x25\x03\x52" - "\x43\x03\xED\x3C\x6C\x5F\x28\x38" - "\x43\xAF\x8C\x3E", - .ilen = 36, - }, { - .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65" - "\x6D\x61\x72\x69\x6A\x75\x61\x6E" - "\x61\x61\x6E\x64\x64\x6F\x69\x74" - "\x62\x65\x66\x6F\x72\x65\x69\x61" - "\x74\x75\x72\x6E", - .klen = 36, - .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D", - .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00" - "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" - "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .rlen = 52, - .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\x33\x30\x21\x69" - "\x67\x65\x74\x6D", - .alen = 20, - .input = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC" - "\xE1\x76\x44\xAC\x8C\x78\xE2\x5D" - "\xD2\x4D\xED\xBB\x29\xEB\xF1\xB6" - "\x4A\x27\x4B\x39\xB4\x9C\x3A\x86" - "\x4C\xD3\xD7\x8C\xA4\xAE\x68\xA3" - "\x2B\x42\x45\x8F\xB5\x7D\xBE\x82" - "\x1D\xCC\x63\xB9\xD0\x93\x7B\xA2" - "\x94\x5F\x66\x93\x68\x66\x1A\x32" - "\x9F\xB4\xC0\x53", - .ilen = 68, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E\x43", - .klen = 20, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00" - "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" - "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .rlen = 52, - .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0" - "\xF2\x2C\xA5\x4A\x06\x12\x10\xAD" - "\x3F\x6E\x57\x91\xCF\x1A\xCA\x21" - "\x0D\x11\x7C\xEC\x9C\x35\x79\x17" - "\x65\xAC\xBD\x87\x01\xAD\x79\x84" - "\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9" - "\x63\x21\x93\x06\x84\xEE\xCA\xDB" - "\x56\x91\x25\x46\xE7\xA9\x5C\x97" - "\x40\xD7\xCB\x05", - .ilen = 68, - }, { - .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" - "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" - "\x22\x43\x3C\x64", - .klen = 20, - .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD", - .result = "\x08\x00\xC6\xCD\x02\x00\x07\x00" - "\x61\x62\x63\x64\x65\x66\x67\x68" - "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70" - "\x71\x72\x73\x74\x01\x02\x02\x01", - .rlen = 32, - .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" - "\x00\x00\x00\x07\x48\x55\xEC\x7D" - "\x3A\x23\x4B\xFD", - .alen = 20, - .input = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C" - "\xD7\xC0\xF4\xAC\xC3\x6C\x4B\xFF" - "\x84\xB7\xD7\xB9\x8F\x0C\xA8\xB6" - "\xAC\xDA\x68\x94\xBC\x61\x90\x69" - "\xEF\x9C\xBC\x28\xFE\x1B\x56\xA7" - "\xC4\xE0\xD5\x8C\x86\xCD\x2B\xC0", - .ilen = 48, - } -}; - -static const struct aead_testvec aes_gcm_rfc4543_enc_tv_template[] = { - { /* From draft-mcgrew-gcm-test-01 */ - .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" - "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" - "\x22\x43\x3c\x64", - .klen = 20, - .iv = zeroed_string, - .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .ilen = 52, - .result = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01\xf2\xa9\xa8\x36" - "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" - "\xe4\x09\x9a\xaa", - .rlen = 68, - }, { /* nearly same as previous, but should fail */ - .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" - "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" - "\x22\x43\x3c\x64", - .klen = 20, - .iv = zeroed_string, - .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .ilen = 52, - .novrfy = 1, - .result = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01\xf2\xa9\xa8\x36" - "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" - "\x00\x00\x00\x00", - .rlen = 68, - }, -}; - -static const struct aead_testvec aes_gcm_rfc4543_dec_tv_template[] = { - { /* From draft-mcgrew-gcm-test-01 */ - .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" - "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" - "\x22\x43\x3c\x64", - .klen = 20, - .iv = zeroed_string, - .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01\xf2\xa9\xa8\x36" - "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" - "\xe4\x09\x9a\xaa", - .ilen = 68, - .result = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .rlen = 52, - }, { /* nearly same as previous, but should fail */ - .key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda" - "\x90\x6a\xc7\x3c\x36\x13\xa6\x34" - "\x22\x43\x3c\x64", - .klen = 20, - .iv = zeroed_string, - .assoc = "\x00\x00\x43\x21\x00\x00\x00\x07" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01\xf2\xa9\xa8\x36" - "\xe1\x55\x10\x6a\xa8\xdc\xd6\x18" - "\x00\x00\x00\x00", - .ilen = 68, - .novrfy = 1, - .result = "\x45\x00\x00\x30\xda\x3a\x00\x00" - "\x80\x01\xdf\x3b\xc0\xa8\x00\x05" - "\xc0\xa8\x00\x01\x08\x00\xc6\xcd" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6a\x6b\x6c" - "\x6d\x6e\x6f\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .rlen = 52, - }, -}; - -static const struct aead_testvec aes_ccm_enc_tv_template[] = { - { /* From RFC 3610 */ - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x03\x02\x01\x00" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07", - .alen = 8, - .input = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e", - .ilen = 23, - .result = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2" - "\xf0\x66\xd0\xc2\xc0\xf9\x89\x80" - "\x6d\x5f\x6b\x61\xda\xc3\x84\x17" - "\xe8\xd1\x2c\xfd\xf9\x26\xe0", - .rlen = 31, - }, { - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x07\x06\x05\x04" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b", - .alen = 12, - .input = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13" - "\x14\x15\x16\x17\x18\x19\x1a\x1b" - "\x1c\x1d\x1e\x1f", - .ilen = 20, - .result = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb" - "\x9d\x4e\x13\x12\x53\x65\x8a\xd8" - "\x6e\xbd\xca\x3e\x51\xe8\x3f\x07" - "\x7d\x9c\x2d\x93", - .rlen = 28, - }, { - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x0b\x0a\x09\x08" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07", - .alen = 8, - .input = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20", - .ilen = 25, - .result = "\x82\x53\x1a\x60\xcc\x24\x94\x5a" - "\x4b\x82\x79\x18\x1a\xb5\xc8\x4d" - "\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1" - "\x97\xea\x9c\x07\xe5\x6b\x5e\xb1" - "\x7e\x5f\x4e", - .rlen = 35, - }, { - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x0c\x0b\x0a\x09" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b", - .alen = 12, - .input = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13" - "\x14\x15\x16\x17\x18\x19\x1a\x1b" - "\x1c\x1d\x1e", - .ilen = 19, - .result = "\x07\x34\x25\x94\x15\x77\x85\x15" - "\x2b\x07\x40\x98\x33\x0a\xbb\x14" - "\x1b\x94\x7b\x56\x6a\xa9\x40\x6b" - "\x4d\x99\x99\x88\xdd", - .rlen = 29, - }, { - .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" - "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", - .klen = 16, - .iv = "\x01\x00\x33\x56\x8e\xf7\xb2\x63" - "\x3c\x96\x96\x76\x6c\xfa\x00\x00", - .assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb", - .alen = 8, - .input = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a" - "\xfa\x00\x39\xba\x4b\xaf\xf9\xbf" - "\xb7\x9c\x70\x28\x94\x9c\xd0\xec", - .ilen = 24, - .result = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa" - "\xa0\x72\x6c\x55\xd3\x78\x06\x12" - "\x98\xc8\x5c\x92\x81\x4a\xbc\x33" - "\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a", - .rlen = 32, - }, { - .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" - "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", - .klen = 16, - .iv = "\x01\x00\xd5\x60\x91\x2d\x3f\x70" - "\x3c\x96\x96\x76\x6c\xfa\x00\x00", - .assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81" - "\x20\xea\x60\xc0", - .alen = 12, - .input = "\x64\x35\xac\xba\xfb\x11\xa8\x2e" - "\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9" - "\x3a\x80\x3b\xa8\x7f", - .ilen = 21, - .result = "\x00\x97\x69\xec\xab\xdf\x48\x62" - "\x55\x94\xc5\x92\x51\xe6\x03\x57" - "\x22\x67\x5e\x04\xc8\x47\x09\x9e" - "\x5a\xe0\x70\x45\x51", - .rlen = 29, - }, { - .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" - "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", - .klen = 16, - .iv = "\x01\x00\x42\xff\xf8\xf1\x95\x1c" - "\x3c\x96\x96\x76\x6c\xfa\x00\x00", - .assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8", - .alen = 8, - .input = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01" - "\x8e\x5e\x67\x01\xc9\x17\x87\x65" - "\x98\x09\xd6\x7d\xbe\xdd\x18", - .ilen = 23, - .result = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6" - "\xdb\x38\x6a\x99\xac\x1a\xef\x23" - "\xad\xe0\xb5\x29\x39\xcb\x6a\x63" - "\x7c\xf9\xbe\xc2\x40\x88\x97\xc6" - "\xba", - .rlen = 33, - }, { - /* This is taken from FIPS CAVS. */ - .key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05" - "\x2e\x01\xd1\xfc\x5d\x82\x66\x2e", - .klen = 16, - .iv = "\x03\x96\xac\x59\x30\x07\xa1\xe2\xa2\xc7\x55\x24\0\0\0\0", - .alen = 0, - .input = "\x19\xc8\x81\xf6\xe9\x86\xff\x93" - "\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e" - "\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c" - "\x35\x2e\xad\xe0\x62\xf9\x91\xa1", - .ilen = 32, - .result = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8" - "\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1" - "\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a" - "\x57\x2b\xbe\x5d\x98\xa6\xb1\x32" - "\xda\x24\xea\xd9\xa1\x39\x98\xfd" - "\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8", - .rlen = 48, - }, { - .key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0" - "\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3", - .klen = 16, - .iv = "\x03\x4f\xa3\x19\xd3\x01\x5a\xd8" - "\x30\x60\x15\x56\x00\x00\x00\x00", - .assoc = "\xda\xe6\x28\x9c\x45\x2d\xfd\x63" - "\x5e\xda\x4c\xb6\xe6\xfc\xf9\xb7" - "\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1" - "\x0a\x63\x09\x78\xbc\x2c\x55\xde", - .alen = 32, - .input = "\x87\xa3\x36\xfd\x96\xb3\x93\x78" - "\xa9\x28\x63\xba\x12\xa3\x14\x85" - "\x57\x1e\x06\xc9\x7b\x21\xef\x76" - "\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e", - .ilen = 32, - .result = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19" - "\xfc\x70\xc4\x6d\x8e\xb7\x99\xab" - "\xc5\x4b\xa2\xac\xd3\xf3\x48\xff" - "\x3b\xb5\xce\x53\xef\xde\xbb\x02" - "\xa9\x86\x15\x6c\x13\xfe\xda\x0a" - "\x22\xb8\x29\x3d\xd8\x39\x9a\x23", - .rlen = 48, - }, { - .key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1" - "\xa3\xf0\xff\xdd\x4e\x4b\x12\x75" - "\x53\x14\x73\x66\x8d\x88\xf6\x80", - .klen = 24, - .iv = "\x03\xa0\x20\x35\x26\xf2\x21\x8d" - "\x50\x20\xda\xe2\x00\x00\x00\x00", - .assoc = "\x5b\x9e\x13\x67\x02\x5e\xef\xc1" - "\x6c\xf9\xd7\x1e\x52\x8f\x7a\x47" - "\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d" - "\xd8\x9e\x2b\x56\x10\x23\x56\xe7", - .alen = 32, - .result = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc" - "\xad\x0c\x7a\x63\xf6\x61\xfd\x9b", - .rlen = 16, - }, { - .key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42" - "\xef\x7a\xd3\xce\xfc\x84\x60\x62" - "\xca\xb4\x40\xaf\x5f\xc9\xc9\x01", - .klen = 24, - .iv = "\x03\xd6\x3c\x8c\x86\x84\xb6\xcd" - "\xef\x09\x2e\x94\x00\x00\x00\x00", - .assoc = "\x02\x65\x78\x3c\xe9\x21\x30\x91" - "\xb1\xb9\xda\x76\x9a\x78\x6d\x95" - "\xf2\x88\x32\xa3\xf2\x50\xcb\x4c" - "\xe3\x00\x73\x69\x84\x69\x87\x79", - .alen = 32, - .input = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c" - "\x43\x69\x3a\x2d\x8e\x70\xad\x7e" - "\xe0\xe5\x46\x09\x80\x89\x13\xb2" - "\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b", - .ilen = 32, - .result = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62" - "\x5d\x51\xc2\x16\xd8\xbd\x06\x9f" - "\x9b\x6a\x09\x70\xc1\x51\x83\xc2" - "\x66\x88\x1d\x4f\x9a\xda\xe0\x1e" - "\xc7\x79\x11\x58\xe5\x6b\x20\x40" - "\x7a\xea\x46\x42\x8b\xe4\x6f\xe1", - .rlen = 48, - }, { - .key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a" - "\xbd\x01\x99\xd5\x8a\xdf\x71\x3a" - "\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e" - "\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b", - .klen = 32, - .iv = "\x03\x1e\x29\x91\xad\x8e\xc1\x53" - "\x0a\xcf\x2d\xbe\x00\x00\x00\x00", - .assoc = "\x19\xb6\x1f\x57\xc4\xf3\xf0\x8b" - "\x78\x2b\x94\x02\x29\x0f\x42\x27" - "\x6b\x75\xcb\x98\x34\x08\x7e\x79" - "\xe4\x3e\x49\x0d\x84\x8b\x22\x87", - .alen = 32, - .input = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f" - "\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66" - "\xbf\x17\x99\x62\x4a\x39\x27\x1f" - "\x1d\xdc\x24\xae\x19\x2f\x98\x4c", - .ilen = 32, - .result = "\x19\xb8\x61\x33\x45\x2b\x43\x96" - "\x6f\x51\xd0\x20\x30\x7d\x9b\xc6" - "\x26\x3d\xf8\xc9\x65\x16\xa8\x9f" - "\xf0\x62\x17\x34\xf2\x1e\x8d\x75" - "\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d", - .rlen = 40, - }, { - .key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c" - "\x45\x41\xb8\xbd\x5c\xa7\xc2\x32" - "\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c" - "\x09\x75\x9a\x9b\x3c\x9b\x27\x39", - .klen = 32, - .iv = "\x03\xf9\xd9\x4e\x63\xb5\x3d\x9d" - "\x43\xf6\x1e\x50\0\0\0\0", - .assoc = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b" - "\x13\x02\x01\x0c\x83\x4c\x96\x35" - "\x8e\xd6\x39\xcf\x7d\x14\x9b\x94" - "\xb0\x39\x36\xe6\x8f\x57\xe0\x13", - .alen = 32, - .input = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6" - "\x83\x72\x07\x4f\xcf\xfa\x66\x89" - "\x5f\xca\xb1\xba\xd5\x8f\x2c\x27" - "\x30\xdb\x75\x09\x93\xd4\x65\xe4", - .ilen = 32, - .result = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d" - "\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d" - "\xcc\x63\x44\x25\x07\x78\x4f\x9e" - "\x96\xb8\x88\xeb\xbc\x48\x1f\x06" - "\x39\xaf\x39\xac\xd8\x4a\x80\x39" - "\x7b\x72\x8a\xf7", - .rlen = 44, - }, { - .key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83" - "\x8c\x76\x95\xd4\xb6\xdc\xf3\x46" - "\xf9\x8f\xad\xe3\x02\x13\x83\x77" - "\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b", - .klen = 32, - .iv = "\x03\x24\xa7\x8b\x07\xcb\xcc\x0e" - "\xe6\x33\xbf\xf5\x00\x00\x00\x00", - .assoc = "\xd4\xdb\x30\x1d\x03\xfe\xfd\x5f" - "\x87\xd4\x8c\xb6\xb6\xf1\x7a\x5d" - "\xab\x90\x65\x8d\x8e\xca\x4d\x4f" - "\x16\x0c\x40\x90\x4b\xc7\x36\x73", - .alen = 32, - .input = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92" - "\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d" - "\x6c\xde\xbc\xf1\x90\xea\x6a\xb2" - "\x35\x86\x36\xaf\x5c\xfe\x4b\x3a", - .ilen = 32, - .result = "\x83\x6f\x40\x87\x72\xcf\xc1\x13" - "\xef\xbb\x80\x21\x04\x6c\x58\x09" - "\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7" - "\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf" - "\x5c\xda\xb2\x33\xe5\x13\xe2\x0d" - "\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8", - .rlen = 48, - }, { - /* This is taken from FIPS CAVS. */ - .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" - "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", - .klen = 16, - .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" - "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", - .alen = 0, - .input = "\x00", - .ilen = 0, - .result = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b", - .rlen = 8, - .novrfy = 1, - }, { - .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" - "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", - .klen = 16, - .iv = "\x03\xaf\x94\x87\x78\x35\x82\x81" - "\x7f\x88\x94\x68\x00\x00\x00\x00", - .alen = 0, - .input = "\x00", - .ilen = 0, - .result = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3", - .rlen = 8, - }, { - .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" - "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", - .klen = 16, - .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" - "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", - .assoc = "\xf3\x94\x87\x78\x35\x82\x81\x7f" - "\x88\x94\x68\xb1\x78\x6b\x2b\xd6" - "\x04\x1f\x4e\xed\x78\xd5\x33\x66" - "\xd8\x94\x99\x91\x81\x54\x62\x57", - .alen = 32, - .input = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb" - "\x33\xe4\x73\xce\xd2\xfb\x95\x79" - "\xe8\xb4\xb5\x77\x11\x10\x62\x6f" - "\x6a\x82\xd1\x13\xec\xf5\xd0\x48", - .ilen = 32, - .result = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55" - "\xd0\xd1\x3d\x1a\xa3\x6d\xe4\x0a" - "\x86\xb0\x87\x6b\x62\x33\x8c\x34" - "\xce\xab\x57\xcc\x79\x0b\xe0\x6f" - "\x5c\x3e\x48\x1f\x6c\x46\xf7\x51" - "\x8b\x84\x83\x2a\xc1\x05\xb8\xc5", - .rlen = 48, - .novrfy = 1, - }, { - .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" - "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", - .klen = 16, - .iv = "\x03\x05\xe0\xc9\x0f\xed\x34\xea" - "\x97\xd4\x3b\xdf\x00\x00\x00\x00", - .assoc = "\x49\x5c\x50\x1f\x1d\x94\xcc\x81" - "\xba\xb7\xb6\x03\xaf\xa5\xc1\xa1" - "\xd8\x5c\x42\x68\xe0\x6c\xda\x89" - "\x05\xac\x56\xac\x1b\x2a\xd3\x86", - .alen = 32, - .input = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60" - "\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7" - "\xf2\xae\x61\x05\x8f\x82\x24\x3f" - "\x9c\x67\x91\xe1\x38\x4f\xe4\x0c", - .ilen = 32, - .result = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c" - "\xad\x83\x52\x6d\x71\x03\x25\x1c" - "\xed\x81\x3a\x9a\x16\x7d\x19\x80" - "\x72\x04\x72\xd0\xf6\xff\x05\x0f" - "\xb7\x14\x30\x00\x32\x9e\xa0\xa6" - "\x9e\x5a\x18\xa1\xb8\xfe\xdb\xd3", - .rlen = 48, - }, { - .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" - "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" - "\xa4\x48\x93\x39\x26\x71\x4a\xc6", - .klen = 24, - .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" - "\x57\xba\xfd\x9e\x00\x00\x00\x00", - .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" - "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" - "\xa4\xf0\x13\x05\xd1\x77\x99\x67" - "\x11\xc4\xc6\xdb\x00\x56\x36\x61", - .alen = 32, - .input = "\x00", - .ilen = 0, - .result = "\x71\x99\xfa\xf4\x44\x12\x68\x9b", - .rlen = 8, - }, { - .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" - "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" - "\x29\xa0\xba\x9e\x48\x78\xd1\xba", - .klen = 24, - .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" - "\x57\xba\xfd\x9e\x00\x00\x00\x00", - .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" - "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" - "\xa4\xf0\x13\x05\xd1\x77\x99\x67" - "\x11\xc4\xc6\xdb\x00\x56\x36\x61", - .alen = 32, - .input = "\x85\x34\x66\x42\xc8\x92\x0f\x36" - "\x58\xe0\x6b\x91\x3c\x98\x5c\xbb" - "\x0a\x85\xcc\x02\xad\x7a\x96\xe9" - "\x65\x43\xa4\xc3\x0f\xdc\x55\x81", - .ilen = 32, - .result = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7" - "\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2" - "\x66\xca\x61\x1e\x96\x7a\x61\xb3" - "\x1c\x16\x45\x52\xba\x04\x9c\x9f" - "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1", - .rlen = 40, - }, { - .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" - "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" - "\x29\xa0\xba\x9e\x48\x78\xd1\xba", - .klen = 24, - .iv = "\x03\xd1\xfc\x57\x9c\xfe\xb8\x9c" - "\xad\x71\xaa\x1f\x00\x00\x00\x00", - .assoc = "\x86\x67\xa5\xa9\x14\x5f\x0d\xc6" - "\xff\x14\xc7\x44\xbf\x6c\x3a\xc3" - "\xff\xb6\x81\xbd\xe2\xd5\x06\xc7" - "\x3c\xa1\x52\x13\x03\x8a\x23\x3a", - .alen = 32, - .input = "\x02\x87\x4d\x28\x80\x6e\xb2\xed" - "\x99\x2a\xa8\xca\x04\x25\x45\x90" - "\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c" - "\x49\xe9\x01\xfe\xa7\x80\x6d\x6b", - .ilen = 32, - .result = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00" - "\xc6\x0e\x6e\xe5\xd6\x98\xa6\x37" - "\x8c\x26\x33\xc6\xb2\xa2\x17\xfa" - "\x64\x19\xc0\x30\xd7\xfc\x14\x6b" - "\xe3\x33\xc2\x04\xb0\x37\xbe\x3f" - "\xa9\xb4\x2d\x68\x03\xa3\x44\xef", - .rlen = 48, - .novrfy = 1, - }, { - .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01" - "\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c" - "\x20\x2c\xad\x30\xc2\x2b\x41\xfb" - "\x0e\x85\xbc\x33\xad\x0f\x2b\xff", - .klen = 32, - .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" - "\x57\xba\xfd\x9e\x00\x00\x00\x00", - .alen = 0, - .input = "\x00", - .ilen = 0, - .result = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2", - .rlen = 8, - }, { - .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" - "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" - "\xa4\x48\x93\x39\x26\x71\x4a\xc6" - "\xae\x8f\x11\x4c\xc2\x9c\x4a\xbb", - .klen = 32, - .iv = "\x03\x85\x34\x66\x42\xc8\x92\x0f" - "\x36\x58\xe0\x6b\x00\x00\x00\x00", - .alen = 0, - .input = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c" - "\xf0\x97\x3a\xfb\x6d\xe7\x32\x99" - "\x3e\xaf\x70\x5e\xb2\x4d\xea\x39" - "\x89\xd4\x75\x7a\x63\xb1\xda\x93", - .ilen = 32, - .result = "\x48\x01\x5e\x02\x24\x04\x66\x47" - "\xa1\xea\x6f\xaf\xe8\xfc\xfb\xdd" - "\xa5\xa9\x87\x8d\x84\xee\x2e\x77" - "\xbb\x86\xb9\xf5\x5c\x6c\xff\xf6" - "\x72\xc3\x8e\xf7\x70\xb1\xb2\x07" - "\xbc\xa8\xa3\xbd\x83\x7c\x1d\x2a", - .rlen = 48, - .novrfy = 1, - }, { - .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" - "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" - "\x29\xa0\xba\x9e\x48\x78\xd1\xba" - "\x0d\x1a\x53\x3b\xb5\xe3\xf8\x8b", - .klen = 32, - .iv = "\x03\xcf\x76\x3f\xd9\x95\x75\x8f" - "\x44\x89\x40\x7b\x00\x00\x00\x00", - .assoc = "\x8f\x86\x6c\x4d\x1d\xc5\x39\x88" - "\xc8\xf3\x5c\x52\x10\x63\x6f\x2b" - "\x8a\x2a\xc5\x6f\x30\x23\x58\x7b" - "\xfb\x36\x03\x11\xb4\xd9\xf2\xfe", - .alen = 32, - .input = "\xc2\x54\xc8\xde\x78\x87\x77\x40" - "\x49\x71\xe4\xb7\xe7\xcb\x76\x61" - "\x0a\x41\xb9\xe9\xc0\x76\x54\xab" - "\x04\x49\x3b\x19\x93\x57\x25\x5d", - .ilen = 32, - .result = "\x48\x58\xd6\xf3\xad\x63\x58\xbf" - "\xae\xc7\x5e\xae\x83\x8f\x7b\xe4" - "\x78\x5c\x4c\x67\x71\x89\x94\xbf" - "\x47\xf1\x63\x7e\x1c\x59\xbd\xc5" - "\x7f\x44\x0a\x0c\x01\x18\x07\x92" - "\xe1\xd3\x51\xce\x32\x6d\x0c\x5b", - .rlen = 48, - }, -}; - -static const struct aead_testvec aes_ccm_dec_tv_template[] = { - { /* From RFC 3610 */ - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x03\x02\x01\x00" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07", - .alen = 8, - .input = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2" - "\xf0\x66\xd0\xc2\xc0\xf9\x89\x80" - "\x6d\x5f\x6b\x61\xda\xc3\x84\x17" - "\xe8\xd1\x2c\xfd\xf9\x26\xe0", - .ilen = 31, - .result = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e", - .rlen = 23, - }, { - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x07\x06\x05\x04" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b", - .alen = 12, - .input = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb" - "\x9d\x4e\x13\x12\x53\x65\x8a\xd8" - "\x6e\xbd\xca\x3e\x51\xe8\x3f\x07" - "\x7d\x9c\x2d\x93", - .ilen = 28, - .result = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13" - "\x14\x15\x16\x17\x18\x19\x1a\x1b" - "\x1c\x1d\x1e\x1f", - .rlen = 20, - }, { - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x0b\x0a\x09\x08" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07", - .alen = 8, - .input = "\x82\x53\x1a\x60\xcc\x24\x94\x5a" - "\x4b\x82\x79\x18\x1a\xb5\xc8\x4d" - "\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1" - "\x97\xea\x9c\x07\xe5\x6b\x5e\xb1" - "\x7e\x5f\x4e", - .ilen = 35, - .result = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x10\x11\x12\x13\x14\x15\x16\x17" - "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" - "\x20", - .rlen = 25, - }, { - .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" - "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", - .klen = 16, - .iv = "\x01\x00\x00\x00\x0c\x0b\x0a\x09" - "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", - .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b", - .alen = 12, - .input = "\x07\x34\x25\x94\x15\x77\x85\x15" - "\x2b\x07\x40\x98\x33\x0a\xbb\x14" - "\x1b\x94\x7b\x56\x6a\xa9\x40\x6b" - "\x4d\x99\x99\x88\xdd", - .ilen = 29, - .result = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13" - "\x14\x15\x16\x17\x18\x19\x1a\x1b" - "\x1c\x1d\x1e", - .rlen = 19, - }, { - .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" - "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", - .klen = 16, - .iv = "\x01\x00\x33\x56\x8e\xf7\xb2\x63" - "\x3c\x96\x96\x76\x6c\xfa\x00\x00", - .assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb", - .alen = 8, - .input = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa" - "\xa0\x72\x6c\x55\xd3\x78\x06\x12" - "\x98\xc8\x5c\x92\x81\x4a\xbc\x33" - "\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a", - .ilen = 32, - .result = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a" - "\xfa\x00\x39\xba\x4b\xaf\xf9\xbf" - "\xb7\x9c\x70\x28\x94\x9c\xd0\xec", - .rlen = 24, - }, { - .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" - "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", - .klen = 16, - .iv = "\x01\x00\xd5\x60\x91\x2d\x3f\x70" - "\x3c\x96\x96\x76\x6c\xfa\x00\x00", - .assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81" - "\x20\xea\x60\xc0", - .alen = 12, - .input = "\x00\x97\x69\xec\xab\xdf\x48\x62" - "\x55\x94\xc5\x92\x51\xe6\x03\x57" - "\x22\x67\x5e\x04\xc8\x47\x09\x9e" - "\x5a\xe0\x70\x45\x51", - .ilen = 29, - .result = "\x64\x35\xac\xba\xfb\x11\xa8\x2e" - "\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9" - "\x3a\x80\x3b\xa8\x7f", - .rlen = 21, - }, { - .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" - "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", - .klen = 16, - .iv = "\x01\x00\x42\xff\xf8\xf1\x95\x1c" - "\x3c\x96\x96\x76\x6c\xfa\x00\x00", - .assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8", - .alen = 8, - .input = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6" - "\xdb\x38\x6a\x99\xac\x1a\xef\x23" - "\xad\xe0\xb5\x29\x39\xcb\x6a\x63" - "\x7c\xf9\xbe\xc2\x40\x88\x97\xc6" - "\xba", - .ilen = 33, - .result = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01" - "\x8e\x5e\x67\x01\xc9\x17\x87\x65" - "\x98\x09\xd6\x7d\xbe\xdd\x18", - .rlen = 23, - }, { - /* This is taken from FIPS CAVS. */ - .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" - "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", - .klen = 16, - .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" - "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", - .alen = 0, - .input = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b", - .ilen = 8, - .result = "\x00", - .rlen = 0, - .novrfy = 1, - }, { - .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" - "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", - .klen = 16, - .iv = "\x03\xaf\x94\x87\x78\x35\x82\x81" - "\x7f\x88\x94\x68\x00\x00\x00\x00", - .alen = 0, - .input = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3", - .ilen = 8, - .result = "\x00", - .rlen = 0, - }, { - .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" - "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", - .klen = 16, - .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" - "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", - .assoc = "\xf3\x94\x87\x78\x35\x82\x81\x7f" - "\x88\x94\x68\xb1\x78\x6b\x2b\xd6" - "\x04\x1f\x4e\xed\x78\xd5\x33\x66" - "\xd8\x94\x99\x91\x81\x54\x62\x57", - .alen = 32, - .input = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55" - "\xd0\xd1\x3d\x1a\xa3\x6d\xe4\x0a" - "\x86\xb0\x87\x6b\x62\x33\x8c\x34" - "\xce\xab\x57\xcc\x79\x0b\xe0\x6f" - "\x5c\x3e\x48\x1f\x6c\x46\xf7\x51" - "\x8b\x84\x83\x2a\xc1\x05\xb8\xc5", - .ilen = 48, - .result = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb" - "\x33\xe4\x73\xce\xd2\xfb\x95\x79" - "\xe8\xb4\xb5\x77\x11\x10\x62\x6f" - "\x6a\x82\xd1\x13\xec\xf5\xd0\x48", - .rlen = 32, - .novrfy = 1, - }, { - .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" - "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", - .klen = 16, - .iv = "\x03\x05\xe0\xc9\x0f\xed\x34\xea" - "\x97\xd4\x3b\xdf\x00\x00\x00\x00", - .assoc = "\x49\x5c\x50\x1f\x1d\x94\xcc\x81" - "\xba\xb7\xb6\x03\xaf\xa5\xc1\xa1" - "\xd8\x5c\x42\x68\xe0\x6c\xda\x89" - "\x05\xac\x56\xac\x1b\x2a\xd3\x86", - .alen = 32, - .input = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c" - "\xad\x83\x52\x6d\x71\x03\x25\x1c" - "\xed\x81\x3a\x9a\x16\x7d\x19\x80" - "\x72\x04\x72\xd0\xf6\xff\x05\x0f" - "\xb7\x14\x30\x00\x32\x9e\xa0\xa6" - "\x9e\x5a\x18\xa1\xb8\xfe\xdb\xd3", - .ilen = 48, - .result = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60" - "\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7" - "\xf2\xae\x61\x05\x8f\x82\x24\x3f" - "\x9c\x67\x91\xe1\x38\x4f\xe4\x0c", - .rlen = 32, - }, { - .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" - "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" - "\xa4\x48\x93\x39\x26\x71\x4a\xc6", - .klen = 24, - .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" - "\x57\xba\xfd\x9e\x00\x00\x00\x00", - .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" - "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" - "\xa4\xf0\x13\x05\xd1\x77\x99\x67" - "\x11\xc4\xc6\xdb\x00\x56\x36\x61", - .alen = 32, - .input = "\x71\x99\xfa\xf4\x44\x12\x68\x9b", - .ilen = 8, - .result = "\x00", - .rlen = 0, - }, { - .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" - "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" - "\x29\xa0\xba\x9e\x48\x78\xd1\xba", - .klen = 24, - .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" - "\x57\xba\xfd\x9e\x00\x00\x00\x00", - .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" - "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" - "\xa4\xf0\x13\x05\xd1\x77\x99\x67" - "\x11\xc4\xc6\xdb\x00\x56\x36\x61", - .alen = 32, - .input = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7" - "\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2" - "\x66\xca\x61\x1e\x96\x7a\x61\xb3" - "\x1c\x16\x45\x52\xba\x04\x9c\x9f" - "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1", - .ilen = 40, - .result = "\x85\x34\x66\x42\xc8\x92\x0f\x36" - "\x58\xe0\x6b\x91\x3c\x98\x5c\xbb" - "\x0a\x85\xcc\x02\xad\x7a\x96\xe9" - "\x65\x43\xa4\xc3\x0f\xdc\x55\x81", - .rlen = 32, - }, { - .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" - "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" - "\x29\xa0\xba\x9e\x48\x78\xd1\xba", - .klen = 24, - .iv = "\x03\xd1\xfc\x57\x9c\xfe\xb8\x9c" - "\xad\x71\xaa\x1f\x00\x00\x00\x00", - .assoc = "\x86\x67\xa5\xa9\x14\x5f\x0d\xc6" - "\xff\x14\xc7\x44\xbf\x6c\x3a\xc3" - "\xff\xb6\x81\xbd\xe2\xd5\x06\xc7" - "\x3c\xa1\x52\x13\x03\x8a\x23\x3a", - .alen = 32, - .input = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00" - "\xc6\x0e\x6e\xe5\xd6\x98\xa6\x37" - "\x8c\x26\x33\xc6\xb2\xa2\x17\xfa" - "\x64\x19\xc0\x30\xd7\xfc\x14\x6b" - "\xe3\x33\xc2\x04\xb0\x37\xbe\x3f" - "\xa9\xb4\x2d\x68\x03\xa3\x44\xef", - .ilen = 48, - .result = "\x02\x87\x4d\x28\x80\x6e\xb2\xed" - "\x99\x2a\xa8\xca\x04\x25\x45\x90" - "\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c" - "\x49\xe9\x01\xfe\xa7\x80\x6d\x6b", - .rlen = 32, - .novrfy = 1, - }, { - .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01" - "\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c" - "\x20\x2c\xad\x30\xc2\x2b\x41\xfb" - "\x0e\x85\xbc\x33\xad\x0f\x2b\xff", - .klen = 32, - .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" - "\x57\xba\xfd\x9e\x00\x00\x00\x00", - .alen = 0, - .input = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2", - .ilen = 8, - .result = "\x00", - .rlen = 0, - }, { - .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" - "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" - "\xa4\x48\x93\x39\x26\x71\x4a\xc6" - "\xae\x8f\x11\x4c\xc2\x9c\x4a\xbb", - .klen = 32, - .iv = "\x03\x85\x34\x66\x42\xc8\x92\x0f" - "\x36\x58\xe0\x6b\x00\x00\x00\x00", - .alen = 0, - .input = "\x48\x01\x5e\x02\x24\x04\x66\x47" - "\xa1\xea\x6f\xaf\xe8\xfc\xfb\xdd" - "\xa5\xa9\x87\x8d\x84\xee\x2e\x77" - "\xbb\x86\xb9\xf5\x5c\x6c\xff\xf6" - "\x72\xc3\x8e\xf7\x70\xb1\xb2\x07" - "\xbc\xa8\xa3\xbd\x83\x7c\x1d\x2a", - .ilen = 48, - .result = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c" - "\xf0\x97\x3a\xfb\x6d\xe7\x32\x99" - "\x3e\xaf\x70\x5e\xb2\x4d\xea\x39" - "\x89\xd4\x75\x7a\x63\xb1\xda\x93", - .rlen = 32, - .novrfy = 1, - }, { - .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" - "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" - "\x29\xa0\xba\x9e\x48\x78\xd1\xba" - "\x0d\x1a\x53\x3b\xb5\xe3\xf8\x8b", - .klen = 32, - .iv = "\x03\xcf\x76\x3f\xd9\x95\x75\x8f" - "\x44\x89\x40\x7b\x00\x00\x00\x00", - .assoc = "\x8f\x86\x6c\x4d\x1d\xc5\x39\x88" - "\xc8\xf3\x5c\x52\x10\x63\x6f\x2b" - "\x8a\x2a\xc5\x6f\x30\x23\x58\x7b" - "\xfb\x36\x03\x11\xb4\xd9\xf2\xfe", - .alen = 32, - .input = "\x48\x58\xd6\xf3\xad\x63\x58\xbf" - "\xae\xc7\x5e\xae\x83\x8f\x7b\xe4" - "\x78\x5c\x4c\x67\x71\x89\x94\xbf" - "\x47\xf1\x63\x7e\x1c\x59\xbd\xc5" - "\x7f\x44\x0a\x0c\x01\x18\x07\x92" - "\xe1\xd3\x51\xce\x32\x6d\x0c\x5b", - .ilen = 48, - .result = "\xc2\x54\xc8\xde\x78\x87\x77\x40" - "\x49\x71\xe4\xb7\xe7\xcb\x76\x61" - "\x0a\x41\xb9\xe9\xc0\x76\x54\xab" - "\x04\x49\x3b\x19\x93\x57\x25\x5d", - .rlen = 32, - }, -}; - -/* - * rfc4309 refers to section 8 of rfc3610 for test vectors, but they all - * use a 13-byte nonce, we only support an 11-byte nonce. Worse, - * they use AD lengths which are not valid ESP header lengths. - * - * These vectors are copied/generated from the ones for rfc4106 with - * the key truncated by one byte.. - */ -static const struct aead_testvec aes_ccm_rfc4309_enc_tv_template[] = { - { /* Generated using Crypto++ */ - .key = zeroed_string, - .klen = 19, - .iv = zeroed_string, - .input = zeroed_string, - .ilen = 16, - .assoc = zeroed_string, - .alen = 16, - .result = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F" - "\x12\x50\xE8\xDE\x81\x3C\x63\x08" - "\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5" - "\x27\x50\x01\xAC\x03\x33\x39\xFB", - .rlen = 32, - },{ - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = zeroed_string, - .ilen = 16, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F" - "\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17" - "\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA" - "\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0", - .rlen = 32, - - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = zeroed_string, - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 16, - .assoc = zeroed_string, - .alen = 16, - .result = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6" - "\x61\xF4\xF5\x41\x03\x4A\xE3\x86" - "\xA1\xE2\xC2\x42\x2B\x81\x70\x40" - "\xFD\x7F\x76\xD1\x03\x07\xBB\x0C", - .rlen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = zeroed_string, - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 16, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .result = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6" - "\x61\xF4\xF5\x41\x03\x4A\xE3\x86" - "\x5B\xC0\x73\xE0\x2B\x73\x68\xC9" - "\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E", - .rlen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 16, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E" - "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16" - "\x43\x8E\x76\x57\x3B\xB4\x05\xE8" - "\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED", - .rlen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .input = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .ilen = 64, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .result = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E" - "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16" - "\x9C\xA4\x97\x83\x3F\x01\xA5\xF4" - "\x43\x09\xE7\xB8\xE9\xD1\xD7\x02" - "\x9B\xAB\x39\x18\xEB\x94\x34\x36" - "\xE6\xC5\xC8\x9B\x00\x81\x9E\x49" - "\x1D\x78\xE1\x48\xE3\xE9\xEA\x8E" - "\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB" - "\x02\x73\xDD\xE7\x30\x4A\x30\x54" - "\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F", - .rlen = 80, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef", - .input = "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff", - .ilen = 192, - .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\x00\x00\x45\x67" - "\x89\xab\xcd\xef", - .alen = 20, - .result = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E" - "\x7C\x64\x6D\x33\x46\x77\xAC\xB1" - "\x5C\x9E\xE2\xC7\x27\x11\x3E\x95" - "\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C" - "\xB4\xE2\xDE\x9F\x53\x59\x26\xDB" - "\x0C\xD4\xE4\x07\x9A\xE6\x3E\x01" - "\x58\x0D\x3E\x3D\xD5\x21\xEB\x04" - "\x06\x9D\x5F\xB9\x02\x49\x1A\x2B" - "\xBA\xF0\x4E\x3B\x85\x50\x5B\x09" - "\xFE\xEC\xFC\x54\xEC\x0C\xE2\x79" - "\x8A\x2F\x5F\xD7\x05\x5D\xF1\x6D" - "\x22\xEB\xD1\x09\x80\x3F\x5A\x70" - "\xB2\xB9\xD3\x63\x99\xC2\x4D\x1B" - "\x36\x12\x00\x89\xAA\x5D\x55\xDA" - "\x1D\x5B\xD8\x3C\x5F\x09\xD2\xE6" - "\x39\x41\x5C\xF0\xBE\x26\x4E\x5F" - "\x2B\x50\x44\x52\xC2\x10\x7D\x38" - "\x82\x64\x83\x0C\xAE\x49\xD0\xE5" - "\x4F\xE5\x66\x4C\x58\x7A\xEE\x43" - "\x3B\x51\xFE\xBA\x24\x8A\xFE\xDC" - "\x19\x6D\x60\x66\x61\xF9\x9A\x3F" - "\x75\xFC\x38\x53\x5B\xB5\xCD\x52" - "\x4F\xE5\xE4\xC9\xFE\x10\xCB\x98" - "\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E" - "\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC" - "\x39\xAB\x63\xA5\x3D\x9C\x51\x8A", - .rlen = 208, - }, { /* From draft-mcgrew-gcm-test-01 */ - .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" - "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" - "\x2E\x44\x3B", - .klen = 19, - .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE", - .input = "\x45\x00\x00\x48\x69\x9A\x00\x00" - "\x80\x11\x4D\xB7\xC0\xA8\x01\x02" - "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56" - "\x38\xD3\x01\x00\x00\x01\x00\x00" - "\x00\x00\x00\x00\x04\x5F\x73\x69" - "\x70\x04\x5F\x75\x64\x70\x03\x73" - "\x69\x70\x09\x63\x79\x62\x65\x72" - "\x63\x69\x74\x79\x02\x64\x6B\x00" - "\x00\x21\x00\x01\x01\x02\x02\x01", - .ilen = 72, - .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" - "\x00\x00\x00\x00\x49\x56\xED\x7E" - "\x3B\x24\x4C\xFE", - .alen = 20, - .result = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB" - "\x83\x60\xF5\xBA\x3A\x56\x79\xE6" - "\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E" - "\x1A\x26\x01\x24\xC7\x2E\x3D\xBF" - "\x29\x2C\x91\xC1\xB8\xA8\xCF\xE0" - "\x39\xF8\x53\x6D\x31\x22\x2B\xBF" - "\x98\x81\xFC\x34\xEE\x85\x36\xCD" - "\x26\xDB\x6C\x7A\x0C\x77\x8A\x35" - "\x18\x85\x54\xB2\xBC\xDD\x3F\x43" - "\x61\x06\x8A\xDF\x86\x3F\xB4\xAC" - "\x97\xDC\xBD\xFD\x92\x10\xC5\xFF", - .rlen = 88, - }, { - .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\x6D\x6A\x8F\x94\x67\x30\x83\x08" - "\xCA\xFE\xBA", - .klen = 19, - .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .input = "\x45\x00\x00\x3E\x69\x8F\x00\x00" - "\x80\x11\x4D\xCC\xC0\xA8\x01\x02" - "\xC0\xA8\x01\x01\x0A\x98\x00\x35" - "\x00\x2A\x23\x43\xB2\xD0\x01\x00" - "\x00\x01\x00\x00\x00\x00\x00\x00" - "\x03\x73\x69\x70\x09\x63\x79\x62" - "\x65\x72\x63\x69\x74\x79\x02\x64" - "\x6B\x00\x00\x01\x00\x01\x00\x01", - .ilen = 64, - .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" - "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .alen = 16, - .result = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8" - "\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16" - "\x56\xC7\xD2\x88\xBA\x8D\x58\xAF" - "\xF5\x71\xB6\x37\x84\xA7\xB1\x99" - "\x51\x5C\x0D\xA0\x27\xDE\xE7\x2D" - "\xEF\x25\x88\x1F\x1D\x77\x11\xFF" - "\xDB\xED\xEE\x56\x16\xC5\x5C\x9B" - "\x00\x62\x1F\x68\x4E\x7C\xA0\x97" - "\x10\x72\x7E\x53\x13\x3B\x68\xE4" - "\x30\x99\x91\x79\x09\xEA\xFF\x6A", - .rlen = 80, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x11\x22\x33", - .klen = 35, - .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", - .input = "\x45\x00\x00\x30\x69\xA6\x40\x00" - "\x80\x06\x26\x90\xC0\xA8\x01\x02" - "\x93\x89\x15\x5E\x0A\x9E\x00\x8B" - "\x2D\xC5\x7E\xE0\x00\x00\x00\x00" - "\x70\x02\x40\x00\x20\xBF\x00\x00" - "\x02\x04\x05\xB4\x01\x01\x04\x02" - "\x01\x02\x02\x01", - .ilen = 52, - .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02" - "\x01\x02\x03\x04\x05\x06\x07\x08", - .alen = 16, - .result = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F" - "\x58\x41\x7E\xFF\x9A\x9E\x09\xB4" - "\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD" - "\x27\x0E\x2C\xF2\xDB\x10\xDF\x55" - "\x8F\x0D\xD7\xAC\x23\xBD\x42\x10" - "\xD0\xB2\xAF\xD8\x37\xAC\x6B\x0B" - "\x11\xD4\x0B\x12\xEC\xB4\xB1\x92" - "\x23\xA6\x10\xB0\x26\xD6\xD9\x26" - "\x5A\x48\x6A\x3E", - .rlen = 68, - }, { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .input = "\x45\x00\x00\x3C\x99\xC5\x00\x00" - "\x80\x01\xCB\x7A\x40\x67\x93\x18" - "\x01\x01\x01\x01\x08\x00\x07\x5C" - "\x02\x00\x44\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x75\x76\x77\x61\x62\x63\x64\x65" - "\x66\x67\x68\x69\x01\x02\x02\x01", - .ilen = 64, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .result = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F" - "\x92\x51\x23\xA4\xC1\x5B\xF0\x10" - "\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC" - "\x89\xC8\xF8\x42\x62\x95\xB7\xCB" - "\xB8\xF5\x0F\x1B\x2E\x94\xA2\xA7" - "\xBF\xFB\x8A\x92\x13\x63\xD1\x3C" - "\x08\xF5\xE8\xA6\xAA\xF6\x34\xF9" - "\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE" - "\x36\x25\xC1\x10\x12\x1C\xCA\x82" - "\xEA\xE6\x63\x5A\x57\x28\xA9\x9A", - .rlen = 80, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x3C\x99\xC3\x00\x00" - "\x80\x01\xCB\x7C\x40\x67\x93\x18" - "\x01\x01\x01\x01\x08\x00\x08\x5C" - "\x02\x00\x43\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x75\x76\x77\x61\x62\x63\x64\x65" - "\x66\x67\x68\x69\x01\x02\x02\x01", - .ilen = 64, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .result = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6" - "\x10\x60\x40\x62\x6B\x4F\x97\x8E" - "\x0B\xB2\x22\x97\xCB\x21\xE0\x90" - "\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B" - "\x79\x01\x58\x50\x01\x06\xE1\xE0" - "\x2C\x83\x79\xD3\xDE\x46\x97\x1A" - "\x30\xB8\xE5\xDF\xD7\x12\x56\x75" - "\xD0\x95\xB7\xB8\x91\x42\xF7\xFD" - "\x97\x57\xCA\xC1\x20\xD0\x86\xB9" - "\x66\x9D\xB4\x2B\x96\x22\xAC\x67", - .rlen = 80, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x1C\x42\xA2\x00\x00" - "\x80\x01\x44\x1F\x40\x67\x93\xB6" - "\xE0\x00\x00\x02\x0A\x00\xF5\xFF" - "\x01\x02\x02\x01", - .ilen = 28, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .result = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6" - "\x10\x60\xCF\x01\x6B\x4F\x97\x20" - "\xEA\xB3\x23\x94\xC9\x21\x1D\x33" - "\xA1\xE5\x90\x40\x05\x37\x45\x70" - "\xB5\xD6\x09\x0A\x23\x73\x33\xF9" - "\x08\xB4\x22\xE4", - .rlen = 44, - }, { - .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\x6D\x6A\x8F\x94\x67\x30\x83\x08" - "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\xCA\xFE\xBA", - .klen = 27, - .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .input = "\x45\x00\x00\x28\xA4\xAD\x40\x00" - "\x40\x06\x78\x80\x0A\x01\x03\x8F" - "\x0A\x01\x06\x12\x80\x23\x06\xB8" - "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E" - "\x50\x10\x16\xD0\x75\x68\x00\x01", - .ilen = 40, - .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" - "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .alen = 16, - .result = "\x05\x22\x15\xD1\x52\x56\x85\x04" - "\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA" - "\xEA\x16\x37\x50\xF3\xDF\x84\x3B" - "\x2F\x32\x18\x57\x34\x2A\x8C\x23" - "\x67\xDF\x6D\x35\x7B\x54\x0D\xFB" - "\x34\xA5\x9F\x6C\x48\x30\x1E\x22" - "\xFE\xB1\x22\x17\x17\x8A\xB9\x5B", - .rlen = 56, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xDE\xCA\xF8", - .klen = 19, - .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .input = "\x45\x00\x00\x49\x33\xBA\x00\x00" - "\x7F\x11\x91\x06\xC3\xFB\x1D\x10" - "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" - "\x00\x35\xDD\x7B\x80\x03\x02\xD5" - "\x00\x00\x4E\x20\x00\x1E\x8C\x18" - "\xD7\x5B\x81\xDC\x91\xBA\xA0\x47" - "\x6B\x91\xB9\x24\xB2\x80\x38\x9D" - "\x92\xC9\x63\xBA\xC0\x46\xEC\x95" - "\x9B\x62\x66\xC0\x47\x22\xB1\x49" - "\x23\x01\x01\x01", - .ilen = 76, - .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" - "\xCE\xFA\xCE\x74", - .alen = 20, - .result = "\x92\xD0\x53\x79\x33\x38\xD5\xF3" - "\x7D\xE4\x7A\x8E\x86\x03\xC9\x90" - "\x96\x35\xAB\x9C\xFB\xE8\xA3\x76" - "\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00" - "\xFA\xCE\xB5\x9E\x02\xA7\x7B\xEA" - "\x71\x9A\x58\xFB\xA5\x8A\xE1\xB7" - "\x9C\x39\x9D\xE3\xB5\x6E\x69\xE6" - "\x63\xC9\xDB\x05\x69\x51\x12\xAD" - "\x3E\x00\x32\x73\x86\xF2\xEE\xF5" - "\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D" - "\x76\xD6\x55\xC6\xB4\xC2\x34\xC7" - "\x12\x25\x0B\xF9", - .rlen = 92, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x73\x61\x6C", - .klen = 35, - .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .input = "\x45\x08\x00\x28\x73\x2C\x00\x00" - "\x40\x06\xE9\xF9\x0A\x01\x06\x12" - "\x0A\x01\x03\x8F\x06\xB8\x80\x23" - "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02" - "\x50\x10\x1F\x64\x6D\x54\x00\x01", - .ilen = 40, - .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" - "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" - "\x69\x76\x65\x63", - .alen = 20, - .result = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42" - "\x2C\x64\x87\x46\x1E\x34\x10\x05" - "\x29\x6B\xBB\x36\xE9\x69\xAD\x92" - "\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D" - "\x08\xBA\xF3\x91\xCA\xAA\x61\xDA" - "\x62\xF4\x14\x61\x5C\x9D\xB5\xA7" - "\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D", - .rlen = 56, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x49\x33\x3E\x00\x00" - "\x7F\x11\x91\x82\xC3\xFB\x1D\x10" - "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" - "\x00\x35\xCB\x45\x80\x03\x02\x5B" - "\x00\x00\x01\xE0\x00\x1E\x8C\x18" - "\xD6\x57\x59\xD5\x22\x84\xA0\x35" - "\x2C\x71\x47\x5C\x88\x80\x39\x1C" - "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32" - "\x5A\xE2\x70\xC0\x38\x99\x49\x39" - "\x15\x01\x01\x01", - .ilen = 76, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .result = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6" - "\xEF\x70\x1A\x9C\xE8\xD3\x19\x86" - "\xC8\x02\xF0\xB0\x03\x09\xD9\x02" - "\xA0\xD2\x59\x04\xD1\x85\x2A\x24" - "\x1C\x67\x3E\xD8\x68\x72\x06\x94" - "\x97\xBA\x4F\x76\x8D\xB0\x44\x5B" - "\x69\xBF\xD5\xE2\x3D\xF1\x0B\x0C" - "\xC0\xBF\xB1\x8F\x70\x09\x9E\xCE" - "\xA5\xF2\x55\x58\x84\xFA\xF9\xB5" - "\x23\xF4\x84\x40\x74\x14\x8A\x6B" - "\xDB\xD7\x67\xED\xA4\x93\xF3\x47" - "\xCC\xF7\x46\x6F", - .rlen = 92, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x73\x61\x6C", - .klen = 35, - .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .input = "\x63\x69\x73\x63\x6F\x01\x72\x75" - "\x6C\x65\x73\x01\x74\x68\x65\x01" - "\x6E\x65\x74\x77\x65\x01\x64\x65" - "\x66\x69\x6E\x65\x01\x74\x68\x65" - "\x74\x65\x63\x68\x6E\x6F\x6C\x6F" - "\x67\x69\x65\x73\x01\x74\x68\x61" - "\x74\x77\x69\x6C\x6C\x01\x64\x65" - "\x66\x69\x6E\x65\x74\x6F\x6D\x6F" - "\x72\x72\x6F\x77\x01\x02\x02\x01", - .ilen = 72, - .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" - "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" - "\x69\x76\x65\x63", - .alen = 20, - .result = "\xEA\x15\xC4\x98\xAC\x15\x22\x37" - "\x00\x07\x1D\xBE\x60\x5D\x73\x16" - "\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4" - "\x39\xA3\xD1\xB1\x21\x0A\x92\x1A" - "\x2C\xCF\x8F\x9D\xC9\x91\x0D\xB4" - "\x15\xFC\xBC\xA5\xC5\xBF\x54\xE5" - "\x1C\xC7\x32\x41\x07\x7B\x2C\xB6" - "\x5C\x23\x7C\x93\xEA\xEF\x23\x1C" - "\x73\xF4\xE7\x12\x84\x4C\x37\x0A" - "\x4A\x8F\x06\x37\x48\xF9\xF9\x05" - "\x55\x13\x40\xC3\xD5\x55\x3A\x3D", - .rlen = 88, - }, { - .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25" - "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47" - "\xD9\x66\x42", - .klen = 19, - .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .input = "\x01\x02\x02\x01", - .ilen = 4, - .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF" - "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .alen = 16, - .result = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD" - "\xD0\xD8\x60\x9D\x8B\xEF\x85\x90" - "\xF7\x61\x24\x62", - .rlen = 20, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xDE\xCA\xF8", - .klen = 19, - .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .input = "\x74\x6F\x01\x62\x65\x01\x6F\x72" - "\x01\x6E\x6F\x74\x01\x74\x6F\x01" - "\x62\x65\x00\x01", - .ilen = 20, - .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" - "\xCE\xFA\xCE\x74", - .alen = 20, - .result = "\xA3\xBF\x52\x52\x65\x83\xBA\x81" - "\x03\x9B\x84\xFC\x44\x8C\xBB\x81" - "\x36\xE1\x78\xBB\xA5\x49\x3A\xD0" - "\xF0\x6B\x21\xAF\x98\xC0\x34\xDC" - "\x17\x17\x65\xAD", - .rlen = 36, - }, { - .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65" - "\x6D\x61\x72\x69\x6A\x75\x61\x6E" - "\x61\x61\x6E\x64\x64\x6F\x69\x74" - "\x62\x65\x66\x6F\x72\x65\x69\x61" - "\x74\x75\x72", - .klen = 35, - .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D", - .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00" - "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" - "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .ilen = 52, - .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\x33\x30\x21\x69" - "\x67\x65\x74\x6D", - .alen = 20, - .result = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10" - "\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A" - "\x48\x59\x80\x18\x1A\x18\x1A\x04" - "\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75" - "\x92\x9C\x52\x5C\x0B\xFB\xF8\xAF" - "\x16\xC3\x35\xA8\xE7\xCE\x84\x04" - "\xEB\x40\x6B\x7A\x8E\x75\xBB\x42" - "\xE0\x63\x4B\x21\x44\xA2\x2B\x2B" - "\x39\xDB\xC8\xDC", - .rlen = 68, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .input = "\x45\x00\x00\x30\xDA\x3A\x00\x00" - "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" - "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .ilen = 52, - .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .result = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6" - "\x10\x60\x54\x25\xEB\x80\x04\x93" - "\xCA\x1B\x23\x97\xCB\x21\x2E\x01" - "\xA2\xE7\x95\x41\x30\xE4\x4B\x1B" - "\x79\x01\x58\x50\x01\x06\xE1\xE0" - "\x2C\x83\x79\xD3\xDE\x46\x97\x1A" - "\x44\xCC\x90\xBF\x00\x94\x94\x92" - "\x20\x17\x0C\x1B\x55\xDE\x7E\x68" - "\xF4\x95\x5D\x4F", - .rlen = 68, - }, { - .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" - "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" - "\x22\x43\x3C", - .klen = 19, - .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD", - .input = "\x08\x00\xC6\xCD\x02\x00\x07\x00" - "\x61\x62\x63\x64\x65\x66\x67\x68" - "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70" - "\x71\x72\x73\x74\x01\x02\x02\x01", - .ilen = 32, - .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" - "\x00\x00\x00\x07\x48\x55\xEC\x7D" - "\x3A\x23\x4B\xFD", - .alen = 20, - .result = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02" - "\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F" - "\xF8\xA3\x4C\x53\xB8\x12\x09\xBF" - "\x58\x7D\xCF\x29\xA3\x41\x68\x6B" - "\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F" - "\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6", - .rlen = 48, - } -}; - -static const struct aead_testvec aes_ccm_rfc4309_dec_tv_template[] = { - { /* Generated using Crypto++ */ - .key = zeroed_string, - .klen = 19, - .iv = zeroed_string, - .result = zeroed_string, - .rlen = 16, - .assoc = zeroed_string, - .alen = 16, - .input = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F" - "\x12\x50\xE8\xDE\x81\x3C\x63\x08" - "\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5" - "\x27\x50\x01\xAC\x03\x33\x39\xFB", - .ilen = 32, - },{ - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .result = zeroed_string, - .rlen = 16, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .input = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F" - "\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17" - "\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA" - "\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0", - .ilen = 32, - - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = zeroed_string, - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 16, - .assoc = zeroed_string, - .alen = 16, - .input = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6" - "\x61\xF4\xF5\x41\x03\x4A\xE3\x86" - "\xA1\xE2\xC2\x42\x2B\x81\x70\x40" - "\xFD\x7F\x76\xD1\x03\x07\xBB\x0C", - .ilen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = zeroed_string, - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 16, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6" - "\x61\xF4\xF5\x41\x03\x4A\xE3\x86" - "\x5B\xC0\x73\xE0\x2B\x73\x68\xC9" - "\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E", - .ilen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 16, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .input = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E" - "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16" - "\x43\x8E\x76\x57\x3B\xB4\x05\xE8" - "\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED", - .ilen = 32, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", - .result = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x01\x01\x01\x01\x01\x01\x01\x01", - .rlen = 64, - .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" - "\x00\x00\x00\x00\x00\x00\x00\x01", - .alen = 16, - .input = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E" - "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16" - "\x9C\xA4\x97\x83\x3F\x01\xA5\xF4" - "\x43\x09\xE7\xB8\xE9\xD1\xD7\x02" - "\x9B\xAB\x39\x18\xEB\x94\x34\x36" - "\xE6\xC5\xC8\x9B\x00\x81\x9E\x49" - "\x1D\x78\xE1\x48\xE3\xE9\xEA\x8E" - "\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB" - "\x02\x73\xDD\xE7\x30\x4A\x30\x54" - "\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F", - .ilen = 80, - }, { - .key = "\x00\x01\x02\x03\x04\x05\x06\x07" - "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef", - .result = "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff" - "\xff\xff\xff\xff\xff\xff\xff\xff", - .rlen = 192, - .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" - "\xaa\xaa\xaa\xaa\x00\x00\x45\x67" - "\x89\xab\xcd\xef", - .alen = 20, - .input = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E" - "\x7C\x64\x6D\x33\x46\x77\xAC\xB1" - "\x5C\x9E\xE2\xC7\x27\x11\x3E\x95" - "\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C" - "\xB4\xE2\xDE\x9F\x53\x59\x26\xDB" - "\x0C\xD4\xE4\x07\x9A\xE6\x3E\x01" - "\x58\x0D\x3E\x3D\xD5\x21\xEB\x04" - "\x06\x9D\x5F\xB9\x02\x49\x1A\x2B" - "\xBA\xF0\x4E\x3B\x85\x50\x5B\x09" - "\xFE\xEC\xFC\x54\xEC\x0C\xE2\x79" - "\x8A\x2F\x5F\xD7\x05\x5D\xF1\x6D" - "\x22\xEB\xD1\x09\x80\x3F\x5A\x70" - "\xB2\xB9\xD3\x63\x99\xC2\x4D\x1B" - "\x36\x12\x00\x89\xAA\x5D\x55\xDA" - "\x1D\x5B\xD8\x3C\x5F\x09\xD2\xE6" - "\x39\x41\x5C\xF0\xBE\x26\x4E\x5F" - "\x2B\x50\x44\x52\xC2\x10\x7D\x38" - "\x82\x64\x83\x0C\xAE\x49\xD0\xE5" - "\x4F\xE5\x66\x4C\x58\x7A\xEE\x43" - "\x3B\x51\xFE\xBA\x24\x8A\xFE\xDC" - "\x19\x6D\x60\x66\x61\xF9\x9A\x3F" - "\x75\xFC\x38\x53\x5B\xB5\xCD\x52" - "\x4F\xE5\xE4\xC9\xFE\x10\xCB\x98" - "\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E" - "\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC" - "\x39\xAB\x63\xA5\x3D\x9C\x51\x8A", - .ilen = 208, - }, { /* From draft-mcgrew-gcm-test-01 */ - .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" - "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" - "\x2E\x44\x3B", - .klen = 19, - .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE", - .result = "\x45\x00\x00\x48\x69\x9A\x00\x00" - "\x80\x11\x4D\xB7\xC0\xA8\x01\x02" - "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56" - "\x38\xD3\x01\x00\x00\x01\x00\x00" - "\x00\x00\x00\x00\x04\x5F\x73\x69" - "\x70\x04\x5F\x75\x64\x70\x03\x73" - "\x69\x70\x09\x63\x79\x62\x65\x72" - "\x63\x69\x74\x79\x02\x64\x6B\x00" - "\x00\x21\x00\x01\x01\x02\x02\x01", - .rlen = 72, - .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" - "\x00\x00\x00\x00\x49\x56\xED\x7E" - "\x3B\x24\x4C\xFE", - .alen = 20, - .input = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB" - "\x83\x60\xF5\xBA\x3A\x56\x79\xE6" - "\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E" - "\x1A\x26\x01\x24\xC7\x2E\x3D\xBF" - "\x29\x2C\x91\xC1\xB8\xA8\xCF\xE0" - "\x39\xF8\x53\x6D\x31\x22\x2B\xBF" - "\x98\x81\xFC\x34\xEE\x85\x36\xCD" - "\x26\xDB\x6C\x7A\x0C\x77\x8A\x35" - "\x18\x85\x54\xB2\xBC\xDD\x3F\x43" - "\x61\x06\x8A\xDF\x86\x3F\xB4\xAC" - "\x97\xDC\xBD\xFD\x92\x10\xC5\xFF", - .ilen = 88, - }, { - .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\x6D\x6A\x8F\x94\x67\x30\x83\x08" - "\xCA\xFE\xBA", - .klen = 19, - .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .result = "\x45\x00\x00\x3E\x69\x8F\x00\x00" - "\x80\x11\x4D\xCC\xC0\xA8\x01\x02" - "\xC0\xA8\x01\x01\x0A\x98\x00\x35" - "\x00\x2A\x23\x43\xB2\xD0\x01\x00" - "\x00\x01\x00\x00\x00\x00\x00\x00" - "\x03\x73\x69\x70\x09\x63\x79\x62" - "\x65\x72\x63\x69\x74\x79\x02\x64" - "\x6B\x00\x00\x01\x00\x01\x00\x01", - .rlen = 64, - .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" - "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .alen = 16, - .input = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8" - "\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16" - "\x56\xC7\xD2\x88\xBA\x8D\x58\xAF" - "\xF5\x71\xB6\x37\x84\xA7\xB1\x99" - "\x51\x5C\x0D\xA0\x27\xDE\xE7\x2D" - "\xEF\x25\x88\x1F\x1D\x77\x11\xFF" - "\xDB\xED\xEE\x56\x16\xC5\x5C\x9B" - "\x00\x62\x1F\x68\x4E\x7C\xA0\x97" - "\x10\x72\x7E\x53\x13\x3B\x68\xE4" - "\x30\x99\x91\x79\x09\xEA\xFF\x6A", - .ilen = 80, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x11\x22\x33", - .klen = 35, - .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", - .result = "\x45\x00\x00\x30\x69\xA6\x40\x00" - "\x80\x06\x26\x90\xC0\xA8\x01\x02" - "\x93\x89\x15\x5E\x0A\x9E\x00\x8B" - "\x2D\xC5\x7E\xE0\x00\x00\x00\x00" - "\x70\x02\x40\x00\x20\xBF\x00\x00" - "\x02\x04\x05\xB4\x01\x01\x04\x02" - "\x01\x02\x02\x01", - .rlen = 52, - .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02" - "\x01\x02\x03\x04\x05\x06\x07\x08", - .alen = 16, - .input = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F" - "\x58\x41\x7E\xFF\x9A\x9E\x09\xB4" - "\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD" - "\x27\x0E\x2C\xF2\xDB\x10\xDF\x55" - "\x8F\x0D\xD7\xAC\x23\xBD\x42\x10" - "\xD0\xB2\xAF\xD8\x37\xAC\x6B\x0B" - "\x11\xD4\x0B\x12\xEC\xB4\xB1\x92" - "\x23\xA6\x10\xB0\x26\xD6\xD9\x26" - "\x5A\x48\x6A\x3E", - .ilen = 68, - }, { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00", - .klen = 19, - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", - .result = "\x45\x00\x00\x3C\x99\xC5\x00\x00" - "\x80\x01\xCB\x7A\x40\x67\x93\x18" - "\x01\x01\x01\x01\x08\x00\x07\x5C" - "\x02\x00\x44\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x75\x76\x77\x61\x62\x63\x64\x65" - "\x66\x67\x68\x69\x01\x02\x02\x01", - .rlen = 64, - .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .alen = 16, - .input = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F" - "\x92\x51\x23\xA4\xC1\x5B\xF0\x10" - "\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC" - "\x89\xC8\xF8\x42\x62\x95\xB7\xCB" - "\xB8\xF5\x0F\x1B\x2E\x94\xA2\xA7" - "\xBF\xFB\x8A\x92\x13\x63\xD1\x3C" - "\x08\xF5\xE8\xA6\xAA\xF6\x34\xF9" - "\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE" - "\x36\x25\xC1\x10\x12\x1C\xCA\x82" - "\xEA\xE6\x63\x5A\x57\x28\xA9\x9A", - .ilen = 80, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x3C\x99\xC3\x00\x00" - "\x80\x01\xCB\x7C\x40\x67\x93\x18" - "\x01\x01\x01\x01\x08\x00\x08\x5C" - "\x02\x00\x43\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x75\x76\x77\x61\x62\x63\x64\x65" - "\x66\x67\x68\x69\x01\x02\x02\x01", - .rlen = 64, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6" - "\x10\x60\x40\x62\x6B\x4F\x97\x8E" - "\x0B\xB2\x22\x97\xCB\x21\xE0\x90" - "\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B" - "\x79\x01\x58\x50\x01\x06\xE1\xE0" - "\x2C\x83\x79\xD3\xDE\x46\x97\x1A" - "\x30\xB8\xE5\xDF\xD7\x12\x56\x75" - "\xD0\x95\xB7\xB8\x91\x42\xF7\xFD" - "\x97\x57\xCA\xC1\x20\xD0\x86\xB9" - "\x66\x9D\xB4\x2B\x96\x22\xAC\x67", - .ilen = 80, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x1C\x42\xA2\x00\x00" - "\x80\x01\x44\x1F\x40\x67\x93\xB6" - "\xE0\x00\x00\x02\x0A\x00\xF5\xFF" - "\x01\x02\x02\x01", - .rlen = 28, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6" - "\x10\x60\xCF\x01\x6B\x4F\x97\x20" - "\xEA\xB3\x23\x94\xC9\x21\x1D\x33" - "\xA1\xE5\x90\x40\x05\x37\x45\x70" - "\xB5\xD6\x09\x0A\x23\x73\x33\xF9" - "\x08\xB4\x22\xE4", - .ilen = 44, - }, { - .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\x6D\x6A\x8F\x94\x67\x30\x83\x08" - "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" - "\xCA\xFE\xBA", - .klen = 27, - .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .result = "\x45\x00\x00\x28\xA4\xAD\x40\x00" - "\x40\x06\x78\x80\x0A\x01\x03\x8F" - "\x0A\x01\x06\x12\x80\x23\x06\xB8" - "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E" - "\x50\x10\x16\xD0\x75\x68\x00\x01", - .rlen = 40, - .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" - "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", - .alen = 16, - .input = "\x05\x22\x15\xD1\x52\x56\x85\x04" - "\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA" - "\xEA\x16\x37\x50\xF3\xDF\x84\x3B" - "\x2F\x32\x18\x57\x34\x2A\x8C\x23" - "\x67\xDF\x6D\x35\x7B\x54\x0D\xFB" - "\x34\xA5\x9F\x6C\x48\x30\x1E\x22" - "\xFE\xB1\x22\x17\x17\x8A\xB9\x5B", - .ilen = 56, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xDE\xCA\xF8", - .klen = 19, - .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .result = "\x45\x00\x00\x49\x33\xBA\x00\x00" - "\x7F\x11\x91\x06\xC3\xFB\x1D\x10" - "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" - "\x00\x35\xDD\x7B\x80\x03\x02\xD5" - "\x00\x00\x4E\x20\x00\x1E\x8C\x18" - "\xD7\x5B\x81\xDC\x91\xBA\xA0\x47" - "\x6B\x91\xB9\x24\xB2\x80\x38\x9D" - "\x92\xC9\x63\xBA\xC0\x46\xEC\x95" - "\x9B\x62\x66\xC0\x47\x22\xB1\x49" - "\x23\x01\x01\x01", - .rlen = 76, - .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" - "\xCE\xFA\xCE\x74", - .alen = 20, - .input = "\x92\xD0\x53\x79\x33\x38\xD5\xF3" - "\x7D\xE4\x7A\x8E\x86\x03\xC9\x90" - "\x96\x35\xAB\x9C\xFB\xE8\xA3\x76" - "\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00" - "\xFA\xCE\xB5\x9E\x02\xA7\x7B\xEA" - "\x71\x9A\x58\xFB\xA5\x8A\xE1\xB7" - "\x9C\x39\x9D\xE3\xB5\x6E\x69\xE6" - "\x63\xC9\xDB\x05\x69\x51\x12\xAD" - "\x3E\x00\x32\x73\x86\xF2\xEE\xF5" - "\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D" - "\x76\xD6\x55\xC6\xB4\xC2\x34\xC7" - "\x12\x25\x0B\xF9", - .ilen = 92, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x73\x61\x6C", - .klen = 35, - .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .result = "\x45\x08\x00\x28\x73\x2C\x00\x00" - "\x40\x06\xE9\xF9\x0A\x01\x06\x12" - "\x0A\x01\x03\x8F\x06\xB8\x80\x23" - "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02" - "\x50\x10\x1F\x64\x6D\x54\x00\x01", - .rlen = 40, - .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" - "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" - "\x69\x76\x65\x63", - .alen = 20, - .input = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42" - "\x2C\x64\x87\x46\x1E\x34\x10\x05" - "\x29\x6B\xBB\x36\xE9\x69\xAD\x92" - "\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D" - "\x08\xBA\xF3\x91\xCA\xAA\x61\xDA" - "\x62\xF4\x14\x61\x5C\x9D\xB5\xA7" - "\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D", - .ilen = 56, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x49\x33\x3E\x00\x00" - "\x7F\x11\x91\x82\xC3\xFB\x1D\x10" - "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" - "\x00\x35\xCB\x45\x80\x03\x02\x5B" - "\x00\x00\x01\xE0\x00\x1E\x8C\x18" - "\xD6\x57\x59\xD5\x22\x84\xA0\x35" - "\x2C\x71\x47\x5C\x88\x80\x39\x1C" - "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32" - "\x5A\xE2\x70\xC0\x38\x99\x49\x39" - "\x15\x01\x01\x01", - .rlen = 76, - .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6" - "\xEF\x70\x1A\x9C\xE8\xD3\x19\x86" - "\xC8\x02\xF0\xB0\x03\x09\xD9\x02" - "\xA0\xD2\x59\x04\xD1\x85\x2A\x24" - "\x1C\x67\x3E\xD8\x68\x72\x06\x94" - "\x97\xBA\x4F\x76\x8D\xB0\x44\x5B" - "\x69\xBF\xD5\xE2\x3D\xF1\x0B\x0C" - "\xC0\xBF\xB1\x8F\x70\x09\x9E\xCE" - "\xA5\xF2\x55\x58\x84\xFA\xF9\xB5" - "\x23\xF4\x84\x40\x74\x14\x8A\x6B" - "\xDB\xD7\x67\xED\xA4\x93\xF3\x47" - "\xCC\xF7\x46\x6F", - .ilen = 92, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\x73\x61\x6C", - .klen = 35, - .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", - .result = "\x63\x69\x73\x63\x6F\x01\x72\x75" - "\x6C\x65\x73\x01\x74\x68\x65\x01" - "\x6E\x65\x74\x77\x65\x01\x64\x65" - "\x66\x69\x6E\x65\x01\x74\x68\x65" - "\x74\x65\x63\x68\x6E\x6F\x6C\x6F" - "\x67\x69\x65\x73\x01\x74\x68\x61" - "\x74\x77\x69\x6C\x6C\x01\x64\x65" - "\x66\x69\x6E\x65\x74\x6F\x6D\x6F" - "\x72\x72\x6F\x77\x01\x02\x02\x01", - .rlen = 72, - .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" - "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" - "\x69\x76\x65\x63", - .alen = 20, - .input = "\xEA\x15\xC4\x98\xAC\x15\x22\x37" - "\x00\x07\x1D\xBE\x60\x5D\x73\x16" - "\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4" - "\x39\xA3\xD1\xB1\x21\x0A\x92\x1A" - "\x2C\xCF\x8F\x9D\xC9\x91\x0D\xB4" - "\x15\xFC\xBC\xA5\xC5\xBF\x54\xE5" - "\x1C\xC7\x32\x41\x07\x7B\x2C\xB6" - "\x5C\x23\x7C\x93\xEA\xEF\x23\x1C" - "\x73\xF4\xE7\x12\x84\x4C\x37\x0A" - "\x4A\x8F\x06\x37\x48\xF9\xF9\x05" - "\x55\x13\x40\xC3\xD5\x55\x3A\x3D", - .ilen = 88, - }, { - .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25" - "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47" - "\xD9\x66\x42", - .klen = 19, - .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .result = "\x01\x02\x02\x01", - .rlen = 4, - .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF" - "\x43\x45\x7E\x91\x82\x44\x3B\xC6", - .alen = 16, - .input = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD" - "\xD0\xD8\x60\x9D\x8B\xEF\x85\x90" - "\xF7\x61\x24\x62", - .ilen = 20, - }, { - .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" - "\x34\x45\x56\x67\x78\x89\x9A\xAB" - "\xDE\xCA\xF8", - .klen = 19, - .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", - .result = "\x74\x6F\x01\x62\x65\x01\x6F\x72" - "\x01\x6E\x6F\x74\x01\x74\x6F\x01" - "\x62\x65\x00\x01", - .rlen = 20, - .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" - "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" - "\xCE\xFA\xCE\x74", - .alen = 20, - .input = "\xA3\xBF\x52\x52\x65\x83\xBA\x81" - "\x03\x9B\x84\xFC\x44\x8C\xBB\x81" - "\x36\xE1\x78\xBB\xA5\x49\x3A\xD0" - "\xF0\x6B\x21\xAF\x98\xC0\x34\xDC" - "\x17\x17\x65\xAD", - .ilen = 36, - }, { - .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65" - "\x6D\x61\x72\x69\x6A\x75\x61\x6E" - "\x61\x61\x6E\x64\x64\x6F\x69\x74" - "\x62\x65\x66\x6F\x72\x65\x69\x61" - "\x74\x75\x72", - .klen = 35, - .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D", - .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00" - "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" - "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .rlen = 52, - .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\x33\x30\x21\x69" - "\x67\x65\x74\x6D", - .alen = 20, - .input = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10" - "\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A" - "\x48\x59\x80\x18\x1A\x18\x1A\x04" - "\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75" - "\x92\x9C\x52\x5C\x0B\xFB\xF8\xAF" - "\x16\xC3\x35\xA8\xE7\xCE\x84\x04" - "\xEB\x40\x6B\x7A\x8E\x75\xBB\x42" - "\xE0\x63\x4B\x21\x44\xA2\x2B\x2B" - "\x39\xDB\xC8\xDC", - .ilen = 68, - }, { - .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" - "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" - "\x57\x69\x0E", - .klen = 19, - .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", - .result = "\x45\x00\x00\x30\xDA\x3A\x00\x00" - "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" - "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" - "\x02\x00\x07\x00\x61\x62\x63\x64" - "\x65\x66\x67\x68\x69\x6A\x6B\x6C" - "\x6D\x6E\x6F\x70\x71\x72\x73\x74" - "\x01\x02\x02\x01", - .rlen = 52, - .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10" - "\x10\x10\x10\x10\x4E\x28\x00\x00" - "\xA2\xFC\xA1\xA3", - .alen = 20, - .input = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6" - "\x10\x60\x54\x25\xEB\x80\x04\x93" - "\xCA\x1B\x23\x97\xCB\x21\x2E\x01" - "\xA2\xE7\x95\x41\x30\xE4\x4B\x1B" - "\x79\x01\x58\x50\x01\x06\xE1\xE0" - "\x2C\x83\x79\xD3\xDE\x46\x97\x1A" - "\x44\xCC\x90\xBF\x00\x94\x94\x92" - "\x20\x17\x0C\x1B\x55\xDE\x7E\x68" - "\xF4\x95\x5D\x4F", - .ilen = 68, - }, { - .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" - "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" - "\x22\x43\x3C", - .klen = 19, - .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD", - .result = "\x08\x00\xC6\xCD\x02\x00\x07\x00" - "\x61\x62\x63\x64\x65\x66\x67\x68" - "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70" - "\x71\x72\x73\x74\x01\x02\x02\x01", - .rlen = 32, - .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" - "\x00\x00\x00\x07\x48\x55\xEC\x7D" - "\x3A\x23\x4B\xFD", - .alen = 20, - .input = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02" - "\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F" - "\xF8\xA3\x4C\x53\xB8\x12\x09\xBF" - "\x58\x7D\xCF\x29\xA3\x41\x68\x6B" - "\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F" - "\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6", - .ilen = 48, - } -}; - -/* - * ChaCha20-Poly1305 AEAD test vectors from RFC7539 2.8.2./A.5. - */ -static const struct aead_testvec rfc7539_enc_tv_template[] = { - { - .key = "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f", - .klen = 32, - .iv = "\x07\x00\x00\x00\x40\x41\x42\x43" - "\x44\x45\x46\x47", - .assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3" - "\xc4\xc5\xc6\xc7", - .alen = 12, - .input = "\x4c\x61\x64\x69\x65\x73\x20\x61" - "\x6e\x64\x20\x47\x65\x6e\x74\x6c" - "\x65\x6d\x65\x6e\x20\x6f\x66\x20" - "\x74\x68\x65\x20\x63\x6c\x61\x73" - "\x73\x20\x6f\x66\x20\x27\x39\x39" - "\x3a\x20\x49\x66\x20\x49\x20\x63" - "\x6f\x75\x6c\x64\x20\x6f\x66\x66" - "\x65\x72\x20\x79\x6f\x75\x20\x6f" - "\x6e\x6c\x79\x20\x6f\x6e\x65\x20" - "\x74\x69\x70\x20\x66\x6f\x72\x20" - "\x74\x68\x65\x20\x66\x75\x74\x75" - "\x72\x65\x2c\x20\x73\x75\x6e\x73" - "\x63\x72\x65\x65\x6e\x20\x77\x6f" - "\x75\x6c\x64\x20\x62\x65\x20\x69" - "\x74\x2e", - .ilen = 114, - .result = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb" - "\x7b\x86\xaf\xbc\x53\xef\x7e\xc2" - "\xa4\xad\xed\x51\x29\x6e\x08\xfe" - "\xa9\xe2\xb5\xa7\x36\xee\x62\xd6" - "\x3d\xbe\xa4\x5e\x8c\xa9\x67\x12" - "\x82\xfa\xfb\x69\xda\x92\x72\x8b" - "\x1a\x71\xde\x0a\x9e\x06\x0b\x29" - "\x05\xd6\xa5\xb6\x7e\xcd\x3b\x36" - "\x92\xdd\xbd\x7f\x2d\x77\x8b\x8c" - "\x98\x03\xae\xe3\x28\x09\x1b\x58" - "\xfa\xb3\x24\xe4\xfa\xd6\x75\x94" - "\x55\x85\x80\x8b\x48\x31\xd7\xbc" - "\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d" - "\xe5\x76\xd2\x65\x86\xce\xc6\x4b" - "\x61\x16\x1a\xe1\x0b\x59\x4f\x09" - "\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60" - "\x06\x91", - .rlen = 130, - }, { - .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" - "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" - "\x47\x39\x17\xc1\x40\x2b\x80\x09" - "\x9d\xca\x5c\xbc\x20\x70\x75\xc0", - .klen = 32, - .iv = "\x00\x00\x00\x00\x01\x02\x03\x04" - "\x05\x06\x07\x08", - .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00" - "\x00\x00\x4e\x91", - .alen = 12, - .input = "\x49\x6e\x74\x65\x72\x6e\x65\x74" - "\x2d\x44\x72\x61\x66\x74\x73\x20" - "\x61\x72\x65\x20\x64\x72\x61\x66" - "\x74\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x76\x61\x6c\x69" - "\x64\x20\x66\x6f\x72\x20\x61\x20" - "\x6d\x61\x78\x69\x6d\x75\x6d\x20" - "\x6f\x66\x20\x73\x69\x78\x20\x6d" - "\x6f\x6e\x74\x68\x73\x20\x61\x6e" - "\x64\x20\x6d\x61\x79\x20\x62\x65" - "\x20\x75\x70\x64\x61\x74\x65\x64" - "\x2c\x20\x72\x65\x70\x6c\x61\x63" - "\x65\x64\x2c\x20\x6f\x72\x20\x6f" - "\x62\x73\x6f\x6c\x65\x74\x65\x64" - "\x20\x62\x79\x20\x6f\x74\x68\x65" - "\x72\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x61\x74\x20\x61" - "\x6e\x79\x20\x74\x69\x6d\x65\x2e" - "\x20\x49\x74\x20\x69\x73\x20\x69" - "\x6e\x61\x70\x70\x72\x6f\x70\x72" - "\x69\x61\x74\x65\x20\x74\x6f\x20" - "\x75\x73\x65\x20\x49\x6e\x74\x65" - "\x72\x6e\x65\x74\x2d\x44\x72\x61" - "\x66\x74\x73\x20\x61\x73\x20\x72" - "\x65\x66\x65\x72\x65\x6e\x63\x65" - "\x20\x6d\x61\x74\x65\x72\x69\x61" - "\x6c\x20\x6f\x72\x20\x74\x6f\x20" - "\x63\x69\x74\x65\x20\x74\x68\x65" - "\x6d\x20\x6f\x74\x68\x65\x72\x20" - "\x74\x68\x61\x6e\x20\x61\x73\x20" - "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b" - "\x20\x69\x6e\x20\x70\x72\x6f\x67" - "\x72\x65\x73\x73\x2e\x2f\xe2\x80" - "\x9d", - .ilen = 265, - .result = "\x64\xa0\x86\x15\x75\x86\x1a\xf4" - "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd" - "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89" - "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2" - "\x4c\x6c\xfc\x18\x75\x5d\x43\xee" - "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0" - "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00" - "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf" - "\x33\x2f\x83\x0e\x71\x0b\x97\xce" - "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81" - "\x14\xad\x17\x6e\x00\x8d\x33\xbd" - "\x60\xf9\x82\xb1\xff\x37\xc8\x55" - "\x97\x97\xa0\x6e\xf4\xf0\xef\x61" - "\xc1\x86\x32\x4e\x2b\x35\x06\x38" - "\x36\x06\x90\x7b\x6a\x7c\x02\xb0" - "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4" - "\xb9\x16\x6c\x76\x7b\x80\x4d\x46" - "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9" - "\x90\x40\xc5\xa4\x04\x33\x22\x5e" - "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e" - "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15" - "\x5b\x00\x47\x71\x8c\xbc\x54\x6a" - "\x0d\x07\x2b\x04\xb3\x56\x4e\xea" - "\x1b\x42\x22\x73\xf5\x48\x27\x1a" - "\x0b\xb2\x31\x60\x53\xfa\x76\x99" - "\x19\x55\xeb\xd6\x31\x59\x43\x4e" - "\xce\xbb\x4e\x46\x6d\xae\x5a\x10" - "\x73\xa6\x72\x76\x27\x09\x7a\x10" - "\x49\xe6\x17\xd9\x1d\x36\x10\x94" - "\xfa\x68\xf0\xff\x77\x98\x71\x30" - "\x30\x5b\xea\xba\x2e\xda\x04\xdf" - "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29" - "\xa6\xad\x5c\xb4\x02\x2b\x02\x70" - "\x9b\xee\xad\x9d\x67\x89\x0c\xbb" - "\x22\x39\x23\x36\xfe\xa1\x85\x1f" - "\x38", - .rlen = 281, - }, -}; - -static const struct aead_testvec rfc7539_dec_tv_template[] = { - { - .key = "\x80\x81\x82\x83\x84\x85\x86\x87" - "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" - "\x90\x91\x92\x93\x94\x95\x96\x97" - "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f", - .klen = 32, - .iv = "\x07\x00\x00\x00\x40\x41\x42\x43" - "\x44\x45\x46\x47", - .assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3" - "\xc4\xc5\xc6\xc7", - .alen = 12, - .input = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb" - "\x7b\x86\xaf\xbc\x53\xef\x7e\xc2" - "\xa4\xad\xed\x51\x29\x6e\x08\xfe" - "\xa9\xe2\xb5\xa7\x36\xee\x62\xd6" - "\x3d\xbe\xa4\x5e\x8c\xa9\x67\x12" - "\x82\xfa\xfb\x69\xda\x92\x72\x8b" - "\x1a\x71\xde\x0a\x9e\x06\x0b\x29" - "\x05\xd6\xa5\xb6\x7e\xcd\x3b\x36" - "\x92\xdd\xbd\x7f\x2d\x77\x8b\x8c" - "\x98\x03\xae\xe3\x28\x09\x1b\x58" - "\xfa\xb3\x24\xe4\xfa\xd6\x75\x94" - "\x55\x85\x80\x8b\x48\x31\xd7\xbc" - "\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d" - "\xe5\x76\xd2\x65\x86\xce\xc6\x4b" - "\x61\x16\x1a\xe1\x0b\x59\x4f\x09" - "\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60" - "\x06\x91", - .ilen = 130, - .result = "\x4c\x61\x64\x69\x65\x73\x20\x61" - "\x6e\x64\x20\x47\x65\x6e\x74\x6c" - "\x65\x6d\x65\x6e\x20\x6f\x66\x20" - "\x74\x68\x65\x20\x63\x6c\x61\x73" - "\x73\x20\x6f\x66\x20\x27\x39\x39" - "\x3a\x20\x49\x66\x20\x49\x20\x63" - "\x6f\x75\x6c\x64\x20\x6f\x66\x66" - "\x65\x72\x20\x79\x6f\x75\x20\x6f" - "\x6e\x6c\x79\x20\x6f\x6e\x65\x20" - "\x74\x69\x70\x20\x66\x6f\x72\x20" - "\x74\x68\x65\x20\x66\x75\x74\x75" - "\x72\x65\x2c\x20\x73\x75\x6e\x73" - "\x63\x72\x65\x65\x6e\x20\x77\x6f" - "\x75\x6c\x64\x20\x62\x65\x20\x69" - "\x74\x2e", - .rlen = 114, - }, { - .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" - "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" - "\x47\x39\x17\xc1\x40\x2b\x80\x09" - "\x9d\xca\x5c\xbc\x20\x70\x75\xc0", - .klen = 32, - .iv = "\x00\x00\x00\x00\x01\x02\x03\x04" - "\x05\x06\x07\x08", - .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00" - "\x00\x00\x4e\x91", - .alen = 12, - .input = "\x64\xa0\x86\x15\x75\x86\x1a\xf4" - "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd" - "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89" - "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2" - "\x4c\x6c\xfc\x18\x75\x5d\x43\xee" - "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0" - "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00" - "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf" - "\x33\x2f\x83\x0e\x71\x0b\x97\xce" - "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81" - "\x14\xad\x17\x6e\x00\x8d\x33\xbd" - "\x60\xf9\x82\xb1\xff\x37\xc8\x55" - "\x97\x97\xa0\x6e\xf4\xf0\xef\x61" - "\xc1\x86\x32\x4e\x2b\x35\x06\x38" - "\x36\x06\x90\x7b\x6a\x7c\x02\xb0" - "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4" - "\xb9\x16\x6c\x76\x7b\x80\x4d\x46" - "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9" - "\x90\x40\xc5\xa4\x04\x33\x22\x5e" - "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e" - "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15" - "\x5b\x00\x47\x71\x8c\xbc\x54\x6a" - "\x0d\x07\x2b\x04\xb3\x56\x4e\xea" - "\x1b\x42\x22\x73\xf5\x48\x27\x1a" - "\x0b\xb2\x31\x60\x53\xfa\x76\x99" - "\x19\x55\xeb\xd6\x31\x59\x43\x4e" - "\xce\xbb\x4e\x46\x6d\xae\x5a\x10" - "\x73\xa6\x72\x76\x27\x09\x7a\x10" - "\x49\xe6\x17\xd9\x1d\x36\x10\x94" - "\xfa\x68\xf0\xff\x77\x98\x71\x30" - "\x30\x5b\xea\xba\x2e\xda\x04\xdf" - "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29" - "\xa6\xad\x5c\xb4\x02\x2b\x02\x70" - "\x9b\xee\xad\x9d\x67\x89\x0c\xbb" - "\x22\x39\x23\x36\xfe\xa1\x85\x1f" - "\x38", - .ilen = 281, - .result = "\x49\x6e\x74\x65\x72\x6e\x65\x74" - "\x2d\x44\x72\x61\x66\x74\x73\x20" - "\x61\x72\x65\x20\x64\x72\x61\x66" - "\x74\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x76\x61\x6c\x69" - "\x64\x20\x66\x6f\x72\x20\x61\x20" - "\x6d\x61\x78\x69\x6d\x75\x6d\x20" - "\x6f\x66\x20\x73\x69\x78\x20\x6d" - "\x6f\x6e\x74\x68\x73\x20\x61\x6e" - "\x64\x20\x6d\x61\x79\x20\x62\x65" - "\x20\x75\x70\x64\x61\x74\x65\x64" - "\x2c\x20\x72\x65\x70\x6c\x61\x63" - "\x65\x64\x2c\x20\x6f\x72\x20\x6f" - "\x62\x73\x6f\x6c\x65\x74\x65\x64" - "\x20\x62\x79\x20\x6f\x74\x68\x65" - "\x72\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x61\x74\x20\x61" - "\x6e\x79\x20\x74\x69\x6d\x65\x2e" - "\x20\x49\x74\x20\x69\x73\x20\x69" - "\x6e\x61\x70\x70\x72\x6f\x70\x72" - "\x69\x61\x74\x65\x20\x74\x6f\x20" - "\x75\x73\x65\x20\x49\x6e\x74\x65" - "\x72\x6e\x65\x74\x2d\x44\x72\x61" - "\x66\x74\x73\x20\x61\x73\x20\x72" - "\x65\x66\x65\x72\x65\x6e\x63\x65" - "\x20\x6d\x61\x74\x65\x72\x69\x61" - "\x6c\x20\x6f\x72\x20\x74\x6f\x20" - "\x63\x69\x74\x65\x20\x74\x68\x65" - "\x6d\x20\x6f\x74\x68\x65\x72\x20" - "\x74\x68\x61\x6e\x20\x61\x73\x20" - "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b" - "\x20\x69\x6e\x20\x70\x72\x6f\x67" - "\x72\x65\x73\x73\x2e\x2f\xe2\x80" - "\x9d", - .rlen = 265, - }, -}; - -/* - * draft-irtf-cfrg-chacha20-poly1305 - */ -static const struct aead_testvec rfc7539esp_enc_tv_template[] = { - { - .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" - "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" - "\x47\x39\x17\xc1\x40\x2b\x80\x09" - "\x9d\xca\x5c\xbc\x20\x70\x75\xc0" - "\x00\x00\x00\x00", - .klen = 36, - .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", - .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00" - "\x00\x00\x4e\x91\x01\x02\x03\x04" - "\x05\x06\x07\x08", - .alen = 20, - .input = "\x49\x6e\x74\x65\x72\x6e\x65\x74" - "\x2d\x44\x72\x61\x66\x74\x73\x20" - "\x61\x72\x65\x20\x64\x72\x61\x66" - "\x74\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x76\x61\x6c\x69" - "\x64\x20\x66\x6f\x72\x20\x61\x20" - "\x6d\x61\x78\x69\x6d\x75\x6d\x20" - "\x6f\x66\x20\x73\x69\x78\x20\x6d" - "\x6f\x6e\x74\x68\x73\x20\x61\x6e" - "\x64\x20\x6d\x61\x79\x20\x62\x65" - "\x20\x75\x70\x64\x61\x74\x65\x64" - "\x2c\x20\x72\x65\x70\x6c\x61\x63" - "\x65\x64\x2c\x20\x6f\x72\x20\x6f" - "\x62\x73\x6f\x6c\x65\x74\x65\x64" - "\x20\x62\x79\x20\x6f\x74\x68\x65" - "\x72\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x61\x74\x20\x61" - "\x6e\x79\x20\x74\x69\x6d\x65\x2e" - "\x20\x49\x74\x20\x69\x73\x20\x69" - "\x6e\x61\x70\x70\x72\x6f\x70\x72" - "\x69\x61\x74\x65\x20\x74\x6f\x20" - "\x75\x73\x65\x20\x49\x6e\x74\x65" - "\x72\x6e\x65\x74\x2d\x44\x72\x61" - "\x66\x74\x73\x20\x61\x73\x20\x72" - "\x65\x66\x65\x72\x65\x6e\x63\x65" - "\x20\x6d\x61\x74\x65\x72\x69\x61" - "\x6c\x20\x6f\x72\x20\x74\x6f\x20" - "\x63\x69\x74\x65\x20\x74\x68\x65" - "\x6d\x20\x6f\x74\x68\x65\x72\x20" - "\x74\x68\x61\x6e\x20\x61\x73\x20" - "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b" - "\x20\x69\x6e\x20\x70\x72\x6f\x67" - "\x72\x65\x73\x73\x2e\x2f\xe2\x80" - "\x9d", - .ilen = 265, - .result = "\x64\xa0\x86\x15\x75\x86\x1a\xf4" - "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd" - "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89" - "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2" - "\x4c\x6c\xfc\x18\x75\x5d\x43\xee" - "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0" - "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00" - "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf" - "\x33\x2f\x83\x0e\x71\x0b\x97\xce" - "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81" - "\x14\xad\x17\x6e\x00\x8d\x33\xbd" - "\x60\xf9\x82\xb1\xff\x37\xc8\x55" - "\x97\x97\xa0\x6e\xf4\xf0\xef\x61" - "\xc1\x86\x32\x4e\x2b\x35\x06\x38" - "\x36\x06\x90\x7b\x6a\x7c\x02\xb0" - "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4" - "\xb9\x16\x6c\x76\x7b\x80\x4d\x46" - "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9" - "\x90\x40\xc5\xa4\x04\x33\x22\x5e" - "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e" - "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15" - "\x5b\x00\x47\x71\x8c\xbc\x54\x6a" - "\x0d\x07\x2b\x04\xb3\x56\x4e\xea" - "\x1b\x42\x22\x73\xf5\x48\x27\x1a" - "\x0b\xb2\x31\x60\x53\xfa\x76\x99" - "\x19\x55\xeb\xd6\x31\x59\x43\x4e" - "\xce\xbb\x4e\x46\x6d\xae\x5a\x10" - "\x73\xa6\x72\x76\x27\x09\x7a\x10" - "\x49\xe6\x17\xd9\x1d\x36\x10\x94" - "\xfa\x68\xf0\xff\x77\x98\x71\x30" - "\x30\x5b\xea\xba\x2e\xda\x04\xdf" - "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29" - "\xa6\xad\x5c\xb4\x02\x2b\x02\x70" - "\x9b\xee\xad\x9d\x67\x89\x0c\xbb" - "\x22\x39\x23\x36\xfe\xa1\x85\x1f" - "\x38", - .rlen = 281, - }, -}; - -static const struct aead_testvec rfc7539esp_dec_tv_template[] = { - { - .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" - "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" - "\x47\x39\x17\xc1\x40\x2b\x80\x09" - "\x9d\xca\x5c\xbc\x20\x70\x75\xc0" - "\x00\x00\x00\x00", - .klen = 36, - .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", - .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00" - "\x00\x00\x4e\x91\x01\x02\x03\x04" - "\x05\x06\x07\x08", - .alen = 20, - .input = "\x64\xa0\x86\x15\x75\x86\x1a\xf4" - "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd" - "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89" - "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2" - "\x4c\x6c\xfc\x18\x75\x5d\x43\xee" - "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0" - "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00" - "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf" - "\x33\x2f\x83\x0e\x71\x0b\x97\xce" - "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81" - "\x14\xad\x17\x6e\x00\x8d\x33\xbd" - "\x60\xf9\x82\xb1\xff\x37\xc8\x55" - "\x97\x97\xa0\x6e\xf4\xf0\xef\x61" - "\xc1\x86\x32\x4e\x2b\x35\x06\x38" - "\x36\x06\x90\x7b\x6a\x7c\x02\xb0" - "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4" - "\xb9\x16\x6c\x76\x7b\x80\x4d\x46" - "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9" - "\x90\x40\xc5\xa4\x04\x33\x22\x5e" - "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e" - "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15" - "\x5b\x00\x47\x71\x8c\xbc\x54\x6a" - "\x0d\x07\x2b\x04\xb3\x56\x4e\xea" - "\x1b\x42\x22\x73\xf5\x48\x27\x1a" - "\x0b\xb2\x31\x60\x53\xfa\x76\x99" - "\x19\x55\xeb\xd6\x31\x59\x43\x4e" - "\xce\xbb\x4e\x46\x6d\xae\x5a\x10" - "\x73\xa6\x72\x76\x27\x09\x7a\x10" - "\x49\xe6\x17\xd9\x1d\x36\x10\x94" - "\xfa\x68\xf0\xff\x77\x98\x71\x30" - "\x30\x5b\xea\xba\x2e\xda\x04\xdf" - "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29" - "\xa6\xad\x5c\xb4\x02\x2b\x02\x70" - "\x9b\xee\xad\x9d\x67\x89\x0c\xbb" - "\x22\x39\x23\x36\xfe\xa1\x85\x1f" - "\x38", - .ilen = 281, - .result = "\x49\x6e\x74\x65\x72\x6e\x65\x74" - "\x2d\x44\x72\x61\x66\x74\x73\x20" - "\x61\x72\x65\x20\x64\x72\x61\x66" - "\x74\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x76\x61\x6c\x69" - "\x64\x20\x66\x6f\x72\x20\x61\x20" - "\x6d\x61\x78\x69\x6d\x75\x6d\x20" - "\x6f\x66\x20\x73\x69\x78\x20\x6d" - "\x6f\x6e\x74\x68\x73\x20\x61\x6e" - "\x64\x20\x6d\x61\x79\x20\x62\x65" - "\x20\x75\x70\x64\x61\x74\x65\x64" - "\x2c\x20\x72\x65\x70\x6c\x61\x63" - "\x65\x64\x2c\x20\x6f\x72\x20\x6f" - "\x62\x73\x6f\x6c\x65\x74\x65\x64" - "\x20\x62\x79\x20\x6f\x74\x68\x65" - "\x72\x20\x64\x6f\x63\x75\x6d\x65" - "\x6e\x74\x73\x20\x61\x74\x20\x61" - "\x6e\x79\x20\x74\x69\x6d\x65\x2e" - "\x20\x49\x74\x20\x69\x73\x20\x69" - "\x6e\x61\x70\x70\x72\x6f\x70\x72" - "\x69\x61\x74\x65\x20\x74\x6f\x20" - "\x75\x73\x65\x20\x49\x6e\x74\x65" - "\x72\x6e\x65\x74\x2d\x44\x72\x61" - "\x66\x74\x73\x20\x61\x73\x20\x72" - "\x65\x66\x65\x72\x65\x6e\x63\x65" - "\x20\x6d\x61\x74\x65\x72\x69\x61" - "\x6c\x20\x6f\x72\x20\x74\x6f\x20" - "\x63\x69\x74\x65\x20\x74\x68\x65" - "\x6d\x20\x6f\x74\x68\x65\x72\x20" - "\x74\x68\x61\x6e\x20\x61\x73\x20" - "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b" - "\x20\x69\x6e\x20\x70\x72\x6f\x67" - "\x72\x65\x73\x73\x2e\x2f\xe2\x80" - "\x9d", - .rlen = 265, - }, -}; - -static const struct aead_testvec aegis128_enc_tv_template[] = { - { - .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81", - .klen = 16, - .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" - "\x40\x6d\x59\x48\xfc\x92\x61\x03", - .assoc = "", - .alen = 0, - .input = "", - .ilen = 0, - .result = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d" - "\xda\xb8\x12\x34\x4c\x53\xd9\x72", - .rlen = 16, - }, { - .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", - .klen = 16, - .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" - "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", - .assoc = "", - .alen = 0, - .input = "\x79", - .ilen = 1, - .result = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3" - "\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a" - "\xcc", - .rlen = 17, - }, { - .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e", - .klen = 16, - .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" - "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", - .assoc = "", - .alen = 0, - .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47", - .ilen = 15, - .result = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7" - "\xca\xdd\x6f\xac\x85\x08\xb5\x35" - "\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b" - "\x7a\x21\x16\xb3\xe6\x67\x66", - .rlen = 31, - }, { - .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94", - .klen = 16, - .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" - "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", - .assoc = "", - .alen = 0, - .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" - "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .ilen = 16, - .result = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d" - "\x38\xfd\x3a\xd2\xc2\x58\xa9\x11" - "\x1e\xa8\x30\x9c\x16\xa4\xdb\x65" - "\x51\x10\x16\x27\x70\x9b\x64\x29", - .rlen = 32, - }, { - .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", - .klen = 16, - .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" - "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", - .assoc = "", - .alen = 0, - .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" - "\xd3", - .ilen = 17, - .result = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5" - "\x1f\xf0\x89\x2e\x13\xad\xe6\xf6" - "\x46\x80\xb1\x0e\x18\x30\x40\x97" - "\x03\xdf\x64\x3c\xbe\x93\x9e\xc9" - "\x3b", - .rlen = 33, - }, { - .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", - .klen = 16, - .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" - "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", - .assoc = "", - .alen = 0, - .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" - "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" - "\x88\x11\x39\x12\x1c\x3a\xbb", - .ilen = 31, - .result = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c" - "\xe2\x04\x3e\xe4\x85\x14\xb6\x3f" - "\xb1\x8f\x4c\xdb\x41\xa2\x14\x99" - "\xf5\x53\x0f\x73\x86\x7e\x97\xa1" - "\x4b\x56\x5b\x94\xce\xcd\x74\xcd" - "\x75\xc4\x53\x01\x89\x45\x59", - .rlen = 47, - }, { - .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", - .klen = 16, - .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" - "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", - .assoc = "", - .alen = 0, - .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" - "\x28\x50\x51\x9d\x24\x60\x8d\xb3" - "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", - .ilen = 32, - .result = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47" - "\x95\xf4\x58\x38\x14\x83\x27\x01" - "\x4c\xed\x32\x2c\xf7\xd6\x31\xf7" - "\x38\x1b\x2c\xc9\xb6\x31\xce\xaa" - "\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf" - "\x51\x52\x77\xf2\x5e\x85\x80\x41", - .rlen = 48, - }, { - .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .klen = 16, - .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" - "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", - .assoc = "\xd5", - .alen = 1, - .input = "", - .ilen = 0, - .result = "\xfb\xd4\x83\x71\x9e\x63\xad\x60" - "\xb9\xf9\xeb\x34\x52\x49\xcf\xb7", - .rlen = 16, - }, { - .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .klen = 16, - .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", - .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" - "\x68\x75\x16\xf8\xcb\x7e\xa7", - .alen = 15, - .input = "", - .ilen = 0, - .result = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71" - "\x7d\x3a\x84\xc4\x44\x57\x77\x7e", - .rlen = 16, - }, { - .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .klen = 16, - .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" - "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", - .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" - "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", - .alen = 16, - .input = "", - .ilen = 0, - .result = "\xc7\x87\x09\x3b\xc7\x19\x74\x22" - "\x22\xa5\x67\x10\xb2\x36\xb3\x45", - .rlen = 16, - }, { - .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .klen = 16, - .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", - .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" - "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" - "\x07", - .alen = 17, - .input = "", - .ilen = 0, - .result = "\x02\xc6\x3b\x46\x65\xb2\xef\x91" - "\x31\xf0\x45\x48\x8a\x2a\xed\xe4", - .rlen = 16, - }, { - .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .klen = 16, - .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47", - .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" - "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" - "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" - "\xe0\x17\x3a\x2e\x83\x5c\x8f", - .alen = 31, - .input = "", - .ilen = 0, - .result = "\x20\x85\xa8\xd0\x91\x48\x85\xf3" - "\x5a\x16\xc0\x57\x68\x47\xdd\xcb", - .rlen = 16, - }, { - .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .klen = 16, - .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", - .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" - "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" - "\x5c\x2d\x14\x96\x01\x78\xb9\x47" - "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", - .alen = 32, - .input = "", - .ilen = 0, - .result = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79" - "\xc1\x96\xbd\x31\x6e\x69\x1b\x50", - .rlen = 16, - }, { - .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .klen = 16, - .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" - "\xcc\x81\x63\xab\xae\x6b\x43\x54", - .assoc = "\x40", - .alen = 1, - .input = "\x4f", - .ilen = 1, - .result = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83" - "\x70\x45\xe3\x2a\x9d\x5c\x63\x98" - "\x39", - .rlen = 17, - }, { - .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .klen = 16, - .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", - .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37", - .alen = 15, - .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67", - .ilen = 15, - .result = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a" - "\xca\x0e\x62\x00\xa8\x21\xb5\x21" - "\x3d\x36\xdb\xf7\xcc\x31\x94\x9c" - "\x98\xbd\x71\x7a\xef\xa4\xfa", - .rlen = 31, - }, { - .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .klen = 16, - .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" - "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", - .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .alen = 16, - .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" - "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .ilen = 16, - .result = "\xea\xd1\x81\x75\xb4\x13\x1d\x86" - "\xd4\x17\x26\xe5\xd6\x89\x39\x04" - "\xa9\x6c\xca\xac\x40\x73\xb2\x4c" - "\x9c\xb9\x0e\x79\x4c\x40\x65\xc6", - .rlen = 32, - }, { - .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .klen = 16, - .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", - .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05", - .alen = 17, - .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" - "\xd0", - .ilen = 17, - .result = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c" - "\x38\x2d\x69\x90\x1c\x71\x38\x98" - "\x9f\xe1\x19\x3b\x63\x91\xaf\x6e" - "\x4b\x07\x2c\xac\x53\xc5\xd5\xfe" - "\x93", - .rlen = 33, - }, { - .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .klen = 16, - .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", - .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" - "\xf0\x20\x58\x15\x95\xc6\x7f\xee" - "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a", - .alen = 31, - .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70" - "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" - "\x98\x34\xab\x37\x56\xae\x32", - .ilen = 31, - .result = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb" - "\x94\xd3\x93\xf2\x41\x86\x16\xdd" - "\x4c\xe8\xe7\xe0\x62\x48\x89\x40" - "\xc0\x49\x9b\x63\x32\xec\x8b\xdb" - "\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04" - "\xcb\xe5\x47\xbb\xa7\xd1\x9d", - .rlen = 47, - }, { - .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .klen = 16, - .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73", - .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .alen = 32, - .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76" - "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" - "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", - .ilen = 32, - .result = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33" - "\x13\xdf\xc0\x46\xf6\x61\x94\xa7" - "\x60\xd3\xd4\xca\xd9\xbe\x82\xf3" - "\xf1\x5b\xa0\xfa\x15\xba\xda\xea" - "\x87\x68\x47\x08\x5d\xdd\x83\xb0" - "\x60\xf4\x93\x20\xdf\x34\x8f\xea", - .rlen = 48, - }, { - .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .klen = 16, - .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", - .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d", - .alen = 33, - .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" - "\x4f\x2e\xe8\x55\x66\x80\x27\x00" - "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" - "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" - "\x0a\x34\x97\xff\x47\x37\xb0\x2a" - "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" - "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" - "\xbd", - .ilen = 65, - .result = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d" - "\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7" - "\x2c\x47\xef\x9d\xb7\x53\x36\xb7" - "\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7" - "\x83\x88\xc2\xbd\x2f\xf9\x10\xc0" - "\xf5\xa1\x6e\xd3\x97\x64\x82\xa3" - "\xfb\xda\x2c\xb1\x94\xa1\x58\x32" - "\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1" - "\x61\xe6\xae\x07\xf2\xe0\xa7\x44" - "\x96\x28\x3b\xee\x6b\xc6\x16\x31" - "\x3f", - .rlen = 81, - }, { - .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .klen = 16, - .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f", - .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .alen = 65, - .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" - "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" - "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" - "\x2f", - .ilen = 33, - .result = "\x8f\x23\x47\xfb\xf2\xac\x23\x83" - "\x77\x09\xac\x74\xef\xd2\x56\xae" - "\x20\x7b\x7b\xca\x45\x8e\xc8\xc2" - "\x50\xbd\xc7\x44\x1c\x54\x98\xd8" - "\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3" - "\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e" - "\x39", - .rlen = 49, - }, { - .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .klen = 16, - .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" - "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", - .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .alen = 16, - .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" - "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .ilen = 16, - .result = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56" - "\xf1\xf5\xe1\x51\x55\x4b\x0a\x45" - "\x46\xb5\x8d\xac\xb6\x34\xd8\x8b" - "\xde\x20\x59\x77\xc1\x74\x90", - .rlen = 31, - }, { - .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .klen = 16, - .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" - "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", - .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .alen = 16, - .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" - "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .ilen = 16, - .result = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec" - "\xe2\x94\xa1\x8b\xa0\x2b\x60\x72" - "\x1d\x04\xdd\x6a\xef\x46\x8f\x68" - "\xe9\xe0\x17\x45\x70\x12", - .rlen = 30, - }, { - .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", - .klen = 16, - .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" - "\xd5\x07\x58\x59\x72\xd7\xde\x92", - .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .alen = 16, - .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .ilen = 16, - .result = "\x47\xda\x54\x42\x51\x72\xc4\x8b" - "\xf5\x57\x0f\x2f\x49\x0e\x11\x3b" - "\x78\x93\xec\xfc\xf4\xff\xe1\x2d", - .rlen = 24, - }, -}; - -/* - * AEGIS-128 test vectors - generated via reference implementation from - * SUPERCOP (https://bench.cr.yp.to/supercop.html): - * - * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz - * (see crypto_aead/aegis128/) - */ -static const struct aead_testvec aegis128_dec_tv_template[] = { - { - .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81", - .klen = 16, - .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" - "\x40\x6d\x59\x48\xfc\x92\x61\x03", - .assoc = "", - .alen = 0, - .input = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d" - "\xda\xb8\x12\x34\x4c\x53\xd9\x72", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", - .klen = 16, - .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" - "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", - .assoc = "", - .alen = 0, - .input = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3" - "\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a" - "\xcc", - .ilen = 17, - .result = "\x79", - .rlen = 1, - }, { - .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e", - .klen = 16, - .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" - "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", - .assoc = "", - .alen = 0, - .input = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7" - "\xca\xdd\x6f\xac\x85\x08\xb5\x35" - "\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b" - "\x7a\x21\x16\xb3\xe6\x67\x66", - .ilen = 31, - .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47", - .rlen = 15, - }, { - .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94", - .klen = 16, - .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" - "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", - .assoc = "", - .alen = 0, - .input = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d" - "\x38\xfd\x3a\xd2\xc2\x58\xa9\x11" - "\x1e\xa8\x30\x9c\x16\xa4\xdb\x65" - "\x51\x10\x16\x27\x70\x9b\x64\x29", - .ilen = 32, - .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" - "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .rlen = 16, - }, { - .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", - .klen = 16, - .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" - "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", - .assoc = "", - .alen = 0, - .input = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5" - "\x1f\xf0\x89\x2e\x13\xad\xe6\xf6" - "\x46\x80\xb1\x0e\x18\x30\x40\x97" - "\x03\xdf\x64\x3c\xbe\x93\x9e\xc9" - "\x3b", - .ilen = 33, - .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" - "\xd3", - .rlen = 17, - }, { - .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", - .klen = 16, - .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" - "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", - .assoc = "", - .alen = 0, - .input = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c" - "\xe2\x04\x3e\xe4\x85\x14\xb6\x3f" - "\xb1\x8f\x4c\xdb\x41\xa2\x14\x99" - "\xf5\x53\x0f\x73\x86\x7e\x97\xa1" - "\x4b\x56\x5b\x94\xce\xcd\x74\xcd" - "\x75\xc4\x53\x01\x89\x45\x59", - .ilen = 47, - .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" - "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" - "\x88\x11\x39\x12\x1c\x3a\xbb", - .rlen = 31, - }, { - .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", - .klen = 16, - .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" - "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", - .assoc = "", - .alen = 0, - .input = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47" - "\x95\xf4\x58\x38\x14\x83\x27\x01" - "\x4c\xed\x32\x2c\xf7\xd6\x31\xf7" - "\x38\x1b\x2c\xc9\xb6\x31\xce\xaa" - "\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf" - "\x51\x52\x77\xf2\x5e\x85\x80\x41", - .ilen = 48, - .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" - "\x28\x50\x51\x9d\x24\x60\x8d\xb3" - "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", - .rlen = 32, - }, { - .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .klen = 16, - .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" - "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", - .assoc = "\xd5", - .alen = 1, - .input = "\xfb\xd4\x83\x71\x9e\x63\xad\x60" - "\xb9\xf9\xeb\x34\x52\x49\xcf\xb7", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .klen = 16, - .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", - .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" - "\x68\x75\x16\xf8\xcb\x7e\xa7", - .alen = 15, - .input = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71" - "\x7d\x3a\x84\xc4\x44\x57\x77\x7e", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .klen = 16, - .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" - "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", - .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" - "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", - .alen = 16, - .input = "\xc7\x87\x09\x3b\xc7\x19\x74\x22" - "\x22\xa5\x67\x10\xb2\x36\xb3\x45", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .klen = 16, - .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", - .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" - "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" - "\x07", - .alen = 17, - .input = "\x02\xc6\x3b\x46\x65\xb2\xef\x91" - "\x31\xf0\x45\x48\x8a\x2a\xed\xe4", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .klen = 16, - .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47", - .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" - "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" - "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" - "\xe0\x17\x3a\x2e\x83\x5c\x8f", - .alen = 31, - .input = "\x20\x85\xa8\xd0\x91\x48\x85\xf3" - "\x5a\x16\xc0\x57\x68\x47\xdd\xcb", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .klen = 16, - .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", - .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" - "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" - "\x5c\x2d\x14\x96\x01\x78\xb9\x47" - "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", - .alen = 32, - .input = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79" - "\xc1\x96\xbd\x31\x6e\x69\x1b\x50", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .klen = 16, - .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" - "\xcc\x81\x63\xab\xae\x6b\x43\x54", - .assoc = "\x40", - .alen = 1, - .input = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83" - "\x70\x45\xe3\x2a\x9d\x5c\x63\x98" - "\x39", - .ilen = 17, - .result = "\x4f", - .rlen = 1, - }, { - .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .klen = 16, - .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", - .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37", - .alen = 15, - .input = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a" - "\xca\x0e\x62\x00\xa8\x21\xb5\x21" - "\x3d\x36\xdb\xf7\xcc\x31\x94\x9c" - "\x98\xbd\x71\x7a\xef\xa4\xfa", - .ilen = 31, - .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67", - .rlen = 15, - }, { - .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .klen = 16, - .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" - "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", - .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .alen = 16, - .input = "\xea\xd1\x81\x75\xb4\x13\x1d\x86" - "\xd4\x17\x26\xe5\xd6\x89\x39\x04" - "\xa9\x6c\xca\xac\x40\x73\xb2\x4c" - "\x9c\xb9\x0e\x79\x4c\x40\x65\xc6", - .ilen = 32, - .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" - "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .rlen = 16, - }, { - .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .klen = 16, - .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", - .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05", - .alen = 17, - .input = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c" - "\x38\x2d\x69\x90\x1c\x71\x38\x98" - "\x9f\xe1\x19\x3b\x63\x91\xaf\x6e" - "\x4b\x07\x2c\xac\x53\xc5\xd5\xfe" - "\x93", - .ilen = 33, - .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" - "\xd0", - .rlen = 17, - }, { - .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .klen = 16, - .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", - .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" - "\xf0\x20\x58\x15\x95\xc6\x7f\xee" - "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a", - .alen = 31, - .input = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb" - "\x94\xd3\x93\xf2\x41\x86\x16\xdd" - "\x4c\xe8\xe7\xe0\x62\x48\x89\x40" - "\xc0\x49\x9b\x63\x32\xec\x8b\xdb" - "\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04" - "\xcb\xe5\x47\xbb\xa7\xd1\x9d", - .ilen = 47, - .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70" - "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" - "\x98\x34\xab\x37\x56\xae\x32", - .rlen = 31, - }, { - .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .klen = 16, - .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73", - .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .alen = 32, - .input = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33" - "\x13\xdf\xc0\x46\xf6\x61\x94\xa7" - "\x60\xd3\xd4\xca\xd9\xbe\x82\xf3" - "\xf1\x5b\xa0\xfa\x15\xba\xda\xea" - "\x87\x68\x47\x08\x5d\xdd\x83\xb0" - "\x60\xf4\x93\x20\xdf\x34\x8f\xea", - .ilen = 48, - .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76" - "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" - "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", - .rlen = 32, - }, { - .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .klen = 16, - .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", - .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d", - .alen = 33, - .input = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d" - "\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7" - "\x2c\x47\xef\x9d\xb7\x53\x36\xb7" - "\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7" - "\x83\x88\xc2\xbd\x2f\xf9\x10\xc0" - "\xf5\xa1\x6e\xd3\x97\x64\x82\xa3" - "\xfb\xda\x2c\xb1\x94\xa1\x58\x32" - "\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1" - "\x61\xe6\xae\x07\xf2\xe0\xa7\x44" - "\x96\x28\x3b\xee\x6b\xc6\x16\x31" - "\x3f", - .ilen = 81, - .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" - "\x4f\x2e\xe8\x55\x66\x80\x27\x00" - "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" - "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" - "\x0a\x34\x97\xff\x47\x37\xb0\x2a" - "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" - "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" - "\xbd", - .rlen = 65, - }, { - .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .klen = 16, - .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f", - .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .alen = 65, - .input = "\x8f\x23\x47\xfb\xf2\xac\x23\x83" - "\x77\x09\xac\x74\xef\xd2\x56\xae" - "\x20\x7b\x7b\xca\x45\x8e\xc8\xc2" - "\x50\xbd\xc7\x44\x1c\x54\x98\xd8" - "\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3" - "\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e" - "\x39", - .ilen = 49, - .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" - "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" - "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" - "\x2f", - .rlen = 33, - }, { - .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .klen = 16, - .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" - "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", - .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .alen = 16, - .input = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56" - "\xf1\xf5\xe1\x51\x55\x4b\x0a\x45" - "\x46\xb5\x8d\xac\xb6\x34\xd8\x8b" - "\xde\x20\x59\x77\xc1\x74\x90", - .ilen = 31, - .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" - "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .rlen = 16, - }, { - .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .klen = 16, - .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" - "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", - .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .alen = 16, - .input = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec" - "\xe2\x94\xa1\x8b\xa0\x2b\x60\x72" - "\x1d\x04\xdd\x6a\xef\x46\x8f\x68" - "\xe9\xe0\x17\x45\x70\x12", - .ilen = 30, - .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" - "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .rlen = 16, - }, { - .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", - .klen = 16, - .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" - "\xd5\x07\x58\x59\x72\xd7\xde\x92", - .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .alen = 16, - .input = "\x47\xda\x54\x42\x51\x72\xc4\x8b" - "\xf5\x57\x0f\x2f\x49\x0e\x11\x3b" - "\x78\x93\xec\xfc\xf4\xff\xe1\x2d", - .ilen = 24, - .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .rlen = 16, - }, -}; - -/* - * AEGIS-128L test vectors - generated via reference implementation from - * SUPERCOP (https://bench.cr.yp.to/supercop.html): - * - * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz - * (see crypto_aead/aegis128l/) - */ -static const struct aead_testvec aegis128l_enc_tv_template[] = { - { - .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81", - .klen = 16, - .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" - "\x40\x6d\x59\x48\xfc\x92\x61\x03", - .assoc = "", - .alen = 0, - .input = "", - .ilen = 0, - .result = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6" - "\x20\x72\x78\xdd\x93\xc8\x57\xef", - .rlen = 16, - }, { - .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", - .klen = 16, - .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" - "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", - .assoc = "", - .alen = 0, - .input = "\x79", - .ilen = 1, - .result = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb" - "\x40\xb3\x71\xc5\x22\x58\x31\x77" - "\x6d", - .rlen = 17, - }, { - .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e", - .klen = 16, - .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" - "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", - .assoc = "", - .alen = 0, - .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47", - .ilen = 15, - .result = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03" - "\x2b\xee\x62\x99\x7b\x98\x13\x1f" - "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe" - "\xe1\xa8\x04\x7f\xe1\x71\xbe", - .rlen = 31, - }, { - .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94", - .klen = 16, - .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" - "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", - .assoc = "", - .alen = 0, - .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" - "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .ilen = 16, - .result = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c" - "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e" - "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb" - "\xde\x54\x9b\xf5\x92\x8b\x93\xc5", - .rlen = 32, - }, { - .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", - .klen = 16, - .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" - "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", - .assoc = "", - .alen = 0, - .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" - "\xd3", - .ilen = 17, - .result = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b" - "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2" - "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9" - "\x82\x64\xc7\x72\x00\x30\xfc\xf0" - "\xf8", - .rlen = 33, - }, { - .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", - .klen = 16, - .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" - "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", - .assoc = "", - .alen = 0, - .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" - "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" - "\x88\x11\x39\x12\x1c\x3a\xbb", - .ilen = 31, - .result = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5" - "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1" - "\x45\x10\x96\xe0\xbf\x55\x0f\x4c" - "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9" - "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc" - "\x59\x28\x88\x3c\x79\x10\x6b", - .rlen = 47, - }, { - .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", - .klen = 16, - .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" - "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", - .assoc = "", - .alen = 0, - .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" - "\x28\x50\x51\x9d\x24\x60\x8d\xb3" - "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", - .ilen = 32, - .result = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d" - "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40" - "\xde\x11\x59\x3e\xfd\x74\xf6\x42" - "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6" - "\x06\xa3\x94\xda\x3d\x7f\x55\x0a" - "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc", - .rlen = 48, - }, { - .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .klen = 16, - .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" - "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", - .assoc = "\xd5", - .alen = 1, - .input = "", - .ilen = 0, - .result = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8" - "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f", - .rlen = 16, - }, { - .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .klen = 16, - .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", - .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" - "\x68\x75\x16\xf8\xcb\x7e\xa7", - .alen = 15, - .input = "", - .ilen = 0, - .result = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c" - "\x84\xfb\x26\xfb\xd5\xca\x62\x39", - .rlen = 16, - }, { - .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .klen = 16, - .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" - "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", - .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" - "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", - .alen = 16, - .input = "", - .ilen = 0, - .result = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1" - "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a", - .rlen = 16, - }, { - .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .klen = 16, - .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", - .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" - "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" - "\x07", - .alen = 17, - .input = "", - .ilen = 0, - .result = "\x33\xb1\x42\x97\x8e\x16\x7b\x63" - "\x06\xba\x5b\xcb\xae\x6d\x8b\x56", - .rlen = 16, - }, { - .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .klen = 16, - .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47", - .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" - "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" - "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" - "\xe0\x17\x3a\x2e\x83\x5c\x8f", - .alen = 31, - .input = "", - .ilen = 0, - .result = "\xda\x44\x08\x8c\x2a\xa5\x07\x35" - "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f", - .rlen = 16, - }, { - .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .klen = 16, - .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", - .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" - "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" - "\x5c\x2d\x14\x96\x01\x78\xb9\x47" - "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", - .alen = 32, - .input = "", - .ilen = 0, - .result = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88" - "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0", - .rlen = 16, - }, { - .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .klen = 16, - .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" - "\xcc\x81\x63\xab\xae\x6b\x43\x54", - .assoc = "\x40", - .alen = 1, - .input = "\x4f", - .ilen = 1, - .result = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9" - "\xa0\x98\x09\x85\xbe\x56\x8e\x79" - "\xf4", - .rlen = 17, - }, { - .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .klen = 16, - .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", - .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37", - .alen = 15, - .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67", - .ilen = 15, - .result = "\x99\x2e\x84\x50\x64\x5c\xab\x29" - "\x20\xba\xb9\x2f\x62\x3a\xce\x2a" - "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc" - "\x20\x63\x0b\x49\x7e\x97\x08", - .rlen = 31, - }, { - .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .klen = 16, - .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" - "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", - .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .alen = 16, - .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" - "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .ilen = 16, - .result = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee" - "\x78\x08\x12\xec\x09\xaf\x53\x14" - "\x90\x3e\x3d\x76\xad\x71\x21\x08" - "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb", - .rlen = 32, - }, { - .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .klen = 16, - .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", - .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05", - .alen = 17, - .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" - "\xd0", - .ilen = 17, - .result = "\xf3\xe7\x95\x86\xcf\x34\x95\x96" - "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a" - "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c" - "\x05\xd3\xb4\x2e\x4a\x74\x59\x49" - "\x7d", - .rlen = 33, - }, { - .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .klen = 16, - .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", - .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" - "\xf0\x20\x58\x15\x95\xc6\x7f\xee" - "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a", - .alen = 31, - .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70" - "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" - "\x98\x34\xab\x37\x56\xae\x32", - .ilen = 31, - .result = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24" - "\x0d\x19\x15\x61\x65\x3b\x06\x26" - "\x71\xe8\x7e\x16\xdb\x96\x01\x01" - "\x52\xcd\x49\x5b\x07\x33\x4e\xe7" - "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5" - "\xed\x90\xce\xb9\xcd\xcc\xa1", - .rlen = 47, - }, { - .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .klen = 16, - .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73", - .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .alen = 32, - .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76" - "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" - "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", - .ilen = 32, - .result = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1" - "\xbc\x0f\x35\x97\x97\x0c\x4b\x18" - "\xce\x58\xc8\x3b\xd4\x85\x93\x79" - "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c" - "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56" - "\x64\x4e\x47\xce\xb2\xb4\x92\xb4", - .rlen = 48, - }, { - .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .klen = 16, - .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", - .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d", - .alen = 33, - .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" - "\x4f\x2e\xe8\x55\x66\x80\x27\x00" - "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" - "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" - "\x0a\x34\x97\xff\x47\x37\xb0\x2a" - "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" - "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" - "\xbd", - .ilen = 65, - .result = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8" - "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f" - "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63" - "\x42\x8e\x99\x5a\x9c\x0b\x84\x77" - "\xbc\x46\x76\x48\x82\xc7\x57\x96" - "\xe1\x65\xd1\xed\x1d\xdd\x80\x24" - "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e" - "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a" - "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d" - "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35" - "\x01", - .rlen = 81, - }, { - .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .klen = 16, - .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f", - .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .alen = 65, - .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" - "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" - "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" - "\x2f", - .ilen = 33, - .result = "\x4c\xa9\xac\x71\xed\x10\xa6\x24" - "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb" - "\x05\xc9\xd6\x97\xb6\x10\x7f\x17" - "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99" - "\xf2\x62\x25\x28\x01\x23\x6f\x8b" - "\x04\x52\xbc\xb0\x3e\x66\x52\x90" - "\x9f", - .rlen = 49, - }, { - .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .klen = 16, - .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" - "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", - .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .alen = 16, - .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" - "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .ilen = 16, - .result = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5" - "\x96\xe6\x97\xe4\x10\xeb\x40\x95" - "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec" - "\x05\xa8\x31\x50\x11\x19\x44", - .rlen = 31, - }, { - .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .klen = 16, - .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" - "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", - .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .alen = 16, - .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" - "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .ilen = 16, - .result = "\x30\x95\x7d\xea\xdc\x62\xc0\x88" - "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7" - "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb" - "\x21\x93\x2e\x31\x84\x83", - .rlen = 30, - }, { - .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", - .klen = 16, - .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" - "\xd5\x07\x58\x59\x72\xd7\xde\x92", - .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .alen = 16, - .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .ilen = 16, - .result = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16" - "\x63\x0d\x43\xd5\x49\xca\xa8\x85" - "\x49\xc0\xae\x13\xbc\x26\x1d\x4b", - .rlen = 24, - }, -}; - -static const struct aead_testvec aegis128l_dec_tv_template[] = { - { - .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81", - .klen = 16, - .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" - "\x40\x6d\x59\x48\xfc\x92\x61\x03", - .assoc = "", - .alen = 0, - .input = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6" - "\x20\x72\x78\xdd\x93\xc8\x57\xef", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", - .klen = 16, - .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" - "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", - .assoc = "", - .alen = 0, - .input = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb" - "\x40\xb3\x71\xc5\x22\x58\x31\x77" - "\x6d", - .ilen = 17, - .result = "\x79", - .rlen = 1, - }, { - .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e", - .klen = 16, - .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" - "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", - .assoc = "", - .alen = 0, - .input = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03" - "\x2b\xee\x62\x99\x7b\x98\x13\x1f" - "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe" - "\xe1\xa8\x04\x7f\xe1\x71\xbe", - .ilen = 31, - .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47", - .rlen = 15, - }, { - .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94", - .klen = 16, - .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" - "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", - .assoc = "", - .alen = 0, - .input = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c" - "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e" - "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb" - "\xde\x54\x9b\xf5\x92\x8b\x93\xc5", - .ilen = 32, - .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" - "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .rlen = 16, - }, { - .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", - .klen = 16, - .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" - "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", - .assoc = "", - .alen = 0, - .input = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b" - "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2" - "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9" - "\x82\x64\xc7\x72\x00\x30\xfc\xf0" - "\xf8", - .ilen = 33, - .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" - "\xd3", - .rlen = 17, - }, { - .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", - .klen = 16, - .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" - "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", - .assoc = "", - .alen = 0, - .input = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5" - "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1" - "\x45\x10\x96\xe0\xbf\x55\x0f\x4c" - "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9" - "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc" - "\x59\x28\x88\x3c\x79\x10\x6b", - .ilen = 47, - .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" - "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" - "\x88\x11\x39\x12\x1c\x3a\xbb", - .rlen = 31, - }, { - .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", - .klen = 16, - .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" - "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", - .assoc = "", - .alen = 0, - .input = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d" - "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40" - "\xde\x11\x59\x3e\xfd\x74\xf6\x42" - "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6" - "\x06\xa3\x94\xda\x3d\x7f\x55\x0a" - "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc", - .ilen = 48, - .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" - "\x28\x50\x51\x9d\x24\x60\x8d\xb3" - "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", - .rlen = 32, - }, { - .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .klen = 16, - .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" - "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", - .assoc = "\xd5", - .alen = 1, - .input = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8" - "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .klen = 16, - .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", - .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" - "\x68\x75\x16\xf8\xcb\x7e\xa7", - .alen = 15, - .input = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c" - "\x84\xfb\x26\xfb\xd5\xca\x62\x39", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .klen = 16, - .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" - "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", - .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" - "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", - .alen = 16, - .input = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1" - "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .klen = 16, - .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", - .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" - "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" - "\x07", - .alen = 17, - .input = "\x33\xb1\x42\x97\x8e\x16\x7b\x63" - "\x06\xba\x5b\xcb\xae\x6d\x8b\x56", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .klen = 16, - .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47", - .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" - "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" - "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" - "\xe0\x17\x3a\x2e\x83\x5c\x8f", - .alen = 31, - .input = "\xda\x44\x08\x8c\x2a\xa5\x07\x35" - "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .klen = 16, - .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", - .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" - "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" - "\x5c\x2d\x14\x96\x01\x78\xb9\x47" - "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", - .alen = 32, - .input = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88" - "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0", - .ilen = 16, - .result = "", - .rlen = 0, - }, { - .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .klen = 16, - .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" - "\xcc\x81\x63\xab\xae\x6b\x43\x54", - .assoc = "\x40", - .alen = 1, - .input = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9" - "\xa0\x98\x09\x85\xbe\x56\x8e\x79" - "\xf4", - .ilen = 17, - .result = "\x4f", - .rlen = 1, - }, { - .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .klen = 16, - .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", - .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37", - .alen = 15, - .input = "\x99\x2e\x84\x50\x64\x5c\xab\x29" - "\x20\xba\xb9\x2f\x62\x3a\xce\x2a" - "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc" - "\x20\x63\x0b\x49\x7e\x97\x08", - .ilen = 31, - .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67", - .rlen = 15, - }, { - .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .klen = 16, - .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" - "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", - .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .alen = 16, - .input = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee" - "\x78\x08\x12\xec\x09\xaf\x53\x14" - "\x90\x3e\x3d\x76\xad\x71\x21\x08" - "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb", - .ilen = 32, - .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" - "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .rlen = 16, - }, { - .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .klen = 16, - .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", - .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05", - .alen = 17, - .input = "\xf3\xe7\x95\x86\xcf\x34\x95\x96" - "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a" - "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c" - "\x05\xd3\xb4\x2e\x4a\x74\x59\x49" - "\x7d", - .ilen = 33, - .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" - "\xd0", - .rlen = 17, - }, { - .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .klen = 16, - .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", - .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" - "\xf0\x20\x58\x15\x95\xc6\x7f\xee" - "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a", - .alen = 31, - .input = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24" - "\x0d\x19\x15\x61\x65\x3b\x06\x26" - "\x71\xe8\x7e\x16\xdb\x96\x01\x01" - "\x52\xcd\x49\x5b\x07\x33\x4e\xe7" - "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5" - "\xed\x90\xce\xb9\xcd\xcc\xa1", - .ilen = 47, - .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70" - "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" - "\x98\x34\xab\x37\x56\xae\x32", - .rlen = 31, - }, { - .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .klen = 16, - .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73", - .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .alen = 32, - .input = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1" - "\xbc\x0f\x35\x97\x97\x0c\x4b\x18" - "\xce\x58\xc8\x3b\xd4\x85\x93\x79" - "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c" - "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56" - "\x64\x4e\x47\xce\xb2\xb4\x92\xb4", - .ilen = 48, - .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76" - "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" - "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", - .rlen = 32, - }, { - .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .klen = 16, - .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", - .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d", - .alen = 33, - .input = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8" - "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f" - "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63" - "\x42\x8e\x99\x5a\x9c\x0b\x84\x77" - "\xbc\x46\x76\x48\x82\xc7\x57\x96" - "\xe1\x65\xd1\xed\x1d\xdd\x80\x24" - "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e" - "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a" - "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d" - "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35" - "\x01", - .ilen = 81, - .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" - "\x4f\x2e\xe8\x55\x66\x80\x27\x00" - "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" - "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" - "\x0a\x34\x97\xff\x47\x37\xb0\x2a" - "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" - "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" - "\xbd", - .rlen = 65, - }, { - .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .klen = 16, - .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f", - .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .alen = 65, - .input = "\x4c\xa9\xac\x71\xed\x10\xa6\x24" - "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb" - "\x05\xc9\xd6\x97\xb6\x10\x7f\x17" - "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99" - "\xf2\x62\x25\x28\x01\x23\x6f\x8b" - "\x04\x52\xbc\xb0\x3e\x66\x52\x90" - "\x9f", - .ilen = 49, - .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" - "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" - "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" - "\x2f", - .rlen = 33, - }, { - .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .klen = 16, - .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" - "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", - .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .alen = 16, - .input = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5" - "\x96\xe6\x97\xe4\x10\xeb\x40\x95" - "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec" - "\x05\xa8\x31\x50\x11\x19\x44", - .ilen = 31, - .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" - "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .rlen = 16, - }, { - .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .klen = 16, - .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" - "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", - .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .alen = 16, - .input = "\x30\x95\x7d\xea\xdc\x62\xc0\x88" - "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7" - "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb" - "\x21\x93\x2e\x31\x84\x83", - .ilen = 30, - .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" - "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .rlen = 16, - }, { - .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", .klen = 16, - .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" - "\xd5\x07\x58\x59\x72\xd7\xde\x92", - .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .alen = 16, - .input = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16" - "\x63\x0d\x43\xd5\x49\xca\xa8\x85" - "\x49\xc0\xae\x13\xbc\x26\x1d\x4b", - .ilen = 24, - .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .rlen = 16, - }, -}; - -/* - * AEGIS-256 test vectors - generated via reference implementation from - * SUPERCOP (https://bench.cr.yp.to/supercop.html): - * - * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz - * (see crypto_aead/aegis256/) - */ -static const struct aead_testvec aegis256_enc_tv_template[] = { - { - .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81" - "\xca\xb0\x82\x21\x41\xa8\xe0\x06" - "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5", - .klen = 32, - .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" - "\x40\x6d\x59\x48\xfc\x92\x61\x03" - "\x95\x61\x05\x42\x82\x50\xc0\x0c" - "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b", - .assoc = "", - .alen = 0, - .input = "", - .ilen = 0, - .result = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa" - "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2", - .rlen = 16, - }, { - .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87" - "\xf4\x72\x8e\xa5\x46\x48\x62\x20" - "\xf1\x38\x16\xce\x90\x76\x87\x8c", - .klen = 32, - .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" - "\xc1\x47\x0b\xda\xf6\xb6\x23\x09" - "\xbf\x23\x11\xc6\x87\xf0\x42\x26" - "\x22\x44\x4e\xc4\x47\x8e\x6e\x41", - .assoc = "", - .alen = 0, - .input = "\x79", - .ilen = 1, - .result = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16" - "\x9e\x89\xd9\x06\xa6\xa8\x14\x29" - "\x8b", - .rlen = 17, - }, { - .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e" - "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39" - "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62", - .klen = 32, - .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" - "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f" - "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40" - "\xe3\x71\x2d\x9c\x21\xed\x0e\x18", - .assoc = "", - .alen = 0, - .input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47", - .ilen = 15, - .result = "\x09\x94\x1f\xa6\x13\xc3\x74\x75" - "\x17\xad\x8a\x0e\xd8\x66\x9a\x28" - "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a" - "\x9f\x3b\xd7\xdd\x66\xd1\x2b", - .rlen = 31, - }, { - .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94" - "\x49\xf7\xa5\xad\x50\x88\x66\x53" - "\x74\x94\xd4\x7f\x44\x34\xc5\x39", - .klen = 32, - .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" - "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15" - "\x14\xa8\x28\xce\x92\x30\x46\x59" - "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee", - .assoc = "", - .alen = 0, - .input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" - "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .ilen = 16, - .result = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f" - "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70" - "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1" - "\x29\x17\xc8\x3b\x52\xa4\x98\x72", - .rlen = 32, - }, { - .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a" - "\x74\xb9\xb1\x32\x55\x28\xe8\x6d" - "\x35\xc1\xb3\x57\x1f\x93\x64\x0f", - .klen = 32, - .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" - "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c" - "\x3e\x6a\x34\x53\x97\xd0\xc8\x73" - "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5", - .assoc = "", - .alen = 0, - .input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" - "\xd3", - .ilen = 17, - .result = "\x71\x6b\x37\x0b\x02\x61\x28\x12" - "\x83\xab\x66\x90\x84\xc7\xd1\xc5" - "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2" - "\xc0\x00\x39\x13\xb5\x51\x68\x44" - "\xad", - .rlen = 33, - }, { - .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0" - "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86" - "\xf7\xef\x91\x30\xf9\xf2\x04\xe6", - .klen = 32, - .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" - "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22" - "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d" - "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c", - .assoc = "", - .alen = 0, - .input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" - "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" - "\x88\x11\x39\x12\x1c\x3a\xbb", - .ilen = 31, - .result = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f" - "\x06\x3b\x52\x18\x49\x75\x1b\xf0" - "\x53\x09\x72\x7b\x45\x79\xe0\xbe" - "\x89\x85\x23\x15\xb8\x79\x07\x4c" - "\x53\x7a\x15\x37\x0a\xee\xb7\xfb" - "\xc4\x1f\x12\x27\xcf\x77\x90", - .rlen = 47, - }, { - .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6" - "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0" - "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd", - .klen = 32, - .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" - "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28" - "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6" - "\xe8\x28\xa8\xfe\x89\x69\x8b\x72", - .assoc = "", - .alen = 0, - .input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" - "\x28\x50\x51\x9d\x24\x60\x8d\xb3" - "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", - .ilen = 32, - .result = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4" - "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7" - "\xeb\x0f\x05\x2b\xba\xb3\xca\xef" - "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5" - "\xbf\x7a\x3e\xcc\x31\x76\x09\x80" - "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3", - .rlen = 48, - }, { - .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad" - "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9" - "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93", - .klen = 32, - .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" - "\xc6\x64\x37\x42\xd2\x90\xb3\x2e" - "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0" - "\xaa\x55\x87\xd6\x63\xc8\x2a\x49", - .assoc = "\xd5", - .alen = 1, - .input = "", - .ilen = 0, - .result = "\x96\x43\x30\xca\x6c\x4f\xd7\x12" - "\xba\xd9\xb3\x18\x86\xdf\xc3\x52", - .rlen = 16, - }, { - .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3" - "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3" - "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a", - .klen = 32, - .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" - "\xe8\x73\x62\x64\xab\x50\xd0\xda" - "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f", - .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" - "\x68\x75\x16\xf8\xcb\x7e\xa7", - .alen = 15, - .input = "", - .ilen = 0, - .result = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83" - "\x11\x9f\xb0\x74\xee\xc7\x03\xdd", - .rlen = 16, - }, { - .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9" - "\x47\x85\xeb\xc7\x6f\x48\x72\xed" - "\xfc\xa5\x0d\x91\x61\x6e\x81\x40", - .klen = 32, - .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" - "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" - "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" - "\x2d\xb0\x45\x87\x18\x86\x68\xf6", - .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" - "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", - .alen = 16, - .input = "", - .ilen = 0, - .result = "\x16\x44\x73\x33\x5d\xf2\xb9\x04" - "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1", - .rlen = 16, - }, { - .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf" - "\x72\x47\xf6\x4b\x74\xe8\xf4\x06" - "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17", - .klen = 32, - .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" - "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" - "\xee\xde\x23\x60\xf2\xe5\x08\xcc", - .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" - "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" - "\x07", - .alen = 17, - .input = "", - .ilen = 0, - .result = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45" - "\x98\x54\x8c\xed\x3d\x17\xf0\xdd", - .rlen = 16, - }, { - .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6" - "\x9c\x0a\x02\xd0\x79\x88\x76\x20" - "\x7f\x00\xca\x42\x15\x2c\xbf\xed", - .klen = 32, - .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47" - "\x67\xba\x85\xf1\xbb\x30\x56\x26" - "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3", - .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" - "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" - "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" - "\xe0\x17\x3a\x2e\x83\x5c\x8f", - .alen = 31, - .input = "", - .ilen = 0, - .result = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0" - "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc", - .rlen = 16, - }, { - .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc" - "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a" - "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4", - .klen = 32, - .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" - "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" - "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", - .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" - "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" - "\x5c\x2d\x14\x96\x01\x78\xb9\x47" - "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", - .alen = 32, - .input = "", - .ilen = 0, - .result = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1" - "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0", - .rlen = 16, + .iv = "\x01\x00\x00\x00\x0b\x0a\x09\x08" + "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", + .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07", + .alen = 8, + .ptext = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x10\x11\x12\x13\x14\x15\x16\x17" + "\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20", + .plen = 25, + .ctext = "\x82\x53\x1a\x60\xcc\x24\x94\x5a" + "\x4b\x82\x79\x18\x1a\xb5\xc8\x4d" + "\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1" + "\x97\xea\x9c\x07\xe5\x6b\x5e\xb1" + "\x7e\x5f\x4e", + .clen = 35, }, { - .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2" - "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53" - "\x02\x5b\x88\xf3\xca\xea\xfe\x9b", - .klen = 32, - .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" - "\xcc\x81\x63\xab\xae\x6b\x43\x54" - "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a" - "\x32\x67\xc0\xe9\x80\x02\xe5\x50", - .assoc = "\x40", - .alen = 1, - .input = "\x4f", - .ilen = 1, - .result = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b" - "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83" - "\xc7", - .rlen = 17, + .key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7" + "\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf", + .klen = 16, + .iv = "\x01\x00\x00\x00\x0c\x0b\x0a\x09" + "\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00", + .assoc = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b", + .alen = 12, + .ptext = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13" + "\x14\x15\x16\x17\x18\x19\x1a\x1b" + "\x1c\x1d\x1e", + .plen = 19, + .ctext = "\x07\x34\x25\x94\x15\x77\x85\x15" + "\x2b\x07\x40\x98\x33\x0a\xbb\x14" + "\x1b\x94\x7b\x56\x6a\xa9\x40\x6b" + "\x4d\x99\x99\x88\xdd", + .clen = 29, }, { - .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8" - "\x1b\x50\x25\x5d\x89\x68\xfc\x6d" - "\xc3\x89\x67\xcb\xa4\x49\x9d\x71", - .klen = 32, - .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" - "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" - "\xf4\x94\x9f\xc1\x5a\x61\x85\x27", - .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37", - .alen = 15, - .input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67", - .ilen = 15, - .result = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba" - "\x7e\x98\x83\x02\x34\x23\xf7\x94" - "\xde\x35\xe6\x1d\x14\x18\xe5\x38" - "\x14\x80\x6a\xa7\x1b\xae\x1d", - .rlen = 31, + .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" + "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", + .klen = 16, + .iv = "\x01\x00\x33\x56\x8e\xf7\xb2\x63" + "\x3c\x96\x96\x76\x6c\xfa\x00\x00", + .assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb", + .alen = 8, + .ptext = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a" + "\xfa\x00\x39\xba\x4b\xaf\xf9\xbf" + "\xb7\x9c\x70\x28\x94\x9c\xd0\xec", + .plen = 24, + .ctext = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa" + "\xa0\x72\x6c\x55\xd3\x78\x06\x12" + "\x98\xc8\x5c\x92\x81\x4a\xbc\x33" + "\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a", + .clen = 32, }, { - .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf" - "\x46\x13\x31\xe1\x8e\x08\x7e\x87" - "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48", - .klen = 32, - .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" - "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" - "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" - "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", - .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .alen = 16, - .input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" - "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .ilen = 16, - .result = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01" - "\xbe\x28\x98\x10\x6f\xe9\x61\x32" - "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9" - "\x46\x2d\x55\xe3\x42\x67\xf2\xaf", - .rlen = 32, + .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" + "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", + .klen = 16, + .iv = "\x01\x00\xd5\x60\x91\x2d\x3f\x70" + "\x3c\x96\x96\x76\x6c\xfa\x00\x00", + .assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81" + "\x20\xea\x60\xc0", + .alen = 12, + .ptext = "\x64\x35\xac\xba\xfb\x11\xa8\x2e" + "\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9" + "\x3a\x80\x3b\xa8\x7f", + .plen = 21, + .ctext = "\x00\x97\x69\xec\xab\xdf\x48\x62" + "\x55\x94\xc5\x92\x51\xe6\x03\x57" + "\x22\x67\x5e\x04\xc8\x47\x09\x9e" + "\x5a\xe0\x70\x45\x51", + .clen = 29, }, { - .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5" - "\x70\xd5\x3c\x65\x93\xa8\x00\xa0" - "\x46\xe4\x25\x7c\x58\x08\xdb\x1e", - .klen = 32, - .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" - "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" - "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4", - .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05", - .alen = 17, - .input = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" - "\xd0", - .ilen = 17, - .result = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8" - "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e" - "\x87\x9d\x26\xdf\xff\x81\x11\xd2" - "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b" - "\x55", - .rlen = 33, + .key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3" + "\x25\xa7\x62\x36\xdf\x93\xcc\x6b", + .klen = 16, + .iv = "\x01\x00\x42\xff\xf8\xf1\x95\x1c" + "\x3c\x96\x96\x76\x6c\xfa\x00\x00", + .assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8", + .alen = 8, + .ptext = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01" + "\x8e\x5e\x67\x01\xc9\x17\x87\x65" + "\x98\x09\xd6\x7d\xbe\xdd\x18", + .plen = 23, + .ctext = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6" + "\xdb\x38\x6a\x99\xac\x1a\xef\x23" + "\xad\xe0\xb5\x29\x39\xcb\x6a\x63" + "\x7c\xf9\xbe\xc2\x40\x88\x97\xc6" + "\xba", + .clen = 33, }, { - .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb" - "\x9a\x97\x48\xe9\x98\x48\x82\xba" - "\x07\x11\x04\x54\x32\x67\x7b\xf5", - .klen = 32, - .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" - "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" - "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa", - .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" - "\xf0\x20\x58\x15\x95\xc6\x7f\xee" - "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a", - .alen = 31, - .input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70" - "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" - "\x98\x34\xab\x37\x56\xae\x32", - .ilen = 31, - .result = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5" - "\x69\x7f\x7a\xdd\x8c\x46\xda\xba" - "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2" - "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66" - "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b" - "\xdf\xb8\xea\xd8\xa9\x38\xed", - .rlen = 47, + /* This is taken from FIPS CAVS. */ + .key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05" + "\x2e\x01\xd1\xfc\x5d\x82\x66\x2e", + .klen = 16, + .iv = "\x03\x96\xac\x59\x30\x07\xa1\xe2\xa2\xc7\x55\x24\0\0\0\0", + .alen = 0, + .ptext = "\x19\xc8\x81\xf6\xe9\x86\xff\x93" + "\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e" + "\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c" + "\x35\x2e\xad\xe0\x62\xf9\x91\xa1", + .plen = 32, + .ctext = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8" + "\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1" + "\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a" + "\x57\x2b\xbe\x5d\x98\xa6\xb1\x32" + "\xda\x24\xea\xd9\xa1\x39\x98\xfd" + "\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8", + .clen = 48, }, { - .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1" - "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4" - "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb", - .klen = 32, - .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73" - "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" - "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", - .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0" + "\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3", + .klen = 16, + .iv = "\x03\x4f\xa3\x19\xd3\x01\x5a\xd8" + "\x30\x60\x15\x56\x00\x00\x00\x00", + .assoc = "\xda\xe6\x28\x9c\x45\x2d\xfd\x63" + "\x5e\xda\x4c\xb6\xe6\xfc\xf9\xb7" + "\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1" + "\x0a\x63\x09\x78\xbc\x2c\x55\xde", .alen = 32, - .input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76" - "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" - "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", - .ilen = 32, - .result = "\xd3\x68\x14\x70\x3c\x01\x43\x86" - "\x02\xab\xbe\x75\xaa\xe7\xf5\x53" - "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61" - "\x8f\x69\x05\x75\x8e\xca\x60\x0c" - "\x5b\xa2\x48\x61\x32\x74\x11\x2b" - "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a", - .rlen = 48, + .ptext = "\x87\xa3\x36\xfd\x96\xb3\x93\x78" + "\xa9\x28\x63\xba\x12\xa3\x14\x85" + "\x57\x1e\x06\xc9\x7b\x21\xef\x76" + "\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e", + .plen = 32, + .ctext = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19" + "\xfc\x70\xc4\x6d\x8e\xb7\x99\xab" + "\xc5\x4b\xa2\xac\xd3\xf3\x48\xff" + "\x3b\xb5\xce\x53\xef\xde\xbb\x02" + "\xa9\x86\x15\x6c\x13\xfe\xda\x0a" + "\x22\xb8\x29\x3d\xd8\x39\x9a\x23", + .clen = 48, }, { - .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7" - "\xef\x1c\x5f\xf2\xa3\x88\x86\xed" - "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2", - .klen = 32, - .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" - "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" - "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58", - .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d", - .alen = 33, - .input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" - "\x4f\x2e\xe8\x55\x66\x80\x27\x00" - "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" - "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" - "\x0a\x34\x97\xff\x47\x37\xb0\x2a" - "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" - "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" - "\xbd", - .ilen = 65, - .result = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2" - "\x15\x3a\x6c\x72\x83\x9b\xb1\x75" - "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4" - "\x1a\x93\x33\x79\x97\x82\x81\xc0" - "\x96\xc2\x00\xab\x39\xae\xa1\x62" - "\x53\xa3\x86\xc9\x07\x8c\xaf\x22" - "\x47\x31\x29\xca\x4a\x95\xf5\xd5" - "\x20\x63\x5a\x54\x80\x2c\x4a\x63" - "\xfb\x18\x73\x31\x4f\x08\x21\x5d" - "\x20\xe9\xc3\x7e\xea\x25\x77\x3a" - "\x65", - .rlen = 81, + .key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1" + "\xa3\xf0\xff\xdd\x4e\x4b\x12\x75" + "\x53\x14\x73\x66\x8d\x88\xf6\x80", + .klen = 24, + .iv = "\x03\xa0\x20\x35\x26\xf2\x21\x8d" + "\x50\x20\xda\xe2\x00\x00\x00\x00", + .assoc = "\x5b\x9e\x13\x67\x02\x5e\xef\xc1" + "\x6c\xf9\xd7\x1e\x52\x8f\x7a\x47" + "\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d" + "\xd8\x9e\x2b\x56\x10\x23\x56\xe7", + .alen = 32, + .ctext = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc" + "\xad\x0c\x7a\x63\xf6\x61\xfd\x9b", + .clen = 16, + }, { + .key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42" + "\xef\x7a\xd3\xce\xfc\x84\x60\x62" + "\xca\xb4\x40\xaf\x5f\xc9\xc9\x01", + .klen = 24, + .iv = "\x03\xd6\x3c\x8c\x86\x84\xb6\xcd" + "\xef\x09\x2e\x94\x00\x00\x00\x00", + .assoc = "\x02\x65\x78\x3c\xe9\x21\x30\x91" + "\xb1\xb9\xda\x76\x9a\x78\x6d\x95" + "\xf2\x88\x32\xa3\xf2\x50\xcb\x4c" + "\xe3\x00\x73\x69\x84\x69\x87\x79", + .alen = 32, + .ptext = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c" + "\x43\x69\x3a\x2d\x8e\x70\xad\x7e" + "\xe0\xe5\x46\x09\x80\x89\x13\xb2" + "\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b", + .plen = 32, + .ctext = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62" + "\x5d\x51\xc2\x16\xd8\xbd\x06\x9f" + "\x9b\x6a\x09\x70\xc1\x51\x83\xc2" + "\x66\x88\x1d\x4f\x9a\xda\xe0\x1e" + "\xc7\x79\x11\x58\xe5\x6b\x20\x40" + "\x7a\xea\x46\x42\x8b\xe4\x6f\xe1", + .clen = 48, }, { - .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe" - "\x19\xde\x6b\x76\xa8\x28\x08\x07" - "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79", + .key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a" + "\xbd\x01\x99\xd5\x8a\xdf\x71\x3a" + "\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e" + "\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b", .klen = 32, - .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f" - "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" - "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e", - .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .alen = 65, - .input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" - "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" - "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" - "\x2f", - .ilen = 33, - .result = "\x33\xc1\xda\xfa\x15\x21\x07\x8e" - "\x93\x68\xea\x64\x7b\x3d\x4b\x6b" - "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2" - "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81" - "\x26\x3a\x5a\x09\xe8\xce\x73\x72" - "\xde\x7b\x58\x9e\x85\xb9\xa4\x28" - "\xda", - .rlen = 49, + .iv = "\x03\x1e\x29\x91\xad\x8e\xc1\x53" + "\x0a\xcf\x2d\xbe\x00\x00\x00\x00", + .assoc = "\x19\xb6\x1f\x57\xc4\xf3\xf0\x8b" + "\x78\x2b\x94\x02\x29\x0f\x42\x27" + "\x6b\x75\xcb\x98\x34\x08\x7e\x79" + "\xe4\x3e\x49\x0d\x84\x8b\x22\x87", + .alen = 32, + .ptext = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f" + "\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66" + "\xbf\x17\x99\x62\x4a\x39\x27\x1f" + "\x1d\xdc\x24\xae\x19\x2f\x98\x4c", + .plen = 32, + .ctext = "\x19\xb8\x61\x33\x45\x2b\x43\x96" + "\x6f\x51\xd0\x20\x30\x7d\x9b\xc6" + "\x26\x3d\xf8\xc9\x65\x16\xa8\x9f" + "\xf0\x62\x17\x34\xf2\x1e\x8d\x75" + "\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d", + .clen = 40, }, { - .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04" - "\x44\xa1\x76\xfb\xad\xc8\x8a\x21" - "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f", + .key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c" + "\x45\x41\xb8\xbd\x5c\xa7\xc2\x32" + "\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c" + "\x09\x75\x9a\x9b\x3c\x9b\x27\x39", .klen = 32, - .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" - "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" - "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" - "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", - .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .alen = 16, - .input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" - "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .ilen = 16, - .result = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02" - "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99" - "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b" - "\xc7\xff\xbd\xbc\x85\x09\x0b", - .rlen = 31, + .iv = "\x03\xf9\xd9\x4e\x63\xb5\x3d\x9d" + "\x43\xf6\x1e\x50\0\0\0\0", + .assoc = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b" + "\x13\x02\x01\x0c\x83\x4c\x96\x35" + "\x8e\xd6\x39\xcf\x7d\x14\x9b\x94" + "\xb0\x39\x36\xe6\x8f\x57\xe0\x13", + .alen = 32, + .ptext = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6" + "\x83\x72\x07\x4f\xcf\xfa\x66\x89" + "\x5f\xca\xb1\xba\xd5\x8f\x2c\x27" + "\x30\xdb\x75\x09\x93\xd4\x65\xe4", + .plen = 32, + .ctext = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d" + "\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d" + "\xcc\x63\x44\x25\x07\x78\x4f\x9e" + "\x96\xb8\x88\xeb\xbc\x48\x1f\x06" + "\x39\xaf\x39\xac\xd8\x4a\x80\x39" + "\x7b\x72\x8a\xf7", + .clen = 44, }, { - .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a" - "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a" - "\xce\xf5\x5e\x8e\x75\x42\x97\x26", + .key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83" + "\x8c\x76\x95\xd4\xb6\xdc\xf3\x46" + "\xf9\x8f\xad\xe3\x02\x13\x83\x77" + "\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b", .klen = 32, - .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" - "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" - "\x39\x14\x05\xa0\xf3\x10\xec\x41" - "\xff\x01\x95\x84\x2b\x59\x7f\xdb", - .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .alen = 16, - .input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" - "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .ilen = 16, - .result = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e" - "\x6c\xd9\x84\x63\x70\x97\x61\x37" - "\x08\x2f\x16\x90\x9e\x62\x30\x0d" - "\x62\xd5\xc8\xf0\x46\x1a", - .rlen = 30, + .iv = "\x03\x24\xa7\x8b\x07\xcb\xcc\x0e" + "\xe6\x33\xbf\xf5\x00\x00\x00\x00", + .assoc = "\xd4\xdb\x30\x1d\x03\xfe\xfd\x5f" + "\x87\xd4\x8c\xb6\xb6\xf1\x7a\x5d" + "\xab\x90\x65\x8d\x8e\xca\x4d\x4f" + "\x16\x0c\x40\x90\x4b\xc7\x36\x73", + .alen = 32, + .ptext = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92" + "\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d" + "\x6c\xde\xbc\xf1\x90\xea\x6a\xb2" + "\x35\x86\x36\xaf\x5c\xfe\x4b\x3a", + .plen = 32, + .ctext = "\x83\x6f\x40\x87\x72\xcf\xc1\x13" + "\xef\xbb\x80\x21\x04\x6c\x58\x09" + "\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7" + "\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf" + "\x5c\xda\xb2\x33\xe5\x13\xe2\x0d" + "\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8", + .clen = 48, }, { - .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10" - "\x98\x25\x8d\x03\xb7\x08\x8e\x54" - "\x90\x23\x3d\x67\x4f\xa1\x36\xfc", - .klen = 32, - .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" - "\xd5\x07\x58\x59\x72\xd7\xde\x92" - "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" - "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", - .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .alen = 16, - .input = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .ilen = 16, - .result = "\xce\xf3\x17\x87\x49\xc2\x00\x46" - "\xc6\x12\x5c\x8f\x81\x38\xaa\x55" - "\xf8\x67\x75\xf1\x75\xe3\x2a\x24", - .rlen = 24, - }, -}; - -static const struct aead_testvec aegis256_dec_tv_template[] = { - { - .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81" - "\xca\xb0\x82\x21\x41\xa8\xe0\x06" - "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5", - .klen = 32, - .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" - "\x40\x6d\x59\x48\xfc\x92\x61\x03" - "\x95\x61\x05\x42\x82\x50\xc0\x0c" - "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b", - .assoc = "", + /* This is taken from FIPS CAVS. */ + .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" + "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", + .klen = 16, + .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" + "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", .alen = 0, - .input = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa" - "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "\x00", + .plen = 0, + .ctext = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b", + .clen = 8, + .novrfy = 1, }, { - .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87" - "\xf4\x72\x8e\xa5\x46\x48\x62\x20" - "\xf1\x38\x16\xce\x90\x76\x87\x8c", - .klen = 32, - .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" - "\xc1\x47\x0b\xda\xf6\xb6\x23\x09" - "\xbf\x23\x11\xc6\x87\xf0\x42\x26" - "\x22\x44\x4e\xc4\x47\x8e\x6e\x41", - .assoc = "", + .key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1" + "\xff\x80\x2e\x48\x7d\x82\xf8\xb9", + .klen = 16, + .iv = "\x03\xaf\x94\x87\x78\x35\x82\x81" + "\x7f\x88\x94\x68\x00\x00\x00\x00", .alen = 0, - .input = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16" - "\x9e\x89\xd9\x06\xa6\xa8\x14\x29" - "\x8b", - .ilen = 17, - .result = "\x79", - .rlen = 1, + .ptext = "\x00", + .plen = 0, + .ctext = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3", + .clen = 8, }, { - .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e" - "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39" - "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62", - .klen = 32, - .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" - "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f" - "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40" - "\xe3\x71\x2d\x9c\x21\xed\x0e\x18", - .assoc = "", - .alen = 0, - .input = "\x09\x94\x1f\xa6\x13\xc3\x74\x75" - "\x17\xad\x8a\x0e\xd8\x66\x9a\x28" - "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a" - "\x9f\x3b\xd7\xdd\x66\xd1\x2b", - .ilen = 31, - .result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47", - .rlen = 15, + .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" + "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", + .klen = 16, + .iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab" + "\xd8\xa6\xb2\xd8\x00\x00\x00\x00", + .assoc = "\xf3\x94\x87\x78\x35\x82\x81\x7f" + "\x88\x94\x68\xb1\x78\x6b\x2b\xd6" + "\x04\x1f\x4e\xed\x78\xd5\x33\x66" + "\xd8\x94\x99\x91\x81\x54\x62\x57", + .alen = 32, + .ptext = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb" + "\x33\xe4\x73\xce\xd2\xfb\x95\x79" + "\xe8\xb4\xb5\x77\x11\x10\x62\x6f" + "\x6a\x82\xd1\x13\xec\xf5\xd0\x48", + .plen = 32, + .ctext = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55" + "\xd0\xd1\x3d\x1a\xa3\x6d\xe4\x0a" + "\x86\xb0\x87\x6b\x62\x33\x8c\x34" + "\xce\xab\x57\xcc\x79\x0b\xe0\x6f" + "\x5c\x3e\x48\x1f\x6c\x46\xf7\x51" + "\x8b\x84\x83\x2a\xc1\x05\xb8\xc5", + .clen = 48, + .novrfy = 1, }, { - .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94" - "\x49\xf7\xa5\xad\x50\x88\x66\x53" - "\x74\x94\xd4\x7f\x44\x34\xc5\x39", - .klen = 32, - .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" - "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15" - "\x14\xa8\x28\xce\x92\x30\x46\x59" - "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee", - .assoc = "", - .alen = 0, - .input = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f" - "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70" - "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1" - "\x29\x17\xc8\x3b\x52\xa4\x98\x72", - .ilen = 32, - .result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" - "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .rlen = 16, + .key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38" + "\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8", + .klen = 16, + .iv = "\x03\x05\xe0\xc9\x0f\xed\x34\xea" + "\x97\xd4\x3b\xdf\x00\x00\x00\x00", + .assoc = "\x49\x5c\x50\x1f\x1d\x94\xcc\x81" + "\xba\xb7\xb6\x03\xaf\xa5\xc1\xa1" + "\xd8\x5c\x42\x68\xe0\x6c\xda\x89" + "\x05\xac\x56\xac\x1b\x2a\xd3\x86", + .alen = 32, + .ptext = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60" + "\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7" + "\xf2\xae\x61\x05\x8f\x82\x24\x3f" + "\x9c\x67\x91\xe1\x38\x4f\xe4\x0c", + .plen = 32, + .ctext = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c" + "\xad\x83\x52\x6d\x71\x03\x25\x1c" + "\xed\x81\x3a\x9a\x16\x7d\x19\x80" + "\x72\x04\x72\xd0\xf6\xff\x05\x0f" + "\xb7\x14\x30\x00\x32\x9e\xa0\xa6" + "\x9e\x5a\x18\xa1\xb8\xfe\xdb\xd3", + .clen = 48, + }, { + .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" + "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" + "\xa4\x48\x93\x39\x26\x71\x4a\xc6", + .klen = 24, + .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" + "\x57\xba\xfd\x9e\x00\x00\x00\x00", + .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" + "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" + "\xa4\xf0\x13\x05\xd1\x77\x99\x67" + "\x11\xc4\xc6\xdb\x00\x56\x36\x61", + .alen = 32, + .ptext = "\x00", + .plen = 0, + .ctext = "\x71\x99\xfa\xf4\x44\x12\x68\x9b", + .clen = 8, + }, { + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" + "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba", + .klen = 24, + .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" + "\x57\xba\xfd\x9e\x00\x00\x00\x00", + .assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1" + "\x58\x7c\xf2\x5c\x6d\x39\x0a\x64" + "\xa4\xf0\x13\x05\xd1\x77\x99\x67" + "\x11\xc4\xc6\xdb\x00\x56\x36\x61", + .alen = 32, + .ptext = "\x85\x34\x66\x42\xc8\x92\x0f\x36" + "\x58\xe0\x6b\x91\x3c\x98\x5c\xbb" + "\x0a\x85\xcc\x02\xad\x7a\x96\xe9" + "\x65\x43\xa4\xc3\x0f\xdc\x55\x81", + .plen = 32, + .ctext = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7" + "\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2" + "\x66\xca\x61\x1e\x96\x7a\x61\xb3" + "\x1c\x16\x45\x52\xba\x04\x9c\x9f" + "\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1", + .clen = 40, }, { - .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a" - "\x74\xb9\xb1\x32\x55\x28\xe8\x6d" - "\x35\xc1\xb3\x57\x1f\x93\x64\x0f", - .klen = 32, - .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" - "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c" - "\x3e\x6a\x34\x53\x97\xd0\xc8\x73" - "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5", - .assoc = "", - .alen = 0, - .input = "\x71\x6b\x37\x0b\x02\x61\x28\x12" - "\x83\xab\x66\x90\x84\xc7\xd1\xc5" - "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2" - "\xc0\x00\x39\x13\xb5\x51\x68\x44" - "\xad", - .ilen = 33, - .result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" - "\xd3", - .rlen = 17, + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" + "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba", + .klen = 24, + .iv = "\x03\xd1\xfc\x57\x9c\xfe\xb8\x9c" + "\xad\x71\xaa\x1f\x00\x00\x00\x00", + .assoc = "\x86\x67\xa5\xa9\x14\x5f\x0d\xc6" + "\xff\x14\xc7\x44\xbf\x6c\x3a\xc3" + "\xff\xb6\x81\xbd\xe2\xd5\x06\xc7" + "\x3c\xa1\x52\x13\x03\x8a\x23\x3a", + .alen = 32, + .ptext = "\x02\x87\x4d\x28\x80\x6e\xb2\xed" + "\x99\x2a\xa8\xca\x04\x25\x45\x90" + "\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c" + "\x49\xe9\x01\xfe\xa7\x80\x6d\x6b", + .plen = 32, + .ctext = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00" + "\xc6\x0e\x6e\xe5\xd6\x98\xa6\x37" + "\x8c\x26\x33\xc6\xb2\xa2\x17\xfa" + "\x64\x19\xc0\x30\xd7\xfc\x14\x6b" + "\xe3\x33\xc2\x04\xb0\x37\xbe\x3f" + "\xa9\xb4\x2d\x68\x03\xa3\x44\xef", + .clen = 48, + .novrfy = 1, }, { - .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0" - "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86" - "\xf7\xef\x91\x30\xf9\xf2\x04\xe6", + .key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01" + "\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c" + "\x20\x2c\xad\x30\xc2\x2b\x41\xfb" + "\x0e\x85\xbc\x33\xad\x0f\x2b\xff", .klen = 32, - .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" - "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22" - "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d" - "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c", - .assoc = "", + .iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9" + "\x57\xba\xfd\x9e\x00\x00\x00\x00", .alen = 0, - .input = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f" - "\x06\x3b\x52\x18\x49\x75\x1b\xf0" - "\x53\x09\x72\x7b\x45\x79\xe0\xbe" - "\x89\x85\x23\x15\xb8\x79\x07\x4c" - "\x53\x7a\x15\x37\x0a\xee\xb7\xfb" - "\xc4\x1f\x12\x27\xcf\x77\x90", - .ilen = 47, - .result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" - "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" - "\x88\x11\x39\x12\x1c\x3a\xbb", - .rlen = 31, + .ptext = "\x00", + .plen = 0, + .ctext = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2", + .clen = 8, }, { - .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6" - "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0" - "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd", + .key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73" + "\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3" + "\xa4\x48\x93\x39\x26\x71\x4a\xc6" + "\xae\x8f\x11\x4c\xc2\x9c\x4a\xbb", .klen = 32, - .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" - "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28" - "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6" - "\xe8\x28\xa8\xfe\x89\x69\x8b\x72", - .assoc = "", + .iv = "\x03\x85\x34\x66\x42\xc8\x92\x0f" + "\x36\x58\xe0\x6b\x00\x00\x00\x00", .alen = 0, - .input = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4" - "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7" - "\xeb\x0f\x05\x2b\xba\xb3\xca\xef" - "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5" - "\xbf\x7a\x3e\xcc\x31\x76\x09\x80" - "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3", - .ilen = 48, - .result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" - "\x28\x50\x51\x9d\x24\x60\x8d\xb3" - "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", - .rlen = 32, - }, { - .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad" - "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9" - "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93", - .klen = 32, - .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" - "\xc6\x64\x37\x42\xd2\x90\xb3\x2e" - "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0" - "\xaa\x55\x87\xd6\x63\xc8\x2a\x49", - .assoc = "\xd5", - .alen = 1, - .input = "\x96\x43\x30\xca\x6c\x4f\xd7\x12" - "\xba\xd9\xb3\x18\x86\xdf\xc3\x52", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c" + "\xf0\x97\x3a\xfb\x6d\xe7\x32\x99" + "\x3e\xaf\x70\x5e\xb2\x4d\xea\x39" + "\x89\xd4\x75\x7a\x63\xb1\xda\x93", + .plen = 32, + .ctext = "\x48\x01\x5e\x02\x24\x04\x66\x47" + "\xa1\xea\x6f\xaf\xe8\xfc\xfb\xdd" + "\xa5\xa9\x87\x8d\x84\xee\x2e\x77" + "\xbb\x86\xb9\xf5\x5c\x6c\xff\xf6" + "\x72\xc3\x8e\xf7\x70\xb1\xb2\x07" + "\xbc\xa8\xa3\xbd\x83\x7c\x1d\x2a", + .clen = 48, + .novrfy = 1, }, { - .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3" - "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3" - "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a", + .key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7" + "\x96\xe5\xc5\x68\xaa\x95\x35\xe0" + "\x29\xa0\xba\x9e\x48\x78\xd1\xba" + "\x0d\x1a\x53\x3b\xb5\xe3\xf8\x8b", .klen = 32, - .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" - "\xe8\x73\x62\x64\xab\x50\xd0\xda" - "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f", - .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" - "\x68\x75\x16\xf8\xcb\x7e\xa7", - .alen = 15, - .input = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83" - "\x11\x9f\xb0\x74\xee\xc7\x03\xdd", - .ilen = 16, - .result = "", - .rlen = 0, + .iv = "\x03\xcf\x76\x3f\xd9\x95\x75\x8f" + "\x44\x89\x40\x7b\x00\x00\x00\x00", + .assoc = "\x8f\x86\x6c\x4d\x1d\xc5\x39\x88" + "\xc8\xf3\x5c\x52\x10\x63\x6f\x2b" + "\x8a\x2a\xc5\x6f\x30\x23\x58\x7b" + "\xfb\x36\x03\x11\xb4\xd9\xf2\xfe", + .alen = 32, + .ptext = "\xc2\x54\xc8\xde\x78\x87\x77\x40" + "\x49\x71\xe4\xb7\xe7\xcb\x76\x61" + "\x0a\x41\xb9\xe9\xc0\x76\x54\xab" + "\x04\x49\x3b\x19\x93\x57\x25\x5d", + .plen = 32, + .ctext = "\x48\x58\xd6\xf3\xad\x63\x58\xbf" + "\xae\xc7\x5e\xae\x83\x8f\x7b\xe4" + "\x78\x5c\x4c\x67\x71\x89\x94\xbf" + "\x47\xf1\x63\x7e\x1c\x59\xbd\xc5" + "\x7f\x44\x0a\x0c\x01\x18\x07\x92" + "\xe1\xd3\x51\xce\x32\x6d\x0c\x5b", + .clen = 48, + }, +}; + +/* + * rfc4309 refers to section 8 of rfc3610 for test vectors, but they all + * use a 13-byte nonce, we only support an 11-byte nonce. Worse, + * they use AD lengths which are not valid ESP header lengths. + * + * These vectors are copied/generated from the ones for rfc4106 with + * the key truncated by one byte.. + */ +static const struct aead_testvec aes_ccm_rfc4309_tv_template[] = { + { /* Generated using Crypto++ */ + .key = zeroed_string, + .klen = 19, + .iv = zeroed_string, + .ptext = zeroed_string, + .plen = 16, + .assoc = zeroed_string, + .alen = 16, + .ctext = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F" + "\x12\x50\xE8\xDE\x81\x3C\x63\x08" + "\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5" + "\x27\x50\x01\xAC\x03\x33\x39\xFB", + .clen = 32, + },{ + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\x00\x00\x00", + .klen = 19, + .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", + .ptext = zeroed_string, + .plen = 16, + .assoc = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x01", + .alen = 16, + .ctext = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F" + "\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17" + "\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA" + "\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0", + .clen = 32, + }, { - .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9" - "\x47\x85\xeb\xc7\x6f\x48\x72\xed" - "\xfc\xa5\x0d\x91\x61\x6e\x81\x40", - .klen = 32, - .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" - "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" - "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" - "\x2d\xb0\x45\x87\x18\x86\x68\xf6", - .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" - "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\x00\x00\x00", + .klen = 19, + .iv = zeroed_string, + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01", + .plen = 16, + .assoc = zeroed_string, .alen = 16, - .input = "\x16\x44\x73\x33\x5d\xf2\xb9\x04" - "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1", - .ilen = 16, - .result = "", - .rlen = 0, + .ctext = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6" + "\x61\xF4\xF5\x41\x03\x4A\xE3\x86" + "\xA1\xE2\xC2\x42\x2B\x81\x70\x40" + "\xFD\x7F\x76\xD1\x03\x07\xBB\x0C", + .clen = 32, }, { - .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf" - "\x72\x47\xf6\x4b\x74\xe8\xf4\x06" - "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17", - .klen = 32, - .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" - "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" - "\xee\xde\x23\x60\xf2\xe5\x08\xcc", - .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" - "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" - "\x07", - .alen = 17, - .input = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45" - "\x98\x54\x8c\xed\x3d\x17\xf0\xdd", - .ilen = 16, - .result = "", - .rlen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\x00\x00\x00", + .klen = 19, + .iv = zeroed_string, + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01", + .plen = 16, + .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .alen = 16, + .ctext = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6" + "\x61\xF4\xF5\x41\x03\x4A\xE3\x86" + "\x5B\xC0\x73\xE0\x2B\x73\x68\xC9" + "\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E", + .clen = 32, }, { - .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6" - "\x9c\x0a\x02\xd0\x79\x88\x76\x20" - "\x7f\x00\xca\x42\x15\x2c\xbf\xed", - .klen = 32, - .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47" - "\x67\xba\x85\xf1\xbb\x30\x56\x26" - "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3", - .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" - "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" - "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" - "\xe0\x17\x3a\x2e\x83\x5c\x8f", - .alen = 31, - .input = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0" - "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc", - .ilen = 16, - .result = "", - .rlen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\x00\x00\x00", + .klen = 19, + .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01", + .plen = 16, + .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x00\x00\x00\x00\x00\x00\x00\x01", + .alen = 16, + .ctext = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E" + "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16" + "\x43\x8E\x76\x57\x3B\xB4\x05\xE8" + "\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED", + .clen = 32, }, { - .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc" - "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a" - "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4", - .klen = 32, - .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" - "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" - "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", - .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" - "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" - "\x5c\x2d\x14\x96\x01\x78\xb9\x47" - "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", - .alen = 32, - .input = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1" - "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0", - .ilen = 16, - .result = "", - .rlen = 0, + .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" + "\x6d\x6a\x8f\x94\x67\x30\x83\x08" + "\x00\x00\x00", + .klen = 19, + .iv = "\x00\x00\x00\x00\x00\x00\x00\x01", + .ptext = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x01\x01\x01\x01\x01\x01\x01\x01", + .plen = 64, + .assoc = "\x01\x01\x01\x01\x01\x01\x01\x01" + "\x00\x00\x00\x00\x00\x00\x00\x01", + .alen = 16, + .ctext = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E" + "\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16" + "\x9C\xA4\x97\x83\x3F\x01\xA5\xF4" + "\x43\x09\xE7\xB8\xE9\xD1\xD7\x02" + "\x9B\xAB\x39\x18\xEB\x94\x34\x36" + "\xE6\xC5\xC8\x9B\x00\x81\x9E\x49" + "\x1D\x78\xE1\x48\xE3\xE9\xEA\x8E" + "\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB" + "\x02\x73\xDD\xE7\x30\x4A\x30\x54" + "\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F", + .clen = 80, }, { - .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2" - "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53" - "\x02\x5b\x88\xf3\xca\xea\xfe\x9b", - .klen = 32, - .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" - "\xcc\x81\x63\xab\xae\x6b\x43\x54" - "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a" - "\x32\x67\xc0\xe9\x80\x02\xe5\x50", - .assoc = "\x40", - .alen = 1, - .input = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b" - "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83" - "\xc7", - .ilen = 17, - .result = "\x4f", - .rlen = 1, + .key = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" + "\x00\x00\x00", + .klen = 19, + .iv = "\x00\x00\x45\x67\x89\xab\xcd\xef", + .ptext = "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff", + .plen = 192, + .assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\x00\x00\x45\x67" + "\x89\xab\xcd\xef", + .alen = 20, + .ctext = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E" + "\x7C\x64\x6D\x33\x46\x77\xAC\xB1" + "\x5C\x9E\xE2\xC7\x27\x11\x3E\x95" + "\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C" + "\xB4\xE2\xDE\x9F\x53\x59\x26\xDB" + "\x0C\xD4\xE4\x07\x9A\xE6\x3E\x01" + "\x58\x0D\x3E\x3D\xD5\x21\xEB\x04" + "\x06\x9D\x5F\xB9\x02\x49\x1A\x2B" + "\xBA\xF0\x4E\x3B\x85\x50\x5B\x09" + "\xFE\xEC\xFC\x54\xEC\x0C\xE2\x79" + "\x8A\x2F\x5F\xD7\x05\x5D\xF1\x6D" + "\x22\xEB\xD1\x09\x80\x3F\x5A\x70" + "\xB2\xB9\xD3\x63\x99\xC2\x4D\x1B" + "\x36\x12\x00\x89\xAA\x5D\x55\xDA" + "\x1D\x5B\xD8\x3C\x5F\x09\xD2\xE6" + "\x39\x41\x5C\xF0\xBE\x26\x4E\x5F" + "\x2B\x50\x44\x52\xC2\x10\x7D\x38" + "\x82\x64\x83\x0C\xAE\x49\xD0\xE5" + "\x4F\xE5\x66\x4C\x58\x7A\xEE\x43" + "\x3B\x51\xFE\xBA\x24\x8A\xFE\xDC" + "\x19\x6D\x60\x66\x61\xF9\x9A\x3F" + "\x75\xFC\x38\x53\x5B\xB5\xCD\x52" + "\x4F\xE5\xE4\xC9\xFE\x10\xCB\x98" + "\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E" + "\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC" + "\x39\xAB\x63\xA5\x3D\x9C\x51\x8A", + .clen = 208, + }, { /* From draft-mcgrew-gcm-test-01 */ + .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" + "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" + "\x2E\x44\x3B", + .klen = 19, + .iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE", + .ptext = "\x45\x00\x00\x48\x69\x9A\x00\x00" + "\x80\x11\x4D\xB7\xC0\xA8\x01\x02" + "\xC0\xA8\x01\x01\x0A\x9B\xF1\x56" + "\x38\xD3\x01\x00\x00\x01\x00\x00" + "\x00\x00\x00\x00\x04\x5F\x73\x69" + "\x70\x04\x5F\x75\x64\x70\x03\x73" + "\x69\x70\x09\x63\x79\x62\x65\x72" + "\x63\x69\x74\x79\x02\x64\x6B\x00" + "\x00\x21\x00\x01\x01\x02\x02\x01", + .plen = 72, + .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" + "\x00\x00\x00\x00\x49\x56\xED\x7E" + "\x3B\x24\x4C\xFE", + .alen = 20, + .ctext = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB" + "\x83\x60\xF5\xBA\x3A\x56\x79\xE6" + "\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E" + "\x1A\x26\x01\x24\xC7\x2E\x3D\xBF" + "\x29\x2C\x91\xC1\xB8\xA8\xCF\xE0" + "\x39\xF8\x53\x6D\x31\x22\x2B\xBF" + "\x98\x81\xFC\x34\xEE\x85\x36\xCD" + "\x26\xDB\x6C\x7A\x0C\x77\x8A\x35" + "\x18\x85\x54\xB2\xBC\xDD\x3F\x43" + "\x61\x06\x8A\xDF\x86\x3F\xB4\xAC" + "\x97\xDC\xBD\xFD\x92\x10\xC5\xFF", + .clen = 88, }, { - .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8" - "\x1b\x50\x25\x5d\x89\x68\xfc\x6d" - "\xc3\x89\x67\xcb\xa4\x49\x9d\x71", - .klen = 32, - .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" - "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" - "\xf4\x94\x9f\xc1\x5a\x61\x85\x27", - .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37", - .alen = 15, - .input = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba" - "\x7e\x98\x83\x02\x34\x23\xf7\x94" - "\xde\x35\xe6\x1d\x14\x18\xe5\x38" - "\x14\x80\x6a\xa7\x1b\xae\x1d", - .ilen = 31, - .result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67", - .rlen = 15, + .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" + "\x6D\x6A\x8F\x94\x67\x30\x83\x08" + "\xCA\xFE\xBA", + .klen = 19, + .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", + .ptext = "\x45\x00\x00\x3E\x69\x8F\x00\x00" + "\x80\x11\x4D\xCC\xC0\xA8\x01\x02" + "\xC0\xA8\x01\x01\x0A\x98\x00\x35" + "\x00\x2A\x23\x43\xB2\xD0\x01\x00" + "\x00\x01\x00\x00\x00\x00\x00\x00" + "\x03\x73\x69\x70\x09\x63\x79\x62" + "\x65\x72\x63\x69\x74\x79\x02\x64" + "\x6B\x00\x00\x01\x00\x01\x00\x01", + .plen = 64, + .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" + "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", + .alen = 16, + .ctext = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8" + "\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16" + "\x56\xC7\xD2\x88\xBA\x8D\x58\xAF" + "\xF5\x71\xB6\x37\x84\xA7\xB1\x99" + "\x51\x5C\x0D\xA0\x27\xDE\xE7\x2D" + "\xEF\x25\x88\x1F\x1D\x77\x11\xFF" + "\xDB\xED\xEE\x56\x16\xC5\x5C\x9B" + "\x00\x62\x1F\x68\x4E\x7C\xA0\x97" + "\x10\x72\x7E\x53\x13\x3B\x68\xE4" + "\x30\x99\x91\x79\x09\xEA\xFF\x6A", + .clen = 80, }, { - .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf" - "\x46\x13\x31\xe1\x8e\x08\x7e\x87" - "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48", - .klen = 32, - .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" - "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" - "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" - "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", - .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\x11\x22\x33", + .klen = 35, + .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", + .ptext = "\x45\x00\x00\x30\x69\xA6\x40\x00" + "\x80\x06\x26\x90\xC0\xA8\x01\x02" + "\x93\x89\x15\x5E\x0A\x9E\x00\x8B" + "\x2D\xC5\x7E\xE0\x00\x00\x00\x00" + "\x70\x02\x40\x00\x20\xBF\x00\x00" + "\x02\x04\x05\xB4\x01\x01\x04\x02" + "\x01\x02\x02\x01", + .plen = 52, + .assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02" + "\x01\x02\x03\x04\x05\x06\x07\x08", .alen = 16, - .input = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01" - "\xbe\x28\x98\x10\x6f\xe9\x61\x32" - "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9" - "\x46\x2d\x55\xe3\x42\x67\xf2\xaf", - .ilen = 32, - .result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" - "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .rlen = 16, + .ctext = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F" + "\x58\x41\x7E\xFF\x9A\x9E\x09\xB4" + "\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD" + "\x27\x0E\x2C\xF2\xDB\x10\xDF\x55" + "\x8F\x0D\xD7\xAC\x23\xBD\x42\x10" + "\xD0\xB2\xAF\xD8\x37\xAC\x6B\x0B" + "\x11\xD4\x0B\x12\xEC\xB4\xB1\x92" + "\x23\xA6\x10\xB0\x26\xD6\xD9\x26" + "\x5A\x48\x6A\x3E", + .clen = 68, + }, { + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00", + .klen = 19, + .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", + .ptext = "\x45\x00\x00\x3C\x99\xC5\x00\x00" + "\x80\x01\xCB\x7A\x40\x67\x93\x18" + "\x01\x01\x01\x01\x08\x00\x07\x5C" + "\x02\x00\x44\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6A\x6B\x6C" + "\x6D\x6E\x6F\x70\x71\x72\x73\x74" + "\x75\x76\x77\x61\x62\x63\x64\x65" + "\x66\x67\x68\x69\x01\x02\x02\x01", + .plen = 64, + .assoc = "\x00\x00\x00\x00\x00\x00\x00\x01" + "\x00\x00\x00\x00\x00\x00\x00\x00", + .alen = 16, + .ctext = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F" + "\x92\x51\x23\xA4\xC1\x5B\xF0\x10" + "\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC" + "\x89\xC8\xF8\x42\x62\x95\xB7\xCB" + "\xB8\xF5\x0F\x1B\x2E\x94\xA2\xA7" + "\xBF\xFB\x8A\x92\x13\x63\xD1\x3C" + "\x08\xF5\xE8\xA6\xAA\xF6\x34\xF9" + "\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE" + "\x36\x25\xC1\x10\x12\x1C\xCA\x82" + "\xEA\xE6\x63\x5A\x57\x28\xA9\x9A", + .clen = 80, + }, { + .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" + "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" + "\x57\x69\x0E", + .klen = 19, + .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", + .ptext = "\x45\x00\x00\x3C\x99\xC3\x00\x00" + "\x80\x01\xCB\x7C\x40\x67\x93\x18" + "\x01\x01\x01\x01\x08\x00\x08\x5C" + "\x02\x00\x43\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6A\x6B\x6C" + "\x6D\x6E\x6F\x70\x71\x72\x73\x74" + "\x75\x76\x77\x61\x62\x63\x64\x65" + "\x66\x67\x68\x69\x01\x02\x02\x01", + .plen = 64, + .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" + "\x10\x10\x10\x10\x4E\x28\x00\x00" + "\xA2\xFC\xA1\xA3", + .alen = 20, + .ctext = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6" + "\x10\x60\x40\x62\x6B\x4F\x97\x8E" + "\x0B\xB2\x22\x97\xCB\x21\xE0\x90" + "\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B" + "\x79\x01\x58\x50\x01\x06\xE1\xE0" + "\x2C\x83\x79\xD3\xDE\x46\x97\x1A" + "\x30\xB8\xE5\xDF\xD7\x12\x56\x75" + "\xD0\x95\xB7\xB8\x91\x42\xF7\xFD" + "\x97\x57\xCA\xC1\x20\xD0\x86\xB9" + "\x66\x9D\xB4\x2B\x96\x22\xAC\x67", + .clen = 80, }, { - .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5" - "\x70\xd5\x3c\x65\x93\xa8\x00\xa0" - "\x46\xe4\x25\x7c\x58\x08\xdb\x1e", - .klen = 32, - .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" - "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" - "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4", - .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05", - .alen = 17, - .input = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8" - "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e" - "\x87\x9d\x26\xdf\xff\x81\x11\xd2" - "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b" - "\x55", - .ilen = 33, - .result = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" - "\xd0", - .rlen = 17, + .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" + "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" + "\x57\x69\x0E", + .klen = 19, + .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", + .ptext = "\x45\x00\x00\x1C\x42\xA2\x00\x00" + "\x80\x01\x44\x1F\x40\x67\x93\xB6" + "\xE0\x00\x00\x02\x0A\x00\xF5\xFF" + "\x01\x02\x02\x01", + .plen = 28, + .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" + "\x10\x10\x10\x10\x4E\x28\x00\x00" + "\xA2\xFC\xA1\xA3", + .alen = 20, + .ctext = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6" + "\x10\x60\xCF\x01\x6B\x4F\x97\x20" + "\xEA\xB3\x23\x94\xC9\x21\x1D\x33" + "\xA1\xE5\x90\x40\x05\x37\x45\x70" + "\xB5\xD6\x09\x0A\x23\x73\x33\xF9" + "\x08\xB4\x22\xE4", + .clen = 44, }, { - .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb" - "\x9a\x97\x48\xe9\x98\x48\x82\xba" - "\x07\x11\x04\x54\x32\x67\x7b\xf5", - .klen = 32, - .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" - "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" - "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa", - .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" - "\xf0\x20\x58\x15\x95\xc6\x7f\xee" - "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a", - .alen = 31, - .input = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5" - "\x69\x7f\x7a\xdd\x8c\x46\xda\xba" - "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2" - "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66" - "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b" - "\xdf\xb8\xea\xd8\xa9\x38\xed", - .ilen = 47, - .result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70" - "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" - "\x98\x34\xab\x37\x56\xae\x32", - .rlen = 31, + .key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" + "\x6D\x6A\x8F\x94\x67\x30\x83\x08" + "\xFE\xFF\xE9\x92\x86\x65\x73\x1C" + "\xCA\xFE\xBA", + .klen = 27, + .iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", + .ptext = "\x45\x00\x00\x28\xA4\xAD\x40\x00" + "\x40\x06\x78\x80\x0A\x01\x03\x8F" + "\x0A\x01\x06\x12\x80\x23\x06\xB8" + "\xCB\x71\x26\x02\xDD\x6B\xB0\x3E" + "\x50\x10\x16\xD0\x75\x68\x00\x01", + .plen = 40, + .assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A" + "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88", + .alen = 16, + .ctext = "\x05\x22\x15\xD1\x52\x56\x85\x04" + "\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA" + "\xEA\x16\x37\x50\xF3\xDF\x84\x3B" + "\x2F\x32\x18\x57\x34\x2A\x8C\x23" + "\x67\xDF\x6D\x35\x7B\x54\x0D\xFB" + "\x34\xA5\x9F\x6C\x48\x30\x1E\x22" + "\xFE\xB1\x22\x17\x17\x8A\xB9\x5B", + .clen = 56, }, { - .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1" - "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4" - "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb", - .klen = 32, - .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73" - "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" - "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", - .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .alen = 32, - .input = "\xd3\x68\x14\x70\x3c\x01\x43\x86" - "\x02\xab\xbe\x75\xaa\xe7\xf5\x53" - "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61" - "\x8f\x69\x05\x75\x8e\xca\x60\x0c" - "\x5b\xa2\x48\x61\x32\x74\x11\x2b" - "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a", - .ilen = 48, - .result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76" - "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" - "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", - .rlen = 32, + .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\xDE\xCA\xF8", + .klen = 19, + .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", + .ptext = "\x45\x00\x00\x49\x33\xBA\x00\x00" + "\x7F\x11\x91\x06\xC3\xFB\x1D\x10" + "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" + "\x00\x35\xDD\x7B\x80\x03\x02\xD5" + "\x00\x00\x4E\x20\x00\x1E\x8C\x18" + "\xD7\x5B\x81\xDC\x91\xBA\xA0\x47" + "\x6B\x91\xB9\x24\xB2\x80\x38\x9D" + "\x92\xC9\x63\xBA\xC0\x46\xEC\x95" + "\x9B\x62\x66\xC0\x47\x22\xB1\x49" + "\x23\x01\x01\x01", + .plen = 76, + .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" + "\xCE\xFA\xCE\x74", + .alen = 20, + .ctext = "\x92\xD0\x53\x79\x33\x38\xD5\xF3" + "\x7D\xE4\x7A\x8E\x86\x03\xC9\x90" + "\x96\x35\xAB\x9C\xFB\xE8\xA3\x76" + "\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00" + "\xFA\xCE\xB5\x9E\x02\xA7\x7B\xEA" + "\x71\x9A\x58\xFB\xA5\x8A\xE1\xB7" + "\x9C\x39\x9D\xE3\xB5\x6E\x69\xE6" + "\x63\xC9\xDB\x05\x69\x51\x12\xAD" + "\x3E\x00\x32\x73\x86\xF2\xEE\xF5" + "\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D" + "\x76\xD6\x55\xC6\xB4\xC2\x34\xC7" + "\x12\x25\x0B\xF9", + .clen = 92, }, { - .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7" - "\xef\x1c\x5f\xf2\xa3\x88\x86\xed" - "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2", - .klen = 32, - .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" - "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" - "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58", - .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d", - .alen = 33, - .input = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2" - "\x15\x3a\x6c\x72\x83\x9b\xb1\x75" - "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4" - "\x1a\x93\x33\x79\x97\x82\x81\xc0" - "\x96\xc2\x00\xab\x39\xae\xa1\x62" - "\x53\xa3\x86\xc9\x07\x8c\xaf\x22" - "\x47\x31\x29\xca\x4a\x95\xf5\xd5" - "\x20\x63\x5a\x54\x80\x2c\x4a\x63" - "\xfb\x18\x73\x31\x4f\x08\x21\x5d" - "\x20\xe9\xc3\x7e\xea\x25\x77\x3a" - "\x65", - .ilen = 81, - .result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" - "\x4f\x2e\xe8\x55\x66\x80\x27\x00" - "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" - "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" - "\x0a\x34\x97\xff\x47\x37\xb0\x2a" - "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" - "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" - "\xbd", - .rlen = 65, + .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\x73\x61\x6C", + .klen = 35, + .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", + .ptext = "\x45\x08\x00\x28\x73\x2C\x00\x00" + "\x40\x06\xE9\xF9\x0A\x01\x06\x12" + "\x0A\x01\x03\x8F\x06\xB8\x80\x23" + "\xDD\x6B\xAF\xBE\xCB\x71\x26\x02" + "\x50\x10\x1F\x64\x6D\x54\x00\x01", + .plen = 40, + .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" + "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" + "\x69\x76\x65\x63", + .alen = 20, + .ctext = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42" + "\x2C\x64\x87\x46\x1E\x34\x10\x05" + "\x29\x6B\xBB\x36\xE9\x69\xAD\x92" + "\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D" + "\x08\xBA\xF3\x91\xCA\xAA\x61\xDA" + "\x62\xF4\x14\x61\x5C\x9D\xB5\xA7" + "\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D", + .clen = 56, }, { - .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe" - "\x19\xde\x6b\x76\xa8\x28\x08\x07" - "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79", - .klen = 32, - .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f" - "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" - "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e", - .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .alen = 65, - .input = "\x33\xc1\xda\xfa\x15\x21\x07\x8e" - "\x93\x68\xea\x64\x7b\x3d\x4b\x6b" - "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2" - "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81" - "\x26\x3a\x5a\x09\xe8\xce\x73\x72" - "\xde\x7b\x58\x9e\x85\xb9\xa4\x28" - "\xda", - .ilen = 49, - .result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" - "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" - "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" - "\x2f", - .rlen = 33, + .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" + "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" + "\x57\x69\x0E", + .klen = 19, + .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", + .ptext = "\x45\x00\x00\x49\x33\x3E\x00\x00" + "\x7F\x11\x91\x82\xC3\xFB\x1D\x10" + "\xC2\xB1\xD3\x26\xC0\x28\x31\xCE" + "\x00\x35\xCB\x45\x80\x03\x02\x5B" + "\x00\x00\x01\xE0\x00\x1E\x8C\x18" + "\xD6\x57\x59\xD5\x22\x84\xA0\x35" + "\x2C\x71\x47\x5C\x88\x80\x39\x1C" + "\x76\x4D\x6E\x5E\xE0\x49\x6B\x32" + "\x5A\xE2\x70\xC0\x38\x99\x49\x39" + "\x15\x01\x01\x01", + .plen = 76, + .assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10" + "\x10\x10\x10\x10\x4E\x28\x00\x00" + "\xA2\xFC\xA1\xA3", + .alen = 20, + .ctext = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6" + "\xEF\x70\x1A\x9C\xE8\xD3\x19\x86" + "\xC8\x02\xF0\xB0\x03\x09\xD9\x02" + "\xA0\xD2\x59\x04\xD1\x85\x2A\x24" + "\x1C\x67\x3E\xD8\x68\x72\x06\x94" + "\x97\xBA\x4F\x76\x8D\xB0\x44\x5B" + "\x69\xBF\xD5\xE2\x3D\xF1\x0B\x0C" + "\xC0\xBF\xB1\x8F\x70\x09\x9E\xCE" + "\xA5\xF2\x55\x58\x84\xFA\xF9\xB5" + "\x23\xF4\x84\x40\x74\x14\x8A\x6B" + "\xDB\xD7\x67\xED\xA4\x93\xF3\x47" + "\xCC\xF7\x46\x6F", + .clen = 92, }, { - .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04" - "\x44\xa1\x76\xfb\xad\xc8\x8a\x21" - "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f", - .klen = 32, - .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" - "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" - "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" - "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", - .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\x73\x61\x6C", + .klen = 35, + .iv = "\x61\x6E\x64\x01\x69\x76\x65\x63", + .ptext = "\x63\x69\x73\x63\x6F\x01\x72\x75" + "\x6C\x65\x73\x01\x74\x68\x65\x01" + "\x6E\x65\x74\x77\x65\x01\x64\x65" + "\x66\x69\x6E\x65\x01\x74\x68\x65" + "\x74\x65\x63\x68\x6E\x6F\x6C\x6F" + "\x67\x69\x65\x73\x01\x74\x68\x61" + "\x74\x77\x69\x6C\x6C\x01\x64\x65" + "\x66\x69\x6E\x65\x74\x6F\x6D\x6F" + "\x72\x72\x6F\x77\x01\x02\x02\x01", + .plen = 72, + .assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26" + "\xDD\x0D\xB9\x9B\x61\x6E\x64\x01" + "\x69\x76\x65\x63", + .alen = 20, + .ctext = "\xEA\x15\xC4\x98\xAC\x15\x22\x37" + "\x00\x07\x1D\xBE\x60\x5D\x73\x16" + "\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4" + "\x39\xA3\xD1\xB1\x21\x0A\x92\x1A" + "\x2C\xCF\x8F\x9D\xC9\x91\x0D\xB4" + "\x15\xFC\xBC\xA5\xC5\xBF\x54\xE5" + "\x1C\xC7\x32\x41\x07\x7B\x2C\xB6" + "\x5C\x23\x7C\x93\xEA\xEF\x23\x1C" + "\x73\xF4\xE7\x12\x84\x4C\x37\x0A" + "\x4A\x8F\x06\x37\x48\xF9\xF9\x05" + "\x55\x13\x40\xC3\xD5\x55\x3A\x3D", + .clen = 88, + }, { + .key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25" + "\xAC\x61\x9D\x18\xC8\x4A\x3F\x47" + "\xD9\x66\x42", + .klen = 19, + .iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6", + .ptext = "\x01\x02\x02\x01", + .plen = 4, + .assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF" + "\x43\x45\x7E\x91\x82\x44\x3B\xC6", .alen = 16, - .input = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02" - "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99" - "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b" - "\xc7\xff\xbd\xbc\x85\x09\x0b", - .ilen = 31, - .result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" - "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .rlen = 16, + .ctext = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD" + "\xD0\xD8\x60\x9D\x8B\xEF\x85\x90" + "\xF7\x61\x24\x62", + .clen = 20, }, { - .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a" - "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a" - "\xce\xf5\x5e\x8e\x75\x42\x97\x26", + .key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23" + "\x34\x45\x56\x67\x78\x89\x9A\xAB" + "\xDE\xCA\xF8", + .klen = 19, + .iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74", + .ptext = "\x74\x6F\x01\x62\x65\x01\x6F\x72" + "\x01\x6E\x6F\x74\x01\x74\x6F\x01" + "\x62\x65\x00\x01", + .plen = 20, + .assoc = "\x00\x00\x01\x00\x00\x00\x00\x00" + "\x00\x00\x00\x01\xCA\xFE\xDE\xBA" + "\xCE\xFA\xCE\x74", + .alen = 20, + .ctext = "\xA3\xBF\x52\x52\x65\x83\xBA\x81" + "\x03\x9B\x84\xFC\x44\x8C\xBB\x81" + "\x36\xE1\x78\xBB\xA5\x49\x3A\xD0" + "\xF0\x6B\x21\xAF\x98\xC0\x34\xDC" + "\x17\x17\x65\xAD", + .clen = 36, + }, { + .key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65" + "\x6D\x61\x72\x69\x6A\x75\x61\x6E" + "\x61\x61\x6E\x64\x64\x6F\x69\x74" + "\x62\x65\x66\x6F\x72\x65\x69\x61" + "\x74\x75\x72", + .klen = 35, + .iv = "\x33\x30\x21\x69\x67\x65\x74\x6D", + .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00" + "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" + "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6A\x6B\x6C" + "\x6D\x6E\x6F\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01", + .plen = 52, + .assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF" + "\xFF\xFF\xFF\xFF\x33\x30\x21\x69" + "\x67\x65\x74\x6D", + .alen = 20, + .ctext = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10" + "\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A" + "\x48\x59\x80\x18\x1A\x18\x1A\x04" + "\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75" + "\x92\x9C\x52\x5C\x0B\xFB\xF8\xAF" + "\x16\xC3\x35\xA8\xE7\xCE\x84\x04" + "\xEB\x40\x6B\x7A\x8E\x75\xBB\x42" + "\xE0\x63\x4B\x21\x44\xA2\x2B\x2B" + "\x39\xDB\xC8\xDC", + .clen = 68, + }, { + .key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49" + "\x19\x88\xD0\xC3\x60\x7E\xAE\x1F" + "\x57\x69\x0E", + .klen = 19, + .iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3", + .ptext = "\x45\x00\x00\x30\xDA\x3A\x00\x00" + "\x80\x01\xDF\x3B\xC0\xA8\x00\x05" + "\xC0\xA8\x00\x01\x08\x00\xC6\xCD" + "\x02\x00\x07\x00\x61\x62\x63\x64" + "\x65\x66\x67\x68\x69\x6A\x6B\x6C" + "\x6D\x6E\x6F\x70\x71\x72\x73\x74" + "\x01\x02\x02\x01", + .plen = 52, + .assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10" + "\x10\x10\x10\x10\x4E\x28\x00\x00" + "\xA2\xFC\xA1\xA3", + .alen = 20, + .ctext = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6" + "\x10\x60\x54\x25\xEB\x80\x04\x93" + "\xCA\x1B\x23\x97\xCB\x21\x2E\x01" + "\xA2\xE7\x95\x41\x30\xE4\x4B\x1B" + "\x79\x01\x58\x50\x01\x06\xE1\xE0" + "\x2C\x83\x79\xD3\xDE\x46\x97\x1A" + "\x44\xCC\x90\xBF\x00\x94\x94\x92" + "\x20\x17\x0C\x1B\x55\xDE\x7E\x68" + "\xF4\x95\x5D\x4F", + .clen = 68, + }, { + .key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA" + "\x90\x6A\xC7\x3C\x36\x13\xA6\x34" + "\x22\x43\x3C", + .klen = 19, + .iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD", + .ptext = "\x08\x00\xC6\xCD\x02\x00\x07\x00" + "\x61\x62\x63\x64\x65\x66\x67\x68" + "\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70" + "\x71\x72\x73\x74\x01\x02\x02\x01", + .plen = 32, + .assoc = "\x00\x00\x43\x21\x87\x65\x43\x21" + "\x00\x00\x00\x07\x48\x55\xEC\x7D" + "\x3A\x23\x4B\xFD", + .alen = 20, + .ctext = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02" + "\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F" + "\xF8\xA3\x4C\x53\xB8\x12\x09\xBF" + "\x58\x7D\xCF\x29\xA3\x41\x68\x6B" + "\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F" + "\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6", + .clen = 48, + } +}; + +/* + * ChaCha20-Poly1305 AEAD test vectors from RFC7539 2.8.2./A.5. + */ +static const struct aead_testvec rfc7539_tv_template[] = { + { + .key = "\x80\x81\x82\x83\x84\x85\x86\x87" + "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" + "\x90\x91\x92\x93\x94\x95\x96\x97" + "\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f", .klen = 32, - .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" - "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" - "\x39\x14\x05\xa0\xf3\x10\xec\x41" - "\xff\x01\x95\x84\x2b\x59\x7f\xdb", - .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .alen = 16, - .input = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e" - "\x6c\xd9\x84\x63\x70\x97\x61\x37" - "\x08\x2f\x16\x90\x9e\x62\x30\x0d" - "\x62\xd5\xc8\xf0\x46\x1a", - .ilen = 30, - .result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" - "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .rlen = 16, + .iv = "\x07\x00\x00\x00\x40\x41\x42\x43" + "\x44\x45\x46\x47", + .assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3" + "\xc4\xc5\xc6\xc7", + .alen = 12, + .ptext = "\x4c\x61\x64\x69\x65\x73\x20\x61" + "\x6e\x64\x20\x47\x65\x6e\x74\x6c" + "\x65\x6d\x65\x6e\x20\x6f\x66\x20" + "\x74\x68\x65\x20\x63\x6c\x61\x73" + "\x73\x20\x6f\x66\x20\x27\x39\x39" + "\x3a\x20\x49\x66\x20\x49\x20\x63" + "\x6f\x75\x6c\x64\x20\x6f\x66\x66" + "\x65\x72\x20\x79\x6f\x75\x20\x6f" + "\x6e\x6c\x79\x20\x6f\x6e\x65\x20" + "\x74\x69\x70\x20\x66\x6f\x72\x20" + "\x74\x68\x65\x20\x66\x75\x74\x75" + "\x72\x65\x2c\x20\x73\x75\x6e\x73" + "\x63\x72\x65\x65\x6e\x20\x77\x6f" + "\x75\x6c\x64\x20\x62\x65\x20\x69" + "\x74\x2e", + .plen = 114, + .ctext = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb" + "\x7b\x86\xaf\xbc\x53\xef\x7e\xc2" + "\xa4\xad\xed\x51\x29\x6e\x08\xfe" + "\xa9\xe2\xb5\xa7\x36\xee\x62\xd6" + "\x3d\xbe\xa4\x5e\x8c\xa9\x67\x12" + "\x82\xfa\xfb\x69\xda\x92\x72\x8b" + "\x1a\x71\xde\x0a\x9e\x06\x0b\x29" + "\x05\xd6\xa5\xb6\x7e\xcd\x3b\x36" + "\x92\xdd\xbd\x7f\x2d\x77\x8b\x8c" + "\x98\x03\xae\xe3\x28\x09\x1b\x58" + "\xfa\xb3\x24\xe4\xfa\xd6\x75\x94" + "\x55\x85\x80\x8b\x48\x31\xd7\xbc" + "\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d" + "\xe5\x76\xd2\x65\x86\xce\xc6\x4b" + "\x61\x16\x1a\xe1\x0b\x59\x4f\x09" + "\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60" + "\x06\x91", + .clen = 130, }, { - .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10" - "\x98\x25\x8d\x03\xb7\x08\x8e\x54" - "\x90\x23\x3d\x67\x4f\xa1\x36\xfc", + .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" + "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" + "\x47\x39\x17\xc1\x40\x2b\x80\x09" + "\x9d\xca\x5c\xbc\x20\x70\x75\xc0", .klen = 32, - .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" - "\xd5\x07\x58\x59\x72\xd7\xde\x92" - "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" - "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", - .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .alen = 16, - .input = "\xce\xf3\x17\x87\x49\xc2\x00\x46" - "\xc6\x12\x5c\x8f\x81\x38\xaa\x55" - "\xf8\x67\x75\xf1\x75\xe3\x2a\x24", - .ilen = 24, - .result = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .rlen = 16, + .iv = "\x00\x00\x00\x00\x01\x02\x03\x04" + "\x05\x06\x07\x08", + .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00" + "\x00\x00\x4e\x91", + .alen = 12, + .ptext = "\x49\x6e\x74\x65\x72\x6e\x65\x74" + "\x2d\x44\x72\x61\x66\x74\x73\x20" + "\x61\x72\x65\x20\x64\x72\x61\x66" + "\x74\x20\x64\x6f\x63\x75\x6d\x65" + "\x6e\x74\x73\x20\x76\x61\x6c\x69" + "\x64\x20\x66\x6f\x72\x20\x61\x20" + "\x6d\x61\x78\x69\x6d\x75\x6d\x20" + "\x6f\x66\x20\x73\x69\x78\x20\x6d" + "\x6f\x6e\x74\x68\x73\x20\x61\x6e" + "\x64\x20\x6d\x61\x79\x20\x62\x65" + "\x20\x75\x70\x64\x61\x74\x65\x64" + "\x2c\x20\x72\x65\x70\x6c\x61\x63" + "\x65\x64\x2c\x20\x6f\x72\x20\x6f" + "\x62\x73\x6f\x6c\x65\x74\x65\x64" + "\x20\x62\x79\x20\x6f\x74\x68\x65" + "\x72\x20\x64\x6f\x63\x75\x6d\x65" + "\x6e\x74\x73\x20\x61\x74\x20\x61" + "\x6e\x79\x20\x74\x69\x6d\x65\x2e" + "\x20\x49\x74\x20\x69\x73\x20\x69" + "\x6e\x61\x70\x70\x72\x6f\x70\x72" + "\x69\x61\x74\x65\x20\x74\x6f\x20" + "\x75\x73\x65\x20\x49\x6e\x74\x65" + "\x72\x6e\x65\x74\x2d\x44\x72\x61" + "\x66\x74\x73\x20\x61\x73\x20\x72" + "\x65\x66\x65\x72\x65\x6e\x63\x65" + "\x20\x6d\x61\x74\x65\x72\x69\x61" + "\x6c\x20\x6f\x72\x20\x74\x6f\x20" + "\x63\x69\x74\x65\x20\x74\x68\x65" + "\x6d\x20\x6f\x74\x68\x65\x72\x20" + "\x74\x68\x61\x6e\x20\x61\x73\x20" + "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b" + "\x20\x69\x6e\x20\x70\x72\x6f\x67" + "\x72\x65\x73\x73\x2e\x2f\xe2\x80" + "\x9d", + .plen = 265, + .ctext = "\x64\xa0\x86\x15\x75\x86\x1a\xf4" + "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd" + "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89" + "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2" + "\x4c\x6c\xfc\x18\x75\x5d\x43\xee" + "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0" + "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00" + "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf" + "\x33\x2f\x83\x0e\x71\x0b\x97\xce" + "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81" + "\x14\xad\x17\x6e\x00\x8d\x33\xbd" + "\x60\xf9\x82\xb1\xff\x37\xc8\x55" + "\x97\x97\xa0\x6e\xf4\xf0\xef\x61" + "\xc1\x86\x32\x4e\x2b\x35\x06\x38" + "\x36\x06\x90\x7b\x6a\x7c\x02\xb0" + "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4" + "\xb9\x16\x6c\x76\x7b\x80\x4d\x46" + "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9" + "\x90\x40\xc5\xa4\x04\x33\x22\x5e" + "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e" + "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15" + "\x5b\x00\x47\x71\x8c\xbc\x54\x6a" + "\x0d\x07\x2b\x04\xb3\x56\x4e\xea" + "\x1b\x42\x22\x73\xf5\x48\x27\x1a" + "\x0b\xb2\x31\x60\x53\xfa\x76\x99" + "\x19\x55\xeb\xd6\x31\x59\x43\x4e" + "\xce\xbb\x4e\x46\x6d\xae\x5a\x10" + "\x73\xa6\x72\x76\x27\x09\x7a\x10" + "\x49\xe6\x17\xd9\x1d\x36\x10\x94" + "\xfa\x68\xf0\xff\x77\x98\x71\x30" + "\x30\x5b\xea\xba\x2e\xda\x04\xdf" + "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29" + "\xa6\xad\x5c\xb4\x02\x2b\x02\x70" + "\x9b\xee\xad\x9d\x67\x89\x0c\xbb" + "\x22\x39\x23\x36\xfe\xa1\x85\x1f" + "\x38", + .clen = 281, }, }; /* - * MORUS-640 test vectors - generated via reference implementation from + * draft-irtf-cfrg-chacha20-poly1305 + */ +static const struct aead_testvec rfc7539esp_tv_template[] = { + { + .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" + "\xf3\x33\x88\x86\x04\xf6\xb5\xf0" + "\x47\x39\x17\xc1\x40\x2b\x80\x09" + "\x9d\xca\x5c\xbc\x20\x70\x75\xc0" + "\x00\x00\x00\x00", + .klen = 36, + .iv = "\x01\x02\x03\x04\x05\x06\x07\x08", + .assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00" + "\x00\x00\x4e\x91\x01\x02\x03\x04" + "\x05\x06\x07\x08", + .alen = 20, + .ptext = "\x49\x6e\x74\x65\x72\x6e\x65\x74" + "\x2d\x44\x72\x61\x66\x74\x73\x20" + "\x61\x72\x65\x20\x64\x72\x61\x66" + "\x74\x20\x64\x6f\x63\x75\x6d\x65" + "\x6e\x74\x73\x20\x76\x61\x6c\x69" + "\x64\x20\x66\x6f\x72\x20\x61\x20" + "\x6d\x61\x78\x69\x6d\x75\x6d\x20" + "\x6f\x66\x20\x73\x69\x78\x20\x6d" + "\x6f\x6e\x74\x68\x73\x20\x61\x6e" + "\x64\x20\x6d\x61\x79\x20\x62\x65" + "\x20\x75\x70\x64\x61\x74\x65\x64" + "\x2c\x20\x72\x65\x70\x6c\x61\x63" + "\x65\x64\x2c\x20\x6f\x72\x20\x6f" + "\x62\x73\x6f\x6c\x65\x74\x65\x64" + "\x20\x62\x79\x20\x6f\x74\x68\x65" + "\x72\x20\x64\x6f\x63\x75\x6d\x65" + "\x6e\x74\x73\x20\x61\x74\x20\x61" + "\x6e\x79\x20\x74\x69\x6d\x65\x2e" + "\x20\x49\x74\x20\x69\x73\x20\x69" + "\x6e\x61\x70\x70\x72\x6f\x70\x72" + "\x69\x61\x74\x65\x20\x74\x6f\x20" + "\x75\x73\x65\x20\x49\x6e\x74\x65" + "\x72\x6e\x65\x74\x2d\x44\x72\x61" + "\x66\x74\x73\x20\x61\x73\x20\x72" + "\x65\x66\x65\x72\x65\x6e\x63\x65" + "\x20\x6d\x61\x74\x65\x72\x69\x61" + "\x6c\x20\x6f\x72\x20\x74\x6f\x20" + "\x63\x69\x74\x65\x20\x74\x68\x65" + "\x6d\x20\x6f\x74\x68\x65\x72\x20" + "\x74\x68\x61\x6e\x20\x61\x73\x20" + "\x2f\xe2\x80\x9c\x77\x6f\x72\x6b" + "\x20\x69\x6e\x20\x70\x72\x6f\x67" + "\x72\x65\x73\x73\x2e\x2f\xe2\x80" + "\x9d", + .plen = 265, + .ctext = "\x64\xa0\x86\x15\x75\x86\x1a\xf4" + "\x60\xf0\x62\xc7\x9b\xe6\x43\xbd" + "\x5e\x80\x5c\xfd\x34\x5c\xf3\x89" + "\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2" + "\x4c\x6c\xfc\x18\x75\x5d\x43\xee" + "\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0" + "\xbd\xb7\xb7\x3c\x32\x1b\x01\x00" + "\xd4\xf0\x3b\x7f\x35\x58\x94\xcf" + "\x33\x2f\x83\x0e\x71\x0b\x97\xce" + "\x98\xc8\xa8\x4a\xbd\x0b\x94\x81" + "\x14\xad\x17\x6e\x00\x8d\x33\xbd" + "\x60\xf9\x82\xb1\xff\x37\xc8\x55" + "\x97\x97\xa0\x6e\xf4\xf0\xef\x61" + "\xc1\x86\x32\x4e\x2b\x35\x06\x38" + "\x36\x06\x90\x7b\x6a\x7c\x02\xb0" + "\xf9\xf6\x15\x7b\x53\xc8\x67\xe4" + "\xb9\x16\x6c\x76\x7b\x80\x4d\x46" + "\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9" + "\x90\x40\xc5\xa4\x04\x33\x22\x5e" + "\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e" + "\xaf\x45\x34\xd7\xf8\x3f\xa1\x15" + "\x5b\x00\x47\x71\x8c\xbc\x54\x6a" + "\x0d\x07\x2b\x04\xb3\x56\x4e\xea" + "\x1b\x42\x22\x73\xf5\x48\x27\x1a" + "\x0b\xb2\x31\x60\x53\xfa\x76\x99" + "\x19\x55\xeb\xd6\x31\x59\x43\x4e" + "\xce\xbb\x4e\x46\x6d\xae\x5a\x10" + "\x73\xa6\x72\x76\x27\x09\x7a\x10" + "\x49\xe6\x17\xd9\x1d\x36\x10\x94" + "\xfa\x68\xf0\xff\x77\x98\x71\x30" + "\x30\x5b\xea\xba\x2e\xda\x04\xdf" + "\x99\x7b\x71\x4d\x6c\x6f\x2c\x29" + "\xa6\xad\x5c\xb4\x02\x2b\x02\x70" + "\x9b\xee\xad\x9d\x67\x89\x0c\xbb" + "\x22\x39\x23\x36\xfe\xa1\x85\x1f" + "\x38", + .clen = 281, + }, +}; + +/* + * AEGIS-128 test vectors - generated via reference implementation from * SUPERCOP (https://bench.cr.yp.to/supercop.html): * * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz - * (see crypto_aead/morus640128v2/) + * (see crypto_aead/aegis128/) */ -static const struct aead_testvec morus640_enc_tv_template[] = { +static const struct aead_testvec aegis128_tv_template[] = { { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 16, - .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .klen = 16, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03", .assoc = "", .alen = 0, - .input = "", - .ilen = 0, - .result = "\x89\x62\x7d\xf3\x07\x9d\x52\x05" - "\x53\xc3\x04\x60\x93\xb4\x37\x9a", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d" + "\xda\xb8\x12\x34\x4c\x53\xd9\x72", + .clen = 16, }, { - .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" - "\x80\xda\xb2\x91\xf9\x24\xc2\x06", - .klen = 16, - .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .klen = 16, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", .assoc = "", .alen = 0, - .input = "\x69", - .ilen = 1, - .result = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78" - "\xb6\x10\x9a\x59\x5f\x61\x37\x70" - "\x09", - .rlen = 17, + .ptext = "\x79", + .plen = 1, + .ctext = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3" + "\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a" + "\xcc", + .clen = 17, }, { - .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" - "\x01\xb4\x64\x22\xf3\x48\x85\x0c", - .klen = 16, - .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .klen = 16, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", .assoc = "", .alen = 0, - .input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" - "\x62\x58\xe9\x8f\xef\xa4\x17", - .ilen = 15, - .result = "\x76\xdd\xb9\x05\x3d\xce\x61\x38" - "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5" - "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b" - "\xd4\x6e\xfe\xd9\xc8\x63\x4b", - .rlen = 31, + .ptext = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .plen = 15, + .ctext = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7" + "\xca\xdd\x6f\xac\x85\x08\xb5\x35" + "\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b" + "\x7a\x21\x16\xb3\xe6\x67\x66", + .clen = 31, }, { - .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47\x12", - .klen = 16, - .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .klen = 16, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", .assoc = "", .alen = 0, - .input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" - "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97", - .ilen = 16, - .result = "\xdc\x72\xe8\x14\xfb\x63\xad\x72" - "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6" - "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c" - "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c", - .rlen = 32, - }, { - .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + .ptext = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .klen = 16, - .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + .plen = 16, + .ctext = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d" + "\x38\xfd\x3a\xd2\xc2\x58\xa9\x11" + "\x1e\xa8\x30\x9c\x16\xa4\xdb\x65" + "\x51\x10\x16\x27\x70\x9b\x64\x29", + .clen = 32, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .klen = 16, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", .assoc = "", .alen = 0, - .input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" - "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" - "\x09", - .ilen = 17, - .result = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82" - "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f" - "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2" - "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2" - "\x0d", - .rlen = 33, + .ptext = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .plen = 17, + .ctext = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5" + "\x1f\xf0\x89\x2e\x13\xad\xe6\xf6" + "\x46\x80\xb1\x0e\x18\x30\x40\x97" + "\x03\xdf\x64\x3c\xbe\x93\x9e\xc9" + "\x3b", + .clen = 33, }, { - .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", - .klen = 16, - .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .klen = 16, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", .assoc = "", .alen = 0, - .input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" - "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" - "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" - "\x57\x05\x01\x1c\x66\x22\xd3", - .ilen = 31, - .result = "\x59\xd1\x0f\x6b\xee\x27\x84\x92" - "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5" - "\x50\x32\xb4\x9a\x2e\x35\x83\x55" - "\x36\x12\x12\xed\xa3\x31\xc5\x30" - "\xa7\xe2\x4a\x6d\x05\x59\x43\x91" - "\x75\xfa\x6c\x17\xc6\x73\xca", - .rlen = 47, + .ptext = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .plen = 31, + .ctext = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c" + "\xe2\x04\x3e\xe4\x85\x14\xb6\x3f" + "\xb1\x8f\x4c\xdb\x41\xa2\x14\x99" + "\xf5\x53\x0f\x73\x86\x7e\x97\xa1" + "\x4b\x56\x5b\x94\xce\xcd\x74\xcd" + "\x75\xc4\x53\x01\x89\x45\x59", + .clen = 47, }, { - .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", - .klen = 16, - .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .klen = 16, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", .assoc = "", .alen = 0, - .input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" - "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" - "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" - "\x19\x33\xe0\xf4\x40\x81\x72\x28", - .ilen = 32, - .result = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1" - "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69" - "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39" - "\x1b\xde\x68\x38\xcc\x27\x52\xc5" - "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c" - "\x65\x9e\x58\xe6\x52\xa2\xfe\x59", - .rlen = 48, + .ptext = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .plen = 32, + .ctext = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47" + "\x95\xf4\x58\x38\x14\x83\x27\x01" + "\x4c\xed\x32\x2c\xf7\xd6\x31\xf7" + "\x38\x1b\x2c\xc9\xb6\x31\xce\xaa" + "\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf" + "\x51\x52\x77\xf2\x5e\x85\x80\x41", + .clen = 48, }, { - .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", - .klen = 16, - .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .assoc = "\xc5", + .klen = 16, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", + .assoc = "\xd5", .alen = 1, - .input = "", - .ilen = 0, - .result = "\x56\xe7\x24\x52\xdd\x95\x60\x5b" - "\x09\x48\x39\x69\x9c\xb3\x62\x46", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\xfb\xd4\x83\x71\x9e\x63\xad\x60" + "\xb9\xf9\xeb\x34\x52\x49\xcf\xb7", + .clen = 16, }, { - .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" - "\x07\xd1\x90\x8b\xcf\x23\x15\x31", - .klen = 16, - .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76", + .klen = 16, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", .alen = 15, - .input = "", - .ilen = 0, - .result = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01" - "\x13\xe5\x73\x46\x46\xf2\x5c\xe1", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71" + "\x7d\x3a\x84\xc4\x44\x57\x77\x7e", + .clen = 16, }, { - .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" - "\x88\xab\x42\x1c\xc9\x47\xd7\x38", - .klen = 16, - .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + .klen = 16, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", .alen = 16, - .input = "", - .ilen = 0, - .result = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac" - "\xa9\x21\x45\x0b\x16\x52\xf7\xe1", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\xc7\x87\x09\x3b\xc7\x19\x74\x22" + "\x22\xa5\x67\x10\xb2\x36\xb3\x45", + .clen = 16, }, { - .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" - "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", - .klen = 16, - .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" - "\x3c", + .klen = 16, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", .alen = 17, - .input = "", - .ilen = 0, - .result = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9" - "\xbb\xa8\x62\xad\x0a\xf5\x48\x60", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x02\xc6\x3b\x46\x65\xb2\xef\x91" + "\x31\xf0\x45\x48\x8a\x2a\xed\xe4", + .clen = 16, }, { - .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" - "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", - .klen = 16, - .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47" - "\x67\xba\x85\xf1\xbb\x30\x56\x26" - "\xaf\x0b\x02\x38\xcc\x44\xa7", + .klen = 16, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", .alen = 31, - .input = "", - .ilen = 0, - .result = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d" - "\x4b\xef\x75\x16\x0a\x99\xae\x6b", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x20\x85\xa8\xd0\x91\x48\x85\xf3" + "\x5a\x16\xc0\x57\x68\x47\xdd\xcb", + .clen = 16, }, { - .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" - "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", - .klen = 16, - .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" - "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" - "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .klen = 16, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", .alen = 32, - .input = "", - .ilen = 0, - .result = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f" - "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79" + "\xc1\x96\xbd\x31\x6e\x69\x1b\x50", + .clen = 16, }, { - .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" - "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", - .klen = 16, - .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .assoc = "\x31", + .klen = 16, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54", + .assoc = "\x40", .alen = 1, - .input = "\x40", - .ilen = 1, - .result = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38" - "\x01\xfe\x84\x14\x85\xf8\xd1\xe3" - "\x22", - .rlen = 17, + .ptext = "\x4f", + .plen = 1, + .ctext = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83" + "\x70\x45\xe3\x2a\x9d\x5c\x63\x98" + "\x39", + .clen = 17, }, { - .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" - "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", - .klen = 16, - .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06", - .alen = 15, - .input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + .klen = 16, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" "\x6d\x92\x42\x61\xa7\x58\x37", - .ilen = 15, - .result = "\x77\x32\x61\xeb\xb4\x33\x29\x92" - "\x29\x95\xc5\x8e\x85\x76\xab\xfc" - "\x07\x95\xa7\x44\x74\xf7\x22\xff" - "\xd8\xd8\x36\x3d\x8a\x7f\x9e", - .rlen = 31, + .alen = 15, + .ptext = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .plen = 15, + .ctext = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a" + "\xca\x0e\x62\x00\xa8\x21\xb5\x21" + "\x3d\x36\xdb\xf7\xcc\x31\x94\x9c" + "\x98\xbd\x71\x7a\xef\xa4\xfa", + .clen = 31, }, { - .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", - .klen = 16, - .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + .klen = 16, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", - .alen = 16, - .input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .ilen = 16, - .result = "\xd8\xfd\x44\x45\xf6\x42\x12\x38" - "\xf2\x0b\xea\x4f\x9e\x11\x61\x07" - "\x48\x67\x98\x18\x9b\xd0\x0c\x59" - "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70", - .rlen = 32, - }, { - .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + .alen = 16, + .ptext = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .klen = 16, - .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + .plen = 16, + .ctext = "\xea\xd1\x81\x75\xb4\x13\x1d\x86" + "\xd4\x17\x26\xe5\xd6\x89\x39\x04" + "\xa9\x6c\xca\xac\x40\x73\xb2\x4c" + "\x9c\xb9\x0e\x79\x4c\x40\x65\xc6", + .clen = 32, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" - "\x3b", - .alen = 17, - .input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + .klen = 16, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" "\x05", - .ilen = 17, - .result = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6" - "\x71\x3a\x00\x9f\x41\x88\xb0\xb2" - "\x71\x83\x85\x5f\xc8\x79\x0a\x99" - "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9" - "\x83", - .rlen = 33, + .alen = 17, + .ptext = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .plen = 17, + .ctext = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c" + "\x38\x2d\x69\x90\x1c\x71\x38\x98" + "\x9f\xe1\x19\x3b\x63\x91\xaf\x6e" + "\x4b\x07\x2c\xac\x53\xc5\xd5\xfe" + "\x93", + .clen = 33, }, { - .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", - .klen = 16, - .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" - "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" - "\x38\x1d\x3b\x4a\xe9\x7e\x62", - .alen = 31, - .input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + .klen = 16, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" "\xf0\x20\x58\x15\x95\xc6\x7f\xee" "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" "\x68\x28\x73\x40\x9f\x96\x4a", - .ilen = 31, - .result = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06" - "\x5c\x7b\xef\x64\x87\x00\xd1\x37" - "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0" - "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a" - "\x2d\x21\x30\xf9\x02\xdb\x06\x0c" - "\xf1\x5a\x66\x69\xe0\xca\x83", - .rlen = 47, + .alen = 31, + .ptext = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .plen = 31, + .ctext = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb" + "\x94\xd3\x93\xf2\x41\x86\x16\xdd" + "\x4c\xe8\xe7\xe0\x62\x48\x89\x40" + "\xc0\x49\x9b\x63\x32\xec\x8b\xdb" + "\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04" + "\xcb\xe5\x47\xbb\xa7\xd1\x9d", + .clen = 47, }, { - .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70", - .klen = 16, - .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73" - "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" - "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", - .alen = 32, - .input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + .klen = 16, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .ilen = 32, - .result = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2" - "\x70\x57\x37\xc5\xc2\x4f\x8d\x14" - "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2" - "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54" - "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa" - "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81", - .rlen = 48, + .alen = 32, + .ptext = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .plen = 32, + .ctext = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33" + "\x13\xdf\xc0\x46\xf6\x61\x94\xa7" + "\x60\xd3\xd4\xca\xd9\xbe\x82\xf3" + "\xf1\x5b\xa0\xfa\x15\xba\xda\xea" + "\x87\x68\x47\x08\x5d\xdd\x83\xb0" + "\x60\xf4\x93\x20\xdf\x34\x8f\xea", + .clen = 48, }, { - .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76", - .klen = 16, - .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" - "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" - "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" - "\x1a", - .alen = 33, - .input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + .klen = 16, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" "\x84\x7d\x65\x34\x25\xd8\x47\xfa" "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" - "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" - "\x75\x73\x20\x30\x59\x54\xb2\xf0" - "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" - "\x8a", - .ilen = 65, - .result = "\xc7\xca\x26\x61\x57\xee\xa2\xb9" - "\xb1\x37\xde\x95\x06\x90\x11\x08" - "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1" - "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76" - "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5" - "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb" - "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b" - "\xef\x35\x25\x48\xed\xcf\x29\xa8" - "\xac\xc3\xb9\xcb\x61\x8f\x73\x92" - "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1" - "\xc4", - .rlen = 81, + "\x9d", + .alen = 33, + .ptext = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .plen = 65, + .ctext = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d" + "\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7" + "\x2c\x47\xef\x9d\xb7\x53\x36\xb7" + "\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7" + "\x83\x88\xc2\xbd\x2f\xf9\x10\xc0" + "\xf5\xa1\x6e\xd3\x97\x64\x82\xa3" + "\xfb\xda\x2c\xb1\x94\xa1\x58\x32" + "\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1" + "\x61\xe6\xae\x07\xf2\xe0\xa7\x44" + "\x96\x28\x3b\xee\x6b\xc6\x16\x31" + "\x3f", + .clen = 81, }, { - .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", - .klen = 16, - .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f" - "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" - "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" - "\x28\xce\x57\x34\xcd\x6e\x84\x4c" - "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" - "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" - "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" - "\x21", - .alen = 65, - .input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + .klen = 16, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac", - .ilen = 33, - .result = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b" - "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40" - "\xf3\x78\x63\x34\x89\x79\x39\x6b" - "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3" - "\x54\x0b\xea\x05\xa6\x95\x64\xed" - "\x3d\x69\xa2\x0c\x27\x56\x2f\x34" - "\x66", - .rlen = 49, + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .ptext = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .plen = 33, + .ctext = "\x8f\x23\x47\xfb\xf2\xac\x23\x83" + "\x77\x09\xac\x74\xef\xd2\x56\xae" + "\x20\x7b\x7b\xca\x45\x8e\xc8\xc2" + "\x50\xbd\xc7\x44\x1c\x54\x98\xd8" + "\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3" + "\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e" + "\x39", + .clen = 49, }, { - .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", - .klen = 16, - .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + .klen = 16, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", - .alen = 16, - .input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .ilen = 16, - .result = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f" - "\x33\x98\x87\xde\x08\xb6\xb6\xae" - "\x3e\xa4\xf8\x19\xf1\x92\x60\x39" - "\xb9\x6b\x3f\xdf\xc8\xcb\x30", - .rlen = 31, - }, { - .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + .alen = 16, + .ptext = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .klen = 16, - .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + .plen = 16, + .ctext = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56" + "\xf1\xf5\xe1\x51\x55\x4b\x0a\x45" + "\x46\xb5\x8d\xac\xb6\x34\xd8\x8b" + "\xde\x20\x59\x77\xc1\x74\x90", + .clen = 31, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + .klen = 16, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", - .alen = 16, - .input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .ilen = 16, - .result = "\x74\x7d\x70\x07\xe9\xba\x01\xee" - "\x6c\xc6\x6f\x50\x25\x33\xbe\x50" - "\x17\xb8\x17\x62\xed\x80\xa2\xf5" - "\x03\xde\x85\x71\x5d\x34", - .rlen = 30, - }, { - .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + .alen = 16, + .ptext = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .klen = 16, - .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + .plen = 16, + .ctext = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec" + "\xe2\x94\xa1\x8b\xa0\x2b\x60\x72" + "\x1d\x04\xdd\x6a\xef\x46\x8f\x68" + "\xe9\xe0\x17\x45\x70\x12", + .clen = 30, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", - .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + .klen = 16, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" "\xd5\x07\x58\x59\x72\xd7\xde\x92", - .alen = 16, - .input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .ilen = 16, - .result = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38" - "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf" - "\xba\xea\xd4\xfa\x3f\x11\x33\x98", - .rlen = 24, - }, { - .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .klen = 16, - .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" - "\x36\xab\xde\xc6\x6d\x32\x70\x17", - .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" - "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98", .alen = 16, - .input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" - "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a", - .ilen = 16, - .result = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86" - "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c" - "\x6e", - .rlen = 17, + .ptext = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .plen = 16, + .ctext = "\x47\xda\x54\x42\x51\x72\xc4\x8b" + "\xf5\x57\x0f\x2f\x49\x0e\x11\x3b" + "\x78\x93\xec\xfc\xf4\xff\xe1\x2d", + .clen = 24, }, }; -static const struct aead_testvec morus640_dec_tv_template[] = { +/* + * AEGIS-128L test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/aegis128l/) + */ +static const struct aead_testvec aegis128l_tv_template[] = { { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 16, - .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .klen = 16, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03", .assoc = "", .alen = 0, - .input = "\x89\x62\x7d\xf3\x07\x9d\x52\x05" - "\x53\xc3\x04\x60\x93\xb4\x37\x9a", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6" + "\x20\x72\x78\xdd\x93\xc8\x57\xef", + .clen = 16, }, { - .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" - "\x80\xda\xb2\x91\xf9\x24\xc2\x06", - .klen = 16, - .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .klen = 16, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09", .assoc = "", .alen = 0, - .input = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78" - "\xb6\x10\x9a\x59\x5f\x61\x37\x70" - "\x09", - .ilen = 17, - .result = "\x69", - .rlen = 1, + .ptext = "\x79", + .plen = 1, + .ctext = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb" + "\x40\xb3\x71\xc5\x22\x58\x31\x77" + "\x6d", + .clen = 17, }, { - .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" - "\x01\xb4\x64\x22\xf3\x48\x85\x0c", - .klen = 16, - .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .klen = 16, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f", .assoc = "", .alen = 0, - .input = "\x76\xdd\xb9\x05\x3d\xce\x61\x38" - "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5" - "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b" - "\xd4\x6e\xfe\xd9\xc8\x63\x4b", - .ilen = 31, - .result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" - "\x62\x58\xe9\x8f\xef\xa4\x17", - .rlen = 15, + .ptext = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .plen = 15, + .ctext = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03" + "\x2b\xee\x62\x99\x7b\x98\x13\x1f" + "\xe0\x76\x4c\x2e\x53\x99\x4f\xbe" + "\xe1\xa8\x04\x7f\xe1\x71\xbe", + .clen = 31, }, { - .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47\x12", - .klen = 16, - .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .klen = 16, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15", .assoc = "", .alen = 0, - .input = "\xdc\x72\xe8\x14\xfb\x63\xad\x72" - "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6" - "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c" - "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c", - .ilen = 32, - .result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" - "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97", - .rlen = 16, - }, { - .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + .ptext = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .klen = 16, - .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + .plen = 16, + .ctext = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c" + "\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e" + "\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb" + "\xde\x54\x9b\xf5\x92\x8b\x93\xc5", + .clen = 32, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .klen = 16, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c", .assoc = "", .alen = 0, - .input = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82" - "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f" - "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2" - "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2" - "\x0d", - .ilen = 33, - .result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" - "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" - "\x09", - .rlen = 17, + .ptext = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .plen = 17, + .ctext = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b" + "\x71\xc3\x8a\x91\x22\x4f\x1b\xd2" + "\x33\x6d\x86\xbc\xf8\x2f\x06\xf9" + "\x82\x64\xc7\x72\x00\x30\xfc\xf0" + "\xf8", + .clen = 33, }, { - .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", - .klen = 16, - .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .klen = 16, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22", .assoc = "", .alen = 0, - .input = "\x59\xd1\x0f\x6b\xee\x27\x84\x92" - "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5" - "\x50\x32\xb4\x9a\x2e\x35\x83\x55" - "\x36\x12\x12\xed\xa3\x31\xc5\x30" - "\xa7\xe2\x4a\x6d\x05\x59\x43\x91" - "\x75\xfa\x6c\x17\xc6\x73\xca", - .ilen = 47, - .result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" - "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" - "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" - "\x57\x05\x01\x1c\x66\x22\xd3", - .rlen = 31, + .ptext = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .plen = 31, + .ctext = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5" + "\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1" + "\x45\x10\x96\xe0\xbf\x55\x0f\x4c" + "\x1a\xfd\xf4\xda\x4e\x10\xde\xc9" + "\x0e\x6f\xc7\x3c\x49\x94\x41\xfc" + "\x59\x28\x88\x3c\x79\x10\x6b", + .clen = 47, }, { - .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", - .klen = 16, - .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .klen = 16, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28", .assoc = "", .alen = 0, - .input = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1" - "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69" - "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39" - "\x1b\xde\x68\x38\xcc\x27\x52\xc5" - "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c" - "\x65\x9e\x58\xe6\x52\xa2\xfe\x59", - .ilen = 48, - .result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" - "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" - "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" - "\x19\x33\xe0\xf4\x40\x81\x72\x28", - .rlen = 32, + .ptext = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .plen = 32, + .ctext = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d" + "\x1c\x9f\x06\x54\x8b\x0b\xb4\x40" + "\xde\x11\x59\x3e\xfd\x74\xf6\x42" + "\x97\x17\xf7\x24\xb6\x7e\xc4\xc6" + "\x06\xa3\x94\xda\x3d\x7f\x55\x0a" + "\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc", + .clen = 48, }, { - .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", - .klen = 16, - .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .assoc = "\xc5", + .klen = 16, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e", + .assoc = "\xd5", .alen = 1, - .input = "\x56\xe7\x24\x52\xdd\x95\x60\x5b" - "\x09\x48\x39\x69\x9c\xb3\x62\x46", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8" + "\x0f\x9a\x15\x60\x0e\x9b\x13\x8f", + .clen = 16, }, { - .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" - "\x07\xd1\x90\x8b\xcf\x23\x15\x31", - .klen = 16, - .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" - "\x47\x3e\xe9\xd4\xcc\xb5\x76", + .klen = 16, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", .alen = 15, - .input = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01" - "\x13\xe5\x73\x46\x46\xf2\x5c\xe1", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c" + "\x84\xfb\x26\xfb\xd5\xca\x62\x39", + .clen = 16, }, { - .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" - "\x88\xab\x42\x1c\xc9\x47\xd7\x38", - .klen = 16, - .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + .klen = 16, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", .alen = 16, - .input = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac" - "\xa9\x21\x45\x0b\x16\x52\xf7\xe1", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1" + "\x99\x4d\x6d\xb4\x67\x32\xb0\x3a", + .clen = 16, }, { - .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" - "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", - .klen = 16, - .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" - "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" - "\x3c", + .klen = 16, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", .alen = 17, - .input = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9" - "\xbb\xa8\x62\xad\x0a\xf5\x48\x60", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\x33\xb1\x42\x97\x8e\x16\x7b\x63" + "\x06\xba\x5b\xcb\xae\x6d\x8b\x56", + .clen = 16, }, { - .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" - "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", - .klen = 16, - .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" - "\xca\xcd\xff\x88\xba\x22\xbe\x47" - "\x67\xba\x85\xf1\xbb\x30\x56\x26" - "\xaf\x0b\x02\x38\xcc\x44\xa7", + .klen = 16, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", .alen = 31, - .input = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d" - "\x4b\xef\x75\x16\x0a\x99\xae\x6b", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\xda\x44\x08\x8c\x2a\xa5\x07\x35" + "\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f", + .clen = 16, }, { - .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" - "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", - .klen = 16, - .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" - "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" - "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" - "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .klen = 16, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", .alen = 32, - .input = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f" - "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0", - .ilen = 16, - .result = "", - .rlen = 0, + .ptext = "", + .plen = 0, + .ctext = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88" + "\x40\x7f\x7b\x19\x7a\x52\x8c\xf0", + .clen = 16, }, { - .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" - "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", - .klen = 16, - .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .assoc = "\x31", + .klen = 16, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54", + .assoc = "\x40", .alen = 1, - .input = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38" - "\x01\xfe\x84\x14\x85\xf8\xd1\xe3" - "\x22", - .ilen = 17, - .result = "\x40", - .rlen = 1, + .ptext = "\x4f", + .plen = 1, + .ctext = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9" + "\xa0\x98\x09\x85\xbe\x56\x8e\x79" + "\xf4", + .clen = 17, }, { - .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" - "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", - .klen = 16, - .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" - "\x4d\x5b\x15\x3c\xa8\x8f\x06", - .alen = 15, - .input = "\x77\x32\x61\xeb\xb4\x33\x29\x92" - "\x29\x95\xc5\x8e\x85\x76\xab\xfc" - "\x07\x95\xa7\x44\x74\xf7\x22\xff" - "\xd8\xd8\x36\x3d\x8a\x7f\x9e", - .ilen = 31, - .result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + .klen = 16, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" "\x6d\x92\x42\x61\xa7\x58\x37", - .rlen = 15, + .alen = 15, + .ptext = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .plen = 15, + .ctext = "\x99\x2e\x84\x50\x64\x5c\xab\x29" + "\x20\xba\xb9\x2f\x62\x3a\xce\x2a" + "\x75\x25\x3b\xe3\x40\xe0\x1d\xfc" + "\x20\x63\x0b\x49\x7e\x97\x08", + .clen = 31, }, { - .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", - .klen = 16, - .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + .klen = 16, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", - .alen = 16, - .input = "\xd8\xfd\x44\x45\xf6\x42\x12\x38" - "\xf2\x0b\xea\x4f\x9e\x11\x61\x07" - "\x48\x67\x98\x18\x9b\xd0\x0c\x59" - "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70", - .ilen = 32, - .result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", - .rlen = 16, - }, { - .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + .alen = 16, + .ptext = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .klen = 16, - .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + .plen = 16, + .ctext = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee" + "\x78\x08\x12\xec\x09\xaf\x53\x14" + "\x90\x3e\x3d\x76\xad\x71\x21\x08" + "\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb", + .clen = 32, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" - "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" - "\x3b", - .alen = 17, - .input = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6" - "\x71\x3a\x00\x9f\x41\x88\xb0\xb2" - "\x71\x83\x85\x5f\xc8\x79\x0a\x99" - "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9" - "\x83", - .ilen = 33, - .result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + .klen = 16, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" "\x05", - .rlen = 17, + .alen = 17, + .ptext = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .plen = 17, + .ctext = "\xf3\xe7\x95\x86\xcf\x34\x95\x96" + "\x17\xfe\x1b\xae\x1b\x31\xf2\x1a" + "\xbd\xbc\xc9\x4e\x11\x29\x09\x5c" + "\x05\xd3\xb4\x2e\x4a\x74\x59\x49" + "\x7d", + .clen = 33, }, { - .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", - .klen = 16, - .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" - "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" - "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" - "\x38\x1d\x3b\x4a\xe9\x7e\x62", - .alen = 31, - .input = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06" - "\x5c\x7b\xef\x64\x87\x00\xd1\x37" - "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0" - "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a" - "\x2d\x21\x30\xf9\x02\xdb\x06\x0c" - "\xf1\x5a\x66\x69\xe0\xca\x83", - .ilen = 47, - .result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + .klen = 16, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" "\xf0\x20\x58\x15\x95\xc6\x7f\xee" "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" "\x68\x28\x73\x40\x9f\x96\x4a", - .rlen = 31, + .alen = 31, + .ptext = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .plen = 31, + .ctext = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24" + "\x0d\x19\x15\x61\x65\x3b\x06\x26" + "\x71\xe8\x7e\x16\xdb\x96\x01\x01" + "\x52\xcd\x49\x5b\x07\x33\x4e\xe7" + "\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5" + "\xed\x90\xce\xb9\xcd\xcc\xa1", + .clen = 47, }, { - .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70", - .klen = 16, - .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" - "\x50\xc4\xde\x82\x90\x21\x11\x73" - "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" - "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", - .alen = 32, - .input = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2" - "\x70\x57\x37\xc5\xc2\x4f\x8d\x14" - "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2" - "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54" - "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa" - "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81", - .ilen = 48, - .result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + .klen = 16, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" "\x29\x56\x52\x19\x79\xf5\xe9\x37", - .rlen = 32, + .alen = 32, + .ptext = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .plen = 32, + .ctext = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1" + "\xbc\x0f\x35\x97\x97\x0c\x4b\x18" + "\xce\x58\xc8\x3b\xd4\x85\x93\x79" + "\xcc\x9c\xea\xc1\x73\x13\x0b\x4c" + "\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56" + "\x64\x4e\x47\xce\xb2\xb4\x92\xb4", + .clen = 48, }, { - .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76", - .klen = 16, - .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" - "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" - "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" - "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" - "\x1a", - .alen = 33, - .input = "\xc7\xca\x26\x61\x57\xee\xa2\xb9" - "\xb1\x37\xde\x95\x06\x90\x11\x08" - "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1" - "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76" - "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5" - "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb" - "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b" - "\xef\x35\x25\x48\xed\xcf\x29\xa8" - "\xac\xc3\xb9\xcb\x61\x8f\x73\x92" - "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1" - "\xc4", - .ilen = 81, - .result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + .klen = 16, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" "\x84\x7d\x65\x34\x25\xd8\x47\xfa" "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" - "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" - "\x75\x73\x20\x30\x59\x54\xb2\xf0" - "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" - "\x8a", - .rlen = 65, + "\x9d", + .alen = 33, + .ptext = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .plen = 65, + .ctext = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8" + "\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f" + "\x4b\xfa\xc8\x2e\x67\x43\xf3\x63" + "\x42\x8e\x99\x5a\x9c\x0b\x84\x77" + "\xbc\x46\x76\x48\x82\xc7\x57\x96" + "\xe1\x65\xd1\xed\x1d\xdd\x80\x24" + "\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e" + "\x26\xb9\xcc\x37\xe5\x43\xe1\x5a" + "\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d" + "\xf7\x33\x64\xc1\xd3\xf2\xfc\x35" + "\x01", + .clen = 81, }, { - .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", - .klen = 16, - .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" - "\x52\x79\x42\xa5\x84\x6a\x96\x7f" - "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" - "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" - "\x28\xce\x57\x34\xcd\x6e\x84\x4c" - "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" - "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" - "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" - "\x21", - .alen = 65, - .input = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b" - "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40" - "\xf3\x78\x63\x34\x89\x79\x39\x6b" - "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3" - "\x54\x0b\xea\x05\xa6\x95\x64\xed" - "\x3d\x69\xa2\x0c\x27\x56\x2f\x34" - "\x66", - .ilen = 49, - .result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + .klen = 16, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac", - .rlen = 33, + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .alen = 65, + .ptext = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .plen = 33, + .ctext = "\x4c\xa9\xac\x71\xed\x10\xa6\x24" + "\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb" + "\x05\xc9\xd6\x97\xb6\x10\x7f\x17" + "\xc2\xc0\x93\xcf\xe0\x94\xfd\x99" + "\xf2\x62\x25\x28\x01\x23\x6f\x8b" + "\x04\x52\xbc\xb0\x3e\x66\x52\x90" + "\x9f", + .clen = 49, }, { - .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", - .klen = 16, - .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + .klen = 16, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", - .alen = 16, - .input = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f" - "\x33\x98\x87\xde\x08\xb6\xb6\xae" - "\x3e\xa4\xf8\x19\xf1\x92\x60\x39" - "\xb9\x6b\x3f\xdf\xc8\xcb\x30", - .ilen = 31, - .result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" "\xf3\x89\x20\x5b\x7c\x57\x89\x07", - .rlen = 16, - }, { - .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + .alen = 16, + .ptext = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .klen = 16, - .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + .plen = 16, + .ctext = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5" + "\x96\xe6\x97\xe4\x10\xeb\x40\x95" + "\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec" + "\x05\xa8\x31\x50\x11\x19\x44", + .clen = 31, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + .klen = 16, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", - .alen = 16, - .input = "\x74\x7d\x70\x07\xe9\xba\x01\xee" - "\x6c\xc6\x6f\x50\x25\x33\xbe\x50" - "\x17\xb8\x17\x62\xed\x80\xa2\xf5" - "\x03\xde\x85\x71\x5d\x34", - .ilen = 30, - .result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", - .rlen = 16, - }, { - .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + .alen = 16, + .ptext = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .klen = 16, - .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + .plen = 16, + .ctext = "\x30\x95\x7d\xea\xdc\x62\xc0\x88" + "\xa1\xe3\x8d\x8c\xac\x04\x10\xa7" + "\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb" + "\x21\x93\x2e\x31\x84\x83", + .clen = 30, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", - .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + .klen = 16, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" "\xd5\x07\x58\x59\x72\xd7\xde\x92", - .alen = 16, - .input = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38" - "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf" - "\xba\xea\xd4\xfa\x3f\x11\x33\x98", - .ilen = 24, - .result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", - .rlen = 16, - }, { - .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" - "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", - .klen = 16, - .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" - "\x36\xab\xde\xc6\x6d\x32\x70\x17", - .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" - "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98", .alen = 16, - .input = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86" - "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c" - "\x6e", - .ilen = 17, - .result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" - "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a", - .rlen = 16, + .ptext = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .plen = 16, + .ctext = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16" + "\x63\x0d\x43\xd5\x49\xca\xa8\x85" + "\x49\xc0\xae\x13\xbc\x26\x1d\x4b", + .clen = 24, }, }; /* - * MORUS-1280 test vectors - generated via reference implementation from + * AEGIS-256 test vectors - generated via reference implementation from * SUPERCOP (https://bench.cr.yp.to/supercop.html): * * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz - * (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ ) + * (see crypto_aead/aegis256/) */ -static const struct aead_testvec morus1280_enc_tv_template[] = { +static const struct aead_testvec aegis256_tv_template[] = { { - .key = "\x00\x00\x00\x00\x00\x00\x00\x00" - "\x00\x00\x00\x00\x00\x00\x00\x00", - .klen = 16, - .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" - "\x20\x36\x2c\x24\xfe\xc9\x30\x81", + .key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81" + "\xca\xb0\x82\x21\x41\xa8\xe0\x06" + "\x30\x0b\x37\xf6\xb6\x17\xe7\xb5", + .klen = 32, + .iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d" + "\x40\x6d\x59\x48\xfc\x92\x61\x03" + "\x95\x61\x05\x42\x82\x50\xc0\x0c" + "\x60\x16\x6f\xec\x6d\x2f\xcf\x6b", .assoc = "", .alen = 0, - .input = "", - .ilen = 0, - .result = "\x91\x85\x0f\xf5\x52\x9e\xce\xce" - "\x65\x99\xc7\xbf\xd3\x76\xe8\x98", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa" + "\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2", + .clen = 16, }, { - .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" - "\x80\xda\xb2\x91\xf9\x24\xc2\x06", - .klen = 16, - .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" - "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", + .key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87" + "\xf4\x72\x8e\xa5\x46\x48\x62\x20" + "\xf1\x38\x16\xce\x90\x76\x87\x8c", + .klen = 32, + .iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29" + "\xc1\x47\x0b\xda\xf6\xb6\x23\x09" + "\xbf\x23\x11\xc6\x87\xf0\x42\x26" + "\x22\x44\x4e\xc4\x47\x8e\x6e\x41", .assoc = "", .alen = 0, - .input = "\x69", - .ilen = 1, - .result = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13" - "\x96\xda\x76\x34\x33\x4e\xd5\x39" - "\x73", - .rlen = 17, + .ptext = "\x79", + .plen = 1, + .ctext = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16" + "\x9e\x89\xd9\x06\xa6\xa8\x14\x29" + "\x8b", + .clen = 17, }, { - .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" - "\x01\xb4\x64\x22\xf3\x48\x85\x0c", - .klen = 16, - .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" - "\x22\xea\x90\x47\xf2\x11\xb5\x8e", + .key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e" + "\x1f\x35\x9a\x29\x4b\xe8\xe4\x39" + "\xb3\x66\xf5\xa6\x6a\xd5\x26\x62", + .klen = 32, + .iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45" + "\x42\x21\xbd\x6b\xf0\xda\xe6\x0f" + "\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40" + "\xe3\x71\x2d\x9c\x21\xed\x0e\x18", .assoc = "", .alen = 0, - .input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" - "\x62\x58\xe9\x8f\xef\xa4\x17\x91" - "\xb4\x96\x9f\x6b\xce\x38\xa5\x46" - "\x13\x7d\x64\x93\xd7\x05\xf5", - .ilen = 31, - .result = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22" - "\x75\x0b\x24\xa6\x0e\xc3\xde\x52" - "\x97\x0b\x64\xd4\xce\x90\x52\xf7" - "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d" - "\xe0\x61\x33\x24\xc6\x4d\x51\xbc" - "\xa4\x21\x74\xcf\x19\x16\x59", - .rlen = 47, + .ptext = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47", + .plen = 15, + .ctext = "\x09\x94\x1f\xa6\x13\xc3\x74\x75" + "\x17\xad\x8a\x0e\xd8\x66\x9a\x28" + "\xd7\x30\x66\x09\x2a\xdc\xfa\x2a" + "\x9f\x3b\xd7\xdd\x66\xd1\x2b", + .clen = 31, }, { - .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" - "\x82\x8e\x16\xb4\xed\x6d\x47\x12", - .klen = 16, - .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" - "\xa2\xc5\x42\xd8\xec\x36\x78\x94", + .key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94" + "\x49\xf7\xa5\xad\x50\x88\x66\x53" + "\x74\x94\xd4\x7f\x44\x34\xc5\x39", + .klen = 32, + .iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61" + "\xc3\xfb\x6f\xfd\xea\xff\xa9\x15" + "\x14\xa8\x28\xce\x92\x30\x46\x59" + "\xa4\x9f\x0b\x75\xfb\x4c\xad\xee", .assoc = "", .alen = 0, - .input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" - "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97" - "\xde\x58\xab\xf0\xd3\xd8\x27\x60" - "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4", - .ilen = 32, - .result = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f" - "\xde\x9f\x77\xb2\xda\x92\x61\x5c" - "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06" - "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1" - "\x9a\xff\x50\xa0\xa2\xff\xc5\xad" - "\x21\x8e\x84\x5c\x12\x61\xb2\xae", - .rlen = 48, - }, { - .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + .ptext = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" "\x03\x68\xc8\x45\xe7\x91\x0a\x18", - .klen = 16, - .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" - "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", + .plen = 16, + .ctext = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f" + "\x54\x63\x4e\x7f\xc9\x8e\xfa\x70" + "\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1" + "\x29\x17\xc8\x3b\x52\xa4\x98\x72", + .clen = 32, + }, { + .key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a" + "\x74\xb9\xb1\x32\x55\x28\xe8\x6d" + "\x35\xc1\xb3\x57\x1f\x93\x64\x0f", + .klen = 32, + .iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d" + "\x44\xd5\x21\x8e\xe4\x23\x6b\x1c" + "\x3e\x6a\x34\x53\x97\xd0\xc8\x73" + "\x66\xcd\xea\x4d\xd5\xab\x4c\xc5", .assoc = "", .alen = 0, - .input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" - "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" - "\x09\x1a\xb7\x74\xd8\x78\xa9\x79" - "\x96\xd8\x22\x43\x8c\xc3\x34\x7b" - "\xc4", - .ilen = 33, - .result = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17" - "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f" - "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f" - "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3" - "\x63\xef\x88\xa4\x9b\x0a\x5c\xed" - "\x2b\x6a\xac\x63\x52\xaa\x10\x94" - "\xd0", - .rlen = 49, + .ptext = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f" + "\xd3", + .plen = 17, + .ctext = "\x71\x6b\x37\x0b\x02\x61\x28\x12" + "\x83\xab\x66\x90\x84\xc7\xd1\xc5" + "\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2" + "\xc0\x00\x39\x13\xb5\x51\x68\x44" + "\xad", + .clen = 33, }, { - .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" - "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", - .klen = 16, - .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" - "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", + .key = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0" + "\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86" + "\xf7\xef\x91\x30\xf9\xf2\x04\xe6", + .klen = 32, + .iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98" + "\xc5\xb0\xd3\x1f\xde\x48\x2e\x22" + "\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d" + "\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c", .assoc = "", .alen = 0, - .input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" - "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" - "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" - "\x57\x05\x01\x1c\x66\x22\xd3\x51" - "\xd3\xdf\x18\xc9\x30\x66\xed\xb1" - "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5" - "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1" - "\xe6\x16\xa2\xac\xde\x47\x40", - .ilen = 63, - .result = "\x7d\x61\x1a\x35\x20\xcc\x07\x88" - "\x03\x98\x87\xcf\xc0\x6e\x4d\x19" - "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a" - "\x3a\x06\x77\xce\x71\x2c\xcd\xdd" - "\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc" - "\x6c\xbe\x77\xed\x74\x0e\x20\x85" - "\xd0\x65\xde\x24\x6f\xe3\x25\xc5" - "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9" - "\xe5\x81\x37\xde\x84\x7a\xf6\x84" - "\x99\x7a\x72\x9c\x54\x31\xa1", - .rlen = 79, + .ptext = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25" + "\xfe\x8d\x45\x19\x1e\xc0\x0b\x99" + "\x88\x11\x39\x12\x1c\x3a\xbb", + .plen = 31, + .ctext = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f" + "\x06\x3b\x52\x18\x49\x75\x1b\xf0" + "\x53\x09\x72\x7b\x45\x79\xe0\xbe" + "\x89\x85\x23\x15\xb8\x79\x07\x4c" + "\x53\x7a\x15\x37\x0a\xee\xb7\xfb" + "\xc4\x1f\x12\x27\xcf\x77\x90", + .clen = 47, }, { - .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" - "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", - .klen = 16, - .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" - "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", + .key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6" + "\xc8\x3e\xc8\x3a\x60\x68\xec\xa0" + "\xb8\x1c\x70\x08\xd3\x51\xa3\xbd", + .klen = 32, + .iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4" + "\x45\x8a\x85\xb1\xd8\x6c\xf1\x28" + "\x93\xef\x4b\x5b\xa1\x10\xcc\xa6" + "\xe8\x28\xa8\xfe\x89\x69\x8b\x72", .assoc = "", .alen = 0, - .input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" - "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" - "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" - "\x19\x33\xe0\xf4\x40\x81\x72\x28" - "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf" - "\xb0\x68\x69\xf2\x27\x35\x91\x84" - "\x2e\x37\x5b\x00\x04\xff\x16\x9c" - "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a", - .ilen = 64, - .result = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c" - "\xa5\x07\x12\xa7\x12\x39\x60\x66" - "\x30\x81\x4a\x03\x78\x28\x45\x52" - "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66" - "\x6f\x45\xd7\x3b\x67\x6f\x51\xb9" - "\xc0\x3d\x6c\xca\x1e\xae\xff\xb6" - "\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf" - "\xeb\x71\x40\xc9\x2c\x40\x45\x6d" - "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a" - "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb", - .rlen = 80, + .ptext = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b" + "\x28\x50\x51\x9d\x24\x60\x8d\xb3" + "\x49\x3e\x17\xea\xf6\x99\x5a\xdd", + .plen = 32, + .ctext = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4" + "\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7" + "\xeb\x0f\x05\x2b\xba\xb3\xca\xef" + "\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5" + "\xbf\x7a\x3e\xcc\x31\x76\x09\x80" + "\x32\x5d\xbb\xe8\x38\x0e\x77\xd3", + .clen = 48, }, { - .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" - "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", - .klen = 16, - .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" - "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", - .assoc = "\xc5", + .key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad" + "\xf3\x00\xd4\xbf\x65\x08\x6e\xb9" + "\x7a\x4a\x4f\xe0\xad\xb0\x42\x93", + .klen = 32, + .iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0" + "\xc6\x64\x37\x42\xd2\x90\xb3\x2e" + "\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0" + "\xaa\x55\x87\xd6\x63\xc8\x2a\x49", + .assoc = "\xd5", .alen = 1, - .input = "", - .ilen = 0, - .result = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e" - "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x96\x43\x30\xca\x6c\x4f\xd7\x12" + "\xba\xd9\xb3\x18\x86\xdf\xc3\x52", + .clen = 16, }, { - .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" - "\x07\xd1\x90\x8b\xcf\x23\x15\x31", - .klen = 16, - .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" - "\x27\x08\xbd\xaf\xce\xec\x45\xb3", - .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + .key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3" + "\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3" + "\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a", + .klen = 32, + .iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" "\x47\x3e\xe9\xd4\xcc\xb5\x76\x34" "\xe8\x73\x62\x64\xab\x50\xd0\xda" - "\x6b\x83\x66\xaf\x3e\x27\xc9", - .alen = 31, - .input = "", - .ilen = 0, - .result = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38" - "\x03\x12\xf9\xcc\x9e\x46\x42\x92", - .rlen = 16, + "\x6b\x83\x66\xaf\x3e\x27\xc9\x1f", + .assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73" + "\x68\x75\x16\xf8\xcb\x7e\xa7", + .alen = 15, + .ptext = "", + .plen = 0, + .ctext = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83" + "\x11\x9f\xb0\x74\xee\xc7\x03\xdd", + .clen = 16, }, { - .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" - "\x88\xab\x42\x1c\xc9\x47\xd7\x38", - .klen = 16, - .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" - "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", - .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + .key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9" + "\x47\x85\xeb\xc7\x6f\x48\x72\xed" + "\xfc\xa5\x0d\x91\x61\x6e\x81\x40", + .klen = 32, + .iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08" "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b" "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" "\x2d\xb0\x45\x87\x18\x86\x68\xf6", - .alen = 32, - .input = "", - .ilen = 0, - .result = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2" - "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0", - .rlen = 16, + .assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f" + "\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc", + .alen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x16\x44\x73\x33\x5d\xf2\xb9\x04" + "\x6b\x79\x98\xef\xdb\xd5\xc5\xf1", + .clen = 16, }, { - .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" - "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", - .klen = 16, - .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" - "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", - .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + .key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf" + "\x72\x47\xf6\x4b\x74\xe8\xf4\x06" + "\xbe\xd3\xec\x6a\x3b\xcd\x20\x17", + .klen = 32, + .iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24" "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" "\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d" - "\xee\xde\x23\x60\xf2\xe5\x08\xcc" - "\x97", - .alen = 33, - .input = "", - .ilen = 0, - .result = "\x28\x64\x78\x51\x55\xd8\x56\x4a" - "\x58\x3e\xf7\xbe\xee\x21\xfe\x94", - .rlen = 16, + "\xee\xde\x23\x60\xf2\xe5\x08\xcc", + .assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab" + "\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2" + "\x07", + .alen = 17, + .ptext = "", + .plen = 0, + .ctext = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45" + "\x98\x54\x8c\xed\x3d\x17\xf0\xdd", + .clen = 16, }, { - .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" - "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", - .klen = 16, - .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" - "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", - .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + .key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6" + "\x9c\x0a\x02\xd0\x79\x88\x76\x20" + "\x7f\x00\xca\x42\x15\x2c\xbf\xed", + .klen = 32, + .iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" "\xca\xcd\xff\x88\xba\x22\xbe\x47" "\x67\xba\x85\xf1\xbb\x30\x56\x26" - "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3" - "\xa6\xbf\x31\x93\x60\xcd\xda\x63" - "\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb" - "\x03\xa1\xe8\xbe\x37\x54\xec\xa2" - "\xcd\x2c\x45\x58\xbd\x8e\x80", - .alen = 63, - .input = "", - .ilen = 0, - .result = "\xb3\xa6\x00\x4e\x09\x20\xac\x21" - "\x77\x72\x69\x76\x2d\x36\xe5\xc8", - .rlen = 16, + "\xaf\x0b\x02\x38\xcc\x44\xa7\xa3", + .assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6" + "\xea\x03\x2c\xac\xb9\xeb\xef\xc9" + "\x31\x6b\x08\x12\xfc\xd8\x37\x2d" + "\xe0\x17\x3a\x2e\x83\x5c\x8f", + .alen = 31, + .ptext = "", + .plen = 0, + .ctext = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0" + "\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc", + .clen = 16, }, { - .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" - "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", - .klen = 16, - .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" - "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", - .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + .key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc" + "\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a" + "\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4", + .klen = 32, + .iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" - "\x71\x39\xe1\x10\xa6\xa3\x46\x7a" - "\xb4\x6b\x35\xc2\xc1\xdf\xed\x60" - "\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a" - "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d" - "\x9c\x2f\xdb\x97\xb8\x15\x69\x01", - .alen = 64, - .input = "", - .ilen = 0, - .result = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd" - "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14", - .rlen = 16, + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", + .assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2" + "\x6b\xde\xde\x3e\xb3\x10\xb1\xcf" + "\x5c\x2d\x14\x96\x01\x78\xb9\x47" + "\xa1\x44\x19\x06\x5d\xbb\x2e\x2f", + .alen = 32, + .ptext = "", + .plen = 0, + .ctext = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1" + "\xd2\x64\x3e\x66\x6a\xb2\x03\xc0", + .clen = 16, }, { - .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" - "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", - .klen = 16, - .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" - "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", - .assoc = "\x31", + .key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2" + "\xf1\x8e\x19\xd8\x84\xc8\x7a\x53" + "\x02\x5b\x88\xf3\xca\xea\xfe\x9b", + .klen = 32, + .iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77" + "\xcc\x81\x63\xab\xae\x6b\x43\x54" + "\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a" + "\x32\x67\xc0\xe9\x80\x02\xe5\x50", + .assoc = "\x40", .alen = 1, - .input = "\x40", - .ilen = 1, - .result = "\x1d\x47\x17\x34\x86\xf5\x54\x1a" - "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9" - "\xbf", - .rlen = 17, + .ptext = "\x4f", + .plen = 1, + .ctext = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b" + "\x7a\x3f\x81\xf7\xfc\x1b\x79\x83" + "\xc7", + .clen = 17, }, { - .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" - "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", - .klen = 16, - .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" - "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", - .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + .key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8" + "\x1b\x50\x25\x5d\x89\x68\xfc\x6d" + "\xc3\x89\x67\xcb\xa4\x49\x9d\x71", + .klen = 32, + .iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93" "\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a" "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" - "\xf4\x94\x9f\xc1\x5a\x61\x85", - .alen = 31, - .input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37\xdb" - "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a" - "\x24\xa0\xd6\xb7\x11\x79\x6c", - .ilen = 31, - .result = "\x78\x90\x52\xae\x0f\xf7\x2e\xef" - "\x63\x09\x08\x58\xb5\x56\xbd\x72" - "\x6e\x42\xcf\x27\x04\x7c\xdb\x92" - "\x18\xe9\xa4\x33\x90\xba\x62\xb5" - "\x70\xd3\x88\x9b\x4f\x05\xa7\x51" - "\x85\x87\x17\x09\x42\xed\x4e", - .rlen = 47, + "\xf4\x94\x9f\xc1\x5a\x61\x85\x27", + .assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .alen = 15, + .ptext = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67", + .plen = 15, + .ctext = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba" + "\x7e\x98\x83\x02\x34\x23\xf7\x94" + "\xde\x35\xe6\x1d\x14\x18\xe5\x38" + "\x14\x80\x6a\xa7\x1b\xae\x1d", + .clen = 31, }, { - .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" - "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", - .klen = 16, - .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" - "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", - .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + .key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf" + "\x46\x13\x31\xe1\x8e\x08\x7e\x87" + "\x85\xb6\x46\xa3\x7e\xa8\x3c\x48", + .klen = 32, + .iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" "\xce\x36\xc7\xce\xa2\xb4\xc9\x60" "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", - .alen = 32, - .input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2" - "\xdb\x74\x36\x23\x11\x58\x3f\x93" - "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3", - .ilen = 32, - .result = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41" - "\x2e\x71\xc8\x3b\x92\x43\x58\xaf" - "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e" - "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a" - "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6" - "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7", - .rlen = 48, - }, { - .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + .assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .alen = 16, + .ptext = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", - .klen = 16, - .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" - "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", - .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + .plen = 16, + .ctext = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01" + "\xbe\x28\x98\x10\x6f\xe9\x61\x32" + "\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9" + "\x46\x2d\x55\xe3\x42\x67\xf2\xaf", + .clen = 32, + }, { + .key = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5" + "\x70\xd5\x3c\x65\x93\xa8\x00\xa0" + "\x46\xe4\x25\x7c\x58\x08\xdb\x1e", + .klen = 32, + .iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" "\x3b\x86\xbf\x86\xd4\x50\xe0\xa7" - "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4" - "\xee", - .alen = 33, - .input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4", + .assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05\x36\x42\xa7\x16\xf8\xc1\xad" - "\xa7\xfb\x94\x68\xc5\x37\xab\x8a" - "\x72", - .ilen = 33, - .result = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc" - "\xfd\x2e\x4b\x46\x84\xff\x78\x4e" - "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9" - "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd" - "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37" - "\x08\x06\x5a\xe5\x96\x10\x95\xc2" - "\x5e", - .rlen = 49, + "\x05", + .alen = 17, + .ptext = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69" + "\xd0", + .plen = 17, + .ctext = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8" + "\x45\x65\x1b\x72\x9b\xaa\xa3\x1e" + "\x87\x9d\x26\xdf\xff\x81\x11\xd2" + "\x47\x41\xb9\x24\xc1\x8a\xa3\x8b" + "\x55", + .clen = 33, }, { - .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" - "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", - .klen = 16, - .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" - "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", - .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + .key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb" + "\x9a\x97\x48\xe9\x98\x48\x82\xba" + "\x07\x11\x04\x54\x32\x67\x7b\xf5", + .klen = 32, + .iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" - "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa" - "\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54" - "\xc8\x0e\x24\x7f\x5e\x10\x7a\x45" - "\x10\x0b\x56\x85\xad\x54\xaa\x66" - "\xa8\x43\xcd\xd4\x9b\xb7\xfa", - .alen = 63, - .input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa", + .assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" "\xf0\x20\x58\x15\x95\xc6\x7f\xee" "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" - "\x68\x28\x73\x40\x9f\x96\x4a\x60" - "\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93" - "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8" - "\x1b\xa5\x50\xed\x87\xa9\x72\x59" - "\x9c\x44\xb2\xa4\x99\x98\x34", - .ilen = 63, - .result = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22" - "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f" - "\xef\x36\x19\xae\x91\xfa\xd6\x63" - "\x46\xea\x8a\x39\x14\x21\xa6\x37" - "\x18\xfc\x97\x3e\x16\xa5\x4d\x39" - "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d" - "\x5e\xa2\xbf\xac\x83\x32\x72\x52" - "\x58\x58\x23\x40\xfd\xa5\xc2\xe6" - "\xe9\x5a\x50\x98\x00\x58\xc9\x86" - "\x4f\x20\x37\xdb\x7b\x22\xa3", - .rlen = 79, + "\x68\x28\x73\x40\x9f\x96\x4a", + .alen = 31, + .ptext = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70" + "\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd" + "\x98\x34\xab\x37\x56\xae\x32", + .plen = 31, + .ctext = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5" + "\x69\x7f\x7a\xdd\x8c\x46\xda\xba" + "\x0a\x5c\x0e\x7f\xac\xee\x02\xd2" + "\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66" + "\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b" + "\xdf\xb8\xea\xd8\xa9\x38\xed", + .clen = 47, }, { - .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" - "\x10\x57\x85\x39\x93\x8f\xaf\x70", - .klen = 16, - .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" - "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", - .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + .key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1" + "\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4" + "\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb", + .klen = 32, + .iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" "\x50\xc4\xde\x82\x90\x21\x11\x73" "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" - "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81" - "\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51" - "\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4" - "\x3d\x72\x3e\x26\x16\xa9\xca\x32" - "\x77\x47\x63\x14\x95\x3d\xe4\x34", - .alen = 64, - .input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", + .assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37" - "\x8f\xa1\x50\x23\x22\x4f\xe3\x91" - "\xe9\x21\x5e\xbf\x52\x23\x95\x37" - "\x48\x0c\x38\x8f\xf0\xff\x92\x24" - "\x6b\x47\x49\xe3\x94\x1f\x1e\x01", - .ilen = 64, - .result = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb" - "\x23\xec\x35\xe3\xae\xc9\xfb\x0b" - "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b" - "\x39\xda\x8b\x48\xec\xb2\x00\x4e" - "\x80\x6f\x46\x4f\x9b\x1e\xbb\x35" - "\xea\x5a\xbc\xa2\x36\xa5\x89\x45" - "\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56" - "\xec\x99\x7d\x61\xb3\x15\x93\xed" - "\x83\x1e\xd9\x48\x84\x0b\x37\xfe" - "\x95\x74\x44\xd5\x54\xa6\x27\x06", - .rlen = 80, + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .alen = 32, + .ptext = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76" + "\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7" + "\x5a\x61\x8a\x0f\x30\x0d\xd1\xec", + .plen = 32, + .ctext = "\xd3\x68\x14\x70\x3c\x01\x43\x86" + "\x02\xab\xbe\x75\xaa\xe7\xf5\x53" + "\x5c\x05\xbd\x9b\x19\xbb\x2a\x61" + "\x8f\x69\x05\x75\x8e\xca\x60\x0c" + "\x5b\xa2\x48\x61\x32\x74\x11\x2b" + "\xf6\xcf\x06\x78\x6f\x78\x1a\x4a", + .clen = 48, }, { - .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" - "\x91\x31\x37\xcb\x8d\xb3\x72\x76", - .klen = 16, - .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" - "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", - .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + .key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7" + "\xef\x1c\x5f\xf2\xa3\x88\x86\xed" + "\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2", + .klen = 32, + .iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" - "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" - "\x1a\x22\x53\x05\x6b\x5c\x71\x4f" - "\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63" - "\x6a\xda\x26\xc8\x7f\xff\xea\xfd" - "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68" - "\x58", - .alen = 65, - .input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58", + .assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" "\x84\x7d\x65\x34\x25\xd8\x47\xfa" "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" - "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" - "\x75\x73\x20\x30\x59\x54\xb2\xf0" - "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" - "\x8a\xdf\x27\xa0\xe4\x60\x99\xae" - "\x8e\x43\xd9\x39\x7b\x10\x40\x67" - "\x5c\x7e\xc9\x70\x63\x34\xca\x59" - "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d" - "\x6a\x41\x64\x6f\x16\x7f\x65\x7e" - "\x89\x84\x68\xeb\xb0\x51\xbe\x55" - "\x33\x16\x59\x6c\x3b\xef\x88\xad" - "\x2f\xab\xbc\x25\x76\x87\x41\x2f" - "\x36", - .ilen = 129, - .result = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9" - "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb" - "\x52\xb5\xb3\xab\x50\x99\x3f\xa0" - "\x38\xa4\x74\xa5\x04\x15\x63\x05" - "\x8f\x54\x81\x06\x5a\x6b\xa4\x63" - "\x6d\xa7\x21\xcb\xff\x42\x30\x8e" - "\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3" - "\x42\x01\xe6\xbc\x75\x15\x87\xee" - "\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f" - "\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0" - "\xed\x5d\x14\x7c\x3f\x40\xb1\x0b" - "\x72\xef\x94\x8d\x7a\x85\x56\xe5" - "\x56\x08\x15\x56\xba\xaf\xbd\xf0" - "\x20\xef\xa0\xf6\xa9\xad\xa2\xc9" - "\x1c\x3b\x28\x51\x7e\x77\xb2\x18" - "\x4f\x61\x64\x37\x22\x36\x6d\x78" - "\xed\xed\x35\xe8\x83\xa5\xec\x25" - "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc" - "\x20", - .rlen = 145, + "\x9d", + .alen = 33, + .ptext = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c" + "\x4f\x2e\xe8\x55\x66\x80\x27\x00" + "\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3" + "\x21\x78\x55\x9d\x9c\x65\x7b\xcd" + "\x0a\x34\x97\xff\x47\x37\xb0\x2a" + "\x80\x0d\x19\x98\x33\xa9\x7a\xe3" + "\x2e\x4c\xc6\xf3\x8c\x88\x42\x01" + "\xbd", + .plen = 65, + .ctext = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2" + "\x15\x3a\x6c\x72\x83\x9b\xb1\x75" + "\xea\xf2\xfc\xff\xc6\xf1\x13\xa4" + "\x1a\x93\x33\x79\x97\x82\x81\xc0" + "\x96\xc2\x00\xab\x39\xae\xa1\x62" + "\x53\xa3\x86\xc9\x07\x8c\xaf\x22" + "\x47\x31\x29\xca\x4a\x95\xf5\xd5" + "\x20\x63\x5a\x54\x80\x2c\x4a\x63" + "\xfb\x18\x73\x31\x4f\x08\x21\x5d" + "\x20\xe9\xc3\x7e\xea\x25\x77\x3a" + "\x65", + .clen = 81, }, { - .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" - "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", - .klen = 16, - .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" - "\x32\x42\x15\x80\x85\xa1\x65\xfe", - .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + .key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe" + "\x19\xde\x6b\x76\xa8\x28\x08\x07" + "\x4b\x9a\xa0\xdd\xc1\x84\x58\x79", + .klen = 32, + .iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" "\x52\x79\x42\xa5\x84\x6a\x96\x7f" "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" - "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" - "\x28\xce\x57\x34\xcd\x6e\x84\x4c" - "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" - "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" - "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" - "\x21\xf7\x42\x89\xac\x12\x2a\x54" - "\x69\xee\x18\xc7\x8d\xed\xe8\xfd" - "\xbb\x04\x28\xe6\x8a\x3c\x98\xc1" - "\x04\x2d\xa9\xa1\x24\x83\xff\xe9" - "\x55\x7a\xf0\xd1\xf6\x63\x05\xe1" - "\xd9\x1e\x75\x72\xc1\x9f\xae\x32" - "\xe1\x6b\xcd\x9e\x61\x19\x23\x86" - "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9" - "\x51", - .alen = 129, - .input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e", + .assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" @@ -25273,756 +20277,554 @@ static const struct aead_testvec morus1280_enc_tv_template[] = { "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" "\x09\x4f\x77\x62\x88\x2d\xf2\x68" "\x54", - .ilen = 65, - .result = "\x36\x78\xb9\x22\xde\x62\x35\x55" - "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82" - "\x01\xe9\x5a\x07\xea\x46\xaf\x91" - "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2" - "\xdb\xd2\x9d\x59\xde\xfc\x83\x00" - "\xf5\x46\xac\x97\xd5\x57\xa9\xb9" - "\x1f\x8c\xe8\xca\x68\x8b\x91\x0c" - "\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4" - "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19" - "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf" - "\xa2", - .rlen = 81, + .alen = 65, + .ptext = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82" + "\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a" + "\xdc\xbc\x47\xc0\xe4\xcb\x10\x99" + "\x2f", + .plen = 33, + .ctext = "\x33\xc1\xda\xfa\x15\x21\x07\x8e" + "\x93\x68\xea\x64\x7b\x3d\x4b\x6b" + "\x71\x5e\x5e\x6b\x92\xaa\x65\xc2" + "\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81" + "\x26\x3a\x5a\x09\xe8\xce\x73\x72" + "\xde\x7b\x58\x9e\x85\xb9\xa4\x28" + "\xda", + .clen = 49, }, { - .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" - "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", - .klen = 16, - .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" - "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", - .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + .key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04" + "\x44\xa1\x76\xfb\xad\xc8\x8a\x21" + "\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f", + .klen = 32, + .iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" "\xd3\x53\xf4\x36\x7e\x8e\x59\x85" "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", - .alen = 32, - .input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07" - "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d" - "\x6e\xde\xee\xa2\x08\x12\xc7\xba", - .ilen = 32, - .result = "\x08\x1b\x95\x0e\x41\x95\x02\x4b" - "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e" - "\x89\x14\x33\x70\x0a\xbc\xea\x39" - "\x88\xaa\x2b\xd5\x73\x11\x55\xf5" - "\x33\x33\x9c\xd7\x42\x34\x49\x8e" - "\x2f\x03\x30\x05\x47\xaf\x34", - .rlen = 47, - }, { - .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + .assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .alen = 16, + .ptext = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", - .klen = 16, - .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" - "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", - .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + .plen = 16, + .ctext = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02" + "\x0f\xdf\xc9\x6e\x37\x1e\x57\x99" + "\x07\x2a\x1a\xac\xd1\xda\xfd\x3b" + "\xc7\xff\xbd\xbc\x85\x09\x0b", + .clen = 31, + }, { + .key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a" + "\x6e\x63\x82\x7f\xb2\x68\x0c\x3a" + "\xce\xf5\x5e\x8e\x75\x42\x97\x26", + .klen = 32, + .iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71" "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c" "\x39\x14\x05\xa0\xf3\x10\xec\x41" "\xff\x01\x95\x84\x2b\x59\x7f\xdb", - .alen = 32, - .input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d" - "\x03\xc4\x88\xc1\x35\xb8\xcd\x47" - "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91", - .ilen = 32, - .result = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68" - "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6" - "\x25\xd8\xf7\x1f\x10\x15\x48\x61" - "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6" - "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98" - "\xb9\x9c\xe5\xef\xf2\x05", - .rlen = 46, - }, { - .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + .assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .alen = 16, + .ptext = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" "\x95\x9a\xff\x10\x75\x45\x7d\x8f", - .klen = 16, - .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" - "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", - .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + .plen = 16, + .ctext = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e" + "\x6c\xd9\x84\x63\x70\x97\x61\x37" + "\x08\x2f\x16\x90\x9e\x62\x30\x0d" + "\x62\xd5\xc8\xf0\x46\x1a", + .clen = 30, + }, { + .key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10" + "\x98\x25\x8d\x03\xb7\x08\x8e\x54" + "\x90\x23\x3d\x67\x4f\xa1\x36\xfc", + .klen = 32, + .iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" "\xd5\x07\x58\x59\x72\xd7\xde\x92" "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", - .alen = 32, - .input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13" - "\x2e\x86\x93\x45\x3a\x58\x4f\x61" - "\xf0\x3a\xac\x53\xbc\xd0\x06\x68", - .ilen = 32, - .result = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d" - "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf" - "\x1a\x5a\x70\x15\x5a\x10\x40\x51" - "\xca\x47\x4c\x9d\xc9\x97\xf4\x77" - "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f", - .rlen = 40, - }, { - .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + .assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .alen = 16, + .ptext = "\xac\x70\x69\xef\x82\x97\xd2\x9b" "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .plen = 16, + .ctext = "\xce\xf3\x17\x87\x49\xc2\x00\x46" + "\xc6\x12\x5c\x8f\x81\x38\xaa\x55" + "\xf8\x67\x75\xf1\x75\xe3\x2a\x24", + .clen = 24, + }, +}; + +/* + * MORUS-640 test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/morus640128v2/) + */ +static const struct aead_testvec morus640_tv_template[] = { + { + .key = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00", .klen = 16, - .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" - "\x36\xab\xde\xc6\x6d\x32\x70\x17", - .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" - "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98" - "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74" - "\x81\x5c\x53\x35\xe0\x17\xbd\x88", - .alen = 32, - .input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" - "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a" - "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a" - "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e", - .ilen = 32, - .result = "\xf1\x62\x44\xc7\x5f\x19\xca\x43" - "\x47\x2c\xaf\x68\x82\xbd\x51\xef" - "\x3d\x65\xd8\x45\x2d\x06\x07\x78" - "\x08\x2e\xb3\x23\xcd\x81\x12\x55" - "\x1a", - .rlen = 33, - }, { - .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7" - "\x96\x4e\x63\x33\x69\x8d\x02\x9b" - "\x23\xf9\x22\xeb\x80\xa0\xb1\x81" - "\xe2\x73\xc3\x21\x4d\x47\x8d\xf4", - .klen = 32, - .iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e" - "\xb7\x85\x90\x58\x67\x57\x33\x1d", + .iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86" + "\x20\x36\x2c\x24\xfe\xc9\x30\x81", .assoc = "", .alen = 0, - .input = "", - .ilen = 0, - .result = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf" - "\xb9\xd2\x41\xf6\x80\xa1\x52\x70", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x89\x62\x7d\xf3\x07\x9d\x52\x05" + "\x53\xc3\x04\x60\x93\xb4\x37\x9a", + .clen = 16, }, { - .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3" - "\x17\x29\x15\xc5\x63\xb2\xc5\xa1" - "\x4d\xbc\x2d\x6f\x85\x40\x33\x9a" - "\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca", - .klen = 32, - .iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a" - "\x38\x5f\x42\xe9\x61\x7b\xf5\x23", + .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" + "\x80\xda\xb2\x91\xf9\x24\xc2\x06", + .klen = 16, + .iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2" + "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", .assoc = "", .alen = 0, - .input = "\x53", - .ilen = 1, - .result = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7" - "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78" - "\x53", - .rlen = 17, + .ptext = "\x69", + .plen = 1, + .ctext = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78" + "\xb6\x10\x9a\x59\x5f\x61\x37\x70" + "\x09", + .clen = 17, }, { - .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef" - "\x98\x03\xc7\x56\x5d\xd6\x87\xa8" - "\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4" - "\x65\xce\x80\xd2\x01\x05\xcb\xa1", - .klen = 32, - .iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75" - "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29", + .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" + "\x01\xb4\x64\x22\xf3\x48\x85\x0c", + .klen = 16, + .iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe" + "\x22\xea\x90\x47\xf2\x11\xb5\x8e", .assoc = "", .alen = 0, - .input = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83" - "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c" - "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7" - "\xf6\xf0\x27\xb4\x25\x4c\x83", - .ilen = 31, - .result = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07" - "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37" - "\xa5\x64\x31\x5c\xca\x73\x9b\x43" - "\xe6\x70\x63\x46\x95\xcb\xf7\xb5" - "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9" - "\xb8\x4d\x11\x42\xd1\xf8\xf1", - .rlen = 47, + .ptext = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" + "\x62\x58\xe9\x8f\xef\xa4\x17", + .plen = 15, + .ctext = "\x76\xdd\xb9\x05\x3d\xce\x61\x38" + "\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5" + "\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b" + "\xd4\x6e\xfe\xd9\xc8\x63\x4b", + .clen = 31, }, { - .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a" - "\x19\xdd\x79\xe8\x57\xfb\x4a\xae" - "\xa2\x40\x45\x77\x90\x80\x37\xce" - "\x26\xfb\x5f\xaa\xdb\x64\x6b\x77", - .klen = 32, - .iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91" - "\x39\x14\xa6\x0c\x55\xc4\x7b\x30", + .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" + "\x82\x8e\x16\xb4\xed\x6d\x47\x12", + .klen = 16, + .iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda" + "\xa2\xc5\x42\xd8\xec\x36\x78\x94", .assoc = "", .alen = 0, - .input = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f" - "\x7a\x81\xff\x55\x52\x56\xdc\x33" - "\x01\x52\xcd\xdb\x53\x78\xd9\xe1" - "\xb7\x1d\x06\x8d\xff\xab\x22\x98", - .ilen = 32, - .result = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37" - "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f" - "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a" - "\xfb\x07\x7a\x82\xb5\xe4\x85\x26" - "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f" - "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6", - .rlen = 48, + .ptext = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" + "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97", + .plen = 16, + .ctext = "\xdc\x72\xe8\x14\xfb\x63\xad\x72" + "\x1f\x57\x9a\x1f\x88\x81\xdb\xd6" + "\xc1\x91\x9d\xb9\x25\xc4\x99\x4c" + "\x97\xcd\x8a\x0c\x9d\x68\x00\x1c", + .clen = 32, }, { - .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26" - "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4" - "\xcc\x03\x50\xfc\x95\x20\xb9\xe7" - "\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e", - .klen = 32, - .iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad" - "\xba\xee\x58\x9d\x4f\xe8\x3d\x36", + .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" + "\x03\x68\xc8\x45\xe7\x91\x0a\x18", + .klen = 16, + .iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6" + "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", .assoc = "", .alen = 0, - .input = "\x08\x84\x34\x44\x9f\xde\x1c\xbb" - "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39" - "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb" - "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f" - "\x2e", - .ilen = 33, - .result = "\xc2\xf4\x40\x55\xf9\x59\xff\x73" - "\x08\xf5\x98\x92\x0c\x7b\x35\x9a" - "\xa8\xf4\x42\x7e\x6f\x93\xca\x22" - "\x23\x06\x1e\xf8\x89\x22\xf4\x46" - "\x7c\x7c\x67\x75\xab\xe5\x75\xaa" - "\x15\xd7\x83\x19\xfd\x31\x59\x5b" - "\x32", - .rlen = 49, + .ptext = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" + "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" + "\x09", + .plen = 17, + .ctext = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82" + "\x0a\xb8\x55\xee\xeb\x73\x4d\x7f" + "\x54\x11\x3a\x8a\x31\xa3\xb5\xf2" + "\xcd\x49\xdb\xf3\xee\x26\xbd\xa2" + "\x0d", + .clen = 33, }, { - .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42" - "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba" - "\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01" - "\xa9\x56\x1d\x5b\x8f\x22\xa9\x25", - .klen = 32, - .iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9" - "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c", + .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" + "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", + .klen = 16, + .iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12" + "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", .assoc = "", .alen = 0, - .input = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7" - "\x7c\x35\x63\x77\x46\x9f\x61\x3f" - "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14" - "\x3a\x79\xc4\x3e\xb3\x69\x61\x46" - "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73" - "\x22\xda\x52\x8b\x7d\x11\x98\xea" - "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad" - "\x20\x76\x5a\xdc\x4e\x71\x13", - .ilen = 63, - .result = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb" - "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28" - "\x2a\xdc\xfa\x01\x84\x87\x9a\x70" - "\x81\x75\x37\x0a\xd2\x75\xa9\xb6" - "\x21\x72\xee\x7e\x65\x95\xe5\xcc" - "\x01\xb7\x39\xa6\x51\x15\xca\xff" - "\x61\xdc\x97\x38\xcc\xf4\xca\xc7" - "\x83\x9b\x05\x11\x72\x60\xf0\xb4" - "\x7e\x06\xab\x0a\xc0\xbb\x59\x23" - "\xaa\x2d\xfc\x4e\x35\x05\x59", - .rlen = 79, + .ptext = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" + "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" + "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" + "\x57\x05\x01\x1c\x66\x22\xd3", + .plen = 31, + .ctext = "\x59\xd1\x0f\x6b\xee\x27\x84\x92" + "\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5" + "\x50\x32\xb4\x9a\x2e\x35\x83\x55" + "\x36\x12\x12\xed\xa3\x31\xc5\x30" + "\xa7\xe2\x4a\x6d\x05\x59\x43\x91" + "\x75\xfa\x6c\x17\xc6\x73\xca", + .clen = 47, }, { - .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e" - "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1" - "\x21\x87\x67\x04\x9f\x60\xbd\x1b" - "\x6a\x84\xfc\x34\x6a\x81\x48\xfb", - .klen = 32, - .iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5" - "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42", + .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" + "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", + .klen = 16, + .iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d" + "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", .assoc = "", .alen = 0, - .input = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3" - "\xfd\x0f\x15\x09\x40\xc3\x24\x45" - "\x81\x99\xf0\x67\x63\x58\x5e\x2e" - "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c" - "\x4b\x62\x87\x7c\x15\x38\xda\x70" - "\x3d\xea\xe7\xf2\x40\xba\xae\x79" - "\x8f\x48\xfc\xbf\x45\x53\x2e\x78" - "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c", - .ilen = 64, - .result = "\x11\x7c\x7d\xef\xce\x29\x95\xec" - "\x7e\x9f\x42\xa6\x26\x07\xa1\x75" - "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa" - "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc" - "\x5f\x8c\x1c\x60\x15\x4f\x9b\x20" - "\x7b\xff\xcd\x82\x60\x84\xf4\xa5" - "\x20\x9a\x05\x19\x5b\x02\x0a\x72" - "\x43\x11\x26\x58\xcf\xc5\x41\xcf" - "\x13\xcc\xde\x32\x92\xfa\x86\xf2" - "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54", - .rlen = 80, + .ptext = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" + "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" + "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" + "\x19\x33\xe0\xf4\x40\x81\x72\x28", + .plen = 32, + .ctext = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1" + "\xcf\x50\xb2\x4c\x32\xe1\xa6\x69" + "\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39" + "\x1b\xde\x68\x38\xcc\x27\x52\xc5" + "\xf6\x3e\x74\xea\x66\x5b\x5f\x0c" + "\x65\x9e\x58\xe6\x52\xa2\xfe\x59", + .clen = 48, }, { - .key = "\x90\x96\x36\xea\x03\x74\x18\x7a" - "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7" - "\x4b\x4a\x73\x89\xa4\x00\x3f\x34" - "\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2", - .klen = 32, - .iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01" - "\x3d\x7c\x6e\x52\x3d\x55\x85\x48", - .assoc = "\xaf", + .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" + "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", + .klen = 16, + .iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49" + "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", + .assoc = "\xc5", .alen = 1, - .input = "", - .ilen = 0, - .result = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe" - "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\x56\xe7\x24\x52\xdd\x95\x60\x5b" + "\x09\x48\x39\x69\x9c\xb3\x62\x46", + .clen = 16, }, { - .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95" - "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd" - "\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e" - "\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8", - .klen = 32, - .iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c" - "\xbe\x57\x20\xe3\x37\x7a\x48\x4f", - .assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3" - "\xde\x8d\x4d\x07\x36\x43\x78\xd0" - "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b" - "\x4e\xf6\x29\xd1\x8b\x6f\x56", + .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" + "\x07\xd1\x90\x8b\xcf\x23\x15\x31", + .klen = 16, + .iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65" + "\x27\x08\xbd\xaf\xce\xec\x45\xb3", + .assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec" + "\x47\x3e\xe9\xd4\xcc\xb5\x76", + .alen = 15, + .ptext = "", + .plen = 0, + .ctext = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01" + "\x13\xe5\x73\x46\x46\xf2\x5c\xe1", + .clen = 16, + }, { + .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" + "\x88\xab\x42\x1c\xc9\x47\xd7\x38", + .klen = 16, + .iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81" + "\xa8\xe2\x6f\x41\xc8\x10\x08\xb9", + .assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08" + "\xc8\x18\x9b\x65\xc6\xd9\x39\x3b", + .alen = 16, + .ptext = "", + .plen = 0, + .ctext = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac" + "\xa9\x21\x45\x0b\x16\x52\xf7\xe1", + .clen = 16, + }, { + .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" + "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", + .klen = 16, + .iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d" + "\x29\xbc\x21\xd2\xc2\x35\xcb\xbf", + .assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24" + "\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41" + "\x3c", + .alen = 17, + .ptext = "", + .plen = 0, + .ctext = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9" + "\xbb\xa8\x62\xad\x0a\xf5\x48\x60", + .clen = 16, + }, { + .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" + "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", + .klen = 16, + .iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8" + "\xaa\x96\xd3\x64\xbc\x59\x8d\xc6", + .assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f" + "\xca\xcd\xff\x88\xba\x22\xbe\x47" + "\x67\xba\x85\xf1\xbb\x30\x56\x26" + "\xaf\x0b\x02\x38\xcc\x44\xa7", .alen = 31, - .input = "", - .ilen = 0, - .result = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d" - "\x2e\x9a\xd6\x61\x43\xc0\x74\x69", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d" + "\x4b\xef\x75\x16\x0a\x99\xae\x6b", + .clen = 16, }, { - .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1" - "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3" - "\xa0\xce\x8a\x91\xae\x40\x43\x68" - "\xae\x0d\x98\xbd\xf8\x9e\x26\x7f", - .klen = 32, - .iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38" - "\x3f\x31\xd2\x74\x31\x9e\x0a\x55", - .assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf" - "\x5f\x67\xff\x99\x30\x67\x3b\xd6" - "\x35\x2f\x90\xd3\x31\x90\x04\x74" - "\x0f\x23\x08\xa9\x65\xce\xf6\xea", + .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" + "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", + .klen = 16, + .iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4" + "\x2b\x70\x85\xf5\xb6\x7d\x50\xcc", + .assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b" + "\x4b\xa7\xb1\x19\xb4\x46\x81\x4d" + "\x91\x7c\x91\x75\xc0\xd0\xd8\x40" + "\x71\x39\xe1\x10\xa6\xa3\x46\x7a", .alen = 32, - .input = "", - .ilen = 0, - .result = "\xb9\x57\x13\x3e\x82\x31\x61\x65" - "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2", - .rlen = 16, + .ptext = "", + .plen = 0, + .ctext = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f" + "\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0", + .clen = 16, }, { - .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd" - "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda" - "\xca\x91\x96\x15\xb4\xe0\xc5\x81" - "\x70\x3a\x77\x95\xd2\xfd\xc5\x55", - .klen = 32, - .iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54" - "\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b", - .assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb" - "\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd" - "\x5f\xf2\x9c\x58\x36\x30\x86\x8e" - "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1" - "\x01", - .alen = 33, - .input = "", - .ilen = 0, - .result = "\x81\x96\x34\xde\xbb\x36\xdd\x3e" - "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1", - .rlen = 16, + .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" + "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", + .klen = 16, + .iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0" + "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", + .assoc = "\x31", + .alen = 1, + .ptext = "\x40", + .plen = 1, + .ctext = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38" + "\x01\xfe\x84\x14\x85\xf8\xd1\xe3" + "\x22", + .clen = 17, }, { - .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9" - "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0" - "\xf5\x53\xa1\x9a\xb9\x80\x47\x9b" - "\x31\x68\x56\x6e\xac\x5c\x65\x2c", - .klen = 32, - .iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70" - "\x41\xe5\x36\x97\x25\xe7\x90\x61", - .assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7" - "\x61\x1c\x63\xbc\x24\xb0\xc0\xe3" - "\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8" - "\x92\x7f\xc5\x5a\x19\x8c\x34\x97" - "\x0f\x95\x9b\x18\xe4\x8d\xb4\x24" - "\xb9\x33\x28\x18\xe1\x9d\x14\xe0" - "\x64\xb2\x89\x7d\x78\xa8\x05\x7e" - "\x07\x8c\xfc\x88\x2d\xb8\x53", - .alen = 63, - .input = "", - .ilen = 0, - .result = "\x2e\x99\xb6\x79\x57\x56\x80\x36" - "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c", - .rlen = 16, + .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" + "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", + .klen = 16, + .iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c" + "\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8", + .assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93" + "\x4d\x5b\x15\x3c\xa8\x8f\x06", + .alen = 15, + .ptext = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37", + .plen = 15, + .ctext = "\x77\x32\x61\xeb\xb4\x33\x29\x92" + "\x29\x95\xc5\x8e\x85\x76\xab\xfc" + "\x07\x95\xa7\x44\x74\xf7\x22\xff" + "\xd8\xd8\x36\x3d\x8a\x7f\x9e", + .clen = 31, }, { - .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05" - "\xa1\x89\xbc\x04\x21\x42\x22\xe6" - "\x1f\x15\xad\x1e\xbe\x20\xc9\xb4" - "\xf3\x95\x35\x46\x86\xbb\x04\x03", - .klen = 32, - .iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c" - "\xc2\xbf\xe8\x29\x1f\x0b\x52\x68", - .assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13" - "\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9" - "\xb4\x76\xb3\x60\x40\x70\x8a\xc1" - "\x53\xac\xa4\x32\xf3\xeb\xd3\x6e" - "\x1e\x42\xa0\x46\x45\x9f\xc7\x22" - "\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f" - "\x91\x19\x70\x1e\xe1\xfe\x25\x49" - "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03", - .alen = 64, - .input = "", - .ilen = 0, - .result = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce" - "\x3b\x89\x40\x36\xba\x6d\x0e\xa2", - .rlen = 16, + .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" + "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", + .klen = 16, + .iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28" + "\xad\xff\x9b\xa9\xa4\xeb\x98\xdf", + .assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf" + "\xce\x36\xc7\xce\xa2\xb4\xc9\x60", + .alen = 16, + .ptext = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2", + .plen = 16, + .ctext = "\xd8\xfd\x44\x45\xf6\x42\x12\x38" + "\xf2\x0b\xea\x4f\x9e\x11\x61\x07" + "\x48\x67\x98\x18\x9b\xd0\x0c\x59" + "\x67\xa4\x11\xb3\x2b\xd6\xc1\x70", + .clen = 32, }, { - .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21" - "\x22\x63\x6e\x96\x1b\x67\xe4\xec" - "\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce" - "\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9", - .klen = 32, - .iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7" - "\x42\x9a\x9a\xba\x19\x30\x15\x6e", - .assoc = "\x1a", - .alen = 1, - .input = "\x29", - .ilen = 1, - .result = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6" - "\x17\x75\x81\x16\xdf\x26\xff\x67" - "\x92", - .rlen = 17, + .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" + "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", + .klen = 16, + .iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44" + "\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5", + .assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca" + "\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66" + "\x3b", + .alen = 17, + .ptext = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05", + .plen = 17, + .ctext = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6" + "\x71\x3a\x00\x9f\x41\x88\xb0\xb2" + "\x71\x83\x85\x5f\xc8\x79\x0a\x99" + "\x99\xdc\x89\x1c\x88\xd2\x3e\xf9" + "\x83", + .clen = 33, }, { - .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c" - "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2" - "\x74\x9a\xc4\x27\xc8\x60\xcd\xe8" - "\x75\xf0\xf2\xf7\x3b\x79\x42\xb0", - .klen = 32, - .iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3" - "\xc3\x74\x4c\x4c\x13\x54\xd8\x74", - .assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a" - "\xe4\xaa\x79\x70\x12\x1d\x08\xf6" - "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5" - "\xd6\x07\x62\xe3\xa8\xa9\x12", + .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" + "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", + .klen = 16, + .iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f" + "\xaf\xb3\xff\xcc\x98\x33\x1d\xeb", + .assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6" + "\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d" + "\x65\x48\xcb\x0a\xda\xf0\x62\xc0" + "\x38\x1d\x3b\x4a\xe9\x7e\x62", .alen = 31, - .input = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1" - "\x04\xe1\xa6\x94\x10\xe6\x39\x77" - "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb" - "\x06\x13\x9a\xd9\x5e\xc0\xfa", - .ilen = 31, - .result = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd" - "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda" - "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01" - "\x57\xe7\xf3\x7b\x73\xe7\x54\x10" - "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6" - "\x76\xc3\xf5\x3a\x76\xfd\x4a", - .rlen = 47, + .ptext = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + "\xf0\x20\x58\x15\x95\xc6\x7f\xee" + "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" + "\x68\x28\x73\x40\x9f\x96\x4a", + .plen = 31, + .ctext = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06" + "\x5c\x7b\xef\x64\x87\x00\xd1\x37" + "\xa7\x08\xbc\x7f\x8f\x41\x54\xd0" + "\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a" + "\x2d\x21\x30\xf9\x02\xdb\x06\x0c" + "\xf1\x5a\x66\x69\xe0\xca\x83", + .clen = 47, }, { - .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58" - "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9" - "\x9e\x5c\xd0\xab\xcd\x00\x4f\x01" - "\x37\x1e\xd1\xcf\x15\xd8\xe2\x86", - .klen = 32, - .iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf" - "\x44\x4e\xff\xdd\x0d\x78\x9a\x7a", - .assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66" - "\x65\x84\x2b\x01\x0b\x42\xcb\xfc" - "\x33\xbd\xd6\xed\x50\x50\x10\x0e" - "\x97\x35\x41\xbb\x82\x08\xb1\xf2", + .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" + "\x10\x57\x85\x39\x93\x8f\xaf\x70", + .klen = 16, + .iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b" + "\x30\x8e\xb1\x5e\x92\x58\xe0\xf1", + .assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02" + "\x50\xc4\xde\x82\x90\x21\x11\x73" + "\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda" + "\xf9\x4a\x1a\x23\xc3\xdd\x02\x81", .alen = 32, - .input = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed" - "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d" - "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15" - "\xc8\x40\x78\xb1\x38\x1f\x99\xa7", - .ilen = 32, - .result = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a" - "\x71\xce\xe4\xaa\x45\x70\xe6\x84" - "\x62\x48\x08\x64\x86\x6a\xdf\xec" - "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4" - "\x2b\x7b\x36\x73\xec\x54\xa9\x1e" - "\x30\x85\xdb\xe4\xac\xe9\x2c\xca", - .rlen = 48, + .ptext = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37", + .plen = 32, + .ctext = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2" + "\x70\x57\x37\xc5\xc2\x4f\x8d\x14" + "\xc6\xbf\x8b\xec\xf5\x62\x67\xf2" + "\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54" + "\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa" + "\x7a\x00\x2e\x4d\x7f\x31\x2e\x81", + .clen = 48, }, { - .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74" - "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff" - "\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b" - "\xf8\x4c\xb0\xa8\xef\x37\x81\x5d", - .klen = 32, - .iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb" - "\xc5\x28\xb1\x6e\x07\x9d\x5d\x81", - .assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82" - "\xe5\x5f\xdd\x93\x05\x66\x8e\x02" - "\x5e\x80\xe1\x71\x55\xf0\x92\x28" - "\x59\x62\x20\x94\x5c\x67\x50\xc8" - "\x58", + .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" + "\x91\x31\x37\xcb\x8d\xb3\x72\x76", + .klen = 16, + .iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97" + "\xb1\x68\x63\xef\x8c\x7c\xa3\xf7", + .assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e" + "\xd1\x9e\x90\x13\x8a\x45\xd3\x79" + "\xba\xcd\xe2\x13\xe4\x30\x66\xf4" + "\xba\x78\xf9\xfb\x9d\x3c\xa1\x58" + "\x1a", .alen = 33, - .input = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09" - "\x06\x95\x0a\xb7\x04\x2f\xbe\x84" - "\x28\x30\x64\x92\x96\x98\x72\x2e" - "\x89\x6e\x57\x8a\x13\x7e\x38\x7e" - "\xdb", - .ilen = 33, - .result = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60" - "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34" - "\xe9\xf8\x80\x65\x53\xd0\x72\x70" - "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c" - "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67" - "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4" - "\xc3", - .rlen = 49, - }, { - .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90" - "\x26\xcc\x36\xdc\x02\xf8\xef\x05" - "\xf3\xe1\xe7\xb3\xd8\x40\x53\x35" - "\xb9\x79\x8f\x80\xc9\x96\x20\x33", - .klen = 32, - .iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17" - "\x46\x02\x63\x00\x01\xc1\x20\x87", - .assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e" - "\x66\x39\x8f\x24\xff\x8a\x50\x08" - "\x88\x42\xed\xf6\x5a\x90\x14\x42" - "\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f" - "\x66\xa0\xb5\x2d\x2c\xf8\x25\x15" - "\x55\x90\xa2\x7e\x77\x94\x96\x3a" - "\x71\x1c\xf7\x44\xee\xa8\xc3\x42" - "\xe2\xa3\x84\x04\x0b\xe1\xce", - .alen = 63, - .input = "\x1b\x61\x23\x5b\x71\x26\xae\x25" - "\x87\x6f\xbc\x49\xfe\x53\x81\x8a" - "\x53\xf2\x70\x17\x9b\x38\xf4\x48" - "\x4b\x9b\x36\x62\xed\xdd\xd8\x54" - "\xea\xcb\xb6\x79\x45\xfc\xaa\x54" - "\x5c\x94\x47\x58\xa7\xff\x9c\x9e" - "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35" - "\xd5\xa4\x6a\xd4\x09\xc2\x08", - .ilen = 63, - .result = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a" - "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8" - "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b" - "\x59\xc0\x79\xbc\x17\xa0\x15\x01" - "\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3" - "\x1b\x49\x21\x34\x23\x63\x55\x5e" - "\xee\x4f\x34\x17\xfa\xfe\xa5\x0c" - "\xed\x0b\x23\xea\x9b\xda\x57\x2f" - "\xf6\xa9\xae\x0d\x4e\x40\x96\x45" - "\x7f\xfa\xf0\xbf\xc4\x98\x78", - .rlen = 79, - }, { - .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac" - "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b" - "\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e" - "\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a", - .klen = 32, - .iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33" - "\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d", - .assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba" - "\xe7\x13\x41\xb6\xf9\xaf\x13\x0f" - "\xb2\x04\xf8\x7a\x5f\x30\x96\x5b" - "\xdc\xbd\xdd\x44\x10\x25\x8f\x75" - "\x75\x4d\xb9\x5b\x8e\x0a\x38\x13" - "\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9" - "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e" - "\xb1\xa7\x1b\x44\x05\x67\xb7\x37", - .alen = 64, - .input = "\x58\x85\x5c\xfa\x81\xa1\x57\x40" - "\x08\x4a\x6e\xda\xf8\x78\x44\x90" - "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62" - "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b" - "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52" - "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d" - "\xa9\x1d\xd8\x4e\x31\x53\xab\x00" - "\xa5\xa7\x01\x13\x04\x49\xf2\x04", - .ilen = 64, - .result = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1" - "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb" - "\x35\x35\x60\x9d\x06\x40\x65\xc1" - "\x93\xe8\xb3\x82\x50\x29\xdd\xb5" - "\x2b\xcb\xde\x18\x78\x6b\x42\xbe" - "\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f" - "\x4a\x18\x98\xad\x8c\xf2\x97\xb4" - "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06" - "\xce\x9e\x34\x81\xf0\x89\x11\x13" - "\x02\x65\xa1\x7c\xdf\x07\x33\x06", - .rlen = 80, - }, { - .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7" - "\x28\x80\x9a\xfe\xf6\x41\x74\x12" - "\x48\x65\xfe\xbc\xe2\x80\x57\x68" - "\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1", - .klen = 32, - .iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e" - "\x48\xb7\xc7\x23\xf5\x0a\xa5\x93", - .assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5" - "\x68\xed\xf3\x47\xf3\xd3\xd6\x15" - "\xdd\xc7\x04\xfe\x64\xd0\x18\x75" - "\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c" - "\x83\xf9\xbe\x8a\xef\x1c\x4b\x10" - "\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58" - "\xca\xea\xc6\x87\xc0\x53\x03\xd9" - "\x80\xaa\xb2\x83\xff\xee\xa1\x6a" - "\x04", - .alen = 65, - .input = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c" - "\x88\x24\x20\x6b\xf2\x9c\x06\x96" - "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b" - "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02" - "\x07\x24\xbf\xd5\x08\x20\xd0\x4f" - "\x90\xb3\x70\x24\x2f\x51\xc7\xbb" - "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc" - "\x74\xab\x97\x53\xfe\xd0\xdb\x37" - "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3" - "\x1b\x34\x6d\x51\x72\x2b\x17\xe7" - "\x4d\xaa\x2c\x18\xda\xa3\x33\x89" - "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f" - "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0" - "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2" - "\x27\x7f\xe3\x34\x80\x02\x49\x4b" - "\x07\x68\x22\x2a\x88\x25\x53\xb2" - "\x2f", - .ilen = 129, - .result = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6" - "\x85\x43\x88\xd0\xd7\x78\x60\x19" - "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec" - "\xf7\x84\x85\xc7\x27\x0f\x74\x57" - "\x28\x9e\xdd\x90\x3c\x43\x12\xc5" - "\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b" - "\x57\x04\xf1\x6d\xfe\x9b\x84\x27" - "\xe8\xeb\x4d\xda\x02\x0a\xc5\x49" - "\x1a\x55\x5e\x50\x56\x4d\x94\xda" - "\x20\xf8\x12\x54\x50\xb3\x11\xda" - "\xed\x44\x27\x67\xd5\xd1\x8b\x4b" - "\x38\x67\x56\x65\x59\xda\xe6\x97" - "\x81\xae\x2f\x92\x3b\xae\x22\x1c" - "\x91\x59\x38\x18\x00\xe8\xba\x92" - "\x04\x19\x56\xdf\xb0\x82\xeb\x6f" - "\x2e\xdb\x54\x3c\x4b\xbb\x60\x90" - "\x4c\x50\x10\x62\xba\x7a\xb1\x68" - "\x37\xd7\x87\x4e\xe4\x66\x09\x1f" - "\xa5", - .rlen = 145, - }, { - .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3" - "\xa9\x5a\x4c\x90\xf0\x65\x37\x18" - "\x72\x28\x0a\x40\xe7\x20\xd9\x82" - "\xfe\x02\x2b\x09\x57\xb3\xfe\xb7", - .klen = 32, - .iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a" - "\xc9\x91\x79\xb4\xef\x2e\x68\x99", - .assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1" - "\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b" - "\x07\x89\x10\x82\x6a\x70\x9a\x8f" - "\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22" - "\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e" - "\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7" - "\xf7\x52\xae\x28\x29\xa8\x22\xa4" - "\x4f\xae\x48\xc2\xfa\x75\x8b\x9e" - "\xce\x83\x2a\x88\x07\x55\xbb\x89" - "\xf6\xdf\xac\xdf\x83\x08\xbf\x7d" - "\xac\x30\x8b\x8e\x02\xac\x00\xf1" - "\x30\x46\xe1\xbc\x75\xbf\x49\xbb" - "\x26\x4e\x29\xf0\x2f\x21\xc6\x13" - "\x92\xd9\x3d\x11\xe4\x10\x00\x8e" - "\xd4\xd4\x58\x65\xa6\x2b\xe3\x25" - "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c" - "\x4b", - .alen = 129, - .input = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78" - "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d" - "\xd2\x39\x93\xa3\xab\x18\x7a\x95" - "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8" - "\x15\xd1\xc3\x04\x69\x32\xe3\x4d" - "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a" - "\x02\xeb\xa8\x90\x03\xfd\xea\x97" - "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a" - "\x00", - .ilen = 65, - .result = "\x7d\xde\x53\x22\xe4\x23\x3b\x30" - "\x78\xde\x35\x90\x7a\xd9\x0b\x93" - "\xf6\x0e\x0b\xed\x40\xee\x10\x9c" - "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf" - "\x63\x7f\x2d\x0c\xcf\x96\xec\x64" - "\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b" - "\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0" - "\x87\x4d\xb1\xbc\xd8\x78\x2c\x17" - "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6" - "\x20\x13\x83\x46\xaf\xff\xe3\x0f" - "\x72", - .rlen = 81, + .ptext = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" + "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" + "\x75\x73\x20\x30\x59\x54\xb2\xf0" + "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" + "\x8a", + .plen = 65, + .ctext = "\xc7\xca\x26\x61\x57\xee\xa2\xb9" + "\xb1\x37\xde\x95\x06\x90\x11\x08" + "\x4d\x30\x9f\x24\xc0\x56\xb7\xe1" + "\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76" + "\x56\x9a\xb4\x58\xc5\x08\xfc\xb5" + "\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb" + "\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b" + "\xef\x35\x25\x48\xed\xcf\x29\xa8" + "\xac\xc3\xb9\xcb\x61\x8f\x73\x92" + "\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1" + "\xc4", + .clen = 81, }, { - .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff" - "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e" - "\x9c\xea\x15\xc5\xec\xc0\x5b\x9b" - "\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e", - .klen = 32, - .iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86" - "\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0", - .assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d" - "\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21" - "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8" - "\x20\x46\x7a\xce\x9f\x42\x6d\xf9", - .alen = 32, - .input = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94" - "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3" - "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf" - "\x50\x52\xb1\xc4\x55\x59\x55\xaf", - .ilen = 32, - .result = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe" - "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4" - "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc" - "\xbb\x51\x7e\x9c\x89\x73\xde\x4e" - "\x24\xf8\x52\x7c\x15\x41\x0e\xba" - "\x69\x0e\x36\x5f\x2f\x22\x8c", - .rlen = 47, + .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" + "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", + .klen = 16, + .iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3" + "\x32\x42\x15\x80\x85\xa1\x65\xfe", + .assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a" + "\x52\x79\x42\xa5\x84\x6a\x96\x7f" + "\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d" + "\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e" + "\x28\xce\x57\x34\xcd\x6e\x84\x4c" + "\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1" + "\x96\x41\x0d\x69\xe8\x54\x0a\xc8" + "\x15\x4e\x91\x92\x89\x4b\xb7\x9b" + "\x21", + .alen = 65, + .ptext = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac", + .plen = 33, + .ctext = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b" + "\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40" + "\xf3\x78\x63\x34\x89\x79\x39\x6b" + "\x61\x64\x4a\x9a\xfa\x70\xa4\xd3" + "\x54\x0b\xea\x05\xa6\x95\x64\xed" + "\x3d\x69\xa2\x0c\x27\x56\x2f\x34" + "\x66", + .clen = 49, }, { - .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b" - "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24" - "\xc7\xac\x21\x49\xf1\x60\xdd\xb5" - "\x80\x5d\xe9\xba\x0c\x71\x3c\x64", - .klen = 32, - .iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2" - "\xcb\x45\xdd\xd7\xe3\x77\xed\xa6", - .assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29" - "\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27" - "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2" - "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0", - .alen = 32, - .input = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0" - "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9" - "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8" - "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85", - .ilen = 32, - .result = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51" - "\xb8\xda\x92\x3c\xfd\xda\xac\x8e" - "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1" - "\xab\xd6\x7c\x76\xad\xea\x7d\x76" - "\x53\xee\xb0\xcd\xd0\x02\xbb\x70" - "\x5b\x6f\x7b\xe2\x8c\xe8", - .rlen = 46, + .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" + "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", + .klen = 16, + .iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf" + "\xb3\x1c\xc7\x12\x7f\xc5\x28\x04", + .assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56" + "\xd3\x53\xf4\x36\x7e\x8e\x59\x85", + .alen = 16, + .ptext = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07", + .plen = 16, + .ctext = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f" + "\x33\x98\x87\xde\x08\xb6\xb6\xae" + "\x3e\xa4\xf8\x19\xf1\x92\x60\x39" + "\xb9\x6b\x3f\xdf\xc8\xcb\x30", + .clen = 31, }, { - .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37" - "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b" - "\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf" - "\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b", - .klen = 32, - .iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe" - "\x4c\x20\x8f\x68\xdd\x9c\xb0\xac", - .assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45" - "\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e" - "\x86\xd0\x32\x0f\x79\x50\x20\xdb" - "\xa2\xa1\x37\x7e\x53\x00\xab\xa6", - .alen = 32, - .input = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc" - "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf" - "\x51\x80\xb5\x30\xba\xf8\x00\xe2" - "\xd3\xad\x6f\x75\x09\x18\x93\x5c", - .ilen = 32, - .result = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b" - "\xe7\x68\x81\x51\xbb\xfb\xdf\x60" - "\xbb\xac\xe8\xc1\xdc\x68\xae\x68" - "\x3a\xcd\x7a\x06\x49\xfe\x80\x11" - "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf", - .rlen = 40, + .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" + "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", + .klen = 16, + .iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea" + "\x34\xf6\x79\xa3\x79\xe9\xeb\x0a", + .assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71" + "\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c", + .alen = 16, + .ptext = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d", + .plen = 16, + .ctext = "\x74\x7d\x70\x07\xe9\xba\x01\xee" + "\x6c\xc6\x6f\x50\x25\x33\xbe\x50" + "\x17\xb8\x17\x62\xed\x80\xa2\xf5" + "\x03\xde\x85\x71\x5d\x34", + .clen = 30, }, { - .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53" - "\xac\xc3\x15\xd6\xd8\xf7\x42\x31" - "\x1b\x31\x38\x51\xfc\xa0\xe1\xe8" - "\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11", - .klen = 32, - .iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9" - "\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2", - .assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60" - "\xed\x30\x6e\x1e\xd5\x89\xa3\x34" - "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5" - "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d", - .alen = 32, - .input = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7" - "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5" - "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc" - "\x94\xda\x4e\x4d\xe4\x77\x32\x32", - .ilen = 32, - .result = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e" - "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c" - "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70" - "\xc7\x4f\x96\x16\x03\xfc\xea\xfb" - "\x56", - .rlen = 33, + .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" + "\x95\x9a\xff\x10\x75\x45\x7d\x8f", + .klen = 16, + .iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06" + "\xb5\xd1\x2b\x35\x73\x0e\xad\x10", + .assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d" + "\xd5\x07\x58\x59\x72\xd7\xde\x92", + .alen = 16, + .ptext = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13", + .plen = 16, + .ctext = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38" + "\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf" + "\xba\xea\xd4\xfa\x3f\x11\x33\x98", + .clen = 24, + }, { + .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" + "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", + .klen = 16, + .iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22" + "\x36\xab\xde\xc6\x6d\x32\x70\x17", + .assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9" + "\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98", + .alen = 16, + .ptext = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" + "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a", + .plen = 16, + .ctext = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86" + "\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c" + "\x6e", + .clen = 17, }, }; -static const struct aead_testvec morus1280_dec_tv_template[] = { +/* + * MORUS-1280 test vectors - generated via reference implementation from + * SUPERCOP (https://bench.cr.yp.to/supercop.html): + * + * https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz + * (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ ) + */ +static const struct aead_testvec morus1280_tv_template[] = { { .key = "\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00", @@ -26031,11 +20833,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x20\x36\x2c\x24\xfe\xc9\x30\x81", .assoc = "", .alen = 0, - .input = "\x91\x85\x0f\xf5\x52\x9e\xce\xce" + .ptext = "", + .plen = 0, + .ctext = "\x91\x85\x0f\xf5\x52\x9e\xce\xce" "\x65\x99\xc7\xbf\xd3\x76\xe8\x98", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b" "\x80\xda\xb2\x91\xf9\x24\xc2\x06", @@ -26044,12 +20846,12 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xa1\x10\xde\xb5\xf8\xed\xf3\x87", .assoc = "", .alen = 0, - .input = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13" + .ptext = "\x69", + .plen = 1, + .ctext = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13" "\x96\xda\x76\x34\x33\x4e\xd5\x39" "\x73", - .ilen = 17, - .result = "\x69", - .rlen = 1, + .clen = 17, }, { .key = "\x79\x49\x73\x3e\x20\xf7\x51\x37" "\x01\xb4\x64\x22\xf3\x48\x85\x0c", @@ -26058,18 +20860,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x22\xea\x90\x47\xf2\x11\xb5\x8e", .assoc = "", .alen = 0, - .input = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22" + .ptext = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" + "\x62\x58\xe9\x8f\xef\xa4\x17\x91" + "\xb4\x96\x9f\x6b\xce\x38\xa5\x46" + "\x13\x7d\x64\x93\xd7\x05\xf5", + .plen = 31, + .ctext = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22" "\x75\x0b\x24\xa6\x0e\xc3\xde\x52" "\x97\x0b\x64\xd4\xce\x90\x52\xf7" "\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d" "\xe0\x61\x33\x24\xc6\x4d\x51\xbc" "\xa4\x21\x74\xcf\x19\x16\x59", - .ilen = 47, - .result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc" - "\x62\x58\xe9\x8f\xef\xa4\x17\x91" - "\xb4\x96\x9f\x6b\xce\x38\xa5\x46" - "\x13\x7d\x64\x93\xd7\x05\xf5", - .rlen = 31, + .clen = 47, }, { .key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53" "\x82\x8e\x16\xb4\xed\x6d\x47\x12", @@ -26078,18 +20880,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xa2\xc5\x42\xd8\xec\x36\x78\x94", .assoc = "", .alen = 0, - .input = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f" + .ptext = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" + "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97" + "\xde\x58\xab\xf0\xd3\xd8\x27\x60" + "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4", + .plen = 32, + .ctext = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f" "\xde\x9f\x77\xb2\xda\x92\x61\x5c" "\x09\x0b\x2d\x9a\x26\xaa\x1c\x06" "\xab\x74\xb7\x2b\x95\x5f\x9f\xa1" "\x9a\xff\x50\xa0\xa2\xff\xc5\xad" "\x21\x8e\x84\x5c\x12\x61\xb2\xae", - .ilen = 48, - .result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8" - "\xe3\x32\x9b\x21\xe9\xc8\xd9\x97" - "\xde\x58\xab\xf0\xd3\xd8\x27\x60" - "\xd5\xaa\x43\x6b\xb1\x64\x95\xa4", - .rlen = 32, + .clen = 48, }, { .key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f" "\x03\x68\xc8\x45\xe7\x91\x0a\x18", @@ -26098,20 +20900,20 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a", .assoc = "", .alen = 0, - .input = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17" + .ptext = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" + "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" + "\x09\x1a\xb7\x74\xd8\x78\xa9\x79" + "\x96\xd8\x22\x43\x8c\xc3\x34\x7b" + "\xc4", + .plen = 33, + .ctext = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17" "\xc1\x1d\x2a\xdd\x88\x67\xda\x1f" "\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f" "\xa6\xec\xc6\x92\x05\x4b\xc0\xa3" "\x63\xef\x88\xa4\x9b\x0a\x5c\xed" "\x2b\x6a\xac\x63\x52\xaa\x10\x94" "\xd0", - .ilen = 49, - .result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04" - "\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d" - "\x09\x1a\xb7\x74\xd8\x78\xa9\x79" - "\x96\xd8\x22\x43\x8c\xc3\x34\x7b" - "\xc4", - .rlen = 33, + .clen = 49, }, { .key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b" "\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f", @@ -26120,7 +20922,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0", .assoc = "", .alen = 0, - .input = "\x7d\x61\x1a\x35\x20\xcc\x07\x88" + .ptext = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" + "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" + "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" + "\x57\x05\x01\x1c\x66\x22\xd3\x51" + "\xd3\xdf\x18\xc9\x30\x66\xed\xb1" + "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5" + "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1" + "\xe6\x16\xa2\xac\xde\x47\x40", + .plen = 63, + .ctext = "\x7d\x61\x1a\x35\x20\xcc\x07\x88" "\x03\x98\x87\xcf\xc0\x6e\x4d\x19" "\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a" "\x3a\x06\x77\xce\x71\x2c\xcd\xdd" @@ -26130,16 +20941,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9" "\xe5\x81\x37\xde\x84\x7a\xf6\x84" "\x99\x7a\x72\x9c\x54\x31\xa1", - .ilen = 79, - .result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f" - "\xe5\xe6\xff\x44\xdd\x11\x5f\xa3" - "\x33\xdd\xc2\xf8\xdd\x18\x2b\x93" - "\x57\x05\x01\x1c\x66\x22\xd3\x51" - "\xd3\xdf\x18\xc9\x30\x66\xed\xb1" - "\x96\x58\xd5\x8c\x64\x8c\x7c\xf5" - "\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1" - "\xe6\x16\xa2\xac\xde\x47\x40", - .rlen = 63, + .clen = 79, }, { .key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6" "\x05\x1d\x2c\x68\xdb\xda\x8f\x25", @@ -26148,7 +20950,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x25\x53\x58\x8c\xda\xa3\xc0\xa6", .assoc = "", .alen = 0, - .input = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c" + .ptext = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" + "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" + "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" + "\x19\x33\xe0\xf4\x40\x81\x72\x28" + "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf" + "\xb0\x68\x69\xf2\x27\x35\x91\x84" + "\x2e\x37\x5b\x00\x04\xff\x16\x9c" + "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a", + .plen = 64, + .ctext = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c" "\xa5\x07\x12\xa7\x12\x39\x60\x66" "\x30\x81\x4a\x03\x78\x28\x45\x52" "\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66" @@ -26158,16 +20969,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xeb\x71\x40\xc9\x2c\x40\x45\x6d" "\x73\x77\x01\xf3\x4f\xf3\x9d\x2a" "\x5d\x57\xa8\xa1\x18\xa2\xad\xcb", - .ilen = 80, - .result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b" - "\x66\xc0\xb1\xd5\xd7\x35\x21\xaa" - "\x5d\x9f\xce\x7c\xe2\xb8\xad\xad" - "\x19\x33\xe0\xf4\x40\x81\x72\x28" - "\xe1\x8b\x1c\xf8\x91\x78\xff\xaf" - "\xb0\x68\x69\xf2\x27\x35\x91\x84" - "\x2e\x37\x5b\x00\x04\xff\x16\x9c" - "\xb5\x19\x39\xeb\xd9\xcd\x29\x9a", - .rlen = 64, + .clen = 80, }, { .key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2" "\x86\xf7\xde\xfa\xd5\xfe\x52\x2b", @@ -26176,11 +20978,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad", .assoc = "\xc5", .alen = 1, - .input = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e" + .ptext = "", + .plen = 0, + .ctext = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e" "\x89\x3b\x9d\x0f\x83\x1c\x08\xc3", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde" "\x07\xd1\x90\x8b\xcf\x23\x15\x31", @@ -26192,11 +20994,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xe8\x73\x62\x64\xab\x50\xd0\xda" "\x6b\x83\x66\xaf\x3e\x27\xc9", .alen = 31, - .input = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38" + .ptext = "", + .plen = 0, + .ctext = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38" "\x03\x12\xf9\xcc\x9e\x46\x42\x92", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x20\x4a\x07\x99\x91\x58\xee\xfa" "\x88\xab\x42\x1c\xc9\x47\xd7\x38", @@ -26208,11 +21010,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x12\x35\x6e\xe8\xb0\xf0\x52\xf3" "\x2d\xb0\x45\x87\x18\x86\x68\xf6", .alen = 32, - .input = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2" + .ptext = "", + .plen = 0, + .ctext = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2" "\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16" "\x09\x85\xf4\xae\xc3\x6b\x9a\x3e", @@ -26225,11 +21027,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xee\xde\x23\x60\xf2\xe5\x08\xcc" "\x97", .alen = 33, - .input = "\x28\x64\x78\x51\x55\xd8\x56\x4a" + .ptext = "", + .plen = 0, + .ctext = "\x28\x64\x78\x51\x55\xd8\x56\x4a" "\x58\x3e\xf7\xbe\xee\x21\xfe\x94", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31" "\x8a\x60\xa6\x3f\xbd\x90\x5d\x44", @@ -26245,11 +21047,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x03\xa1\xe8\xbe\x37\x54\xec\xa2" "\xcd\x2c\x45\x58\xbd\x8e\x80", .alen = 63, - .input = "\xb3\xa6\x00\x4e\x09\x20\xac\x21" + .ptext = "", + .plen = 0, + .ctext = "\xb3\xa6\x00\x4e\x09\x20\xac\x21" "\x77\x72\x69\x76\x2d\x36\xe5\xc8", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d" "\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a", @@ -26265,11 +21067,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d" "\x9c\x2f\xdb\x97\xb8\x15\x69\x01", .alen = 64, - .input = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd" + .ptext = "", + .plen = 0, + .ctext = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd" "\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x12\xdd\xee\x17\xd1\x47\x92\x69" "\x8b\x14\x0a\x62\xb1\xd9\xe2\x50", @@ -26278,12 +21080,12 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xac\x4b\x37\x86\xb0\xa2\x13\xd2", .assoc = "\x31", .alen = 1, - .input = "\x1d\x47\x17\x34\x86\xf5\x54\x1a" + .ptext = "\x40", + .plen = 1, + .ctext = "\x1d\x47\x17\x34\x86\xf5\x54\x1a" "\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9" "\xbf", - .ilen = 17, - .result = "\x40", - .rlen = 1, + .clen = 17, }, { .key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85" "\x0c\xee\xbc\xf4\xab\xfd\xa5\x57", @@ -26295,18 +21097,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xe6\x01\xa8\x7e\xca\x10\xdc\x73" "\xf4\x94\x9f\xc1\x5a\x61\x85", .alen = 31, - .input = "\x78\x90\x52\xae\x0f\xf7\x2e\xef" + .ptext = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" + "\x6d\x92\x42\x61\xa7\x58\x37\xdb" + "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a" + "\x24\xa0\xd6\xb7\x11\x79\x6c", + .plen = 31, + .ctext = "\x78\x90\x52\xae\x0f\xf7\x2e\xef" "\x63\x09\x08\x58\xb5\x56\xbd\x72" "\x6e\x42\xcf\x27\x04\x7c\xdb\x92" "\x18\xe9\xa4\x33\x90\xba\x62\xb5" "\x70\xd3\x88\x9b\x4f\x05\xa7\x51" "\x85\x87\x17\x09\x42\xed\x4e", - .ilen = 47, - .result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a" - "\x6d\x92\x42\x61\xa7\x58\x37\xdb" - "\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a" - "\x24\xa0\xd6\xb7\x11\x79\x6c", - .rlen = 31, + .clen = 47, }, { .key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1" "\x8d\xc8\x6e\x85\xa5\x21\x67\x5d", @@ -26318,18 +21120,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d" "\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd", .alen = 32, - .input = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41" + .ptext = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" + "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2" + "\xdb\x74\x36\x23\x11\x58\x3f\x93" + "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3", + .plen = 32, + .ctext = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41" "\x2e\x71\xc8\x3b\x92\x43\x58\xaf" "\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e" "\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a" "\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6" "\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7", - .ilen = 48, - .result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36" - "\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2" - "\xdb\x74\x36\x23\x11\x58\x3f\x93" - "\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3", - .rlen = 32, + .clen = 48, }, { .key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd" "\x0e\xa3\x21\x16\x9f\x46\x2a\x63", @@ -26342,20 +21144,20 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x76\xef\x5c\x72\x0f\x1f\xc3\xd4" "\xee", .alen = 33, - .input = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc" + .ptext = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" + "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" + "\x05\x36\x42\xa7\x16\xf8\xc1\xad" + "\xa7\xfb\x94\x68\xc5\x37\xab\x8a" + "\x72", + .plen = 33, + .ctext = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc" "\xfd\x2e\x4b\x46\x84\xff\x78\x4e" "\x50\xda\x5c\xb9\x61\x1d\xf5\xb9" "\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd" "\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37" "\x08\x06\x5a\xe5\x96\x10\x95\xc2" "\x5e", - .ilen = 49, - .result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51" - "\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8" - "\x05\x36\x42\xa7\x16\xf8\xc1\xad" - "\xa7\xfb\x94\x68\xc5\x37\xab\x8a" - "\x72", - .rlen = 33, + .clen = 49, }, { .key = "\x05\x70\xd5\x94\x12\x36\x35\xd8" "\x8f\x7d\xd3\xa8\x99\x6a\xed\x69", @@ -26371,18 +21173,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x10\x0b\x56\x85\xad\x54\xaa\x66" "\xa8\x43\xcd\xd4\x9b\xb7\xfa", .alen = 63, - .input = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22" - "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f" - "\xef\x36\x19\xae\x91\xfa\xd6\x63" - "\x46\xea\x8a\x39\x14\x21\xa6\x37" - "\x18\xfc\x97\x3e\x16\xa5\x4d\x39" - "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d" - "\x5e\xa2\xbf\xac\x83\x32\x72\x52" - "\x58\x58\x23\x40\xfd\xa5\xc2\xe6" - "\xe9\x5a\x50\x98\x00\x58\xc9\x86" - "\x4f\x20\x37\xdb\x7b\x22\xa3", - .ilen = 79, - .result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" + .ptext = "\x32\xcb\x80\xcc\xde\x12\x33\x6d" "\xf0\x20\x58\x15\x95\xc6\x7f\xee" "\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7" "\x68\x28\x73\x40\x9f\x96\x4a\x60" @@ -26390,7 +21181,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8" "\x1b\xa5\x50\xed\x87\xa9\x72\x59" "\x9c\x44\xb2\xa4\x99\x98\x34", - .rlen = 63, + .plen = 63, + .ctext = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22" + "\x49\x2d\x07\x92\xfc\x3d\x6d\x5f" + "\xef\x36\x19\xae\x91\xfa\xd6\x63" + "\x46\xea\x8a\x39\x14\x21\xa6\x37" + "\x18\xfc\x97\x3e\x16\xa5\x4d\x39" + "\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d" + "\x5e\xa2\xbf\xac\x83\x32\x72\x52" + "\x58\x58\x23\x40\xfd\xa5\xc2\xe6" + "\xe9\x5a\x50\x98\x00\x58\xc9\x86" + "\x4f\x20\x37\xdb\x7b\x22\xa3", + .clen = 79, }, { .key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4" "\x10\x57\x85\x39\x93\x8f\xaf\x70", @@ -26406,7 +21208,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x3d\x72\x3e\x26\x16\xa9\xca\x32" "\x77\x47\x63\x14\x95\x3d\xe4\x34", .alen = 64, - .input = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb" + .ptext = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" + "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" + "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" + "\x29\x56\x52\x19\x79\xf5\xe9\x37" + "\x8f\xa1\x50\x23\x22\x4f\xe3\x91" + "\xe9\x21\x5e\xbf\x52\x23\x95\x37" + "\x48\x0c\x38\x8f\xf0\xff\x92\x24" + "\x6b\x47\x49\xe3\x94\x1f\x1e\x01", + .plen = 64, + .ctext = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb" "\x23\xec\x35\xe3\xae\xc9\xfb\x0b" "\x90\x14\x46\xeb\xa8\x8d\xb0\x9b" "\x39\xda\x8b\x48\xec\xb2\x00\x4e" @@ -26416,16 +21227,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xec\x99\x7d\x61\xb3\x15\x93\xed" "\x83\x1e\xd9\x48\x84\x0b\x37\xfe" "\x95\x74\x44\xd5\x54\xa6\x27\x06", - .ilen = 80, - .result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89" - "\x71\xfb\x0a\xa6\x8f\xea\x41\xf4" - "\x5a\xbb\x59\xb0\x20\x38\xc5\xe0" - "\x29\x56\x52\x19\x79\xf5\xe9\x37" - "\x8f\xa1\x50\x23\x22\x4f\xe3\x91" - "\xe9\x21\x5e\xbf\x52\x23\x95\x37" - "\x48\x0c\x38\x8f\xf0\xff\x92\x24" - "\x6b\x47\x49\xe3\x94\x1f\x1e\x01", - .rlen = 64, + .clen = 80, }, { .key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10" "\x91\x31\x37\xcb\x8d\xb3\x72\x76", @@ -26442,7 +21244,25 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x46\x4a\xfa\x53\x8f\xc4\xcd\x68" "\x58", .alen = 65, - .input = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9" + .ptext = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" + "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" + "\x84\x7d\x65\x34\x25\xd8\x47\xfa" + "\xeb\x83\x31\xf1\x54\x54\x89\x0d" + "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" + "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" + "\x75\x73\x20\x30\x59\x54\xb2\xf0" + "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" + "\x8a\xdf\x27\xa0\xe4\x60\x99\xae" + "\x8e\x43\xd9\x39\x7b\x10\x40\x67" + "\x5c\x7e\xc9\x70\x63\x34\xca\x59" + "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d" + "\x6a\x41\x64\x6f\x16\x7f\x65\x7e" + "\x89\x84\x68\xeb\xb0\x51\xbe\x55" + "\x33\x16\x59\x6c\x3b\xef\x88\xad" + "\x2f\xab\xbc\x25\x76\x87\x41\x2f" + "\x36", + .plen = 129, + .ctext = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9" "\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb" "\x52\xb5\xb3\xab\x50\x99\x3f\xa0" "\x38\xa4\x74\xa5\x04\x15\x63\x05" @@ -26461,25 +21281,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xed\xed\x35\xe8\x83\xa5\xec\x25" "\x6b\xff\x5f\x1a\x09\x96\x3d\xdc" "\x20", - .ilen = 145, - .result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5" - "\xf2\xd5\xbc\x38\x89\x0e\x04\xfb" - "\x84\x7d\x65\x34\x25\xd8\x47\xfa" - "\xeb\x83\x31\xf1\x54\x54\x89\x0d" - "\x9d\x4d\x54\x51\x84\x61\xf6\x8e" - "\x03\x31\xf2\x25\x16\xcc\xaa\xc6" - "\x75\x73\x20\x30\x59\x54\xb2\xf0" - "\x3a\x4b\xe0\x23\x8e\xa6\x08\x35" - "\x8a\xdf\x27\xa0\xe4\x60\x99\xae" - "\x8e\x43\xd9\x39\x7b\x10\x40\x67" - "\x5c\x7e\xc9\x70\x63\x34\xca\x59" - "\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d" - "\x6a\x41\x64\x6f\x16\x7f\x65\x7e" - "\x89\x84\x68\xeb\xb0\x51\xbe\x55" - "\x33\x16\x59\x6c\x3b\xef\x88\xad" - "\x2f\xab\xbc\x25\x76\x87\x41\x2f" - "\x36", - .rlen = 129, + .clen = 145, }, { .key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c" "\x12\x0b\xe9\x5c\x87\xd7\x35\x7c", @@ -26504,7 +21306,17 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9" "\x51", .alen = 129, - .input = "\x36\x78\xb9\x22\xde\x62\x35\x55" + .ptext = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" + "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" + "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" + "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" + "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" + "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" + "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" + "\x09\x4f\x77\x62\x88\x2d\xf2\x68" + "\x54", + .plen = 65, + .ctext = "\x36\x78\xb9\x22\xde\x62\x35\x55" "\x1a\x7a\xf5\x45\xbc\xd7\x15\x82" "\x01\xe9\x5a\x07\xea\x46\xaf\x91" "\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2" @@ -26515,17 +21327,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19" "\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf" "\xa2", - .ilen = 81, - .result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1" - "\x72\xaf\x6e\xc9\x82\x33\xc7\x01" - "\xaf\x40\x70\xb8\x2a\x78\xc9\x14" - "\xac\xb1\x10\xca\x2e\xb3\x28\xe4" - "\xac\xfa\x58\x7f\xe5\x73\x09\x8c" - "\x1d\x40\x87\x8c\xd9\x75\xc0\x55" - "\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb" - "\x09\x4f\x77\x62\x88\x2d\xf2\x68" - "\x54", - .rlen = 65, + .clen = 81, }, { .key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48" "\x93\xe6\x9b\xee\x81\xfc\xf7\x82", @@ -26537,18 +21339,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x0e\x51\xf9\x1c\xee\x70\x6a\x27" "\x3d\xd3\xb7\xac\x51\xfa\xdf\x05", .alen = 32, - .input = "\x08\x1b\x95\x0e\x41\x95\x02\x4b" + .ptext = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" + "\xf3\x89\x20\x5b\x7c\x57\x89\x07" + "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d" + "\x6e\xde\xee\xa2\x08\x12\xc7\xba", + .plen = 32, + .ctext = "\x08\x1b\x95\x0e\x41\x95\x02\x4b" "\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e" "\x89\x14\x33\x70\x0a\xbc\xea\x39" "\x88\xaa\x2b\xd5\x73\x11\x55\xf5" "\x33\x33\x9c\xd7\x42\x34\x49\x8e" "\x2f\x03\x30\x05\x47\xaf\x34", - .ilen = 47, - .result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd" - "\xf3\x89\x20\x5b\x7c\x57\x89\x07" - "\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d" - "\x6e\xde\xee\xa2\x08\x12\xc7\xba", - .rlen = 32, + .clen = 47, }, { .key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63" "\x14\xc0\x4d\x7f\x7b\x20\xba\x89", @@ -26560,18 +21362,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x39\x14\x05\xa0\xf3\x10\xec\x41" "\xff\x01\x95\x84\x2b\x59\x7f\xdb", .alen = 32, - .input = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68" + .ptext = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" + "\x74\x63\xd2\xec\x76\x7c\x4c\x0d" + "\x03\xc4\x88\xc1\x35\xb8\xcd\x47" + "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91", + .plen = 32, + .ctext = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68" "\x0c\x60\xb9\x27\xdf\xaa\x41\xc6" "\x25\xd8\xf7\x1f\x10\x15\x48\x61" "\x4c\x95\x00\xdf\x51\x9b\x7f\xe6" "\x24\x40\x9e\xbe\x3b\xeb\x1b\x98" "\xb9\x9c\xe5\xef\xf2\x05", - .ilen = 46, - .result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8" - "\x74\x63\xd2\xec\x76\x7c\x4c\x0d" - "\x03\xc4\x88\xc1\x35\xb8\xcd\x47" - "\x2f\x0c\xcd\x7a\xe2\x71\x66\x91", - .rlen = 32, + .clen = 46, }, { .key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f" "\x95\x9a\xff\x10\x75\x45\x7d\x8f", @@ -26583,17 +21385,17 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x63\xd6\x10\x24\xf8\xb0\x6e\x5a" "\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2", .alen = 32, - .input = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d" + .ptext = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" + "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13" + "\x2e\x86\x93\x45\x3a\x58\x4f\x61" + "\xf0\x3a\xac\x53\xbc\xd0\x06\x68", + .plen = 32, + .ctext = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d" "\xb5\xec\x9b\x4e\x12\x23\xa3\xcf" "\x1a\x5a\x70\x15\x5a\x10\x40\x51" "\xca\x47\x4c\x9d\xc9\x97\xf4\x77" "\xdb\xc8\x10\x2d\xdc\x65\x20\x3f", - .ilen = 40, - .result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14" - "\xf5\x3e\x85\x7d\x70\xa0\x0f\x13" - "\x2e\x86\x93\x45\x3a\x58\x4f\x61" - "\xf0\x3a\xac\x53\xbc\xd0\x06\x68", - .rlen = 32, + .clen = 40, }, { .key = "\xac\x70\x69\xef\x82\x97\xd2\x9b" "\x15\x74\xb1\xa2\x6f\x69\x3f\x95", @@ -26605,17 +21407,17 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x8d\x98\x1c\xa8\xfe\x50\xf0\x74" "\x81\x5c\x53\x35\xe0\x17\xbd\x88", .alen = 32, - .input = "\xf1\x62\x44\xc7\x5f\x19\xca\x43" + .ptext = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" + "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a" + "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a" + "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e", + .plen = 32, + .ctext = "\xf1\x62\x44\xc7\x5f\x19\xca\x43" "\x47\x2c\xaf\x68\x82\xbd\x51\xef" "\x3d\x65\xd8\x45\x2d\x06\x07\x78" "\x08\x2e\xb3\x23\xcd\x81\x12\x55" "\x1a", - .ilen = 33, - .result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30" - "\x76\x18\x37\x0f\x6a\xc4\xd1\x1a" - "\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a" - "\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e", - .rlen = 32, + .clen = 33, }, { .key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7" "\x96\x4e\x63\x33\x69\x8d\x02\x9b" @@ -26626,11 +21428,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xb7\x85\x90\x58\x67\x57\x33\x1d", .assoc = "", .alen = 0, - .input = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf" + .ptext = "", + .plen = 0, + .ctext = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf" "\xb9\xd2\x41\xf6\x80\xa1\x52\x70", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3" "\x17\x29\x15\xc5\x63\xb2\xc5\xa1" @@ -26641,12 +21443,12 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x38\x5f\x42\xe9\x61\x7b\xf5\x23", .assoc = "", .alen = 0, - .input = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7" + .ptext = "\x53", + .plen = 1, + .ctext = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7" "\x01\xf4\x08\xe3\x0d\xf7\xf0\x78" "\x53", - .ilen = 17, - .result = "\x53", - .rlen = 1, + .clen = 17, }, { .key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef" "\x98\x03\xc7\x56\x5d\xd6\x87\xa8" @@ -26657,18 +21459,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29", .assoc = "", .alen = 0, - .input = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07" + .ptext = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83" + "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c" + "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7" + "\xf6\xf0\x27\xb4\x25\x4c\x83", + .plen = 31, + .ctext = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07" "\xff\x8e\x74\xf8\xa1\xa6\xd5\x37" "\xa5\x64\x31\x5c\xca\x73\x9b\x43" "\xe6\x70\x63\x46\x95\xcb\xf7\xb5" "\x20\x8c\x75\x7a\x2a\x17\x2f\xa9" "\xb8\x4d\x11\x42\xd1\xf8\xf1", - .ilen = 47, - .result = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83" - "\xf9\xa6\x4d\xc3\x58\x31\x19\x2c" - "\xd7\x90\xc2\x56\x4e\xd8\x57\xc7" - "\xf6\xf0\x27\xb4\x25\x4c\x83", - .rlen = 31, + .clen = 47, }, { .key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a" "\x19\xdd\x79\xe8\x57\xfb\x4a\xae" @@ -26679,18 +21481,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x39\x14\xa6\x0c\x55\xc4\x7b\x30", .assoc = "", .alen = 0, - .input = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37" + .ptext = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f" + "\x7a\x81\xff\x55\x52\x56\xdc\x33" + "\x01\x52\xcd\xdb\x53\x78\xd9\xe1" + "\xb7\x1d\x06\x8d\xff\xab\x22\x98", + .plen = 32, + .ctext = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37" "\x0a\xee\xc4\x30\x19\xd7\x3a\x6f" "\xf8\x2b\x67\xf5\x3b\x84\x87\x2a" "\xfb\x07\x7a\x82\xb5\xe4\x85\x26" "\x1e\xa8\xe5\x04\x54\xce\xe5\x5f" "\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6", - .ilen = 48, - .result = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f" - "\x7a\x81\xff\x55\x52\x56\xdc\x33" - "\x01\x52\xcd\xdb\x53\x78\xd9\xe1" - "\xb7\x1d\x06\x8d\xff\xab\x22\x98", - .rlen = 32, + .clen = 48, }, { .key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26" "\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4" @@ -26701,20 +21503,20 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xba\xee\x58\x9d\x4f\xe8\x3d\x36", .assoc = "", .alen = 0, - .input = "\xc2\xf4\x40\x55\xf9\x59\xff\x73" + .ptext = "\x08\x84\x34\x44\x9f\xde\x1c\xbb" + "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39" + "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb" + "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f" + "\x2e", + .plen = 33, + .ctext = "\xc2\xf4\x40\x55\xf9\x59\xff\x73" "\x08\xf5\x98\x92\x0c\x7b\x35\x9a" "\xa8\xf4\x42\x7e\x6f\x93\xca\x22" "\x23\x06\x1e\xf8\x89\x22\xf4\x46" "\x7c\x7c\x67\x75\xab\xe5\x75\xaa" "\x15\xd7\x83\x19\xfd\x31\x59\x5b" "\x32", - .ilen = 49, - .result = "\x08\x84\x34\x44\x9f\xde\x1c\xbb" - "\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39" - "\x2c\x14\xd9\x5f\x59\x18\x5b\xfb" - "\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f" - "\x2e", - .rlen = 33, + .clen = 49, }, { .key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42" "\x1b\x91\xdd\x0a\x4b\x43\xcf\xba" @@ -26725,7 +21527,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c", .assoc = "", .alen = 0, - .input = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb" + .ptext = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7" + "\x7c\x35\x63\x77\x46\x9f\x61\x3f" + "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14" + "\x3a\x79\xc4\x3e\xb3\x69\x61\x46" + "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73" + "\x22\xda\x52\x8b\x7d\x11\x98\xea" + "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad" + "\x20\x76\x5a\xdc\x4e\x71\x13", + .plen = 63, + .ctext = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb" "\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28" "\x2a\xdc\xfa\x01\x84\x87\x9a\x70" "\x81\x75\x37\x0a\xd2\x75\xa9\xb6" @@ -26735,16 +21546,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x83\x9b\x05\x11\x72\x60\xf0\xb4" "\x7e\x06\xab\x0a\xc0\xbb\x59\x23" "\xaa\x2d\xfc\x4e\x35\x05\x59", - .ilen = 79, - .result = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7" - "\x7c\x35\x63\x77\x46\x9f\x61\x3f" - "\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14" - "\x3a\x79\xc4\x3e\xb3\x69\x61\x46" - "\x3c\xb6\x83\x4e\xb4\x26\xc7\x73" - "\x22\xda\x52\x8b\x7d\x11\x98\xea" - "\x62\xe1\x14\x1e\xdc\xfe\x0f\xad" - "\x20\x76\x5a\xdc\x4e\x71\x13", - .rlen = 63, + .clen = 79, }, { .key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e" "\x9c\x6c\x8f\x9c\x45\x68\x92\xc1" @@ -26755,7 +21557,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xbc\xa2\xbc\xc0\x43\x31\xc2\x42", .assoc = "", .alen = 0, - .input = "\x11\x7c\x7d\xef\xce\x29\x95\xec" + .ptext = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3" + "\xfd\x0f\x15\x09\x40\xc3\x24\x45" + "\x81\x99\xf0\x67\x63\x58\x5e\x2e" + "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c" + "\x4b\x62\x87\x7c\x15\x38\xda\x70" + "\x3d\xea\xe7\xf2\x40\xba\xae\x79" + "\x8f\x48\xfc\xbf\x45\x53\x2e\x78" + "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c", + .plen = 64, + .ctext = "\x11\x7c\x7d\xef\xce\x29\x95\xec" "\x7e\x9f\x42\xa6\x26\x07\xa1\x75" "\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa" "\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc" @@ -26765,16 +21576,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x43\x11\x26\x58\xcf\xc5\x41\xcf" "\x13\xcc\xde\x32\x92\xfa\x86\xf2" "\xaf\x16\xe8\x8f\xca\xb6\xfd\x54", - .ilen = 80, - .result = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3" - "\xfd\x0f\x15\x09\x40\xc3\x24\x45" - "\x81\x99\xf0\x67\x63\x58\x5e\x2e" - "\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c" - "\x4b\x62\x87\x7c\x15\x38\xda\x70" - "\x3d\xea\xe7\xf2\x40\xba\xae\x79" - "\x8f\x48\xfc\xbf\x45\x53\x2e\x78" - "\xef\x79\xf0\x1b\x49\xf7\xfd\x9c", - .rlen = 64, + .clen = 80, }, { .key = "\x90\x96\x36\xea\x03\x74\x18\x7a" "\x1d\x46\x42\x2d\x3f\x8c\x54\xc7" @@ -26785,11 +21587,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x3d\x7c\x6e\x52\x3d\x55\x85\x48", .assoc = "\xaf", .alen = 1, - .input = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe" + .ptext = "", + .plen = 0, + .ctext = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe" "\x69\xdf\xc4\xc4\x02\x46\x3a\xf0", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95" "\x9e\x20\xf4\xbf\x39\xb1\x17\xcd" @@ -26803,11 +21605,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b" "\x4e\xf6\x29\xd1\x8b\x6f\x56", .alen = 31, - .input = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d" + .ptext = "", + .plen = 0, + .ctext = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d" "\x2e\x9a\xd6\x61\x43\xc0\x74\x69", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1" "\x1f\xfa\xa6\x50\x33\xd5\xda\xd3" @@ -26821,11 +21623,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x35\x2f\x90\xd3\x31\x90\x04\x74" "\x0f\x23\x08\xa9\x65\xce\xf6\xea", .alen = 32, - .input = "\xb9\x57\x13\x3e\x82\x31\x61\x65" + .ptext = "", + .plen = 0, + .ctext = "\xb9\x57\x13\x3e\x82\x31\x61\x65" "\x0d\x7f\x6c\x96\x93\x5c\x50\xe2", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd" "\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda" @@ -26840,11 +21642,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xd1\x51\xe6\x81\x3f\x2d\x95\xc1" "\x01", .alen = 33, - .input = "\x81\x96\x34\xde\xbb\x36\xdd\x3e" + .ptext = "", + .plen = 0, + .ctext = "\x81\x96\x34\xde\xbb\x36\xdd\x3e" "\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9" "\x20\xaf\x0a\x73\x27\x1e\x5f\xe0" @@ -26862,11 +21664,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x64\xb2\x89\x7d\x78\xa8\x05\x7e" "\x07\x8c\xfc\x88\x2d\xb8\x53", .alen = 63, - .input = "\x2e\x99\xb6\x79\x57\x56\x80\x36" + .ptext = "", + .plen = 0, + .ctext = "\x2e\x99\xb6\x79\x57\x56\x80\x36" "\x8e\xc4\x1c\x12\x7d\x71\x36\x0c", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05" "\xa1\x89\xbc\x04\x21\x42\x22\xe6" @@ -26884,11 +21686,11 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x91\x19\x70\x1e\xe1\xfe\x25\x49" "\xd6\x8f\x93\xc7\x28\x3f\x3d\x03", .alen = 64, - .input = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce" + .ptext = "", + .plen = 0, + .ctext = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce" "\x3b\x89\x40\x36\xba\x6d\x0e\xa2", - .ilen = 16, - .result = "", - .rlen = 0, + .clen = 16, }, { .key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21" "\x22\x63\x6e\x96\x1b\x67\xe4\xec" @@ -26899,12 +21701,12 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x42\x9a\x9a\xba\x19\x30\x15\x6e", .assoc = "\x1a", .alen = 1, - .input = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6" + .ptext = "\x29", + .plen = 1, + .ctext = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6" "\x17\x75\x81\x16\xdf\x26\xff\x67" "\x92", - .ilen = 17, - .result = "\x29", - .rlen = 1, + .clen = 17, }, { .key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c" "\xa3\x3d\x20\x27\x15\x8b\xa7\xf2" @@ -26918,18 +21720,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x09\xfb\xca\x69\x4b\xb0\x8e\xf5" "\xd6\x07\x62\xe3\xa8\xa9\x12", .alen = 31, - .input = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd" + .ptext = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1" + "\x04\xe1\xa6\x94\x10\xe6\x39\x77" + "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb" + "\x06\x13\x9a\xd9\x5e\xc0\xfa", + .plen = 31, + .ctext = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd" "\x3c\xd1\x2a\xd4\x15\x86\x9d\xda" "\xea\x6c\x6f\xa1\x33\xb0\x7a\x01" "\x57\xe7\xf3\x7b\x73\xe7\x54\x10" "\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6" "\x76\xc3\xf5\x3a\x76\xfd\x4a", - .ilen = 47, - .result = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1" - "\x04\xe1\xa6\x94\x10\xe6\x39\x77" - "\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb" - "\x06\x13\x9a\xd9\x5e\xc0\xfa", - .rlen = 31, + .clen = 47, }, { .key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58" "\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9" @@ -26943,18 +21745,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x33\xbd\xd6\xed\x50\x50\x10\x0e" "\x97\x35\x41\xbb\x82\x08\xb1\xf2", .alen = 32, - .input = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a" + .ptext = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed" + "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d" + "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15" + "\xc8\x40\x78\xb1\x38\x1f\x99\xa7", + .plen = 32, + .ctext = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a" "\x71\xce\xe4\xaa\x45\x70\xe6\x84" "\x62\x48\x08\x64\x86\x6a\xdf\xec" "\xb4\xa0\xfb\x34\x03\x0c\x19\xf4" "\x2b\x7b\x36\x73\xec\x54\xa9\x1e" "\x30\x85\xdb\xe4\xac\xe9\x2c\xca", - .ilen = 48, - .result = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed" - "\x85\xbb\x58\x26\x0a\x0b\xfc\x7d" - "\xfe\x6e\x59\x0e\x91\xf8\xf0\x15" - "\xc8\x40\x78\xb1\x38\x1f\x99\xa7", - .rlen = 32, + .clen = 48, }, { .key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74" "\xa5\xf2\x84\x4a\x08\xd4\x2c\xff" @@ -26969,20 +21771,20 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x59\x62\x20\x94\x5c\x67\x50\xc8" "\x58", .alen = 33, - .input = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60" + .ptext = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09" + "\x06\x95\x0a\xb7\x04\x2f\xbe\x84" + "\x28\x30\x64\x92\x96\x98\x72\x2e" + "\x89\x6e\x57\x8a\x13\x7e\x38\x7e" + "\xdb", + .plen = 33, + .ctext = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60" "\xcb\x4a\x54\x94\xcf\xf5\x7e\x34" "\xe9\xf8\x80\x65\x53\xd0\x72\x70" "\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c" "\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67" "\x63\x0f\x1a\x59\xb7\x89\xdb\xf4" "\xc3", - .ilen = 49, - .result = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09" - "\x06\x95\x0a\xb7\x04\x2f\xbe\x84" - "\x28\x30\x64\x92\x96\x98\x72\x2e" - "\x89\x6e\x57\x8a\x13\x7e\x38\x7e" - "\xdb", - .rlen = 33, + .clen = 49, }, { .key = "\xee\x05\x77\x23\xa5\x49\xb0\x90" "\x26\xcc\x36\xdc\x02\xf8\xef\x05" @@ -27000,7 +21802,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x71\x1c\xf7\x44\xee\xa8\xc3\x42" "\xe2\xa3\x84\x04\x0b\xe1\xce", .alen = 63, - .input = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a" + .ptext = "\x1b\x61\x23\x5b\x71\x26\xae\x25" + "\x87\x6f\xbc\x49\xfe\x53\x81\x8a" + "\x53\xf2\x70\x17\x9b\x38\xf4\x48" + "\x4b\x9b\x36\x62\xed\xdd\xd8\x54" + "\xea\xcb\xb6\x79\x45\xfc\xaa\x54" + "\x5c\x94\x47\x58\xa7\xff\x9c\x9e" + "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35" + "\xd5\xa4\x6a\xd4\x09\xc2\x08", + .plen = 63, + .ctext = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a" "\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8" "\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b" "\x59\xc0\x79\xbc\x17\xa0\x15\x01" @@ -27010,16 +21821,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xed\x0b\x23\xea\x9b\xda\x57\x2f" "\xf6\xa9\xae\x0d\x4e\x40\x96\x45" "\x7f\xfa\xf0\xbf\xc4\x98\x78", - .ilen = 79, - .result = "\x1b\x61\x23\x5b\x71\x26\xae\x25" - "\x87\x6f\xbc\x49\xfe\x53\x81\x8a" - "\x53\xf2\x70\x17\x9b\x38\xf4\x48" - "\x4b\x9b\x36\x62\xed\xdd\xd8\x54" - "\xea\xcb\xb6\x79\x45\xfc\xaa\x54" - "\x5c\x94\x47\x58\xa7\xff\x9c\x9e" - "\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35" - "\xd5\xa4\x6a\xd4\x09\xc2\x08", - .rlen = 63, + .clen = 79, }, { .key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac" "\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b" @@ -27037,7 +21839,16 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x9d\x83\xde\xe5\x57\xfd\xe3\x0e" "\xb1\xa7\x1b\x44\x05\x67\xb7\x37", .alen = 64, - .input = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1" + .ptext = "\x58\x85\x5c\xfa\x81\xa1\x57\x40" + "\x08\x4a\x6e\xda\xf8\x78\x44\x90" + "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62" + "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b" + "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52" + "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d" + "\xa9\x1d\xd8\x4e\x31\x53\xab\x00" + "\xa5\xa7\x01\x13\x04\x49\xf2\x04", + .plen = 64, + .ctext = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1" "\x58\x06\x1a\x9b\x8c\x67\xdf\xeb" "\x35\x35\x60\x9d\x06\x40\x65\xc1" "\x93\xe8\xb3\x82\x50\x29\xdd\xb5" @@ -27047,16 +21858,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xf4\x77\xe4\xbf\x41\x3b\xc4\x06" "\xce\x9e\x34\x81\xf0\x89\x11\x13" "\x02\x65\xa1\x7c\xdf\x07\x33\x06", - .ilen = 80, - .result = "\x58\x85\x5c\xfa\x81\xa1\x57\x40" - "\x08\x4a\x6e\xda\xf8\x78\x44\x90" - "\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62" - "\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b" - "\xf8\x78\xba\xa7\xa6\x0e\xbd\x52" - "\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d" - "\xa9\x1d\xd8\x4e\x31\x53\xab\x00" - "\xa5\xa7\x01\x13\x04\x49\xf2\x04", - .rlen = 64, + .clen = 80, }, { .key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7" "\x28\x80\x9a\xfe\xf6\x41\x74\x12" @@ -27075,7 +21877,25 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x80\xaa\xb2\x83\xff\xee\xa1\x6a" "\x04", .alen = 65, - .input = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6" + .ptext = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c" + "\x88\x24\x20\x6b\xf2\x9c\x06\x96" + "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b" + "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02" + "\x07\x24\xbf\xd5\x08\x20\xd0\x4f" + "\x90\xb3\x70\x24\x2f\x51\xc7\xbb" + "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc" + "\x74\xab\x97\x53\xfe\xd0\xdb\x37" + "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3" + "\x1b\x34\x6d\x51\x72\x2b\x17\xe7" + "\x4d\xaa\x2c\x18\xda\xa3\x33\x89" + "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f" + "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0" + "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2" + "\x27\x7f\xe3\x34\x80\x02\x49\x4b" + "\x07\x68\x22\x2a\x88\x25\x53\xb2" + "\x2f", + .plen = 129, + .ctext = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6" "\x85\x43\x88\xd0\xd7\x78\x60\x19" "\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec" "\xf7\x84\x85\xc7\x27\x0f\x74\x57" @@ -27094,25 +21914,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x4c\x50\x10\x62\xba\x7a\xb1\x68" "\x37\xd7\x87\x4e\xe4\x66\x09\x1f" "\xa5", - .ilen = 145, - .result = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c" - "\x88\x24\x20\x6b\xf2\x9c\x06\x96" - "\xa7\x77\x87\x1f\xa6\x78\xf8\x7b" - "\xcd\xf6\xf4\x13\xa1\x9b\x16\x02" - "\x07\x24\xbf\xd5\x08\x20\xd0\x4f" - "\x90\xb3\x70\x24\x2f\x51\xc7\xbb" - "\xd6\x84\xc0\xef\x9a\xa8\xca\xcc" - "\x74\xab\x97\x53\xfe\xd0\xdb\x37" - "\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3" - "\x1b\x34\x6d\x51\x72\x2b\x17\xe7" - "\x4d\xaa\x2c\x18\xda\xa3\x33\x89" - "\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f" - "\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0" - "\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2" - "\x27\x7f\xe3\x34\x80\x02\x49\x4b" - "\x07\x68\x22\x2a\x88\x25\x53\xb2" - "\x2f", - .rlen = 129, + .clen = 145, }, { .key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3" "\xa9\x5a\x4c\x90\xf0\x65\x37\x18" @@ -27139,7 +21941,17 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xb1\x8f\x15\x93\xe7\x71\xb9\x2c" "\x4b", .alen = 129, - .input = "\x7d\xde\x53\x22\xe4\x23\x3b\x30" + .ptext = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78" + "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d" + "\xd2\x39\x93\xa3\xab\x18\x7a\x95" + "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8" + "\x15\xd1\xc3\x04\x69\x32\xe3\x4d" + "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a" + "\x02\xeb\xa8\x90\x03\xfd\xea\x97" + "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a" + "\x00", + .plen = 65, + .ctext = "\x7d\xde\x53\x22\xe4\x23\x3b\x30" "\x78\xde\x35\x90\x7a\xd9\x0b\x93" "\xf6\x0e\x0b\xed\x40\xee\x10\x9c" "\x96\x3a\xd3\x34\xb2\xd0\x67\xcf" @@ -27150,17 +21962,7 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xf2\x3b\xd8\x28\x40\xe2\x76\xf6" "\x20\x13\x83\x46\xaf\xff\xe3\x0f" "\x72", - .ilen = 81, - .result = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78" - "\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d" - "\xd2\x39\x93\xa3\xab\x18\x7a\x95" - "\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8" - "\x15\xd1\xc3\x04\x69\x32\xe3\x4d" - "\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a" - "\x02\xeb\xa8\x90\x03\xfd\xea\x97" - "\x43\xaf\x2e\x92\xf8\x57\xc5\x6a" - "\x00", - .rlen = 65, + .clen = 81, }, { .key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff" "\x2a\x35\xfe\x21\xea\x8a\xfa\x1e" @@ -27174,18 +21976,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x31\x4b\x1b\x07\x6f\x10\x1c\xa8" "\x20\x46\x7a\xce\x9f\x42\x6d\xf9", .alen = 32, - .input = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe" + .ptext = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94" + "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3" + "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf" + "\x50\x52\xb1\xc4\x55\x59\x55\xaf", + .plen = 32, + .ctext = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe" "\x53\xc7\xaa\x9a\x60\x74\x9c\xc4" "\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc" "\xbb\x51\x7e\x9c\x89\x73\xde\x4e" "\x24\xf8\x52\x7c\x15\x41\x0e\xba" "\x69\x0e\x36\x5f\x2f\x22\x8c", - .ilen = 47, - .result = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94" - "\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3" - "\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf" - "\x50\x52\xb1\xc4\x55\x59\x55\xaf", - .rlen = 32, + .clen = 47, }, { .key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b" "\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24" @@ -27199,18 +22001,18 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2" "\xe1\x74\x59\xa6\x79\xa1\x0c\xd0", .alen = 32, - .input = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51" + .ptext = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0" + "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9" + "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8" + "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85", + .plen = 32, + .ctext = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51" "\xb8\xda\x92\x3c\xfd\xda\xac\x8e" "\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1" "\xab\xd6\x7c\x76\xad\xea\x7d\x76" "\x53\xee\xb0\xcd\xd0\x02\xbb\x70" "\x5b\x6f\x7b\xe2\x8c\xe8", - .ilen = 46, - .result = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0" - "\x0b\xb2\x36\x20\xe0\x09\x4e\xa9" - "\x26\xbe\xaa\xac\xb5\x58\x7e\xc8" - "\x11\x7f\x90\x9c\x2f\xb8\xf4\x85", - .rlen = 32, + .clen = 46, }, { .key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37" "\x2b\xe9\x63\x44\xde\xd3\x7f\x2b" @@ -27224,17 +22026,17 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\x86\xd0\x32\x0f\x79\x50\x20\xdb" "\xa2\xa1\x37\x7e\x53\x00\xab\xa6", .alen = 32, - .input = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b" + .ptext = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc" + "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf" + "\x51\x80\xb5\x30\xba\xf8\x00\xe2" + "\xd3\xad\x6f\x75\x09\x18\x93\x5c", + .plen = 32, + .ctext = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b" "\xe7\x68\x81\x51\xbb\xfb\xdf\x60" "\xbb\xac\xe8\xc1\xdc\x68\xae\x68" "\x3a\xcd\x7a\x06\x49\xfe\x80\x11" "\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf", - .ilen = 40, - .result = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc" - "\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf" - "\x51\x80\xb5\x30\xba\xf8\x00\xe2" - "\xd3\xad\x6f\x75\x09\x18\x93\x5c", - .rlen = 32, + .clen = 40, }, { .key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53" "\xac\xc3\x15\xd6\xd8\xf7\x42\x31" @@ -27248,17 +22050,17 @@ static const struct aead_testvec morus1280_dec_tv_template[] = { "\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5" "\x64\xcf\x16\x57\x2d\x5f\x4a\x7d", .alen = 32, - .input = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e" + .ptext = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7" + "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5" + "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc" + "\x94\xda\x4e\x4d\xe4\x77\x32\x32", + .plen = 32, + .ctext = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e" "\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c" "\x73\xc7\xd9\x6b\xbe\xce\x9b\x70" "\xc7\x4f\x96\x16\x03\xfc\xea\xfb" "\x56", - .ilen = 33, - .result = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7" - "\x0d\x67\x9a\x43\xd4\x52\xd4\xb5" - "\x7b\x43\xc1\xb5\xbf\x98\x82\xfc" - "\x94\xda\x4e\x4d\xe4\x77\x32\x32", - .rlen = 32, + .clen = 33, }, }; -- cgit From ccba2f1112d4871982ae3f09d1984c0443c89a97 Mon Sep 17 00:00:00 2001 From: Hadar Gat Date: Tue, 15 Jan 2019 15:43:11 +0200 Subject: crypto: ccree - improve error handling pass the returned error code to the higher level functions Signed-off-by: Hadar Gat Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_buffer_mgr.c | 74 +++++++++++++++++------------------- 1 file changed, 35 insertions(+), 39 deletions(-) diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c index dd948e1df9e5..32d2df36ced2 100644 --- a/drivers/crypto/ccree/cc_buffer_mgr.c +++ b/drivers/crypto/ccree/cc_buffer_mgr.c @@ -511,10 +511,8 @@ int cc_map_cipher_request(struct cc_drvdata *drvdata, void *ctx, /* Map the src SGL */ rc = cc_map_sg(dev, src, nbytes, DMA_BIDIRECTIONAL, &req_ctx->in_nents, LLI_MAX_NUM_OF_DATA_ENTRIES, &dummy, &mapped_nents); - if (rc) { - rc = -ENOMEM; + if (rc) goto cipher_exit; - } if (mapped_nents > 1) req_ctx->dma_buf_type = CC_DMA_BUF_MLLI; @@ -528,12 +526,11 @@ int cc_map_cipher_request(struct cc_drvdata *drvdata, void *ctx, } } else { /* Map the dst sg */ - if (cc_map_sg(dev, dst, nbytes, DMA_BIDIRECTIONAL, - &req_ctx->out_nents, LLI_MAX_NUM_OF_DATA_ENTRIES, - &dummy, &mapped_nents)) { - rc = -ENOMEM; + rc = cc_map_sg(dev, dst, nbytes, DMA_BIDIRECTIONAL, + &req_ctx->out_nents, LLI_MAX_NUM_OF_DATA_ENTRIES, + &dummy, &mapped_nents); + if (rc) goto cipher_exit; - } if (mapped_nents > 1) req_ctx->dma_buf_type = CC_DMA_BUF_MLLI; @@ -1078,10 +1075,8 @@ static int cc_aead_chain_data(struct cc_drvdata *drvdata, &areq_ctx->dst.nents, LLI_MAX_NUM_OF_DATA_ENTRIES, &dst_last_bytes, &dst_mapped_nents); - if (rc) { - rc = -ENOMEM; + if (rc) goto chain_data_exit; - } } dst_mapped_nents = cc_get_sgl_nents(dev, req->dst, size_for_map, @@ -1235,11 +1230,10 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req) } areq_ctx->ccm_iv0_dma_addr = dma_addr; - if (cc_set_aead_conf_buf(dev, areq_ctx, areq_ctx->ccm_config, - &sg_data, req->assoclen)) { - rc = -ENOMEM; + rc = cc_set_aead_conf_buf(dev, areq_ctx, areq_ctx->ccm_config, + &sg_data, req->assoclen); + if (rc) goto aead_map_failure; - } } if (areq_ctx->cipher_mode == DRV_CIPHER_GCTR) { @@ -1299,10 +1293,8 @@ int cc_map_aead_request(struct cc_drvdata *drvdata, struct aead_request *req) (LLI_MAX_NUM_OF_ASSOC_DATA_ENTRIES + LLI_MAX_NUM_OF_DATA_ENTRIES), &dummy, &mapped_nents); - if (rc) { - rc = -ENOMEM; + if (rc) goto aead_map_failure; - } if (areq_ctx->is_single_pass) { /* @@ -1386,6 +1378,7 @@ int cc_map_hash_request_final(struct cc_drvdata *drvdata, void *ctx, struct mlli_params *mlli_params = &areq_ctx->mlli_params; struct buffer_array sg_data; struct buff_mgr_handle *buff_mgr = drvdata->buff_mgr_handle; + int rc = 0; u32 dummy = 0; u32 mapped_nents = 0; @@ -1405,18 +1398,18 @@ int cc_map_hash_request_final(struct cc_drvdata *drvdata, void *ctx, /*TODO: copy data in case that buffer is enough for operation */ /* map the previous buffer */ if (*curr_buff_cnt) { - if (cc_set_hash_buf(dev, areq_ctx, curr_buff, *curr_buff_cnt, - &sg_data)) { - return -ENOMEM; - } + rc = cc_set_hash_buf(dev, areq_ctx, curr_buff, *curr_buff_cnt, + &sg_data); + if (rc) + return rc; } if (src && nbytes > 0 && do_update) { - if (cc_map_sg(dev, src, nbytes, DMA_TO_DEVICE, - &areq_ctx->in_nents, LLI_MAX_NUM_OF_DATA_ENTRIES, - &dummy, &mapped_nents)) { + rc = cc_map_sg(dev, src, nbytes, DMA_TO_DEVICE, + &areq_ctx->in_nents, LLI_MAX_NUM_OF_DATA_ENTRIES, + &dummy, &mapped_nents); + if (rc) goto unmap_curr_buff; - } if (src && mapped_nents == 1 && areq_ctx->data_dma_buf_type == CC_DMA_BUF_NULL) { memcpy(areq_ctx->buff_sg, src, @@ -1435,7 +1428,8 @@ int cc_map_hash_request_final(struct cc_drvdata *drvdata, void *ctx, /* add the src data to the sg_data */ cc_add_sg_entry(dev, &sg_data, areq_ctx->in_nents, src, nbytes, 0, true, &areq_ctx->mlli_nents); - if (cc_generate_mlli(dev, &sg_data, mlli_params, flags)) + rc = cc_generate_mlli(dev, &sg_data, mlli_params, flags); + if (rc) goto fail_unmap_din; } /* change the buffer index for the unmap function */ @@ -1451,7 +1445,7 @@ unmap_curr_buff: if (*curr_buff_cnt) dma_unmap_sg(dev, areq_ctx->buff_sg, 1, DMA_TO_DEVICE); - return -ENOMEM; + return rc; } int cc_map_hash_request_update(struct cc_drvdata *drvdata, void *ctx, @@ -1470,6 +1464,7 @@ int cc_map_hash_request_update(struct cc_drvdata *drvdata, void *ctx, struct buffer_array sg_data; struct buff_mgr_handle *buff_mgr = drvdata->buff_mgr_handle; unsigned int swap_index = 0; + int rc = 0; u32 dummy = 0; u32 mapped_nents = 0; @@ -1514,21 +1509,21 @@ int cc_map_hash_request_update(struct cc_drvdata *drvdata, void *ctx, } if (*curr_buff_cnt) { - if (cc_set_hash_buf(dev, areq_ctx, curr_buff, *curr_buff_cnt, - &sg_data)) { - return -ENOMEM; - } + rc = cc_set_hash_buf(dev, areq_ctx, curr_buff, *curr_buff_cnt, + &sg_data); + if (rc) + return rc; /* change the buffer index for next operation */ swap_index = 1; } if (update_data_len > *curr_buff_cnt) { - if (cc_map_sg(dev, src, (update_data_len - *curr_buff_cnt), - DMA_TO_DEVICE, &areq_ctx->in_nents, - LLI_MAX_NUM_OF_DATA_ENTRIES, &dummy, - &mapped_nents)) { + rc = cc_map_sg(dev, src, (update_data_len - *curr_buff_cnt), + DMA_TO_DEVICE, &areq_ctx->in_nents, + LLI_MAX_NUM_OF_DATA_ENTRIES, &dummy, + &mapped_nents); + if (rc) goto unmap_curr_buff; - } if (mapped_nents == 1 && areq_ctx->data_dma_buf_type == CC_DMA_BUF_NULL) { /* only one entry in the SG and no previous data */ @@ -1548,7 +1543,8 @@ int cc_map_hash_request_update(struct cc_drvdata *drvdata, void *ctx, cc_add_sg_entry(dev, &sg_data, areq_ctx->in_nents, src, (update_data_len - *curr_buff_cnt), 0, true, &areq_ctx->mlli_nents); - if (cc_generate_mlli(dev, &sg_data, mlli_params, flags)) + rc = cc_generate_mlli(dev, &sg_data, mlli_params, flags); + if (rc) goto fail_unmap_din; } areq_ctx->buff_index = (areq_ctx->buff_index ^ swap_index); @@ -1562,7 +1558,7 @@ unmap_curr_buff: if (*curr_buff_cnt) dma_unmap_sg(dev, areq_ctx->buff_sg, 1, DMA_TO_DEVICE); - return -ENOMEM; + return rc; } void cc_unmap_hash_request(struct device *dev, void *ctx, -- cgit From 32be4c5b0fd2679b488619fe7dc8a15ef477a38a Mon Sep 17 00:00:00 2001 From: Hadar Gat Date: Tue, 15 Jan 2019 15:43:12 +0200 Subject: crypto: ccree - add error message Add error message in case of too many mlli entries. Signed-off-by: Hadar Gat Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_buffer_mgr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c index 32d2df36ced2..237a87a57830 100644 --- a/drivers/crypto/ccree/cc_buffer_mgr.c +++ b/drivers/crypto/ccree/cc_buffer_mgr.c @@ -156,8 +156,11 @@ static int cc_render_buff_to_mlli(struct device *dev, dma_addr_t buff_dma, /* Verify there is no memory overflow*/ new_nents = (*curr_nents + buff_size / CC_MAX_MLLI_ENTRY_SIZE + 1); - if (new_nents > MAX_NUM_OF_TOTAL_MLLI_ENTRIES) + if (new_nents > MAX_NUM_OF_TOTAL_MLLI_ENTRIES) { + dev_err(dev, "Too many mlli entries. current %d max %d\n", + new_nents, MAX_NUM_OF_TOTAL_MLLI_ENTRIES); return -ENOMEM; + } /*handle buffer longer than 64 kbytes */ while (buff_size > CC_MAX_MLLI_ENTRY_SIZE) { -- cgit From a49411959ea6d4915a9fd2a7eb5ba220e6284e9a Mon Sep 17 00:00:00 2001 From: Hadar Gat Date: Tue, 15 Jan 2019 15:43:13 +0200 Subject: crypto: ccree - fix free of unallocated mlli buffer In cc_unmap_aead_request(), call dma_pool_free() for mlli buffer only if an item is allocated from the pool and not always if there is a pool allocated. This fixes a kernel panic when trying to free a non-allocated item. Cc: stable@vger.kernel.org Signed-off-by: Hadar Gat Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_buffer_mgr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/ccree/cc_buffer_mgr.c b/drivers/crypto/ccree/cc_buffer_mgr.c index 237a87a57830..0ee1c52da0a4 100644 --- a/drivers/crypto/ccree/cc_buffer_mgr.c +++ b/drivers/crypto/ccree/cc_buffer_mgr.c @@ -614,10 +614,10 @@ void cc_unmap_aead_request(struct device *dev, struct aead_request *req) hw_iv_size, DMA_BIDIRECTIONAL); } - /*In case a pool was set, a table was - *allocated and should be released - */ - if (areq_ctx->mlli_params.curr_pool) { + /* Release pool */ + if ((areq_ctx->assoc_buff_type == CC_DMA_BUF_MLLI || + areq_ctx->data_buff_type == CC_DMA_BUF_MLLI) && + (areq_ctx->mlli_params.mlli_virt_addr)) { dev_dbg(dev, "free MLLI buffer: dma=%pad virt=%pK\n", &areq_ctx->mlli_params.mlli_dma_addr, areq_ctx->mlli_params.mlli_virt_addr); -- cgit From 1ffbe1347e93138cacbd5d929a73aa79a014bbac Mon Sep 17 00:00:00 2001 From: Hadar Gat Date: Tue, 15 Jan 2019 15:43:14 +0200 Subject: crypto: ccree - remove legacy leftover Remove legacy code no longer in use. Signed-off-by: Hadar Gat Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_driver.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/ccree/cc_driver.h b/drivers/crypto/ccree/cc_driver.h index 5be7fd431b05..33dbf3e6d15d 100644 --- a/drivers/crypto/ccree/cc_driver.h +++ b/drivers/crypto/ccree/cc_driver.h @@ -111,13 +111,11 @@ struct cc_crypto_req { * @cc_base: virt address of the CC registers * @irq: device IRQ number * @irq_mask: Interrupt mask shadow (1 for masked interrupts) - * @fw_ver: SeP loaded firmware version */ struct cc_drvdata { void __iomem *cc_base; int irq; u32 irq_mask; - u32 fw_ver; struct completion hw_queue_avail; /* wait for HW queue availability */ struct platform_device *plat_dev; cc_sram_addr_t mlli_sram_addr; -- cgit From c139c72e2beb3e3db5148910b3962b7322e24374 Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Tue, 15 Jan 2019 15:43:15 +0200 Subject: crypto: ccree - unmap buffer before copying IV We were copying the last ciphertext block into the IV field for CBC before removing the DMA mapping of the output buffer with the result of the buffer sometime being out-of-sync cache wise and were getting intermittent cases of bad output IV. Fix it by moving the DMA buffer unmapping before the copy. Signed-off-by: Gilad Ben-Yossef Fixes: 00904aa0cd59 ("crypto: ccree - fix iv handling") Cc: Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_cipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index cc92b031fad1..98ea53524250 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -652,6 +652,8 @@ static void cc_cipher_complete(struct device *dev, void *cc_req, int err) unsigned int ivsize = crypto_skcipher_ivsize(sk_tfm); unsigned int len; + cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst); + switch (ctx_p->cipher_mode) { case DRV_CIPHER_CBC: /* @@ -681,7 +683,6 @@ static void cc_cipher_complete(struct device *dev, void *cc_req, int err) break; } - cc_unmap_cipher_request(dev, req_ctx, ivsize, src, dst); kzfree(req_ctx->iv); skcipher_request_complete(req, err); -- cgit From 27649c39b56521a2c5d350604688f31db92bf1bc Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Tue, 15 Jan 2019 15:43:16 +0200 Subject: crypto: ccree - shared irq lines are not a bug The ccree driver was logging an error if it got an interrupt but HW indicated nothing to do as might happen if sharing an irq line. Remove the error as this is normal and we already have a debug print for the IRR register value. Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_driver.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/ccree/cc_driver.c b/drivers/crypto/ccree/cc_driver.c index 8ada308d72ee..e75fbe7a8f84 100644 --- a/drivers/crypto/ccree/cc_driver.c +++ b/drivers/crypto/ccree/cc_driver.c @@ -103,10 +103,10 @@ static irqreturn_t cc_isr(int irq, void *dev_id) /* read the interrupt status */ irr = cc_ioread(drvdata, CC_REG(HOST_IRR)); dev_dbg(dev, "Got IRR=0x%08X\n", irr); - if (irr == 0) { /* Probably shared interrupt line */ - dev_err(dev, "Got interrupt with empty IRR\n"); + + if (irr == 0) /* Probably shared interrupt line */ return IRQ_NONE; - } + imr = cc_ioread(drvdata, CC_REG(HOST_IMR)); /* clear interrupt - must be before processing events */ -- cgit From 2b5ac17463dcb2411fed506edcf259a89bb538ba Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Tue, 15 Jan 2019 15:43:17 +0200 Subject: crypto: ccree - don't copy zero size ciphertext For decryption in CBC mode we need to save the last ciphertext block for use as the next IV. However, we were trying to do this also with zero sized ciphertext resulting in a panic. Fix this by only doing the copy if the ciphertext length is at least of IV size. Signed-off-by: Gilad Ben-Yossef Cc: stable@vger.kernel.org Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_cipher.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 98ea53524250..e202d7c7ea00 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -800,7 +800,8 @@ static int cc_cipher_decrypt(struct skcipher_request *req) memset(req_ctx, 0, sizeof(*req_ctx)); - if (ctx_p->cipher_mode == DRV_CIPHER_CBC) { + if ((ctx_p->cipher_mode == DRV_CIPHER_CBC) && + (req->cryptlen >= ivsize)) { /* Allocate and save the last IV sized bytes of the source, * which will be lost in case of in-place decryption. -- cgit From 4da66b758b25938a5e0b6df830d08e8d5c316936 Mon Sep 17 00:00:00 2001 From: Atul Gupta Date: Thu, 17 Jan 2019 09:18:35 -0800 Subject: crypto: chelsio - avoid using sa_entry imm use is_eth_imm to determine immediate data than use sa_entry field which is common for tunnel and not per skb. Signed-off-by: Atul Gupta Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_core.h | 2 +- drivers/crypto/chelsio/chcr_ipsec.c | 10 ++++------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_core.h b/drivers/crypto/chelsio/chcr_core.h index 1159dee964ed..ad874d548aa5 100644 --- a/drivers/crypto/chelsio/chcr_core.h +++ b/drivers/crypto/chelsio/chcr_core.h @@ -183,7 +183,7 @@ struct chcr_ipsec_aadiv { struct ipsec_sa_entry { int hmac_ctrl; u16 esn; - u16 imm; + u16 resv; unsigned int enckey_len; unsigned int kctx_len; unsigned int authsize; diff --git a/drivers/crypto/chelsio/chcr_ipsec.c b/drivers/crypto/chelsio/chcr_ipsec.c index 2fb48cce4462..4f2464654519 100644 --- a/drivers/crypto/chelsio/chcr_ipsec.c +++ b/drivers/crypto/chelsio/chcr_ipsec.c @@ -415,12 +415,12 @@ inline void *copy_esn_pktxt(struct sk_buff *skb, iv = skb_transport_header(skb) + sizeof(struct ip_esp_hdr); memcpy(aadiv->iv, iv, 8); - if (sa_entry->imm) { + if (is_eth_imm(skb, sa_entry)) { sc_imm = (struct ulptx_idata *)(pos + (DIV_ROUND_UP(sizeof(struct chcr_ipsec_aadiv), sizeof(__be64)) << 3)); - sc_imm->cmd_more = FILL_CMD_MORE(!sa_entry->imm); - sc_imm->len = cpu_to_be32(sa_entry->imm); + sc_imm->cmd_more = FILL_CMD_MORE(0); + sc_imm->len = cpu_to_be32(skb->len); } pos += len; return pos; @@ -548,10 +548,8 @@ inline void *chcr_crypto_wreq(struct sk_buff *skb, if (sa_entry->esn) ivdrop = 1; - if (is_eth_imm(skb, sa_entry)) { + if (is_eth_imm(skb, sa_entry)) immdatalen = skb->len; - sa_entry->imm = immdatalen; - } if (sa_entry->esn) esnlen = sizeof(struct chcr_ipsec_aadiv); -- cgit From 27c6feb0fb33a665a746346e76714826a5be5d10 Mon Sep 17 00:00:00 2001 From: Atul Gupta Date: Thu, 17 Jan 2019 09:19:19 -0800 Subject: crypto: chelsio - Inline single pdu only Inline single pdu else take co-pro path Signed-off-by: Atul Gupta Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_ipsec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/crypto/chelsio/chcr_ipsec.c b/drivers/crypto/chelsio/chcr_ipsec.c index 4f2464654519..0c826d0e1bfc 100644 --- a/drivers/crypto/chelsio/chcr_ipsec.c +++ b/drivers/crypto/chelsio/chcr_ipsec.c @@ -303,6 +303,9 @@ static bool chcr_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *x) if (ipv6_ext_hdr(ipv6_hdr(skb)->nexthdr)) return false; } + /* Inline single pdu */ + if (skb_shinfo(skb)->gso_size) + return false; return true; } -- cgit From ea5d8cfa33d2b34fda24e9bb0baad46685e0ef1a Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 18 Jan 2019 00:14:18 +0100 Subject: crypto: aegis - Cleanup license mess Precise and non-ambiguous license information is important. The recently added aegis header file has a SPDX license identifier, which is nice, but at the same time it has a contradictionary license boiler plate text. SPDX-License-Identifier: GPL-2.0 versus * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at your option) * any later version Oh well. As the other aegis related files are licensed under the GPL v2 or later, it's assumed that the boiler plate code is correct, but the SPDX license identifier is wrong. Fix the SPDX identifier and remove the boiler plate as it is redundant. Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations") Signed-off-by: Thomas Gleixner Cc: Ondrej Mosnacek Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Acked-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- crypto/aegis.h | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/crypto/aegis.h b/crypto/aegis.h index 405e025fc906..41a3090cda8e 100644 --- a/crypto/aegis.h +++ b/crypto/aegis.h @@ -1,14 +1,9 @@ -/* SPDX-License-Identifier: GPL-2.0 */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* * AEGIS common definitions * * Copyright (c) 2018 Ondrej Mosnacek * Copyright (c) 2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #ifndef _CRYPTO_AEGIS_H -- cgit From 12ea20f61637539dfac6e6e41beb07c21ba890d8 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 18 Jan 2019 00:14:19 +0100 Subject: crypto: morus - Cleanup license mess Precise and non-ambiguous license information is important. The recently added morus header files have a SPDX license identifier, which is nice, but at the same time they have a contradictionary license boiler plate text. SPDX-License-Identifier: GPL-2.0 versus * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the Free * Software Foundation; either version 2 of the License, or (at your option) * any later version Oh well. As the other morus related files are licensed under the GPL v2 or later, it's assumed that the boiler plate code is correct, but the SPDX license identifier is wrong. Fix the SPDX identifier and remove the boiler plate as it is redundant. Fixes: 56e8e57fc3a7 ("crypto: morus - Add common SIMD glue code for MORUS") Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Signed-off-by: Thomas Gleixner Cc: Ondrej Mosnacek Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Acked-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- include/crypto/morus1280_glue.h | 7 +------ include/crypto/morus640_glue.h | 7 +------ include/crypto/morus_common.h | 7 +------ 3 files changed, 3 insertions(+), 18 deletions(-) diff --git a/include/crypto/morus1280_glue.h b/include/crypto/morus1280_glue.h index ba782e10065e..ad2aa743dd99 100644 --- a/include/crypto/morus1280_glue.h +++ b/include/crypto/morus1280_glue.h @@ -1,15 +1,10 @@ -/* SPDX-License-Identifier: GPL-2.0 */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* * The MORUS-1280 Authenticated-Encryption Algorithm * Common glue skeleton -- header file * * Copyright (c) 2016-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #ifndef _CRYPTO_MORUS1280_GLUE_H diff --git a/include/crypto/morus640_glue.h b/include/crypto/morus640_glue.h index 27fa790a2362..df8e1103ff94 100644 --- a/include/crypto/morus640_glue.h +++ b/include/crypto/morus640_glue.h @@ -1,15 +1,10 @@ -/* SPDX-License-Identifier: GPL-2.0 */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* * The MORUS-640 Authenticated-Encryption Algorithm * Common glue skeleton -- header file * * Copyright (c) 2016-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #ifndef _CRYPTO_MORUS640_GLUE_H diff --git a/include/crypto/morus_common.h b/include/crypto/morus_common.h index 39f28c749951..969510a9a56c 100644 --- a/include/crypto/morus_common.h +++ b/include/crypto/morus_common.h @@ -1,15 +1,10 @@ -/* SPDX-License-Identifier: GPL-2.0 */ +/* SPDX-License-Identifier: GPL-2.0-or-later */ /* * The MORUS Authenticated-Encryption Algorithm * Common definitions * * Copyright (c) 2016-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #ifndef _CRYPTO_MORUS_COMMON_H -- cgit From bb4ce8258373669f6411ace748289825f1abe41a Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 18 Jan 2019 00:14:20 +0100 Subject: crypto: aegis - Convert to SPDX license identifiers The license boiler plate text is not ideal for machine parsing. The kernel uses SPDX license identifiers for that purpose, which replace the boiler plate text. Signed-off-by: Thomas Gleixner Cc: Ondrej Mosnacek Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Acked-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- crypto/aegis128.c | 6 +----- crypto/aegis128l.c | 6 +----- crypto/aegis256.c | 6 +----- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/crypto/aegis128.c b/crypto/aegis128.c index c22f4414856d..96e078a8a00a 100644 --- a/crypto/aegis128.c +++ b/crypto/aegis128.c @@ -1,13 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * The AEGIS-128 Authenticated-Encryption Algorithm * * Copyright (c) 2017-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #include diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c index b6fb21ebdc3e..a210e779b911 100644 --- a/crypto/aegis128l.c +++ b/crypto/aegis128l.c @@ -1,13 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * The AEGIS-128L Authenticated-Encryption Algorithm * * Copyright (c) 2017-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #include diff --git a/crypto/aegis256.c b/crypto/aegis256.c index 11f0f8ec9c7c..49882a28e93e 100644 --- a/crypto/aegis256.c +++ b/crypto/aegis256.c @@ -1,13 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * The AEGIS-256 Authenticated-Encryption Algorithm * * Copyright (c) 2017-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #include -- cgit From 747bd2a36c9c9a0edd5f393664d962205b31f404 Mon Sep 17 00:00:00 2001 From: Thomas Gleixner Date: Fri, 18 Jan 2019 00:14:21 +0100 Subject: crypto: morus - Convert to SPDX license identifiers The license boiler plate text is not ideal for machine parsing. The kernel uses SPDX license identifiers for that purpose, which replace the boiler plate text. Signed-off-by: Thomas Gleixner Cc: Ondrej Mosnacek Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Acked-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- crypto/morus1280.c | 6 +----- crypto/morus640.c | 6 +----- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/crypto/morus1280.c b/crypto/morus1280.c index 3889c188f266..78ba09db7328 100644 --- a/crypto/morus1280.c +++ b/crypto/morus1280.c @@ -1,13 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * The MORUS-1280 Authenticated-Encryption Algorithm * * Copyright (c) 2016-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #include diff --git a/crypto/morus640.c b/crypto/morus640.c index da06ec2f6a80..5cf530139b27 100644 --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -1,13 +1,9 @@ +// SPDX-License-Identifier: GPL-2.0-or-later /* * The MORUS-640 Authenticated-Encryption Algorithm * * Copyright (c) 2016-2018 Ondrej Mosnacek * Copyright (C) 2017-2018 Red Hat, Inc. All rights reserved. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. */ #include -- cgit From 9572442dcf487e534e70b30f43e21a364cf483e9 Mon Sep 17 00:00:00 2001 From: Xiongfeng Wang Date: Fri, 18 Jan 2019 13:58:11 +0800 Subject: crypto: api - add a helper to (un)register a array of templates This patch add a helper to (un)register a array of templates. The following patches will use this helper to simplify the code. Signed-off-by: Xiongfeng Wang Reviewed-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/algapi.c | 27 +++++++++++++++++++++++++++ include/crypto/algapi.h | 2 ++ 2 files changed, 29 insertions(+) diff --git a/crypto/algapi.c b/crypto/algapi.c index 713baabeb643..4c9c86b55738 100644 --- a/crypto/algapi.c +++ b/crypto/algapi.c @@ -494,6 +494,24 @@ out: } EXPORT_SYMBOL_GPL(crypto_register_template); +int crypto_register_templates(struct crypto_template *tmpls, int count) +{ + int i, err; + + for (i = 0; i < count; i++) { + err = crypto_register_template(&tmpls[i]); + if (err) + goto out; + } + return 0; + +out: + for (--i; i >= 0; --i) + crypto_unregister_template(&tmpls[i]); + return err; +} +EXPORT_SYMBOL_GPL(crypto_register_templates); + void crypto_unregister_template(struct crypto_template *tmpl) { struct crypto_instance *inst; @@ -523,6 +541,15 @@ void crypto_unregister_template(struct crypto_template *tmpl) } EXPORT_SYMBOL_GPL(crypto_unregister_template); +void crypto_unregister_templates(struct crypto_template *tmpls, int count) +{ + int i; + + for (i = count - 1; i >= 0; --i) + crypto_unregister_template(&tmpls[i]); +} +EXPORT_SYMBOL_GPL(crypto_unregister_templates); + static struct crypto_template *__crypto_lookup_template(const char *name) { struct crypto_template *q, *tmpl = NULL; diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h index 093869f175d6..4be38cd0b8d5 100644 --- a/include/crypto/algapi.h +++ b/include/crypto/algapi.h @@ -143,7 +143,9 @@ extern const struct crypto_type crypto_blkcipher_type; void crypto_mod_put(struct crypto_alg *alg); int crypto_register_template(struct crypto_template *tmpl); +int crypto_register_templates(struct crypto_template *tmpls, int count); void crypto_unregister_template(struct crypto_template *tmpl); +void crypto_unregister_templates(struct crypto_template *tmpls, int count); struct crypto_template *crypto_lookup_template(const char *name); int crypto_register_instance(struct crypto_template *tmpl, -- cgit From 0db1903539e9569391bff41e2e6b171f791e2ed9 Mon Sep 17 00:00:00 2001 From: Xiongfeng Wang Date: Fri, 18 Jan 2019 13:58:12 +0800 Subject: crypto: ccm - use template array registering API to simplify the code Use crypto template array registering API to simplify the code. Signed-off-by: Xiongfeng Wang Reviewed-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ccm.c | 78 ++++++++++++++++++------------------------------------------ 1 file changed, 23 insertions(+), 55 deletions(-) diff --git a/crypto/ccm.c b/crypto/ccm.c index b242fd0d3262..50df8f001c1c 100644 --- a/crypto/ccm.c +++ b/crypto/ccm.c @@ -589,12 +589,6 @@ static int crypto_ccm_create(struct crypto_template *tmpl, struct rtattr **tb) mac_name); } -static struct crypto_template crypto_ccm_tmpl = { - .name = "ccm", - .create = crypto_ccm_create, - .module = THIS_MODULE, -}; - static int crypto_ccm_base_create(struct crypto_template *tmpl, struct rtattr **tb) { @@ -618,12 +612,6 @@ static int crypto_ccm_base_create(struct crypto_template *tmpl, cipher_name); } -static struct crypto_template crypto_ccm_base_tmpl = { - .name = "ccm_base", - .create = crypto_ccm_base_create, - .module = THIS_MODULE, -}; - static int crypto_rfc4309_setkey(struct crypto_aead *parent, const u8 *key, unsigned int keylen) { @@ -854,12 +842,6 @@ out_free_inst: goto out; } -static struct crypto_template crypto_rfc4309_tmpl = { - .name = "rfc4309", - .create = crypto_rfc4309_create, - .module = THIS_MODULE, -}; - static int crypto_cbcmac_digest_setkey(struct crypto_shash *parent, const u8 *inkey, unsigned int keylen) { @@ -999,51 +981,37 @@ out_put_alg: return err; } -static struct crypto_template crypto_cbcmac_tmpl = { - .name = "cbcmac", - .create = cbcmac_create, - .free = shash_free_instance, - .module = THIS_MODULE, +static struct crypto_template crypto_ccm_tmpls[] = { + { + .name = "cbcmac", + .create = cbcmac_create, + .free = shash_free_instance, + .module = THIS_MODULE, + }, { + .name = "ccm_base", + .create = crypto_ccm_base_create, + .module = THIS_MODULE, + }, { + .name = "ccm", + .create = crypto_ccm_create, + .module = THIS_MODULE, + }, { + .name = "rfc4309", + .create = crypto_rfc4309_create, + .module = THIS_MODULE, + }, }; static int __init crypto_ccm_module_init(void) { - int err; - - err = crypto_register_template(&crypto_cbcmac_tmpl); - if (err) - goto out; - - err = crypto_register_template(&crypto_ccm_base_tmpl); - if (err) - goto out_undo_cbcmac; - - err = crypto_register_template(&crypto_ccm_tmpl); - if (err) - goto out_undo_base; - - err = crypto_register_template(&crypto_rfc4309_tmpl); - if (err) - goto out_undo_ccm; - -out: - return err; - -out_undo_ccm: - crypto_unregister_template(&crypto_ccm_tmpl); -out_undo_base: - crypto_unregister_template(&crypto_ccm_base_tmpl); -out_undo_cbcmac: - crypto_register_template(&crypto_cbcmac_tmpl); - goto out; + return crypto_register_templates(crypto_ccm_tmpls, + ARRAY_SIZE(crypto_ccm_tmpls)); } static void __exit crypto_ccm_module_exit(void) { - crypto_unregister_template(&crypto_rfc4309_tmpl); - crypto_unregister_template(&crypto_ccm_tmpl); - crypto_unregister_template(&crypto_ccm_base_tmpl); - crypto_unregister_template(&crypto_cbcmac_tmpl); + crypto_unregister_templates(crypto_ccm_tmpls, + ARRAY_SIZE(crypto_ccm_tmpls)); } module_init(crypto_ccm_module_init); -- cgit From 56a00d9da159ad7a2e9cbd18a2db9165bf5c373b Mon Sep 17 00:00:00 2001 From: Xiongfeng Wang Date: Fri, 18 Jan 2019 13:58:13 +0800 Subject: crypto: gcm - use template array registering API to simplify the code Use crypto template array registering API to simplify the code. Signed-off-by: Xiongfeng Wang Reviewed-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/gcm.c | 73 +++++++++++++++++++----------------------------------------- 1 file changed, 23 insertions(+), 50 deletions(-) diff --git a/crypto/gcm.c b/crypto/gcm.c index bbce31f6199b..e1a11f529d25 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -727,12 +727,6 @@ static int crypto_gcm_create(struct crypto_template *tmpl, struct rtattr **tb) ctr_name, "ghash"); } -static struct crypto_template crypto_gcm_tmpl = { - .name = "gcm", - .create = crypto_gcm_create, - .module = THIS_MODULE, -}; - static int crypto_gcm_base_create(struct crypto_template *tmpl, struct rtattr **tb) { @@ -756,12 +750,6 @@ static int crypto_gcm_base_create(struct crypto_template *tmpl, ctr_name, ghash_name); } -static struct crypto_template crypto_gcm_base_tmpl = { - .name = "gcm_base", - .create = crypto_gcm_base_create, - .module = THIS_MODULE, -}; - static int crypto_rfc4106_setkey(struct crypto_aead *parent, const u8 *key, unsigned int keylen) { @@ -989,12 +977,6 @@ out_free_inst: goto out; } -static struct crypto_template crypto_rfc4106_tmpl = { - .name = "rfc4106", - .create = crypto_rfc4106_create, - .module = THIS_MODULE, -}; - static int crypto_rfc4543_setkey(struct crypto_aead *parent, const u8 *key, unsigned int keylen) { @@ -1231,10 +1213,24 @@ out_free_inst: goto out; } -static struct crypto_template crypto_rfc4543_tmpl = { - .name = "rfc4543", - .create = crypto_rfc4543_create, - .module = THIS_MODULE, +static struct crypto_template crypto_gcm_tmpls[] = { + { + .name = "gcm_base", + .create = crypto_gcm_base_create, + .module = THIS_MODULE, + }, { + .name = "gcm", + .create = crypto_gcm_create, + .module = THIS_MODULE, + }, { + .name = "rfc4106", + .create = crypto_rfc4106_create, + .module = THIS_MODULE, + }, { + .name = "rfc4543", + .create = crypto_rfc4543_create, + .module = THIS_MODULE, + }, }; static int __init crypto_gcm_module_init(void) @@ -1247,42 +1243,19 @@ static int __init crypto_gcm_module_init(void) sg_init_one(&gcm_zeroes->sg, gcm_zeroes->buf, sizeof(gcm_zeroes->buf)); - err = crypto_register_template(&crypto_gcm_base_tmpl); - if (err) - goto out; - - err = crypto_register_template(&crypto_gcm_tmpl); + err = crypto_register_templates(crypto_gcm_tmpls, + ARRAY_SIZE(crypto_gcm_tmpls)); if (err) - goto out_undo_base; + kfree(gcm_zeroes); - err = crypto_register_template(&crypto_rfc4106_tmpl); - if (err) - goto out_undo_gcm; - - err = crypto_register_template(&crypto_rfc4543_tmpl); - if (err) - goto out_undo_rfc4106; - - return 0; - -out_undo_rfc4106: - crypto_unregister_template(&crypto_rfc4106_tmpl); -out_undo_gcm: - crypto_unregister_template(&crypto_gcm_tmpl); -out_undo_base: - crypto_unregister_template(&crypto_gcm_base_tmpl); -out: - kfree(gcm_zeroes); return err; } static void __exit crypto_gcm_module_exit(void) { kfree(gcm_zeroes); - crypto_unregister_template(&crypto_rfc4543_tmpl); - crypto_unregister_template(&crypto_rfc4106_tmpl); - crypto_unregister_template(&crypto_gcm_tmpl); - crypto_unregister_template(&crypto_gcm_base_tmpl); + crypto_unregister_templates(crypto_gcm_tmpls, + ARRAY_SIZE(crypto_gcm_tmpls)); } module_init(crypto_gcm_module_init); -- cgit From 9f8ef365ef3d8bb157b800b1be30e335416701c2 Mon Sep 17 00:00:00 2001 From: Xiongfeng Wang Date: Fri, 18 Jan 2019 13:58:14 +0800 Subject: crypto: ctr - use template array registering API to simplify the code Use crypto template array registering API to simplify the code. Signed-off-by: Xiongfeng Wang Reviewed-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ctr.c | 42 ++++++++++++++---------------------------- 1 file changed, 14 insertions(+), 28 deletions(-) diff --git a/crypto/ctr.c b/crypto/ctr.c index 4c743a96faa4..ec8f8b67473a 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -171,12 +171,6 @@ out_put_alg: return err; } -static struct crypto_template crypto_ctr_tmpl = { - .name = "ctr", - .create = crypto_ctr_create, - .module = THIS_MODULE, -}; - static int crypto_rfc3686_setkey(struct crypto_skcipher *parent, const u8 *key, unsigned int keylen) { @@ -366,36 +360,28 @@ err_free_inst: goto out; } -static struct crypto_template crypto_rfc3686_tmpl = { - .name = "rfc3686", - .create = crypto_rfc3686_create, - .module = THIS_MODULE, +static struct crypto_template crypto_ctr_tmpls[] = { + { + .name = "ctr", + .create = crypto_ctr_create, + .module = THIS_MODULE, + }, { + .name = "rfc3686", + .create = crypto_rfc3686_create, + .module = THIS_MODULE, + }, }; static int __init crypto_ctr_module_init(void) { - int err; - - err = crypto_register_template(&crypto_ctr_tmpl); - if (err) - goto out; - - err = crypto_register_template(&crypto_rfc3686_tmpl); - if (err) - goto out_drop_ctr; - -out: - return err; - -out_drop_ctr: - crypto_unregister_template(&crypto_ctr_tmpl); - goto out; + return crypto_register_templates(crypto_ctr_tmpls, + ARRAY_SIZE(crypto_ctr_tmpls)); } static void __exit crypto_ctr_module_exit(void) { - crypto_unregister_template(&crypto_rfc3686_tmpl); - crypto_unregister_template(&crypto_ctr_tmpl); + crypto_unregister_templates(crypto_ctr_tmpls, + ARRAY_SIZE(crypto_ctr_tmpls)); } module_init(crypto_ctr_module_init); -- cgit From 1a5e02b6800b0164f9f617c2e230666939f2c7f5 Mon Sep 17 00:00:00 2001 From: Xiongfeng Wang Date: Fri, 18 Jan 2019 13:58:15 +0800 Subject: crypto: chacha20poly1305 - use template array registering API to simplify the code Use crypto template array registering API to simplify the code. Signed-off-by: Xiongfeng Wang Reviewed-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/chacha20poly1305.c | 37 ++++++++++++++----------------------- 1 file changed, 14 insertions(+), 23 deletions(-) diff --git a/crypto/chacha20poly1305.c b/crypto/chacha20poly1305.c index fef11446ab1b..ed2e12e26dd8 100644 --- a/crypto/chacha20poly1305.c +++ b/crypto/chacha20poly1305.c @@ -701,37 +701,28 @@ static int rfc7539esp_create(struct crypto_template *tmpl, struct rtattr **tb) return chachapoly_create(tmpl, tb, "rfc7539esp", 8); } -static struct crypto_template rfc7539_tmpl = { - .name = "rfc7539", - .create = rfc7539_create, - .module = THIS_MODULE, -}; - -static struct crypto_template rfc7539esp_tmpl = { - .name = "rfc7539esp", - .create = rfc7539esp_create, - .module = THIS_MODULE, +static struct crypto_template rfc7539_tmpls[] = { + { + .name = "rfc7539", + .create = rfc7539_create, + .module = THIS_MODULE, + }, { + .name = "rfc7539esp", + .create = rfc7539esp_create, + .module = THIS_MODULE, + }, }; static int __init chacha20poly1305_module_init(void) { - int err; - - err = crypto_register_template(&rfc7539_tmpl); - if (err) - return err; - - err = crypto_register_template(&rfc7539esp_tmpl); - if (err) - crypto_unregister_template(&rfc7539_tmpl); - - return err; + return crypto_register_templates(rfc7539_tmpls, + ARRAY_SIZE(rfc7539_tmpls)); } static void __exit chacha20poly1305_module_exit(void) { - crypto_unregister_template(&rfc7539esp_tmpl); - crypto_unregister_template(&rfc7539_tmpl); + crypto_unregister_templates(rfc7539_tmpls, + ARRAY_SIZE(rfc7539_tmpls)); } module_init(chacha20poly1305_module_init); -- cgit From aef027db48da56b6f25d0e54c07c8401ada6ce21 Mon Sep 17 00:00:00 2001 From: David Tolnay Date: Mon, 7 Jan 2019 14:36:11 -0800 Subject: hwrng: virtio - Avoid repeated init of completion The virtio-rng driver uses a completion called have_data to wait for a virtio read to be fulfilled by the hypervisor. The completion is reset before placing a buffer on the virtio queue and completed by the virtio callback once data has been written into the buffer. Prior to this commit, the driver called init_completion on this completion both during probe as well as when registering virtio buffers as part of a hwrng read operation. The second of these init_completion calls should instead be reinit_completion because the have_data completion has already been inited by probe. As described in Documentation/scheduler/completion.txt, "Calling init_completion() twice on the same completion object is most likely a bug". This bug was present in the initial implementation of virtio-rng in f7f510ec1957 ("virtio: An entropy device, as suggested by hpa"). Back then the have_data completion was a single static completion rather than a member of one of potentially multiple virtrng_info structs as implemented later by 08e53fbdb85c ("virtio-rng: support multiple virtio-rng devices"). The original driver incorrectly used init_completion rather than INIT_COMPLETION to reset have_data during read. Tested by running `head -c48 /dev/random | hexdump` within crosvm, the Chrome OS virtual machine monitor, and confirming that the virtio-rng driver successfully produces random bytes from the host. Signed-off-by: David Tolnay Tested-by: David Tolnay Signed-off-by: Herbert Xu --- drivers/char/hw_random/virtio-rng.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/char/hw_random/virtio-rng.c b/drivers/char/hw_random/virtio-rng.c index b89df66ea1ae..7abd604e938c 100644 --- a/drivers/char/hw_random/virtio-rng.c +++ b/drivers/char/hw_random/virtio-rng.c @@ -73,7 +73,7 @@ static int virtio_read(struct hwrng *rng, void *buf, size_t size, bool wait) if (!vi->busy) { vi->busy = true; - init_completion(&vi->have_data); + reinit_completion(&vi->have_data); register_buffer(vi, buf, size); } -- cgit From 37ebffff65b2321a9b51ae928851330154358f1d Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 18 Jan 2019 18:26:42 -0800 Subject: crypto: bcm - remove unused function do_decrypt() The do_decrypt() function in util.c in the BCM crypto driver is never used, so remove it. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- drivers/crypto/bcm/util.c | 40 ---------------------------------------- drivers/crypto/bcm/util.h | 6 ------ 2 files changed, 46 deletions(-) diff --git a/drivers/crypto/bcm/util.c b/drivers/crypto/bcm/util.c index a912c6ad3e85..d8cda5fb75ad 100644 --- a/drivers/crypto/bcm/util.c +++ b/drivers/crypto/bcm/util.c @@ -201,46 +201,6 @@ struct sdesc { char ctx[]; }; -/* do a synchronous decrypt operation */ -int do_decrypt(char *alg_name, - void *key_ptr, unsigned int key_len, - void *iv_ptr, void *src_ptr, void *dst_ptr, - unsigned int block_len) -{ - struct scatterlist sg_in[1], sg_out[1]; - struct crypto_blkcipher *tfm = - crypto_alloc_blkcipher(alg_name, 0, CRYPTO_ALG_ASYNC); - struct blkcipher_desc desc = {.tfm = tfm, .flags = 0 }; - int ret = 0; - void *iv; - int ivsize; - - flow_log("%s() name:%s block_len:%u\n", __func__, alg_name, block_len); - - if (IS_ERR(tfm)) - return PTR_ERR(tfm); - - crypto_blkcipher_setkey((void *)tfm, key_ptr, key_len); - - sg_init_table(sg_in, 1); - sg_set_buf(sg_in, src_ptr, block_len); - - sg_init_table(sg_out, 1); - sg_set_buf(sg_out, dst_ptr, block_len); - - iv = crypto_blkcipher_crt(tfm)->iv; - ivsize = crypto_blkcipher_ivsize(tfm); - memcpy(iv, iv_ptr, ivsize); - - ret = crypto_blkcipher_decrypt(&desc, sg_out, sg_in, block_len); - crypto_free_blkcipher(tfm); - - if (ret < 0) - pr_err("aes_decrypt failed %d\n", ret); - - return ret; -} - /** * do_shash() - Do a synchronous hash operation in software * @name: The name of the hash algorithm diff --git a/drivers/crypto/bcm/util.h b/drivers/crypto/bcm/util.h index 712e029795f8..15c60356518a 100644 --- a/drivers/crypto/bcm/util.h +++ b/drivers/crypto/bcm/util.h @@ -95,12 +95,6 @@ u32 spu_msg_sg_add(struct scatterlist **to_sg, void add_to_ctr(u8 *ctr_pos, unsigned int increment); -/* do a synchronous decrypt operation */ -int do_decrypt(char *alg_name, - void *key_ptr, unsigned int key_len, - void *iv_ptr, void *src_ptr, void *dst_ptr, - unsigned int block_len); - /* produce a message digest from data of length n bytes */ int do_shash(unsigned char *name, unsigned char *result, const u8 *data1, unsigned int data1_len, -- cgit From 231baecdef7a906579925ccf1bd45aa734f32320 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 18 Jan 2019 22:48:00 -0800 Subject: crypto: clarify name of WEAK_KEY request flag CRYPTO_TFM_REQ_WEAK_KEY confuses newcomers to the crypto API because it sounds like it is requesting a weak key. Actually, it is requesting that weak keys be forbidden (for algorithms that have the notion of "weak keys"; currently only DES and XTS do). Also it is only one letter away from CRYPTO_TFM_RES_WEAK_KEY, with which it can be easily confused. (This in fact happened in the UX500 driver, though just in some debugging messages.) Therefore, make the intent clear by renaming it to CRYPTO_TFM_REQ_FORBID_WEAK_KEYS. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/s390/crypto/des_s390.c | 4 ++-- arch/sparc/crypto/des_glue.c | 4 ++-- crypto/des_generic.c | 4 ++-- crypto/testmgr.c | 14 +++++++------- crypto/testmgr.h | 4 ++-- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/bcm/cipher.c | 4 ++-- drivers/crypto/ccp/ccp-crypto-des3.c | 2 +- drivers/crypto/ccree/cc_cipher.c | 3 ++- drivers/crypto/hifn_795x.c | 3 ++- drivers/crypto/inside-secure/safexcel_cipher.c | 2 +- drivers/crypto/ixp4xx_crypto.c | 4 ++-- drivers/crypto/marvell/cipher.c | 2 +- drivers/crypto/n2_core.c | 2 +- drivers/crypto/omap-des.c | 2 +- drivers/crypto/picoxcell_crypto.c | 3 ++- drivers/crypto/qce/ablkcipher.c | 4 ++-- drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c | 2 +- drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 2 +- drivers/crypto/talitos.c | 2 +- drivers/crypto/ux500/cryp/cryp_core.c | 20 +++++++++++--------- fs/crypto/keyinfo.c | 4 ++-- fs/ecryptfs/crypto.c | 5 +++-- include/crypto/xts.h | 4 ++-- include/linux/crypto.h | 2 +- 25 files changed, 55 insertions(+), 49 deletions(-) diff --git a/arch/s390/crypto/des_s390.c b/arch/s390/crypto/des_s390.c index 5346b5a80bb6..0d15383d0ff1 100644 --- a/arch/s390/crypto/des_s390.c +++ b/arch/s390/crypto/des_s390.c @@ -38,7 +38,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key, /* check for weak keys */ if (!des_ekey(tmp, key) && - (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } @@ -228,7 +228,7 @@ static int des3_setkey(struct crypto_tfm *tfm, const u8 *key, if (!(crypto_memneq(key, &key[DES_KEY_SIZE], DES_KEY_SIZE) && crypto_memneq(&key[DES_KEY_SIZE], &key[DES_KEY_SIZE * 2], DES_KEY_SIZE)) && - (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/arch/sparc/crypto/des_glue.c b/arch/sparc/crypto/des_glue.c index 56499ea39fd3..4884315daff4 100644 --- a/arch/sparc/crypto/des_glue.c +++ b/arch/sparc/crypto/des_glue.c @@ -53,7 +53,7 @@ static int des_set_key(struct crypto_tfm *tfm, const u8 *key, * weak key detection code. */ ret = des_ekey(tmp, key); - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } @@ -209,7 +209,7 @@ static int des3_ede_set_key(struct crypto_tfm *tfm, const u8 *key, if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && - (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/crypto/des_generic.c b/crypto/des_generic.c index a71720544d11..1e6621665dd9 100644 --- a/crypto/des_generic.c +++ b/crypto/des_generic.c @@ -789,7 +789,7 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key, /* Expand to tmp */ ret = des_ekey(tmp, key); - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } @@ -866,7 +866,7 @@ int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key, if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && - (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e4f3f5f688e7..4ac3d22256c3 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -706,7 +706,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, crypto_aead_clear_flags(tfm, ~0); if (template[i].wk) - crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_aead_set_flags(tfm, + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); if (template[i].klen > MAX_KEYLEN) { pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", @@ -820,7 +821,8 @@ static int __test_aead(struct crypto_aead *tfm, int enc, crypto_aead_clear_flags(tfm, ~0); if (template[i].wk) - crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_aead_set_flags(tfm, + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); if (template[i].klen > MAX_KEYLEN) { pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", d, j, algo, template[i].klen, MAX_KEYLEN); @@ -1078,7 +1080,7 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, crypto_cipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_cipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); ret = crypto_cipher_setkey(tfm, template[i].key, template[i].klen); @@ -1194,8 +1196,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_skcipher_set_flags(tfm, - CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); ret = crypto_skcipher_setkey(tfm, template[i].key, template[i].klen); @@ -1265,8 +1266,7 @@ static int __test_skcipher(struct crypto_skcipher *tfm, int enc, j++; crypto_skcipher_clear_flags(tfm, ~0); if (template[i].wk) - crypto_skcipher_set_flags(tfm, - CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); ret = crypto_skcipher_setkey(tfm, template[i].key, template[i].klen); diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 95297240b0f1..d8f6035c7ff2 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -50,7 +50,7 @@ struct hash_testvec { * @ctext: Pointer to ciphertext * @len: Length of @ptext and @ctext in bytes * @fail: If set to one, the test need to fail - * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY + * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * ( e.g. test needs to fail due to a weak key ) * @np: numbers of SG to distribute data in (from 1 to MAX_TAP) * @tap: How to distribute data in @np SGs @@ -91,7 +91,7 @@ struct cipher_testvec { * @anp: Numbers of SG to distribute assoc data in * @fail: setkey() failure expected? * @novrfy: Decryption verification failure expected? - * @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY? + * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * (e.g. setkey() needs to fail due to a weak key) * @klen: Length of @key in bytes * @plen: Length of @ptext in bytes diff --git a/drivers/crypto/atmel-tdes.c b/drivers/crypto/atmel-tdes.c index 438e1ffb2ec0..65bf1a299562 100644 --- a/drivers/crypto/atmel-tdes.c +++ b/drivers/crypto/atmel-tdes.c @@ -785,7 +785,7 @@ static int atmel_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key, } err = des_ekey(tmp, key); - if (err == 0 && (ctfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (err == 0 && (ctfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { ctfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c index 2099d7bcfd44..28f592f7e1b7 100644 --- a/drivers/crypto/bcm/cipher.c +++ b/drivers/crypto/bcm/cipher.c @@ -1818,7 +1818,7 @@ static int des_setkey(struct crypto_ablkcipher *cipher, const u8 *key, if (keylen == DES_KEY_SIZE) { if (des_ekey(tmp, key) == 0) { if (crypto_ablkcipher_get_flags(cipher) & - CRYPTO_TFM_REQ_WEAK_KEY) { + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { u32 flags = CRYPTO_TFM_RES_WEAK_KEY; crypto_ablkcipher_set_flags(cipher, flags); @@ -2872,7 +2872,7 @@ static int aead_authenc_setkey(struct crypto_aead *cipher, if (des_ekey(tmp, keys.enckey) == 0) { if (crypto_aead_get_flags(cipher) & - CRYPTO_TFM_REQ_WEAK_KEY) { + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { crypto_aead_set_flags(cipher, flags); return -EINVAL; } diff --git a/drivers/crypto/ccp/ccp-crypto-des3.c b/drivers/crypto/ccp/ccp-crypto-des3.c index ae87b741f9d5..c2ff551d215b 100644 --- a/drivers/crypto/ccp/ccp-crypto-des3.c +++ b/drivers/crypto/ccp/ccp-crypto-des3.c @@ -57,7 +57,7 @@ static int ccp_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key, if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && - (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index e202d7c7ea00..5e3361a363b5 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -352,7 +352,8 @@ static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key, dev_dbg(dev, "weak 3DES key"); return -EINVAL; } else if (!des_ekey(tmp, key) && - (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_WEAK_KEY)) { + (crypto_tfm_get_flags(tfm) & + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; dev_dbg(dev, "weak DES key"); return -EINVAL; diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c index a5a36fe7bf2c..dad212cabe63 100644 --- a/drivers/crypto/hifn_795x.c +++ b/drivers/crypto/hifn_795x.c @@ -1961,7 +1961,8 @@ static int hifn_setkey(struct crypto_ablkcipher *cipher, const u8 *key, u32 tmp[DES_EXPKEY_WORDS]; int ret = des_ekey(tmp, key); - if (unlikely(ret == 0) && (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(ret == 0) && + (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c index d531c14020dc..7ef30a98cb24 100644 --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -940,7 +940,7 @@ static int safexcel_des_setkey(struct crypto_skcipher *ctfm, const u8 *key, } ret = des_ekey(tmp, key); - if (!ret && (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (!ret && (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/ixp4xx_crypto.c b/drivers/crypto/ixp4xx_crypto.c index 19fba998b86b..95c1af227bd5 100644 --- a/drivers/crypto/ixp4xx_crypto.c +++ b/drivers/crypto/ixp4xx_crypto.c @@ -847,7 +847,7 @@ static int ablk_setkey(struct crypto_ablkcipher *tfm, const u8 *key, goto out; if (*flags & CRYPTO_TFM_RES_WEAK_KEY) { - if (*flags & CRYPTO_TFM_REQ_WEAK_KEY) { + if (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { ret = -EINVAL; } else { *flags &= ~CRYPTO_TFM_RES_WEAK_KEY; @@ -1125,7 +1125,7 @@ static int aead_setup(struct crypto_aead *tfm, unsigned int authsize) goto out; if (*flags & CRYPTO_TFM_RES_WEAK_KEY) { - if (*flags & CRYPTO_TFM_REQ_WEAK_KEY) { + if (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { ret = -EINVAL; goto out; } else { diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c index 0ae84ec9e21c..066830dcc53e 100644 --- a/drivers/crypto/marvell/cipher.c +++ b/drivers/crypto/marvell/cipher.c @@ -286,7 +286,7 @@ static int mv_cesa_des_setkey(struct crypto_skcipher *cipher, const u8 *key, } ret = des_ekey(tmp, key); - if (!ret && (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (!ret && (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/n2_core.c b/drivers/crypto/n2_core.c index 55f34cfc43ff..9450c41211b2 100644 --- a/drivers/crypto/n2_core.c +++ b/drivers/crypto/n2_core.c @@ -772,7 +772,7 @@ static int n2_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key, } err = des_ekey(tmp, key); - if (err == 0 && (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (err == 0 && (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/omap-des.c b/drivers/crypto/omap-des.c index 6369019219d4..1ba2633e90d6 100644 --- a/drivers/crypto/omap-des.c +++ b/drivers/crypto/omap-des.c @@ -662,7 +662,7 @@ static int omap_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key, pr_debug("enter, keylen: %d\n", keylen); /* Do we need to test against weak key? */ - if (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY) { + if (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) { u32 tmp[DES_EXPKEY_WORDS]; int ret = des_ekey(tmp, key); diff --git a/drivers/crypto/picoxcell_crypto.c b/drivers/crypto/picoxcell_crypto.c index 17068b55fea5..1b3acdeffede 100644 --- a/drivers/crypto/picoxcell_crypto.c +++ b/drivers/crypto/picoxcell_crypto.c @@ -759,7 +759,8 @@ static int spacc_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key, } if (unlikely(!des_ekey(tmp, key)) && - (crypto_ablkcipher_get_flags(cipher) & CRYPTO_TFM_REQ_WEAK_KEY)) { + (crypto_ablkcipher_get_flags(cipher) & + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/qce/ablkcipher.c b/drivers/crypto/qce/ablkcipher.c index 25c13e26d012..154b6baa124e 100644 --- a/drivers/crypto/qce/ablkcipher.c +++ b/drivers/crypto/qce/ablkcipher.c @@ -180,8 +180,8 @@ static int qce_ablkcipher_setkey(struct crypto_ablkcipher *ablk, const u8 *key, u32 tmp[DES_EXPKEY_WORDS]; ret = des_ekey(tmp, key); - if (!ret && crypto_ablkcipher_get_flags(ablk) & - CRYPTO_TFM_REQ_WEAK_KEY) + if (!ret && (crypto_ablkcipher_get_flags(ablk) & + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) goto weakkey; } diff --git a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c index 639c15c5364b..87dd571466c1 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c @@ -60,7 +60,7 @@ static int rk_tdes_setkey(struct crypto_ablkcipher *cipher, if (keylen == DES_KEY_SIZE) { if (!des_ekey(tmp, key) && - (tfm->crt_flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } diff --git a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c index 5cf64746731a..54fd714d53ca 100644 --- a/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c +++ b/drivers/crypto/sunxi-ss/sun4i-ss-cipher.c @@ -517,7 +517,7 @@ int sun4i_ss_des_setkey(struct crypto_skcipher *tfm, const u8 *key, flags = crypto_skcipher_get_flags(tfm); ret = des_ekey(tmp, key); - if (unlikely(!ret) && (flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(!ret) && (flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY); dev_dbg(ss->dev, "Weak key %u\n", keylen); return -EINVAL; diff --git a/drivers/crypto/talitos.c b/drivers/crypto/talitos.c index f8e2c5c3f4eb..de78b54bcfb1 100644 --- a/drivers/crypto/talitos.c +++ b/drivers/crypto/talitos.c @@ -1535,7 +1535,7 @@ static int ablkcipher_setkey(struct crypto_ablkcipher *cipher, } if (unlikely(crypto_ablkcipher_get_flags(cipher) & - CRYPTO_TFM_REQ_WEAK_KEY) && + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) && !des_ekey(tmp, key)) { crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_WEAK_KEY); return -EINVAL; diff --git a/drivers/crypto/ux500/cryp/cryp_core.c b/drivers/crypto/ux500/cryp/cryp_core.c index db94f89d8d11..3235611928f2 100644 --- a/drivers/crypto/ux500/cryp/cryp_core.c +++ b/drivers/crypto/ux500/cryp/cryp_core.c @@ -1000,10 +1000,11 @@ static int des_ablkcipher_setkey(struct crypto_ablkcipher *cipher, } ret = des_ekey(tmp, key); - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(ret == 0) && + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; - pr_debug(DEV_DBG_NAME " [%s]: CRYPTO_TFM_REQ_WEAK_KEY", - __func__); + pr_debug(DEV_DBG_NAME " [%s]: CRYPTO_TFM_RES_WEAK_KEY", + __func__); return -EINVAL; } @@ -1034,18 +1035,19 @@ static int des3_ablkcipher_setkey(struct crypto_ablkcipher *cipher, /* Checking key interdependency for weak key detection. */ if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && - (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; - pr_debug(DEV_DBG_NAME " [%s]: CRYPTO_TFM_REQ_WEAK_KEY", - __func__); + pr_debug(DEV_DBG_NAME " [%s]: CRYPTO_TFM_RES_WEAK_KEY", + __func__); return -EINVAL; } for (i = 0; i < 3; i++) { ret = des_ekey(tmp, key + i*DES_KEY_SIZE); - if (unlikely(ret == 0) && (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { + if (unlikely(ret == 0) && + (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { *flags |= CRYPTO_TFM_RES_WEAK_KEY; - pr_debug(DEV_DBG_NAME " [%s]: " - "CRYPTO_TFM_REQ_WEAK_KEY", __func__); + pr_debug(DEV_DBG_NAME " [%s]: CRYPTO_TFM_RES_WEAK_KEY", + __func__); return -EINVAL; } } diff --git a/fs/crypto/keyinfo.c b/fs/crypto/keyinfo.c index 1e11a683f63d..322ce9686bdb 100644 --- a/fs/crypto/keyinfo.c +++ b/fs/crypto/keyinfo.c @@ -47,7 +47,7 @@ static int derive_key_aes(const u8 *master_key, tfm = NULL; goto out; } - crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); req = skcipher_request_alloc(tfm, GFP_NOFS); if (!req) { res = -ENOMEM; @@ -257,7 +257,7 @@ allocate_skcipher_for_mode(struct fscrypt_mode *mode, const u8 *raw_key, mode->friendly_name, crypto_skcipher_alg(tfm)->base.cra_driver_name); } - crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); err = crypto_skcipher_setkey(tfm, raw_key, mode->keysize); if (err) goto err_free_tfm; diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index 4dd842f72846..f664da55234e 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c @@ -610,7 +610,8 @@ int ecryptfs_init_crypt_ctx(struct ecryptfs_crypt_stat *crypt_stat) full_alg_name); goto out_free; } - crypto_skcipher_set_flags(crypt_stat->tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(crypt_stat->tfm, + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); rc = 0; out_free: kfree(full_alg_name); @@ -1590,7 +1591,7 @@ ecryptfs_process_key_cipher(struct crypto_skcipher **key_tfm, "[%s]; rc = [%d]\n", full_alg_name, rc); goto out; } - crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_WEAK_KEY); + crypto_skcipher_set_flags(*key_tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); if (*key_size == 0) *key_size = crypto_skcipher_default_keysize(*key_tfm); get_random_bytes(dummy_key, *key_size); diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 34d94c95445a..75fd96ff976b 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -47,8 +47,8 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, } /* ensure that the AES and tweak key are not identical */ - if ((fips_enabled || crypto_skcipher_get_flags(tfm) & - CRYPTO_TFM_REQ_WEAK_KEY) && + if ((fips_enabled || (crypto_skcipher_get_flags(tfm) & + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) && !crypto_memneq(key, key + (keylen / 2), keylen / 2)) { crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY); return -EINVAL; diff --git a/include/linux/crypto.h b/include/linux/crypto.h index c3c98a62e503..f2565a103158 100644 --- a/include/linux/crypto.h +++ b/include/linux/crypto.h @@ -118,7 +118,7 @@ #define CRYPTO_TFM_REQ_MASK 0x000fff00 #define CRYPTO_TFM_RES_MASK 0xfff00000 -#define CRYPTO_TFM_REQ_WEAK_KEY 0x00000100 +#define CRYPTO_TFM_REQ_FORBID_WEAK_KEYS 0x00000100 #define CRYPTO_TFM_REQ_MAY_SLEEP 0x00000200 #define CRYPTO_TFM_REQ_MAY_BACKLOG 0x00000400 #define CRYPTO_TFM_RES_WEAK_KEY 0x00100000 -- cgit From 7e33d4d48974e06745514a68c8b1670e5006a4dd Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Mon, 21 Jan 2019 07:57:00 +0000 Subject: crypto: seqiv - Use kmemdup in seqiv_aead_encrypt() Use kmemdup rather than duplicating its implementation Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- crypto/seqiv.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/crypto/seqiv.c b/crypto/seqiv.c index 64a412be255e..ed1b0e9f2436 100644 --- a/crypto/seqiv.c +++ b/crypto/seqiv.c @@ -89,13 +89,12 @@ static int seqiv_aead_encrypt(struct aead_request *req) if (unlikely(!IS_ALIGNED((unsigned long)info, crypto_aead_alignmask(geniv) + 1))) { - info = kmalloc(ivsize, req->base.flags & - CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL: - GFP_ATOMIC); + info = kmemdup(req->iv, ivsize, req->base.flags & + CRYPTO_TFM_REQ_MAY_SLEEP ? GFP_KERNEL : + GFP_ATOMIC); if (!info) return -ENOMEM; - memcpy(info, req->iv, ivsize); compl = seqiv_aead_encrypt_complete; data = req; } -- cgit From 87870cfb4b5a93c70e2dc32d0349af0625bd5546 Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Mon, 21 Jan 2019 15:22:42 +0200 Subject: crypto: caam - add support for cmac(aes) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add cmac(aes) keyed hash offloading support. Similar to xcbc implementation, driver must make sure there are still some bytes buffered when ahash_final() is called. This way HW is able to decide whether padding is needed and which key to derive (L -> K1 / K2) for the last block. Signed-off-by: Iuliana Prodan Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 132 ++++++++++++++++++++++++++++++------ drivers/crypto/caam/caamhash_desc.c | 30 +++++--- drivers/crypto/caam/caamhash_desc.h | 10 ++- 3 files changed, 139 insertions(+), 33 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 6c379bef938e..2eb8959e2fdc 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -3,7 +3,7 @@ * caam - Freescale FSL CAAM support for ahash functions of crypto API * * Copyright 2011 Freescale Semiconductor, Inc. - * Copyright 2018 NXP + * Copyright 2018-2019 NXP * * Based on caamalg.c crypto API driver. * @@ -159,12 +159,11 @@ static inline int *alt_buflen(struct caam_hash_state *state) return state->current_buf ? &state->buflen_0 : &state->buflen_1; } -static inline bool is_xcbc_aes(u32 algtype) +static inline bool is_cmac_aes(u32 algtype) { return (algtype & (OP_ALG_ALGSEL_MASK | OP_ALG_AAI_MASK)) == - (OP_ALG_ALGSEL_AES | OP_ALG_AAI_XCBC_MAC); + (OP_ALG_ALGSEL_AES | OP_ALG_AAI_CMAC); } - /* Common job descriptor seq in/out ptr routines */ /* Map state->caam_ctx, and append seq_out_ptr command that points to it */ @@ -311,8 +310,8 @@ static int axcbc_set_sh_desc(struct crypto_ahash *ahash) /* shared descriptor for ahash_update */ desc = ctx->sh_desc_update; - cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_UPDATE, ctx->ctx_len, - ctx->ctx_len, 0); + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_UPDATE, + ctx->ctx_len, ctx->ctx_len, 0); dma_sync_single_for_device(jrdev, ctx->sh_desc_update_dma, desc_bytes(desc), ctx->dir); print_hex_dump_debug("axcbc update shdesc@" __stringify(__LINE__)" : ", @@ -321,8 +320,8 @@ static int axcbc_set_sh_desc(struct crypto_ahash *ahash) /* shared descriptor for ahash_{final,finup} */ desc = ctx->sh_desc_fin; - cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_FINALIZE, digestsize, - ctx->ctx_len, 0); + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_FINALIZE, + digestsize, ctx->ctx_len, 0); dma_sync_single_for_device(jrdev, ctx->sh_desc_fin_dma, desc_bytes(desc), ctx->dir); print_hex_dump_debug("axcbc finup shdesc@" __stringify(__LINE__)" : ", @@ -334,8 +333,8 @@ static int axcbc_set_sh_desc(struct crypto_ahash *ahash) /* shared descriptor for first invocation of ahash_update */ desc = ctx->sh_desc_update_first; - cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_INIT, ctx->ctx_len, - ctx->ctx_len, ctx->key_dma); + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_INIT, ctx->ctx_len, + ctx->ctx_len, ctx->key_dma); dma_sync_single_for_device(jrdev, ctx->sh_desc_update_first_dma, desc_bytes(desc), ctx->dir); print_hex_dump_debug("axcbc update first shdesc@" __stringify(__LINE__)" : ", @@ -344,13 +343,62 @@ static int axcbc_set_sh_desc(struct crypto_ahash *ahash) /* shared descriptor for ahash_digest */ desc = ctx->sh_desc_digest; - cnstr_shdsc_axcbc(desc, &ctx->adata, OP_ALG_AS_INITFINAL, digestsize, - ctx->ctx_len, 0); + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_INITFINAL, + digestsize, ctx->ctx_len, 0); dma_sync_single_for_device(jrdev, ctx->sh_desc_digest_dma, desc_bytes(desc), ctx->dir); print_hex_dump_debug("axcbc digest shdesc@" __stringify(__LINE__)" : ", DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), 1); + return 0; +} + +static int acmac_set_sh_desc(struct crypto_ahash *ahash) +{ + struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); + int digestsize = crypto_ahash_digestsize(ahash); + struct device *jrdev = ctx->jrdev; + u32 *desc; + + /* shared descriptor for ahash_update */ + desc = ctx->sh_desc_update; + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_UPDATE, + ctx->ctx_len, ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_update_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("acmac update shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, + desc_bytes(desc), 1); + + /* shared descriptor for ahash_{final,finup} */ + desc = ctx->sh_desc_fin; + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_FINALIZE, + digestsize, ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_fin_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("acmac finup shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, + desc_bytes(desc), 1); + + /* shared descriptor for first invocation of ahash_update */ + desc = ctx->sh_desc_update_first; + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_INIT, ctx->ctx_len, + ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_update_first_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("acmac update first shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, + desc_bytes(desc), 1); + + /* shared descriptor for ahash_digest */ + desc = ctx->sh_desc_digest; + cnstr_shdsc_sk_hash(desc, &ctx->adata, OP_ALG_AS_INITFINAL, + digestsize, ctx->ctx_len, 0); + dma_sync_single_for_device(jrdev, ctx->sh_desc_digest_dma, + desc_bytes(desc), ctx->dir); + print_hex_dump_debug("acmac digest shdesc@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, desc, + desc_bytes(desc), 1); return 0; } @@ -502,6 +550,22 @@ static int axcbc_setkey(struct crypto_ahash *ahash, const u8 *key, return axcbc_set_sh_desc(ahash); } + +static int acmac_setkey(struct crypto_ahash *ahash, const u8 *key, + unsigned int keylen) +{ + struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); + + /* key is immediate data for all cmac shared descriptors */ + ctx->adata.key_virt = key; + ctx->adata.keylen = keylen; + + print_hex_dump_debug("acmac ctx.key@" __stringify(__LINE__)" : ", + DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1); + + return acmac_set_sh_desc(ahash); +} + /* * ahash_edesc - s/w-extended ahash descriptor * @dst_dma: physical mapped address of req->result @@ -779,11 +843,12 @@ static int ahash_update_ctx(struct ahash_request *req) to_hash = in_len - *next_buflen; /* - * For XCBC, if to_hash is multiple of block size, + * For XCBC and CMAC, if to_hash is multiple of block size, * keep last block in internal buffer */ - if (is_xcbc_aes(ctx->adata.algtype) && to_hash >= blocksize && - (*next_buflen == 0)) { + if ((is_xcbc_aes(ctx->adata.algtype) || + is_cmac_aes(ctx->adata.algtype)) && to_hash >= blocksize && + (*next_buflen == 0)) { *next_buflen = blocksize; to_hash -= blocksize; } @@ -1224,11 +1289,12 @@ static int ahash_update_no_ctx(struct ahash_request *req) to_hash = in_len - *next_buflen; /* - * For XCBC, if to_hash is multiple of block size, + * For XCBC and CMAC, if to_hash is multiple of block size, * keep last block in internal buffer */ - if (is_xcbc_aes(ctx->adata.algtype) && to_hash >= blocksize && - (*next_buflen == 0)) { + if ((is_xcbc_aes(ctx->adata.algtype) || + is_cmac_aes(ctx->adata.algtype)) && to_hash >= blocksize && + (*next_buflen == 0)) { *next_buflen = blocksize; to_hash -= blocksize; } @@ -1448,11 +1514,12 @@ static int ahash_update_first(struct ahash_request *req) to_hash = req->nbytes - *next_buflen; /* - * For XCBC, if to_hash is multiple of block size, + * For XCBC and CMAC, if to_hash is multiple of block size, * keep last block in internal buffer */ - if (is_xcbc_aes(ctx->adata.algtype) && to_hash >= blocksize && - (*next_buflen == 0)) { + if ((is_xcbc_aes(ctx->adata.algtype) || + is_cmac_aes(ctx->adata.algtype)) && to_hash >= blocksize && + (*next_buflen == 0)) { *next_buflen = blocksize; to_hash -= blocksize; } @@ -1783,6 +1850,25 @@ static struct caam_hash_template driver_hash[] = { }, }, .alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XCBC_MAC, + }, { + .hmac_name = "cmac(aes)", + .hmac_driver_name = "cmac-aes-caam", + .blocksize = AES_BLOCK_SIZE, + .template_ahash = { + .init = ahash_init, + .update = ahash_update, + .final = ahash_final, + .finup = ahash_finup, + .digest = ahash_digest, + .export = ahash_export, + .import = ahash_import, + .setkey = acmac_setkey, + .halg = { + .digestsize = AES_BLOCK_SIZE, + .statesize = sizeof(struct caam_export_state), + }, + }, + .alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_CMAC, }, }; @@ -1839,6 +1925,10 @@ static int caam_hash_cra_init(struct crypto_tfm *tfm) caam_jr_free(ctx->jrdev); return -ENOMEM; } + } else if (is_cmac_aes(caam_hash->alg_type)) { + ctx->dir = DMA_TO_DEVICE; + ctx->adata.algtype = OP_TYPE_CLASS1_ALG | caam_hash->alg_type; + ctx->ctx_len = 32; } else { ctx->dir = priv->era >= 6 ? DMA_BIDIRECTIONAL : DMA_TO_DEVICE; ctx->adata.algtype = OP_TYPE_CLASS2_ALG | caam_hash->alg_type; diff --git a/drivers/crypto/caam/caamhash_desc.c b/drivers/crypto/caam/caamhash_desc.c index 053d3a15ef3c..71d018343ee4 100644 --- a/drivers/crypto/caam/caamhash_desc.c +++ b/drivers/crypto/caam/caamhash_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for ahash algorithms * - * Copyright 2017-2018 NXP + * Copyright 2017-2019 NXP */ #include "compat.h" @@ -76,7 +76,8 @@ void cnstr_shdsc_ahash(u32 * const desc, struct alginfo *adata, u32 state, EXPORT_SYMBOL(cnstr_shdsc_ahash); /** - * cnstr_shdsc_axcbc - axcbc shared descriptor + * cnstr_shdsc_sk_hash - shared descriptor for symmetric key cipher-based + * hash algorithms * @desc: pointer to buffer used for descriptor construction * @adata: pointer to authentication transform definitions. * @state: algorithm state OP_ALG_AS_{INIT, FINALIZE, INITFINALIZE, UPDATE} @@ -84,8 +85,8 @@ EXPORT_SYMBOL(cnstr_shdsc_ahash); * @ctx_len: size of Context Register * @key_dma: I/O Virtual Address of the key */ -void cnstr_shdsc_axcbc(u32 * const desc, struct alginfo *adata, u32 state, - int digestsize, int ctx_len, dma_addr_t key_dma) +void cnstr_shdsc_sk_hash(u32 * const desc, struct alginfo *adata, u32 state, + int digestsize, int ctx_len, dma_addr_t key_dma) { u32 *skip_key_load; @@ -98,9 +99,14 @@ void cnstr_shdsc_axcbc(u32 * const desc, struct alginfo *adata, u32 state, append_key_as_imm(desc, adata->key_virt, adata->keylen, adata->keylen, CLASS_1 | KEY_DEST_CLASS_REG); } else { /* UPDATE, FINALIZE */ - /* Load K1 */ - append_key(desc, adata->key_dma, adata->keylen, - CLASS_1 | KEY_DEST_CLASS_REG | KEY_ENC); + if (is_xcbc_aes(adata->algtype)) + /* Load K1 */ + append_key(desc, adata->key_dma, adata->keylen, + CLASS_1 | KEY_DEST_CLASS_REG | KEY_ENC); + else /* CMAC */ + append_key_as_imm(desc, adata->key_virt, adata->keylen, + adata->keylen, CLASS_1 | + KEY_DEST_CLASS_REG); /* Restore context */ append_seq_load(desc, ctx_len, LDST_CLASS_1_CCB | LDST_SRCDST_BYTE_CONTEXT); @@ -121,15 +127,19 @@ void cnstr_shdsc_axcbc(u32 * const desc, struct alginfo *adata, u32 state, append_seq_fifo_load(desc, 0, FIFOLD_CLASS_CLASS1 | FIFOLD_TYPE_LAST1 | FIFOLD_TYPE_MSG | FIFOLDST_VLF); - /* Save context (partial hash, K2, K3) */ + /* + * Save context: + * - xcbc: partial hash, keys K2 and K3 + * - cmac: partial hash, constant L = E(K,0) + */ append_seq_store(desc, digestsize, LDST_CLASS_1_CCB | LDST_SRCDST_BYTE_CONTEXT); - if (state == OP_ALG_AS_INIT) + if (is_xcbc_aes(adata->algtype) && state == OP_ALG_AS_INIT) /* Save K1 */ append_fifo_store(desc, key_dma, adata->keylen, LDST_CLASS_1_CCB | FIFOST_TYPE_KEY_KEK); } -EXPORT_SYMBOL(cnstr_shdsc_axcbc); +EXPORT_SYMBOL(cnstr_shdsc_sk_hash); MODULE_LICENSE("Dual BSD/GPL"); MODULE_DESCRIPTION("FSL CAAM ahash descriptors support"); diff --git a/drivers/crypto/caam/caamhash_desc.h b/drivers/crypto/caam/caamhash_desc.h index cf4a437d4c02..6947ee1f200c 100644 --- a/drivers/crypto/caam/caamhash_desc.h +++ b/drivers/crypto/caam/caamhash_desc.h @@ -15,9 +15,15 @@ #define DESC_AHASH_FINAL_LEN (DESC_AHASH_BASE + 5 * CAAM_CMD_SZ) #define DESC_AHASH_DIGEST_LEN (DESC_AHASH_BASE + 4 * CAAM_CMD_SZ) +static inline bool is_xcbc_aes(u32 algtype) +{ + return (algtype & (OP_ALG_ALGSEL_MASK | OP_ALG_AAI_MASK)) == + (OP_ALG_ALGSEL_AES | OP_ALG_AAI_XCBC_MAC); +} + void cnstr_shdsc_ahash(u32 * const desc, struct alginfo *adata, u32 state, int digestsize, int ctx_len, bool import_ctx, int era); -void cnstr_shdsc_axcbc(u32 * const desc, struct alginfo *adata, u32 state, - int digestsize, int ctx_len, dma_addr_t key_dma); +void cnstr_shdsc_sk_hash(u32 * const desc, struct alginfo *adata, u32 state, + int digestsize, int ctx_len, dma_addr_t key_dma); #endif /* _CAAMHASH_DESC_H_ */ -- cgit From 763069ba49d3fa342fe35487d5de10fcf1589381 Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Tue, 22 Jan 2019 16:47:01 +0200 Subject: crypto: caam - handle zero-length AEAD output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Recent AEAD changes in testmgr framework introduced by commit a0d608ee5ebf ("crypto: testmgr - unify the AEAD encryption and decryption test vectors") uncovered an error in the CAAM drivers, since they don't correctly handle the case when AEAD output length is zero. Add checks to avoid feeding zero-length req->dst to DMA API. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg.c | 26 ++++++++++++++++++-------- drivers/crypto/caam/caamalg_qi.c | 23 +++++++++++++++-------- drivers/crypto/caam/caamalg_qi2.c | 22 ++++++++++++++-------- 3 files changed, 47 insertions(+), 24 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 80ae69f906fb..0a4469fcd192 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -846,7 +846,8 @@ static void caam_unmap(struct device *dev, struct scatterlist *src, if (dst != src) { if (src_nents) dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE); - dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); + if (dst_nents) + dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); } else { dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL); } @@ -1038,7 +1039,9 @@ static void init_aead_job(struct aead_request *req, out_options = in_options; if (unlikely(req->src != req->dst)) { - if (edesc->dst_nents == 1) { + if (!edesc->dst_nents) { + dst_dma = 0; + } else if (edesc->dst_nents == 1) { dst_dma = sg_dma_address(req->dst); } else { dst_dma = edesc->sec4_sg_dma + @@ -1289,12 +1292,19 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, mapped_src_nents = 0; } - mapped_dst_nents = dma_map_sg(jrdev, req->dst, dst_nents, - DMA_FROM_DEVICE); - if (unlikely(!mapped_dst_nents)) { - dev_err(jrdev, "unable to map destination\n"); - dma_unmap_sg(jrdev, req->src, src_nents, DMA_TO_DEVICE); - return ERR_PTR(-ENOMEM); + /* Cover also the case of null (zero length) output data */ + if (dst_nents) { + mapped_dst_nents = dma_map_sg(jrdev, req->dst, + dst_nents, + DMA_FROM_DEVICE); + if (unlikely(!mapped_dst_nents)) { + dev_err(jrdev, "unable to map destination\n"); + dma_unmap_sg(jrdev, req->src, src_nents, + DMA_TO_DEVICE); + return ERR_PTR(-ENOMEM); + } + } else { + mapped_dst_nents = 0; } } diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index c0d55310aade..7bce97884663 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -802,7 +802,8 @@ static void caam_unmap(struct device *dev, struct scatterlist *src, if (dst != src) { if (src_nents) dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE); - dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); + if (dst_nents) + dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); } else { dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL); } @@ -955,13 +956,19 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, mapped_src_nents = 0; } - mapped_dst_nents = dma_map_sg(qidev, req->dst, dst_nents, - DMA_FROM_DEVICE); - if (unlikely(!mapped_dst_nents)) { - dev_err(qidev, "unable to map destination\n"); - dma_unmap_sg(qidev, req->src, src_nents, DMA_TO_DEVICE); - qi_cache_free(edesc); - return ERR_PTR(-ENOMEM); + if (dst_nents) { + mapped_dst_nents = dma_map_sg(qidev, req->dst, + dst_nents, + DMA_FROM_DEVICE); + if (unlikely(!mapped_dst_nents)) { + dev_err(qidev, "unable to map destination\n"); + dma_unmap_sg(qidev, req->src, src_nents, + DMA_TO_DEVICE); + qi_cache_free(edesc); + return ERR_PTR(-ENOMEM); + } + } else { + mapped_dst_nents = 0; } } diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index cc59814afd29..4bea4f1beac9 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -144,7 +144,8 @@ static void caam_unmap(struct device *dev, struct scatterlist *src, if (dst != src) { if (src_nents) dma_unmap_sg(dev, src, src_nents, DMA_TO_DEVICE); - dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); + if (dst_nents) + dma_unmap_sg(dev, dst, dst_nents, DMA_FROM_DEVICE); } else { dma_unmap_sg(dev, src, src_nents, DMA_BIDIRECTIONAL); } @@ -385,13 +386,18 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, mapped_src_nents = 0; } - mapped_dst_nents = dma_map_sg(dev, req->dst, dst_nents, - DMA_FROM_DEVICE); - if (unlikely(!mapped_dst_nents)) { - dev_err(dev, "unable to map destination\n"); - dma_unmap_sg(dev, req->src, src_nents, DMA_TO_DEVICE); - qi_cache_free(edesc); - return ERR_PTR(-ENOMEM); + if (dst_nents) { + mapped_dst_nents = dma_map_sg(dev, req->dst, dst_nents, + DMA_FROM_DEVICE); + if (unlikely(!mapped_dst_nents)) { + dev_err(dev, "unable to map destination\n"); + dma_unmap_sg(dev, req->src, src_nents, + DMA_TO_DEVICE); + qi_cache_free(edesc); + return ERR_PTR(-ENOMEM); + } + } else { + mapped_dst_nents = 0; } } else { src_nents = sg_nents_for_len(req->src, req->assoclen + -- cgit From f0fcf9ade46abd64091fab8891ff5f690f7c8d7d Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:16 +0100 Subject: crypto: qat - no need to check return value of debugfs_create functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Giovanni Cabiddu Cc: Herbert Xu Cc: "David S. Miller" Cc: Conor McLoughlin Cc: Waiman Long Cc: qat-linux@intel.com Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Signed-off-by: Herbert Xu --- drivers/crypto/qat/qat_c3xxx/adf_drv.c | 5 ----- drivers/crypto/qat/qat_c3xxxvf/adf_drv.c | 5 ----- drivers/crypto/qat/qat_c62x/adf_drv.c | 5 ----- drivers/crypto/qat/qat_c62xvf/adf_drv.c | 5 ----- drivers/crypto/qat/qat_common/adf_cfg.c | 7 ------- drivers/crypto/qat/qat_common/adf_transport.c | 6 ------ drivers/crypto/qat/qat_common/adf_transport_debug.c | 15 --------------- drivers/crypto/qat/qat_dh895xcc/adf_drv.c | 5 ----- drivers/crypto/qat/qat_dh895xccvf/adf_drv.c | 5 ----- 9 files changed, 58 deletions(-) diff --git a/drivers/crypto/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/qat/qat_c3xxx/adf_drv.c index 763c2166ee0e..d937cc7248a5 100644 --- a/drivers/crypto/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/qat/qat_c3xxx/adf_drv.c @@ -193,11 +193,6 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) PCI_FUNC(pdev->devfn)); accel_dev->debugfs_dir = debugfs_create_dir(name, NULL); - if (!accel_dev->debugfs_dir) { - dev_err(&pdev->dev, "Could not create debugfs dir %s\n", name); - ret = -EINVAL; - goto out_err; - } /* Create device configuration table */ ret = adf_cfg_dev_add(accel_dev); diff --git a/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c b/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c index 613c7d5644ce..1dc5ac859f7b 100644 --- a/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c +++ b/drivers/crypto/qat/qat_c3xxxvf/adf_drv.c @@ -177,11 +177,6 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) PCI_FUNC(pdev->devfn)); accel_dev->debugfs_dir = debugfs_create_dir(name, NULL); - if (!accel_dev->debugfs_dir) { - dev_err(&pdev->dev, "Could not create debugfs dir %s\n", name); - ret = -EINVAL; - goto out_err; - } /* Create device configuration table */ ret = adf_cfg_dev_add(accel_dev); diff --git a/drivers/crypto/qat/qat_c62x/adf_drv.c b/drivers/crypto/qat/qat_c62x/adf_drv.c index 9cb832963357..2bc06c89d2fe 100644 --- a/drivers/crypto/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/qat/qat_c62x/adf_drv.c @@ -193,11 +193,6 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) PCI_FUNC(pdev->devfn)); accel_dev->debugfs_dir = debugfs_create_dir(name, NULL); - if (!accel_dev->debugfs_dir) { - dev_err(&pdev->dev, "Could not create debugfs dir %s\n", name); - ret = -EINVAL; - goto out_err; - } /* Create device configuration table */ ret = adf_cfg_dev_add(accel_dev); diff --git a/drivers/crypto/qat/qat_c62xvf/adf_drv.c b/drivers/crypto/qat/qat_c62xvf/adf_drv.c index 278452b8ef81..a68358b31292 100644 --- a/drivers/crypto/qat/qat_c62xvf/adf_drv.c +++ b/drivers/crypto/qat/qat_c62xvf/adf_drv.c @@ -177,11 +177,6 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) PCI_FUNC(pdev->devfn)); accel_dev->debugfs_dir = debugfs_create_dir(name, NULL); - if (!accel_dev->debugfs_dir) { - dev_err(&pdev->dev, "Could not create debugfs dir %s\n", name); - ret = -EINVAL; - goto out_err; - } /* Create device configuration table */ ret = adf_cfg_dev_add(accel_dev); diff --git a/drivers/crypto/qat/qat_common/adf_cfg.c b/drivers/crypto/qat/qat_common/adf_cfg.c index d0879790561f..5c7fdb0fc53d 100644 --- a/drivers/crypto/qat/qat_common/adf_cfg.c +++ b/drivers/crypto/qat/qat_common/adf_cfg.c @@ -141,13 +141,6 @@ int adf_cfg_dev_add(struct adf_accel_dev *accel_dev) accel_dev->debugfs_dir, dev_cfg_data, &qat_dev_cfg_fops); - if (!dev_cfg_data->debug) { - dev_err(&GET_DEV(accel_dev), - "Failed to create qat cfg debugfs entry.\n"); - kfree(dev_cfg_data); - accel_dev->cfg = NULL; - return -EFAULT; - } return 0; } EXPORT_SYMBOL_GPL(adf_cfg_dev_add); diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c index 57d2622728a5..ac658ce46836 100644 --- a/drivers/crypto/qat/qat_common/adf_transport.c +++ b/drivers/crypto/qat/qat_common/adf_transport.c @@ -486,12 +486,6 @@ int adf_init_etr_data(struct adf_accel_dev *accel_dev) /* accel_dev->debugfs_dir should always be non-NULL here */ etr_data->debug = debugfs_create_dir("transport", accel_dev->debugfs_dir); - if (!etr_data->debug) { - dev_err(&GET_DEV(accel_dev), - "Unable to create transport debugfs entry\n"); - ret = -ENOENT; - goto err_bank_debug; - } for (i = 0; i < num_banks; i++) { ret = adf_init_bank(accel_dev, &etr_data->banks[i], i, diff --git a/drivers/crypto/qat/qat_common/adf_transport_debug.c b/drivers/crypto/qat/qat_common/adf_transport_debug.c index 52340b9bb387..e794e9d97b2c 100644 --- a/drivers/crypto/qat/qat_common/adf_transport_debug.c +++ b/drivers/crypto/qat/qat_common/adf_transport_debug.c @@ -163,11 +163,6 @@ int adf_ring_debugfs_add(struct adf_etr_ring_data *ring, const char *name) ring_debug->debug = debugfs_create_file(entry_name, S_IRUSR, ring->bank->bank_debug_dir, ring, &adf_ring_debug_fops); - if (!ring_debug->debug) { - pr_err("QAT: Failed to create ring debug entry.\n"); - kfree(ring_debug); - return -EFAULT; - } ring->ring_debug = ring_debug; return 0; } @@ -271,19 +266,9 @@ int adf_bank_debugfs_add(struct adf_etr_bank_data *bank) snprintf(name, sizeof(name), "bank_%02d", bank->bank_number); bank->bank_debug_dir = debugfs_create_dir(name, parent); - if (!bank->bank_debug_dir) { - pr_err("QAT: Failed to create bank debug dir.\n"); - return -EFAULT; - } - bank->bank_debug_cfg = debugfs_create_file("config", S_IRUSR, bank->bank_debug_dir, bank, &adf_bank_debug_fops); - if (!bank->bank_debug_cfg) { - pr_err("QAT: Failed to create bank debug entry.\n"); - debugfs_remove(bank->bank_debug_dir); - return -EFAULT; - } return 0; } diff --git a/drivers/crypto/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/qat/qat_dh895xcc/adf_drv.c index 3a9708ef4ce2..b11bf8c0e683 100644 --- a/drivers/crypto/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/qat/qat_dh895xcc/adf_drv.c @@ -193,11 +193,6 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) PCI_FUNC(pdev->devfn)); accel_dev->debugfs_dir = debugfs_create_dir(name, NULL); - if (!accel_dev->debugfs_dir) { - dev_err(&pdev->dev, "Could not create debugfs dir %s\n", name); - ret = -EINVAL; - goto out_err; - } /* Create device configuration table */ ret = adf_cfg_dev_add(accel_dev); diff --git a/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c b/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c index 3da0f951cb59..1b762eefc6c1 100644 --- a/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c +++ b/drivers/crypto/qat/qat_dh895xccvf/adf_drv.c @@ -177,11 +177,6 @@ static int adf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) PCI_FUNC(pdev->devfn)); accel_dev->debugfs_dir = debugfs_create_dir(name, NULL); - if (!accel_dev->debugfs_dir) { - dev_err(&pdev->dev, "Could not create debugfs dir %s\n", name); - ret = -EINVAL; - goto out_err; - } /* Create device configuration table */ ret = adf_cfg_dev_add(accel_dev); -- cgit From 54eedf0b1d28e33b226053f3a9b50303caa4196a Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:17 +0100 Subject: crypto: ccree - no need to check return value of debugfs_create functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Yael Chemla Cc: Gilad Ben-Yossef Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Acked-By: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_debugfs.c | 22 +++------------------- drivers/crypto/ccree/cc_debugfs.h | 8 ++------ drivers/crypto/ccree/cc_driver.c | 7 +------ 3 files changed, 6 insertions(+), 31 deletions(-) diff --git a/drivers/crypto/ccree/cc_debugfs.c b/drivers/crypto/ccree/cc_debugfs.c index 5ca184e42483..5fa05a7bcf36 100644 --- a/drivers/crypto/ccree/cc_debugfs.c +++ b/drivers/crypto/ccree/cc_debugfs.c @@ -39,11 +39,9 @@ static struct debugfs_reg32 debug_regs[] = { CC_DEBUG_REG(AXIM_MON_COMP), }; -int __init cc_debugfs_global_init(void) +void __init cc_debugfs_global_init(void) { cc_debugfs_dir = debugfs_create_dir("ccree", NULL); - - return !cc_debugfs_dir; } void __exit cc_debugfs_global_fini(void) @@ -56,7 +54,6 @@ int cc_debugfs_init(struct cc_drvdata *drvdata) struct device *dev = drvdata_to_dev(drvdata); struct cc_debugfs_ctx *ctx; struct debugfs_regset32 *regset; - struct dentry *file; debug_regs[0].offset = drvdata->sig_offset; debug_regs[1].offset = drvdata->ver_offset; @@ -74,22 +71,9 @@ int cc_debugfs_init(struct cc_drvdata *drvdata) regset->base = drvdata->cc_base; ctx->dir = debugfs_create_dir(drvdata->plat_dev->name, cc_debugfs_dir); - if (!ctx->dir) - return -ENFILE; - - file = debugfs_create_regset32("regs", 0400, ctx->dir, regset); - if (!file) { - debugfs_remove(ctx->dir); - return -ENFILE; - } - file = debugfs_create_bool("coherent", 0400, ctx->dir, - &drvdata->coherent); - - if (!file) { - debugfs_remove_recursive(ctx->dir); - return -ENFILE; - } + debugfs_create_regset32("regs", 0400, ctx->dir, regset); + debugfs_create_bool("coherent", 0400, ctx->dir, &drvdata->coherent); drvdata->debugfs = ctx; diff --git a/drivers/crypto/ccree/cc_debugfs.h b/drivers/crypto/ccree/cc_debugfs.h index 5b5320eca7d2..01cbd9a95659 100644 --- a/drivers/crypto/ccree/cc_debugfs.h +++ b/drivers/crypto/ccree/cc_debugfs.h @@ -5,7 +5,7 @@ #define __CC_DEBUGFS_H__ #ifdef CONFIG_DEBUG_FS -int cc_debugfs_global_init(void); +void cc_debugfs_global_init(void); void cc_debugfs_global_fini(void); int cc_debugfs_init(struct cc_drvdata *drvdata); @@ -13,11 +13,7 @@ void cc_debugfs_fini(struct cc_drvdata *drvdata); #else -static inline int cc_debugfs_global_init(void) -{ - return 0; -} - +static inline void cc_debugfs_global_init(void) {} static inline void cc_debugfs_global_fini(void) {} static inline int cc_debugfs_init(struct cc_drvdata *drvdata) diff --git a/drivers/crypto/ccree/cc_driver.c b/drivers/crypto/ccree/cc_driver.c index e75fbe7a8f84..210cc86605e9 100644 --- a/drivers/crypto/ccree/cc_driver.c +++ b/drivers/crypto/ccree/cc_driver.c @@ -538,13 +538,8 @@ static struct platform_driver ccree_driver = { static int __init ccree_init(void) { - int ret; - cc_hash_global_init(); - - ret = cc_debugfs_global_init(); - if (ret) - return ret; + cc_debugfs_global_init(); return platform_driver_register(&ccree_driver); } -- cgit From 6de599be95fd203a3035c3fcd53a5f73916b6064 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:18 +0100 Subject: crypto: axis - no need to check return value of debugfs_create functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Jesper Nilsson Cc: Lars Persson Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-arm-kernel@axis.com Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Acked-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index f3442c2bdbdc..1a1858cea979 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -2984,12 +2984,6 @@ static void artpec6_crypto_init_debugfs(void) { dbgfs_root = debugfs_create_dir("artpec6_crypto", NULL); - if (!dbgfs_root || IS_ERR(dbgfs_root)) { - dbgfs_root = NULL; - pr_err("%s: Could not initialise debugfs!\n", MODULE_NAME); - return; - } - #ifdef CONFIG_FAULT_INJECTION fault_create_debugfs_attr("fail_status_read", dbgfs_root, &artpec6_crypto_fail_status_read); @@ -3001,9 +2995,6 @@ static void artpec6_crypto_init_debugfs(void) static void artpec6_crypto_free_debugfs(void) { - if (!dbgfs_root) - return; - debugfs_remove_recursive(dbgfs_root); dbgfs_root = NULL; } -- cgit From e30886b47c43046a310797b139f741c01600f39a Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:19 +0100 Subject: crypto: cavium/zip - no need to check return value of debugfs_create functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Herbert Xu Cc: "David S. Miller" Cc: Robert Richter Cc: Jan Glauber Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Reviewed-by: Jan Glauber Signed-off-by: Herbert Xu --- drivers/crypto/cavium/zip/zip_main.c | 52 ++++++++---------------------------- 1 file changed, 11 insertions(+), 41 deletions(-) diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c index be055b9547f6..e6b09e784e66 100644 --- a/drivers/crypto/cavium/zip/zip_main.c +++ b/drivers/crypto/cavium/zip/zip_main.c @@ -618,41 +618,23 @@ static const struct file_operations zip_regs_fops = { /* Root directory for thunderx_zip debugfs entry */ static struct dentry *zip_debugfs_root; -static int __init zip_debugfs_init(void) +static void __init zip_debugfs_init(void) { - struct dentry *zip_stats, *zip_clear, *zip_regs; - if (!debugfs_initialized()) - return -ENODEV; + return; zip_debugfs_root = debugfs_create_dir("thunderx_zip", NULL); - if (!zip_debugfs_root) - return -ENOMEM; /* Creating files for entries inside thunderx_zip directory */ - zip_stats = debugfs_create_file("zip_stats", 0444, - zip_debugfs_root, - NULL, &zip_stats_fops); - if (!zip_stats) - goto failed_to_create; - - zip_clear = debugfs_create_file("zip_clear", 0444, - zip_debugfs_root, - NULL, &zip_clear_fops); - if (!zip_clear) - goto failed_to_create; - - zip_regs = debugfs_create_file("zip_regs", 0444, - zip_debugfs_root, - NULL, &zip_regs_fops); - if (!zip_regs) - goto failed_to_create; + debugfs_create_file("zip_stats", 0444, zip_debugfs_root, NULL, + &zip_stats_fops); - return 0; + debugfs_create_file("zip_clear", 0444, zip_debugfs_root, NULL, + &zip_clear_fops); + + debugfs_create_file("zip_regs", 0444, zip_debugfs_root, NULL, + &zip_regs_fops); -failed_to_create: - debugfs_remove_recursive(zip_debugfs_root); - return -ENOENT; } static void __exit zip_debugfs_exit(void) @@ -661,13 +643,8 @@ static void __exit zip_debugfs_exit(void) } #else -static int __init zip_debugfs_init(void) -{ - return 0; -} - +static void __init zip_debugfs_init(void) { } static void __exit zip_debugfs_exit(void) { } - #endif /* debugfs - end */ @@ -691,17 +668,10 @@ static int __init zip_init_module(void) } /* comp-decomp statistics are handled with debugfs interface */ - ret = zip_debugfs_init(); - if (ret < 0) { - zip_err("ZIP: debugfs initialization failed\n"); - goto err_crypto_unregister; - } + zip_debugfs_init(); return ret; -err_crypto_unregister: - zip_unregister_compression_device(); - err_pci_unregister: pci_unregister_driver(&zip_driver); return ret; -- cgit From 97a93b2b583914d25eaf3d27c72c5e1e01a2b4df Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:20 +0100 Subject: crypto: cavium/nitrox - no need to check return value of debugfs_create functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Herbert Xu Cc: "David S. Miller" Cc: Srikanth Jampala Cc: Yangtao Li Cc: Gadam Sreerama Cc: Eric Biggers Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Signed-off-by: Herbert Xu --- drivers/crypto/cavium/nitrox/nitrox_debugfs.c | 27 +++++---------------------- drivers/crypto/cavium/nitrox/nitrox_debugfs.h | 5 ++--- drivers/crypto/cavium/nitrox/nitrox_main.c | 4 +--- 3 files changed, 8 insertions(+), 28 deletions(-) diff --git a/drivers/crypto/cavium/nitrox/nitrox_debugfs.c b/drivers/crypto/cavium/nitrox/nitrox_debugfs.c index 0196b992280f..848ec93d4333 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_debugfs.c +++ b/drivers/crypto/cavium/nitrox/nitrox_debugfs.c @@ -55,31 +55,14 @@ void nitrox_debugfs_exit(struct nitrox_device *ndev) ndev->debugfs_dir = NULL; } -int nitrox_debugfs_init(struct nitrox_device *ndev) +void nitrox_debugfs_init(struct nitrox_device *ndev) { - struct dentry *dir, *f; + struct dentry *dir; dir = debugfs_create_dir(KBUILD_MODNAME, NULL); - if (!dir) - return -ENOMEM; ndev->debugfs_dir = dir; - f = debugfs_create_file("firmware", 0400, dir, ndev, - &firmware_fops); - if (!f) - goto err; - f = debugfs_create_file("device", 0400, dir, ndev, - &device_fops); - if (!f) - goto err; - f = debugfs_create_file("stats", 0400, dir, ndev, - &stats_fops); - if (!f) - goto err; - - return 0; - -err: - nitrox_debugfs_exit(ndev); - return -ENODEV; + debugfs_create_file("firmware", 0400, dir, ndev, &firmware_fops); + debugfs_create_file("device", 0400, dir, ndev, &device_fops); + debugfs_create_file("stats", 0400, dir, ndev, &stats_fops); } diff --git a/drivers/crypto/cavium/nitrox/nitrox_debugfs.h b/drivers/crypto/cavium/nitrox/nitrox_debugfs.h index a8d85ffa619c..f177b79bbab0 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_debugfs.h +++ b/drivers/crypto/cavium/nitrox/nitrox_debugfs.h @@ -5,12 +5,11 @@ #include "nitrox_dev.h" #ifdef CONFIG_DEBUG_FS -int nitrox_debugfs_init(struct nitrox_device *ndev); +void nitrox_debugfs_init(struct nitrox_device *ndev); void nitrox_debugfs_exit(struct nitrox_device *ndev); #else -static inline int nitrox_debugfs_init(struct nitrox_device *ndev) +static inline void nitrox_debugfs_init(struct nitrox_device *ndev) { - return 0; } static inline void nitrox_debugfs_exit(struct nitrox_device *ndev) diff --git a/drivers/crypto/cavium/nitrox/nitrox_main.c b/drivers/crypto/cavium/nitrox/nitrox_main.c index 014e9863c20e..faa78f651238 100644 --- a/drivers/crypto/cavium/nitrox/nitrox_main.c +++ b/drivers/crypto/cavium/nitrox/nitrox_main.c @@ -404,9 +404,7 @@ static int nitrox_probe(struct pci_dev *pdev, if (err) goto pf_hw_fail; - err = nitrox_debugfs_init(ndev); - if (err) - goto pf_hw_fail; + nitrox_debugfs_init(ndev); /* clear the statistics */ atomic64_set(&ndev->stats.posted, 0); -- cgit From 31e1d2608752fea583c1afe73e15bf391b17edfe Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:21 +0100 Subject: crypto: ccp - no need to check return value of debugfs_create functions When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: Tom Lendacky Cc: Gary Hook Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Acked-by: Gary R Hook Signed-off-by: Herbert Xu --- drivers/crypto/ccp/ccp-debugfs.c | 36 +++++++----------------------------- 1 file changed, 7 insertions(+), 29 deletions(-) diff --git a/drivers/crypto/ccp/ccp-debugfs.c b/drivers/crypto/ccp/ccp-debugfs.c index 1a734bd2070a..4bd26af7098d 100644 --- a/drivers/crypto/ccp/ccp-debugfs.c +++ b/drivers/crypto/ccp/ccp-debugfs.c @@ -286,10 +286,7 @@ void ccp5_debugfs_setup(struct ccp_device *ccp) { struct ccp_cmd_queue *cmd_q; char name[MAX_NAME_LEN + 1]; - struct dentry *debugfs_info; - struct dentry *debugfs_stats; struct dentry *debugfs_q_instance; - struct dentry *debugfs_q_stats; int i; if (!debugfs_initialized()) @@ -299,24 +296,14 @@ void ccp5_debugfs_setup(struct ccp_device *ccp) if (!ccp_debugfs_dir) ccp_debugfs_dir = debugfs_create_dir(KBUILD_MODNAME, NULL); mutex_unlock(&ccp_debugfs_lock); - if (!ccp_debugfs_dir) - return; ccp->debugfs_instance = debugfs_create_dir(ccp->name, ccp_debugfs_dir); - if (!ccp->debugfs_instance) - goto err; - debugfs_info = debugfs_create_file("info", 0400, - ccp->debugfs_instance, ccp, - &ccp_debugfs_info_ops); - if (!debugfs_info) - goto err; + debugfs_create_file("info", 0400, ccp->debugfs_instance, ccp, + &ccp_debugfs_info_ops); - debugfs_stats = debugfs_create_file("stats", 0600, - ccp->debugfs_instance, ccp, - &ccp_debugfs_stats_ops); - if (!debugfs_stats) - goto err; + debugfs_create_file("stats", 0600, ccp->debugfs_instance, ccp, + &ccp_debugfs_stats_ops); for (i = 0; i < ccp->cmd_q_count; i++) { cmd_q = &ccp->cmd_q[i]; @@ -325,21 +312,12 @@ void ccp5_debugfs_setup(struct ccp_device *ccp) debugfs_q_instance = debugfs_create_dir(name, ccp->debugfs_instance); - if (!debugfs_q_instance) - goto err; - - debugfs_q_stats = - debugfs_create_file("stats", 0600, - debugfs_q_instance, cmd_q, - &ccp_debugfs_queue_ops); - if (!debugfs_q_stats) - goto err; + + debugfs_create_file("stats", 0600, debugfs_q_instance, cmd_q, + &ccp_debugfs_queue_ops); } return; - -err: - debugfs_remove_recursive(ccp->debugfs_instance); } void ccp5_debugfs_destroy(void) -- cgit From fbb371cf2a54024996976e49931e43567037a829 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 22 Jan 2019 16:14:22 +0100 Subject: crypto: caam - no need to check return value of debugfs_create functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When calling debugfs functions, there is no need to ever check the return value. The function can work or not, but the code logic should never do something different based on this. Cc: "Horia Geantă" Cc: Aymen Sghaier Cc: Herbert Xu Cc: "David S. Miller" Cc: linux-crypto@vger.kernel.org Signed-off-by: Greg Kroah-Hartman Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/ctrl.c | 21 ++++++--------------- drivers/crypto/caam/intern.h | 1 - 2 files changed, 6 insertions(+), 16 deletions(-) diff --git a/drivers/crypto/caam/ctrl.c b/drivers/crypto/caam/ctrl.c index 14fb09223156..858bdc9ab4a3 100644 --- a/drivers/crypto/caam/ctrl.c +++ b/drivers/crypto/caam/ctrl.c @@ -859,27 +859,18 @@ static int caam_probe(struct platform_device *pdev) /* Internal covering keys (useful in non-secure mode only) */ ctrlpriv->ctl_kek_wrap.data = (__force void *)&ctrlpriv->ctrl->kek[0]; ctrlpriv->ctl_kek_wrap.size = KEK_KEY_SIZE * sizeof(u32); - ctrlpriv->ctl_kek = debugfs_create_blob("kek", - S_IRUSR | - S_IRGRP | S_IROTH, - ctrlpriv->ctl, - &ctrlpriv->ctl_kek_wrap); + debugfs_create_blob("kek", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, + &ctrlpriv->ctl_kek_wrap); ctrlpriv->ctl_tkek_wrap.data = (__force void *)&ctrlpriv->ctrl->tkek[0]; ctrlpriv->ctl_tkek_wrap.size = KEK_KEY_SIZE * sizeof(u32); - ctrlpriv->ctl_tkek = debugfs_create_blob("tkek", - S_IRUSR | - S_IRGRP | S_IROTH, - ctrlpriv->ctl, - &ctrlpriv->ctl_tkek_wrap); + debugfs_create_blob("tkek", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, + &ctrlpriv->ctl_tkek_wrap); ctrlpriv->ctl_tdsk_wrap.data = (__force void *)&ctrlpriv->ctrl->tdsk[0]; ctrlpriv->ctl_tdsk_wrap.size = KEK_KEY_SIZE * sizeof(u32); - ctrlpriv->ctl_tdsk = debugfs_create_blob("tdsk", - S_IRUSR | - S_IRGRP | S_IROTH, - ctrlpriv->ctl, - &ctrlpriv->ctl_tdsk_wrap); + debugfs_create_blob("tdsk", S_IRUSR | S_IRGRP | S_IROTH, ctrlpriv->ctl, + &ctrlpriv->ctl_tdsk_wrap); #endif return 0; diff --git a/drivers/crypto/caam/intern.h b/drivers/crypto/caam/intern.h index babc78abd155..5869ad58d497 100644 --- a/drivers/crypto/caam/intern.h +++ b/drivers/crypto/caam/intern.h @@ -106,7 +106,6 @@ struct caam_drv_private { struct dentry *dfs_root; struct dentry *ctl; /* controller dir */ struct debugfs_blob_wrapper ctl_kek_wrap, ctl_tkek_wrap, ctl_tdsk_wrap; - struct dentry *ctl_kek, *ctl_tkek, *ctl_tdsk; #endif }; -- cgit From 16c8ad7b5f124a427708730a16a4375fcadadfed Mon Sep 17 00:00:00 2001 From: Roland Hieber Date: Tue, 22 Jan 2019 16:26:08 +0100 Subject: crypto: caam - fix indentation of goto label Signed-off-by: Roland Hieber Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 2eb8959e2fdc..5855d03f52d1 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -955,7 +955,7 @@ static int ahash_update_ctx(struct ahash_request *req) #endif return ret; - unmap_ctx: +unmap_ctx: ahash_unmap_ctx(jrdev, edesc, req, ctx->ctx_len, DMA_BIDIRECTIONAL); kfree(edesc); return ret; -- cgit From b04a27ca175d66f3662ad334f538254d560838f9 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Wed, 23 Jan 2019 14:55:17 +0800 Subject: crypto: chelsio - Fix passing zero to 'PTR_ERR' warning in chcr_aead_op Fix a static code checker warning: drivers/crypto/chelsio/chcr_algo.c:3681 chcr_aead_op() warn: passing zero to 'PTR_ERR' Fixes: 2debd3325e55 ("crypto: chcr - Add AEAD algos.") Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_algo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c index adc1b3069d60..8d8cf80b9294 100644 --- a/drivers/crypto/chelsio/chcr_algo.c +++ b/drivers/crypto/chelsio/chcr_algo.c @@ -3676,9 +3676,9 @@ static int chcr_aead_op(struct aead_request *req, /* Form a WR from req */ skb = create_wr_fn(req, u_ctx->lldi.rxq_ids[a_ctx(tfm)->rx_qidx], size); - if (IS_ERR(skb) || !skb) { + if (IS_ERR_OR_NULL(skb)) { chcr_dec_wrcount(cdev); - return PTR_ERR(skb); + return PTR_ERR_OR_ZERO(skb); } skb->dev = u_ctx->lldi.ports[0]; -- cgit From 6e88098ca43a3d80ae86908f7badba683c8a0d84 Mon Sep 17 00:00:00 2001 From: Corentin Labbe Date: Wed, 23 Jan 2019 11:24:18 +0000 Subject: crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments When building without CONFIG_HW_RANDOM_PPC4XX, I hit the following build failure: drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_probe': drivers/crypto/amcc/crypto4xx_core.c:1407:20: error: passing argument 1 of 'ppc4xx_trng_probe' from incompatible pointer type [-Werror=incompatible-pointer-types] In file included from drivers/crypto/amcc/crypto4xx_core.c:50:0: drivers/crypto/amcc/crypto4xx_trng.h:28:20: note: expected 'struct crypto4xx_device *' but argument is of type 'struct crypto4xx_core_device *' drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_remove': drivers/crypto/amcc/crypto4xx_core.c:1434:21: error: passing argument 1 of 'ppc4xx_trng_remove' from incompatible pointer type [-Werror=incompatible-pointer-types] In file included from drivers/crypto/amcc/crypto4xx_core.c:50:0: drivers/crypto/amcc/crypto4xx_trng.h:30:20: note: expected 'struct crypto4xx_device *' but argument is of type 'struct crypto4xx_core_device *' This patch fix the needed argument of ppc4xx_trng_probe()/ppc4xx_trng_remove() in that case. Fixes: 5343e674f32f ("crypto4xx: integrate ppc4xx-rng into crypto4xx") Signed-off-by: Corentin Labbe Signed-off-by: Herbert Xu --- drivers/crypto/amcc/crypto4xx_trng.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/amcc/crypto4xx_trng.h b/drivers/crypto/amcc/crypto4xx_trng.h index 931d22531f51..7bbda51b7337 100644 --- a/drivers/crypto/amcc/crypto4xx_trng.h +++ b/drivers/crypto/amcc/crypto4xx_trng.h @@ -26,9 +26,9 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev); void ppc4xx_trng_remove(struct crypto4xx_core_device *core_dev); #else static inline void ppc4xx_trng_probe( - struct crypto4xx_device *dev __maybe_unused) { } + struct crypto4xx_core_device *dev __maybe_unused) { } static inline void ppc4xx_trng_remove( - struct crypto4xx_device *dev __maybe_unused) { } + struct crypto4xx_core_device *dev __maybe_unused) { } #endif #endif -- cgit From 971108c3a8b0216d7827f866c47abd392138b14c Mon Sep 17 00:00:00 2001 From: Lars Persson Date: Wed, 23 Jan 2019 12:59:40 +0100 Subject: crypto: axis - remove sha384 support for artpec7 The hardware implementation of SHA384 was not correct and it cannot be used in any situation. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 107 +---------------------------------- 1 file changed, 2 insertions(+), 105 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 1a1858cea979..ea3d59104ce6 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -135,7 +135,6 @@ #define regk_crypto_ext 0x00000001 #define regk_crypto_hmac_sha1 0x00000007 #define regk_crypto_hmac_sha256 0x00000009 -#define regk_crypto_hmac_sha384 0x0000000b #define regk_crypto_hmac_sha512 0x0000000d #define regk_crypto_init 0x00000000 #define regk_crypto_key_128 0x00000000 @@ -144,7 +143,6 @@ #define regk_crypto_null 0x00000000 #define regk_crypto_sha1 0x00000006 #define regk_crypto_sha256 0x00000008 -#define regk_crypto_sha384 0x0000000a #define regk_crypto_sha512 0x0000000c /* DMA descriptor structures */ @@ -190,7 +188,6 @@ struct pdma_stat_descr { /* Hash modes (including HMAC variants) */ #define ARTPEC6_CRYPTO_HASH_SHA1 1 #define ARTPEC6_CRYPTO_HASH_SHA256 2 -#define ARTPEC6_CRYPTO_HASH_SHA384 3 #define ARTPEC6_CRYPTO_HASH_SHA512 4 /* Crypto modes */ @@ -1315,8 +1312,7 @@ static int artpec6_crypto_prepare_hash(struct ahash_request *areq) struct artpec6_hashalg_context *ctx = crypto_tfm_ctx(areq->base.tfm); struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(areq); size_t digestsize = crypto_ahash_digestsize(crypto_ahash_reqtfm(areq)); - size_t contextsize = digestsize == SHA384_DIGEST_SIZE ? - SHA512_DIGEST_SIZE : digestsize; + size_t contextsize = digestsize; size_t blocksize = crypto_tfm_alg_blocksize( crypto_ahash_tfm(crypto_ahash_reqtfm(areq))); struct artpec6_crypto_req_common *common = &req_ctx->common; @@ -1456,7 +1452,6 @@ static int artpec6_crypto_prepare_hash(struct ahash_request *areq) /* Finalize */ if (req_ctx->hash_flags & HASH_FLAG_FINALIZE) { - bool needtrim = contextsize != digestsize; size_t hash_pad_len; u64 digest_bits; u32 oper; @@ -1502,19 +1497,10 @@ static int artpec6_crypto_prepare_hash(struct ahash_request *areq) /* Descriptor for the final result */ error = artpec6_crypto_setup_in_descr(common, areq->result, digestsize, - !needtrim); + true); if (error) return error; - if (needtrim) { - /* Discard the extra context bytes for SHA-384 */ - error = artpec6_crypto_setup_in_descr(common, - req_ctx->partial_buffer, - digestsize - contextsize, true); - if (error) - return error; - } - } else { /* This is not the final operation for this request */ if (!run_hw) return ARTPEC6_CRYPTO_PREPARE_HASH_NO_START; @@ -2266,9 +2252,6 @@ artpec6_crypto_init_hash(struct ahash_request *req, u8 type, int hmac) case ARTPEC6_CRYPTO_HASH_SHA256: oper = hmac ? regk_crypto_hmac_sha256 : regk_crypto_sha256; break; - case ARTPEC6_CRYPTO_HASH_SHA384: - oper = hmac ? regk_crypto_hmac_sha384 : regk_crypto_sha384; - break; case ARTPEC6_CRYPTO_HASH_SHA512: oper = hmac ? regk_crypto_hmac_sha512 : regk_crypto_sha512; break; @@ -2368,22 +2351,6 @@ static int artpec6_crypto_sha256_digest(struct ahash_request *req) return artpec6_crypto_prepare_submit_hash(req); } -static int __maybe_unused artpec6_crypto_sha384_init(struct ahash_request *req) -{ - return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 0); -} - -static int __maybe_unused -artpec6_crypto_sha384_digest(struct ahash_request *req) -{ - struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); - - artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 0); - req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; - - return artpec6_crypto_prepare_submit_hash(req); -} - static int artpec6_crypto_sha512_init(struct ahash_request *req) { return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 0); @@ -2404,12 +2371,6 @@ static int artpec6_crypto_hmac_sha256_init(struct ahash_request *req) return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA256, 1); } -static int __maybe_unused -artpec6_crypto_hmac_sha384_init(struct ahash_request *req) -{ - return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 1); -} - static int artpec6_crypto_hmac_sha512_init(struct ahash_request *req) { return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 1); @@ -2425,17 +2386,6 @@ static int artpec6_crypto_hmac_sha256_digest(struct ahash_request *req) return artpec6_crypto_prepare_submit_hash(req); } -static int __maybe_unused -artpec6_crypto_hmac_sha384_digest(struct ahash_request *req) -{ - struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); - - artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA384, 1); - req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; - - return artpec6_crypto_prepare_submit_hash(req); -} - static int artpec6_crypto_hmac_sha512_digest(struct ahash_request *req) { struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); @@ -2480,12 +2430,6 @@ static int artpec6_crypto_ahash_init_hmac_sha256(struct crypto_tfm *tfm) return artpec6_crypto_ahash_init_common(tfm, "sha256"); } -static int __maybe_unused -artpec6_crypto_ahash_init_hmac_sha384(struct crypto_tfm *tfm) -{ - return artpec6_crypto_ahash_init_common(tfm, "sha384"); -} - static int artpec6_crypto_ahash_init_hmac_sha512(struct crypto_tfm *tfm) { return artpec6_crypto_ahash_init_common(tfm, "sha512"); @@ -2762,53 +2706,6 @@ static struct ahash_alg hash_algos[] = { }; static struct ahash_alg artpec7_hash_algos[] = { - /* SHA-384 */ - { - .init = artpec6_crypto_sha384_init, - .update = artpec6_crypto_hash_update, - .final = artpec6_crypto_hash_final, - .digest = artpec6_crypto_sha384_digest, - .import = artpec6_crypto_hash_import, - .export = artpec6_crypto_hash_export, - .halg.digestsize = SHA384_DIGEST_SIZE, - .halg.statesize = sizeof(struct artpec6_hash_export_state), - .halg.base = { - .cra_name = "sha384", - .cra_driver_name = "artpec-sha384", - .cra_priority = 300, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = SHA384_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct artpec6_hashalg_context), - .cra_alignmask = 3, - .cra_module = THIS_MODULE, - .cra_init = artpec6_crypto_ahash_init, - .cra_exit = artpec6_crypto_ahash_exit, - } - }, - /* HMAC SHA-384 */ - { - .init = artpec6_crypto_hmac_sha384_init, - .update = artpec6_crypto_hash_update, - .final = artpec6_crypto_hash_final, - .digest = artpec6_crypto_hmac_sha384_digest, - .import = artpec6_crypto_hash_import, - .export = artpec6_crypto_hash_export, - .setkey = artpec6_crypto_hash_set_key, - .halg.digestsize = SHA384_DIGEST_SIZE, - .halg.statesize = sizeof(struct artpec6_hash_export_state), - .halg.base = { - .cra_name = "hmac(sha384)", - .cra_driver_name = "artpec-hmac-sha384", - .cra_priority = 300, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = SHA384_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct artpec6_hashalg_context), - .cra_alignmask = 3, - .cra_module = THIS_MODULE, - .cra_init = artpec6_crypto_ahash_init_hmac_sha384, - .cra_exit = artpec6_crypto_ahash_exit, - } - }, /* SHA-512 */ { .init = artpec6_crypto_sha512_init, -- cgit From f68deebabe2190d343624964860c48a8056f7e2a Mon Sep 17 00:00:00 2001 From: Lars Persson Date: Wed, 23 Jan 2019 12:59:41 +0100 Subject: crypto: axis - remove sha512 support for artpec7 The hardware cannot restore the context correctly when it operates in SHA512 mode. This is too restrictive when operating in a framework that can interleave multiple hash sessions. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 126 +++-------------------------------- 1 file changed, 9 insertions(+), 117 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index ea3d59104ce6..e6c61a45eb71 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -135,7 +135,6 @@ #define regk_crypto_ext 0x00000001 #define regk_crypto_hmac_sha1 0x00000007 #define regk_crypto_hmac_sha256 0x00000009 -#define regk_crypto_hmac_sha512 0x0000000d #define regk_crypto_init 0x00000000 #define regk_crypto_key_128 0x00000000 #define regk_crypto_key_192 0x00000001 @@ -143,7 +142,6 @@ #define regk_crypto_null 0x00000000 #define regk_crypto_sha1 0x00000006 #define regk_crypto_sha256 0x00000008 -#define regk_crypto_sha512 0x0000000c /* DMA descriptor structures */ struct pdma_descr_ctrl { @@ -188,7 +186,6 @@ struct pdma_stat_descr { /* Hash modes (including HMAC variants) */ #define ARTPEC6_CRYPTO_HASH_SHA1 1 #define ARTPEC6_CRYPTO_HASH_SHA256 2 -#define ARTPEC6_CRYPTO_HASH_SHA512 4 /* Crypto modes */ #define ARTPEC6_CRYPTO_CIPHER_AES_ECB 1 @@ -288,11 +285,11 @@ struct artpec6_crypto_req_common { }; struct artpec6_hash_request_context { - char partial_buffer[SHA512_BLOCK_SIZE]; - char partial_buffer_out[SHA512_BLOCK_SIZE]; - char key_buffer[SHA512_BLOCK_SIZE]; - char pad_buffer[SHA512_BLOCK_SIZE + 32]; - unsigned char digeststate[SHA512_DIGEST_SIZE]; + char partial_buffer[SHA256_BLOCK_SIZE]; + char partial_buffer_out[SHA256_BLOCK_SIZE]; + char key_buffer[SHA256_BLOCK_SIZE]; + char pad_buffer[SHA256_BLOCK_SIZE + 32]; + unsigned char digeststate[SHA256_DIGEST_SIZE]; size_t partial_bytes; u64 digcnt; u32 key_md; @@ -302,8 +299,8 @@ struct artpec6_hash_request_context { }; struct artpec6_hash_export_state { - char partial_buffer[SHA512_BLOCK_SIZE]; - unsigned char digeststate[SHA512_DIGEST_SIZE]; + char partial_buffer[SHA256_BLOCK_SIZE]; + unsigned char digeststate[SHA256_DIGEST_SIZE]; size_t partial_bytes; u64 digcnt; int oper; @@ -311,7 +308,7 @@ struct artpec6_hash_export_state { }; struct artpec6_hashalg_context { - char hmac_key[SHA512_BLOCK_SIZE]; + char hmac_key[SHA256_BLOCK_SIZE]; size_t hmac_key_length; struct crypto_shash *child_hash; }; @@ -2252,10 +2249,6 @@ artpec6_crypto_init_hash(struct ahash_request *req, u8 type, int hmac) case ARTPEC6_CRYPTO_HASH_SHA256: oper = hmac ? regk_crypto_hmac_sha256 : regk_crypto_sha256; break; - case ARTPEC6_CRYPTO_HASH_SHA512: - oper = hmac ? regk_crypto_hmac_sha512 : regk_crypto_sha512; - break; - default: pr_err("%s: Unsupported hash type 0x%x\n", MODULE_NAME, type); return -EINVAL; @@ -2351,31 +2344,11 @@ static int artpec6_crypto_sha256_digest(struct ahash_request *req) return artpec6_crypto_prepare_submit_hash(req); } -static int artpec6_crypto_sha512_init(struct ahash_request *req) -{ - return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 0); -} - -static int artpec6_crypto_sha512_digest(struct ahash_request *req) -{ - struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); - - artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 0); - req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; - - return artpec6_crypto_prepare_submit_hash(req); -} - static int artpec6_crypto_hmac_sha256_init(struct ahash_request *req) { return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA256, 1); } -static int artpec6_crypto_hmac_sha512_init(struct ahash_request *req) -{ - return artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 1); -} - static int artpec6_crypto_hmac_sha256_digest(struct ahash_request *req) { struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); @@ -2386,16 +2359,6 @@ static int artpec6_crypto_hmac_sha256_digest(struct ahash_request *req) return artpec6_crypto_prepare_submit_hash(req); } -static int artpec6_crypto_hmac_sha512_digest(struct ahash_request *req) -{ - struct artpec6_hash_request_context *req_ctx = ahash_request_ctx(req); - - artpec6_crypto_init_hash(req, ARTPEC6_CRYPTO_HASH_SHA512, 1); - req_ctx->hash_flags |= HASH_FLAG_UPDATE | HASH_FLAG_FINALIZE; - - return artpec6_crypto_prepare_submit_hash(req); -} - static int artpec6_crypto_ahash_init_common(struct crypto_tfm *tfm, const char *base_hash_name) { @@ -2430,11 +2393,6 @@ static int artpec6_crypto_ahash_init_hmac_sha256(struct crypto_tfm *tfm) return artpec6_crypto_ahash_init_common(tfm, "sha256"); } -static int artpec6_crypto_ahash_init_hmac_sha512(struct crypto_tfm *tfm) -{ - return artpec6_crypto_ahash_init_common(tfm, "sha512"); -} - static void artpec6_crypto_ahash_exit(struct crypto_tfm *tfm) { struct artpec6_hashalg_context *tfm_ctx = crypto_tfm_ctx(tfm); @@ -2705,56 +2663,6 @@ static struct ahash_alg hash_algos[] = { }, }; -static struct ahash_alg artpec7_hash_algos[] = { - /* SHA-512 */ - { - .init = artpec6_crypto_sha512_init, - .update = artpec6_crypto_hash_update, - .final = artpec6_crypto_hash_final, - .digest = artpec6_crypto_sha512_digest, - .import = artpec6_crypto_hash_import, - .export = artpec6_crypto_hash_export, - .halg.digestsize = SHA512_DIGEST_SIZE, - .halg.statesize = sizeof(struct artpec6_hash_export_state), - .halg.base = { - .cra_name = "sha512", - .cra_driver_name = "artpec-sha512", - .cra_priority = 300, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = SHA512_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct artpec6_hashalg_context), - .cra_alignmask = 3, - .cra_module = THIS_MODULE, - .cra_init = artpec6_crypto_ahash_init, - .cra_exit = artpec6_crypto_ahash_exit, - } - }, - /* HMAC SHA-512 */ - { - .init = artpec6_crypto_hmac_sha512_init, - .update = artpec6_crypto_hash_update, - .final = artpec6_crypto_hash_final, - .digest = artpec6_crypto_hmac_sha512_digest, - .import = artpec6_crypto_hash_import, - .export = artpec6_crypto_hash_export, - .setkey = artpec6_crypto_hash_set_key, - .halg.digestsize = SHA512_DIGEST_SIZE, - .halg.statesize = sizeof(struct artpec6_hash_export_state), - .halg.base = { - .cra_name = "hmac(sha512)", - .cra_driver_name = "artpec-hmac-sha512", - .cra_priority = 300, - .cra_flags = CRYPTO_ALG_ASYNC, - .cra_blocksize = SHA512_BLOCK_SIZE, - .cra_ctxsize = sizeof(struct artpec6_hashalg_context), - .cra_alignmask = 3, - .cra_module = THIS_MODULE, - .cra_init = artpec6_crypto_ahash_init_hmac_sha512, - .cra_exit = artpec6_crypto_ahash_exit, - } - }, -}; - /* Crypto */ static struct skcipher_alg crypto_algos[] = { /* AES - ECB */ @@ -2992,19 +2900,10 @@ static int artpec6_crypto_probe(struct platform_device *pdev) goto disable_hw; } - if (variant != ARTPEC6_CRYPTO) { - err = crypto_register_ahashes(artpec7_hash_algos, - ARRAY_SIZE(artpec7_hash_algos)); - if (err) { - dev_err(dev, "Failed to register ahashes\n"); - goto unregister_ahashes; - } - } - err = crypto_register_skciphers(crypto_algos, ARRAY_SIZE(crypto_algos)); if (err) { dev_err(dev, "Failed to register ciphers\n"); - goto unregister_a7_ahashes; + goto unregister_ahashes; } err = crypto_register_aeads(aead_algos, ARRAY_SIZE(aead_algos)); @@ -3017,10 +2916,6 @@ static int artpec6_crypto_probe(struct platform_device *pdev) unregister_algs: crypto_unregister_skciphers(crypto_algos, ARRAY_SIZE(crypto_algos)); -unregister_a7_ahashes: - if (variant != ARTPEC6_CRYPTO) - crypto_unregister_ahashes(artpec7_hash_algos, - ARRAY_SIZE(artpec7_hash_algos)); unregister_ahashes: crypto_unregister_ahashes(hash_algos, ARRAY_SIZE(hash_algos)); disable_hw: @@ -3036,9 +2931,6 @@ static int artpec6_crypto_remove(struct platform_device *pdev) int irq = platform_get_irq(pdev, 0); crypto_unregister_ahashes(hash_algos, ARRAY_SIZE(hash_algos)); - if (ac->variant != ARTPEC6_CRYPTO) - crypto_unregister_ahashes(artpec7_hash_algos, - ARRAY_SIZE(artpec7_hash_algos)); crypto_unregister_skciphers(crypto_algos, ARRAY_SIZE(crypto_algos)); crypto_unregister_aeads(aead_algos, ARRAY_SIZE(aead_algos)); -- cgit From c34a83820f59bb275e5f2d55cd5ea99c64f6ef23 Mon Sep 17 00:00:00 2001 From: Lars Persson Date: Wed, 23 Jan 2019 12:59:42 +0100 Subject: crypto: axis - fix for recursive locking from bottom half Clients may submit a new requests from the completion callback context. The driver was not prepared to receive a request in this state because it already held the request queue lock and a recursive lock error is triggered. Now all completions are queued up until we are ready to drop the queue lock and then delivered. The fault was triggered by TCP over an IPsec connection in the LTP test suite: LTP: starting tcp4_ipsec02 (tcp_ipsec.sh -p ah -m transport -s "100 1000 65535") BUG: spinlock recursion on CPU#1, genload/943 lock: 0xbf3c3094, .magic: dead4ead, .owner: genload/943, .owner_cpu: 1 CPU: 1 PID: 943 Comm: genload Tainted: G O 4.9.62-axis5-devel #6 Hardware name: Axis ARTPEC-6 Platform (unwind_backtrace) from [<8010d134>] (show_stack+0x18/0x1c) (show_stack) from [<803a289c>] (dump_stack+0x84/0x98) (dump_stack) from [<8016e164>] (do_raw_spin_lock+0x124/0x128) (do_raw_spin_lock) from [<804de1a4>] (artpec6_crypto_submit+0x2c/0xa0) (artpec6_crypto_submit) from [<804def38>] (artpec6_crypto_prepare_submit_hash+0xd0/0x54c) (artpec6_crypto_prepare_submit_hash) from [<7f3165f0>] (ah_output+0x2a4/0x3dc [ah4]) (ah_output [ah4]) from [<805df9bc>] (xfrm_output_resume+0x178/0x4a4) (xfrm_output_resume) from [<805d283c>] (xfrm4_output+0xac/0xbc) (xfrm4_output) from [<80587928>] (ip_queue_xmit+0x140/0x3b4) (ip_queue_xmit) from [<805a13b4>] (tcp_transmit_skb+0x4c4/0x95c) (tcp_transmit_skb) from [<8059f218>] (tcp_rcv_state_process+0xdf4/0xdfc) (tcp_rcv_state_process) from [<805a7530>] (tcp_v4_do_rcv+0x64/0x1ac) (tcp_v4_do_rcv) from [<805a9724>] (tcp_v4_rcv+0xa34/0xb74) (tcp_v4_rcv) from [<80581d34>] (ip_local_deliver_finish+0x78/0x2b0) (ip_local_deliver_finish) from [<8058259c>] (ip_local_deliver+0xe4/0x104) (ip_local_deliver) from [<805d23ec>] (xfrm4_transport_finish+0xf4/0x144) (xfrm4_transport_finish) from [<805df564>] (xfrm_input+0x4f4/0x74c) (xfrm_input) from [<804de420>] (artpec6_crypto_task+0x208/0x38c) (artpec6_crypto_task) from [<801271b0>] (tasklet_action+0x60/0xec) (tasklet_action) from [<801266d4>] (__do_softirq+0xcc/0x3a4) (__do_softirq) from [<80126d20>] (irq_exit+0xf4/0x15c) (irq_exit) from [<801741e8>] (__handle_domain_irq+0x68/0xbc) (__handle_domain_irq) from [<801014f0>] (gic_handle_irq+0x50/0x94) (gic_handle_irq) from [<80657370>] (__irq_usr+0x50/0x80) Signed-off-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index e6c61a45eb71..da5a73944a78 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -278,6 +278,7 @@ enum artpec6_crypto_hash_flags { struct artpec6_crypto_req_common { struct list_head list; + struct list_head complete_in_progress; struct artpec6_crypto_dma_descriptors *dma; struct crypto_async_request *req; void (*complete)(struct crypto_async_request *req); @@ -2028,7 +2029,8 @@ static int artpec6_crypto_prepare_aead(struct aead_request *areq) return artpec6_crypto_dma_map_descs(common); } -static void artpec6_crypto_process_queue(struct artpec6_crypto *ac) +static void artpec6_crypto_process_queue(struct artpec6_crypto *ac, + struct list_head *completions) { struct artpec6_crypto_req_common *req; @@ -2039,7 +2041,7 @@ static void artpec6_crypto_process_queue(struct artpec6_crypto *ac) list_move_tail(&req->list, &ac->pending); artpec6_crypto_start_dma(req); - req->req->complete(req->req, -EINPROGRESS); + list_add_tail(&req->complete_in_progress, completions); } /* @@ -2069,6 +2071,11 @@ static void artpec6_crypto_task(unsigned long data) struct artpec6_crypto *ac = (struct artpec6_crypto *)data; struct artpec6_crypto_req_common *req; struct artpec6_crypto_req_common *n; + struct list_head complete_done; + struct list_head complete_in_progress; + + INIT_LIST_HEAD(&complete_done); + INIT_LIST_HEAD(&complete_in_progress); if (list_empty(&ac->pending)) { pr_debug("Spurious IRQ\n"); @@ -2102,19 +2109,30 @@ static void artpec6_crypto_task(unsigned long data) pr_debug("Completing request %p\n", req); - list_del(&req->list); + list_move_tail(&req->list, &complete_done); artpec6_crypto_dma_unmap_all(req); artpec6_crypto_copy_bounce_buffers(req); ac->pending_count--; artpec6_crypto_common_destroy(req); - req->complete(req->req); } - artpec6_crypto_process_queue(ac); + artpec6_crypto_process_queue(ac, &complete_in_progress); spin_unlock_bh(&ac->queue_lock); + + /* Perform the completion callbacks without holding the queue lock + * to allow new request submissions from the callbacks. + */ + list_for_each_entry_safe(req, n, &complete_done, list) { + req->complete(req->req); + } + + list_for_each_entry_safe(req, n, &complete_in_progress, + complete_in_progress) { + req->req->complete(req->req, -EINPROGRESS); + } } static void artpec6_crypto_complete_crypto(struct crypto_async_request *req) -- cgit From 0d1d482416002791a705e7acef55edcd989facd2 Mon Sep 17 00:00:00 2001 From: Lars Persson Date: Wed, 23 Jan 2019 12:59:43 +0100 Subject: crypto: axis - give DMA the start of the status buffer The driver was optimized to only do cache maintenance for the last word of the dma descriptor status array. Unfortunately an omission also passed the last word as the address of the array start to the DMA engine. In most cases this goes unnoticed since the hardware aligns the address to a 64 byte boundary. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index da5a73944a78..e8a57b9e1c7a 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -665,8 +665,8 @@ artpec6_crypto_dma_map_descs(struct artpec6_crypto_req_common *common) * to be written. */ return artpec6_crypto_dma_map_single(common, - dma->stat + dma->in_cnt - 1, - sizeof(dma->stat[0]), + dma->stat, + sizeof(dma->stat[0]) * dma->in_cnt, DMA_BIDIRECTIONAL, &dma->stat_dma_addr); } @@ -2087,9 +2087,12 @@ static void artpec6_crypto_task(unsigned long data) list_for_each_entry_safe(req, n, &ac->pending, list) { struct artpec6_crypto_dma_descriptors *dma = req->dma; u32 stat; + dma_addr_t stataddr; - dma_sync_single_for_cpu(artpec6_crypto_dev, dma->stat_dma_addr, - sizeof(dma->stat[0]), + stataddr = dma->stat_dma_addr + 4 * (req->dma->in_cnt - 1); + dma_sync_single_for_cpu(artpec6_crypto_dev, + stataddr, + 4, DMA_BIDIRECTIONAL); stat = req->dma->stat[req->dma->in_cnt-1]; -- cgit From 48ef0908b81cc6b92ec8b157bb78ce2c4eddd7c7 Mon Sep 17 00:00:00 2001 From: Lars Persson Date: Wed, 23 Jan 2019 12:59:44 +0100 Subject: crypto: axis - support variable AEAD tag length The implementation assumed that the client always wants the whole 16 byte AES-GCM tag. Now we respect the requested authentication tag size fetched using crypto_aead_authsize(). Signed-off-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index e8a57b9e1c7a..5089ad2c49f9 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -1907,7 +1907,7 @@ static int artpec6_crypto_prepare_aead(struct aead_request *areq) /* For the decryption, cryptlen includes the tag. */ input_length = areq->cryptlen; if (req_ctx->decrypt) - input_length -= AES_BLOCK_SIZE; + input_length -= crypto_aead_authsize(cipher); /* Prepare the context buffer */ req_ctx->hw_ctx.aad_length_bits = @@ -1972,7 +1972,7 @@ static int artpec6_crypto_prepare_aead(struct aead_request *areq) size_t output_len = areq->cryptlen; if (req_ctx->decrypt) - output_len -= AES_BLOCK_SIZE; + output_len -= crypto_aead_authsize(cipher); artpec6_crypto_walk_init(&walk, areq->dst); @@ -2001,19 +2001,32 @@ static int artpec6_crypto_prepare_aead(struct aead_request *areq) * the output ciphertext. For decryption it is put in a context * buffer for later compare against the input tag. */ - count = AES_BLOCK_SIZE; if (req_ctx->decrypt) { ret = artpec6_crypto_setup_in_descr(common, - req_ctx->decryption_tag, count, false); + req_ctx->decryption_tag, AES_BLOCK_SIZE, false); if (ret) return ret; } else { + /* For encryption the requested tag size may be smaller + * than the hardware's generated tag. + */ + size_t authsize = crypto_aead_authsize(cipher); + ret = artpec6_crypto_setup_sg_descrs_in(common, &walk, - count); + authsize); if (ret) return ret; + + if (authsize < AES_BLOCK_SIZE) { + count = AES_BLOCK_SIZE - authsize; + ret = artpec6_crypto_setup_in_descr(common, + ac->pad_buffer, + count, false); + if (ret) + return ret; + } } } @@ -2174,27 +2187,29 @@ static void artpec6_crypto_complete_aead(struct crypto_async_request *req) /* Verify GCM hashtag. */ struct aead_request *areq = container_of(req, struct aead_request, base); + struct crypto_aead *aead = crypto_aead_reqtfm(areq); struct artpec6_crypto_aead_req_ctx *req_ctx = aead_request_ctx(areq); if (req_ctx->decrypt) { u8 input_tag[AES_BLOCK_SIZE]; + unsigned int authsize = crypto_aead_authsize(aead); sg_pcopy_to_buffer(areq->src, sg_nents(areq->src), input_tag, - AES_BLOCK_SIZE, + authsize, areq->assoclen + areq->cryptlen - - AES_BLOCK_SIZE); + authsize); if (memcmp(req_ctx->decryption_tag, input_tag, - AES_BLOCK_SIZE)) { + authsize)) { pr_debug("***EBADMSG:\n"); print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1, - input_tag, AES_BLOCK_SIZE, true); + input_tag, authsize, true); print_hex_dump_debug("out:", DUMP_PREFIX_ADDRESS, 32, 1, req_ctx->decryption_tag, - AES_BLOCK_SIZE, true); + authsize, true); result = -EBADMSG; } -- cgit From 5997a245c77b754fb8ef807043066fcfde64858c Mon Sep 17 00:00:00 2001 From: Lars Persson Date: Wed, 23 Jan 2019 12:59:45 +0100 Subject: crypto: axis - use a constant time tag compare Avoid plain memcmp() on the AEAD tag value as this could leak information through a timing side channel. Signed-off-by: Lars Persson Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 5089ad2c49f9..109efab6a9df 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -2201,9 +2201,9 @@ static void artpec6_crypto_complete_aead(struct crypto_async_request *req) areq->assoclen + areq->cryptlen - authsize); - if (memcmp(req_ctx->decryption_tag, - input_tag, - authsize)) { + if (crypto_memneq(req_ctx->decryption_tag, + input_tag, + authsize)) { pr_debug("***EBADMSG:\n"); print_hex_dump_debug("ref:", DUMP_PREFIX_ADDRESS, 32, 1, input_tag, authsize, true); -- cgit From 341a64c7e69f54e319ac187721b342f7620af6d6 Mon Sep 17 00:00:00 2001 From: Vincent Whitchurch Date: Wed, 23 Jan 2019 12:59:46 +0100 Subject: crypto: axis - move request unmap outside of the queue lock The request unmap and bounce buffer copying is currently unnecessarily done while holding the queue spin lock. Signed-off-by: Lars Persson Signed-off-by: Vincent Whitchurch Signed-off-by: Herbert Xu --- drivers/crypto/axis/artpec6_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/axis/artpec6_crypto.c b/drivers/crypto/axis/artpec6_crypto.c index 109efab6a9df..57e5dca3253f 100644 --- a/drivers/crypto/axis/artpec6_crypto.c +++ b/drivers/crypto/axis/artpec6_crypto.c @@ -2127,11 +2127,7 @@ static void artpec6_crypto_task(unsigned long data) list_move_tail(&req->list, &complete_done); - artpec6_crypto_dma_unmap_all(req); - artpec6_crypto_copy_bounce_buffers(req); - ac->pending_count--; - artpec6_crypto_common_destroy(req); } artpec6_crypto_process_queue(ac, &complete_in_progress); @@ -2142,6 +2138,10 @@ static void artpec6_crypto_task(unsigned long data) * to allow new request submissions from the callbacks. */ list_for_each_entry_safe(req, n, &complete_done, list) { + artpec6_crypto_dma_unmap_all(req); + artpec6_crypto_copy_bounce_buffers(req); + artpec6_crypto_common_destroy(req); + req->complete(req->req); } -- cgit From eb5e6730db98fcc4b51148b4a819fa4bf864ae54 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 23 Jan 2019 20:57:35 -0800 Subject: crypto: testmgr - skip crc32c context test for ahash algorithms Instantiating "cryptd(crc32c)" causes a crypto self-test failure because the crypto_alloc_shash() in alg_test_crc32c() fails. This is because cryptd(crc32c) is an ahash algorithm, not a shash algorithm; so it can only be accessed through the ahash API, unlike shash algorithms which can be accessed through both the ahash and shash APIs. As the test is testing the shash descriptor format which is only applicable to shash algorithms, skip it for ahash algorithms. (Note that it's still important to fix crypto self-test failures even for weird algorithm instantiations like cryptd(crc32c) that no one would really use; in fips_enabled mode unprivileged users can use them to panic the kernel, and also they prevent treating a crypto self-test failure as a bug when fuzzing the kernel.) Fixes: 8e3ee85e68c5 ("crypto: crc32c - Test descriptor context format") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 4ac3d22256c3..a73455b543ad 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1909,14 +1909,21 @@ static int alg_test_crc32c(const struct alg_test_desc *desc, err = alg_test_hash(desc, driver, type, mask); if (err) - goto out; + return err; tfm = crypto_alloc_shash(driver, type, mask); if (IS_ERR(tfm)) { + if (PTR_ERR(tfm) == -ENOENT) { + /* + * This crc32c implementation is only available through + * ahash API, not the shash API, so the remaining part + * of the test is not applicable to it. + */ + return 0; + } printk(KERN_ERR "alg: crc32c: Failed to load transform for %s: " "%ld\n", driver, PTR_ERR(tfm)); - err = PTR_ERR(tfm); - goto out; + return PTR_ERR(tfm); } do { @@ -1943,7 +1950,6 @@ static int alg_test_crc32c(const struct alg_test_desc *desc, crypto_free_shash(tfm); -out: return err; } -- cgit From eaf46edf6ea89675bd36245369c8de5063a0272c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Thu, 24 Jan 2019 17:33:45 +0100 Subject: crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling The NEON MAC calculation routine fails to handle the case correctly where there is some data in the buffer, and the input fills it up exactly. In this case, we enter the loop at the end with w8 == 0, while a negative value is assumed, and so the loop carries on until the increment of the 32-bit counter wraps around, which is quite obviously wrong. So omit the loop altogether in this case, and exit right away. Reported-by: Eric Biggers Fixes: a3fd82105b9d1 ("arm64/crypto: AES in CCM mode using ARMv8 Crypto ...") Cc: stable@vger.kernel.org Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/aes-ce-ccm-core.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/arch/arm64/crypto/aes-ce-ccm-core.S b/arch/arm64/crypto/aes-ce-ccm-core.S index e3a375c4cb83..1b151442dac1 100644 --- a/arch/arm64/crypto/aes-ce-ccm-core.S +++ b/arch/arm64/crypto/aes-ce-ccm-core.S @@ -74,12 +74,13 @@ ENTRY(ce_aes_ccm_auth_data) beq 10f ext v0.16b, v0.16b, v0.16b, #1 /* rotate out the mac bytes */ b 7b -8: mov w7, w8 +8: cbz w8, 91f + mov w7, w8 add w8, w8, #16 9: ext v1.16b, v1.16b, v1.16b, #1 adds w7, w7, #1 bne 9b - eor v0.16b, v0.16b, v1.16b +91: eor v0.16b, v0.16b, v1.16b st1 {v0.16b}, [x0] 10: str w8, [x3] ret -- cgit From 969e2f59d589c15f6aaf306e590dde16f12ea4b3 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Thu, 24 Jan 2019 17:33:46 +0100 Subject: crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine Commit 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback") introduced C fallback code to replace the NEON routines when invoked from a context where the NEON is not available (i.e., from the context of a softirq taken while the NEON is already being used in kernel process context) Fix two logical flaws in the MAC calculation of the associated data. Reported-by: Eric Biggers Fixes: 5092fcf34908 ("crypto: arm64/aes-ce-ccm: add non-SIMD generic fallback") Cc: stable@vger.kernel.org Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/aes-ce-ccm-glue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/arch/arm64/crypto/aes-ce-ccm-glue.c b/arch/arm64/crypto/aes-ce-ccm-glue.c index 68b11aa690e4..986191e8c058 100644 --- a/arch/arm64/crypto/aes-ce-ccm-glue.c +++ b/arch/arm64/crypto/aes-ce-ccm-glue.c @@ -125,7 +125,7 @@ static void ccm_update_mac(struct crypto_aes_ctx *key, u8 mac[], u8 const in[], abytes -= added; } - while (abytes > AES_BLOCK_SIZE) { + while (abytes >= AES_BLOCK_SIZE) { __aes_arm64_encrypt(key->key_enc, mac, mac, num_rounds(key)); crypto_xor(mac, in, AES_BLOCK_SIZE); @@ -139,8 +139,6 @@ static void ccm_update_mac(struct crypto_aes_ctx *key, u8 mac[], u8 const in[], num_rounds(key)); crypto_xor(mac, in, abytes); *macp = abytes; - } else { - *macp = 0; } } } -- cgit From f9352900e064a159942fbf92d3840d6c8eafea56 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Thu, 24 Jan 2019 17:33:47 +0100 Subject: crypto: arm64/aes-ccm - don't use an atomic walk needlessly When the AES-CCM code was first added, the NEON register were saved and restored eagerly, and so the code avoided doing so, and executed the scatterwalk in atomic context inside the kernel_neon_begin/end section. This has been changed in the meantime, so switch to non-atomic scatterwalks. Fixes: bd2ad885e30d ("crypto: arm64/aes-ce-ccm - move kernel mode neon ...") Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/aes-ce-ccm-glue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/arm64/crypto/aes-ce-ccm-glue.c b/arch/arm64/crypto/aes-ce-ccm-glue.c index 986191e8c058..5fc6f51908fd 100644 --- a/arch/arm64/crypto/aes-ce-ccm-glue.c +++ b/arch/arm64/crypto/aes-ce-ccm-glue.c @@ -253,7 +253,7 @@ static int ccm_encrypt(struct aead_request *req) /* preserve the original iv for the final round */ memcpy(buf, req->iv, AES_BLOCK_SIZE); - err = skcipher_walk_aead_encrypt(&walk, req, true); + err = skcipher_walk_aead_encrypt(&walk, req, false); if (may_use_simd()) { while (walk.nbytes) { @@ -311,7 +311,7 @@ static int ccm_decrypt(struct aead_request *req) /* preserve the original iv for the final round */ memcpy(buf, req->iv, AES_BLOCK_SIZE); - err = skcipher_walk_aead_decrypt(&walk, req, true); + err = skcipher_walk_aead_decrypt(&walk, req, false); if (may_use_simd()) { while (walk.nbytes) { -- cgit From 320ca3e58e8dd4587c946e2ee8066fc722c77bf7 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 25 Jan 2019 12:49:36 +0900 Subject: crypto: prefix header search paths with $(srctree)/ Currently, the Kbuild core manipulates header search paths in a crazy way [1]. To fix this mess, I want all Makefiles to add explicit $(srctree)/ to the search paths in the srctree. Some Makefiles are already written in that way, but not all. The goal of this work is to make the notation consistent, and finally get rid of the gross hacks. Having whitespaces after -I does not matter since commit 48f6e3cf5bc6 ("kbuild: do not drop -I without parameter"). [1]: https://patchwork.kernel.org/patch/9632347/ Signed-off-by: Masahiro Yamada Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/Makefile | 2 +- drivers/crypto/chelsio/chtls/Makefile | 3 ++- drivers/crypto/qat/qat_c3xxx/Makefile | 2 +- drivers/crypto/qat/qat_c3xxxvf/Makefile | 2 +- drivers/crypto/qat/qat_c62x/Makefile | 2 +- drivers/crypto/qat/qat_c62xvf/Makefile | 2 +- drivers/crypto/qat/qat_dh895xcc/Makefile | 2 +- drivers/crypto/qat/qat_dh895xccvf/Makefile | 2 +- 8 files changed, 9 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/chelsio/Makefile b/drivers/crypto/chelsio/Makefile index 639e5718dff4..b7bd980a27d8 100644 --- a/drivers/crypto/chelsio/Makefile +++ b/drivers/crypto/chelsio/Makefile @@ -1,4 +1,4 @@ -ccflags-y := -Idrivers/net/ethernet/chelsio/cxgb4 +ccflags-y := -I $(srctree)/drivers/net/ethernet/chelsio/cxgb4 obj-$(CONFIG_CRYPTO_DEV_CHELSIO) += chcr.o chcr-objs := chcr_core.o chcr_algo.o diff --git a/drivers/crypto/chelsio/chtls/Makefile b/drivers/crypto/chelsio/chtls/Makefile index df1379570a8e..b958f1b8ec39 100644 --- a/drivers/crypto/chelsio/chtls/Makefile +++ b/drivers/crypto/chelsio/chtls/Makefile @@ -1,4 +1,5 @@ -ccflags-y := -Idrivers/net/ethernet/chelsio/cxgb4 -Idrivers/crypto/chelsio/ +ccflags-y := -I $(srctree)/drivers/net/ethernet/chelsio/cxgb4 \ + -I $(srctree)/drivers/crypto/chelsio obj-$(CONFIG_CRYPTO_DEV_CHELSIO_TLS) += chtls.o chtls-objs := chtls_main.o chtls_cm.o chtls_io.o chtls_hw.o diff --git a/drivers/crypto/qat/qat_c3xxx/Makefile b/drivers/crypto/qat/qat_c3xxx/Makefile index 8f5fd4838a96..822b5de58ec6 100644 --- a/drivers/crypto/qat/qat_c3xxx/Makefile +++ b/drivers/crypto/qat/qat_c3xxx/Makefile @@ -1,3 +1,3 @@ -ccflags-y := -I$(src)/../qat_common +ccflags-y := -I $(srctree)/$(src)/../qat_common obj-$(CONFIG_CRYPTO_DEV_QAT_C3XXX) += qat_c3xxx.o qat_c3xxx-objs := adf_drv.o adf_c3xxx_hw_data.o diff --git a/drivers/crypto/qat/qat_c3xxxvf/Makefile b/drivers/crypto/qat/qat_c3xxxvf/Makefile index 16d178e2eaa2..8f56d27c7479 100644 --- a/drivers/crypto/qat/qat_c3xxxvf/Makefile +++ b/drivers/crypto/qat/qat_c3xxxvf/Makefile @@ -1,3 +1,3 @@ -ccflags-y := -I$(src)/../qat_common +ccflags-y := -I $(srctree)/$(src)/../qat_common obj-$(CONFIG_CRYPTO_DEV_QAT_C3XXXVF) += qat_c3xxxvf.o qat_c3xxxvf-objs := adf_drv.o adf_c3xxxvf_hw_data.o diff --git a/drivers/crypto/qat/qat_c62x/Makefile b/drivers/crypto/qat/qat_c62x/Makefile index bd75ace59b76..6dcd404578fc 100644 --- a/drivers/crypto/qat/qat_c62x/Makefile +++ b/drivers/crypto/qat/qat_c62x/Makefile @@ -1,3 +1,3 @@ -ccflags-y := -I$(src)/../qat_common +ccflags-y := -I $(srctree)/$(src)/../qat_common obj-$(CONFIG_CRYPTO_DEV_QAT_C62X) += qat_c62x.o qat_c62x-objs := adf_drv.o adf_c62x_hw_data.o diff --git a/drivers/crypto/qat/qat_c62xvf/Makefile b/drivers/crypto/qat/qat_c62xvf/Makefile index ecd708c213b2..1e5d51de778f 100644 --- a/drivers/crypto/qat/qat_c62xvf/Makefile +++ b/drivers/crypto/qat/qat_c62xvf/Makefile @@ -1,3 +1,3 @@ -ccflags-y := -I$(src)/../qat_common +ccflags-y := -I $(srctree)/$(src)/../qat_common obj-$(CONFIG_CRYPTO_DEV_QAT_C62XVF) += qat_c62xvf.o qat_c62xvf-objs := adf_drv.o adf_c62xvf_hw_data.o diff --git a/drivers/crypto/qat/qat_dh895xcc/Makefile b/drivers/crypto/qat/qat_dh895xcc/Makefile index 180a00ed7f89..0fc06b1e1632 100644 --- a/drivers/crypto/qat/qat_dh895xcc/Makefile +++ b/drivers/crypto/qat/qat_dh895xcc/Makefile @@ -1,3 +1,3 @@ -ccflags-y := -I$(src)/../qat_common +ccflags-y := -I $(srctree)/$(src)/../qat_common obj-$(CONFIG_CRYPTO_DEV_QAT_DH895xCC) += qat_dh895xcc.o qat_dh895xcc-objs := adf_drv.o adf_dh895xcc_hw_data.o diff --git a/drivers/crypto/qat/qat_dh895xccvf/Makefile b/drivers/crypto/qat/qat_dh895xccvf/Makefile index 5c3ccf8267eb..9ce906af6034 100644 --- a/drivers/crypto/qat/qat_dh895xccvf/Makefile +++ b/drivers/crypto/qat/qat_dh895xccvf/Makefile @@ -1,3 +1,3 @@ -ccflags-y := -I$(src)/../qat_common +ccflags-y := -I $(srctree)/$(src)/../qat_common obj-$(CONFIG_CRYPTO_DEV_QAT_DH895xCCVF) += qat_dh895xccvf.o qat_dh895xccvf-objs := adf_drv.o adf_dh895xccvf_hw_data.o -- cgit From 87fec0102dada9084b86a782287551b237efb914 Mon Sep 17 00:00:00 2001 From: Masahiro Yamada Date: Fri, 25 Jan 2019 15:07:48 +0900 Subject: crypto: bcm - remove -I. header search path and unused macro define The header search path -I. in kernel Makefiles is very suspicious; it allows the compiler to search for headers in the top of $(srctree), where obviously no header file exists. 'git grep BCMDRIVER' has no hit. So, this macro is not referenced. I was able to build this driver without the extra compiler options. Signed-off-by: Masahiro Yamada Signed-off-by: Herbert Xu --- drivers/crypto/bcm/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/bcm/Makefile b/drivers/crypto/bcm/Makefile index 13cb80eb2665..7469e19afe85 100644 --- a/drivers/crypto/bcm/Makefile +++ b/drivers/crypto/bcm/Makefile @@ -11,5 +11,3 @@ obj-$(CONFIG_CRYPTO_DEV_BCM_SPU) := bcm_crypto_spu.o bcm_crypto_spu-objs := util.o spu.o spu2.o cipher.o - -ccflags-y += -I. -DBCMDRIVER -- cgit From a8a344166343e8283fcbef56b931125098a1cbd4 Mon Sep 17 00:00:00 2001 From: Milan Broz Date: Fri, 25 Jan 2019 10:31:47 +0100 Subject: crypto: testmgr - mark crc32 checksum as FIPS allowed The CRC32 is not a cryptographic hash algorithm, so the FIPS restrictions should not apply to it. (The CRC32C variant is already allowed.) This CRC32 variant is used for in dm-crypt legacy TrueCrypt IV implementation (tcw); detected by cryptsetup test suite failure in FIPS mode. Signed-off-by: Milan Broz Reviewed-by: Stephan Mueller Signed-off-by: Herbert Xu --- crypto/testmgr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a73455b543ad..17f57f277e58 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2740,6 +2740,7 @@ static const struct alg_test_desc alg_test_descs[] = { }, { .alg = "crc32", .test = alg_test_hash, + .fips_allowed = 1, .suite = { .hash = __VECS(crc32_tv_template) } -- cgit From 5a22b198cd5274470d637d45f0e3bcdc0175a349 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 25 Jan 2019 10:36:27 +0100 Subject: crypto: arm64/ghash - register PMULL variants as separate algos The arm64 GHASH implementation either uses 8-bit or 64-bit polynomial multiplication instructions, since the latter are faster but not mandatory in the architecture. Since that prevents us from testing both implementations on the same system, let's expose both implementations to the crypto API, with the priorities reflecting that the P64 version is the preferred one if available. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/ghash-ce-glue.c | 118 +++++++++++++++++++++++++++++--------- 1 file changed, 90 insertions(+), 28 deletions(-) diff --git a/arch/arm64/crypto/ghash-ce-glue.c b/arch/arm64/crypto/ghash-ce-glue.c index 067d8937d5af..791ad422c427 100644 --- a/arch/arm64/crypto/ghash-ce-glue.c +++ b/arch/arm64/crypto/ghash-ce-glue.c @@ -60,10 +60,6 @@ asmlinkage void pmull_ghash_update_p8(int blocks, u64 dg[], const char *src, struct ghash_key const *k, const char *head); -static void (*pmull_ghash_update)(int blocks, u64 dg[], const char *src, - struct ghash_key const *k, - const char *head); - asmlinkage void pmull_gcm_encrypt(int blocks, u64 dg[], u8 dst[], const u8 src[], struct ghash_key const *k, u8 ctr[], u32 const rk[], int rounds, @@ -87,11 +83,15 @@ static int ghash_init(struct shash_desc *desc) } static void ghash_do_update(int blocks, u64 dg[], const char *src, - struct ghash_key *key, const char *head) + struct ghash_key *key, const char *head, + void (*simd_update)(int blocks, u64 dg[], + const char *src, + struct ghash_key const *k, + const char *head)) { if (likely(may_use_simd())) { kernel_neon_begin(); - pmull_ghash_update(blocks, dg, src, key, head); + simd_update(blocks, dg, src, key, head); kernel_neon_end(); } else { be128 dst = { cpu_to_be64(dg[1]), cpu_to_be64(dg[0]) }; @@ -119,8 +119,12 @@ static void ghash_do_update(int blocks, u64 dg[], const char *src, /* avoid hogging the CPU for too long */ #define MAX_BLOCKS (SZ_64K / GHASH_BLOCK_SIZE) -static int ghash_update(struct shash_desc *desc, const u8 *src, - unsigned int len) +static int __ghash_update(struct shash_desc *desc, const u8 *src, + unsigned int len, + void (*simd_update)(int blocks, u64 dg[], + const char *src, + struct ghash_key const *k, + const char *head)) { struct ghash_desc_ctx *ctx = shash_desc_ctx(desc); unsigned int partial = ctx->count % GHASH_BLOCK_SIZE; @@ -146,7 +150,8 @@ static int ghash_update(struct shash_desc *desc, const u8 *src, int chunk = min(blocks, MAX_BLOCKS); ghash_do_update(chunk, ctx->digest, src, key, - partial ? ctx->buf : NULL); + partial ? ctx->buf : NULL, + simd_update); blocks -= chunk; src += chunk * GHASH_BLOCK_SIZE; @@ -158,7 +163,19 @@ static int ghash_update(struct shash_desc *desc, const u8 *src, return 0; } -static int ghash_final(struct shash_desc *desc, u8 *dst) +static int ghash_update_p8(struct shash_desc *desc, const u8 *src, + unsigned int len) +{ + return __ghash_update(desc, src, len, pmull_ghash_update_p8); +} + +static int ghash_update_p64(struct shash_desc *desc, const u8 *src, + unsigned int len) +{ + return __ghash_update(desc, src, len, pmull_ghash_update_p64); +} + +static int ghash_final_p8(struct shash_desc *desc, u8 *dst) { struct ghash_desc_ctx *ctx = shash_desc_ctx(desc); unsigned int partial = ctx->count % GHASH_BLOCK_SIZE; @@ -168,7 +185,28 @@ static int ghash_final(struct shash_desc *desc, u8 *dst) memset(ctx->buf + partial, 0, GHASH_BLOCK_SIZE - partial); - ghash_do_update(1, ctx->digest, ctx->buf, key, NULL); + ghash_do_update(1, ctx->digest, ctx->buf, key, NULL, + pmull_ghash_update_p8); + } + put_unaligned_be64(ctx->digest[1], dst); + put_unaligned_be64(ctx->digest[0], dst + 8); + + *ctx = (struct ghash_desc_ctx){}; + return 0; +} + +static int ghash_final_p64(struct shash_desc *desc, u8 *dst) +{ + struct ghash_desc_ctx *ctx = shash_desc_ctx(desc); + unsigned int partial = ctx->count % GHASH_BLOCK_SIZE; + + if (partial) { + struct ghash_key *key = crypto_shash_ctx(desc->tfm); + + memset(ctx->buf + partial, 0, GHASH_BLOCK_SIZE - partial); + + ghash_do_update(1, ctx->digest, ctx->buf, key, NULL, + pmull_ghash_update_p64); } put_unaligned_be64(ctx->digest[1], dst); put_unaligned_be64(ctx->digest[0], dst + 8); @@ -224,7 +262,21 @@ static int ghash_setkey(struct crypto_shash *tfm, return __ghash_setkey(key, inkey, keylen); } -static struct shash_alg ghash_alg = { +static struct shash_alg ghash_alg[] = {{ + .base.cra_name = "ghash", + .base.cra_driver_name = "ghash-neon", + .base.cra_priority = 100, + .base.cra_blocksize = GHASH_BLOCK_SIZE, + .base.cra_ctxsize = sizeof(struct ghash_key), + .base.cra_module = THIS_MODULE, + + .digestsize = GHASH_DIGEST_SIZE, + .init = ghash_init, + .update = ghash_update_p8, + .final = ghash_final_p8, + .setkey = ghash_setkey, + .descsize = sizeof(struct ghash_desc_ctx), +}, { .base.cra_name = "ghash", .base.cra_driver_name = "ghash-ce", .base.cra_priority = 200, @@ -234,11 +286,11 @@ static struct shash_alg ghash_alg = { .digestsize = GHASH_DIGEST_SIZE, .init = ghash_init, - .update = ghash_update, - .final = ghash_final, + .update = ghash_update_p64, + .final = ghash_final_p64, .setkey = ghash_setkey, .descsize = sizeof(struct ghash_desc_ctx), -}; +}}; static int num_rounds(struct crypto_aes_ctx *ctx) { @@ -301,7 +353,8 @@ static void gcm_update_mac(u64 dg[], const u8 *src, int count, u8 buf[], int blocks = count / GHASH_BLOCK_SIZE; ghash_do_update(blocks, dg, src, &ctx->ghash_key, - *buf_count ? buf : NULL); + *buf_count ? buf : NULL, + pmull_ghash_update_p64); src += blocks * GHASH_BLOCK_SIZE; count %= GHASH_BLOCK_SIZE; @@ -345,7 +398,8 @@ static void gcm_calculate_auth_mac(struct aead_request *req, u64 dg[]) if (buf_count) { memset(&buf[buf_count], 0, GHASH_BLOCK_SIZE - buf_count); - ghash_do_update(1, dg, buf, &ctx->ghash_key, NULL); + ghash_do_update(1, dg, buf, &ctx->ghash_key, NULL, + pmull_ghash_update_p64); } } @@ -358,7 +412,8 @@ static void gcm_final(struct aead_request *req, struct gcm_aes_ctx *ctx, lengths.a = cpu_to_be64(req->assoclen * 8); lengths.b = cpu_to_be64(cryptlen * 8); - ghash_do_update(1, dg, (void *)&lengths, &ctx->ghash_key, NULL); + ghash_do_update(1, dg, (void *)&lengths, &ctx->ghash_key, NULL, + pmull_ghash_update_p64); put_unaligned_be64(dg[1], mac); put_unaligned_be64(dg[0], mac + 8); @@ -434,7 +489,7 @@ static int gcm_encrypt(struct aead_request *req) ghash_do_update(walk.nbytes / AES_BLOCK_SIZE, dg, walk.dst.virt.addr, &ctx->ghash_key, - NULL); + NULL, pmull_ghash_update_p64); err = skcipher_walk_done(&walk, walk.nbytes % (2 * AES_BLOCK_SIZE)); @@ -469,7 +524,8 @@ static int gcm_encrypt(struct aead_request *req) memcpy(buf, dst, nbytes); memset(buf + nbytes, 0, GHASH_BLOCK_SIZE - nbytes); - ghash_do_update(!!nbytes, dg, buf, &ctx->ghash_key, head); + ghash_do_update(!!nbytes, dg, buf, &ctx->ghash_key, head, + pmull_ghash_update_p64); err = skcipher_walk_done(&walk, 0); } @@ -558,7 +614,8 @@ static int gcm_decrypt(struct aead_request *req) u8 *src = walk.src.virt.addr; ghash_do_update(blocks, dg, walk.src.virt.addr, - &ctx->ghash_key, NULL); + &ctx->ghash_key, NULL, + pmull_ghash_update_p64); do { __aes_arm64_encrypt(ctx->aes_key.key_enc, @@ -602,7 +659,8 @@ static int gcm_decrypt(struct aead_request *req) memcpy(buf, src, nbytes); memset(buf + nbytes, 0, GHASH_BLOCK_SIZE - nbytes); - ghash_do_update(!!nbytes, dg, buf, &ctx->ghash_key, head); + ghash_do_update(!!nbytes, dg, buf, &ctx->ghash_key, head, + pmull_ghash_update_p64); crypto_xor_cpy(walk.dst.virt.addr, walk.src.virt.addr, iv, walk.nbytes); @@ -650,26 +708,30 @@ static int __init ghash_ce_mod_init(void) return -ENODEV; if (elf_hwcap & HWCAP_PMULL) - pmull_ghash_update = pmull_ghash_update_p64; - + ret = crypto_register_shashes(ghash_alg, + ARRAY_SIZE(ghash_alg)); else - pmull_ghash_update = pmull_ghash_update_p8; + /* only register the first array element */ + ret = crypto_register_shash(ghash_alg); - ret = crypto_register_shash(&ghash_alg); if (ret) return ret; if (elf_hwcap & HWCAP_PMULL) { ret = crypto_register_aead(&gcm_aes_alg); if (ret) - crypto_unregister_shash(&ghash_alg); + crypto_unregister_shashes(ghash_alg, + ARRAY_SIZE(ghash_alg)); } return ret; } static void __exit ghash_ce_mod_exit(void) { - crypto_unregister_shash(&ghash_alg); + if (elf_hwcap & HWCAP_PMULL) + crypto_unregister_shashes(ghash_alg, ARRAY_SIZE(ghash_alg)); + else + crypto_unregister_shash(ghash_alg); crypto_unregister_aead(&gcm_aes_alg); } -- cgit From c19650d6ea99bcd903d3e55dd61860026c701339 Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Sat, 26 Jan 2019 20:02:15 +0200 Subject: crypto: caam - fix DMA mapping of stack memory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Roland reports the following issue and provides a root cause analysis: "On a v4.19 i.MX6 system with IMA and CONFIG_DMA_API_DEBUG enabled, a warning is generated when accessing files on a filesystem for which IMA measurement is enabled: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at kernel/dma/debug.c:1181 check_for_stack.part.9+0xd0/0x120 caam_jr 2101000.jr0: DMA-API: device driver maps memory from stack [addr=b668049e] Modules linked in: CPU: 0 PID: 1 Comm: switch_root Not tainted 4.19.0-20181214-1 #2 Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree) Backtrace: [] (dump_backtrace) from [] (show_stack+0x20/0x24) [] (show_stack) from [] (dump_stack+0xa0/0xcc) [] (dump_stack) from [] (__warn+0xf0/0x108) [] (__warn) from [] (warn_slowpath_fmt+0x58/0x74) [] (warn_slowpath_fmt) from [] (check_for_stack.part.9+0xd0/0x120) [] (check_for_stack.part.9) from [] (debug_dma_map_page+0x144/0x174) [] (debug_dma_map_page) from [] (ahash_final_ctx+0x5b4/0xcf0) [] (ahash_final_ctx) from [] (ahash_final+0x1c/0x20) [] (ahash_final) from [] (crypto_ahash_op+0x38/0x80) [] (crypto_ahash_op) from [] (crypto_ahash_final+0x20/0x24) [] (crypto_ahash_final) from [] (ima_calc_file_hash+0x29c/0xa40) [] (ima_calc_file_hash) from [] (ima_collect_measurement+0x1dc/0x240) [] (ima_collect_measurement) from [] (process_measurement+0x4c4/0x6b8) [] (process_measurement) from [] (ima_file_check+0x88/0xa4) [] (ima_file_check) from [] (path_openat+0x5d8/0x1364) [] (path_openat) from [] (do_filp_open+0x84/0xf0) [] (do_filp_open) from [] (do_open_execat+0x84/0x1b0) [] (do_open_execat) from [] (__do_execve_file+0x43c/0x890) [] (__do_execve_file) from [] (sys_execve+0x44/0x4c) [] (sys_execve) from [] (ret_fast_syscall+0x0/0x28) ---[ end trace 3455789a10e3aefd ]--- The cause is that the struct ahash_request *req is created as a stack-local variable up in the stack (presumably somewhere in the IMA implementation), then passed down into the CAAM driver, which tries to dma_single_map the req->result (indirectly via map_seq_out_ptr_result) in order to make that buffer available for the CAAM to store the result of the following hash operation. The calling code doesn't know how req will be used by the CAAM driver, and there could be other such occurrences where stack memory is passed down to the CAAM driver. Therefore we should rather fix this issue in the CAAM driver where the requirements are known." Fix this problem by: -instructing the crypto engine to write the final hash in state->caam_ctx -subsequently memcpy-ing the final hash into req->result Cc: # v4.19+ Reported-by: Roland Hieber Signed-off-by: Horia Geantă Tested-by: Roland Hieber Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 85 +++++++++++------------------------------- 1 file changed, 21 insertions(+), 64 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 5855d03f52d1..3bba3cb92f03 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -184,18 +184,6 @@ static inline int map_seq_out_ptr_ctx(u32 *desc, struct device *jrdev, return 0; } -/* Map req->result, and append seq_out_ptr command that points to it */ -static inline dma_addr_t map_seq_out_ptr_result(u32 *desc, struct device *jrdev, - u8 *result, int digestsize) -{ - dma_addr_t dst_dma; - - dst_dma = dma_map_single(jrdev, result, digestsize, DMA_FROM_DEVICE); - append_seq_out_ptr(desc, dst_dma, digestsize, 0); - - return dst_dma; -} - /* Map current buffer in state (if length > 0) and put it in link table */ static inline int buf_map_to_sec4_sg(struct device *jrdev, struct sec4_sg_entry *sec4_sg, @@ -568,7 +556,6 @@ static int acmac_setkey(struct crypto_ahash *ahash, const u8 *key, /* * ahash_edesc - s/w-extended ahash descriptor - * @dst_dma: physical mapped address of req->result * @sec4_sg_dma: physical mapped address of h/w link table * @src_nents: number of segments in input scatterlist * @sec4_sg_bytes: length of dma mapped sec4_sg space @@ -576,7 +563,6 @@ static int acmac_setkey(struct crypto_ahash *ahash, const u8 *key, * @sec4_sg: h/w link table */ struct ahash_edesc { - dma_addr_t dst_dma; dma_addr_t sec4_sg_dma; int src_nents; int sec4_sg_bytes; @@ -592,8 +578,6 @@ static inline void ahash_unmap(struct device *dev, if (edesc->src_nents) dma_unmap_sg(dev, req->src, edesc->src_nents, DMA_TO_DEVICE); - if (edesc->dst_dma) - dma_unmap_single(dev, edesc->dst_dma, dst_len, DMA_FROM_DEVICE); if (edesc->sec4_sg_bytes) dma_unmap_single(dev, edesc->sec4_sg_dma, @@ -628,9 +612,9 @@ static void ahash_done(struct device *jrdev, u32 *desc, u32 err, struct ahash_edesc *edesc; struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); int digestsize = crypto_ahash_digestsize(ahash); + struct caam_hash_state *state = ahash_request_ctx(req); #ifdef DEBUG struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); - struct caam_hash_state *state = ahash_request_ctx(req); dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); #endif @@ -639,17 +623,14 @@ static void ahash_done(struct device *jrdev, u32 *desc, u32 err, if (err) caam_jr_strstatus(jrdev, err); - ahash_unmap(jrdev, edesc, req, digestsize); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_FROM_DEVICE); + memcpy(req->result, state->caam_ctx, digestsize); kfree(edesc); #ifdef DEBUG print_hex_dump(KERN_ERR, "ctx@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, state->caam_ctx, ctx->ctx_len, 1); - if (req->result) - print_hex_dump(KERN_ERR, "result@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 4, req->result, - digestsize, 1); #endif req->base.complete(&req->base, err); @@ -697,9 +678,9 @@ static void ahash_done_ctx_src(struct device *jrdev, u32 *desc, u32 err, struct ahash_edesc *edesc; struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); int digestsize = crypto_ahash_digestsize(ahash); + struct caam_hash_state *state = ahash_request_ctx(req); #ifdef DEBUG struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); - struct caam_hash_state *state = ahash_request_ctx(req); dev_err(jrdev, "%s %d: err 0x%x\n", __func__, __LINE__, err); #endif @@ -708,17 +689,14 @@ static void ahash_done_ctx_src(struct device *jrdev, u32 *desc, u32 err, if (err) caam_jr_strstatus(jrdev, err); - ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_TO_DEVICE); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_BIDIRECTIONAL); + memcpy(req->result, state->caam_ctx, digestsize); kfree(edesc); #ifdef DEBUG print_hex_dump(KERN_ERR, "ctx@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, state->caam_ctx, ctx->ctx_len, 1); - if (req->result) - print_hex_dump(KERN_ERR, "result@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 4, req->result, - digestsize, 1); #endif req->base.complete(&req->base, err); @@ -991,7 +969,7 @@ static int ahash_final_ctx(struct ahash_request *req) edesc->sec4_sg_bytes = sec4_sg_bytes; ret = ctx_map_to_sec4_sg(jrdev, state, ctx->ctx_len, - edesc->sec4_sg, DMA_TO_DEVICE); + edesc->sec4_sg, DMA_BIDIRECTIONAL); if (ret) goto unmap_ctx; @@ -1011,14 +989,7 @@ static int ahash_final_ctx(struct ahash_request *req) append_seq_in_ptr(desc, edesc->sec4_sg_dma, ctx->ctx_len + buflen, LDST_SGF); - - edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, - digestsize); - if (dma_mapping_error(jrdev, edesc->dst_dma)) { - dev_err(jrdev, "unable to map dst\n"); - ret = -ENOMEM; - goto unmap_ctx; - } + append_seq_out_ptr(desc, state->ctx_dma, digestsize, 0); #ifdef DEBUG print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ", @@ -1031,7 +1002,7 @@ static int ahash_final_ctx(struct ahash_request *req) return -EINPROGRESS; unmap_ctx: - ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_FROM_DEVICE); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_BIDIRECTIONAL); kfree(edesc); return ret; } @@ -1085,7 +1056,7 @@ static int ahash_finup_ctx(struct ahash_request *req) edesc->src_nents = src_nents; ret = ctx_map_to_sec4_sg(jrdev, state, ctx->ctx_len, - edesc->sec4_sg, DMA_TO_DEVICE); + edesc->sec4_sg, DMA_BIDIRECTIONAL); if (ret) goto unmap_ctx; @@ -1099,13 +1070,7 @@ static int ahash_finup_ctx(struct ahash_request *req) if (ret) goto unmap_ctx; - edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, - digestsize); - if (dma_mapping_error(jrdev, edesc->dst_dma)) { - dev_err(jrdev, "unable to map dst\n"); - ret = -ENOMEM; - goto unmap_ctx; - } + append_seq_out_ptr(desc, state->ctx_dma, digestsize, 0); #ifdef DEBUG print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ", @@ -1118,7 +1083,7 @@ static int ahash_finup_ctx(struct ahash_request *req) return -EINPROGRESS; unmap_ctx: - ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_FROM_DEVICE); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_BIDIRECTIONAL); kfree(edesc); return ret; } @@ -1177,10 +1142,8 @@ static int ahash_digest(struct ahash_request *req) desc = edesc->hw_desc; - edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, - digestsize); - if (dma_mapping_error(jrdev, edesc->dst_dma)) { - dev_err(jrdev, "unable to map dst\n"); + ret = map_seq_out_ptr_ctx(desc, jrdev, state, digestsize); + if (ret) { ahash_unmap(jrdev, edesc, req, digestsize); kfree(edesc); return -ENOMEM; @@ -1195,7 +1158,7 @@ static int ahash_digest(struct ahash_request *req) if (!ret) { ret = -EINPROGRESS; } else { - ahash_unmap(jrdev, edesc, req, digestsize); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_FROM_DEVICE); kfree(edesc); } @@ -1237,12 +1200,9 @@ static int ahash_final_no_ctx(struct ahash_request *req) append_seq_in_ptr(desc, state->buf_dma, buflen, 0); } - edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, - digestsize); - if (dma_mapping_error(jrdev, edesc->dst_dma)) { - dev_err(jrdev, "unable to map dst\n"); + ret = map_seq_out_ptr_ctx(desc, jrdev, state, digestsize); + if (ret) goto unmap; - } #ifdef DEBUG print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ", @@ -1253,7 +1213,7 @@ static int ahash_final_no_ctx(struct ahash_request *req) if (!ret) { ret = -EINPROGRESS; } else { - ahash_unmap(jrdev, edesc, req, digestsize); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_FROM_DEVICE); kfree(edesc); } @@ -1464,12 +1424,9 @@ static int ahash_finup_no_ctx(struct ahash_request *req) goto unmap; } - edesc->dst_dma = map_seq_out_ptr_result(desc, jrdev, req->result, - digestsize); - if (dma_mapping_error(jrdev, edesc->dst_dma)) { - dev_err(jrdev, "unable to map dst\n"); + ret = map_seq_out_ptr_ctx(desc, jrdev, state, digestsize); + if (ret) goto unmap; - } #ifdef DEBUG print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ", @@ -1480,7 +1437,7 @@ static int ahash_finup_no_ctx(struct ahash_request *req) if (!ret) { ret = -EINPROGRESS; } else { - ahash_unmap(jrdev, edesc, req, digestsize); + ahash_unmap_ctx(jrdev, edesc, req, digestsize, DMA_FROM_DEVICE); kfree(edesc); } -- cgit From 62fecf295e3c48be1b5f17c440b93875b9adb4d6 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sun, 27 Jan 2019 10:16:52 +0100 Subject: crypto: arm/crct10dif - revert to C code for short inputs The SIMD routine ported from x86 used to have a special code path for inputs < 16 bytes, which got lost somewhere along the way. Instead, the current glue code aligns the input pointer to permit the NEON routine to use special versions of the vld1 instructions that assume 16 byte alignment, but this could result in inputs of less than 16 bytes to be passed in. This not only fails the new extended tests that Eric has implemented, it also results in the code reading past the end of the input, which could potentially result in crashes when dealing with less than 16 bytes of input at the end of a page which is followed by an unmapped page. So update the glue code to only invoke the NEON routine if the input is at least 16 bytes. Reported-by: Eric Biggers Reviewed-by: Eric Biggers Fixes: 1d481f1cd892 ("crypto: arm/crct10dif - port x86 SSE implementation to ARM") Cc: # v4.10+ Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm/crypto/crct10dif-ce-core.S | 14 +++++++------- arch/arm/crypto/crct10dif-ce-glue.c | 23 ++++++----------------- 2 files changed, 13 insertions(+), 24 deletions(-) diff --git a/arch/arm/crypto/crct10dif-ce-core.S b/arch/arm/crypto/crct10dif-ce-core.S index ce45ba0c0687..16019b5961e7 100644 --- a/arch/arm/crypto/crct10dif-ce-core.S +++ b/arch/arm/crypto/crct10dif-ce-core.S @@ -124,10 +124,10 @@ ENTRY(crc_t10dif_pmull) vext.8 q10, qzr, q0, #4 // receive the initial 64B data, xor the initial crc value - vld1.64 {q0-q1}, [arg2, :128]! - vld1.64 {q2-q3}, [arg2, :128]! - vld1.64 {q4-q5}, [arg2, :128]! - vld1.64 {q6-q7}, [arg2, :128]! + vld1.64 {q0-q1}, [arg2]! + vld1.64 {q2-q3}, [arg2]! + vld1.64 {q4-q5}, [arg2]! + vld1.64 {q6-q7}, [arg2]! CPU_LE( vrev64.8 q0, q0 ) CPU_LE( vrev64.8 q1, q1 ) CPU_LE( vrev64.8 q2, q2 ) @@ -167,7 +167,7 @@ CPU_LE( vrev64.8 q7, q7 ) _fold_64_B_loop: .macro fold64, reg1, reg2 - vld1.64 {q11-q12}, [arg2, :128]! + vld1.64 {q11-q12}, [arg2]! vmull.p64 q8, \reg1\()h, d21 vmull.p64 \reg1, \reg1\()l, d20 @@ -238,7 +238,7 @@ _16B_reduction_loop: vmull.p64 q7, d15, d21 veor.8 q7, q7, q8 - vld1.64 {q0}, [arg2, :128]! + vld1.64 {q0}, [arg2]! CPU_LE( vrev64.8 q0, q0 ) vswp d0, d1 veor.8 q7, q7, q0 @@ -335,7 +335,7 @@ _less_than_128: vmov.i8 q0, #0 vmov s3, arg1_low32 // get the initial crc value - vld1.64 {q7}, [arg2, :128]! + vld1.64 {q7}, [arg2]! CPU_LE( vrev64.8 q7, q7 ) vswp d14, d15 veor.8 q7, q7, q0 diff --git a/arch/arm/crypto/crct10dif-ce-glue.c b/arch/arm/crypto/crct10dif-ce-glue.c index d428355cf38d..14c19c70a841 100644 --- a/arch/arm/crypto/crct10dif-ce-glue.c +++ b/arch/arm/crypto/crct10dif-ce-glue.c @@ -35,26 +35,15 @@ static int crct10dif_update(struct shash_desc *desc, const u8 *data, unsigned int length) { u16 *crc = shash_desc_ctx(desc); - unsigned int l; - if (!may_use_simd()) { - *crc = crc_t10dif_generic(*crc, data, length); + if (length >= CRC_T10DIF_PMULL_CHUNK_SIZE && may_use_simd()) { + kernel_neon_begin(); + *crc = crc_t10dif_pmull(*crc, data, length); + kernel_neon_end(); } else { - if (unlikely((u32)data % CRC_T10DIF_PMULL_CHUNK_SIZE)) { - l = min_t(u32, length, CRC_T10DIF_PMULL_CHUNK_SIZE - - ((u32)data % CRC_T10DIF_PMULL_CHUNK_SIZE)); - - *crc = crc_t10dif_generic(*crc, data, l); - - length -= l; - data += l; - } - if (length > 0) { - kernel_neon_begin(); - *crc = crc_t10dif_pmull(*crc, data, length); - kernel_neon_end(); - } + *crc = crc_t10dif_generic(*crc, data, length); } + return 0; } -- cgit From d72b9d4acd548251f55b16843fc7a05dc5c80de8 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sun, 27 Jan 2019 10:16:53 +0100 Subject: crypto: arm64/crct10dif - revert to C code for short inputs The SIMD routine ported from x86 used to have a special code path for inputs < 16 bytes, which got lost somewhere along the way. Instead, the current glue code aligns the input pointer to 16 bytes, which is not really necessary on this architecture (although it could be beneficial to performance to expose aligned data to the the NEON routine), but this could result in inputs of less than 16 bytes to be passed in. This not only fails the new extended tests that Eric has implemented, it also results in the code reading past the end of the input, which could potentially result in crashes when dealing with less than 16 bytes of input at the end of a page which is followed by an unmapped page. So update the glue code to only invoke the NEON routine if the input is at least 16 bytes. Reported-by: Eric Biggers Reviewed-by: Eric Biggers Fixes: 6ef5737f3931 ("crypto: arm64/crct10dif - port x86 SSE implementation to arm64") Cc: # v4.10+ Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/crct10dif-ce-glue.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/arch/arm64/crypto/crct10dif-ce-glue.c b/arch/arm64/crypto/crct10dif-ce-glue.c index b461d62023f2..567c24f3d224 100644 --- a/arch/arm64/crypto/crct10dif-ce-glue.c +++ b/arch/arm64/crypto/crct10dif-ce-glue.c @@ -39,26 +39,13 @@ static int crct10dif_update(struct shash_desc *desc, const u8 *data, unsigned int length) { u16 *crc = shash_desc_ctx(desc); - unsigned int l; - if (unlikely((u64)data % CRC_T10DIF_PMULL_CHUNK_SIZE)) { - l = min_t(u32, length, CRC_T10DIF_PMULL_CHUNK_SIZE - - ((u64)data % CRC_T10DIF_PMULL_CHUNK_SIZE)); - - *crc = crc_t10dif_generic(*crc, data, l); - - length -= l; - data += l; - } - - if (length > 0) { - if (may_use_simd()) { - kernel_neon_begin(); - *crc = crc_t10dif_pmull(*crc, data, length); - kernel_neon_end(); - } else { - *crc = crc_t10dif_generic(*crc, data, length); - } + if (length >= CRC_T10DIF_PMULL_CHUNK_SIZE && may_use_simd()) { + kernel_neon_begin(); + *crc = crc_t10dif_pmull(*crc, data, length); + kernel_neon_end(); + } else { + *crc = crc_t10dif_generic(*crc, data, length); } return 0; -- cgit From c03f3cb40ba93a9f49fc44a71ddaa46f93f90a15 Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sun, 27 Jan 2019 10:16:54 +0100 Subject: crypto: arm/crct10dif - remove dead code Remove some code that is no longer called now that we make sure never to invoke the SIMD routine with less that 16 bytes of input. Reviewed-by: Eric Biggers Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm/crypto/crct10dif-ce-core.S | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/arch/arm/crypto/crct10dif-ce-core.S b/arch/arm/crypto/crct10dif-ce-core.S index 16019b5961e7..d058fad423c2 100644 --- a/arch/arm/crypto/crct10dif-ce-core.S +++ b/arch/arm/crypto/crct10dif-ce-core.S @@ -342,7 +342,6 @@ CPU_LE( vrev64.8 q7, q7 ) cmp arg3, #16 beq _128_done // exactly 16 left - blt _less_than_16_left // now if there is, load the constants vldr d20, rk1 @@ -353,18 +352,6 @@ CPU_LE( vrev64.8 q7, q7 ) addlt arg3, arg3, #16 blt _get_last_two_regs b _16B_reduction_loop - -_less_than_16_left: - // shl r9, 4 - adr ip, tbl_shf_table + 16 - sub ip, ip, arg3 - vld1.8 {q0}, [ip] - vmov.i8 q9, #0x80 - veor.8 q0, q0, q9 - vtbl.8 d18, {d14-d15}, d0 - vtbl.8 d15, {d14-d15}, d1 - vmov d14, d18 - b _128_done ENDPROC(crc_t10dif_pmull) // precomputed constants -- cgit From 1b2ca568ca23a6cfa6aa28e8675b54940807231d Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Sun, 27 Jan 2019 10:16:55 +0100 Subject: crypto: arm64/crct10dif - remove dead code Remove some code that is no longer called now that we make sure never to invoke the SIMD routine with less than 16 bytes of input. Reviewed-by: Eric Biggers Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/crct10dif-ce-core.S | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/arch/arm64/crypto/crct10dif-ce-core.S b/arch/arm64/crypto/crct10dif-ce-core.S index 9e82e8e8ed05..f7326259c40d 100644 --- a/arch/arm64/crypto/crct10dif-ce-core.S +++ b/arch/arm64/crypto/crct10dif-ce-core.S @@ -497,7 +497,6 @@ CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) cmp arg3, #16 b.eq .L_128_done_\@ // exactly 16 left - b.lt .L_less_than_16_left_\@ ldr_l q10, rk1, x8 // rk1 and rk2 in xmm10 __pmull_pre_\p v10 @@ -509,16 +508,6 @@ CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) add arg3, arg3, #16 b .L_get_last_two_regs_\@ - -.L_less_than_16_left_\@: - // shl r9, 4 - adr_l x0, tbl_shf_table + 16 - sub x0, x0, arg3 - ld1 {v0.16b}, [x0] - movi v9.16b, #0x80 - eor v0.16b, v0.16b, v9.16b - tbl v7.16b, {v7.16b}, v0.16b - b .L_128_done_\@ .endm ENTRY(crc_t10dif_pmull_p8) -- cgit From 8336bdf12a9ea5bb77bb32d215a34485fb66245c Mon Sep 17 00:00:00 2001 From: Ard Biesheuvel Date: Fri, 25 Jan 2019 10:36:26 +0100 Subject: crypto: arm64/crct10dif - register PMULL variants as separate algos The arm64 CRC-T10DIF implementation either uses 8-bit or 64-bit polynomial multiplication instructions, since the latter are faster but not mandatory in the architecture. Since that prevents us from testing both implementations on the same system, let's expose both implementations to the crypto API, with the priorities reflecting that the P64 version is the preferred one if available. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu --- arch/arm64/crypto/crct10dif-ce-glue.c | 54 +++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 12 deletions(-) diff --git a/arch/arm64/crypto/crct10dif-ce-glue.c b/arch/arm64/crypto/crct10dif-ce-glue.c index 567c24f3d224..242757cc6da9 100644 --- a/arch/arm64/crypto/crct10dif-ce-glue.c +++ b/arch/arm64/crypto/crct10dif-ce-glue.c @@ -25,8 +25,6 @@ asmlinkage u16 crc_t10dif_pmull_p64(u16 init_crc, const u8 buf[], u64 len); asmlinkage u16 crc_t10dif_pmull_p8(u16 init_crc, const u8 buf[], u64 len); -static u16 (*crc_t10dif_pmull)(u16 init_crc, const u8 buf[], u64 len); - static int crct10dif_init(struct shash_desc *desc) { u16 *crc = shash_desc_ctx(desc); @@ -35,14 +33,30 @@ static int crct10dif_init(struct shash_desc *desc) return 0; } -static int crct10dif_update(struct shash_desc *desc, const u8 *data, +static int crct10dif_update_pmull_p8(struct shash_desc *desc, const u8 *data, + unsigned int length) +{ + u16 *crc = shash_desc_ctx(desc); + + if (length >= CRC_T10DIF_PMULL_CHUNK_SIZE && may_use_simd()) { + kernel_neon_begin(); + *crc = crc_t10dif_pmull_p8(*crc, data, length); + kernel_neon_end(); + } else { + *crc = crc_t10dif_generic(*crc, data, length); + } + + return 0; +} + +static int crct10dif_update_pmull_p64(struct shash_desc *desc, const u8 *data, unsigned int length) { u16 *crc = shash_desc_ctx(desc); if (length >= CRC_T10DIF_PMULL_CHUNK_SIZE && may_use_simd()) { kernel_neon_begin(); - *crc = crc_t10dif_pmull(*crc, data, length); + *crc = crc_t10dif_pmull_p64(*crc, data, length); kernel_neon_end(); } else { *crc = crc_t10dif_generic(*crc, data, length); @@ -59,10 +73,22 @@ static int crct10dif_final(struct shash_desc *desc, u8 *out) return 0; } -static struct shash_alg crc_t10dif_alg = { +static struct shash_alg crc_t10dif_alg[] = {{ .digestsize = CRC_T10DIF_DIGEST_SIZE, .init = crct10dif_init, - .update = crct10dif_update, + .update = crct10dif_update_pmull_p8, + .final = crct10dif_final, + .descsize = CRC_T10DIF_DIGEST_SIZE, + + .base.cra_name = "crct10dif", + .base.cra_driver_name = "crct10dif-arm64-neon", + .base.cra_priority = 100, + .base.cra_blocksize = CRC_T10DIF_BLOCK_SIZE, + .base.cra_module = THIS_MODULE, +}, { + .digestsize = CRC_T10DIF_DIGEST_SIZE, + .init = crct10dif_init, + .update = crct10dif_update_pmull_p64, .final = crct10dif_final, .descsize = CRC_T10DIF_DIGEST_SIZE, @@ -71,21 +97,25 @@ static struct shash_alg crc_t10dif_alg = { .base.cra_priority = 200, .base.cra_blocksize = CRC_T10DIF_BLOCK_SIZE, .base.cra_module = THIS_MODULE, -}; +}}; static int __init crc_t10dif_mod_init(void) { if (elf_hwcap & HWCAP_PMULL) - crc_t10dif_pmull = crc_t10dif_pmull_p64; + return crypto_register_shashes(crc_t10dif_alg, + ARRAY_SIZE(crc_t10dif_alg)); else - crc_t10dif_pmull = crc_t10dif_pmull_p8; - - return crypto_register_shash(&crc_t10dif_alg); + /* only register the first array element */ + return crypto_register_shash(crc_t10dif_alg); } static void __exit crc_t10dif_mod_exit(void) { - crypto_unregister_shash(&crc_t10dif_alg); + if (elf_hwcap & HWCAP_PMULL) + crypto_unregister_shashes(crc_t10dif_alg, + ARRAY_SIZE(crc_t10dif_alg)); + else + crypto_unregister_shash(crc_t10dif_alg); } module_cpu_feature_match(ASIMD, crc_t10dif_mod_init); -- cgit From e3d90e52ea5fe58d39297df1c825db6e131fb04f Mon Sep 17 00:00:00 2001 From: Christopher Diaz Riveros Date: Mon, 28 Jan 2019 19:01:18 -0500 Subject: crypto: testmgr - use kmemdup Fixes coccinnelle alerts: /crypto/testmgr.c:2112:13-20: WARNING opportunity for kmemdup /crypto/testmgr.c:2130:13-20: WARNING opportunity for kmemdup /crypto/testmgr.c:2152:9-16: WARNING opportunity for kmemdup Signed-off-by: Christopher Diaz Riveros Signed-off-by: Herbert Xu --- crypto/testmgr.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 17f57f277e58..01a517e3f06b 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -2115,12 +2115,11 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, if (vec->genkey) { /* Save party A's public key */ - a_public = kzalloc(out_len_max, GFP_KERNEL); + a_public = kmemdup(sg_virt(req->dst), out_len_max, GFP_KERNEL); if (!a_public) { err = -ENOMEM; goto free_output; } - memcpy(a_public, sg_virt(req->dst), out_len_max); } else { /* Verify calculated public key */ if (memcmp(vec->expected_a_public, sg_virt(req->dst), @@ -2133,13 +2132,12 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, } /* Calculate shared secret key by using counter part (b) public key. */ - input_buf = kzalloc(vec->b_public_size, GFP_KERNEL); + input_buf = kmemdup(vec->b_public, vec->b_public_size, GFP_KERNEL); if (!input_buf) { err = -ENOMEM; goto free_output; } - memcpy(input_buf, vec->b_public, vec->b_public_size); sg_init_one(&src, input_buf, vec->b_public_size); sg_init_one(&dst, output_buf, out_len_max); kpp_request_set_input(req, &src, vec->b_public_size); @@ -2155,12 +2153,11 @@ static int do_test_kpp(struct crypto_kpp *tfm, const struct kpp_testvec *vec, if (vec->genkey) { /* Save the shared secret obtained by party A */ - a_ss = kzalloc(vec->expected_ss_size, GFP_KERNEL); + a_ss = kmemdup(sg_virt(req->dst), vec->expected_ss_size, GFP_KERNEL); if (!a_ss) { err = -ENOMEM; goto free_all; } - memcpy(a_ss, sg_virt(req->dst), vec->expected_ss_size); /* * Calculate party B's shared secret by using party A's -- cgit From f8903b3ead5191d450f21c7388ddc245f76cec0f Mon Sep 17 00:00:00 2001 From: "Singh, Brijesh" Date: Wed, 30 Jan 2019 20:57:52 +0000 Subject: crypto: ccp - fix the SEV probe in kexec boot path A kexec reboot may leave the firmware in INIT or WORKING state. Currently, we issue PLATFORM_INIT command during the probe without checking the current state. The PLATFORM_INIT command fails if the FW is already in INIT state. Lets check the current state, if FW is not in UNINIT state then transition it to UNINIT before initializing or upgrading the FW. Signed-off-by: Brijesh Singh Cc: Tom Lendacky Cc: Gary Hook Reviewed-by: Tom Lendacky Signed-off-by: Herbert Xu --- drivers/crypto/ccp/psp-dev.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 66566547feff..638f138debd7 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -437,6 +437,7 @@ static int sev_get_api_version(void) psp_master->api_major = status->api_major; psp_master->api_minor = status->api_minor; psp_master->build = status->build; + psp_master->sev_state = status->state; return 0; } @@ -964,6 +965,21 @@ void psp_pci_init(void) if (sev_get_api_version()) goto err; + /* + * If platform is not in UNINIT state then firmware upgrade and/or + * platform INIT command will fail. These command require UNINIT state. + * + * In a normal boot we should never run into case where the firmware + * is not in UNINIT state on boot. But in case of kexec boot, a reboot + * may not go through a typical shutdown sequence and may leave the + * firmware in INIT or WORKING state. + */ + + if (psp_master->sev_state != SEV_STATE_UNINIT) { + sev_platform_shutdown(NULL); + psp_master->sev_state = SEV_STATE_UNINIT; + } + if (SEV_VERSION_GREATER_OR_EQUAL(0, 15) && sev_update_firmware(psp_master->dev) == 0) sev_get_api_version(); -- cgit From 0974037fc55cdf27a0297d3487f4fafa57b4a4a9 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 30 Jan 2019 20:42:40 -0800 Subject: crypto: x86/crct10dif-pcl - cleanup and optimizations The x86, arm, and arm64 asm implementations of crct10dif are very difficult to understand partly because many of the comments, labels, and macros are named incorrectly: the lengths mentioned are usually off by a factor of two from the actual code. Many other things are unnecessarily convoluted as well, e.g. there are many more fold constants than actually needed and some aren't fully reduced. This series therefore cleans up all these implementations to be much more maintainable. I also made some small optimizations where I saw opportunities, resulting in slightly better performance. This patch cleans up the x86 version. As part of this, I removed support for len < 16 from the x86 assembly; now the glue code falls back to the generic table-based implementation in this case. Due to the overhead of kernel_fpu_begin(), this actually significantly improves performance on these lengths. (And even if kernel_fpu_begin() were free, the generic code is still faster for about len < 11.) This removal also eliminates error-prone special cases and makes the x86, arm32, and arm64 ports of the code match more closely. Acked-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/x86/crypto/crct10dif-pcl-asm_64.S | 782 ++++++++++---------------------- arch/x86/crypto/crct10dif-pclmul_glue.c | 12 +- 2 files changed, 235 insertions(+), 559 deletions(-) diff --git a/arch/x86/crypto/crct10dif-pcl-asm_64.S b/arch/x86/crypto/crct10dif-pcl-asm_64.S index de04d3e98d8d..3d873e67749d 100644 --- a/arch/x86/crypto/crct10dif-pcl-asm_64.S +++ b/arch/x86/crypto/crct10dif-pcl-asm_64.S @@ -43,609 +43,291 @@ # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -######################################################################## -# Function API: -# UINT16 crc_t10dif_pcl( -# UINT16 init_crc, //initial CRC value, 16 bits -# const unsigned char *buf, //buffer pointer to calculate CRC on -# UINT64 len //buffer length in bytes (64-bit data) -# ); # # Reference paper titled "Fast CRC Computation for Generic # Polynomials Using PCLMULQDQ Instruction" # URL: http://www.intel.com/content/dam/www/public/us/en/documents # /white-papers/fast-crc-computation-generic-polynomials-pclmulqdq-paper.pdf # -# #include .text -#define arg1 %rdi -#define arg2 %rsi -#define arg3 %rdx - -#define arg1_low32 %edi +#define init_crc %edi +#define buf %rsi +#define len %rdx + +#define FOLD_CONSTS %xmm10 +#define BSWAP_MASK %xmm11 + +# Fold reg1, reg2 into the next 32 data bytes, storing the result back into +# reg1, reg2. +.macro fold_32_bytes offset, reg1, reg2 + movdqu \offset(buf), %xmm9 + movdqu \offset+16(buf), %xmm12 + pshufb BSWAP_MASK, %xmm9 + pshufb BSWAP_MASK, %xmm12 + movdqa \reg1, %xmm8 + movdqa \reg2, %xmm13 + pclmulqdq $0x00, FOLD_CONSTS, \reg1 + pclmulqdq $0x11, FOLD_CONSTS, %xmm8 + pclmulqdq $0x00, FOLD_CONSTS, \reg2 + pclmulqdq $0x11, FOLD_CONSTS, %xmm13 + pxor %xmm9 , \reg1 + xorps %xmm8 , \reg1 + pxor %xmm12, \reg2 + xorps %xmm13, \reg2 +.endm + +# Fold src_reg into dst_reg. +.macro fold_16_bytes src_reg, dst_reg + movdqa \src_reg, %xmm8 + pclmulqdq $0x11, FOLD_CONSTS, \src_reg + pclmulqdq $0x00, FOLD_CONSTS, %xmm8 + pxor %xmm8, \dst_reg + xorps \src_reg, \dst_reg +.endm -ENTRY(crc_t10dif_pcl) +# +# u16 crc_t10dif_pcl(u16 init_crc, const *u8 buf, size_t len); +# +# Assumes len >= 16. +# .align 16 +ENTRY(crc_t10dif_pcl) - # adjust the 16-bit initial_crc value, scale it to 32 bits - shl $16, arg1_low32 - - # Allocate Stack Space - mov %rsp, %rcx - sub $16*2, %rsp - # align stack to 16 byte boundary - and $~(0x10 - 1), %rsp - - # check if smaller than 256 - cmp $256, arg3 - - # for sizes less than 128, we can't fold 64B at a time... - jl _less_than_128 - - - # load the initial crc value - movd arg1_low32, %xmm10 # initial crc - - # crc value does not need to be byte-reflected, but it needs - # to be moved to the high part of the register. - # because data will be byte-reflected and will align with - # initial crc at correct place. - pslldq $12, %xmm10 - - movdqa SHUF_MASK(%rip), %xmm11 - # receive the initial 64B data, xor the initial crc value - movdqu 16*0(arg2), %xmm0 - movdqu 16*1(arg2), %xmm1 - movdqu 16*2(arg2), %xmm2 - movdqu 16*3(arg2), %xmm3 - movdqu 16*4(arg2), %xmm4 - movdqu 16*5(arg2), %xmm5 - movdqu 16*6(arg2), %xmm6 - movdqu 16*7(arg2), %xmm7 - - pshufb %xmm11, %xmm0 - # XOR the initial_crc value - pxor %xmm10, %xmm0 - pshufb %xmm11, %xmm1 - pshufb %xmm11, %xmm2 - pshufb %xmm11, %xmm3 - pshufb %xmm11, %xmm4 - pshufb %xmm11, %xmm5 - pshufb %xmm11, %xmm6 - pshufb %xmm11, %xmm7 - - movdqa rk3(%rip), %xmm10 #xmm10 has rk3 and rk4 - #imm value of pclmulqdq instruction - #will determine which constant to use - - ################################################################# - # we subtract 256 instead of 128 to save one instruction from the loop - sub $256, arg3 - - # at this section of the code, there is 64*x+y (0<=y<64) bytes of - # buffer. The _fold_64_B_loop will fold 64B at a time - # until we have 64+y Bytes of buffer - - - # fold 64B at a time. This section of the code folds 4 xmm - # registers in parallel -_fold_64_B_loop: - - # update the buffer pointer - add $128, arg2 # buf += 64# - - movdqu 16*0(arg2), %xmm9 - movdqu 16*1(arg2), %xmm12 - pshufb %xmm11, %xmm9 - pshufb %xmm11, %xmm12 - movdqa %xmm0, %xmm8 - movdqa %xmm1, %xmm13 - pclmulqdq $0x0 , %xmm10, %xmm0 - pclmulqdq $0x11, %xmm10, %xmm8 - pclmulqdq $0x0 , %xmm10, %xmm1 - pclmulqdq $0x11, %xmm10, %xmm13 - pxor %xmm9 , %xmm0 - xorps %xmm8 , %xmm0 - pxor %xmm12, %xmm1 - xorps %xmm13, %xmm1 - - movdqu 16*2(arg2), %xmm9 - movdqu 16*3(arg2), %xmm12 - pshufb %xmm11, %xmm9 - pshufb %xmm11, %xmm12 - movdqa %xmm2, %xmm8 - movdqa %xmm3, %xmm13 - pclmulqdq $0x0, %xmm10, %xmm2 - pclmulqdq $0x11, %xmm10, %xmm8 - pclmulqdq $0x0, %xmm10, %xmm3 - pclmulqdq $0x11, %xmm10, %xmm13 - pxor %xmm9 , %xmm2 - xorps %xmm8 , %xmm2 - pxor %xmm12, %xmm3 - xorps %xmm13, %xmm3 - - movdqu 16*4(arg2), %xmm9 - movdqu 16*5(arg2), %xmm12 - pshufb %xmm11, %xmm9 - pshufb %xmm11, %xmm12 - movdqa %xmm4, %xmm8 - movdqa %xmm5, %xmm13 - pclmulqdq $0x0, %xmm10, %xmm4 - pclmulqdq $0x11, %xmm10, %xmm8 - pclmulqdq $0x0, %xmm10, %xmm5 - pclmulqdq $0x11, %xmm10, %xmm13 - pxor %xmm9 , %xmm4 - xorps %xmm8 , %xmm4 - pxor %xmm12, %xmm5 - xorps %xmm13, %xmm5 - - movdqu 16*6(arg2), %xmm9 - movdqu 16*7(arg2), %xmm12 - pshufb %xmm11, %xmm9 - pshufb %xmm11, %xmm12 - movdqa %xmm6 , %xmm8 - movdqa %xmm7 , %xmm13 - pclmulqdq $0x0 , %xmm10, %xmm6 - pclmulqdq $0x11, %xmm10, %xmm8 - pclmulqdq $0x0 , %xmm10, %xmm7 - pclmulqdq $0x11, %xmm10, %xmm13 - pxor %xmm9 , %xmm6 - xorps %xmm8 , %xmm6 - pxor %xmm12, %xmm7 - xorps %xmm13, %xmm7 - - sub $128, arg3 - - # check if there is another 64B in the buffer to be able to fold - jge _fold_64_B_loop - ################################################################## - - - add $128, arg2 - # at this point, the buffer pointer is pointing at the last y Bytes - # of the buffer the 64B of folded data is in 4 of the xmm - # registers: xmm0, xmm1, xmm2, xmm3 - - - # fold the 8 xmm registers to 1 xmm register with different constants - - movdqa rk9(%rip), %xmm10 - movdqa %xmm0, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm0 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - xorps %xmm0, %xmm7 - - movdqa rk11(%rip), %xmm10 - movdqa %xmm1, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm1 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - xorps %xmm1, %xmm7 - - movdqa rk13(%rip), %xmm10 - movdqa %xmm2, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm2 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - pxor %xmm2, %xmm7 - - movdqa rk15(%rip), %xmm10 - movdqa %xmm3, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm3 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - xorps %xmm3, %xmm7 - - movdqa rk17(%rip), %xmm10 - movdqa %xmm4, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm4 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - pxor %xmm4, %xmm7 - - movdqa rk19(%rip), %xmm10 - movdqa %xmm5, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm5 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - xorps %xmm5, %xmm7 - - movdqa rk1(%rip), %xmm10 #xmm10 has rk1 and rk2 - #imm value of pclmulqdq instruction - #will determine which constant to use - movdqa %xmm6, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm6 - pclmulqdq $0x0 , %xmm10, %xmm8 - pxor %xmm8, %xmm7 - pxor %xmm6, %xmm7 - - - # instead of 64, we add 48 to the loop counter to save 1 instruction - # from the loop instead of a cmp instruction, we use the negative - # flag with the jl instruction - add $128-16, arg3 - jl _final_reduction_for_128 - - # now we have 16+y bytes left to reduce. 16 Bytes is in register xmm7 - # and the rest is in memory. We can fold 16 bytes at a time if y>=16 - # continue folding 16B at a time - -_16B_reduction_loop: + movdqa .Lbswap_mask(%rip), BSWAP_MASK + + # For sizes less than 256 bytes, we can't fold 128 bytes at a time. + cmp $256, len + jl .Lless_than_256_bytes + + # Load the first 128 data bytes. Byte swapping is necessary to make the + # bit order match the polynomial coefficient order. + movdqu 16*0(buf), %xmm0 + movdqu 16*1(buf), %xmm1 + movdqu 16*2(buf), %xmm2 + movdqu 16*3(buf), %xmm3 + movdqu 16*4(buf), %xmm4 + movdqu 16*5(buf), %xmm5 + movdqu 16*6(buf), %xmm6 + movdqu 16*7(buf), %xmm7 + add $128, buf + pshufb BSWAP_MASK, %xmm0 + pshufb BSWAP_MASK, %xmm1 + pshufb BSWAP_MASK, %xmm2 + pshufb BSWAP_MASK, %xmm3 + pshufb BSWAP_MASK, %xmm4 + pshufb BSWAP_MASK, %xmm5 + pshufb BSWAP_MASK, %xmm6 + pshufb BSWAP_MASK, %xmm7 + + # XOR the first 16 data *bits* with the initial CRC value. + pxor %xmm8, %xmm8 + pinsrw $7, init_crc, %xmm8 + pxor %xmm8, %xmm0 + + movdqa .Lfold_across_128_bytes_consts(%rip), FOLD_CONSTS + + # Subtract 128 for the 128 data bytes just consumed. Subtract another + # 128 to simplify the termination condition of the following loop. + sub $256, len + + # While >= 128 data bytes remain (not counting xmm0-7), fold the 128 + # bytes xmm0-7 into them, storing the result back into xmm0-7. +.Lfold_128_bytes_loop: + fold_32_bytes 0, %xmm0, %xmm1 + fold_32_bytes 32, %xmm2, %xmm3 + fold_32_bytes 64, %xmm4, %xmm5 + fold_32_bytes 96, %xmm6, %xmm7 + add $128, buf + sub $128, len + jge .Lfold_128_bytes_loop + + # Now fold the 112 bytes in xmm0-xmm6 into the 16 bytes in xmm7. + + # Fold across 64 bytes. + movdqa .Lfold_across_64_bytes_consts(%rip), FOLD_CONSTS + fold_16_bytes %xmm0, %xmm4 + fold_16_bytes %xmm1, %xmm5 + fold_16_bytes %xmm2, %xmm6 + fold_16_bytes %xmm3, %xmm7 + # Fold across 32 bytes. + movdqa .Lfold_across_32_bytes_consts(%rip), FOLD_CONSTS + fold_16_bytes %xmm4, %xmm6 + fold_16_bytes %xmm5, %xmm7 + # Fold across 16 bytes. + movdqa .Lfold_across_16_bytes_consts(%rip), FOLD_CONSTS + fold_16_bytes %xmm6, %xmm7 + + # Add 128 to get the correct number of data bytes remaining in 0...127 + # (not counting xmm7), following the previous extra subtraction by 128. + # Then subtract 16 to simplify the termination condition of the + # following loop. + add $128-16, len + + # While >= 16 data bytes remain (not counting xmm7), fold the 16 bytes + # xmm7 into them, storing the result back into xmm7. + jl .Lfold_16_bytes_loop_done +.Lfold_16_bytes_loop: movdqa %xmm7, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm7 - pclmulqdq $0x0 , %xmm10, %xmm8 + pclmulqdq $0x11, FOLD_CONSTS, %xmm7 + pclmulqdq $0x00, FOLD_CONSTS, %xmm8 pxor %xmm8, %xmm7 - movdqu (arg2), %xmm0 - pshufb %xmm11, %xmm0 + movdqu (buf), %xmm0 + pshufb BSWAP_MASK, %xmm0 pxor %xmm0 , %xmm7 - add $16, arg2 - sub $16, arg3 - # instead of a cmp instruction, we utilize the flags with the - # jge instruction equivalent of: cmp arg3, 16-16 - # check if there is any more 16B in the buffer to be able to fold - jge _16B_reduction_loop - - #now we have 16+z bytes left to reduce, where 0<= z < 16. - #first, we reduce the data in the xmm7 register - - -_final_reduction_for_128: - # check if any more data to fold. If not, compute the CRC of - # the final 128 bits - add $16, arg3 - je _128_done - - # here we are getting data that is less than 16 bytes. - # since we know that there was data before the pointer, we can - # offset the input pointer before the actual point, to receive - # exactly 16 bytes. after that the registers need to be adjusted. -_get_last_two_xmms: + add $16, buf + sub $16, len + jge .Lfold_16_bytes_loop + +.Lfold_16_bytes_loop_done: + # Add 16 to get the correct number of data bytes remaining in 0...15 + # (not counting xmm7), following the previous extra subtraction by 16. + add $16, len + je .Lreduce_final_16_bytes + +.Lhandle_partial_segment: + # Reduce the last '16 + len' bytes where 1 <= len <= 15 and the first 16 + # bytes are in xmm7 and the rest are the remaining data in 'buf'. To do + # this without needing a fold constant for each possible 'len', redivide + # the bytes into a first chunk of 'len' bytes and a second chunk of 16 + # bytes, then fold the first chunk into the second. + movdqa %xmm7, %xmm2 - movdqu -16(arg2, arg3), %xmm1 - pshufb %xmm11, %xmm1 + # xmm1 = last 16 original data bytes + movdqu -16(buf, len), %xmm1 + pshufb BSWAP_MASK, %xmm1 - # get rid of the extra data that was loaded before - # load the shift constant - lea pshufb_shf_table+16(%rip), %rax - sub arg3, %rax + # xmm2 = high order part of second chunk: xmm7 left-shifted by 'len' bytes. + lea .Lbyteshift_table+16(%rip), %rax + sub len, %rax movdqu (%rax), %xmm0 - - # shift xmm2 to the left by arg3 bytes pshufb %xmm0, %xmm2 - # shift xmm7 to the right by 16-arg3 bytes - pxor mask1(%rip), %xmm0 + # xmm7 = first chunk: xmm7 right-shifted by '16-len' bytes. + pxor .Lmask1(%rip), %xmm0 pshufb %xmm0, %xmm7 + + # xmm1 = second chunk: 'len' bytes from xmm1 (low-order bytes), + # then '16-len' bytes from xmm2 (high-order bytes). pblendvb %xmm2, %xmm1 #xmm0 is implicit - # fold 16 Bytes - movdqa %xmm1, %xmm2 + # Fold the first chunk into the second chunk, storing the result in xmm7. movdqa %xmm7, %xmm8 - pclmulqdq $0x11, %xmm10, %xmm7 - pclmulqdq $0x0 , %xmm10, %xmm8 + pclmulqdq $0x11, FOLD_CONSTS, %xmm7 + pclmulqdq $0x00, FOLD_CONSTS, %xmm8 pxor %xmm8, %xmm7 - pxor %xmm2, %xmm7 + pxor %xmm1, %xmm7 -_128_done: - # compute crc of a 128-bit value - movdqa rk5(%rip), %xmm10 # rk5 and rk6 in xmm10 - movdqa %xmm7, %xmm0 +.Lreduce_final_16_bytes: + # Reduce the 128-bit value M(x), stored in xmm7, to the final 16-bit CRC - #64b fold - pclmulqdq $0x1, %xmm10, %xmm7 - pslldq $8 , %xmm0 - pxor %xmm0, %xmm7 + # Load 'x^48 * (x^48 mod G(x))' and 'x^48 * (x^80 mod G(x))'. + movdqa .Lfinal_fold_consts(%rip), FOLD_CONSTS - #32b fold + # Fold the high 64 bits into the low 64 bits, while also multiplying by + # x^64. This produces a 128-bit value congruent to x^64 * M(x) and + # whose low 48 bits are 0. movdqa %xmm7, %xmm0 + pclmulqdq $0x11, FOLD_CONSTS, %xmm7 # high bits * x^48 * (x^80 mod G(x)) + pslldq $8, %xmm0 + pxor %xmm0, %xmm7 # + low bits * x^64 - pand mask2(%rip), %xmm0 - - psrldq $12, %xmm7 - pclmulqdq $0x10, %xmm10, %xmm7 - pxor %xmm0, %xmm7 - - #barrett reduction -_barrett: - movdqa rk7(%rip), %xmm10 # rk7 and rk8 in xmm10 + # Fold the high 32 bits into the low 96 bits. This produces a 96-bit + # value congruent to x^64 * M(x) and whose low 48 bits are 0. movdqa %xmm7, %xmm0 - pclmulqdq $0x01, %xmm10, %xmm7 - pslldq $4, %xmm7 - pclmulqdq $0x11, %xmm10, %xmm7 + pand .Lmask2(%rip), %xmm0 # zero high 32 bits + psrldq $12, %xmm7 # extract high 32 bits + pclmulqdq $0x00, FOLD_CONSTS, %xmm7 # high 32 bits * x^48 * (x^48 mod G(x)) + pxor %xmm0, %xmm7 # + low bits - pslldq $4, %xmm7 - pxor %xmm0, %xmm7 - pextrd $1, %xmm7, %eax + # Load G(x) and floor(x^48 / G(x)). + movdqa .Lbarrett_reduction_consts(%rip), FOLD_CONSTS -_cleanup: - # scale the result back to 16 bits - shr $16, %eax - mov %rcx, %rsp + # Use Barrett reduction to compute the final CRC value. + movdqa %xmm7, %xmm0 + pclmulqdq $0x11, FOLD_CONSTS, %xmm7 # high 32 bits * floor(x^48 / G(x)) + psrlq $32, %xmm7 # /= x^32 + pclmulqdq $0x00, FOLD_CONSTS, %xmm7 # *= G(x) + psrlq $48, %xmm0 + pxor %xmm7, %xmm0 # + low 16 nonzero bits + # Final CRC value (x^16 * M(x)) mod G(x) is in low 16 bits of xmm0. + + pextrw $0, %xmm0, %eax ret -######################################################################## - .align 16 -_less_than_128: - - # check if there is enough buffer to be able to fold 16B at a time - cmp $32, arg3 - jl _less_than_32 - movdqa SHUF_MASK(%rip), %xmm11 +.Lless_than_256_bytes: + # Checksumming a buffer of length 16...255 bytes - # now if there is, load the constants - movdqa rk1(%rip), %xmm10 # rk1 and rk2 in xmm10 + # Load the first 16 data bytes. + movdqu (buf), %xmm7 + pshufb BSWAP_MASK, %xmm7 + add $16, buf - movd arg1_low32, %xmm0 # get the initial crc value - pslldq $12, %xmm0 # align it to its correct place - movdqu (arg2), %xmm7 # load the plaintext - pshufb %xmm11, %xmm7 # byte-reflect the plaintext + # XOR the first 16 data *bits* with the initial CRC value. + pxor %xmm0, %xmm0 + pinsrw $7, init_crc, %xmm0 pxor %xmm0, %xmm7 - - # update the buffer pointer - add $16, arg2 - - # update the counter. subtract 32 instead of 16 to save one - # instruction from the loop - sub $32, arg3 - - jmp _16B_reduction_loop - - -.align 16 -_less_than_32: - # mov initial crc to the return value. this is necessary for - # zero-length buffers. - mov arg1_low32, %eax - test arg3, arg3 - je _cleanup - - movdqa SHUF_MASK(%rip), %xmm11 - - movd arg1_low32, %xmm0 # get the initial crc value - pslldq $12, %xmm0 # align it to its correct place - - cmp $16, arg3 - je _exact_16_left - jl _less_than_16_left - - movdqu (arg2), %xmm7 # load the plaintext - pshufb %xmm11, %xmm7 # byte-reflect the plaintext - pxor %xmm0 , %xmm7 # xor the initial crc value - add $16, arg2 - sub $16, arg3 - movdqa rk1(%rip), %xmm10 # rk1 and rk2 in xmm10 - jmp _get_last_two_xmms - - -.align 16 -_less_than_16_left: - # use stack space to load data less than 16 bytes, zero-out - # the 16B in memory first. - - pxor %xmm1, %xmm1 - mov %rsp, %r11 - movdqa %xmm1, (%r11) - - cmp $4, arg3 - jl _only_less_than_4 - - # backup the counter value - mov arg3, %r9 - cmp $8, arg3 - jl _less_than_8_left - - # load 8 Bytes - mov (arg2), %rax - mov %rax, (%r11) - add $8, %r11 - sub $8, arg3 - add $8, arg2 -_less_than_8_left: - - cmp $4, arg3 - jl _less_than_4_left - - # load 4 Bytes - mov (arg2), %eax - mov %eax, (%r11) - add $4, %r11 - sub $4, arg3 - add $4, arg2 -_less_than_4_left: - - cmp $2, arg3 - jl _less_than_2_left - - # load 2 Bytes - mov (arg2), %ax - mov %ax, (%r11) - add $2, %r11 - sub $2, arg3 - add $2, arg2 -_less_than_2_left: - cmp $1, arg3 - jl _zero_left - - # load 1 Byte - mov (arg2), %al - mov %al, (%r11) -_zero_left: - movdqa (%rsp), %xmm7 - pshufb %xmm11, %xmm7 - pxor %xmm0 , %xmm7 # xor the initial crc value - - # shl r9, 4 - lea pshufb_shf_table+16(%rip), %rax - sub %r9, %rax - movdqu (%rax), %xmm0 - pxor mask1(%rip), %xmm0 - - pshufb %xmm0, %xmm7 - jmp _128_done - -.align 16 -_exact_16_left: - movdqu (arg2), %xmm7 - pshufb %xmm11, %xmm7 - pxor %xmm0 , %xmm7 # xor the initial crc value - - jmp _128_done - -_only_less_than_4: - cmp $3, arg3 - jl _only_less_than_3 - - # load 3 Bytes - mov (arg2), %al - mov %al, (%r11) - - mov 1(arg2), %al - mov %al, 1(%r11) - - mov 2(arg2), %al - mov %al, 2(%r11) - - movdqa (%rsp), %xmm7 - pshufb %xmm11, %xmm7 - pxor %xmm0 , %xmm7 # xor the initial crc value - - psrldq $5, %xmm7 - - jmp _barrett -_only_less_than_3: - cmp $2, arg3 - jl _only_less_than_2 - - # load 2 Bytes - mov (arg2), %al - mov %al, (%r11) - - mov 1(arg2), %al - mov %al, 1(%r11) - - movdqa (%rsp), %xmm7 - pshufb %xmm11, %xmm7 - pxor %xmm0 , %xmm7 # xor the initial crc value - - psrldq $6, %xmm7 - - jmp _barrett -_only_less_than_2: - - # load 1 Byte - mov (arg2), %al - mov %al, (%r11) - - movdqa (%rsp), %xmm7 - pshufb %xmm11, %xmm7 - pxor %xmm0 , %xmm7 # xor the initial crc value - - psrldq $7, %xmm7 - - jmp _barrett - + movdqa .Lfold_across_16_bytes_consts(%rip), FOLD_CONSTS + cmp $16, len + je .Lreduce_final_16_bytes # len == 16 + sub $32, len + jge .Lfold_16_bytes_loop # 32 <= len <= 255 + add $16, len + jmp .Lhandle_partial_segment # 17 <= len <= 31 ENDPROC(crc_t10dif_pcl) .section .rodata, "a", @progbits .align 16 -# precomputed constants -# these constants are precomputed from the poly: -# 0x8bb70000 (0x8bb7 scaled to 32 bits) -# Q = 0x18BB70000 -# rk1 = 2^(32*3) mod Q << 32 -# rk2 = 2^(32*5) mod Q << 32 -# rk3 = 2^(32*15) mod Q << 32 -# rk4 = 2^(32*17) mod Q << 32 -# rk5 = 2^(32*3) mod Q << 32 -# rk6 = 2^(32*2) mod Q << 32 -# rk7 = floor(2^64/Q) -# rk8 = Q -rk1: -.quad 0x2d56000000000000 -rk2: -.quad 0x06df000000000000 -rk3: -.quad 0x9d9d000000000000 -rk4: -.quad 0x7cf5000000000000 -rk5: -.quad 0x2d56000000000000 -rk6: -.quad 0x1368000000000000 -rk7: -.quad 0x00000001f65a57f8 -rk8: -.quad 0x000000018bb70000 - -rk9: -.quad 0xceae000000000000 -rk10: -.quad 0xbfd6000000000000 -rk11: -.quad 0x1e16000000000000 -rk12: -.quad 0x713c000000000000 -rk13: -.quad 0xf7f9000000000000 -rk14: -.quad 0x80a6000000000000 -rk15: -.quad 0x044c000000000000 -rk16: -.quad 0xe658000000000000 -rk17: -.quad 0xad18000000000000 -rk18: -.quad 0xa497000000000000 -rk19: -.quad 0x6ee3000000000000 -rk20: -.quad 0xe7b5000000000000 - +# Fold constants precomputed from the polynomial 0x18bb7 +# G(x) = x^16 + x^15 + x^11 + x^9 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + x^0 +.Lfold_across_128_bytes_consts: + .quad 0x0000000000006123 # x^(8*128) mod G(x) + .quad 0x0000000000002295 # x^(8*128+64) mod G(x) +.Lfold_across_64_bytes_consts: + .quad 0x0000000000001069 # x^(4*128) mod G(x) + .quad 0x000000000000dd31 # x^(4*128+64) mod G(x) +.Lfold_across_32_bytes_consts: + .quad 0x000000000000857d # x^(2*128) mod G(x) + .quad 0x0000000000007acc # x^(2*128+64) mod G(x) +.Lfold_across_16_bytes_consts: + .quad 0x000000000000a010 # x^(1*128) mod G(x) + .quad 0x0000000000001faa # x^(1*128+64) mod G(x) +.Lfinal_fold_consts: + .quad 0x1368000000000000 # x^48 * (x^48 mod G(x)) + .quad 0x2d56000000000000 # x^48 * (x^80 mod G(x)) +.Lbarrett_reduction_consts: + .quad 0x0000000000018bb7 # G(x) + .quad 0x00000001f65a57f8 # floor(x^48 / G(x)) .section .rodata.cst16.mask1, "aM", @progbits, 16 .align 16 -mask1: -.octa 0x80808080808080808080808080808080 +.Lmask1: + .octa 0x80808080808080808080808080808080 .section .rodata.cst16.mask2, "aM", @progbits, 16 .align 16 -mask2: -.octa 0x00000000FFFFFFFFFFFFFFFFFFFFFFFF +.Lmask2: + .octa 0x00000000FFFFFFFFFFFFFFFFFFFFFFFF + +.section .rodata.cst16.bswap_mask, "aM", @progbits, 16 +.align 16 +.Lbswap_mask: + .octa 0x000102030405060708090A0B0C0D0E0F -.section .rodata.cst16.SHUF_MASK, "aM", @progbits, 16 +.section .rodata.cst32.byteshift_table, "aM", @progbits, 32 .align 16 -SHUF_MASK: -.octa 0x000102030405060708090A0B0C0D0E0F - -.section .rodata.cst32.pshufb_shf_table, "aM", @progbits, 32 -.align 32 -pshufb_shf_table: -# use these values for shift constants for the pshufb instruction -# different alignments result in values as shown: -# DDQ 0x008f8e8d8c8b8a898887868584838281 # shl 15 (16-1) / shr1 -# DDQ 0x01008f8e8d8c8b8a8988878685848382 # shl 14 (16-3) / shr2 -# DDQ 0x0201008f8e8d8c8b8a89888786858483 # shl 13 (16-4) / shr3 -# DDQ 0x030201008f8e8d8c8b8a898887868584 # shl 12 (16-4) / shr4 -# DDQ 0x04030201008f8e8d8c8b8a8988878685 # shl 11 (16-5) / shr5 -# DDQ 0x0504030201008f8e8d8c8b8a89888786 # shl 10 (16-6) / shr6 -# DDQ 0x060504030201008f8e8d8c8b8a898887 # shl 9 (16-7) / shr7 -# DDQ 0x07060504030201008f8e8d8c8b8a8988 # shl 8 (16-8) / shr8 -# DDQ 0x0807060504030201008f8e8d8c8b8a89 # shl 7 (16-9) / shr9 -# DDQ 0x090807060504030201008f8e8d8c8b8a # shl 6 (16-10) / shr10 -# DDQ 0x0a090807060504030201008f8e8d8c8b # shl 5 (16-11) / shr11 -# DDQ 0x0b0a090807060504030201008f8e8d8c # shl 4 (16-12) / shr12 -# DDQ 0x0c0b0a090807060504030201008f8e8d # shl 3 (16-13) / shr13 -# DDQ 0x0d0c0b0a090807060504030201008f8e # shl 2 (16-14) / shr14 -# DDQ 0x0e0d0c0b0a090807060504030201008f # shl 1 (16-15) / shr15 -.octa 0x8f8e8d8c8b8a89888786858483828100 -.octa 0x000e0d0c0b0a09080706050403020100 +# For 1 <= len <= 15, the 16-byte vector beginning at &byteshift_table[16 - len] +# is the index vector to shift left by 'len' bytes, and is also {0x80, ..., +# 0x80} XOR the index vector to shift right by '16 - len' bytes. +.Lbyteshift_table: + .byte 0x0, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87 + .byte 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f + .byte 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7 + .byte 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe , 0x0 diff --git a/arch/x86/crypto/crct10dif-pclmul_glue.c b/arch/x86/crypto/crct10dif-pclmul_glue.c index cd4df9322501..0e785c0b2354 100644 --- a/arch/x86/crypto/crct10dif-pclmul_glue.c +++ b/arch/x86/crypto/crct10dif-pclmul_glue.c @@ -33,18 +33,12 @@ #include #include -asmlinkage __u16 crc_t10dif_pcl(__u16 crc, const unsigned char *buf, - size_t len); +asmlinkage u16 crc_t10dif_pcl(u16 init_crc, const u8 *buf, size_t len); struct chksum_desc_ctx { __u16 crc; }; -/* - * Steps through buffer one byte at at time, calculates reflected - * crc using table. - */ - static int chksum_init(struct shash_desc *desc) { struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); @@ -59,7 +53,7 @@ static int chksum_update(struct shash_desc *desc, const u8 *data, { struct chksum_desc_ctx *ctx = shash_desc_ctx(desc); - if (irq_fpu_usable()) { + if (length >= 16 && irq_fpu_usable()) { kernel_fpu_begin(); ctx->crc = crc_t10dif_pcl(ctx->crc, data, length); kernel_fpu_end(); @@ -79,7 +73,7 @@ static int chksum_final(struct shash_desc *desc, u8 *out) static int __chksum_finup(__u16 *crcp, const u8 *data, unsigned int len, u8 *out) { - if (irq_fpu_usable()) { + if (len >= 16 && irq_fpu_usable()) { kernel_fpu_begin(); *(__u16 *)out = crc_t10dif_pcl(*crcp, data, len); kernel_fpu_end(); -- cgit From e7b3ed338097b1237ca03b05fe36ec1517d328d5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 30 Jan 2019 20:42:41 -0800 Subject: crypto: arm/crct10dif-ce - cleanup and optimizations The x86, arm, and arm64 asm implementations of crct10dif are very difficult to understand partly because many of the comments, labels, and macros are named incorrectly: the lengths mentioned are usually off by a factor of two from the actual code. Many other things are unnecessarily convoluted as well, e.g. there are many more fold constants than actually needed and some aren't fully reduced. This series therefore cleans up all these implementations to be much more maintainable. I also made some small optimizations where I saw opportunities, resulting in slightly better performance. This patch cleans up the arm version. (Also moved the constants to .rodata as suggested by Ard Biesheuvel.) Acked-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/arm/crypto/crct10dif-ce-core.S | 553 +++++++++++++++++------------------- arch/arm/crypto/crct10dif-ce-glue.c | 2 +- 2 files changed, 261 insertions(+), 294 deletions(-) diff --git a/arch/arm/crypto/crct10dif-ce-core.S b/arch/arm/crypto/crct10dif-ce-core.S index d058fad423c2..86be258a803f 100644 --- a/arch/arm/crypto/crct10dif-ce-core.S +++ b/arch/arm/crypto/crct10dif-ce-core.S @@ -2,12 +2,14 @@ // Accelerated CRC-T10DIF using ARM NEON and Crypto Extensions instructions // // Copyright (C) 2016 Linaro Ltd +// Copyright (C) 2019 Google LLC // // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License version 2 as // published by the Free Software Foundation. // +// Derived from the x86 version: // // Implement fast CRC-T10DIF computation with SSE and PCLMULQDQ instructions // @@ -54,19 +56,11 @@ // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // -// Function API: -// UINT16 crc_t10dif_pcl( -// UINT16 init_crc, //initial CRC value, 16 bits -// const unsigned char *buf, //buffer pointer to calculate CRC on -// UINT64 len //buffer length in bytes (64-bit data) -// ); -// // Reference paper titled "Fast CRC Computation for Generic // Polynomials Using PCLMULQDQ Instruction" // URL: http://www.intel.com/content/dam/www/public/us/en/documents // /white-papers/fast-crc-computation-generic-polynomials-pclmulqdq-paper.pdf // -// #include #include @@ -78,13 +72,14 @@ #endif .text + .arch armv7-a .fpu crypto-neon-fp-armv8 - arg1_low32 .req r0 - arg2 .req r1 - arg3 .req r2 + init_crc .req r0 + buf .req r1 + len .req r2 - qzr .req q13 + fold_consts_ptr .req ip q0l .req d0 q0h .req d1 @@ -102,82 +97,35 @@ q6h .req d13 q7l .req d14 q7h .req d15 - -ENTRY(crc_t10dif_pmull) - vmov.i8 qzr, #0 // init zero register - - // adjust the 16-bit initial_crc value, scale it to 32 bits - lsl arg1_low32, arg1_low32, #16 - - // check if smaller than 256 - cmp arg3, #256 - - // for sizes less than 128, we can't fold 64B at a time... - blt _less_than_128 - - // load the initial crc value - // crc value does not need to be byte-reflected, but it needs - // to be moved to the high part of the register. - // because data will be byte-reflected and will align with - // initial crc at correct place. - vmov s0, arg1_low32 // initial crc - vext.8 q10, qzr, q0, #4 - - // receive the initial 64B data, xor the initial crc value - vld1.64 {q0-q1}, [arg2]! - vld1.64 {q2-q3}, [arg2]! - vld1.64 {q4-q5}, [arg2]! - vld1.64 {q6-q7}, [arg2]! -CPU_LE( vrev64.8 q0, q0 ) -CPU_LE( vrev64.8 q1, q1 ) -CPU_LE( vrev64.8 q2, q2 ) -CPU_LE( vrev64.8 q3, q3 ) -CPU_LE( vrev64.8 q4, q4 ) -CPU_LE( vrev64.8 q5, q5 ) -CPU_LE( vrev64.8 q6, q6 ) -CPU_LE( vrev64.8 q7, q7 ) - - vswp d0, d1 - vswp d2, d3 - vswp d4, d5 - vswp d6, d7 - vswp d8, d9 - vswp d10, d11 - vswp d12, d13 - vswp d14, d15 - - // XOR the initial_crc value - veor.8 q0, q0, q10 - - adr ip, rk3 - vld1.64 {q10}, [ip, :128] // xmm10 has rk3 and rk4 - - // - // we subtract 256 instead of 128 to save one instruction from the loop - // - sub arg3, arg3, #256 - - // at this section of the code, there is 64*x+y (0<=y<64) bytes of - // buffer. The _fold_64_B_loop will fold 64B at a time - // until we have 64+y Bytes of buffer - - - // fold 64B at a time. This section of the code folds 4 vector - // registers in parallel -_fold_64_B_loop: - - .macro fold64, reg1, reg2 - vld1.64 {q11-q12}, [arg2]! - - vmull.p64 q8, \reg1\()h, d21 - vmull.p64 \reg1, \reg1\()l, d20 - vmull.p64 q9, \reg2\()h, d21 - vmull.p64 \reg2, \reg2\()l, d20 - -CPU_LE( vrev64.8 q11, q11 ) -CPU_LE( vrev64.8 q12, q12 ) - vswp d22, d23 - vswp d24, d25 + q8l .req d16 + q8h .req d17 + q9l .req d18 + q9h .req d19 + q10l .req d20 + q10h .req d21 + q11l .req d22 + q11h .req d23 + q12l .req d24 + q12h .req d25 + + FOLD_CONSTS .req q10 + FOLD_CONST_L .req q10l + FOLD_CONST_H .req q10h + + // Fold reg1, reg2 into the next 32 data bytes, storing the result back + // into reg1, reg2. + .macro fold_32_bytes, reg1, reg2 + vld1.64 {q11-q12}, [buf]! + + vmull.p64 q8, \reg1\()h, FOLD_CONST_H + vmull.p64 \reg1, \reg1\()l, FOLD_CONST_L + vmull.p64 q9, \reg2\()h, FOLD_CONST_H + vmull.p64 \reg2, \reg2\()l, FOLD_CONST_L + +CPU_LE( vrev64.8 q11, q11 ) +CPU_LE( vrev64.8 q12, q12 ) + vswp q11l, q11h + vswp q12l, q12h veor.8 \reg1, \reg1, q8 veor.8 \reg2, \reg2, q9 @@ -185,229 +133,248 @@ CPU_LE( vrev64.8 q12, q12 ) veor.8 \reg2, \reg2, q12 .endm - fold64 q0, q1 - fold64 q2, q3 - fold64 q4, q5 - fold64 q6, q7 - - subs arg3, arg3, #128 - - // check if there is another 64B in the buffer to be able to fold - bge _fold_64_B_loop - - // at this point, the buffer pointer is pointing at the last y Bytes - // of the buffer the 64B of folded data is in 4 of the vector - // registers: v0, v1, v2, v3 - - // fold the 8 vector registers to 1 vector register with different - // constants - - adr ip, rk9 - vld1.64 {q10}, [ip, :128]! - - .macro fold16, reg, rk - vmull.p64 q8, \reg\()l, d20 - vmull.p64 \reg, \reg\()h, d21 - .ifnb \rk - vld1.64 {q10}, [ip, :128]! + // Fold src_reg into dst_reg, optionally loading the next fold constants + .macro fold_16_bytes, src_reg, dst_reg, load_next_consts + vmull.p64 q8, \src_reg\()l, FOLD_CONST_L + vmull.p64 \src_reg, \src_reg\()h, FOLD_CONST_H + .ifnb \load_next_consts + vld1.64 {FOLD_CONSTS}, [fold_consts_ptr, :128]! .endif - veor.8 q7, q7, q8 - veor.8 q7, q7, \reg + veor.8 \dst_reg, \dst_reg, q8 + veor.8 \dst_reg, \dst_reg, \src_reg .endm - fold16 q0, rk11 - fold16 q1, rk13 - fold16 q2, rk15 - fold16 q3, rk17 - fold16 q4, rk19 - fold16 q5, rk1 - fold16 q6 - - // instead of 64, we add 48 to the loop counter to save 1 instruction - // from the loop instead of a cmp instruction, we use the negative - // flag with the jl instruction - adds arg3, arg3, #(128-16) - blt _final_reduction_for_128 - - // now we have 16+y bytes left to reduce. 16 Bytes is in register v7 - // and the rest is in memory. We can fold 16 bytes at a time if y>=16 - // continue folding 16B at a time - -_16B_reduction_loop: - vmull.p64 q8, d14, d20 - vmull.p64 q7, d15, d21 - veor.8 q7, q7, q8 - - vld1.64 {q0}, [arg2]! -CPU_LE( vrev64.8 q0, q0 ) - vswp d0, d1 - veor.8 q7, q7, q0 - subs arg3, arg3, #16 - - // instead of a cmp instruction, we utilize the flags with the - // jge instruction equivalent of: cmp arg3, 16-16 - // check if there is any more 16B in the buffer to be able to fold - bge _16B_reduction_loop - - // now we have 16+z bytes left to reduce, where 0<= z < 16. - // first, we reduce the data in the xmm7 register - -_final_reduction_for_128: - // check if any more data to fold. If not, compute the CRC of - // the final 128 bits - adds arg3, arg3, #16 - beq _128_done - - // here we are getting data that is less than 16 bytes. - // since we know that there was data before the pointer, we can - // offset the input pointer before the actual point, to receive - // exactly 16 bytes. after that the registers need to be adjusted. -_get_last_two_regs: - add arg2, arg2, arg3 - sub arg2, arg2, #16 - vld1.64 {q1}, [arg2] -CPU_LE( vrev64.8 q1, q1 ) - vswp d2, d3 - - // get rid of the extra data that was loaded before - // load the shift constant - adr ip, tbl_shf_table + 16 - sub ip, ip, arg3 - vld1.8 {q0}, [ip] - - // shift v2 to the left by arg3 bytes - vtbl.8 d4, {d14-d15}, d0 - vtbl.8 d5, {d14-d15}, d1 - - // shift v7 to the right by 16-arg3 bytes - vmov.i8 q9, #0x80 - veor.8 q0, q0, q9 - vtbl.8 d18, {d14-d15}, d0 - vtbl.8 d19, {d14-d15}, d1 - - // blend - vshr.s8 q0, q0, #7 // convert to 8-bit mask - vbsl.8 q0, q2, q1 - - // fold 16 Bytes - vmull.p64 q8, d18, d20 - vmull.p64 q7, d19, d21 - veor.8 q7, q7, q8 - veor.8 q7, q7, q0 + .macro __adrl, out, sym + movw \out, #:lower16:\sym + movt \out, #:upper16:\sym + .endm -_128_done: - // compute crc of a 128-bit value - vldr d20, rk5 - vldr d21, rk6 // rk5 and rk6 in xmm10 +// +// u16 crc_t10dif_pmull(u16 init_crc, const u8 *buf, size_t len); +// +// Assumes len >= 16. +// +ENTRY(crc_t10dif_pmull) - // 64b fold - vext.8 q0, qzr, q7, #8 - vmull.p64 q7, d15, d20 + // For sizes less than 256 bytes, we can't fold 128 bytes at a time. + cmp len, #256 + blt .Lless_than_256_bytes + + __adrl fold_consts_ptr, .Lfold_across_128_bytes_consts + + // Load the first 128 data bytes. Byte swapping is necessary to make + // the bit order match the polynomial coefficient order. + vld1.64 {q0-q1}, [buf]! + vld1.64 {q2-q3}, [buf]! + vld1.64 {q4-q5}, [buf]! + vld1.64 {q6-q7}, [buf]! +CPU_LE( vrev64.8 q0, q0 ) +CPU_LE( vrev64.8 q1, q1 ) +CPU_LE( vrev64.8 q2, q2 ) +CPU_LE( vrev64.8 q3, q3 ) +CPU_LE( vrev64.8 q4, q4 ) +CPU_LE( vrev64.8 q5, q5 ) +CPU_LE( vrev64.8 q6, q6 ) +CPU_LE( vrev64.8 q7, q7 ) + vswp q0l, q0h + vswp q1l, q1h + vswp q2l, q2h + vswp q3l, q3h + vswp q4l, q4h + vswp q5l, q5h + vswp q6l, q6h + vswp q7l, q7h + + // XOR the first 16 data *bits* with the initial CRC value. + vmov.i8 q8h, #0 + vmov.u16 q8h[3], init_crc + veor q0h, q0h, q8h + + // Load the constants for folding across 128 bytes. + vld1.64 {FOLD_CONSTS}, [fold_consts_ptr, :128]! + + // Subtract 128 for the 128 data bytes just consumed. Subtract another + // 128 to simplify the termination condition of the following loop. + sub len, len, #256 + + // While >= 128 data bytes remain (not counting q0-q7), fold the 128 + // bytes q0-q7 into them, storing the result back into q0-q7. +.Lfold_128_bytes_loop: + fold_32_bytes q0, q1 + fold_32_bytes q2, q3 + fold_32_bytes q4, q5 + fold_32_bytes q6, q7 + subs len, len, #128 + bge .Lfold_128_bytes_loop + + // Now fold the 112 bytes in q0-q6 into the 16 bytes in q7. + + // Fold across 64 bytes. + vld1.64 {FOLD_CONSTS}, [fold_consts_ptr, :128]! + fold_16_bytes q0, q4 + fold_16_bytes q1, q5 + fold_16_bytes q2, q6 + fold_16_bytes q3, q7, 1 + // Fold across 32 bytes. + fold_16_bytes q4, q6 + fold_16_bytes q5, q7, 1 + // Fold across 16 bytes. + fold_16_bytes q6, q7 + + // Add 128 to get the correct number of data bytes remaining in 0...127 + // (not counting q7), following the previous extra subtraction by 128. + // Then subtract 16 to simplify the termination condition of the + // following loop. + adds len, len, #(128-16) + + // While >= 16 data bytes remain (not counting q7), fold the 16 bytes q7 + // into them, storing the result back into q7. + blt .Lfold_16_bytes_loop_done +.Lfold_16_bytes_loop: + vmull.p64 q8, q7l, FOLD_CONST_L + vmull.p64 q7, q7h, FOLD_CONST_H + veor.8 q7, q7, q8 + vld1.64 {q0}, [buf]! +CPU_LE( vrev64.8 q0, q0 ) + vswp q0l, q0h veor.8 q7, q7, q0 - - // 32b fold - vext.8 q0, q7, qzr, #12 - vmov s31, s3 - vmull.p64 q0, d0, d21 - veor.8 q7, q0, q7 - - // barrett reduction -_barrett: - vldr d20, rk7 - vldr d21, rk8 - - vmull.p64 q0, d15, d20 - vext.8 q0, qzr, q0, #12 - vmull.p64 q0, d1, d21 - vext.8 q0, qzr, q0, #12 + subs len, len, #16 + bge .Lfold_16_bytes_loop + +.Lfold_16_bytes_loop_done: + // Add 16 to get the correct number of data bytes remaining in 0...15 + // (not counting q7), following the previous extra subtraction by 16. + adds len, len, #16 + beq .Lreduce_final_16_bytes + +.Lhandle_partial_segment: + // Reduce the last '16 + len' bytes where 1 <= len <= 15 and the first + // 16 bytes are in q7 and the rest are the remaining data in 'buf'. To + // do this without needing a fold constant for each possible 'len', + // redivide the bytes into a first chunk of 'len' bytes and a second + // chunk of 16 bytes, then fold the first chunk into the second. + + // q0 = last 16 original data bytes + add buf, buf, len + sub buf, buf, #16 + vld1.64 {q0}, [buf] +CPU_LE( vrev64.8 q0, q0 ) + vswp q0l, q0h + + // q1 = high order part of second chunk: q7 left-shifted by 'len' bytes. + __adrl r3, .Lbyteshift_table + 16 + sub r3, r3, len + vld1.8 {q2}, [r3] + vtbl.8 q1l, {q7l-q7h}, q2l + vtbl.8 q1h, {q7l-q7h}, q2h + + // q3 = first chunk: q7 right-shifted by '16-len' bytes. + vmov.i8 q3, #0x80 + veor.8 q2, q2, q3 + vtbl.8 q3l, {q7l-q7h}, q2l + vtbl.8 q3h, {q7l-q7h}, q2h + + // Convert to 8-bit masks: 'len' 0x00 bytes, then '16-len' 0xff bytes. + vshr.s8 q2, q2, #7 + + // q2 = second chunk: 'len' bytes from q0 (low-order bytes), + // then '16-len' bytes from q1 (high-order bytes). + vbsl.8 q2, q1, q0 + + // Fold the first chunk into the second chunk, storing the result in q7. + vmull.p64 q0, q3l, FOLD_CONST_L + vmull.p64 q7, q3h, FOLD_CONST_H veor.8 q7, q7, q0 - vmov r0, s29 - -_cleanup: - // scale the result back to 16 bits - lsr r0, r0, #16 + veor.8 q7, q7, q2 + +.Lreduce_final_16_bytes: + // Reduce the 128-bit value M(x), stored in q7, to the final 16-bit CRC. + + // Load 'x^48 * (x^48 mod G(x))' and 'x^48 * (x^80 mod G(x))'. + vld1.64 {FOLD_CONSTS}, [fold_consts_ptr, :128]! + + // Fold the high 64 bits into the low 64 bits, while also multiplying by + // x^64. This produces a 128-bit value congruent to x^64 * M(x) and + // whose low 48 bits are 0. + vmull.p64 q0, q7h, FOLD_CONST_H // high bits * x^48 * (x^80 mod G(x)) + veor.8 q0h, q0h, q7l // + low bits * x^64 + + // Fold the high 32 bits into the low 96 bits. This produces a 96-bit + // value congruent to x^64 * M(x) and whose low 48 bits are 0. + vmov.i8 q1, #0 + vmov s4, s3 // extract high 32 bits + vmov s3, s5 // zero high 32 bits + vmull.p64 q1, q1l, FOLD_CONST_L // high 32 bits * x^48 * (x^48 mod G(x)) + veor.8 q0, q0, q1 // + low bits + + // Load G(x) and floor(x^48 / G(x)). + vld1.64 {FOLD_CONSTS}, [fold_consts_ptr, :128] + + // Use Barrett reduction to compute the final CRC value. + vmull.p64 q1, q0h, FOLD_CONST_H // high 32 bits * floor(x^48 / G(x)) + vshr.u64 q1l, q1l, #32 // /= x^32 + vmull.p64 q1, q1l, FOLD_CONST_L // *= G(x) + vshr.u64 q0l, q0l, #48 + veor.8 q0l, q0l, q1l // + low 16 nonzero bits + // Final CRC value (x^16 * M(x)) mod G(x) is in low 16 bits of q0. + + vmov.u16 r0, q0l[0] bx lr -_less_than_128: - teq arg3, #0 - beq _cleanup +.Lless_than_256_bytes: + // Checksumming a buffer of length 16...255 bytes - vmov.i8 q0, #0 - vmov s3, arg1_low32 // get the initial crc value + __adrl fold_consts_ptr, .Lfold_across_16_bytes_consts - vld1.64 {q7}, [arg2]! -CPU_LE( vrev64.8 q7, q7 ) - vswp d14, d15 - veor.8 q7, q7, q0 + // Load the first 16 data bytes. + vld1.64 {q7}, [buf]! +CPU_LE( vrev64.8 q7, q7 ) + vswp q7l, q7h - cmp arg3, #16 - beq _128_done // exactly 16 left + // XOR the first 16 data *bits* with the initial CRC value. + vmov.i8 q0h, #0 + vmov.u16 q0h[3], init_crc + veor.8 q7h, q7h, q0h - // now if there is, load the constants - vldr d20, rk1 - vldr d21, rk2 // rk1 and rk2 in xmm10 + // Load the fold-across-16-bytes constants. + vld1.64 {FOLD_CONSTS}, [fold_consts_ptr, :128]! - // check if there is enough buffer to be able to fold 16B at a time - subs arg3, arg3, #32 - addlt arg3, arg3, #16 - blt _get_last_two_regs - b _16B_reduction_loop + cmp len, #16 + beq .Lreduce_final_16_bytes // len == 16 + subs len, len, #32 + addlt len, len, #16 + blt .Lhandle_partial_segment // 17 <= len <= 31 + b .Lfold_16_bytes_loop // 32 <= len <= 255 ENDPROC(crc_t10dif_pmull) -// precomputed constants -// these constants are precomputed from the poly: -// 0x8bb70000 (0x8bb7 scaled to 32 bits) + .section ".rodata", "a" .align 4 -// Q = 0x18BB70000 -// rk1 = 2^(32*3) mod Q << 32 -// rk2 = 2^(32*5) mod Q << 32 -// rk3 = 2^(32*15) mod Q << 32 -// rk4 = 2^(32*17) mod Q << 32 -// rk5 = 2^(32*3) mod Q << 32 -// rk6 = 2^(32*2) mod Q << 32 -// rk7 = floor(2^64/Q) -// rk8 = Q - -rk3: .quad 0x9d9d000000000000 -rk4: .quad 0x7cf5000000000000 -rk5: .quad 0x2d56000000000000 -rk6: .quad 0x1368000000000000 -rk7: .quad 0x00000001f65a57f8 -rk8: .quad 0x000000018bb70000 -rk9: .quad 0xceae000000000000 -rk10: .quad 0xbfd6000000000000 -rk11: .quad 0x1e16000000000000 -rk12: .quad 0x713c000000000000 -rk13: .quad 0xf7f9000000000000 -rk14: .quad 0x80a6000000000000 -rk15: .quad 0x044c000000000000 -rk16: .quad 0xe658000000000000 -rk17: .quad 0xad18000000000000 -rk18: .quad 0xa497000000000000 -rk19: .quad 0x6ee3000000000000 -rk20: .quad 0xe7b5000000000000 -rk1: .quad 0x2d56000000000000 -rk2: .quad 0x06df000000000000 - -tbl_shf_table: -// use these values for shift constants for the tbl/tbx instruction -// different alignments result in values as shown: -// DDQ 0x008f8e8d8c8b8a898887868584838281 # shl 15 (16-1) / shr1 -// DDQ 0x01008f8e8d8c8b8a8988878685848382 # shl 14 (16-3) / shr2 -// DDQ 0x0201008f8e8d8c8b8a89888786858483 # shl 13 (16-4) / shr3 -// DDQ 0x030201008f8e8d8c8b8a898887868584 # shl 12 (16-4) / shr4 -// DDQ 0x04030201008f8e8d8c8b8a8988878685 # shl 11 (16-5) / shr5 -// DDQ 0x0504030201008f8e8d8c8b8a89888786 # shl 10 (16-6) / shr6 -// DDQ 0x060504030201008f8e8d8c8b8a898887 # shl 9 (16-7) / shr7 -// DDQ 0x07060504030201008f8e8d8c8b8a8988 # shl 8 (16-8) / shr8 -// DDQ 0x0807060504030201008f8e8d8c8b8a89 # shl 7 (16-9) / shr9 -// DDQ 0x090807060504030201008f8e8d8c8b8a # shl 6 (16-10) / shr10 -// DDQ 0x0a090807060504030201008f8e8d8c8b # shl 5 (16-11) / shr11 -// DDQ 0x0b0a090807060504030201008f8e8d8c # shl 4 (16-12) / shr12 -// DDQ 0x0c0b0a090807060504030201008f8e8d # shl 3 (16-13) / shr13 -// DDQ 0x0d0c0b0a090807060504030201008f8e # shl 2 (16-14) / shr14 -// DDQ 0x0e0d0c0b0a090807060504030201008f # shl 1 (16-15) / shr15 +// Fold constants precomputed from the polynomial 0x18bb7 +// G(x) = x^16 + x^15 + x^11 + x^9 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + x^0 +.Lfold_across_128_bytes_consts: + .quad 0x0000000000006123 // x^(8*128) mod G(x) + .quad 0x0000000000002295 // x^(8*128+64) mod G(x) +// .Lfold_across_64_bytes_consts: + .quad 0x0000000000001069 // x^(4*128) mod G(x) + .quad 0x000000000000dd31 // x^(4*128+64) mod G(x) +// .Lfold_across_32_bytes_consts: + .quad 0x000000000000857d // x^(2*128) mod G(x) + .quad 0x0000000000007acc // x^(2*128+64) mod G(x) +.Lfold_across_16_bytes_consts: + .quad 0x000000000000a010 // x^(1*128) mod G(x) + .quad 0x0000000000001faa // x^(1*128+64) mod G(x) +// .Lfinal_fold_consts: + .quad 0x1368000000000000 // x^48 * (x^48 mod G(x)) + .quad 0x2d56000000000000 // x^48 * (x^80 mod G(x)) +// .Lbarrett_reduction_consts: + .quad 0x0000000000018bb7 // G(x) + .quad 0x00000001f65a57f8 // floor(x^48 / G(x)) + +// For 1 <= len <= 15, the 16-byte vector beginning at &byteshift_table[16 - +// len] is the index vector to shift left by 'len' bytes, and is also {0x80, +// ..., 0x80} XOR the index vector to shift right by '16 - len' bytes. +.Lbyteshift_table: .byte 0x0, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87 .byte 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f .byte 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7 diff --git a/arch/arm/crypto/crct10dif-ce-glue.c b/arch/arm/crypto/crct10dif-ce-glue.c index 14c19c70a841..3d6b800b8396 100644 --- a/arch/arm/crypto/crct10dif-ce-glue.c +++ b/arch/arm/crypto/crct10dif-ce-glue.c @@ -21,7 +21,7 @@ #define CRC_T10DIF_PMULL_CHUNK_SIZE 16U -asmlinkage u16 crc_t10dif_pmull(u16 init_crc, const u8 buf[], u32 len); +asmlinkage u16 crc_t10dif_pmull(u16 init_crc, const u8 *buf, size_t len); static int crct10dif_init(struct shash_desc *desc) { -- cgit From 6227cd12e51c89c9af320e4e429120c8b83c6bd1 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Wed, 30 Jan 2019 20:42:42 -0800 Subject: crypto: arm64/crct10dif-ce - cleanup and optimizations The x86, arm, and arm64 asm implementations of crct10dif are very difficult to understand partly because many of the comments, labels, and macros are named incorrectly: the lengths mentioned are usually off by a factor of two from the actual code. Many other things are unnecessarily convoluted as well, e.g. there are many more fold constants than actually needed and some aren't fully reduced. This series therefore cleans up all these implementations to be much more maintainable. I also made some small optimizations where I saw opportunities, resulting in slightly better performance. This patch cleans up the arm64 version. Acked-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/arm64/crypto/crct10dif-ce-core.S | 496 ++++++++++++++++------------------ arch/arm64/crypto/crct10dif-ce-glue.c | 4 +- 2 files changed, 233 insertions(+), 267 deletions(-) diff --git a/arch/arm64/crypto/crct10dif-ce-core.S b/arch/arm64/crypto/crct10dif-ce-core.S index f7326259c40d..e545b42e6a46 100644 --- a/arch/arm64/crypto/crct10dif-ce-core.S +++ b/arch/arm64/crypto/crct10dif-ce-core.S @@ -2,12 +2,14 @@ // Accelerated CRC-T10DIF using arm64 NEON and Crypto Extensions instructions // // Copyright (C) 2016 Linaro Ltd +// Copyright (C) 2019 Google LLC // // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License version 2 as // published by the Free Software Foundation. // +// Derived from the x86 version: // // Implement fast CRC-T10DIF computation with SSE and PCLMULQDQ instructions // @@ -54,19 +56,11 @@ // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS // SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. // -// Function API: -// UINT16 crc_t10dif_pcl( -// UINT16 init_crc, //initial CRC value, 16 bits -// const unsigned char *buf, //buffer pointer to calculate CRC on -// UINT64 len //buffer length in bytes (64-bit data) -// ); -// // Reference paper titled "Fast CRC Computation for Generic // Polynomials Using PCLMULQDQ Instruction" // URL: http://www.intel.com/content/dam/www/public/us/en/documents // /white-papers/fast-crc-computation-generic-polynomials-pclmulqdq-paper.pdf // -// #include #include @@ -74,14 +68,14 @@ .text .cpu generic+crypto - arg1_low32 .req w19 - arg2 .req x20 - arg3 .req x21 + init_crc .req w19 + buf .req x20 + len .req x21 + fold_consts_ptr .req x22 - vzr .req v13 + fold_consts .req v10 ad .req v14 - bd .req v10 k00_16 .req v15 k32_48 .req v16 @@ -143,11 +137,11 @@ __pmull_p8_core: ext t5.8b, ad.8b, ad.8b, #2 // A2 ext t6.8b, ad.8b, ad.8b, #3 // A3 - pmull t4.8h, t4.8b, bd.8b // F = A1*B + pmull t4.8h, t4.8b, fold_consts.8b // F = A1*B pmull t8.8h, ad.8b, bd1.8b // E = A*B1 - pmull t5.8h, t5.8b, bd.8b // H = A2*B + pmull t5.8h, t5.8b, fold_consts.8b // H = A2*B pmull t7.8h, ad.8b, bd2.8b // G = A*B2 - pmull t6.8h, t6.8b, bd.8b // J = A3*B + pmull t6.8h, t6.8b, fold_consts.8b // J = A3*B pmull t9.8h, ad.8b, bd3.8b // I = A*B3 pmull t3.8h, ad.8b, bd4.8b // K = A*B4 b 0f @@ -157,11 +151,11 @@ __pmull_p8_core: tbl t5.16b, {ad.16b}, perm2.16b // A2 tbl t6.16b, {ad.16b}, perm3.16b // A3 - pmull2 t4.8h, t4.16b, bd.16b // F = A1*B + pmull2 t4.8h, t4.16b, fold_consts.16b // F = A1*B pmull2 t8.8h, ad.16b, bd1.16b // E = A*B1 - pmull2 t5.8h, t5.16b, bd.16b // H = A2*B + pmull2 t5.8h, t5.16b, fold_consts.16b // H = A2*B pmull2 t7.8h, ad.16b, bd2.16b // G = A*B2 - pmull2 t6.8h, t6.16b, bd.16b // J = A3*B + pmull2 t6.8h, t6.16b, fold_consts.16b // J = A3*B pmull2 t9.8h, ad.16b, bd3.16b // I = A*B3 pmull2 t3.8h, ad.16b, bd4.16b // K = A*B4 @@ -203,14 +197,14 @@ __pmull_p8_core: ENDPROC(__pmull_p8_core) .macro __pmull_p8, rq, ad, bd, i - .ifnc \bd, v10 + .ifnc \bd, fold_consts .err .endif mov ad.16b, \ad\().16b .ifb \i - pmull \rq\().8h, \ad\().8b, bd.8b // D = A*B + pmull \rq\().8h, \ad\().8b, \bd\().8b // D = A*B .else - pmull2 \rq\().8h, \ad\().16b, bd.16b // D = A*B + pmull2 \rq\().8h, \ad\().16b, \bd\().16b // D = A*B .endif bl .L__pmull_p8_core\i @@ -219,17 +213,19 @@ ENDPROC(__pmull_p8_core) eor \rq\().16b, \rq\().16b, t6.16b .endm - .macro fold64, p, reg1, reg2 - ldp q11, q12, [arg2], #0x20 + // Fold reg1, reg2 into the next 32 data bytes, storing the result back + // into reg1, reg2. + .macro fold_32_bytes, p, reg1, reg2 + ldp q11, q12, [buf], #0x20 - __pmull_\p v8, \reg1, v10, 2 - __pmull_\p \reg1, \reg1, v10 + __pmull_\p v8, \reg1, fold_consts, 2 + __pmull_\p \reg1, \reg1, fold_consts CPU_LE( rev64 v11.16b, v11.16b ) CPU_LE( rev64 v12.16b, v12.16b ) - __pmull_\p v9, \reg2, v10, 2 - __pmull_\p \reg2, \reg2, v10 + __pmull_\p v9, \reg2, fold_consts, 2 + __pmull_\p \reg2, \reg2, fold_consts CPU_LE( ext v11.16b, v11.16b, v11.16b, #8 ) CPU_LE( ext v12.16b, v12.16b, v12.16b, #8 ) @@ -240,15 +236,16 @@ CPU_LE( ext v12.16b, v12.16b, v12.16b, #8 ) eor \reg2\().16b, \reg2\().16b, v12.16b .endm - .macro fold16, p, reg, rk - __pmull_\p v8, \reg, v10 - __pmull_\p \reg, \reg, v10, 2 - .ifnb \rk - ldr_l q10, \rk, x8 - __pmull_pre_\p v10 + // Fold src_reg into dst_reg, optionally loading the next fold constants + .macro fold_16_bytes, p, src_reg, dst_reg, load_next_consts + __pmull_\p v8, \src_reg, fold_consts + __pmull_\p \src_reg, \src_reg, fold_consts, 2 + .ifnb \load_next_consts + ld1 {fold_consts.2d}, [fold_consts_ptr], #16 + __pmull_pre_\p fold_consts .endif - eor v7.16b, v7.16b, v8.16b - eor v7.16b, v7.16b, \reg\().16b + eor \dst_reg\().16b, \dst_reg\().16b, v8.16b + eor \dst_reg\().16b, \dst_reg\().16b, \src_reg\().16b .endm .macro __pmull_p64, rd, rn, rm, n @@ -260,40 +257,27 @@ CPU_LE( ext v12.16b, v12.16b, v12.16b, #8 ) .endm .macro crc_t10dif_pmull, p - frame_push 3, 128 + frame_push 4, 128 - mov arg1_low32, w0 - mov arg2, x1 - mov arg3, x2 - - movi vzr.16b, #0 // init zero register + mov init_crc, w0 + mov buf, x1 + mov len, x2 __pmull_init_\p - // adjust the 16-bit initial_crc value, scale it to 32 bits - lsl arg1_low32, arg1_low32, #16 - - // check if smaller than 256 - cmp arg3, #256 - - // for sizes less than 128, we can't fold 64B at a time... - b.lt .L_less_than_128_\@ + // For sizes less than 256 bytes, we can't fold 128 bytes at a time. + cmp len, #256 + b.lt .Lless_than_256_bytes_\@ - // load the initial crc value - // crc value does not need to be byte-reflected, but it needs - // to be moved to the high part of the register. - // because data will be byte-reflected and will align with - // initial crc at correct place. - movi v10.16b, #0 - mov v10.s[3], arg1_low32 // initial crc - - // receive the initial 64B data, xor the initial crc value - ldp q0, q1, [arg2] - ldp q2, q3, [arg2, #0x20] - ldp q4, q5, [arg2, #0x40] - ldp q6, q7, [arg2, #0x60] - add arg2, arg2, #0x80 + adr_l fold_consts_ptr, .Lfold_across_128_bytes_consts + // Load the first 128 data bytes. Byte swapping is necessary to make + // the bit order match the polynomial coefficient order. + ldp q0, q1, [buf] + ldp q2, q3, [buf, #0x20] + ldp q4, q5, [buf, #0x40] + ldp q6, q7, [buf, #0x60] + add buf, buf, #0x80 CPU_LE( rev64 v0.16b, v0.16b ) CPU_LE( rev64 v1.16b, v1.16b ) CPU_LE( rev64 v2.16b, v2.16b ) @@ -302,7 +286,6 @@ CPU_LE( rev64 v4.16b, v4.16b ) CPU_LE( rev64 v5.16b, v5.16b ) CPU_LE( rev64 v6.16b, v6.16b ) CPU_LE( rev64 v7.16b, v7.16b ) - CPU_LE( ext v0.16b, v0.16b, v0.16b, #8 ) CPU_LE( ext v1.16b, v1.16b, v1.16b, #8 ) CPU_LE( ext v2.16b, v2.16b, v2.16b, #8 ) @@ -312,36 +295,29 @@ CPU_LE( ext v5.16b, v5.16b, v5.16b, #8 ) CPU_LE( ext v6.16b, v6.16b, v6.16b, #8 ) CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) - // XOR the initial_crc value - eor v0.16b, v0.16b, v10.16b - - ldr_l q10, rk3, x8 // xmm10 has rk3 and rk4 - // type of pmull instruction - // will determine which constant to use - __pmull_pre_\p v10 - - // - // we subtract 256 instead of 128 to save one instruction from the loop - // - sub arg3, arg3, #256 - - // at this section of the code, there is 64*x+y (0<=y<64) bytes of - // buffer. The _fold_64_B_loop will fold 64B at a time - // until we have 64+y Bytes of buffer + // XOR the first 16 data *bits* with the initial CRC value. + movi v8.16b, #0 + mov v8.h[7], init_crc + eor v0.16b, v0.16b, v8.16b - // fold 64B at a time. This section of the code folds 4 vector - // registers in parallel -.L_fold_64_B_loop_\@: + // Load the constants for folding across 128 bytes. + ld1 {fold_consts.2d}, [fold_consts_ptr] + __pmull_pre_\p fold_consts - fold64 \p, v0, v1 - fold64 \p, v2, v3 - fold64 \p, v4, v5 - fold64 \p, v6, v7 + // Subtract 128 for the 128 data bytes just consumed. Subtract another + // 128 to simplify the termination condition of the following loop. + sub len, len, #256 - subs arg3, arg3, #128 + // While >= 128 data bytes remain (not counting v0-v7), fold the 128 + // bytes v0-v7 into them, storing the result back into v0-v7. +.Lfold_128_bytes_loop_\@: + fold_32_bytes \p, v0, v1 + fold_32_bytes \p, v2, v3 + fold_32_bytes \p, v4, v5 + fold_32_bytes \p, v6, v7 - // check if there is another 64B in the buffer to be able to fold - b.lt .L_fold_64_B_end_\@ + subs len, len, #128 + b.lt .Lfold_128_bytes_loop_done_\@ if_will_cond_yield_neon stp q0, q1, [sp, #.Lframe_local_offset] @@ -353,217 +329,207 @@ CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) ldp q2, q3, [sp, #.Lframe_local_offset + 32] ldp q4, q5, [sp, #.Lframe_local_offset + 64] ldp q6, q7, [sp, #.Lframe_local_offset + 96] - ldr_l q10, rk3, x8 - movi vzr.16b, #0 // init zero register + ld1 {fold_consts.2d}, [fold_consts_ptr] __pmull_init_\p - __pmull_pre_\p v10 + __pmull_pre_\p fold_consts endif_yield_neon - b .L_fold_64_B_loop_\@ - -.L_fold_64_B_end_\@: - // at this point, the buffer pointer is pointing at the last y Bytes - // of the buffer the 64B of folded data is in 4 of the vector - // registers: v0, v1, v2, v3 - - // fold the 8 vector registers to 1 vector register with different - // constants - - ldr_l q10, rk9, x8 - __pmull_pre_\p v10 - - fold16 \p, v0, rk11 - fold16 \p, v1, rk13 - fold16 \p, v2, rk15 - fold16 \p, v3, rk17 - fold16 \p, v4, rk19 - fold16 \p, v5, rk1 - fold16 \p, v6 - - // instead of 64, we add 48 to the loop counter to save 1 instruction - // from the loop instead of a cmp instruction, we use the negative - // flag with the jl instruction - adds arg3, arg3, #(128-16) - b.lt .L_final_reduction_for_128_\@ - - // now we have 16+y bytes left to reduce. 16 Bytes is in register v7 - // and the rest is in memory. We can fold 16 bytes at a time if y>=16 - // continue folding 16B at a time - -.L_16B_reduction_loop_\@: - __pmull_\p v8, v7, v10 - __pmull_\p v7, v7, v10, 2 + b .Lfold_128_bytes_loop_\@ + +.Lfold_128_bytes_loop_done_\@: + + // Now fold the 112 bytes in v0-v6 into the 16 bytes in v7. + + // Fold across 64 bytes. + add fold_consts_ptr, fold_consts_ptr, #16 + ld1 {fold_consts.2d}, [fold_consts_ptr], #16 + __pmull_pre_\p fold_consts + fold_16_bytes \p, v0, v4 + fold_16_bytes \p, v1, v5 + fold_16_bytes \p, v2, v6 + fold_16_bytes \p, v3, v7, 1 + // Fold across 32 bytes. + fold_16_bytes \p, v4, v6 + fold_16_bytes \p, v5, v7, 1 + // Fold across 16 bytes. + fold_16_bytes \p, v6, v7 + + // Add 128 to get the correct number of data bytes remaining in 0...127 + // (not counting v7), following the previous extra subtraction by 128. + // Then subtract 16 to simplify the termination condition of the + // following loop. + adds len, len, #(128-16) + + // While >= 16 data bytes remain (not counting v7), fold the 16 bytes v7 + // into them, storing the result back into v7. + b.lt .Lfold_16_bytes_loop_done_\@ +.Lfold_16_bytes_loop_\@: + __pmull_\p v8, v7, fold_consts + __pmull_\p v7, v7, fold_consts, 2 eor v7.16b, v7.16b, v8.16b - - ldr q0, [arg2], #16 + ldr q0, [buf], #16 CPU_LE( rev64 v0.16b, v0.16b ) CPU_LE( ext v0.16b, v0.16b, v0.16b, #8 ) eor v7.16b, v7.16b, v0.16b - subs arg3, arg3, #16 - - // instead of a cmp instruction, we utilize the flags with the - // jge instruction equivalent of: cmp arg3, 16-16 - // check if there is any more 16B in the buffer to be able to fold - b.ge .L_16B_reduction_loop_\@ - - // now we have 16+z bytes left to reduce, where 0<= z < 16. - // first, we reduce the data in the xmm7 register - -.L_final_reduction_for_128_\@: - // check if any more data to fold. If not, compute the CRC of - // the final 128 bits - adds arg3, arg3, #16 - b.eq .L_128_done_\@ - - // here we are getting data that is less than 16 bytes. - // since we know that there was data before the pointer, we can - // offset the input pointer before the actual point, to receive - // exactly 16 bytes. after that the registers need to be adjusted. -.L_get_last_two_regs_\@: - add arg2, arg2, arg3 - ldr q1, [arg2, #-16] -CPU_LE( rev64 v1.16b, v1.16b ) -CPU_LE( ext v1.16b, v1.16b, v1.16b, #8 ) - - // get rid of the extra data that was loaded before - // load the shift constant - adr_l x4, tbl_shf_table + 16 - sub x4, x4, arg3 - ld1 {v0.16b}, [x4] - - // shift v2 to the left by arg3 bytes - tbl v2.16b, {v7.16b}, v0.16b - - // shift v7 to the right by 16-arg3 bytes - movi v9.16b, #0x80 - eor v0.16b, v0.16b, v9.16b - tbl v7.16b, {v7.16b}, v0.16b - - // blend - sshr v0.16b, v0.16b, #7 // convert to 8-bit mask - bsl v0.16b, v2.16b, v1.16b - - // fold 16 Bytes - __pmull_\p v8, v7, v10 - __pmull_\p v7, v7, v10, 2 - eor v7.16b, v7.16b, v8.16b - eor v7.16b, v7.16b, v0.16b + subs len, len, #16 + b.ge .Lfold_16_bytes_loop_\@ + +.Lfold_16_bytes_loop_done_\@: + // Add 16 to get the correct number of data bytes remaining in 0...15 + // (not counting v7), following the previous extra subtraction by 16. + adds len, len, #16 + b.eq .Lreduce_final_16_bytes_\@ + +.Lhandle_partial_segment_\@: + // Reduce the last '16 + len' bytes where 1 <= len <= 15 and the first + // 16 bytes are in v7 and the rest are the remaining data in 'buf'. To + // do this without needing a fold constant for each possible 'len', + // redivide the bytes into a first chunk of 'len' bytes and a second + // chunk of 16 bytes, then fold the first chunk into the second. + + // v0 = last 16 original data bytes + add buf, buf, len + ldr q0, [buf, #-16] +CPU_LE( rev64 v0.16b, v0.16b ) +CPU_LE( ext v0.16b, v0.16b, v0.16b, #8 ) -.L_128_done_\@: - // compute crc of a 128-bit value - ldr_l q10, rk5, x8 // rk5 and rk6 in xmm10 - __pmull_pre_\p v10 + // v1 = high order part of second chunk: v7 left-shifted by 'len' bytes. + adr_l x4, .Lbyteshift_table + 16 + sub x4, x4, len + ld1 {v2.16b}, [x4] + tbl v1.16b, {v7.16b}, v2.16b - // 64b fold - ext v0.16b, vzr.16b, v7.16b, #8 - mov v7.d[0], v7.d[1] - __pmull_\p v7, v7, v10 - eor v7.16b, v7.16b, v0.16b + // v3 = first chunk: v7 right-shifted by '16-len' bytes. + movi v3.16b, #0x80 + eor v2.16b, v2.16b, v3.16b + tbl v3.16b, {v7.16b}, v2.16b - // 32b fold - ext v0.16b, v7.16b, vzr.16b, #4 - mov v7.s[3], vzr.s[0] - __pmull_\p v0, v0, v10, 2 - eor v7.16b, v7.16b, v0.16b + // Convert to 8-bit masks: 'len' 0x00 bytes, then '16-len' 0xff bytes. + sshr v2.16b, v2.16b, #7 - // barrett reduction - ldr_l q10, rk7, x8 - __pmull_pre_\p v10 - mov v0.d[0], v7.d[1] + // v2 = second chunk: 'len' bytes from v0 (low-order bytes), + // then '16-len' bytes from v1 (high-order bytes). + bsl v2.16b, v1.16b, v0.16b - __pmull_\p v0, v0, v10 - ext v0.16b, vzr.16b, v0.16b, #12 - __pmull_\p v0, v0, v10, 2 - ext v0.16b, vzr.16b, v0.16b, #12 + // Fold the first chunk into the second chunk, storing the result in v7. + __pmull_\p v0, v3, fold_consts + __pmull_\p v7, v3, fold_consts, 2 eor v7.16b, v7.16b, v0.16b - mov w0, v7.s[1] - -.L_cleanup_\@: - // scale the result back to 16 bits - lsr x0, x0, #16 + eor v7.16b, v7.16b, v2.16b + +.Lreduce_final_16_bytes_\@: + // Reduce the 128-bit value M(x), stored in v7, to the final 16-bit CRC. + + movi v2.16b, #0 // init zero register + + // Load 'x^48 * (x^48 mod G(x))' and 'x^48 * (x^80 mod G(x))'. + ld1 {fold_consts.2d}, [fold_consts_ptr], #16 + __pmull_pre_\p fold_consts + + // Fold the high 64 bits into the low 64 bits, while also multiplying by + // x^64. This produces a 128-bit value congruent to x^64 * M(x) and + // whose low 48 bits are 0. + ext v0.16b, v2.16b, v7.16b, #8 + __pmull_\p v7, v7, fold_consts, 2 // high bits * x^48 * (x^80 mod G(x)) + eor v0.16b, v0.16b, v7.16b // + low bits * x^64 + + // Fold the high 32 bits into the low 96 bits. This produces a 96-bit + // value congruent to x^64 * M(x) and whose low 48 bits are 0. + ext v1.16b, v0.16b, v2.16b, #12 // extract high 32 bits + mov v0.s[3], v2.s[0] // zero high 32 bits + __pmull_\p v1, v1, fold_consts // high 32 bits * x^48 * (x^48 mod G(x)) + eor v0.16b, v0.16b, v1.16b // + low bits + + // Load G(x) and floor(x^48 / G(x)). + ld1 {fold_consts.2d}, [fold_consts_ptr] + __pmull_pre_\p fold_consts + + // Use Barrett reduction to compute the final CRC value. + __pmull_\p v1, v0, fold_consts, 2 // high 32 bits * floor(x^48 / G(x)) + ushr v1.2d, v1.2d, #32 // /= x^32 + __pmull_\p v1, v1, fold_consts // *= G(x) + ushr v0.2d, v0.2d, #48 + eor v0.16b, v0.16b, v1.16b // + low 16 nonzero bits + // Final CRC value (x^16 * M(x)) mod G(x) is in low 16 bits of v0. + + umov w0, v0.h[0] frame_pop ret -.L_less_than_128_\@: - cbz arg3, .L_cleanup_\@ +.Lless_than_256_bytes_\@: + // Checksumming a buffer of length 16...255 bytes - movi v0.16b, #0 - mov v0.s[3], arg1_low32 // get the initial crc value + adr_l fold_consts_ptr, .Lfold_across_16_bytes_consts - ldr q7, [arg2], #0x10 + // Load the first 16 data bytes. + ldr q7, [buf], #0x10 CPU_LE( rev64 v7.16b, v7.16b ) CPU_LE( ext v7.16b, v7.16b, v7.16b, #8 ) - eor v7.16b, v7.16b, v0.16b // xor the initial crc value - - cmp arg3, #16 - b.eq .L_128_done_\@ // exactly 16 left - ldr_l q10, rk1, x8 // rk1 and rk2 in xmm10 - __pmull_pre_\p v10 + // XOR the first 16 data *bits* with the initial CRC value. + movi v0.16b, #0 + mov v0.h[7], init_crc + eor v7.16b, v7.16b, v0.16b - // update the counter. subtract 32 instead of 16 to save one - // instruction from the loop - subs arg3, arg3, #32 - b.ge .L_16B_reduction_loop_\@ + // Load the fold-across-16-bytes constants. + ld1 {fold_consts.2d}, [fold_consts_ptr], #16 + __pmull_pre_\p fold_consts - add arg3, arg3, #16 - b .L_get_last_two_regs_\@ + cmp len, #16 + b.eq .Lreduce_final_16_bytes_\@ // len == 16 + subs len, len, #32 + b.ge .Lfold_16_bytes_loop_\@ // 32 <= len <= 255 + add len, len, #16 + b .Lhandle_partial_segment_\@ // 17 <= len <= 31 .endm +// +// u16 crc_t10dif_pmull_p8(u16 init_crc, const u8 *buf, size_t len); +// +// Assumes len >= 16. +// ENTRY(crc_t10dif_pmull_p8) crc_t10dif_pmull p8 ENDPROC(crc_t10dif_pmull_p8) .align 5 +// +// u16 crc_t10dif_pmull_p64(u16 init_crc, const u8 *buf, size_t len); +// +// Assumes len >= 16. +// ENTRY(crc_t10dif_pmull_p64) crc_t10dif_pmull p64 ENDPROC(crc_t10dif_pmull_p64) -// precomputed constants -// these constants are precomputed from the poly: -// 0x8bb70000 (0x8bb7 scaled to 32 bits) .section ".rodata", "a" .align 4 -// Q = 0x18BB70000 -// rk1 = 2^(32*3) mod Q << 32 -// rk2 = 2^(32*5) mod Q << 32 -// rk3 = 2^(32*15) mod Q << 32 -// rk4 = 2^(32*17) mod Q << 32 -// rk5 = 2^(32*3) mod Q << 32 -// rk6 = 2^(32*2) mod Q << 32 -// rk7 = floor(2^64/Q) -// rk8 = Q - -rk1: .octa 0x06df0000000000002d56000000000000 -rk3: .octa 0x7cf50000000000009d9d000000000000 -rk5: .octa 0x13680000000000002d56000000000000 -rk7: .octa 0x000000018bb7000000000001f65a57f8 -rk9: .octa 0xbfd6000000000000ceae000000000000 -rk11: .octa 0x713c0000000000001e16000000000000 -rk13: .octa 0x80a6000000000000f7f9000000000000 -rk15: .octa 0xe658000000000000044c000000000000 -rk17: .octa 0xa497000000000000ad18000000000000 -rk19: .octa 0xe7b50000000000006ee3000000000000 - -tbl_shf_table: -// use these values for shift constants for the tbl/tbx instruction -// different alignments result in values as shown: -// DDQ 0x008f8e8d8c8b8a898887868584838281 # shl 15 (16-1) / shr1 -// DDQ 0x01008f8e8d8c8b8a8988878685848382 # shl 14 (16-3) / shr2 -// DDQ 0x0201008f8e8d8c8b8a89888786858483 # shl 13 (16-4) / shr3 -// DDQ 0x030201008f8e8d8c8b8a898887868584 # shl 12 (16-4) / shr4 -// DDQ 0x04030201008f8e8d8c8b8a8988878685 # shl 11 (16-5) / shr5 -// DDQ 0x0504030201008f8e8d8c8b8a89888786 # shl 10 (16-6) / shr6 -// DDQ 0x060504030201008f8e8d8c8b8a898887 # shl 9 (16-7) / shr7 -// DDQ 0x07060504030201008f8e8d8c8b8a8988 # shl 8 (16-8) / shr8 -// DDQ 0x0807060504030201008f8e8d8c8b8a89 # shl 7 (16-9) / shr9 -// DDQ 0x090807060504030201008f8e8d8c8b8a # shl 6 (16-10) / shr10 -// DDQ 0x0a090807060504030201008f8e8d8c8b # shl 5 (16-11) / shr11 -// DDQ 0x0b0a090807060504030201008f8e8d8c # shl 4 (16-12) / shr12 -// DDQ 0x0c0b0a090807060504030201008f8e8d # shl 3 (16-13) / shr13 -// DDQ 0x0d0c0b0a090807060504030201008f8e # shl 2 (16-14) / shr14 -// DDQ 0x0e0d0c0b0a090807060504030201008f # shl 1 (16-15) / shr15 +// Fold constants precomputed from the polynomial 0x18bb7 +// G(x) = x^16 + x^15 + x^11 + x^9 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + x^0 +.Lfold_across_128_bytes_consts: + .quad 0x0000000000006123 // x^(8*128) mod G(x) + .quad 0x0000000000002295 // x^(8*128+64) mod G(x) +// .Lfold_across_64_bytes_consts: + .quad 0x0000000000001069 // x^(4*128) mod G(x) + .quad 0x000000000000dd31 // x^(4*128+64) mod G(x) +// .Lfold_across_32_bytes_consts: + .quad 0x000000000000857d // x^(2*128) mod G(x) + .quad 0x0000000000007acc // x^(2*128+64) mod G(x) +.Lfold_across_16_bytes_consts: + .quad 0x000000000000a010 // x^(1*128) mod G(x) + .quad 0x0000000000001faa // x^(1*128+64) mod G(x) +// .Lfinal_fold_consts: + .quad 0x1368000000000000 // x^48 * (x^48 mod G(x)) + .quad 0x2d56000000000000 // x^48 * (x^80 mod G(x)) +// .Lbarrett_reduction_consts: + .quad 0x0000000000018bb7 // G(x) + .quad 0x00000001f65a57f8 // floor(x^48 / G(x)) + +// For 1 <= len <= 15, the 16-byte vector beginning at &byteshift_table[16 - +// len] is the index vector to shift left by 'len' bytes, and is also {0x80, +// ..., 0x80} XOR the index vector to shift right by '16 - len' bytes. +.Lbyteshift_table: .byte 0x0, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87 .byte 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f .byte 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7 diff --git a/arch/arm64/crypto/crct10dif-ce-glue.c b/arch/arm64/crypto/crct10dif-ce-glue.c index 242757cc6da9..dd325829ee44 100644 --- a/arch/arm64/crypto/crct10dif-ce-glue.c +++ b/arch/arm64/crypto/crct10dif-ce-glue.c @@ -22,8 +22,8 @@ #define CRC_T10DIF_PMULL_CHUNK_SIZE 16U -asmlinkage u16 crc_t10dif_pmull_p64(u16 init_crc, const u8 buf[], u64 len); -asmlinkage u16 crc_t10dif_pmull_p8(u16 init_crc, const u8 buf[], u64 len); +asmlinkage u16 crc_t10dif_pmull_p8(u16 init_crc, const u8 *buf, size_t len); +asmlinkage u16 crc_t10dif_pmull_p64(u16 init_crc, const u8 *buf, size_t len); static int crct10dif_init(struct shash_desc *desc) { -- cgit From 42e95d1f10dcf8b18b1d7f52f7068985b3dc5b79 Mon Sep 17 00:00:00 2001 From: Pankaj Gupta Date: Fri, 1 Feb 2019 07:18:20 +0000 Subject: crypto: caam - fixed handling of sg list when the source sg contains more than 1 fragment and destination sg contains 1 fragment, the caam driver mishandle the buffers to be sent to caam. Fixes: f2147b88b2b1 ("crypto: caam - Convert GCM to new AEAD interface") Cc: # 4.2+ Signed-off-by: Pankaj Gupta Signed-off-by: Arun Pathak Reviewed-by: Horia Geanta Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 0a4469fcd192..a9ff2e19f9d5 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -1043,6 +1043,7 @@ static void init_aead_job(struct aead_request *req, dst_dma = 0; } else if (edesc->dst_nents == 1) { dst_dma = sg_dma_address(req->dst); + out_options = 0; } else { dst_dma = edesc->sec4_sg_dma + sec4_sg_index * -- cgit From 0f533e67d26f228ea5dfdacc8a4bdeb487af5208 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:36 -0800 Subject: crypto: aegis - fix handling chunked inputs The generic AEGIS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Fix them. Fixes: f606a88e5823 ("crypto: aegis - Add generic AEGIS AEAD implementations") Cc: # v4.18+ Cc: Ondrej Mosnacek Signed-off-by: Eric Biggers Reviewed-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- crypto/aegis128.c | 14 +++++++------- crypto/aegis128l.c | 14 +++++++------- crypto/aegis256.c | 14 +++++++------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/crypto/aegis128.c b/crypto/aegis128.c index 96e078a8a00a..3718a8341303 100644 --- a/crypto/aegis128.c +++ b/crypto/aegis128.c @@ -286,19 +286,19 @@ static void crypto_aegis128_process_crypt(struct aegis_state *state, const struct aegis128_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/aegis128l.c b/crypto/aegis128l.c index a210e779b911..275a8616d71b 100644 --- a/crypto/aegis128l.c +++ b/crypto/aegis128l.c @@ -349,19 +349,19 @@ static void crypto_aegis128l_process_crypt(struct aegis_state *state, const struct aegis128l_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/aegis256.c b/crypto/aegis256.c index 49882a28e93e..ecd6b7f34a2d 100644 --- a/crypto/aegis256.c +++ b/crypto/aegis256.c @@ -299,19 +299,19 @@ static void crypto_aegis256_process_crypt(struct aegis_state *state, const struct aegis256_ops *ops) { struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, chunksize); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } -- cgit From d644f1c8746ed24f81075480f9e9cb3777ae8d65 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:37 -0800 Subject: crypto: morus - fix handling chunked inputs The generic MORUS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Fix them. Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Cc: # v4.18+ Cc: Ondrej Mosnacek Signed-off-by: Eric Biggers Reviewed-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- crypto/morus1280.c | 13 +++++++------ crypto/morus640.c | 13 +++++++------ 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/crypto/morus1280.c b/crypto/morus1280.c index 78ba09db7328..0747732d5b78 100644 --- a/crypto/morus1280.c +++ b/crypto/morus1280.c @@ -362,18 +362,19 @@ static void crypto_morus1280_process_crypt(struct morus1280_state *state, const struct morus1280_ops *ops) { struct skcipher_walk walk; - u8 *dst; - const u8 *src; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, walk.nbytes); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } diff --git a/crypto/morus640.c b/crypto/morus640.c index 5cf530139b27..1617a1eb8be1 100644 --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -361,18 +361,19 @@ static void crypto_morus640_process_crypt(struct morus640_state *state, const struct morus640_ops *ops) { struct skcipher_walk walk; - u8 *dst; - const u8 *src; ops->skcipher_walk_init(&walk, req, false); while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; + unsigned int nbytes = walk.nbytes; - ops->crypt_chunk(state, dst, src, walk.nbytes); + if (nbytes < walk.total) + nbytes = round_down(nbytes, walk.stride); - skcipher_walk_done(&walk, 0); + ops->crypt_chunk(state, walk.dst.virt.addr, walk.src.virt.addr, + nbytes); + + skcipher_walk_done(&walk, walk.nbytes - nbytes); } } -- cgit From ba6771c0a0bc2fac9d6a8759bab8493bd1cffe3b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:38 -0800 Subject: crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP The x86 AEGIS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Also, when the CRYPTO_TFM_REQ_MAY_SLEEP flag is given, they can incorrectly sleep in the skcipher_walk_*() functions while preemption has been disabled by kernel_fpu_begin(). Fix these bugs. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: # v4.18+ Cc: Ondrej Mosnacek Signed-off-by: Eric Biggers Reviewed-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- arch/x86/crypto/aegis128-aesni-glue.c | 38 ++++++++++++++-------------------- arch/x86/crypto/aegis128l-aesni-glue.c | 38 ++++++++++++++-------------------- arch/x86/crypto/aegis256-aesni-glue.c | 38 ++++++++++++++-------------------- 3 files changed, 45 insertions(+), 69 deletions(-) diff --git a/arch/x86/crypto/aegis128-aesni-glue.c b/arch/x86/crypto/aegis128-aesni-glue.c index 2a356b948720..3ea71b871813 100644 --- a/arch/x86/crypto/aegis128-aesni-glue.c +++ b/arch/x86/crypto/aegis128-aesni-glue.c @@ -119,31 +119,20 @@ static void crypto_aegis128_aesni_process_ad( } static void crypto_aegis128_aesni_process_crypt( - struct aegis_state *state, struct aead_request *req, + struct aegis_state *state, struct skcipher_walk *walk, const struct aegis_crypt_ops *ops) { - struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize, base; - - ops->skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops->crypt_blocks(state, chunksize, src, dst); - - base = chunksize & ~(AEGIS128_BLOCK_SIZE - 1); - src += base; - dst += base; - chunksize &= AEGIS128_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops->crypt_tail(state, chunksize, src, dst); + while (walk->nbytes >= AEGIS128_BLOCK_SIZE) { + ops->crypt_blocks(state, + round_down(walk->nbytes, AEGIS128_BLOCK_SIZE), + walk->src.virt.addr, walk->dst.virt.addr); + skcipher_walk_done(walk, walk->nbytes % AEGIS128_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops->crypt_tail(state, walk->nbytes, walk->src.virt.addr, + walk->dst.virt.addr); + skcipher_walk_done(walk, 0); } } @@ -186,13 +175,16 @@ static void crypto_aegis128_aesni_crypt(struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis128_aesni_ctx(tfm); + struct skcipher_walk walk; struct aegis_state state; + ops->skcipher_walk_init(&walk, req, true); + kernel_fpu_begin(); crypto_aegis128_aesni_init(&state, ctx->key.bytes, req->iv); crypto_aegis128_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128_aesni_process_crypt(&state, req, ops); + crypto_aegis128_aesni_process_crypt(&state, &walk, ops); crypto_aegis128_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); diff --git a/arch/x86/crypto/aegis128l-aesni-glue.c b/arch/x86/crypto/aegis128l-aesni-glue.c index dbe8bb980da1..1b1b39c66c5e 100644 --- a/arch/x86/crypto/aegis128l-aesni-glue.c +++ b/arch/x86/crypto/aegis128l-aesni-glue.c @@ -119,31 +119,20 @@ static void crypto_aegis128l_aesni_process_ad( } static void crypto_aegis128l_aesni_process_crypt( - struct aegis_state *state, struct aead_request *req, + struct aegis_state *state, struct skcipher_walk *walk, const struct aegis_crypt_ops *ops) { - struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize, base; - - ops->skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops->crypt_blocks(state, chunksize, src, dst); - - base = chunksize & ~(AEGIS128L_BLOCK_SIZE - 1); - src += base; - dst += base; - chunksize &= AEGIS128L_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops->crypt_tail(state, chunksize, src, dst); + while (walk->nbytes >= AEGIS128L_BLOCK_SIZE) { + ops->crypt_blocks(state, round_down(walk->nbytes, + AEGIS128L_BLOCK_SIZE), + walk->src.virt.addr, walk->dst.virt.addr); + skcipher_walk_done(walk, walk->nbytes % AEGIS128L_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops->crypt_tail(state, walk->nbytes, walk->src.virt.addr, + walk->dst.virt.addr); + skcipher_walk_done(walk, 0); } } @@ -186,13 +175,16 @@ static void crypto_aegis128l_aesni_crypt(struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis128l_aesni_ctx(tfm); + struct skcipher_walk walk; struct aegis_state state; + ops->skcipher_walk_init(&walk, req, true); + kernel_fpu_begin(); crypto_aegis128l_aesni_init(&state, ctx->key.bytes, req->iv); crypto_aegis128l_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis128l_aesni_process_crypt(&state, req, ops); + crypto_aegis128l_aesni_process_crypt(&state, &walk, ops); crypto_aegis128l_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); diff --git a/arch/x86/crypto/aegis256-aesni-glue.c b/arch/x86/crypto/aegis256-aesni-glue.c index 8bebda2de92f..6227ca3220a0 100644 --- a/arch/x86/crypto/aegis256-aesni-glue.c +++ b/arch/x86/crypto/aegis256-aesni-glue.c @@ -119,31 +119,20 @@ static void crypto_aegis256_aesni_process_ad( } static void crypto_aegis256_aesni_process_crypt( - struct aegis_state *state, struct aead_request *req, + struct aegis_state *state, struct skcipher_walk *walk, const struct aegis_crypt_ops *ops) { - struct skcipher_walk walk; - u8 *src, *dst; - unsigned int chunksize, base; - - ops->skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - src = walk.src.virt.addr; - dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops->crypt_blocks(state, chunksize, src, dst); - - base = chunksize & ~(AEGIS256_BLOCK_SIZE - 1); - src += base; - dst += base; - chunksize &= AEGIS256_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops->crypt_tail(state, chunksize, src, dst); + while (walk->nbytes >= AEGIS256_BLOCK_SIZE) { + ops->crypt_blocks(state, + round_down(walk->nbytes, AEGIS256_BLOCK_SIZE), + walk->src.virt.addr, walk->dst.virt.addr); + skcipher_walk_done(walk, walk->nbytes % AEGIS256_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops->crypt_tail(state, walk->nbytes, walk->src.virt.addr, + walk->dst.virt.addr); + skcipher_walk_done(walk, 0); } } @@ -186,13 +175,16 @@ static void crypto_aegis256_aesni_crypt(struct aead_request *req, { struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct aegis_ctx *ctx = crypto_aegis256_aesni_ctx(tfm); + struct skcipher_walk walk; struct aegis_state state; + ops->skcipher_walk_init(&walk, req, true); + kernel_fpu_begin(); crypto_aegis256_aesni_init(&state, ctx->key, req->iv); crypto_aegis256_aesni_process_ad(&state, req->src, req->assoclen); - crypto_aegis256_aesni_process_crypt(&state, req, ops); + crypto_aegis256_aesni_process_crypt(&state, &walk, ops); crypto_aegis256_aesni_final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); -- cgit From 2060e284e9595fc3baed6e035903c05b93266555 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:39 -0800 Subject: crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP The x86 MORUS implementations all fail the improved AEAD tests because they produce the wrong result with some data layouts. The issue is that they assume that if the skcipher_walk API gives 'nbytes' not aligned to the walksize (a.k.a. walk.stride), then it is the end of the data. In fact, this can happen before the end. Also, when the CRYPTO_TFM_REQ_MAY_SLEEP flag is given, they can incorrectly sleep in the skcipher_walk_*() functions while preemption has been disabled by kernel_fpu_begin(). Fix these bugs. Fixes: 56e8e57fc3a7 ("crypto: morus - Add common SIMD glue code for MORUS") Cc: # v4.18+ Cc: Ondrej Mosnacek Signed-off-by: Eric Biggers Reviewed-by: Ondrej Mosnacek Signed-off-by: Herbert Xu --- arch/x86/crypto/morus1280_glue.c | 40 ++++++++++++++++------------------------ arch/x86/crypto/morus640_glue.c | 39 +++++++++++++++------------------------ 2 files changed, 31 insertions(+), 48 deletions(-) diff --git a/arch/x86/crypto/morus1280_glue.c b/arch/x86/crypto/morus1280_glue.c index 0dccdda1eb3a..7e600f8bcdad 100644 --- a/arch/x86/crypto/morus1280_glue.c +++ b/arch/x86/crypto/morus1280_glue.c @@ -85,31 +85,20 @@ static void crypto_morus1280_glue_process_ad( static void crypto_morus1280_glue_process_crypt(struct morus1280_state *state, struct morus1280_ops ops, - struct aead_request *req) + struct skcipher_walk *walk) { - struct skcipher_walk walk; - u8 *cursor_src, *cursor_dst; - unsigned int chunksize, base; - - ops.skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - cursor_src = walk.src.virt.addr; - cursor_dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops.crypt_blocks(state, cursor_src, cursor_dst, chunksize); - - base = chunksize & ~(MORUS1280_BLOCK_SIZE - 1); - cursor_src += base; - cursor_dst += base; - chunksize &= MORUS1280_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops.crypt_tail(state, cursor_src, cursor_dst, - chunksize); + while (walk->nbytes >= MORUS1280_BLOCK_SIZE) { + ops.crypt_blocks(state, walk->src.virt.addr, + walk->dst.virt.addr, + round_down(walk->nbytes, + MORUS1280_BLOCK_SIZE)); + skcipher_walk_done(walk, walk->nbytes % MORUS1280_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr, + walk->nbytes); + skcipher_walk_done(walk, 0); } } @@ -147,12 +136,15 @@ static void crypto_morus1280_glue_crypt(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct morus1280_ctx *ctx = crypto_aead_ctx(tfm); struct morus1280_state state; + struct skcipher_walk walk; + + ops.skcipher_walk_init(&walk, req, true); kernel_fpu_begin(); ctx->ops->init(&state, &ctx->key, req->iv); crypto_morus1280_glue_process_ad(&state, ctx->ops, req->src, req->assoclen); - crypto_morus1280_glue_process_crypt(&state, ops, req); + crypto_morus1280_glue_process_crypt(&state, ops, &walk); ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); diff --git a/arch/x86/crypto/morus640_glue.c b/arch/x86/crypto/morus640_glue.c index 7b58fe4d9bd1..cb3a81732016 100644 --- a/arch/x86/crypto/morus640_glue.c +++ b/arch/x86/crypto/morus640_glue.c @@ -85,31 +85,19 @@ static void crypto_morus640_glue_process_ad( static void crypto_morus640_glue_process_crypt(struct morus640_state *state, struct morus640_ops ops, - struct aead_request *req) + struct skcipher_walk *walk) { - struct skcipher_walk walk; - u8 *cursor_src, *cursor_dst; - unsigned int chunksize, base; - - ops.skcipher_walk_init(&walk, req, false); - - while (walk.nbytes) { - cursor_src = walk.src.virt.addr; - cursor_dst = walk.dst.virt.addr; - chunksize = walk.nbytes; - - ops.crypt_blocks(state, cursor_src, cursor_dst, chunksize); - - base = chunksize & ~(MORUS640_BLOCK_SIZE - 1); - cursor_src += base; - cursor_dst += base; - chunksize &= MORUS640_BLOCK_SIZE - 1; - - if (chunksize > 0) - ops.crypt_tail(state, cursor_src, cursor_dst, - chunksize); + while (walk->nbytes >= MORUS640_BLOCK_SIZE) { + ops.crypt_blocks(state, walk->src.virt.addr, + walk->dst.virt.addr, + round_down(walk->nbytes, MORUS640_BLOCK_SIZE)); + skcipher_walk_done(walk, walk->nbytes % MORUS640_BLOCK_SIZE); + } - skcipher_walk_done(&walk, 0); + if (walk->nbytes) { + ops.crypt_tail(state, walk->src.virt.addr, walk->dst.virt.addr, + walk->nbytes); + skcipher_walk_done(walk, 0); } } @@ -143,12 +131,15 @@ static void crypto_morus640_glue_crypt(struct aead_request *req, struct crypto_aead *tfm = crypto_aead_reqtfm(req); struct morus640_ctx *ctx = crypto_aead_ctx(tfm); struct morus640_state state; + struct skcipher_walk walk; + + ops.skcipher_walk_init(&walk, req, true); kernel_fpu_begin(); ctx->ops->init(&state, &ctx->key, req->iv); crypto_morus640_glue_process_ad(&state, ctx->ops, req->src, req->assoclen); - crypto_morus640_glue_process_crypt(&state, ops, req); + crypto_morus640_glue_process_crypt(&state, ops, &walk); ctx->ops->final(&state, tag_xor, req->assoclen, cryptlen); kernel_fpu_end(); -- cgit From 3af349639597fea582a93604734d717e59a0e223 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:40 -0800 Subject: crypto: x86/aesni-gcm - fix crash on empty plaintext gcmaes_crypt_by_sg() dereferences the NULL pointer returned by scatterwalk_ffwd() when encrypting an empty plaintext and the source scatterlist ends immediately after the associated data. Fix it by only fast-forwarding to the src/dst data scatterlists if the data length is nonzero. This bug is reproduced by the "rfc4543(gcm(aes))" test vectors when run with the new AEAD test manager. Fixes: e845520707f8 ("crypto: aesni - Update aesni-intel_glue to use scatter/gather") Cc: # v4.17+ Cc: Dave Watson Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/x86/crypto/aesni-intel_glue.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index 9b5ccde3ef31..1e3d2102033a 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -813,11 +813,14 @@ static int gcmaes_crypt_by_sg(bool enc, struct aead_request *req, scatterwalk_map_and_copy(assoc, req->src, 0, assoclen, 0); } - src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen); - scatterwalk_start(&src_sg_walk, src_sg); - if (req->src != req->dst) { - dst_sg = scatterwalk_ffwd(dst_start, req->dst, req->assoclen); - scatterwalk_start(&dst_sg_walk, dst_sg); + if (left) { + src_sg = scatterwalk_ffwd(src_start, req->src, req->assoclen); + scatterwalk_start(&src_sg_walk, src_sg); + if (req->src != req->dst) { + dst_sg = scatterwalk_ffwd(dst_start, req->dst, + req->assoclen); + scatterwalk_start(&dst_sg_walk, dst_sg); + } } kernel_fpu_begin(); -- cgit From 77568e535af7c4f97eaef1e555bf0af83772456c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:41 -0800 Subject: crypto: ahash - fix another early termination in hash walk Hash algorithms with an alignmask set, e.g. "xcbc(aes-aesni)" and "michael_mic", fail the improved hash tests because they sometimes produce the wrong digest. The bug is that in the case where a scatterlist element crosses pages, not all the data is actually hashed because the scatterlist walk terminates too early. This happens because the 'nbytes' variable in crypto_hash_walk_done() is assigned the number of bytes remaining in the page, then later interpreted as the number of bytes remaining in the scatterlist element. Fix it. Fixes: 900a081f6912 ("crypto: ahash - Fix early termination in hash walk") Cc: stable@vger.kernel.org Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/ahash.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/crypto/ahash.c b/crypto/ahash.c index ca0d3e281fef..81e2767e2164 100644 --- a/crypto/ahash.c +++ b/crypto/ahash.c @@ -86,17 +86,17 @@ static int hash_walk_new_entry(struct crypto_hash_walk *walk) int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err) { unsigned int alignmask = walk->alignmask; - unsigned int nbytes = walk->entrylen; walk->data -= walk->offset; - if (nbytes && walk->offset & alignmask && !err) { - walk->offset = ALIGN(walk->offset, alignmask + 1); - nbytes = min(nbytes, - ((unsigned int)(PAGE_SIZE)) - walk->offset); - walk->entrylen -= nbytes; + if (walk->entrylen && (walk->offset & alignmask) && !err) { + unsigned int nbytes; + walk->offset = ALIGN(walk->offset, alignmask + 1); + nbytes = min(walk->entrylen, + (unsigned int)(PAGE_SIZE - walk->offset)); if (nbytes) { + walk->entrylen -= nbytes; walk->data += walk->offset; return nbytes; } @@ -116,7 +116,7 @@ int crypto_hash_walk_done(struct crypto_hash_walk *walk, int err) if (err) return err; - if (nbytes) { + if (walk->entrylen) { walk->offset = 0; walk->pg++; return hash_walk_next(walk); -- cgit From 12455e320e19e9cc7ad97f4ab89c280fe297387c Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:42 -0800 Subject: crypto: arm64/aes-neonbs - fix returning final keystream block The arm64 NEON bit-sliced implementation of AES-CTR fails the improved skcipher tests because it sometimes produces the wrong ciphertext. The bug is that the final keystream block isn't returned from the assembly code when the number of non-final blocks is zero. This can happen if the input data ends a few bytes after a page boundary. In this case the last bytes get "encrypted" by XOR'ing them with uninitialized memory. Fix the assembly code to return the final keystream block when needed. Fixes: 88a3f582bea9 ("crypto: arm64/aes - don't use IV buffer to return final keystream block") Cc: # v4.11+ Reviewed-by: Ard Biesheuvel Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/arm64/crypto/aes-neonbs-core.S | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/arch/arm64/crypto/aes-neonbs-core.S b/arch/arm64/crypto/aes-neonbs-core.S index e613a87f8b53..8432c8d0dea6 100644 --- a/arch/arm64/crypto/aes-neonbs-core.S +++ b/arch/arm64/crypto/aes-neonbs-core.S @@ -971,18 +971,22 @@ CPU_LE( rev x8, x8 ) 8: next_ctr v0 st1 {v0.16b}, [x24] - cbz x23, 0f + cbz x23, .Lctr_done cond_yield_neon 98b b 99b -0: frame_pop +.Lctr_done: + frame_pop ret /* * If we are handling the tail of the input (x6 != NULL), return the * final keystream block back to the caller. */ +0: cbz x25, 8b + st1 {v0.16b}, [x25] + b 8b 1: cbz x25, 8b st1 {v1.16b}, [x25] b 8b -- cgit From 3f47a03df6e81174558f4604828851cb600e1db6 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:43 -0800 Subject: crypto: testmgr - add testvec_config struct and helper functions Crypto algorithms must produce the same output for the same input regardless of data layout, i.e. how the src and dst scatterlists are divided into chunks and how each chunk is aligned. Request flags such as CRYPTO_TFM_REQ_MAY_SLEEP must not affect the result either. However, testing of this currently has many gaps. For example, individual algorithms are responsible for providing their own chunked test vectors. But many don't bother to do this or test only one or two cases, providing poor test coverage. Also, other things such as misaligned IVs and CRYPTO_TFM_REQ_MAY_SLEEP are never tested at all. Test code is also duplicated between the chunked and non-chunked cases, making it difficult to make other improvements. To improve the situation, this patch series basically moves the chunk descriptions into the testmgr itself so that they are shared by all algorithms. However, it's done in an extensible way via a new struct 'testvec_config', which describes not just the scaled chunk lengths but also all other aspects of the crypto operation besides the data itself such as the buffer alignments, the request flags, whether the operation is in-place or not, the IV alignment, and for hash algorithms when to do each update() and when to use finup() vs. final() vs. digest(). Then, this patch series makes skcipher, aead, and hash algorithms be tested against a list of default testvec_configs, replacing the current test code. This improves overall test coverage, without reducing test performance too much. Note that the test vectors themselves are not changed, except for removing the chunk lists. This series also adds randomized fuzz tests, enabled by a new kconfig option intended for developer use only, where skcipher, aead, and hash algorithms are tested against many randomly generated testvec_configs. This provides much more comprehensive test coverage. These improved tests have already exposed many bugs. To start it off, this initial patch adds the testvec_config and various helper functions that will be used by the skcipher, aead, and hash test code that will be converted to use the new testvec_config framework. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 452 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 437 insertions(+), 15 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 01a517e3f06b..0fc9421ddaba 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -5,6 +5,7 @@ * Copyright (c) 2002 Jean-Francois Dive * Copyright (c) 2007 Nokia Siemens Networks * Copyright (c) 2008 Herbert Xu + * Copyright (c) 2019 Google LLC * * Updated RFC4106 AES-GCM testing. * Authors: Aidan O'Mahony (aidan.o.mahony@intel.com) @@ -26,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -146,12 +148,12 @@ static void hexdump(unsigned char *buf, unsigned int len) buf, len, false); } -static int testmgr_alloc_buf(char *buf[XBUFSIZE]) +static int __testmgr_alloc_buf(char *buf[XBUFSIZE], int order) { int i; for (i = 0; i < XBUFSIZE; i++) { - buf[i] = (void *)__get_free_page(GFP_KERNEL); + buf[i] = (char *)__get_free_pages(GFP_KERNEL, order); if (!buf[i]) goto err_free_buf; } @@ -160,17 +162,435 @@ static int testmgr_alloc_buf(char *buf[XBUFSIZE]) err_free_buf: while (i-- > 0) - free_page((unsigned long)buf[i]); + free_pages((unsigned long)buf[i], order); return -ENOMEM; } -static void testmgr_free_buf(char *buf[XBUFSIZE]) +static int testmgr_alloc_buf(char *buf[XBUFSIZE]) +{ + return __testmgr_alloc_buf(buf, 0); +} + +static void __testmgr_free_buf(char *buf[XBUFSIZE], int order) { int i; for (i = 0; i < XBUFSIZE; i++) - free_page((unsigned long)buf[i]); + free_pages((unsigned long)buf[i], order); +} + +static void testmgr_free_buf(char *buf[XBUFSIZE]) +{ + __testmgr_free_buf(buf, 0); +} + +#define TESTMGR_POISON_BYTE 0xfe +#define TESTMGR_POISON_LEN 16 + +static inline void testmgr_poison(void *addr, size_t len) +{ + memset(addr, TESTMGR_POISON_BYTE, len); +} + +/* Is the memory region still fully poisoned? */ +static inline bool testmgr_is_poison(const void *addr, size_t len) +{ + return memchr_inv(addr, TESTMGR_POISON_BYTE, len) == NULL; +} + +/* flush type for hash algorithms */ +enum flush_type { + /* merge with update of previous buffer(s) */ + FLUSH_TYPE_NONE = 0, + + /* update with previous buffer(s) before doing this one */ + FLUSH_TYPE_FLUSH, + + /* likewise, but also export and re-import the intermediate state */ + FLUSH_TYPE_REIMPORT, +}; + +/* finalization function for hash algorithms */ +enum finalization_type { + FINALIZATION_TYPE_FINAL, /* use final() */ + FINALIZATION_TYPE_FINUP, /* use finup() */ + FINALIZATION_TYPE_DIGEST, /* use digest() */ +}; + +#define TEST_SG_TOTAL 10000 + +/** + * struct test_sg_division - description of a scatterlist entry + * + * This struct describes one entry of a scatterlist being constructed to check a + * crypto test vector. + * + * @proportion_of_total: length of this chunk relative to the total length, + * given as a proportion out of TEST_SG_TOTAL so that it + * scales to fit any test vector + * @offset: byte offset into a 2-page buffer at which this chunk will start + * @offset_relative_to_alignmask: if true, add the algorithm's alignmask to the + * @offset + * @flush_type: for hashes, whether an update() should be done now vs. + * continuing to accumulate data + */ +struct test_sg_division { + unsigned int proportion_of_total; + unsigned int offset; + bool offset_relative_to_alignmask; + enum flush_type flush_type; +}; + +/** + * struct testvec_config - configuration for testing a crypto test vector + * + * This struct describes the data layout and other parameters with which each + * crypto test vector can be tested. + * + * @name: name of this config, logged for debugging purposes if a test fails + * @inplace: operate on the data in-place, if applicable for the algorithm type? + * @req_flags: extra request_flags, e.g. CRYPTO_TFM_REQ_MAY_SLEEP + * @src_divs: description of how to arrange the source scatterlist + * @dst_divs: description of how to arrange the dst scatterlist, if applicable + * for the algorithm type. Defaults to @src_divs if unset. + * @iv_offset: misalignment of the IV in the range [0..MAX_ALGAPI_ALIGNMASK+1], + * where 0 is aligned to a 2*(MAX_ALGAPI_ALIGNMASK+1) byte boundary + * @iv_offset_relative_to_alignmask: if true, add the algorithm's alignmask to + * the @iv_offset + * @finalization_type: what finalization function to use for hashes + */ +struct testvec_config { + const char *name; + bool inplace; + u32 req_flags; + struct test_sg_division src_divs[XBUFSIZE]; + struct test_sg_division dst_divs[XBUFSIZE]; + unsigned int iv_offset; + bool iv_offset_relative_to_alignmask; + enum finalization_type finalization_type; +}; + +#define TESTVEC_CONFIG_NAMELEN 192 + +static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) +{ + unsigned int remaining = TEST_SG_TOTAL; + unsigned int ndivs = 0; + + do { + remaining -= divs[ndivs++].proportion_of_total; + } while (remaining); + + return ndivs; +} + +static bool valid_sg_divisions(const struct test_sg_division *divs, + unsigned int count, bool *any_flushes_ret) +{ + unsigned int total = 0; + unsigned int i; + + for (i = 0; i < count && total != TEST_SG_TOTAL; i++) { + if (divs[i].proportion_of_total <= 0 || + divs[i].proportion_of_total > TEST_SG_TOTAL - total) + return false; + total += divs[i].proportion_of_total; + if (divs[i].flush_type != FLUSH_TYPE_NONE) + *any_flushes_ret = true; + } + return total == TEST_SG_TOTAL && + memchr_inv(&divs[i], 0, (count - i) * sizeof(divs[0])) == NULL; +} + +/* + * Check whether the given testvec_config is valid. This isn't strictly needed + * since every testvec_config should be valid, but check anyway so that people + * don't unknowingly add broken configs that don't do what they wanted. + */ +static bool valid_testvec_config(const struct testvec_config *cfg) +{ + bool any_flushes = false; + + if (cfg->name == NULL) + return false; + + if (!valid_sg_divisions(cfg->src_divs, ARRAY_SIZE(cfg->src_divs), + &any_flushes)) + return false; + + if (cfg->dst_divs[0].proportion_of_total) { + if (!valid_sg_divisions(cfg->dst_divs, + ARRAY_SIZE(cfg->dst_divs), + &any_flushes)) + return false; + } else { + if (memchr_inv(cfg->dst_divs, 0, sizeof(cfg->dst_divs))) + return false; + /* defaults to dst_divs=src_divs */ + } + + if (cfg->iv_offset + + (cfg->iv_offset_relative_to_alignmask ? MAX_ALGAPI_ALIGNMASK : 0) > + MAX_ALGAPI_ALIGNMASK + 1) + return false; + + if (any_flushes && cfg->finalization_type == FINALIZATION_TYPE_DIGEST) + return false; + + return true; +} + +struct test_sglist { + char *bufs[XBUFSIZE]; + struct scatterlist sgl[XBUFSIZE]; + struct scatterlist sgl_saved[XBUFSIZE]; + struct scatterlist *sgl_ptr; + unsigned int nents; +}; + +static int init_test_sglist(struct test_sglist *tsgl) +{ + return __testmgr_alloc_buf(tsgl->bufs, 1 /* two pages per buffer */); +} + +static void destroy_test_sglist(struct test_sglist *tsgl) +{ + return __testmgr_free_buf(tsgl->bufs, 1 /* two pages per buffer */); +} + +/** + * build_test_sglist() - build a scatterlist for a crypto test + * + * @tsgl: the scatterlist to build. @tsgl->bufs[] contains an array of 2-page + * buffers which the scatterlist @tsgl->sgl[] will be made to point into. + * @divs: the layout specification on which the scatterlist will be based + * @alignmask: the algorithm's alignmask + * @total_len: the total length of the scatterlist to build in bytes + * @data: if non-NULL, the buffers will be filled with this data until it ends. + * Otherwise the buffers will be poisoned. In both cases, some bytes + * past the end of each buffer will be poisoned to help detect overruns. + * @out_divs: if non-NULL, the test_sg_division to which each scatterlist entry + * corresponds will be returned here. This will match @divs except + * that divisions resolving to a length of 0 are omitted as they are + * not included in the scatterlist. + * + * Return: 0 or a -errno value + */ +static int build_test_sglist(struct test_sglist *tsgl, + const struct test_sg_division *divs, + const unsigned int alignmask, + const unsigned int total_len, + struct iov_iter *data, + const struct test_sg_division *out_divs[XBUFSIZE]) +{ + struct { + const struct test_sg_division *div; + size_t length; + } partitions[XBUFSIZE]; + const unsigned int ndivs = count_test_sg_divisions(divs); + unsigned int len_remaining = total_len; + unsigned int i; + + BUILD_BUG_ON(ARRAY_SIZE(partitions) != ARRAY_SIZE(tsgl->sgl)); + if (WARN_ON(ndivs > ARRAY_SIZE(partitions))) + return -EINVAL; + + /* Calculate the (div, length) pairs */ + tsgl->nents = 0; + for (i = 0; i < ndivs; i++) { + unsigned int len_this_sg = + min(len_remaining, + (total_len * divs[i].proportion_of_total + + TEST_SG_TOTAL / 2) / TEST_SG_TOTAL); + + if (len_this_sg != 0) { + partitions[tsgl->nents].div = &divs[i]; + partitions[tsgl->nents].length = len_this_sg; + tsgl->nents++; + len_remaining -= len_this_sg; + } + } + if (tsgl->nents == 0) { + partitions[tsgl->nents].div = &divs[0]; + partitions[tsgl->nents].length = 0; + tsgl->nents++; + } + partitions[tsgl->nents - 1].length += len_remaining; + + /* Set up the sgl entries and fill the data or poison */ + sg_init_table(tsgl->sgl, tsgl->nents); + for (i = 0; i < tsgl->nents; i++) { + unsigned int offset = partitions[i].div->offset; + void *addr; + + if (partitions[i].div->offset_relative_to_alignmask) + offset += alignmask; + + while (offset + partitions[i].length + TESTMGR_POISON_LEN > + 2 * PAGE_SIZE) { + if (WARN_ON(offset <= 0)) + return -EINVAL; + offset /= 2; + } + + addr = &tsgl->bufs[i][offset]; + sg_set_buf(&tsgl->sgl[i], addr, partitions[i].length); + + if (out_divs) + out_divs[i] = partitions[i].div; + + if (data) { + size_t copy_len, copied; + + copy_len = min(partitions[i].length, data->count); + copied = copy_from_iter(addr, copy_len, data); + if (WARN_ON(copied != copy_len)) + return -EINVAL; + testmgr_poison(addr + copy_len, partitions[i].length + + TESTMGR_POISON_LEN - copy_len); + } else { + testmgr_poison(addr, partitions[i].length + + TESTMGR_POISON_LEN); + } + } + + sg_mark_end(&tsgl->sgl[tsgl->nents - 1]); + tsgl->sgl_ptr = tsgl->sgl; + memcpy(tsgl->sgl_saved, tsgl->sgl, tsgl->nents * sizeof(tsgl->sgl[0])); + return 0; +} + +/* + * Verify that a scatterlist crypto operation produced the correct output. + * + * @tsgl: scatterlist containing the actual output + * @expected_output: buffer containing the expected output + * @len_to_check: length of @expected_output in bytes + * @unchecked_prefix_len: number of ignored bytes in @tsgl prior to real result + * @check_poison: verify that the poison bytes after each chunk are intact? + * + * Return: 0 if correct, -EINVAL if incorrect, -EOVERFLOW if buffer overrun. + */ +static int verify_correct_output(const struct test_sglist *tsgl, + const char *expected_output, + unsigned int len_to_check, + unsigned int unchecked_prefix_len, + bool check_poison) +{ + unsigned int i; + + for (i = 0; i < tsgl->nents; i++) { + struct scatterlist *sg = &tsgl->sgl_ptr[i]; + unsigned int len = sg->length; + unsigned int offset = sg->offset; + const char *actual_output; + + if (unchecked_prefix_len) { + if (unchecked_prefix_len >= len) { + unchecked_prefix_len -= len; + continue; + } + offset += unchecked_prefix_len; + len -= unchecked_prefix_len; + unchecked_prefix_len = 0; + } + len = min(len, len_to_check); + actual_output = page_address(sg_page(sg)) + offset; + if (memcmp(expected_output, actual_output, len) != 0) + return -EINVAL; + if (check_poison && + !testmgr_is_poison(actual_output + len, TESTMGR_POISON_LEN)) + return -EOVERFLOW; + len_to_check -= len; + expected_output += len; + } + if (WARN_ON(len_to_check != 0)) + return -EINVAL; + return 0; +} + +static bool is_test_sglist_corrupted(const struct test_sglist *tsgl) +{ + unsigned int i; + + for (i = 0; i < tsgl->nents; i++) { + if (tsgl->sgl[i].page_link != tsgl->sgl_saved[i].page_link) + return true; + if (tsgl->sgl[i].offset != tsgl->sgl_saved[i].offset) + return true; + if (tsgl->sgl[i].length != tsgl->sgl_saved[i].length) + return true; + } + return false; +} + +struct cipher_test_sglists { + struct test_sglist src; + struct test_sglist dst; +}; + +static struct cipher_test_sglists *alloc_cipher_test_sglists(void) +{ + struct cipher_test_sglists *tsgls; + + tsgls = kmalloc(sizeof(*tsgls), GFP_KERNEL); + if (!tsgls) + return NULL; + + if (init_test_sglist(&tsgls->src) != 0) + goto fail_kfree; + if (init_test_sglist(&tsgls->dst) != 0) + goto fail_destroy_src; + + return tsgls; + +fail_destroy_src: + destroy_test_sglist(&tsgls->src); +fail_kfree: + kfree(tsgls); + return NULL; +} + +static void free_cipher_test_sglists(struct cipher_test_sglists *tsgls) +{ + if (tsgls) { + destroy_test_sglist(&tsgls->src); + destroy_test_sglist(&tsgls->dst); + kfree(tsgls); + } +} + +/* Build the src and dst scatterlists for an skcipher or AEAD test */ +static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls, + const struct testvec_config *cfg, + unsigned int alignmask, + unsigned int src_total_len, + unsigned int dst_total_len, + const struct kvec *inputs, + unsigned int nr_inputs) +{ + struct iov_iter input; + int err; + + iov_iter_kvec(&input, WRITE, inputs, nr_inputs, src_total_len); + err = build_test_sglist(&tsgls->src, cfg->src_divs, alignmask, + cfg->inplace ? + max(dst_total_len, src_total_len) : + src_total_len, + &input, NULL); + if (err) + return err; + + if (cfg->inplace) { + tsgls->dst.sgl_ptr = tsgls->src.sgl; + tsgls->dst.nents = tsgls->src.nents; + return 0; + } + return build_test_sglist(&tsgls->dst, + cfg->dst_divs[0].proportion_of_total ? + cfg->dst_divs : cfg->src_divs, + alignmask, dst_total_len, NULL, NULL); } static int ahash_guard_result(char *result, char c, int size) @@ -3654,18 +4074,10 @@ static const struct alg_test_desc alg_test_descs[] = { } }; -static bool alg_test_descs_checked; - -static void alg_test_descs_check_order(void) +static void alg_check_test_descs_order(void) { int i; - /* only check once */ - if (alg_test_descs_checked) - return; - - alg_test_descs_checked = true; - for (i = 1; i < ARRAY_SIZE(alg_test_descs); i++) { int diff = strcmp(alg_test_descs[i - 1].alg, alg_test_descs[i].alg); @@ -3683,6 +4095,16 @@ static void alg_test_descs_check_order(void) } } +static void alg_check_testvec_configs(void) +{ +} + +static void testmgr_onetime_init(void) +{ + alg_check_test_descs_order(); + alg_check_testvec_configs(); +} + static int alg_find_test(const char *alg) { int start = 0; @@ -3719,7 +4141,7 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) return 0; } - alg_test_descs_check_order(); + DO_ONCE(testmgr_onetime_init); if ((type & CRYPTO_ALG_TYPE_MASK) == CRYPTO_ALG_TYPE_CIPHER) { char nalg[CRYPTO_MAX_ALG_NAME]; -- cgit From 5b2706a4d45987dfa9102f9529a8436392526111 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:44 -0800 Subject: crypto: testmgr - introduce CONFIG_CRYPTO_MANAGER_EXTRA_TESTS To achieve more comprehensive crypto test coverage, I'd like to add fuzz tests that use random data layouts and request flags. To be most effective these tests should be part of testmgr, so they automatically run on every algorithm registered with the crypto API. However, they will take much longer to run than the current tests and therefore will only really be intended to be run by developers, whereas the current tests have a wider audience. Therefore, add a new kconfig option CONFIG_CRYPTO_MANAGER_EXTRA_TESTS that can be set by developers to enable these extra, expensive tests. Similar to the regular tests, also add a module parameter cryptomgr.noextratests to support disabling the tests. Finally, another module parameter cryptomgr.fuzz_iterations is added to control how many iterations the fuzz tests do. Note: for now setting this to 0 will be equivalent to cryptomgr.noextratests=1. But I opted for separate parameters to provide more flexibility to add other types of tests under the "extra tests" category in the future. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/Kconfig | 10 ++++++++++ crypto/testmgr.c | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/crypto/Kconfig b/crypto/Kconfig index 86960aa53e0f..bbab6bf33519 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -168,6 +168,16 @@ config CRYPTO_MANAGER_DISABLE_TESTS Disable run-time self tests that normally take place at algorithm registration. +config CRYPTO_MANAGER_EXTRA_TESTS + bool "Enable extra run-time crypto self tests" + depends on DEBUG_KERNEL && !CRYPTO_MANAGER_DISABLE_TESTS + help + Enable extra run-time self tests of registered crypto algorithms, + including randomized fuzz tests. + + This is intended for developer use only, as these tests take much + longer to run than the normal self tests. + config CRYPTO_GF128MUL tristate "GF(2^128) multiplication functions" help diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 0fc9421ddaba..99f84160cb1d 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -43,6 +43,16 @@ static bool notests; module_param(notests, bool, 0644); MODULE_PARM_DESC(notests, "disable crypto self-tests"); +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS +static bool noextratests; +module_param(noextratests, bool, 0644); +MODULE_PARM_DESC(noextratests, "disable expensive crypto self-tests"); + +static unsigned int fuzz_iterations = 100; +module_param(fuzz_iterations, uint, 0644); +MODULE_PARM_DESC(fuzz_iterations, "number of fuzz test iterations"); +#endif + #ifdef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS /* a perfect nop */ @@ -4103,6 +4113,10 @@ static void testmgr_onetime_init(void) { alg_check_test_descs_order(); alg_check_testvec_configs(); + +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS + pr_warn("alg: extra crypto tests enabled. This is intended for developer use only.\n"); +#endif } static int alg_find_test(const char *alg) -- cgit From 25f9dddb928aee83effd18d6d3093f6c0beb65a4 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:45 -0800 Subject: crypto: testmgr - implement random testvec_config generation Add functions that generate a random testvec_config, in preparation for using it for randomized fuzz tests. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 99f84160cb1d..ca3fd5f0c094 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -603,6 +604,122 @@ static int build_cipher_test_sglists(struct cipher_test_sglists *tsgls, alignmask, dst_total_len, NULL, NULL); } +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS +static char *generate_random_sgl_divisions(struct test_sg_division *divs, + size_t max_divs, char *p, char *end, + bool gen_flushes) +{ + struct test_sg_division *div = divs; + unsigned int remaining = TEST_SG_TOTAL; + + do { + unsigned int this_len; + + if (div == &divs[max_divs - 1] || prandom_u32() % 2 == 0) + this_len = remaining; + else + this_len = 1 + (prandom_u32() % remaining); + div->proportion_of_total = this_len; + + if (prandom_u32() % 4 == 0) + div->offset = (PAGE_SIZE - 128) + (prandom_u32() % 128); + else if (prandom_u32() % 2 == 0) + div->offset = prandom_u32() % 32; + else + div->offset = prandom_u32() % PAGE_SIZE; + if (prandom_u32() % 8 == 0) + div->offset_relative_to_alignmask = true; + + div->flush_type = FLUSH_TYPE_NONE; + if (gen_flushes) { + switch (prandom_u32() % 4) { + case 0: + div->flush_type = FLUSH_TYPE_REIMPORT; + break; + case 1: + div->flush_type = FLUSH_TYPE_FLUSH; + break; + } + } + + BUILD_BUG_ON(TEST_SG_TOTAL != 10000); /* for "%u.%u%%" */ + p += scnprintf(p, end - p, "%s%u.%u%%@%s+%u%s", + div->flush_type == FLUSH_TYPE_NONE ? "" : + div->flush_type == FLUSH_TYPE_FLUSH ? + " " : " ", + this_len / 100, this_len % 100, + div->offset_relative_to_alignmask ? + "alignmask" : "", + div->offset, this_len == remaining ? "" : ", "); + remaining -= this_len; + div++; + } while (remaining); + + return p; +} + +/* Generate a random testvec_config for fuzz testing */ +static void generate_random_testvec_config(struct testvec_config *cfg, + char *name, size_t max_namelen) +{ + char *p = name; + char * const end = name + max_namelen; + + memset(cfg, 0, sizeof(*cfg)); + + cfg->name = name; + + p += scnprintf(p, end - p, "random:"); + + if (prandom_u32() % 2 == 0) { + cfg->inplace = true; + p += scnprintf(p, end - p, " inplace"); + } + + if (prandom_u32() % 2 == 0) { + cfg->req_flags |= CRYPTO_TFM_REQ_MAY_SLEEP; + p += scnprintf(p, end - p, " may_sleep"); + } + + switch (prandom_u32() % 4) { + case 0: + cfg->finalization_type = FINALIZATION_TYPE_FINAL; + p += scnprintf(p, end - p, " use_final"); + break; + case 1: + cfg->finalization_type = FINALIZATION_TYPE_FINUP; + p += scnprintf(p, end - p, " use_finup"); + break; + default: + cfg->finalization_type = FINALIZATION_TYPE_DIGEST; + p += scnprintf(p, end - p, " use_digest"); + break; + } + + p += scnprintf(p, end - p, " src_divs=["); + p = generate_random_sgl_divisions(cfg->src_divs, + ARRAY_SIZE(cfg->src_divs), p, end, + (cfg->finalization_type != + FINALIZATION_TYPE_DIGEST)); + p += scnprintf(p, end - p, "]"); + + if (!cfg->inplace && prandom_u32() % 2 == 0) { + p += scnprintf(p, end - p, " dst_divs=["); + p = generate_random_sgl_divisions(cfg->dst_divs, + ARRAY_SIZE(cfg->dst_divs), + p, end, false); + p += scnprintf(p, end - p, "]"); + } + + if (prandom_u32() % 2 == 0) { + cfg->iv_offset = 1 + (prandom_u32() % MAX_ALGAPI_ALIGNMASK); + p += scnprintf(p, end - p, " iv_offset=%u", cfg->iv_offset); + } + + WARN_ON_ONCE(!valid_testvec_config(cfg)); +} +#endif /* CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ + static int ahash_guard_result(char *result, char c, int size) { int i; -- cgit From 4e7babba30d820c4195b1d58cf51dce3c22ecf2b Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:46 -0800 Subject: crypto: testmgr - convert skcipher testing to use testvec_configs Convert alg_test_skcipher() to use the new test framework, adding a list of testvec_configs to test by default. When the extra self-tests are enabled, randomly generated testvec_configs are tested as well. This improves skcipher test coverage mainly because now all algorithms have a variety of data layouts tested, whereas before each algorithm was responsible for declaring its own chunked test cases which were often missing or provided poor test coverage. The new code also tests both the MAY_SLEEP and !MAY_SLEEP cases, different IV alignments, and buffers that cross pages. This has already found a bug in the arm64 ctr-aes-neonbs algorithm. It would have easily found many past bugs. I removed the skcipher chunked test vectors that were the same as non-chunked ones, but left the ones that were unique. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 515 ++++++++++++++++++++++++++----------------------------- crypto/testmgr.h | 253 --------------------------- 2 files changed, 245 insertions(+), 523 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index ca3fd5f0c094..a275c7c2c371 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -284,6 +284,68 @@ struct testvec_config { #define TESTVEC_CONFIG_NAMELEN 192 +/* + * The following are the lists of testvec_configs to test for each algorithm + * type when the basic crypto self-tests are enabled, i.e. when + * CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is unset. They aim to provide good test + * coverage, while keeping the test time much shorter than the full fuzz tests + * so that the basic tests can be enabled in a wider range of circumstances. + */ + +/* Configs for skciphers and aeads */ +static const struct testvec_config default_cipher_testvec_configs[] = { + { + .name = "in-place", + .inplace = true, + .src_divs = { { .proportion_of_total = 10000 } }, + }, { + .name = "out-of-place", + .src_divs = { { .proportion_of_total = 10000 } }, + }, { + .name = "unaligned buffer, offset=1", + .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, + .iv_offset = 1, + }, { + .name = "buffer aligned only to alignmask", + .src_divs = { + { + .proportion_of_total = 10000, + .offset = 1, + .offset_relative_to_alignmask = true, + }, + }, + .iv_offset = 1, + .iv_offset_relative_to_alignmask = true, + }, { + .name = "two even aligned splits", + .src_divs = { + { .proportion_of_total = 5000 }, + { .proportion_of_total = 5000 }, + }, + }, { + .name = "uneven misaligned splits, may sleep", + .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, + .src_divs = { + { .proportion_of_total = 1900, .offset = 33 }, + { .proportion_of_total = 3300, .offset = 7 }, + { .proportion_of_total = 4800, .offset = 18 }, + }, + .iv_offset = 3, + }, { + .name = "misaligned splits crossing pages, inplace", + .inplace = true, + .src_divs = { + { + .proportion_of_total = 7500, + .offset = PAGE_SIZE - 32 + }, { + .proportion_of_total = 2500, + .offset = PAGE_SIZE - 7 + }, + }, + } +}; + static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) { unsigned int remaining = TEST_SG_TOTAL; @@ -1608,8 +1670,6 @@ static int test_cipher(struct crypto_cipher *tfm, int enc, j = 0; for (i = 0; i < tcount; i++) { - if (template[i].np) - continue; if (fips_enabled && template[i].fips_skip) continue; @@ -1667,282 +1727,214 @@ out_nobuf: return ret; } -static int __test_skcipher(struct crypto_skcipher *tfm, int enc, - const struct cipher_testvec *template, - unsigned int tcount, - const bool diff_dst, const int align_offset) +static int test_skcipher_vec_cfg(const char *driver, int enc, + const struct cipher_testvec *vec, + unsigned int vec_num, + const struct testvec_config *cfg, + struct skcipher_request *req, + struct cipher_test_sglists *tsgls) { - const char *algo = - crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)); - unsigned int i, j, k, n, temp; - char *q; - struct skcipher_request *req; - struct scatterlist sg[8]; - struct scatterlist sgout[8]; - const char *e, *d; - struct crypto_wait wait; - const char *input, *result; - void *data; - char iv[MAX_IVLEN]; - char *xbuf[XBUFSIZE]; - char *xoutbuf[XBUFSIZE]; - int ret = -ENOMEM; - unsigned int ivsize = crypto_skcipher_ivsize(tfm); - - if (testmgr_alloc_buf(xbuf)) - goto out_nobuf; - - if (diff_dst && testmgr_alloc_buf(xoutbuf)) - goto out_nooutbuf; - - if (diff_dst) - d = "-ddst"; - else - d = ""; + struct crypto_skcipher *tfm = crypto_skcipher_reqtfm(req); + const unsigned int alignmask = crypto_skcipher_alignmask(tfm); + const unsigned int ivsize = crypto_skcipher_ivsize(tfm); + const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; + const char *op = enc ? "encryption" : "decryption"; + DECLARE_CRYPTO_WAIT(wait); + u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; + u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + + cfg->iv_offset + + (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); + struct kvec input; + int err; - if (enc == ENCRYPT) - e = "encryption"; + /* Set the key */ + if (vec->wk) + crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); else - e = "decryption"; - - crypto_init_wait(&wait); - - req = skcipher_request_alloc(tfm, GFP_KERNEL); - if (!req) { - pr_err("alg: skcipher%s: Failed to allocate request for %s\n", - d, algo); - goto out; + crypto_skcipher_clear_flags(tfm, + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); + err = crypto_skcipher_setkey(tfm, vec->key, vec->klen); + if (err) { + if (vec->fail) /* expectedly failed to set key? */ + return 0; + pr_err("alg: skcipher: %s setkey failed with err %d on test vector %u; flags=%#x\n", + driver, err, vec_num, crypto_skcipher_get_flags(tfm)); + return err; + } + if (vec->fail) { + pr_err("alg: skcipher: %s setkey unexpectedly succeeded on test vector %u\n", + driver, vec_num); + return -EINVAL; } - skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &wait); - - j = 0; - for (i = 0; i < tcount; i++) { - if (template[i].np && !template[i].also_non_np) - continue; - - if (fips_enabled && template[i].fips_skip) - continue; - - if (template[i].iv && !(template[i].generates_iv && enc)) - memcpy(iv, template[i].iv, ivsize); + /* The IV must be copied to a buffer, as the algorithm may modify it */ + if (ivsize) { + if (WARN_ON(ivsize > MAX_IVLEN)) + return -EINVAL; + if (vec->iv && !(vec->generates_iv && enc)) + memcpy(iv, vec->iv, ivsize); else - memset(iv, 0, MAX_IVLEN); - - input = enc ? template[i].ptext : template[i].ctext; - result = enc ? template[i].ctext : template[i].ptext; - j++; - ret = -EINVAL; - if (WARN_ON(align_offset + template[i].len > PAGE_SIZE)) - goto out; - - data = xbuf[0]; - data += align_offset; - memcpy(data, input, template[i].len); - - crypto_skcipher_clear_flags(tfm, ~0); - if (template[i].wk) - crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); - - ret = crypto_skcipher_setkey(tfm, template[i].key, - template[i].klen); - if (template[i].fail == !ret) { - pr_err("alg: skcipher%s: setkey failed on test %d for %s: flags=%x\n", - d, j, algo, crypto_skcipher_get_flags(tfm)); - goto out; - } else if (ret) - continue; - - sg_init_one(&sg[0], data, template[i].len); - if (diff_dst) { - data = xoutbuf[0]; - data += align_offset; - sg_init_one(&sgout[0], data, template[i].len); - } - - skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].len, iv); - ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : - crypto_skcipher_decrypt(req), &wait); - - if (ret) { - pr_err("alg: skcipher%s: %s failed on test %d for %s: ret=%d\n", - d, e, j, algo, -ret); - goto out; - } - - q = data; - if (memcmp(q, result, template[i].len)) { - pr_err("alg: skcipher%s: Test %d failed (invalid result) on %s for %s\n", - d, j, e, algo); - hexdump(q, template[i].len); - ret = -EINVAL; - goto out; - } - - if (template[i].generates_iv && enc && - memcmp(iv, template[i].iv, crypto_skcipher_ivsize(tfm))) { - pr_err("alg: skcipher%s: Test %d failed (invalid output IV) on %s for %s\n", - d, j, e, algo); - hexdump(iv, crypto_skcipher_ivsize(tfm)); - ret = -EINVAL; - goto out; + memset(iv, 0, ivsize); + } else { + if (vec->generates_iv) { + pr_err("alg: skcipher: %s has ivsize=0 but test vector %u generates IV!\n", + driver, vec_num); + return -EINVAL; } + iv = NULL; } - j = 0; - for (i = 0; i < tcount; i++) { - /* alignment tests are only done with continuous buffers */ - if (align_offset != 0) - break; - - if (!template[i].np) - continue; - - if (fips_enabled && template[i].fips_skip) - continue; - - if (template[i].iv && !(template[i].generates_iv && enc)) - memcpy(iv, template[i].iv, ivsize); - else - memset(iv, 0, MAX_IVLEN); - - input = enc ? template[i].ptext : template[i].ctext; - result = enc ? template[i].ctext : template[i].ptext; - j++; - crypto_skcipher_clear_flags(tfm, ~0); - if (template[i].wk) - crypto_skcipher_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); - - ret = crypto_skcipher_setkey(tfm, template[i].key, - template[i].klen); - if (template[i].fail == !ret) { - pr_err("alg: skcipher%s: setkey failed on chunk test %d for %s: flags=%x\n", - d, j, algo, crypto_skcipher_get_flags(tfm)); - goto out; - } else if (ret) - continue; - - temp = 0; - ret = -EINVAL; - sg_init_table(sg, template[i].np); - if (diff_dst) - sg_init_table(sgout, template[i].np); - for (k = 0; k < template[i].np; k++) { - if (WARN_ON(offset_in_page(IDX[k]) + - template[i].tap[k] > PAGE_SIZE)) - goto out; - - q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); - - memcpy(q, input + temp, template[i].tap[k]); - - if (offset_in_page(q) + template[i].tap[k] < PAGE_SIZE) - q[template[i].tap[k]] = 0; - - sg_set_buf(&sg[k], q, template[i].tap[k]); - if (diff_dst) { - q = xoutbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]); - - sg_set_buf(&sgout[k], q, template[i].tap[k]); + /* Build the src/dst scatterlists */ + input.iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; + input.iov_len = vec->len; + err = build_cipher_test_sglists(tsgls, cfg, alignmask, + vec->len, vec->len, &input, 1); + if (err) { + pr_err("alg: skcipher: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return err; + } - memset(q, 0, template[i].tap[k]); - if (offset_in_page(q) + - template[i].tap[k] < PAGE_SIZE) - q[template[i].tap[k]] = 0; - } + /* Do the actual encryption or decryption */ + testmgr_poison(req->__ctx, crypto_skcipher_reqsize(tfm)); + skcipher_request_set_callback(req, req_flags, crypto_req_done, &wait); + skcipher_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, + vec->len, iv); + err = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : + crypto_skcipher_decrypt(req), &wait); + if (err) { + pr_err("alg: skcipher: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", + driver, op, err, vec_num, cfg->name); + return err; + } - temp += template[i].tap[k]; - } + /* Check for the correct output (ciphertext or plaintext) */ + err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, + vec->len, 0, true); + if (err == -EOVERFLOW) { + pr_err("alg: skcipher: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return err; + } + if (err) { + pr_err("alg: skcipher: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return err; + } - skcipher_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - template[i].len, iv); + /* If applicable, check that the algorithm generated the correct IV */ + if (vec->generates_iv && enc && memcmp(iv, vec->iv, ivsize) != 0) { + pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + hexdump(iv, ivsize); + return -EINVAL; + } - ret = crypto_wait_req(enc ? crypto_skcipher_encrypt(req) : - crypto_skcipher_decrypt(req), &wait); + return 0; +} - if (ret) { - pr_err("alg: skcipher%s: %s failed on chunk test %d for %s: ret=%d\n", - d, e, j, algo, -ret); - goto out; - } +static int test_skcipher_vec(const char *driver, int enc, + const struct cipher_testvec *vec, + unsigned int vec_num, + struct skcipher_request *req, + struct cipher_test_sglists *tsgls) +{ + unsigned int i; + int err; - temp = 0; - ret = -EINVAL; - for (k = 0; k < template[i].np; k++) { - if (diff_dst) - q = xoutbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]); - else - q = xbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]); + if (fips_enabled && vec->fips_skip) + return 0; - if (memcmp(q, result + temp, template[i].tap[k])) { - pr_err("alg: skcipher%s: Chunk test %d failed on %s at page %u for %s\n", - d, j, e, k, algo); - hexdump(q, template[i].tap[k]); - goto out; - } + for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { + err = test_skcipher_vec_cfg(driver, enc, vec, vec_num, + &default_cipher_testvec_configs[i], + req, tsgls); + if (err) + return err; + } - q += template[i].tap[k]; - for (n = 0; offset_in_page(q + n) && q[n]; n++) - ; - if (n) { - pr_err("alg: skcipher%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n", - d, j, e, k, algo, n); - hexdump(q, n); - goto out; - } - temp += template[i].tap[k]; +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS + if (!noextratests) { + struct testvec_config cfg; + char cfgname[TESTVEC_CONFIG_NAMELEN]; + + for (i = 0; i < fuzz_iterations; i++) { + generate_random_testvec_config(&cfg, cfgname, + sizeof(cfgname)); + err = test_skcipher_vec_cfg(driver, enc, vec, vec_num, + &cfg, req, tsgls); + if (err) + return err; } } +#endif + return 0; +} - ret = 0; +static int test_skcipher(const char *driver, int enc, + const struct cipher_test_suite *suite, + struct skcipher_request *req, + struct cipher_test_sglists *tsgls) +{ + unsigned int i; + int err; -out: - skcipher_request_free(req); - if (diff_dst) - testmgr_free_buf(xoutbuf); -out_nooutbuf: - testmgr_free_buf(xbuf); -out_nobuf: - return ret; + for (i = 0; i < suite->count; i++) { + err = test_skcipher_vec(driver, enc, &suite->vecs[i], i, req, + tsgls); + if (err) + return err; + } + return 0; } -static int test_skcipher(struct crypto_skcipher *tfm, int enc, - const struct cipher_testvec *template, - unsigned int tcount) +static int alg_test_skcipher(const struct alg_test_desc *desc, + const char *driver, u32 type, u32 mask) { - unsigned int alignmask; - int ret; + const struct cipher_test_suite *suite = &desc->suite.cipher; + struct crypto_skcipher *tfm; + struct skcipher_request *req = NULL; + struct cipher_test_sglists *tsgls = NULL; + int err; - /* test 'dst == src' case */ - ret = __test_skcipher(tfm, enc, template, tcount, false, 0); - if (ret) - return ret; + if (suite->count <= 0) { + pr_err("alg: skcipher: empty test suite for %s\n", driver); + return -EINVAL; + } - /* test 'dst != src' case */ - ret = __test_skcipher(tfm, enc, template, tcount, true, 0); - if (ret) - return ret; + tfm = crypto_alloc_skcipher(driver, type, mask); + if (IS_ERR(tfm)) { + pr_err("alg: skcipher: failed to allocate transform for %s: %ld\n", + driver, PTR_ERR(tfm)); + return PTR_ERR(tfm); + } - /* test unaligned buffers, check with one byte offset */ - ret = __test_skcipher(tfm, enc, template, tcount, true, 1); - if (ret) - return ret; + req = skcipher_request_alloc(tfm, GFP_KERNEL); + if (!req) { + pr_err("alg: skcipher: failed to allocate request for %s\n", + driver); + err = -ENOMEM; + goto out; + } - alignmask = crypto_tfm_alg_alignmask(&tfm->base); - if (alignmask) { - /* Check if alignment mask for tfm is correctly set. */ - ret = __test_skcipher(tfm, enc, template, tcount, true, - alignmask + 1); - if (ret) - return ret; + tsgls = alloc_cipher_test_sglists(); + if (!tsgls) { + pr_err("alg: skcipher: failed to allocate test buffers for %s\n", + driver); + err = -ENOMEM; + goto out; } - return 0; + err = test_skcipher(driver, ENCRYPT, suite, req, tsgls); + if (err) + goto out; + + err = test_skcipher(driver, DECRYPT, suite, req, tsgls); +out: + free_cipher_test_sglists(tsgls); + skcipher_request_free(req); + crypto_free_skcipher(tfm); + return err; } static int test_comp(struct crypto_comp *tfm, @@ -2326,28 +2318,6 @@ static int alg_test_cipher(const struct alg_test_desc *desc, return err; } -static int alg_test_skcipher(const struct alg_test_desc *desc, - const char *driver, u32 type, u32 mask) -{ - const struct cipher_test_suite *suite = &desc->suite.cipher; - struct crypto_skcipher *tfm; - int err; - - tfm = crypto_alloc_skcipher(driver, type, mask); - if (IS_ERR(tfm)) { - printk(KERN_ERR "alg: skcipher: Failed to load transform for " - "%s: %ld\n", driver, PTR_ERR(tfm)); - return PTR_ERR(tfm); - } - - err = test_skcipher(tfm, ENCRYPT, suite->vecs, suite->count); - if (!err) - err = test_skcipher(tfm, DECRYPT, suite->vecs, suite->count); - - crypto_free_skcipher(tfm); - return err; -} - static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { @@ -4224,6 +4194,11 @@ static void alg_check_test_descs_order(void) static void alg_check_testvec_configs(void) { + int i; + + for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) + WARN_ON(!valid_testvec_config( + &default_cipher_testvec_configs[i])); } static void testmgr_onetime_init(void) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index d8f6035c7ff2..1a73af8a79f7 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -52,10 +52,6 @@ struct hash_testvec { * @fail: If set to one, the test need to fail * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * ( e.g. test needs to fail due to a weak key ) - * @np: numbers of SG to distribute data in (from 1 to MAX_TAP) - * @tap: How to distribute data in @np SGs - * @also_non_np: if set to 1, the test will be also done without - * splitting data in @np SGs * @fips_skip: Skip the test vector in FIPS mode * @generates_iv: Encryption should ignore the given IV, and output @iv. * Decryption takes @iv. Needed for AES Keywrap ("kw(aes)"). @@ -65,9 +61,6 @@ struct cipher_testvec { const char *iv; const char *ptext; const char *ctext; - unsigned short tap[MAX_TAP]; - int np; - unsigned char also_non_np; bool fail; unsigned char wk; /* weak key flag */ unsigned char klen; @@ -7011,18 +7004,6 @@ static const struct cipher_testvec des_tv_template[] = { .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", .len = 16, - .np = 2, - .tap = { 8, 8 } - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" - "\xa3\x99\x7b\xca\xaf\x69\xa0\xf5", - .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" - "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", - .len = 16, - .np = 2, - .tap = { 8, 8 } }, { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, @@ -7031,8 +7012,6 @@ static const struct cipher_testvec des_tv_template[] = { .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b", .len = 16, - .np = 3, - .tap = { 3, 12, 1 } }, { /* Four blocks -- for testing encryption with chunking */ .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, @@ -7045,38 +7024,6 @@ static const struct cipher_testvec des_tv_template[] = { "\xb4\x99\x26\xf7\x1f\xe1\xd4\x90" "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", .len = 32, - .np = 3, - .tap = { 14, 10, 8 } - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" - "\x22\x33\x44\x55\x66\x77\x88\x99" - "\xca\xfe\xba\xbe\xfe\xed\xbe\xef", - .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" - "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b" - "\xb4\x99\x26\xf7\x1f\xe1\xd4\x90", - .len = 24, - .np = 4, - .tap = { 2, 1, 3, 18 } - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7" - "\x22\x33\x44\x55\x66\x77\x88\x99", - .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d" - "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b", - .len = 16, - .np = 5, - .tap = { 2, 2, 2, 2, 8 } - }, { - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7", - .ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d", - .len = 8, - .np = 8, - .tap = { 1, 1, 1, 1, 1, 1, 1, 1 } }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, @@ -7143,9 +7090,6 @@ static const struct cipher_testvec des_tv_template[] = { "\xE1\x58\x39\x09\xB4\x8B\x40\xAC" "\x5F\x62\xC7\x72\xD9\xFC\xCB\x9A", .len = 248, - .also_non_np = 1, - .np = 3, - .tap = { 248 - 10, 2, 8 }, }, }; @@ -7182,23 +7126,6 @@ static const struct cipher_testvec des_cbc_tv_template[] = { .ptext = "\x66\x6f\x72\x20\x61\x6c\x6c\x20", .ctext = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", .len = 8, - .np = 2, - .tap = { 4, 4 }, - .also_non_np = 1, - }, { /* Copy of openssl vector for chunk testing */ - /* From OpenSSL */ - .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", - .klen = 8, - .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20" - "\x4e\x6f\x77\x20\x69\x73\x20\x74" - "\x68\x65\x20\x74\x69\x6d\x65\x20", - .ctext = "\xcc\xd1\x73\xff\xab\x20\x39\xf4" - "\xac\xd8\xae\xfd\xdf\xd8\xa1\xeb" - "\x46\x8e\x91\x15\x78\x88\xba\x68", - .len = 24, - .np = 2, - .tap = { 13, 11 } }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, @@ -7266,9 +7193,6 @@ static const struct cipher_testvec des_cbc_tv_template[] = { "\x82\xA9\xBD\x6A\x31\x91\x39\x11" "\xC6\x4A\xF3\x55\xC7\x29\x2E\x63", .len = 248, - .also_non_np = 1, - .np = 3, - .tap = { 248 - 10, 2, 8 }, }, }; @@ -7340,9 +7264,6 @@ static const struct cipher_testvec des_ctr_tv_template[] = { "\x19\x7F\x99\x19\x53\xCE\x1D\x14" "\x69\x74\xA1\x06\x46\x0F\x4E\x75", .len = 248, - .also_non_np = 1, - .np = 3, - .tap = { 248 - 10, 2, 8 }, }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, @@ -7410,9 +7331,6 @@ static const struct cipher_testvec des_ctr_tv_template[] = { "\xA5\xA6\xE7\xB0\x51\x36\x52\x37" "\x91\x45\x05\x3E\x58\xBF\x32", .len = 247, - .also_non_np = 1, - .np = 2, - .tap = { 247 - 8, 8 }, }, }; @@ -7571,9 +7489,6 @@ static const struct cipher_testvec des3_ede_tv_template[] = { "\x93\x03\xD7\x51\x09\xFA\xBE\x68" "\xD8\x45\xFF\x33\xBA\xBB\x2B\x63", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -7749,9 +7664,6 @@ static const struct cipher_testvec des3_ede_cbc_tv_template[] = { "\x83\x70\xFF\x86\xE6\xAA\x0F\x1F" "\x95\x63\x73\xA2\x44\xAC\xF8\xA5", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -7888,9 +7800,6 @@ static const struct cipher_testvec des3_ede_ctr_tv_template[] = { "\xFD\x51\xB0\xC6\x2C\x63\x13\x78" "\x5C\xEE\xFC\xCF\xC4\x70\x00\x34", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, { /* Generated with Crypto++ */ .key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00" "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" @@ -8025,9 +7934,6 @@ static const struct cipher_testvec des3_ede_ctr_tv_template[] = { "\x32\x0F\x05\x2F\xF2\x4C\x95\x3B" "\xF2\x79\xD9", .len = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, }, }; @@ -8213,9 +8119,6 @@ static const struct cipher_testvec bf_tv_template[] = { "\x56\xEB\x36\x77\x3D\xAA\xB8\xF5" "\xC9\x1A\xFB\x5D\xDE\xBB\x43\xF4", .len = 504, - .also_non_np = 1, - .np = 3, - .tap = { 504 - 10, 2, 8 }, }, }; @@ -8368,9 +8271,6 @@ static const struct cipher_testvec bf_cbc_tv_template[] = { "\x93\x9B\xEE\xB5\x97\x41\xD2\xA0" "\xB4\x98\xD8\x6B\x74\xE7\x65\xF4", .len = 504, - .also_non_np = 1, - .np = 3, - .tap = { 504 - 10, 2, 8 }, }, }; @@ -8643,9 +8543,6 @@ static const struct cipher_testvec bf_ctr_tv_template[] = { "\x32\x44\x96\x1C\xD8\xEB\x95\xD2" "\xF3\x71\xEF\xEB\x4E\xBB\x4D", .len = 503, - .also_non_np = 1, - .np = 2, - .tap = { 503 - 8, 8 }, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -8944,9 +8841,6 @@ static const struct cipher_testvec tf_tv_template[] = { "\x58\x33\x9B\x78\xC7\x58\x48\x6B" "\x2C\x75\x64\xC4\xCA\xC1\x7E\xD5", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -9122,9 +9016,6 @@ static const struct cipher_testvec tf_cbc_tv_template[] = { "\x30\x70\x56\xA4\x37\xDD\x7C\xC0" "\x0A\xA3\x30\x10\x26\x25\x41\x2C", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -9530,9 +9421,6 @@ static const struct cipher_testvec tf_ctr_tv_template[] = { "\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF" "\x6C\x82\x9D", .len = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, }, }; @@ -9774,9 +9662,6 @@ static const struct cipher_testvec tf_lrw_tv_template[] = { "\x80\x18\xc4\x6c\x03\xd3\xb7\xba" "\x11\xd7\xb8\x6e\xea\xe1\x80\x30", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -10111,9 +9996,6 @@ static const struct cipher_testvec tf_xts_tv_template[] = { "\xa4\x05\x0b\xb2\xb3\xa8\x30\x97" "\x37\x30\xe1\x91\x8d\xb3\x2a\xff", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -10286,9 +10168,6 @@ static const struct cipher_testvec serpent_tv_template[] = { "\x75\x55\x9B\xFF\x36\x73\xAB\x7C" "\xF4\x46\x2E\xEB\xAC\xF3\xD2\xB7", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -10505,9 +10384,6 @@ static const struct cipher_testvec serpent_cbc_tv_template[] = { "\xFC\x66\xAA\x37\xF2\x37\x39\x6B" "\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -10780,9 +10656,6 @@ static const struct cipher_testvec serpent_ctr_tv_template[] = { "\x40\x53\x77\x8C\x15\xF8\x8D\x13" "\x38\xE2\xE5", .len = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -11157,9 +11030,6 @@ static const struct cipher_testvec serpent_lrw_tv_template[] = { "\x5c\xc6\x84\xfe\x7c\xcb\x26\xfd" "\xd9\x51\x0f\xd7\x94\x2f\xc5\xa7", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -11494,9 +11364,6 @@ static const struct cipher_testvec serpent_xts_tv_template[] = { "\xaf\x43\x0b\xc5\x20\x41\x92\x20" "\xd4\xa0\x91\x98\x11\x5f\x4d\xb1", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -11836,9 +11703,6 @@ static const struct cipher_testvec cast6_tv_template[] = { "\x84\x52\x6D\x68\xDE\xC6\x64\xB2" "\x11\x74\x93\x57\xB4\x7E\xC6\x00", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -11976,9 +11840,6 @@ static const struct cipher_testvec cast6_cbc_tv_template[] = { "\x4D\x59\x7D\xC5\x28\x69\xFA\x92" "\x22\x46\x89\x2D\x0F\x2B\x08\x24", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -12131,9 +11992,6 @@ static const struct cipher_testvec cast6_ctr_tv_template[] = { "\x0E\x74\x33\x30\x62\xB9\x89\xDF" "\xF9\xC5\xDD\x27\xB3\x39\xCB\xCB", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -12277,9 +12135,6 @@ static const struct cipher_testvec cast6_lrw_tv_template[] = { "\x8D\xD9\xCD\x3B\x22\x67\x18\xC7" "\xC4\xF5\x99\x61\xBC\xBB\x5B\x46", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -12425,9 +12280,6 @@ static const struct cipher_testvec cast6_xts_tv_template[] = { "\xA1\xAC\xE8\xCF\xC6\x74\xCF\xDC" "\x22\x60\x4E\xE8\xA4\x5D\x85\xB9", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -12596,9 +12448,6 @@ static const struct cipher_testvec aes_tv_template[] = { "\x09\x79\xA0\x43\x5C\x0D\x08\x58" "\x17\xBB\xC0\x6B\x62\x3F\x56\xE9", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -12613,9 +12462,6 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" "\x27\x08\x94\x2d\xbe\x77\x18\x1a", .len = 16, - .also_non_np = 1, - .np = 8, - .tap = { 3, 2, 3, 2, 3, 1, 1, 1 }, }, { .key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0" "\x61\x1b\xbb\x3e\x20\x25\xa4\x5a", @@ -12813,9 +12659,6 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { "\xE0\x1F\x91\xF8\x82\x96\x2D\x65" "\xA3\xAA\x13\xCC\x50\xFF\x7B\x02", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -12892,9 +12735,6 @@ static const struct cipher_testvec aes_cfb_tv_template[] = { "\x75\xa3\x85\x74\x1a\xb9\xce\xf8" "\x20\x31\x62\x3d\x55\xb1\xe4\x71", .len = 64, - .also_non_np = 1, - .np = 2, - .tap = { 31, 33 }, }, { /* > 16 bytes, not a multiple of 16 bytes */ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", @@ -14795,9 +14635,6 @@ static const struct cipher_testvec aes_lrw_tv_template[] = { "\xcd\x7e\x2b\x5d\x43\xea\x42\xe7" "\x74\x3f\x7d\x58\x88\x75\xde\x3e", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, } }; @@ -15133,9 +14970,6 @@ static const struct cipher_testvec aes_xts_tv_template[] = { "\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70" "\xb9\xc6\xe6\x93\xe1\x48\xc1\x51", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, } }; @@ -15345,9 +15179,6 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { "\xFA\x3A\x05\x4C\xFA\xD1\xFF\xFE" "\xF1\x4C\xE5\xB2\x91\x64\x0C\x51", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, { /* Generated with Crypto++ */ .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55" "\x0F\x32\x55\x78\x9B\xBE\x78\x9B" @@ -15483,9 +15314,6 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { "\xD8\xFE\xC9\x5B\x5C\x25\xE5\x76" "\xFB\xF2\x3F", .len = 499, - .also_non_np = 1, - .np = 2, - .tap = { 499 - 16, 16 }, }, }; @@ -16609,8 +16437,6 @@ static const struct cipher_testvec aes_ctr_rfc3686_tv_template[] = { "\x4b\xef\x31\x18\xea\xac\xb1\x84" "\x21\xed\xda\x86", .len = 4100, - .np = 2, - .tap = { 4064, 36 }, }, }; @@ -16638,9 +16464,6 @@ static const struct cipher_testvec aes_ofb_tv_template[] = { "\x30\x4c\x65\x28\xf6\x59\xc7\x78" "\x66\xa5\x10\xd9\xc1\xd6\xae\x5e", .len = 64, - .also_non_np = 1, - .np = 2, - .tap = { 31, 33 }, }, { /* > 16 bytes, not a multiple of 16 bytes */ .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", @@ -23174,9 +22997,6 @@ static const struct cipher_testvec cast5_tv_template[] = { "\x4F\xFE\x24\x9C\x9A\x02\xE5\x57" "\xF5\xBC\x25\xD6\x02\x56\x57\x1C", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -23311,9 +23131,6 @@ static const struct cipher_testvec cast5_cbc_tv_template[] = { "\x15\x5F\xDB\xE9\xB1\x83\xD2\xE6" "\x1D\x18\x66\x44\x5B\x8F\x14\xEB", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -23460,9 +23277,6 @@ static const struct cipher_testvec cast5_ctr_tv_template[] = { "\x8C\x98\xDB\xDE\xFC\x72\x94\xAA" "\xC0\x0D\x96\xAA\x23\xF8\xFE\x13", .len = 496, - .also_non_np = 1, - .np = 3, - .tap = { 496 - 20, 4, 16 }, }, }; @@ -23835,20 +23649,6 @@ static const struct cipher_testvec fcrypt_pcbc_tv_template[] = { "\x19\x89\x09\x1c\x2a\x8e\x8c\x94" "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f", .len = 48, - }, { /* split-page version */ - .key = "\xfe\xdc\xba\x98\x76\x54\x32\x10", - .klen = 8, - .iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", - .ptext = "The quick brown fox jumps over the lazy dogs.\0\0", - .ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c" - "\x01\x88\x7f\x3e\x31\x6e\x62\x9d" - "\xd8\xe0\x57\xa3\x06\x3a\x42\x58" - "\x2a\x28\xfe\x72\x52\x2f\xdd\xe0" - "\x19\x89\x09\x1c\x2a\x8e\x8c\x94" - "\xfc\xc7\x68\xe4\x88\xaa\xde\x0f", - .len = 48, - .np = 2, - .tap = { 20, 28 }, } }; @@ -24145,9 +23945,6 @@ static const struct cipher_testvec camellia_tv_template[] = { "\xF8\xB2\xAA\x7A\xD6\xFF\xFA\x55" "\x33\x1A\xBB\xD3\xA2\x7E\x97\x66", .len = 1008, - .also_non_np = 1, - .np = 3, - .tap = { 1008 - 20, 4, 16 }, }, }; @@ -24438,9 +24235,6 @@ static const struct cipher_testvec camellia_cbc_tv_template[] = { "\x55\x01\xD4\x58\xB2\xF2\x85\x49" "\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C", .len = 1008, - .also_non_np = 1, - .np = 3, - .tap = { 1008 - 20, 4, 16 }, }, }; @@ -24841,9 +24635,6 @@ static const struct cipher_testvec camellia_ctr_tv_template[] = { "\xE7\x2C\x49\x08\x8B\x72\xFA\x5C" "\xF1\x6B\xD9", .len = 1011, - .also_non_np = 1, - .np = 2, - .tap = { 1011 - 16, 16 }, }, { /* Generated with Crypto++ */ .key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9" "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A" @@ -25346,9 +25137,6 @@ static const struct cipher_testvec camellia_lrw_tv_template[] = { "\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9" "\x5a\xa8\x92\x7f\xba\xe6\x0c\x95", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -25683,9 +25471,6 @@ static const struct cipher_testvec camellia_xts_tv_template[] = { "\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e" "\xd5\xc6\x99\xcc\x4e\x6c\x94\x95", .len = 512, - .also_non_np = 1, - .np = 3, - .tap = { 512 - 20, 4, 16 }, }, }; @@ -26889,8 +26674,6 @@ static const struct cipher_testvec salsa20_stream_tv_template[] = { "\x87\x13\xc6\x5b\x59\x8d\xf2\xc8" "\xaf\xdf\x11\x95", .len = 4100, - .np = 2, - .tap = { 4064, 36 }, }, }; @@ -27023,9 +26806,6 @@ static const struct cipher_testvec chacha20_tv_template[] = { "\x5b\x86\x2f\x37\x30\xe3\x7c\xfd" "\xc4\xfd\x80\x6c\x22\xf2\x21", .len = 375, - .also_non_np = 1, - .np = 3, - .tap = { 375 - 20, 4, 16 }, }, { /* RFC7539 A.2. Test Vector #3 */ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" @@ -27399,9 +27179,6 @@ static const struct cipher_testvec chacha20_tv_template[] = { "\xa1\xed\xad\xd5\x76\xfa\x24\x8f" "\x98", .len = 1281, - .also_non_np = 1, - .np = 3, - .tap = { 1200, 1, 80 }, }, }; @@ -27594,9 +27371,6 @@ static const struct cipher_testvec xchacha20_tv_template[] = { "\xab\xff\x1f\x12\xc3\xee\xe5\x65" "\x12\x8d\x7b\x61\xe5\x1f\x98", .len = 375, - .also_non_np = 1, - .np = 3, - .tap = { 375 - 20, 4, 16 }, }, { /* Derived from a ChaCha20 test vector, via the process above */ .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" @@ -27974,9 +27748,6 @@ static const struct cipher_testvec xchacha20_tv_template[] = { "\xba\xd0\x34\xc9\x2d\x91\xc5\x17" "\x11", .len = 1281, - .also_non_np = 1, - .np = 3, - .tap = { 1200, 1, 80 }, }, { /* test vector from https://tools.ietf.org/html/draft-arciszewski-xchacha-02#appendix-A.3.2 */ .key = "\x80\x81\x82\x83\x84\x85\x86\x87" "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" @@ -28259,9 +28030,6 @@ static const struct cipher_testvec xchacha12_tv_template[] = { "\xda\x4e\xc9\xab\x9b\x8a\x7b", .len = 375, - .also_non_np = 1, - .np = 3, - .tap = { 375 - 20, 4, 16 }, }, { .key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a" @@ -28639,9 +28407,6 @@ static const struct cipher_testvec xchacha12_tv_template[] = { "\xf0\xfc\x5e\x1c\xf1\xf5\xf9\xf3" "\x5b", .len = 1281, - .also_non_np = 1, - .np = 3, - .tap = { 1200, 1, 80 }, }, { .key = "\x80\x81\x82\x83\x84\x85\x86\x87" "\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f" @@ -28749,9 +28514,6 @@ static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = { .ctext = "\x6d\x32\x86\x18\x67\x86\x0f\x3f" "\x96\x7c\x9d\x28\x0d\x53\xec\x9f", .len = 16, - .also_non_np = 1, - .np = 2, - .tap = { 14, 2 }, }, { .key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99" "\x5f\x1a\x5a\x44\x1d\x92\x0f\x27" @@ -28814,9 +28576,6 @@ static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = { "\x74\xa6\xaa\xa3\xac\xdc\xc2\xf5" "\x8d\xde\x34\x86\x78\x60\x75\x8d", .len = 128, - .also_non_np = 1, - .np = 4, - .tap = { 104, 16, 4, 4 }, }, { .key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a" "\x25\x74\x29\x0d\x51\x8a\x0e\x13" @@ -28956,9 +28715,6 @@ static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = { "\x21\xb0\x21\x52\xba\xa7\x37\xaa" "\xcc\xbf\x95\xa8\xf4\xd0\x91\xf6", .len = 512, - .also_non_np = 1, - .np = 2, - .tap = { 144, 368 }, } }; @@ -28980,9 +28736,6 @@ static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = { .ctext = "\xf6\x78\x97\xd6\xaa\x94\x01\x27" "\x2e\x4d\x83\xe0\x6e\x64\x9a\xdf", .len = 16, - .also_non_np = 1, - .np = 3, - .tap = { 5, 2, 9 }, }, { .key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99" "\x5f\x1a\x5a\x44\x1d\x92\x0f\x27" @@ -29002,9 +28755,6 @@ static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = { "\x57\x72\xb5\xfd\xb5\x5d\xb8\x28" "\x0c\x04\x91\x14\x91\xe9\x37", .len = 31, - .also_non_np = 1, - .np = 2, - .tap = { 16, 15 }, }, { .key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7" "\x05\x91\x8f\xee\x85\x1f\x35\x7f" @@ -29048,9 +28798,6 @@ static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = { "\x29\x62\x0d\xb2\xf6\x3c\x58\x57" "\xc1\xd5\x5a\xbb\xd6\xa6\x2a\xe5", .len = 128, - .also_non_np = 1, - .np = 4, - .tap = { 112, 7, 8, 1 }, }, { .key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a" "\x25\x74\x29\x0d\x51\x8a\x0e\x13" -- cgit From ed96804ff1a5f94bdf4cda73ee81ba4545a076e5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:47 -0800 Subject: crypto: testmgr - convert aead testing to use testvec_configs Convert alg_test_aead() to use the new test framework, using the same list of testvec_configs that skcipher testing uses. This significantly improves AEAD test coverage mainly because previously there was only very limited test coverage of the possible data layouts. Now the data layouts to test are listed in one place for all algorithms and optionally are also randomly generated. In fact, only one AEAD algorithm (AES-GCM) even had a chunked test case before. This already found bugs in all the AEGIS and MORUS implementations, the x86 AES-GCM implementation, and the arm64 AES-CCM implementation. I removed the AEAD chunked test vectors that were the same as non-chunked ones, but left the ones that were unique. Note: the rewritten test code allocates an aead_request just once per algorithm rather than once per encryption/decryption, but some AEAD algorithms incorrectly change the tfm pointer in the request. It's nontrivial to fix these, so to move forward I'm temporarily working around it by resetting the tfm pointer. But they'll need to be fixed. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 613 +++++++++++++++++-------------------------------------- crypto/testmgr.h | 47 ----- 2 files changed, 185 insertions(+), 475 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index a275c7c2c371..6a870e21b0cf 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1208,443 +1208,222 @@ static int test_hash(struct crypto_ahash *tfm, return 0; } -static int __test_aead(struct crypto_aead *tfm, int enc, - const struct aead_testvec *template, unsigned int tcount, - const bool diff_dst, const int align_offset) +static int test_aead_vec_cfg(const char *driver, int enc, + const struct aead_testvec *vec, + unsigned int vec_num, + const struct testvec_config *cfg, + struct aead_request *req, + struct cipher_test_sglists *tsgls) { - const char *algo = crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)); - unsigned int i, j, k, n, temp; - int ret = -ENOMEM; - char *q; - char *key; - struct aead_request *req; - struct scatterlist *sg; - struct scatterlist *sgout; - const char *e, *d; - struct crypto_wait wait; - unsigned int authsize, iv_len; - char *iv; - char *xbuf[XBUFSIZE]; - char *xoutbuf[XBUFSIZE]; - char *axbuf[XBUFSIZE]; - - iv = kzalloc(MAX_IVLEN, GFP_KERNEL); - if (!iv) - return ret; - key = kmalloc(MAX_KEYLEN, GFP_KERNEL); - if (!key) - goto out_noxbuf; - if (testmgr_alloc_buf(xbuf)) - goto out_noxbuf; - if (testmgr_alloc_buf(axbuf)) - goto out_noaxbuf; - if (diff_dst && testmgr_alloc_buf(xoutbuf)) - goto out_nooutbuf; - - /* avoid "the frame size is larger than 1024 bytes" compiler warning */ - sg = kmalloc(array3_size(sizeof(*sg), 8, (diff_dst ? 4 : 2)), - GFP_KERNEL); - if (!sg) - goto out_nosg; - sgout = &sg[16]; - - if (diff_dst) - d = "-ddst"; - else - d = ""; + struct crypto_aead *tfm = crypto_aead_reqtfm(req); + const unsigned int alignmask = crypto_aead_alignmask(tfm); + const unsigned int ivsize = crypto_aead_ivsize(tfm); + const unsigned int authsize = vec->clen - vec->plen; + const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; + const char *op = enc ? "encryption" : "decryption"; + DECLARE_CRYPTO_WAIT(wait); + u8 _iv[3 * (MAX_ALGAPI_ALIGNMASK + 1) + MAX_IVLEN]; + u8 *iv = PTR_ALIGN(&_iv[0], 2 * (MAX_ALGAPI_ALIGNMASK + 1)) + + cfg->iv_offset + + (cfg->iv_offset_relative_to_alignmask ? alignmask : 0); + struct kvec input[2]; + int err; - if (enc == ENCRYPT) - e = "encryption"; + /* Set the key */ + if (vec->wk) + crypto_aead_set_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); else - e = "decryption"; - - crypto_init_wait(&wait); - - req = aead_request_alloc(tfm, GFP_KERNEL); - if (!req) { - pr_err("alg: aead%s: Failed to allocate request for %s\n", - d, algo); - goto out; + crypto_aead_clear_flags(tfm, CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); + err = crypto_aead_setkey(tfm, vec->key, vec->klen); + if (err) { + if (vec->fail) /* expectedly failed to set key? */ + return 0; + pr_err("alg: aead: %s setkey failed with err %d on test vector %u; flags=%#x\n", + driver, err, vec_num, crypto_aead_get_flags(tfm)); + return err; } - - aead_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &wait); - - iv_len = crypto_aead_ivsize(tfm); - - for (i = 0, j = 0; i < tcount; i++) { - const char *input, *expected_output; - unsigned int inlen, outlen; - char *inbuf, *outbuf, *assocbuf; - - if (template[i].np) - continue; - if (enc) { - if (template[i].novrfy) - continue; - input = template[i].ptext; - inlen = template[i].plen; - expected_output = template[i].ctext; - outlen = template[i].clen; - } else { - input = template[i].ctext; - inlen = template[i].clen; - expected_output = template[i].ptext; - outlen = template[i].plen; - } - - j++; - - /* some templates have no input data but they will - * touch input - */ - inbuf = xbuf[0] + align_offset; - assocbuf = axbuf[0]; - - ret = -EINVAL; - if (WARN_ON(align_offset + template[i].clen > PAGE_SIZE || - template[i].alen > PAGE_SIZE)) - goto out; - - memcpy(inbuf, input, inlen); - memcpy(assocbuf, template[i].assoc, template[i].alen); - if (template[i].iv) - memcpy(iv, template[i].iv, iv_len); - else - memset(iv, 0, iv_len); - - crypto_aead_clear_flags(tfm, ~0); - if (template[i].wk) - crypto_aead_set_flags(tfm, - CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); - - if (template[i].klen > MAX_KEYLEN) { - pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", - d, j, algo, template[i].klen, - MAX_KEYLEN); - ret = -EINVAL; - goto out; - } - memcpy(key, template[i].key, template[i].klen); - - ret = crypto_aead_setkey(tfm, key, template[i].klen); - if (template[i].fail == !ret) { - pr_err("alg: aead%s: setkey failed on test %d for %s: flags=%x\n", - d, j, algo, crypto_aead_get_flags(tfm)); - goto out; - } else if (ret) - continue; - - authsize = template[i].clen - template[i].plen; - ret = crypto_aead_setauthsize(tfm, authsize); - if (ret) { - pr_err("alg: aead%s: Failed to set authsize to %u on test %d for %s\n", - d, authsize, j, algo); - goto out; - } - - k = !!template[i].alen; - sg_init_table(sg, k + 1); - sg_set_buf(&sg[0], assocbuf, template[i].alen); - sg_set_buf(&sg[k], inbuf, template[i].clen); - outbuf = inbuf; - - if (diff_dst) { - sg_init_table(sgout, k + 1); - sg_set_buf(&sgout[0], assocbuf, template[i].alen); - - outbuf = xoutbuf[0] + align_offset; - sg_set_buf(&sgout[k], outbuf, template[i].clen); - } - - aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, inlen, - iv); - - aead_request_set_ad(req, template[i].alen); - - ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) - : crypto_aead_decrypt(req), &wait); - - switch (ret) { - case 0: - if (template[i].novrfy) { - /* verification was supposed to fail */ - pr_err("alg: aead%s: %s failed on test %d for %s: ret was 0, expected -EBADMSG\n", - d, e, j, algo); - /* so really, we got a bad message */ - ret = -EBADMSG; - goto out; - } - break; - case -EBADMSG: - if (template[i].novrfy) - /* verification failure was expected */ - continue; - /* fall through */ - default: - pr_err("alg: aead%s: %s failed on test %d for %s: ret=%d\n", - d, e, j, algo, -ret); - goto out; - } - - if (memcmp(outbuf, expected_output, outlen)) { - pr_err("alg: aead%s: Test %d failed on %s for %s\n", - d, j, e, algo); - hexdump(outbuf, outlen); - ret = -EINVAL; - goto out; - } + if (vec->fail) { + pr_err("alg: aead: %s setkey unexpectedly succeeded on test vector %u\n", + driver, vec_num); + return -EINVAL; } - for (i = 0, j = 0; i < tcount; i++) { - const char *input, *expected_output; - unsigned int inlen, outlen; - - /* alignment tests are only done with continuous buffers */ - if (align_offset != 0) - break; - - if (!template[i].np) - continue; - - if (enc) { - if (template[i].novrfy) - continue; - input = template[i].ptext; - inlen = template[i].plen; - expected_output = template[i].ctext; - outlen = template[i].clen; - } else { - input = template[i].ctext; - inlen = template[i].clen; - expected_output = template[i].ptext; - outlen = template[i].plen; - } - - j++; - - if (template[i].iv) - memcpy(iv, template[i].iv, iv_len); - else - memset(iv, 0, MAX_IVLEN); - - crypto_aead_clear_flags(tfm, ~0); - if (template[i].wk) - crypto_aead_set_flags(tfm, - CRYPTO_TFM_REQ_FORBID_WEAK_KEYS); - if (template[i].klen > MAX_KEYLEN) { - pr_err("alg: aead%s: setkey failed on test %d for %s: key size %d > %d\n", - d, j, algo, template[i].klen, MAX_KEYLEN); - ret = -EINVAL; - goto out; - } - memcpy(key, template[i].key, template[i].klen); - - ret = crypto_aead_setkey(tfm, key, template[i].klen); - if (template[i].fail == !ret) { - pr_err("alg: aead%s: setkey failed on chunk test %d for %s: flags=%x\n", - d, j, algo, crypto_aead_get_flags(tfm)); - goto out; - } else if (ret) - continue; - - authsize = template[i].clen - template[i].plen; - - ret = -EINVAL; - sg_init_table(sg, template[i].anp + template[i].np); - if (diff_dst) - sg_init_table(sgout, template[i].anp + template[i].np); - - ret = -EINVAL; - for (k = 0, temp = 0; k < template[i].anp; k++) { - if (WARN_ON(offset_in_page(IDX[k]) + - template[i].atap[k] > PAGE_SIZE)) - goto out; - sg_set_buf(&sg[k], - memcpy(axbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]), - template[i].assoc + temp, - template[i].atap[k]), - template[i].atap[k]); - if (diff_dst) - sg_set_buf(&sgout[k], - axbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]), - template[i].atap[k]); - temp += template[i].atap[k]; - } - - for (k = 0, temp = 0; k < template[i].np; k++) { - n = template[i].tap[k]; - if (k == template[i].np - 1 && !enc) - n += authsize; - - if (WARN_ON(offset_in_page(IDX[k]) + n > PAGE_SIZE)) - goto out; - - q = xbuf[IDX[k] >> PAGE_SHIFT] + offset_in_page(IDX[k]); - memcpy(q, input + temp, n); - sg_set_buf(&sg[template[i].anp + k], q, n); - - if (diff_dst) { - q = xoutbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]); - - memset(q, 0, n); - - sg_set_buf(&sgout[template[i].anp + k], q, n); - } - - if (k == template[i].np - 1 && enc) - n += authsize; - if (offset_in_page(q) + n < PAGE_SIZE) - q[n] = 0; - - temp += n; - } + /* Set the authentication tag size */ + err = crypto_aead_setauthsize(tfm, authsize); + if (err) { + pr_err("alg: aead: %s setauthsize failed with err %d on test vector %u\n", + driver, err, vec_num); + return err; + } - ret = crypto_aead_setauthsize(tfm, authsize); - if (ret) { - pr_err("alg: aead%s: Failed to set authsize to %u on chunk test %d for %s\n", - d, authsize, j, algo); - goto out; - } + /* The IV must be copied to a buffer, as the algorithm may modify it */ + if (WARN_ON(ivsize > MAX_IVLEN)) + return -EINVAL; + if (vec->iv) + memcpy(iv, vec->iv, ivsize); + else + memset(iv, 0, ivsize); - if (enc) { - if (WARN_ON(sg[template[i].anp + k - 1].offset + - sg[template[i].anp + k - 1].length + - authsize > PAGE_SIZE)) { - ret = -EINVAL; - goto out; - } + /* Build the src/dst scatterlists */ + input[0].iov_base = (void *)vec->assoc; + input[0].iov_len = vec->alen; + input[1].iov_base = enc ? (void *)vec->ptext : (void *)vec->ctext; + input[1].iov_len = enc ? vec->plen : vec->clen; + err = build_cipher_test_sglists(tsgls, cfg, alignmask, + vec->alen + (enc ? vec->plen : + vec->clen), + vec->alen + (enc ? vec->clen : + vec->plen), + input, 2); + if (err) { + pr_err("alg: aead: %s %s: error preparing scatterlists for test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return err; + } - if (diff_dst) - sgout[template[i].anp + k - 1].length += - authsize; - sg[template[i].anp + k - 1].length += authsize; - } + /* Do the actual encryption or decryption */ + testmgr_poison(req->__ctx, crypto_aead_reqsize(tfm)); + aead_request_set_callback(req, req_flags, crypto_req_done, &wait); + aead_request_set_crypt(req, tsgls->src.sgl_ptr, tsgls->dst.sgl_ptr, + enc ? vec->plen : vec->clen, iv); + aead_request_set_ad(req, vec->alen); + err = crypto_wait_req(enc ? crypto_aead_encrypt(req) : + crypto_aead_decrypt(req), &wait); - aead_request_set_crypt(req, sg, (diff_dst) ? sgout : sg, - inlen, iv); + aead_request_set_tfm(req, tfm); /* TODO: get rid of this */ - aead_request_set_ad(req, template[i].alen); + if (err) { + if (err == -EBADMSG && vec->novrfy) + return 0; + pr_err("alg: aead: %s %s failed with err %d on test vector %u, cfg=\"%s\"\n", + driver, op, err, vec_num, cfg->name); + return err; + } + if (vec->novrfy) { + pr_err("alg: aead: %s %s unexpectedly succeeded on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return -EINVAL; + } - ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) - : crypto_aead_decrypt(req), &wait); + /* Check for the correct output (ciphertext or plaintext) */ + err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, + enc ? vec->clen : vec->plen, + vec->alen, enc || !cfg->inplace); + if (err == -EOVERFLOW) { + pr_err("alg: aead: %s %s overran dst buffer on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return err; + } + if (err) { + pr_err("alg: aead: %s %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return err; + } - switch (ret) { - case 0: - if (template[i].novrfy) { - /* verification was supposed to fail */ - pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret was 0, expected -EBADMSG\n", - d, e, j, algo); - /* so really, we got a bad message */ - ret = -EBADMSG; - goto out; - } - break; - case -EBADMSG: - if (template[i].novrfy) - /* verification failure was expected */ - continue; - /* fall through */ - default: - pr_err("alg: aead%s: %s failed on chunk test %d for %s: ret=%d\n", - d, e, j, algo, -ret); - goto out; - } + return 0; +} - ret = -EINVAL; - for (k = 0, temp = 0; k < template[i].np; k++) { - if (diff_dst) - q = xoutbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]); - else - q = xbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]); +static int test_aead_vec(const char *driver, int enc, + const struct aead_testvec *vec, unsigned int vec_num, + struct aead_request *req, + struct cipher_test_sglists *tsgls) +{ + unsigned int i; + int err; - n = template[i].tap[k]; - if (k == template[i].np - 1 && enc) - n += authsize; + if (enc && vec->novrfy) + return 0; - if (memcmp(q, expected_output + temp, n)) { - pr_err("alg: aead%s: Chunk test %d failed on %s at page %u for %s\n", - d, j, e, k, algo); - hexdump(q, n); - goto out; - } + for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) { + err = test_aead_vec_cfg(driver, enc, vec, vec_num, + &default_cipher_testvec_configs[i], + req, tsgls); + if (err) + return err; + } - q += n; - if (k == template[i].np - 1 && !enc) { - if (!diff_dst && memcmp(q, input + temp + n, - authsize)) - n = authsize; - else - n = 0; - } else { - for (n = 0; offset_in_page(q + n) && q[n]; n++) - ; - } - if (n) { - pr_err("alg: aead%s: Result buffer corruption in chunk test %d on %s at page %u for %s: %u bytes:\n", - d, j, e, k, algo, n); - hexdump(q, n); - goto out; - } +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS + if (!noextratests) { + struct testvec_config cfg; + char cfgname[TESTVEC_CONFIG_NAMELEN]; - temp += template[i].tap[k]; + for (i = 0; i < fuzz_iterations; i++) { + generate_random_testvec_config(&cfg, cfgname, + sizeof(cfgname)); + err = test_aead_vec_cfg(driver, enc, vec, vec_num, + &cfg, req, tsgls); + if (err) + return err; } } +#endif + return 0; +} - ret = 0; +static int test_aead(const char *driver, int enc, + const struct aead_test_suite *suite, + struct aead_request *req, + struct cipher_test_sglists *tsgls) +{ + unsigned int i; + int err; -out: - aead_request_free(req); - kfree(sg); -out_nosg: - if (diff_dst) - testmgr_free_buf(xoutbuf); -out_nooutbuf: - testmgr_free_buf(axbuf); -out_noaxbuf: - testmgr_free_buf(xbuf); -out_noxbuf: - kfree(key); - kfree(iv); - return ret; + for (i = 0; i < suite->count; i++) { + err = test_aead_vec(driver, enc, &suite->vecs[i], i, req, + tsgls); + if (err) + return err; + } + return 0; } -static int test_aead(struct crypto_aead *tfm, int enc, - const struct aead_testvec *template, unsigned int tcount) +static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, + u32 type, u32 mask) { - unsigned int alignmask; - int ret; + const struct aead_test_suite *suite = &desc->suite.aead; + struct crypto_aead *tfm; + struct aead_request *req = NULL; + struct cipher_test_sglists *tsgls = NULL; + int err; - /* test 'dst == src' case */ - ret = __test_aead(tfm, enc, template, tcount, false, 0); - if (ret) - return ret; + if (suite->count <= 0) { + pr_err("alg: aead: empty test suite for %s\n", driver); + return -EINVAL; + } - /* test 'dst != src' case */ - ret = __test_aead(tfm, enc, template, tcount, true, 0); - if (ret) - return ret; + tfm = crypto_alloc_aead(driver, type, mask); + if (IS_ERR(tfm)) { + pr_err("alg: aead: failed to allocate transform for %s: %ld\n", + driver, PTR_ERR(tfm)); + return PTR_ERR(tfm); + } - /* test unaligned buffers, check with one byte offset */ - ret = __test_aead(tfm, enc, template, tcount, true, 1); - if (ret) - return ret; + req = aead_request_alloc(tfm, GFP_KERNEL); + if (!req) { + pr_err("alg: aead: failed to allocate request for %s\n", + driver); + err = -ENOMEM; + goto out; + } - alignmask = crypto_tfm_alg_alignmask(&tfm->base); - if (alignmask) { - /* Check if alignment mask for tfm is correctly set. */ - ret = __test_aead(tfm, enc, template, tcount, true, - alignmask + 1); - if (ret) - return ret; + tsgls = alloc_cipher_test_sglists(); + if (!tsgls) { + pr_err("alg: aead: failed to allocate test buffers for %s\n", + driver); + err = -ENOMEM; + goto out; } - return 0; + err = test_aead(driver, ENCRYPT, suite, req, tsgls); + if (err) + goto out; + + err = test_aead(driver, DECRYPT, suite, req, tsgls); +out: + free_cipher_test_sglists(tsgls); + aead_request_free(req); + crypto_free_aead(tfm); + return err; } static int test_cipher(struct crypto_cipher *tfm, int enc, @@ -2274,28 +2053,6 @@ out: return err; } -static int alg_test_aead(const struct alg_test_desc *desc, const char *driver, - u32 type, u32 mask) -{ - const struct aead_test_suite *suite = &desc->suite.aead; - struct crypto_aead *tfm; - int err; - - tfm = crypto_alloc_aead(driver, type, mask); - if (IS_ERR(tfm)) { - printk(KERN_ERR "alg: aead: Failed to load transform for %s: " - "%ld\n", driver, PTR_ERR(tfm)); - return PTR_ERR(tfm); - } - - err = test_aead(tfm, ENCRYPT, suite->vecs, suite->count); - if (!err) - err = test_aead(tfm, DECRYPT, suite->vecs, suite->count); - - crypto_free_aead(tfm); - return err; -} - static int alg_test_cipher(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 1a73af8a79f7..dfd8059d1306 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -78,10 +78,6 @@ struct cipher_testvec { * @ctext: Pointer to the full authenticated ciphertext. For AEADs that * produce a separate "ciphertext" and "authentication tag", these * two parts are concatenated: ciphertext || tag. - * @tap: How to distribute ptext data in @np SGs - * @atap: How to distribute assoc data in @anp SGs - * @np: Numbers of SG to distribute ptext data in - * @anp: Numbers of SG to distribute assoc data in * @fail: setkey() failure expected? * @novrfy: Decryption verification failure expected? * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? @@ -97,10 +93,6 @@ struct aead_testvec { const char *ptext; const char *assoc; const char *ctext; - unsigned char tap[MAX_TAP]; - unsigned char atap[MAX_TAP]; - int np; - int anp; bool fail; unsigned char novrfy; unsigned char wk; @@ -16605,41 +16597,6 @@ static const struct aead_testvec aes_gcm_tv_template[] = { "\x99\x24\xa7\xc8\x58\x73\x36\xbf" "\xb1\x18\x02\x4d\xb8\x67\x4a\x14", .clen = 80, - }, { - .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" - "\x6d\x6a\x8f\x94\x67\x30\x83\x08" - "\xfe\xff\xe9\x92\x86\x65\x73\x1c", - .klen = 24, - .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" - "\xde\xca\xf8\x88", - .ptext = "\xd9\x31\x32\x25\xf8\x84\x06\xe5" - "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" - "\x86\xa7\xa9\x53\x15\x34\xf7\xda" - "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" - "\x1c\x3c\x0c\x95\x95\x68\x09\x53" - "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" - "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" - "\xba\x63\x7b\x39", - .plen = 60, - .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xfe\xed\xfa\xce\xde\xad\xbe\xef" - "\xab\xad\xda\xd2", - .alen = 20, - .ctext = "\x39\x80\xca\x0b\x3c\x00\xe8\x41" - "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" - "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" - "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" - "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" - "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" - "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" - "\xcc\xda\x27\x10" - "\x25\x19\x49\x8e\x80\xf1\x47\x8f" - "\x37\xba\x55\xbd\x6d\x27\x61\x8c", - .clen = 76, - .np = 2, - .tap = { 32, 28 }, - .anp = 2, - .atap = { 8, 12 } }, { .key = zeroed_string, .klen = 32, @@ -16716,10 +16673,6 @@ static const struct aead_testvec aes_gcm_tv_template[] = { "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b", .clen = 76, - .np = 2, - .tap = { 48, 12 }, - .anp = 3, - .atap = { 8, 8, 4 } }, { .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" "\x6d\x6a\x8f\x94\x67\x30\x83\x08" -- cgit From 4cc2dcf95f1c2849e489df91c07aee5f368a39f9 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:48 -0800 Subject: crypto: testmgr - convert hash testing to use testvec_configs Convert alg_test_hash() to use the new test framework, adding a list of testvec_configs to test by default. When the extra self-tests are enabled, randomly generated testvec_configs are tested as well. This improves hash test coverage mainly because now all algorithms have a variety of data layouts tested, whereas before each algorithm was responsible for declaring its own chunked test cases which were often missing or provided poor test coverage. The new code also tests both the MAY_SLEEP and !MAY_SLEEP cases and buffers that cross pages. This already found bugs in the hash walk code and in the arm32 and arm64 implementations of crct10dif. I removed the hash chunked test vectors that were the same as non-chunked ones, but left the ones that were unique. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 795 ++++++++++++++++++++++++------------------------------- crypto/testmgr.h | 107 +------- 2 files changed, 352 insertions(+), 550 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 6a870e21b0cf..e5d8a0b8aea5 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -71,18 +71,6 @@ int alg_test(const char *driver, const char *alg, u32 type, u32 mask) */ #define XBUFSIZE 8 -/* - * Indexes into the xbuf to simulate cross-page access. - */ -#define IDX1 32 -#define IDX2 32400 -#define IDX3 1511 -#define IDX4 8193 -#define IDX5 22222 -#define IDX6 17101 -#define IDX7 27333 -#define IDX8 3000 - /* * Used by test_cipher() */ @@ -149,9 +137,6 @@ struct alg_test_desc { } suite; }; -static const unsigned int IDX[8] = { - IDX1, IDX2, IDX3, IDX4, IDX5, IDX6, IDX7, IDX8 }; - static void hexdump(unsigned char *buf, unsigned int len) { print_hex_dump(KERN_CONT, "", DUMP_PREFIX_OFFSET, @@ -346,6 +331,79 @@ static const struct testvec_config default_cipher_testvec_configs[] = { } }; +static const struct testvec_config default_hash_testvec_configs[] = { + { + .name = "init+update+final aligned buffer", + .src_divs = { { .proportion_of_total = 10000 } }, + .finalization_type = FINALIZATION_TYPE_FINAL, + }, { + .name = "init+finup aligned buffer", + .src_divs = { { .proportion_of_total = 10000 } }, + .finalization_type = FINALIZATION_TYPE_FINUP, + }, { + .name = "digest aligned buffer", + .src_divs = { { .proportion_of_total = 10000 } }, + .finalization_type = FINALIZATION_TYPE_DIGEST, + }, { + .name = "init+update+final misaligned buffer", + .src_divs = { { .proportion_of_total = 10000, .offset = 1 } }, + .finalization_type = FINALIZATION_TYPE_FINAL, + }, { + .name = "digest buffer aligned only to alignmask", + .src_divs = { + { + .proportion_of_total = 10000, + .offset = 1, + .offset_relative_to_alignmask = true, + }, + }, + .finalization_type = FINALIZATION_TYPE_DIGEST, + }, { + .name = "init+update+update+final two even splits", + .src_divs = { + { .proportion_of_total = 5000 }, + { + .proportion_of_total = 5000, + .flush_type = FLUSH_TYPE_FLUSH, + }, + }, + .finalization_type = FINALIZATION_TYPE_FINAL, + }, { + .name = "digest uneven misaligned splits, may sleep", + .req_flags = CRYPTO_TFM_REQ_MAY_SLEEP, + .src_divs = { + { .proportion_of_total = 1900, .offset = 33 }, + { .proportion_of_total = 3300, .offset = 7 }, + { .proportion_of_total = 4800, .offset = 18 }, + }, + .finalization_type = FINALIZATION_TYPE_DIGEST, + }, { + .name = "digest misaligned splits crossing pages", + .src_divs = { + { + .proportion_of_total = 7500, + .offset = PAGE_SIZE - 32, + }, { + .proportion_of_total = 2500, + .offset = PAGE_SIZE - 7, + }, + }, + .finalization_type = FINALIZATION_TYPE_DIGEST, + }, { + .name = "import/export", + .src_divs = { + { + .proportion_of_total = 6500, + .flush_type = FLUSH_TYPE_REIMPORT, + }, { + .proportion_of_total = 3500, + .flush_type = FLUSH_TYPE_REIMPORT, + }, + }, + .finalization_type = FINALIZATION_TYPE_FINAL, + } +}; + static unsigned int count_test_sg_divisions(const struct test_sg_division *divs) { unsigned int remaining = TEST_SG_TOTAL; @@ -782,430 +840,320 @@ static void generate_random_testvec_config(struct testvec_config *cfg, } #endif /* CONFIG_CRYPTO_MANAGER_EXTRA_TESTS */ -static int ahash_guard_result(char *result, char c, int size) +static int check_nonfinal_hash_op(const char *op, int err, + u8 *result, unsigned int digestsize, + const char *driver, unsigned int vec_num, + const struct testvec_config *cfg) { - int i; - - for (i = 0; i < size; i++) { - if (result[i] != c) - return -EINVAL; - } - - return 0; -} - -static int ahash_partial_update(struct ahash_request **preq, - struct crypto_ahash *tfm, const struct hash_testvec *template, - void *hash_buff, int k, int temp, struct scatterlist *sg, - const char *algo, char *result, struct crypto_wait *wait) -{ - char *state; - struct ahash_request *req; - int statesize, ret = -EINVAL; - static const unsigned char guard[] = { 0x00, 0xba, 0xad, 0x00 }; - int digestsize = crypto_ahash_digestsize(tfm); - - req = *preq; - statesize = crypto_ahash_statesize( - crypto_ahash_reqtfm(req)); - state = kmalloc(statesize + sizeof(guard), GFP_KERNEL); - if (!state) { - pr_err("alg: hash: Failed to alloc state for %s\n", algo); - goto out_nostate; - } - memcpy(state + statesize, guard, sizeof(guard)); - memset(result, 1, digestsize); - ret = crypto_ahash_export(req, state); - WARN_ON(memcmp(state + statesize, guard, sizeof(guard))); - if (ret) { - pr_err("alg: hash: Failed to export() for %s\n", algo); - goto out; - } - ret = ahash_guard_result(result, 1, digestsize); - if (ret) { - pr_err("alg: hash: Failed, export used req->result for %s\n", - algo); - goto out; - } - ahash_request_free(req); - req = ahash_request_alloc(tfm, GFP_KERNEL); - if (!req) { - pr_err("alg: hash: Failed to alloc request for %s\n", algo); - goto out_noreq; - } - ahash_request_set_callback(req, - CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, wait); - - memcpy(hash_buff, template->plaintext + temp, - template->tap[k]); - sg_init_one(&sg[0], hash_buff, template->tap[k]); - ahash_request_set_crypt(req, sg, result, template->tap[k]); - ret = crypto_ahash_import(req, state); - if (ret) { - pr_err("alg: hash: Failed to import() for %s\n", algo); - goto out; + if (err) { + pr_err("alg: hash: %s %s() failed with err %d on test vector %u, cfg=\"%s\"\n", + driver, op, err, vec_num, cfg->name); + return err; } - ret = ahash_guard_result(result, 1, digestsize); - if (ret) { - pr_err("alg: hash: Failed, import used req->result for %s\n", - algo); - goto out; + if (!testmgr_is_poison(result, digestsize)) { + pr_err("alg: hash: %s %s() used result buffer on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return -EINVAL; } - ret = crypto_wait_req(crypto_ahash_update(req), wait); - if (ret) - goto out; - *preq = req; - ret = 0; - goto out_noreq; -out: - ahash_request_free(req); -out_noreq: - kfree(state); -out_nostate: - return ret; + return 0; } -enum hash_test { - HASH_TEST_DIGEST, - HASH_TEST_FINAL, - HASH_TEST_FINUP -}; - -static int __test_hash(struct crypto_ahash *tfm, - const struct hash_testvec *template, unsigned int tcount, - enum hash_test test_type, const int align_offset) +static int test_hash_vec_cfg(const char *driver, + const struct hash_testvec *vec, + unsigned int vec_num, + const struct testvec_config *cfg, + struct ahash_request *req, + struct test_sglist *tsgl, + u8 *hashstate) { - const char *algo = crypto_tfm_alg_driver_name(crypto_ahash_tfm(tfm)); - size_t digest_size = crypto_ahash_digestsize(tfm); - unsigned int i, j, k, temp; - struct scatterlist sg[8]; - char *result; - char *key; - struct ahash_request *req; - struct crypto_wait wait; - void *hash_buff; - char *xbuf[XBUFSIZE]; - int ret = -ENOMEM; - - result = kmalloc(digest_size, GFP_KERNEL); - if (!result) - return ret; - key = kmalloc(MAX_KEYLEN, GFP_KERNEL); - if (!key) - goto out_nobuf; - if (testmgr_alloc_buf(xbuf)) - goto out_nobuf; + struct crypto_ahash *tfm = crypto_ahash_reqtfm(req); + const unsigned int alignmask = crypto_ahash_alignmask(tfm); + const unsigned int digestsize = crypto_ahash_digestsize(tfm); + const unsigned int statesize = crypto_ahash_statesize(tfm); + const u32 req_flags = CRYPTO_TFM_REQ_MAY_BACKLOG | cfg->req_flags; + const struct test_sg_division *divs[XBUFSIZE]; + DECLARE_CRYPTO_WAIT(wait); + struct kvec _input; + struct iov_iter input; + unsigned int i; + struct scatterlist *pending_sgl; + unsigned int pending_len; + u8 result[HASH_MAX_DIGESTSIZE + TESTMGR_POISON_LEN]; + int err; - crypto_init_wait(&wait); + /* Set the key, if specified */ + if (vec->ksize) { + err = crypto_ahash_setkey(tfm, vec->key, vec->ksize); + if (err) { + pr_err("alg: hash: %s setkey failed with err %d on test vector %u; flags=%#x\n", + driver, err, vec_num, + crypto_ahash_get_flags(tfm)); + return err; + } + } - req = ahash_request_alloc(tfm, GFP_KERNEL); - if (!req) { - printk(KERN_ERR "alg: hash: Failed to allocate request for " - "%s\n", algo); - goto out_noreq; + /* Build the scatterlist for the source data */ + _input.iov_base = (void *)vec->plaintext; + _input.iov_len = vec->psize; + iov_iter_kvec(&input, WRITE, &_input, 1, vec->psize); + err = build_test_sglist(tsgl, cfg->src_divs, alignmask, vec->psize, + &input, divs); + if (err) { + pr_err("alg: hash: %s: error preparing scatterlist for test vector %u, cfg=\"%s\"\n", + driver, vec_num, cfg->name); + return err; } - ahash_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, - crypto_req_done, &wait); - j = 0; - for (i = 0; i < tcount; i++) { - if (template[i].np) - continue; + /* Do the actual hashing */ - ret = -EINVAL; - if (WARN_ON(align_offset + template[i].psize > PAGE_SIZE)) - goto out; + testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); + testmgr_poison(result, digestsize + TESTMGR_POISON_LEN); - j++; - memset(result, 0, digest_size); + if (cfg->finalization_type == FINALIZATION_TYPE_DIGEST) { + /* Just using digest() */ + ahash_request_set_callback(req, req_flags, crypto_req_done, + &wait); + ahash_request_set_crypt(req, tsgl->sgl, result, vec->psize); + err = crypto_wait_req(crypto_ahash_digest(req), &wait); + if (err) { + pr_err("alg: hash: %s digest() failed with err %d on test vector %u, cfg=\"%s\"\n", + driver, err, vec_num, cfg->name); + return err; + } + goto result_ready; + } - hash_buff = xbuf[0]; - hash_buff += align_offset; + /* Using init(), zero or more update(), then final() or finup() */ - memcpy(hash_buff, template[i].plaintext, template[i].psize); - sg_init_one(&sg[0], hash_buff, template[i].psize); + ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); + ahash_request_set_crypt(req, NULL, result, 0); + err = crypto_wait_req(crypto_ahash_init(req), &wait); + err = check_nonfinal_hash_op("init", err, result, digestsize, + driver, vec_num, cfg); + if (err) + return err; - if (template[i].ksize) { - crypto_ahash_clear_flags(tfm, ~0); - if (template[i].ksize > MAX_KEYLEN) { - pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n", - j, algo, template[i].ksize, MAX_KEYLEN); - ret = -EINVAL; - goto out; - } - memcpy(key, template[i].key, template[i].ksize); - ret = crypto_ahash_setkey(tfm, key, template[i].ksize); - if (ret) { - printk(KERN_ERR "alg: hash: setkey failed on " - "test %d for %s: ret=%d\n", j, algo, - -ret); - goto out; - } + pending_sgl = NULL; + pending_len = 0; + for (i = 0; i < tsgl->nents; i++) { + if (divs[i]->flush_type != FLUSH_TYPE_NONE && + pending_sgl != NULL) { + /* update() with the pending data */ + ahash_request_set_callback(req, req_flags, + crypto_req_done, &wait); + ahash_request_set_crypt(req, pending_sgl, result, + pending_len); + err = crypto_wait_req(crypto_ahash_update(req), &wait); + err = check_nonfinal_hash_op("update", err, + result, digestsize, + driver, vec_num, cfg); + if (err) + return err; + pending_sgl = NULL; + pending_len = 0; } - - ahash_request_set_crypt(req, sg, result, template[i].psize); - switch (test_type) { - case HASH_TEST_DIGEST: - ret = crypto_wait_req(crypto_ahash_digest(req), &wait); - if (ret) { - pr_err("alg: hash: digest failed on test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; - } - break; - - case HASH_TEST_FINAL: - memset(result, 1, digest_size); - ret = crypto_wait_req(crypto_ahash_init(req), &wait); - if (ret) { - pr_err("alg: hash: init failed on test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; - } - ret = ahash_guard_result(result, 1, digest_size); - if (ret) { - pr_err("alg: hash: init failed on test %d " - "for %s: used req->result\n", j, algo); - goto out; - } - ret = crypto_wait_req(crypto_ahash_update(req), &wait); - if (ret) { - pr_err("alg: hash: update failed on test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; - } - ret = ahash_guard_result(result, 1, digest_size); - if (ret) { - pr_err("alg: hash: update failed on test %d " - "for %s: used req->result\n", j, algo); - goto out; - } - ret = crypto_wait_req(crypto_ahash_final(req), &wait); - if (ret) { - pr_err("alg: hash: final failed on test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; + if (divs[i]->flush_type == FLUSH_TYPE_REIMPORT) { + /* Test ->export() and ->import() */ + testmgr_poison(hashstate + statesize, + TESTMGR_POISON_LEN); + err = crypto_ahash_export(req, hashstate); + err = check_nonfinal_hash_op("export", err, + result, digestsize, + driver, vec_num, cfg); + if (err) + return err; + if (!testmgr_is_poison(hashstate + statesize, + TESTMGR_POISON_LEN)) { + pr_err("alg: hash: %s export() overran state buffer on test vector %u, cfg=\"%s\"\n", + driver, vec_num, cfg->name); + return -EOVERFLOW; } - break; - case HASH_TEST_FINUP: - memset(result, 1, digest_size); - ret = crypto_wait_req(crypto_ahash_init(req), &wait); - if (ret) { - pr_err("alg: hash: init failed on test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; - } - ret = ahash_guard_result(result, 1, digest_size); - if (ret) { - pr_err("alg: hash: init failed on test %d " - "for %s: used req->result\n", j, algo); - goto out; - } - ret = crypto_wait_req(crypto_ahash_finup(req), &wait); - if (ret) { - pr_err("alg: hash: final failed on test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; - } - break; + testmgr_poison(req->__ctx, crypto_ahash_reqsize(tfm)); + err = crypto_ahash_import(req, hashstate); + err = check_nonfinal_hash_op("import", err, + result, digestsize, + driver, vec_num, cfg); + if (err) + return err; } + if (pending_sgl == NULL) + pending_sgl = &tsgl->sgl[i]; + pending_len += tsgl->sgl[i].length; + } - if (memcmp(result, template[i].digest, - crypto_ahash_digestsize(tfm))) { - printk(KERN_ERR "alg: hash: Test %d failed for %s\n", - j, algo); - hexdump(result, crypto_ahash_digestsize(tfm)); - ret = -EINVAL; - goto out; + ahash_request_set_callback(req, req_flags, crypto_req_done, &wait); + ahash_request_set_crypt(req, pending_sgl, result, pending_len); + if (cfg->finalization_type == FINALIZATION_TYPE_FINAL) { + /* finish with update() and final() */ + err = crypto_wait_req(crypto_ahash_update(req), &wait); + err = check_nonfinal_hash_op("update", err, result, digestsize, + driver, vec_num, cfg); + if (err) + return err; + err = crypto_wait_req(crypto_ahash_final(req), &wait); + if (err) { + pr_err("alg: hash: %s final() failed with err %d on test vector %u, cfg=\"%s\"\n", + driver, err, vec_num, cfg->name); + return err; + } + } else { + /* finish with finup() */ + err = crypto_wait_req(crypto_ahash_finup(req), &wait); + if (err) { + pr_err("alg: hash: %s finup() failed with err %d on test vector %u, cfg=\"%s\"\n", + driver, err, vec_num, cfg->name); + return err; } } - if (test_type) - goto out; - - j = 0; - for (i = 0; i < tcount; i++) { - /* alignment tests are only done with continuous buffers */ - if (align_offset != 0) - break; +result_ready: + /* Check that the algorithm produced the correct digest */ + if (memcmp(result, vec->digest, digestsize) != 0) { + pr_err("alg: hash: %s test failed (wrong result) on test vector %u, cfg=\"%s\"\n", + driver, vec_num, cfg->name); + return -EINVAL; + } + if (!testmgr_is_poison(&result[digestsize], TESTMGR_POISON_LEN)) { + pr_err("alg: hash: %s overran result buffer on test vector %u, cfg=\"%s\"\n", + driver, vec_num, cfg->name); + return -EOVERFLOW; + } - if (!template[i].np) - continue; + return 0; +} - j++; - memset(result, 0, digest_size); +static int test_hash_vec(const char *driver, const struct hash_testvec *vec, + unsigned int vec_num, struct ahash_request *req, + struct test_sglist *tsgl, u8 *hashstate) +{ + unsigned int i; + int err; - temp = 0; - sg_init_table(sg, template[i].np); - ret = -EINVAL; - for (k = 0; k < template[i].np; k++) { - if (WARN_ON(offset_in_page(IDX[k]) + - template[i].tap[k] > PAGE_SIZE)) - goto out; - sg_set_buf(&sg[k], - memcpy(xbuf[IDX[k] >> PAGE_SHIFT] + - offset_in_page(IDX[k]), - template[i].plaintext + temp, - template[i].tap[k]), - template[i].tap[k]); - temp += template[i].tap[k]; - } - - if (template[i].ksize) { - if (template[i].ksize > MAX_KEYLEN) { - pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n", - j, algo, template[i].ksize, MAX_KEYLEN); - ret = -EINVAL; - goto out; - } - crypto_ahash_clear_flags(tfm, ~0); - memcpy(key, template[i].key, template[i].ksize); - ret = crypto_ahash_setkey(tfm, key, template[i].ksize); - - if (ret) { - printk(KERN_ERR "alg: hash: setkey " - "failed on chunking test %d " - "for %s: ret=%d\n", j, algo, -ret); - goto out; - } - } + for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) { + err = test_hash_vec_cfg(driver, vec, vec_num, + &default_hash_testvec_configs[i], + req, tsgl, hashstate); + if (err) + return err; + } - ahash_request_set_crypt(req, sg, result, template[i].psize); - ret = crypto_wait_req(crypto_ahash_digest(req), &wait); - if (ret) { - pr_err("alg: hash: digest failed on chunking test %d for %s: ret=%d\n", - j, algo, -ret); - goto out; - } +#ifdef CONFIG_CRYPTO_MANAGER_EXTRA_TESTS + if (!noextratests) { + struct testvec_config cfg; + char cfgname[TESTVEC_CONFIG_NAMELEN]; - if (memcmp(result, template[i].digest, - crypto_ahash_digestsize(tfm))) { - printk(KERN_ERR "alg: hash: Chunking test %d " - "failed for %s\n", j, algo); - hexdump(result, crypto_ahash_digestsize(tfm)); - ret = -EINVAL; - goto out; + for (i = 0; i < fuzz_iterations; i++) { + generate_random_testvec_config(&cfg, cfgname, + sizeof(cfgname)); + err = test_hash_vec_cfg(driver, vec, vec_num, &cfg, + req, tsgl, hashstate); + if (err) + return err; } } +#endif + return 0; +} - /* partial update exercise */ - j = 0; - for (i = 0; i < tcount; i++) { - /* alignment tests are only done with continuous buffers */ - if (align_offset != 0) - break; +static int __alg_test_hash(const struct hash_testvec *vecs, + unsigned int num_vecs, const char *driver, + u32 type, u32 mask) +{ + struct crypto_ahash *tfm; + struct ahash_request *req = NULL; + struct test_sglist *tsgl = NULL; + u8 *hashstate = NULL; + unsigned int i; + int err; - if (template[i].np < 2) - continue; + tfm = crypto_alloc_ahash(driver, type, mask); + if (IS_ERR(tfm)) { + pr_err("alg: hash: failed to allocate transform for %s: %ld\n", + driver, PTR_ERR(tfm)); + return PTR_ERR(tfm); + } - j++; - memset(result, 0, digest_size); + req = ahash_request_alloc(tfm, GFP_KERNEL); + if (!req) { + pr_err("alg: hash: failed to allocate request for %s\n", + driver); + err = -ENOMEM; + goto out; + } - ret = -EINVAL; - hash_buff = xbuf[0]; - memcpy(hash_buff, template[i].plaintext, - template[i].tap[0]); - sg_init_one(&sg[0], hash_buff, template[i].tap[0]); - - if (template[i].ksize) { - crypto_ahash_clear_flags(tfm, ~0); - if (template[i].ksize > MAX_KEYLEN) { - pr_err("alg: hash: setkey failed on test %d for %s: key size %d > %d\n", - j, algo, template[i].ksize, MAX_KEYLEN); - ret = -EINVAL; - goto out; - } - memcpy(key, template[i].key, template[i].ksize); - ret = crypto_ahash_setkey(tfm, key, template[i].ksize); - if (ret) { - pr_err("alg: hash: setkey failed on test %d for %s: ret=%d\n", - j, algo, -ret); - goto out; - } - } + tsgl = kmalloc(sizeof(*tsgl), GFP_KERNEL); + if (!tsgl || init_test_sglist(tsgl) != 0) { + pr_err("alg: hash: failed to allocate test buffers for %s\n", + driver); + kfree(tsgl); + tsgl = NULL; + err = -ENOMEM; + goto out; + } - ahash_request_set_crypt(req, sg, result, template[i].tap[0]); - ret = crypto_wait_req(crypto_ahash_init(req), &wait); - if (ret) { - pr_err("alg: hash: init failed on test %d for %s: ret=%d\n", - j, algo, -ret); - goto out; - } - ret = crypto_wait_req(crypto_ahash_update(req), &wait); - if (ret) { - pr_err("alg: hash: update failed on test %d for %s: ret=%d\n", - j, algo, -ret); - goto out; - } + hashstate = kmalloc(crypto_ahash_statesize(tfm) + TESTMGR_POISON_LEN, + GFP_KERNEL); + if (!hashstate) { + pr_err("alg: hash: failed to allocate hash state buffer for %s\n", + driver); + err = -ENOMEM; + goto out; + } - temp = template[i].tap[0]; - for (k = 1; k < template[i].np; k++) { - ret = ahash_partial_update(&req, tfm, &template[i], - hash_buff, k, temp, &sg[0], algo, result, - &wait); - if (ret) { - pr_err("alg: hash: partial update failed on test %d for %s: ret=%d\n", - j, algo, -ret); - goto out_noreq; - } - temp += template[i].tap[k]; - } - ret = crypto_wait_req(crypto_ahash_final(req), &wait); - if (ret) { - pr_err("alg: hash: final failed on test %d for %s: ret=%d\n", - j, algo, -ret); - goto out; - } - if (memcmp(result, template[i].digest, - crypto_ahash_digestsize(tfm))) { - pr_err("alg: hash: Partial Test %d failed for %s\n", - j, algo); - hexdump(result, crypto_ahash_digestsize(tfm)); - ret = -EINVAL; + for (i = 0; i < num_vecs; i++) { + err = test_hash_vec(driver, &vecs[i], i, req, tsgl, hashstate); + if (err) goto out; - } } - - ret = 0; - + err = 0; out: + kfree(hashstate); + if (tsgl) { + destroy_test_sglist(tsgl); + kfree(tsgl); + } ahash_request_free(req); -out_noreq: - testmgr_free_buf(xbuf); -out_nobuf: - kfree(key); - kfree(result); - return ret; + crypto_free_ahash(tfm); + return err; } -static int test_hash(struct crypto_ahash *tfm, - const struct hash_testvec *template, - unsigned int tcount, enum hash_test test_type) +static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, + u32 type, u32 mask) { - unsigned int alignmask; - int ret; + const struct hash_testvec *template = desc->suite.hash.vecs; + unsigned int tcount = desc->suite.hash.count; + unsigned int nr_unkeyed, nr_keyed; + int err; - ret = __test_hash(tfm, template, tcount, test_type, 0); - if (ret) - return ret; + /* + * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests + * first, before setting a key on the tfm. To make this easier, we + * require that the unkeyed test vectors (if any) are listed first. + */ - /* test unaligned buffers, check with one byte offset */ - ret = __test_hash(tfm, template, tcount, test_type, 1); - if (ret) - return ret; + for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { + if (template[nr_unkeyed].ksize) + break; + } + for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { + if (!template[nr_unkeyed + nr_keyed].ksize) { + pr_err("alg: hash: test vectors for %s out of order, " + "unkeyed ones must come first\n", desc->alg); + return -EINVAL; + } + } - alignmask = crypto_tfm_alg_alignmask(&tfm->base); - if (alignmask) { - /* Check if alignment mask for tfm is correctly set. */ - ret = __test_hash(tfm, template, tcount, test_type, - alignmask + 1); - if (ret) - return ret; + err = 0; + if (nr_unkeyed) { + err = __alg_test_hash(template, nr_unkeyed, driver, type, mask); + template += nr_unkeyed; } - return 0; + if (!err && nr_keyed) + err = __alg_test_hash(template, nr_keyed, driver, type, mask); + + return err; } static int test_aead_vec_cfg(const char *driver, int enc, @@ -2113,67 +2061,6 @@ static int alg_test_comp(const struct alg_test_desc *desc, const char *driver, return err; } -static int __alg_test_hash(const struct hash_testvec *template, - unsigned int tcount, const char *driver, - u32 type, u32 mask) -{ - struct crypto_ahash *tfm; - int err; - - tfm = crypto_alloc_ahash(driver, type, mask); - if (IS_ERR(tfm)) { - printk(KERN_ERR "alg: hash: Failed to load transform for %s: " - "%ld\n", driver, PTR_ERR(tfm)); - return PTR_ERR(tfm); - } - - err = test_hash(tfm, template, tcount, HASH_TEST_DIGEST); - if (!err) - err = test_hash(tfm, template, tcount, HASH_TEST_FINAL); - if (!err) - err = test_hash(tfm, template, tcount, HASH_TEST_FINUP); - crypto_free_ahash(tfm); - return err; -} - -static int alg_test_hash(const struct alg_test_desc *desc, const char *driver, - u32 type, u32 mask) -{ - const struct hash_testvec *template = desc->suite.hash.vecs; - unsigned int tcount = desc->suite.hash.count; - unsigned int nr_unkeyed, nr_keyed; - int err; - - /* - * For OPTIONAL_KEY algorithms, we have to do all the unkeyed tests - * first, before setting a key on the tfm. To make this easier, we - * require that the unkeyed test vectors (if any) are listed first. - */ - - for (nr_unkeyed = 0; nr_unkeyed < tcount; nr_unkeyed++) { - if (template[nr_unkeyed].ksize) - break; - } - for (nr_keyed = 0; nr_unkeyed + nr_keyed < tcount; nr_keyed++) { - if (!template[nr_unkeyed + nr_keyed].ksize) { - pr_err("alg: hash: test vectors for %s out of order, " - "unkeyed ones must come first\n", desc->alg); - return -EINVAL; - } - } - - err = 0; - if (nr_unkeyed) { - err = __alg_test_hash(template, nr_unkeyed, driver, type, mask); - template += nr_unkeyed; - } - - if (!err && nr_keyed) - err = __alg_test_hash(template, nr_keyed, driver, type, mask); - - return err; -} - static int alg_test_crc32c(const struct alg_test_desc *desc, const char *driver, u32 type, u32 mask) { @@ -3956,6 +3843,10 @@ static void alg_check_testvec_configs(void) for (i = 0; i < ARRAY_SIZE(default_cipher_testvec_configs); i++) WARN_ON(!valid_testvec_config( &default_cipher_testvec_configs[i])); + + for (i = 0; i < ARRAY_SIZE(default_hash_testvec_configs); i++) + WARN_ON(!valid_testvec_config( + &default_hash_testvec_configs[i])); } static void testmgr_onetime_init(void) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index dfd8059d1306..8f1d30b54a76 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -5,6 +5,7 @@ * Copyright (c) 2002 Jean-Francois Dive * Copyright (c) 2007 Nokia Siemens Networks * Copyright (c) 2008 Herbert Xu + * Copyright (c) 2019 Google LLC * * Updated RFC4106 AES-GCM testing. Some test vectors were taken from * http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ @@ -24,19 +25,20 @@ #ifndef _CRYPTO_TESTMGR_H #define _CRYPTO_TESTMGR_H -#define MAX_DIGEST_SIZE 64 -#define MAX_TAP 8 - -#define MAX_KEYLEN 1088 #define MAX_IVLEN 32 +/* + * hash_testvec: structure to describe a hash (message digest) test + * @key: Pointer to key (NULL if none) + * @plaintext: Pointer to source data + * @digest: Pointer to expected digest + * @psize: Length of source data in bytes + * @ksize: Length of @key in bytes (0 if no key) + */ struct hash_testvec { - /* only used with keyed hash algorithms */ const char *key; const char *plaintext; const char *digest; - unsigned short tap[MAX_TAP]; - unsigned short np; unsigned short psize; unsigned short ksize; }; @@ -1022,8 +1024,6 @@ static const struct hash_testvec md4_tv_template[] = { .psize = 26, .digest = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd" "\xee\xa8\xed\x63\xdf\x41\x2d\xa9", - .np = 2, - .tap = { 13, 13 }, }, { .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", .psize = 62, @@ -1060,8 +1060,6 @@ static const struct hash_testvec sha3_224_tv_template[] = { "\xc9\xfd\x55\x74\x49\x44\x79\xba" "\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea" "\xd0\xfc\xce\x33", - .np = 2, - .tap = { 28, 28 }, }, { .plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -1221,8 +1219,6 @@ static const struct hash_testvec sha3_256_tv_template[] = { "\x49\x10\x03\x76\xa8\x23\x5e\x2c" "\x82\xe1\xb9\x99\x8a\x99\x9e\x21" "\xdb\x32\xdd\x97\x49\x6d\x33\x76", - .np = 2, - .tap = { 28, 28 }, }, { .plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -1389,8 +1385,6 @@ static const struct hash_testvec sha3_384_tv_template[] = { "\x9b\xfd\xbc\x32\xb9\xd4\xad\x5a" "\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1" "\x9e\xef\x51\xac\xd0\x65\x7c\x22", - .np = 2, - .tap = { 28, 28 }, }, { .plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -1565,8 +1559,6 @@ static const struct hash_testvec sha3_512_tv_template[] = { "\xba\x1b\x0d\x8d\xc7\x8c\x08\x63" "\x46\xb5\x33\xb4\x9c\x03\x0d\x99" "\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e", - .np = 2, - .tap = { 28, 28 }, }, { .plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -1736,8 +1728,6 @@ static const struct hash_testvec md5_tv_template[] = { .psize = 26, .digest = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b", - .np = 2, - .tap = {13, 13} }, { .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", .psize = 62, @@ -1798,8 +1788,6 @@ static const struct hash_testvec rmd128_tv_template[] = { .psize = 56, .digest = "\xa1\xaa\x06\x89\xd0\xfa\xfa\x2d" "\xdc\x22\xe8\x8b\x49\x13\x3a\x06", - .np = 2, - .tap = { 28, 28 }, }, { .plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi" "jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr" @@ -1860,8 +1848,6 @@ static const struct hash_testvec rmd160_tv_template[] = { .psize = 56, .digest = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05" "\xa0\x6c\x27\xdc\xf4\x9a\xda\x62\xeb\x2b", - .np = 2, - .tap = { 28, 28 }, }, { .plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi" "jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr" @@ -1938,8 +1924,6 @@ static const struct hash_testvec rmd256_tv_template[] = { "\xc8\xd9\x12\x85\x73\xe7\xa9\x80" "\x9a\xfb\x2a\x0f\x34\xcc\xc3\x6e" "\xa9\xe7\x2f\x16\xf6\x36\x8e\x3f", - .np = 2, - .tap = { 28, 28 }, } }; @@ -2004,8 +1988,6 @@ static const struct hash_testvec rmd320_tv_template[] = { "\xb8\x4d\xf7\x69\xa5\xde\x20\x60\xe2\x59" "\xdf\x4c\x9b\xb4\xa4\x26\x8c\x0e\x93\x5b" "\xbc\x74\x70\xa9\x69\xc9\xd0\x72\xa1\xac", - .np = 2, - .tap = { 28, 28 }, } }; @@ -2019,26 +2001,11 @@ static const struct hash_testvec crct10dif_tv_template[] = { "123456789012345678901234567890123456789", .psize = 79, .digest = (u8 *)(u16 []){ 0x4b70 }, - .np = 2, - .tap = { 63, 16 }, }, { .plaintext = "abcdddddddddddddddddddddddddddddddddddddddd" "ddddddddddddd", .psize = 56, .digest = (u8 *)(u16 []){ 0x9ce3 }, - .np = 8, - .tap = { 1, 2, 28, 7, 6, 5, 4, 3 }, - }, { - .plaintext = "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890" - "123456789012345678901234567890123456789", - .psize = 319, - .digest = (u8 *)(u16 []){ 0x44c6 }, }, { .plaintext = "1234567890123456789012345678901234567890" "1234567890123456789012345678901234567890" @@ -2050,8 +2017,6 @@ static const struct hash_testvec crct10dif_tv_template[] = { "123456789012345678901234567890123456789", .psize = 319, .digest = (u8 *)(u16 []){ 0x44c6 }, - .np = 4, - .tap = { 1, 255, 57, 6 }, }, { .plaintext = "\x6e\x05\x79\x10\xa7\x1b\xb2\x49" "\xe0\x54\xeb\x82\x19\x8d\x24\xbb" @@ -2517,8 +2482,6 @@ static const struct hash_testvec sha1_tv_template[] = { .psize = 56, .digest = "\x84\x98\x3e\x44\x1c\x3b\xd2\x6e\xba\xae" "\x4a\xa1\xf9\x51\x29\xe5\xe5\x46\x70\xf1", - .np = 2, - .tap = { 28, 28 } }, { .plaintext = "\xec\x29\x56\x12\x44\xed\xe7\x06" "\xb6\xeb\x30\xa1\xc3\x71\xd7\x44" @@ -2544,8 +2507,6 @@ static const struct hash_testvec sha1_tv_template[] = { .psize = 163, .digest = "\x97\x01\x11\xc4\xe7\x7b\xcc\x88\xcc\x20" "\x45\x9c\x02\xb6\x9b\x4a\xa8\xf5\x82\x17", - .np = 4, - .tap = { 63, 64, 31, 5 } }, { .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", .psize = 64, @@ -2714,8 +2675,6 @@ static const struct hash_testvec sha224_tv_template[] = { "\x5D\xBA\x5D\xA1\xFD\x89\x01\x50" "\xB0\xC6\x45\x5C\xB4\xF5\x8B\x19" "\x52\x52\x25\x25", - .np = 2, - .tap = { 28, 28 } }, { .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", .psize = 64, @@ -2885,8 +2844,6 @@ static const struct hash_testvec sha256_tv_template[] = { "\xe5\xc0\x26\x93\x0c\x3e\x60\x39" "\xa3\x3c\xe4\x59\x64\xff\x21\x67" "\xf6\xec\xed\xd4\x19\xdb\x06\xc1", - .np = 2, - .tap = { 28, 28 } }, { .plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-", .psize = 64, @@ -3082,8 +3039,6 @@ static const struct hash_testvec sha384_tv_template[] = { "\x4d\x8f\xd0\x14\xe5\x82\x82\x3a" "\x89\xe1\x6f\x9b\x2a\x7b\xbc\x1a" "\xc9\x38\xe2\xd1\x99\xe8\xbe\xa4", - .np = 4, - .tap = { 26, 26, 26, 26 } }, { .plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -3284,8 +3239,6 @@ static const struct hash_testvec sha512_tv_template[] = { "\xb2\x78\xe6\x6d\xff\x8b\x84\xfe" "\x2b\x28\x70\xf7\x42\xa5\x80\xd8" "\xed\xb4\x19\x87\x23\x28\x50\xc9", - .np = 4, - .tap = { 26, 26, 26, 26 } }, { .plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3" "\x7a\x11\x85\x1c\xb3\x27\xbe\x55" @@ -3818,8 +3771,6 @@ static const struct hash_testvec ghash_tv_template[] = .psize = 28, .digest = "\x3e\x1f\x5c\x4d\x65\xf0\xef\xce" "\x0d\x61\x06\x27\x66\x51\xd5\xe2", - .np = 2, - .tap = {14, 14} }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", @@ -3930,8 +3881,6 @@ static const struct hash_testvec hmac_md5_tv_template[] = .psize = 28, .digest = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03" "\xea\xa8\x6e\x31\x0a\x5d\xb7\x38", - .np = 2, - .tap = {14, 14} }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", .ksize = 16, @@ -4009,8 +3958,6 @@ static const struct hash_testvec hmac_rmd128_tv_template[] = { .psize = 28, .digest = "\x87\x5f\x82\x88\x62\xb6\xb3\x34" "\xb4\x27\xc5\x5f\x9f\x7f\xf0\x9b", - .np = 2, - .tap = { 14, 14 }, }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", .ksize = 16, @@ -4088,8 +4035,6 @@ static const struct hash_testvec hmac_rmd160_tv_template[] = { .psize = 28, .digest = "\xdd\xa6\xc0\x21\x3a\x48\x5a\x9e\x24\xf4" "\x74\x20\x64\xa7\xf0\x33\xb4\x3c\x40\x69", - .np = 2, - .tap = { 14, 14 }, }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", .ksize = 20, @@ -4168,8 +4113,6 @@ static const struct hash_testvec hmac_sha1_tv_template[] = { .psize = 28, .digest = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74" "\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79", - .np = 2, - .tap = { 14, 14 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", .ksize = 20, @@ -4259,8 +4202,6 @@ static const struct hash_testvec hmac_sha224_tv_template[] = { "\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f" "\x8b\xbe\xa2\xa3\x9e\x61\x48\x00" "\x8f\xd0\x5e\x44", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -4404,8 +4345,6 @@ static const struct hash_testvec hmac_sha256_tv_template[] = { "\x6a\x04\x24\x26\x08\x95\x75\xc7" "\x5a\x00\x3f\x08\x9d\x27\x39\x83" "\x9d\xec\x58\xb9\x64\xec\x38\x43", - .np = 2, - .tap = { 14, 14 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -4578,8 +4517,6 @@ static const struct hash_testvec aes_cbcmac_tv_template[] = { "\xf8\xf2\x76\x03\xac\x39\xb0\x9d", .psize = 33, .ksize = 16, - .np = 2, - .tap = { 7, 26 }, }, { .key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6" "\xab\xf7\x15\x88\x09\xcf\x4f\x3c", @@ -4696,9 +4633,7 @@ static const struct hash_testvec aes_xcbc128_tv_template[] = { "\x10\x11\x12\x13", .digest = "\x47\xf5\x1b\x45\x64\x96\x62\x15" "\xb8\x98\x5c\x63\x05\x5e\xd3\x08", - .tap = { 10, 10 }, .psize = 20, - .np = 2, .ksize = 16, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" @@ -4721,9 +4656,7 @@ static const struct hash_testvec aes_xcbc128_tv_template[] = { "\x20\x21", .digest = "\xbe\xcb\xb3\xbc\xcd\xb5\x18\xa3" "\x06\x77\xd5\x48\x1f\xb6\xb4\xd8", - .tap = { 17, 17 }, .psize = 34, - .np = 2, .ksize = 16, } }; @@ -4806,8 +4739,6 @@ static const struct hash_testvec vmac64_aes_tv_template[] = { "abcabcabcabcabcabcabcabcabcabcabcabcabcabcabc", .psize = 316, .digest = "\x44\x92\xdf\x6c\x5c\xac\x1b\xbe", - .tap = { 1, 100, 200, 15 }, - .np = 4, }, { .key = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", @@ -4912,8 +4843,6 @@ static const struct hash_testvec hmac_sha384_tv_template[] = { "\xe4\x2e\xc3\x73\x63\x22\x44\x5e" "\x8e\x22\x40\xca\x5e\x69\xe2\xc7" "\x8b\x32\x39\xec\xfa\xb2\x16\x49", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -5014,8 +4943,6 @@ static const struct hash_testvec hmac_sha512_tv_template[] = { "\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd" "\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b" "\x63\x6e\x07\x0a\x38\xbc\xe7\x37", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -5111,8 +5038,6 @@ static const struct hash_testvec hmac_sha3_224_tv_template[] = { "\x1b\x79\x86\x34\xad\x38\x68\x11" "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b" "\xba\xce\x5e\x66", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -5200,8 +5125,6 @@ static const struct hash_testvec hmac_sha3_256_tv_template[] = { "\x35\x96\xbb\xb0\xda\x73\xb8\x87" "\xc9\x17\x1f\x93\x09\x5b\x29\x4a" "\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -5293,8 +5216,6 @@ static const struct hash_testvec hmac_sha3_384_tv_template[] = { "\x3c\xa1\x35\x08\xa9\x32\x43\xce" "\x48\xc0\x45\xdc\x00\x7f\x26\xa2" "\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -5394,8 +5315,6 @@ static const struct hash_testvec hmac_sha3_512_tv_template[] = { "\xee\x7a\x0c\x31\xd0\x22\xa9\x5e" "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83" "\x96\x02\x75\xbe\xb4\xe6\x20\x24", - .np = 4, - .tap = { 7, 7, 7, 7 } }, { .key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" @@ -6003,8 +5922,6 @@ static const struct hash_testvec nhpoly1305_tv_template[] = { .psize = 16, .digest = "\x04\xbf\x7f\x6a\xce\x72\xea\x6a" "\x79\xdb\xb0\xc9\x60\xf6\x12\xcc", - .np = 6, - .tap = { 4, 4, 1, 1, 1, 5 }, }, { .key = "\x65\x4d\xe3\xf8\xd2\x4c\xac\x28" "\x68\xf5\xb3\x81\x71\x4b\xa1\xfa" @@ -6274,8 +6191,6 @@ static const struct hash_testvec nhpoly1305_tv_template[] = { .psize = 1024, .digest = "\x64\x3a\xbc\xc3\x3f\x74\x40\x51" "\x6e\x56\x01\x1a\x51\xec\x36\xde", - .np = 8, - .tap = { 64, 203, 267, 28, 263, 62, 54, 83 }, }, { .key = "\x1b\x82\x2e\x1b\x17\x23\xb9\x6d" "\xdc\x9c\xda\x99\x07\xe3\x5f\xd8" @@ -29461,8 +29376,6 @@ static const struct hash_testvec crc32_tv_template[] = { "\xe9\xea\xeb\xec\xed\xee\xef\xf0", .psize = 240, .digest = "\x6c\xc6\x56\xde", - .np = 2, - .tap = { 31, 209 } }, { .key = "\xff\xff\xff\xff", .ksize = 4, @@ -29902,8 +29815,6 @@ static const struct hash_testvec crc32c_tv_template[] = { "\xe9\xea\xeb\xec\xed\xee\xef\xf0", .psize = 240, .digest = "\x75\xd3\xc5\x24", - .np = 2, - .tap = { 31, 209 } }, { .key = "\xff\xff\xff\xff", .ksize = 4, -- cgit From fa353c99174e83ab59ab69ddbf923223b9e7ebbd Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:49 -0800 Subject: crypto: testmgr - check for skcipher_request corruption Check that algorithms do not change the skcipher_request structure, as users may rely on submitting the request again (e.g. after copying new data into the same source buffer) without reinitializing everything. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index e5d8a0b8aea5..31df04baa85f 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1535,6 +1535,47 @@ static int test_skcipher_vec_cfg(const char *driver, int enc, return err; } + /* Check that the algorithm didn't overwrite things it shouldn't have */ + if (req->cryptlen != vec->len || + req->iv != iv || + req->src != tsgls->src.sgl_ptr || + req->dst != tsgls->dst.sgl_ptr || + crypto_skcipher_reqtfm(req) != tfm || + req->base.complete != crypto_req_done || + req->base.flags != req_flags || + req->base.data != &wait) { + pr_err("alg: skcipher: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + if (req->cryptlen != vec->len) + pr_err("alg: skcipher: changed 'req->cryptlen'\n"); + if (req->iv != iv) + pr_err("alg: skcipher: changed 'req->iv'\n"); + if (req->src != tsgls->src.sgl_ptr) + pr_err("alg: skcipher: changed 'req->src'\n"); + if (req->dst != tsgls->dst.sgl_ptr) + pr_err("alg: skcipher: changed 'req->dst'\n"); + if (crypto_skcipher_reqtfm(req) != tfm) + pr_err("alg: skcipher: changed 'req->base.tfm'\n"); + if (req->base.complete != crypto_req_done) + pr_err("alg: skcipher: changed 'req->base.complete'\n"); + if (req->base.flags != req_flags) + pr_err("alg: skcipher: changed 'req->base.flags'\n"); + if (req->base.data != &wait) + pr_err("alg: skcipher: changed 'req->base.data'\n"); + return -EINVAL; + } + if (is_test_sglist_corrupted(&tsgls->src)) { + pr_err("alg: skcipher: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return -EINVAL; + } + if (tsgls->dst.sgl_ptr != tsgls->src.sgl && + is_test_sglist_corrupted(&tsgls->dst)) { + pr_err("alg: skcipher: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return -EINVAL; + } + /* Check for the correct output (ciphertext or plaintext) */ err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, vec->len, 0, true); -- cgit From a6e5ef9baa2a3245c40b2353c1050bbf1744ca37 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 31 Jan 2019 23:51:50 -0800 Subject: crypto: testmgr - check for aead_request corruption Check that algorithms do not change the aead_request structure, as users may rely on submitting the request again (e.g. after copying new data into the same source buffer) without reinitializing everything. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index 31df04baa85f..d582a2758feb 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1253,6 +1253,50 @@ static int test_aead_vec_cfg(const char *driver, int enc, return -EINVAL; } + /* Check that the algorithm didn't overwrite things it shouldn't have */ + if (req->cryptlen != (enc ? vec->plen : vec->clen) || + req->assoclen != vec->alen || + req->iv != iv || + req->src != tsgls->src.sgl_ptr || + req->dst != tsgls->dst.sgl_ptr || + crypto_aead_reqtfm(req) != tfm || + req->base.complete != crypto_req_done || + req->base.flags != req_flags || + req->base.data != &wait) { + pr_err("alg: aead: %s %s corrupted request struct on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + if (req->cryptlen != (enc ? vec->plen : vec->clen)) + pr_err("alg: aead: changed 'req->cryptlen'\n"); + if (req->assoclen != vec->alen) + pr_err("alg: aead: changed 'req->assoclen'\n"); + if (req->iv != iv) + pr_err("alg: aead: changed 'req->iv'\n"); + if (req->src != tsgls->src.sgl_ptr) + pr_err("alg: aead: changed 'req->src'\n"); + if (req->dst != tsgls->dst.sgl_ptr) + pr_err("alg: aead: changed 'req->dst'\n"); + if (crypto_aead_reqtfm(req) != tfm) + pr_err("alg: aead: changed 'req->base.tfm'\n"); + if (req->base.complete != crypto_req_done) + pr_err("alg: aead: changed 'req->base.complete'\n"); + if (req->base.flags != req_flags) + pr_err("alg: aead: changed 'req->base.flags'\n"); + if (req->base.data != &wait) + pr_err("alg: aead: changed 'req->base.data'\n"); + return -EINVAL; + } + if (is_test_sglist_corrupted(&tsgls->src)) { + pr_err("alg: aead: %s %s corrupted src sgl on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return -EINVAL; + } + if (tsgls->dst.sgl_ptr != tsgls->src.sgl && + is_test_sglist_corrupted(&tsgls->dst)) { + pr_err("alg: aead: %s %s corrupted dst sgl on test vector %u, cfg=\"%s\"\n", + driver, op, vec_num, cfg->name); + return -EINVAL; + } + /* Check for the correct output (ciphertext or plaintext) */ err = verify_correct_output(&tsgls->dst, enc ? vec->ctext : vec->ptext, enc ? vec->clen : vec->plen, -- cgit From 532a50fd278d010e7d9d45357aa1869ed547161c Mon Sep 17 00:00:00 2001 From: Gilad Ben-Yossef Date: Thu, 7 Feb 2019 15:44:15 +0200 Subject: MAINTAINERS: crypto: ccree: remove co-maintainer The best-laid plans of mice and men often go awry. Remove Yael C. as co-maintainer as she moved on to other endeavours. Signed-off-by: Gilad Ben-Yossef Signed-off-by: Herbert Xu --- MAINTAINERS | 1 - 1 file changed, 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 32d444476a90..6f70b9a526b2 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -3512,7 +3512,6 @@ F: include/linux/spi/cc2520.h F: Documentation/devicetree/bindings/net/ieee802154/cc2520.txt CCREE ARM TRUSTZONE CRYPTOCELL REE DRIVER -M: Yael Chemla M: Gilad Ben-Yossef L: linux-crypto@vger.kernel.org S: Supported -- cgit From 920d7f7215d87005beb4aa2b90b9cb0b74b36947 Mon Sep 17 00:00:00 2001 From: Herbert Xu Date: Fri, 8 Feb 2019 15:04:56 +0800 Subject: crypto: qat - Remove unused goto label This patch removes an unused label. Reported-by: Stephen Rothwell Fixes: f0fcf9ade46a ("crypto: qat - no need to check return...") Signed-off-by: Herbert Xu --- drivers/crypto/qat/qat_common/adf_transport.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/crypto/qat/qat_common/adf_transport.c b/drivers/crypto/qat/qat_common/adf_transport.c index ac658ce46836..2136cbe4bf6c 100644 --- a/drivers/crypto/qat/qat_common/adf_transport.c +++ b/drivers/crypto/qat/qat_common/adf_transport.c @@ -498,7 +498,6 @@ int adf_init_etr_data(struct adf_accel_dev *accel_dev) err_bank_all: debugfs_remove(etr_data->debug); -err_bank_debug: kfree(etr_data->banks); err_bank: kfree(etr_data); -- cgit From ba4cf71b6f1b0165f34888b17fe44f4235dd0132 Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 8 Feb 2019 15:50:07 +0200 Subject: crypto: caam - use mapped_{src,dst}_nents for job descriptor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The mapped_{src,dst}_nents _returned_ from the dma_map_sg call (which could be less than src/dst_nents) have to be used to generate the aead, skcipher job descriptors. Signed-off-by: Iuliana Prodan Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index a9ff2e19f9d5..6a52115f880a 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -802,6 +802,8 @@ static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, * aead_edesc - s/w-extended aead descriptor * @src_nents: number of segments in input s/w scatterlist * @dst_nents: number of segments in output s/w scatterlist + * @mapped_src_nents: number of segments in input h/w link table + * @mapped_dst_nents: number of segments in output h/w link table * @sec4_sg_bytes: length of dma mapped sec4_sg space * @sec4_sg_dma: bus physical mapped address of h/w link table * @sec4_sg: pointer to h/w link table @@ -810,6 +812,8 @@ static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, struct aead_edesc { int src_nents; int dst_nents; + int mapped_src_nents; + int mapped_dst_nents; int sec4_sg_bytes; dma_addr_t sec4_sg_dma; struct sec4_sg_entry *sec4_sg; @@ -820,6 +824,8 @@ struct aead_edesc { * skcipher_edesc - s/w-extended skcipher descriptor * @src_nents: number of segments in input s/w scatterlist * @dst_nents: number of segments in output s/w scatterlist + * @mapped_src_nents: number of segments in input h/w link table + * @mapped_dst_nents: number of segments in output h/w link table * @iv_dma: dma address of iv for checking continuity and link table * @sec4_sg_bytes: length of dma mapped sec4_sg space * @sec4_sg_dma: bus physical mapped address of h/w link table @@ -830,6 +836,8 @@ struct aead_edesc { struct skcipher_edesc { int src_nents; int dst_nents; + int mapped_src_nents; + int mapped_dst_nents; dma_addr_t iv_dma; int sec4_sg_bytes; dma_addr_t sec4_sg_dma; @@ -1024,11 +1032,12 @@ static void init_aead_job(struct aead_request *req, init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); if (all_contig) { - src_dma = edesc->src_nents ? sg_dma_address(req->src) : 0; + src_dma = edesc->mapped_src_nents ? sg_dma_address(req->src) : + 0; in_options = 0; } else { src_dma = edesc->sec4_sg_dma; - sec4_sg_index += edesc->src_nents; + sec4_sg_index += edesc->mapped_src_nents; in_options = LDST_SGF; } @@ -1039,9 +1048,9 @@ static void init_aead_job(struct aead_request *req, out_options = in_options; if (unlikely(req->src != req->dst)) { - if (!edesc->dst_nents) { + if (!edesc->mapped_dst_nents) { dst_dma = 0; - } else if (edesc->dst_nents == 1) { + } else if (edesc->mapped_dst_nents == 1) { dst_dma = sg_dma_address(req->dst); out_options = 0; } else { @@ -1214,11 +1223,11 @@ static void init_skcipher_job(struct skcipher_request *req, dst_dma = edesc->sec4_sg_dma + sizeof(struct sec4_sg_entry); out_options = LDST_SGF; } else { - if (edesc->dst_nents == 1) { + if (edesc->mapped_dst_nents == 1) { dst_dma = sg_dma_address(req->dst); } else { - dst_dma = edesc->sec4_sg_dma + (edesc->src_nents + 1) * - sizeof(struct sec4_sg_entry); + dst_dma = edesc->sec4_sg_dma + (edesc->mapped_src_nents + + 1) * sizeof(struct sec4_sg_entry); out_options = LDST_SGF; } } @@ -1324,6 +1333,8 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, edesc->src_nents = src_nents; edesc->dst_nents = dst_nents; + edesc->mapped_src_nents = mapped_src_nents; + edesc->mapped_dst_nents = mapped_dst_nents; edesc->sec4_sg = (void *)edesc + sizeof(struct aead_edesc) + desc_bytes; *all_contig_ptr = !(mapped_src_nents > 1); @@ -1661,6 +1672,8 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, edesc->src_nents = src_nents; edesc->dst_nents = dst_nents; + edesc->mapped_src_nents = mapped_src_nents; + edesc->mapped_dst_nents = mapped_dst_nents; edesc->sec4_sg_bytes = sec4_sg_bytes; edesc->sec4_sg = (struct sec4_sg_entry *)((u8 *)edesc->hw_desc + desc_bytes); -- cgit From bd30cf533b77420b7c504c09cef5ba26b0c9dcb4 Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 8 Feb 2019 15:50:08 +0200 Subject: crypto: export arc4 defines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some arc4 cipher algorithm defines show up in two places: crypto/arc4.c and drivers/crypto/bcm/cipher.h. Let's export them in a common header and update their users. Signed-off-by: Iuliana Prodan Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- crypto/arc4.c | 5 +---- drivers/crypto/bcm/cipher.h | 4 +--- include/crypto/arc4.h | 13 +++++++++++++ 3 files changed, 15 insertions(+), 7 deletions(-) create mode 100644 include/crypto/arc4.h diff --git a/crypto/arc4.c b/crypto/arc4.c index 652d24399afa..6c93342e3405 100644 --- a/crypto/arc4.c +++ b/crypto/arc4.c @@ -13,14 +13,11 @@ */ #include +#include #include #include #include -#define ARC4_MIN_KEY_SIZE 1 -#define ARC4_MAX_KEY_SIZE 256 -#define ARC4_BLOCK_SIZE 1 - struct arc4_ctx { u32 S[256]; u32 x, y; diff --git a/drivers/crypto/bcm/cipher.h b/drivers/crypto/bcm/cipher.h index 763c425c41ca..f6da49758954 100644 --- a/drivers/crypto/bcm/cipher.h +++ b/drivers/crypto/bcm/cipher.h @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -34,9 +35,6 @@ /* Driver supports up to MAX_SPUS SPU blocks */ #define MAX_SPUS 16 -#define ARC4_MIN_KEY_SIZE 1 -#define ARC4_MAX_KEY_SIZE 256 -#define ARC4_BLOCK_SIZE 1 #define ARC4_STATE_SIZE 4 #define CCM_AES_IV_SIZE 16 diff --git a/include/crypto/arc4.h b/include/crypto/arc4.h new file mode 100644 index 000000000000..5b2c24ab0139 --- /dev/null +++ b/include/crypto/arc4.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Common values for ARC4 Cipher Algorithm + */ + +#ifndef _CRYPTO_ARC4_H +#define _CRYPTO_ARC4_H + +#define ARC4_MIN_KEY_SIZE 1 +#define ARC4_MAX_KEY_SIZE 256 +#define ARC4_BLOCK_SIZE 1 + +#endif /* _CRYPTO_ARC4_H */ -- cgit From eaed71a44ad9369a2b2205cedcb9d5d894c733fa Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 8 Feb 2019 15:50:09 +0200 Subject: crypto: caam - add ecb(*) support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add ecb mode support for aes, des, 3des and arc4 ciphers. ecb(*) reuses existing skcipher implementation, updating it with support for no IV. Signed-off-by: Iuliana Prodan Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/Kconfig | 1 + drivers/crypto/caam/caamalg.c | 190 +++++++++++++++++++++++++++++-------- drivers/crypto/caam/caamalg_desc.c | 18 ++-- drivers/crypto/caam/compat.h | 1 + 4 files changed, 161 insertions(+), 49 deletions(-) diff --git a/drivers/crypto/caam/Kconfig b/drivers/crypto/caam/Kconfig index c4b1cade55c1..577c9844b322 100644 --- a/drivers/crypto/caam/Kconfig +++ b/drivers/crypto/caam/Kconfig @@ -91,6 +91,7 @@ config CRYPTO_DEV_FSL_CAAM_CRYPTO_API select CRYPTO_AEAD select CRYPTO_AUTHENC select CRYPTO_BLKCIPHER + select CRYPTO_DES help Selecting this will offload crypto for users of the scatterlist crypto API (such as the linux native IPSec diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 6a52115f880a..90d83ae501a7 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -3,7 +3,7 @@ * caam - Freescale FSL CAAM support for crypto API * * Copyright 2008-2011 Freescale Semiconductor, Inc. - * Copyright 2016-2018 NXP + * Copyright 2016-2019 NXP * * Based on talitos crypto API driver. * @@ -766,6 +766,27 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, return 0; } +static int des_skcipher_setkey(struct crypto_skcipher *skcipher, + const u8 *key, unsigned int keylen) +{ + u32 tmp[DES3_EDE_EXPKEY_WORDS]; + struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher); + + if (keylen == DES3_EDE_KEY_SIZE && + __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) { + return -EINVAL; + } + + if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) & + CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { + crypto_skcipher_set_flags(skcipher, + CRYPTO_TFM_RES_WEAK_KEY); + return -EINVAL; + } + + return skcipher_setkey(skcipher, key, keylen); +} + static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key, unsigned int keylen) { @@ -970,8 +991,9 @@ static void skcipher_encrypt_done(struct device *jrdev, u32 *desc, u32 err, * The crypto API expects us to set the IV (req->iv) to the last * ciphertext block. This is used e.g. by the CTS mode. */ - scatterwalk_map_and_copy(req->iv, req->dst, req->cryptlen - ivsize, - ivsize, 0); + if (ivsize) + scatterwalk_map_and_copy(req->iv, req->dst, req->cryptlen - + ivsize, ivsize, 0); kfree(edesc); @@ -1196,9 +1218,9 @@ static void init_skcipher_job(struct skcipher_request *req, int ivsize = crypto_skcipher_ivsize(skcipher); u32 *desc = edesc->hw_desc; u32 *sh_desc; - u32 out_options = 0; - dma_addr_t dst_dma, ptr; - int len; + u32 in_options = 0, out_options = 0; + dma_addr_t src_dma, dst_dma, ptr; + int len, sec4_sg_index = 0; #ifdef DEBUG print_hex_dump(KERN_ERR, "presciv@"__stringify(__LINE__)": ", @@ -1216,21 +1238,27 @@ static void init_skcipher_job(struct skcipher_request *req, len = desc_len(sh_desc); init_job_desc_shared(desc, ptr, len, HDR_SHARE_DEFER | HDR_REVERSE); - append_seq_in_ptr(desc, edesc->sec4_sg_dma, req->cryptlen + ivsize, - LDST_SGF); + if (ivsize || edesc->mapped_src_nents > 1) { + src_dma = edesc->sec4_sg_dma; + sec4_sg_index = edesc->mapped_src_nents + !!ivsize; + in_options = LDST_SGF; + } else { + src_dma = sg_dma_address(req->src); + } + + append_seq_in_ptr(desc, src_dma, req->cryptlen + ivsize, in_options); if (likely(req->src == req->dst)) { - dst_dma = edesc->sec4_sg_dma + sizeof(struct sec4_sg_entry); - out_options = LDST_SGF; + dst_dma = src_dma + !!ivsize * sizeof(struct sec4_sg_entry); + out_options = in_options; + } else if (edesc->mapped_dst_nents == 1) { + dst_dma = sg_dma_address(req->dst); } else { - if (edesc->mapped_dst_nents == 1) { - dst_dma = sg_dma_address(req->dst); - } else { - dst_dma = edesc->sec4_sg_dma + (edesc->mapped_src_nents - + 1) * sizeof(struct sec4_sg_entry); - out_options = LDST_SGF; - } + dst_dma = edesc->sec4_sg_dma + sec4_sg_index * + sizeof(struct sec4_sg_entry); + out_options = LDST_SGF; } + append_seq_out_ptr(desc, dst_dma, req->cryptlen, out_options); } @@ -1608,7 +1636,7 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, GFP_KERNEL : GFP_ATOMIC; int src_nents, mapped_src_nents, dst_nents = 0, mapped_dst_nents = 0; struct skcipher_edesc *edesc; - dma_addr_t iv_dma; + dma_addr_t iv_dma = 0; u8 *iv; int ivsize = crypto_skcipher_ivsize(skcipher); int dst_sg_idx, sec4_sg_ents, sec4_sg_bytes; @@ -1643,7 +1671,6 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, dev_err(jrdev, "unable to map source\n"); return ERR_PTR(-ENOMEM); } - mapped_dst_nents = dma_map_sg(jrdev, req->dst, dst_nents, DMA_FROM_DEVICE); if (unlikely(!mapped_dst_nents)) { @@ -1653,7 +1680,10 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, } } - sec4_sg_ents = 1 + mapped_src_nents; + if (!ivsize && mapped_src_nents == 1) + sec4_sg_ents = 0; // no need for an input hw s/g table + else + sec4_sg_ents = mapped_src_nents + !!ivsize; dst_sg_idx = sec4_sg_ents; sec4_sg_ents += mapped_dst_nents > 1 ? mapped_dst_nents : 0; sec4_sg_bytes = sec4_sg_ents * sizeof(struct sec4_sg_entry); @@ -1679,34 +1709,41 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, desc_bytes); /* Make sure IV is located in a DMAable area */ - iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; - memcpy(iv, req->iv, ivsize); + if (ivsize) { + iv = (u8 *)edesc->hw_desc + desc_bytes + sec4_sg_bytes; + memcpy(iv, req->iv, ivsize); + + iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_TO_DEVICE); + if (dma_mapping_error(jrdev, iv_dma)) { + dev_err(jrdev, "unable to map IV\n"); + caam_unmap(jrdev, req->src, req->dst, src_nents, + dst_nents, 0, 0, 0, 0); + kfree(edesc); + return ERR_PTR(-ENOMEM); + } - iv_dma = dma_map_single(jrdev, iv, ivsize, DMA_TO_DEVICE); - if (dma_mapping_error(jrdev, iv_dma)) { - dev_err(jrdev, "unable to map IV\n"); - caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, 0, - 0, 0, 0); - kfree(edesc); - return ERR_PTR(-ENOMEM); + dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0); } - - dma_to_sec4_sg_one(edesc->sec4_sg, iv_dma, ivsize, 0); - sg_to_sec4_sg_last(req->src, mapped_src_nents, edesc->sec4_sg + 1, 0); + if (dst_sg_idx) + sg_to_sec4_sg_last(req->src, mapped_src_nents, edesc->sec4_sg + + !!ivsize, 0); if (mapped_dst_nents > 1) { sg_to_sec4_sg_last(req->dst, mapped_dst_nents, edesc->sec4_sg + dst_sg_idx, 0); } - edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg, - sec4_sg_bytes, DMA_TO_DEVICE); - if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) { - dev_err(jrdev, "unable to map S/G table\n"); - caam_unmap(jrdev, req->src, req->dst, src_nents, dst_nents, - iv_dma, ivsize, 0, 0); - kfree(edesc); - return ERR_PTR(-ENOMEM); + if (sec4_sg_bytes) { + edesc->sec4_sg_dma = dma_map_single(jrdev, edesc->sec4_sg, + sec4_sg_bytes, + DMA_TO_DEVICE); + if (dma_mapping_error(jrdev, edesc->sec4_sg_dma)) { + dev_err(jrdev, "unable to map S/G table\n"); + caam_unmap(jrdev, req->src, req->dst, src_nents, + dst_nents, iv_dma, ivsize, 0, 0); + kfree(edesc); + return ERR_PTR(-ENOMEM); + } } edesc->iv_dma = iv_dma; @@ -1773,8 +1810,9 @@ static int skcipher_decrypt(struct skcipher_request *req) * The crypto API expects us to set the IV (req->iv) to the last * ciphertext block. */ - scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - ivsize, - ivsize, 0); + if (ivsize) + scatterwalk_map_and_copy(req->iv, req->src, req->cryptlen - + ivsize, ivsize, 0); /* Create and submit job descriptor*/ init_skcipher_job(req, edesc, false); @@ -1902,6 +1940,66 @@ static struct caam_skcipher_alg driver_algs[] = { }, .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_XTS, }, + { + .skcipher = { + .base = { + .cra_name = "ecb(des)", + .cra_driver_name = "ecb-des-caam", + .cra_blocksize = DES_BLOCK_SIZE, + }, + .setkey = des_skcipher_setkey, + .encrypt = skcipher_encrypt, + .decrypt = skcipher_decrypt, + .min_keysize = DES_KEY_SIZE, + .max_keysize = DES_KEY_SIZE, + }, + .caam.class1_alg_type = OP_ALG_ALGSEL_DES | OP_ALG_AAI_ECB, + }, + { + .skcipher = { + .base = { + .cra_name = "ecb(aes)", + .cra_driver_name = "ecb-aes-caam", + .cra_blocksize = AES_BLOCK_SIZE, + }, + .setkey = skcipher_setkey, + .encrypt = skcipher_encrypt, + .decrypt = skcipher_decrypt, + .min_keysize = AES_MIN_KEY_SIZE, + .max_keysize = AES_MAX_KEY_SIZE, + }, + .caam.class1_alg_type = OP_ALG_ALGSEL_AES | OP_ALG_AAI_ECB, + }, + { + .skcipher = { + .base = { + .cra_name = "ecb(des3_ede)", + .cra_driver_name = "ecb-des3-caam", + .cra_blocksize = DES3_EDE_BLOCK_SIZE, + }, + .setkey = des_skcipher_setkey, + .encrypt = skcipher_encrypt, + .decrypt = skcipher_decrypt, + .min_keysize = DES3_EDE_KEY_SIZE, + .max_keysize = DES3_EDE_KEY_SIZE, + }, + .caam.class1_alg_type = OP_ALG_ALGSEL_3DES | OP_ALG_AAI_ECB, + }, + { + .skcipher = { + .base = { + .cra_name = "ecb(arc4)", + .cra_driver_name = "ecb-arc4-caam", + .cra_blocksize = ARC4_BLOCK_SIZE, + }, + .setkey = skcipher_setkey, + .encrypt = skcipher_encrypt, + .decrypt = skcipher_decrypt, + .min_keysize = ARC4_MIN_KEY_SIZE, + .max_keysize = ARC4_MAX_KEY_SIZE, + }, + .caam.class1_alg_type = OP_ALG_ALGSEL_ARC4 | OP_ALG_AAI_ECB, + }, }; static struct caam_aead_alg driver_aeads[] = { @@ -3361,6 +3459,7 @@ static int __init caam_algapi_init(void) struct caam_drv_private *priv; int i = 0, err = 0; u32 aes_vid, aes_inst, des_inst, md_vid, md_inst, ccha_inst, ptha_inst; + u32 arc4_inst; unsigned int md_limit = SHA512_DIGEST_SIZE; bool registered = false; @@ -3405,6 +3504,8 @@ static int __init caam_algapi_init(void) CHA_ID_LS_DES_SHIFT; aes_inst = cha_inst & CHA_ID_LS_AES_MASK; md_inst = (cha_inst & CHA_ID_LS_MD_MASK) >> CHA_ID_LS_MD_SHIFT; + arc4_inst = (cha_inst & CHA_ID_LS_ARC4_MASK) >> + CHA_ID_LS_ARC4_SHIFT; ccha_inst = 0; ptha_inst = 0; } else { @@ -3421,6 +3522,7 @@ static int __init caam_algapi_init(void) md_inst = mdha & CHA_VER_NUM_MASK; ccha_inst = rd_reg32(&priv->ctrl->vreg.ccha) & CHA_VER_NUM_MASK; ptha_inst = rd_reg32(&priv->ctrl->vreg.ptha) & CHA_VER_NUM_MASK; + arc4_inst = rd_reg32(&priv->ctrl->vreg.afha) & CHA_VER_NUM_MASK; } /* If MD is present, limit digest size based on LP256 */ @@ -3441,6 +3543,10 @@ static int __init caam_algapi_init(void) if (!aes_inst && (alg_sel == OP_ALG_ALGSEL_AES)) continue; + /* Skip ARC4 algorithms if not supported by device */ + if (!arc4_inst && alg_sel == OP_ALG_ALGSEL_ARC4) + continue; + /* * Check support for AES modes not available * on LP devices. diff --git a/drivers/crypto/caam/caamalg_desc.c b/drivers/crypto/caam/caamalg_desc.c index 7db1640d3577..1e1a376edc2f 100644 --- a/drivers/crypto/caam/caamalg_desc.c +++ b/drivers/crypto/caam/caamalg_desc.c @@ -2,7 +2,7 @@ /* * Shared descriptors for aead, skcipher algorithms * - * Copyright 2016-2018 NXP + * Copyright 2016-2019 NXP */ #include "compat.h" @@ -1396,9 +1396,11 @@ void cnstr_shdsc_skcipher_encap(u32 * const desc, struct alginfo *cdata, set_jump_tgt_here(desc, key_jump_cmd); - /* Load iv */ - append_seq_load(desc, ivsize, LDST_SRCDST_BYTE_CONTEXT | - LDST_CLASS_1_CCB | (ctx1_iv_off << LDST_OFFSET_SHIFT)); + /* Load IV, if there is one */ + if (ivsize) + append_seq_load(desc, ivsize, LDST_SRCDST_BYTE_CONTEXT | + LDST_CLASS_1_CCB | (ctx1_iv_off << + LDST_OFFSET_SHIFT)); /* Load counter into CONTEXT1 reg */ if (is_rfc3686) @@ -1462,9 +1464,11 @@ void cnstr_shdsc_skcipher_decap(u32 * const desc, struct alginfo *cdata, set_jump_tgt_here(desc, key_jump_cmd); - /* load IV */ - append_seq_load(desc, ivsize, LDST_SRCDST_BYTE_CONTEXT | - LDST_CLASS_1_CCB | (ctx1_iv_off << LDST_OFFSET_SHIFT)); + /* Load IV, if there is one */ + if (ivsize) + append_seq_load(desc, ivsize, LDST_SRCDST_BYTE_CONTEXT | + LDST_CLASS_1_CCB | (ctx1_iv_off << + LDST_OFFSET_SHIFT)); /* Load counter into CONTEXT1 reg */ if (is_rfc3686) diff --git a/drivers/crypto/caam/compat.h b/drivers/crypto/caam/compat.h index 87d9efe4c7aa..8639b2df0371 100644 --- a/drivers/crypto/caam/compat.h +++ b/drivers/crypto/caam/compat.h @@ -43,6 +43,7 @@ #include #include #include +#include #include #include #include -- cgit From cf64e495fe221479866c1ea7c6f5cd9698d8a3af Mon Sep 17 00:00:00 2001 From: Iuliana Prodan Date: Fri, 8 Feb 2019 15:50:10 +0200 Subject: crypto: caam - weak key checking for cbc des, 3des MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Modify setkey callback for cbc des and 3des to check for weak keys. Signed-off-by: Iuliana Prodan Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 90d83ae501a7..9eac5099098e 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -1858,7 +1858,7 @@ static struct caam_skcipher_alg driver_algs[] = { .cra_driver_name = "cbc-3des-caam", .cra_blocksize = DES3_EDE_BLOCK_SIZE, }, - .setkey = skcipher_setkey, + .setkey = des_skcipher_setkey, .encrypt = skcipher_encrypt, .decrypt = skcipher_decrypt, .min_keysize = DES3_EDE_KEY_SIZE, @@ -1874,7 +1874,7 @@ static struct caam_skcipher_alg driver_algs[] = { .cra_driver_name = "cbc-des-caam", .cra_blocksize = DES_BLOCK_SIZE, }, - .setkey = skcipher_setkey, + .setkey = des_skcipher_setkey, .encrypt = skcipher_encrypt, .decrypt = skcipher_decrypt, .min_keysize = DES_KEY_SIZE, -- cgit From 7d220dabc2192f37a8ad446d75e903ba9c0781fe Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior Date: Mon, 11 Feb 2019 12:02:50 +0100 Subject: crypto: chtls - remove cdev_list_lock Last user of cdev_list_lock was removed in commit 6422ccc5fbefb ("crypto/chelsio/chtls: listen fails with multiadapt") Cc: Atul Gupta Cc: Harsh Jain Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chtls/chtls_main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c index 563f8fe7686a..dd2daf2a54e0 100644 --- a/drivers/crypto/chelsio/chtls/chtls_main.c +++ b/drivers/crypto/chelsio/chtls/chtls_main.c @@ -30,7 +30,6 @@ */ static LIST_HEAD(cdev_list); static DEFINE_MUTEX(cdev_mutex); -static DEFINE_MUTEX(cdev_list_lock); static DEFINE_MUTEX(notify_mutex); static RAW_NOTIFIER_HEAD(listen_notify_list); -- cgit From ac5d15b4519f418818036e1e23a392e3d78095f6 Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Mon, 11 Feb 2019 13:46:12 +0200 Subject: crypto: caam/qi2 - use affine DPIOs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Driver was relying on an older DPIO API, which provided a CPU-affine DPIO in case it was called with preemption disabled. Since this is no longer the case, save the CPU-affine DPIO in per-cpu private structure during setup and further use it on the hot path. Note that preemption is no longer disabled while trying to enqueue an FD. Thus it might be possible to run the enqueue on a different CPU (due to migration, when in process context), however this wouldn't be a functionality issue. Since we allow for all cores to enqueue, we take care of data structures setup to handle the case when number of (Rx, Tx) queue pairs is smaller than number of cores. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg_qi2.c | 52 ++++++++++++++++++++++----------------- drivers/crypto/caam/caamalg_qi2.h | 2 ++ 2 files changed, 31 insertions(+), 23 deletions(-) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 185365a35772..ce27c88e750f 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -4502,7 +4502,8 @@ static int __cold dpaa2_dpseci_dpio_setup(struct dpaa2_caam_priv *priv) nctx->cb = dpaa2_caam_fqdan_cb; /* Register notification callbacks */ - err = dpaa2_io_service_register(NULL, nctx, dev); + ppriv->dpio = dpaa2_io_service_select(cpu); + err = dpaa2_io_service_register(ppriv->dpio, nctx, dev); if (unlikely(err)) { dev_dbg(dev, "No affine DPIO for cpu %d\n", cpu); nctx->cb = NULL; @@ -4535,7 +4536,7 @@ err: ppriv = per_cpu_ptr(priv->ppriv, cpu); if (!ppriv->nctx.cb) break; - dpaa2_io_service_deregister(NULL, &ppriv->nctx, dev); + dpaa2_io_service_deregister(ppriv->dpio, &ppriv->nctx, dev); } for_each_online_cpu(cpu) { @@ -4555,7 +4556,8 @@ static void __cold dpaa2_dpseci_dpio_free(struct dpaa2_caam_priv *priv) for_each_online_cpu(cpu) { ppriv = per_cpu_ptr(priv->ppriv, cpu); - dpaa2_io_service_deregister(NULL, &ppriv->nctx, priv->dev); + dpaa2_io_service_deregister(ppriv->dpio, &ppriv->nctx, + priv->dev); dpaa2_io_store_destroy(ppriv->store); if (++i == priv->num_pairs) @@ -4653,7 +4655,7 @@ static int dpaa2_caam_pull_fq(struct dpaa2_caam_priv_per_cpu *ppriv) /* Retry while portal is busy */ do { - err = dpaa2_io_service_pull_fq(NULL, ppriv->rsp_fqid, + err = dpaa2_io_service_pull_fq(ppriv->dpio, ppriv->rsp_fqid, ppriv->store); } while (err == -EBUSY); @@ -4721,7 +4723,7 @@ static int dpaa2_dpseci_poll(struct napi_struct *napi, int budget) if (cleaned < budget) { napi_complete_done(napi, cleaned); - err = dpaa2_io_service_rearm(NULL, &ppriv->nctx); + err = dpaa2_io_service_rearm(ppriv->dpio, &ppriv->nctx); if (unlikely(err)) dev_err(priv->dev, "Notification rearm failed: %d\n", err); @@ -4862,21 +4864,31 @@ static int __cold dpaa2_dpseci_setup(struct fsl_mc_device *ls_dev) i = 0; for_each_online_cpu(cpu) { - dev_dbg(dev, "pair %d: rx queue %d, tx queue %d\n", i, - priv->rx_queue_attr[i].fqid, - priv->tx_queue_attr[i].fqid); + u8 j; + + j = i % priv->num_pairs; ppriv = per_cpu_ptr(priv->ppriv, cpu); - ppriv->req_fqid = priv->tx_queue_attr[i].fqid; - ppriv->rsp_fqid = priv->rx_queue_attr[i].fqid; - ppriv->prio = i; + ppriv->req_fqid = priv->tx_queue_attr[j].fqid; + + /* + * Allow all cores to enqueue, while only some of them + * will take part in dequeuing. + */ + if (++i > priv->num_pairs) + continue; + + ppriv->rsp_fqid = priv->rx_queue_attr[j].fqid; + ppriv->prio = j; + + dev_dbg(dev, "pair %d: rx queue %d, tx queue %d\n", j, + priv->rx_queue_attr[j].fqid, + priv->tx_queue_attr[j].fqid); ppriv->net_dev.dev = *dev; INIT_LIST_HEAD(&ppriv->net_dev.napi_list); netif_napi_add(&ppriv->net_dev, &ppriv->napi, dpaa2_dpseci_poll, DPAA2_CAAM_NAPI_WEIGHT); - if (++i == priv->num_pairs) - break; } return 0; @@ -5228,7 +5240,8 @@ int dpaa2_caam_enqueue(struct device *dev, struct caam_request *req) { struct dpaa2_fd fd; struct dpaa2_caam_priv *priv = dev_get_drvdata(dev); - int err = 0, i, id; + struct dpaa2_caam_priv_per_cpu *ppriv; + int err = 0, i; if (IS_ERR(req)) return PTR_ERR(req); @@ -5258,20 +5271,13 @@ int dpaa2_caam_enqueue(struct device *dev, struct caam_request *req) dpaa2_fd_set_len(&fd, dpaa2_fl_get_len(&req->fd_flt[1])); dpaa2_fd_set_flc(&fd, req->flc_dma); - /* - * There is no guarantee that preemption is disabled here, - * thus take action. - */ - preempt_disable(); - id = smp_processor_id() % priv->dpseci_attr.num_tx_queues; + ppriv = this_cpu_ptr(priv->ppriv); for (i = 0; i < (priv->dpseci_attr.num_tx_queues << 1); i++) { - err = dpaa2_io_service_enqueue_fq(NULL, - priv->tx_queue_attr[id].fqid, + err = dpaa2_io_service_enqueue_fq(ppriv->dpio, ppriv->req_fqid, &fd); if (err != -EBUSY) break; } - preempt_enable(); if (unlikely(err)) { dev_err(dev, "Error enqueuing frame: %d\n", err); diff --git a/drivers/crypto/caam/caamalg_qi2.h b/drivers/crypto/caam/caamalg_qi2.h index 9823bdefd029..20890780fb82 100644 --- a/drivers/crypto/caam/caamalg_qi2.h +++ b/drivers/crypto/caam/caamalg_qi2.h @@ -76,6 +76,7 @@ struct dpaa2_caam_priv { * @nctx: notification context of response FQ * @store: where dequeued frames are stored * @priv: backpointer to dpaa2_caam_priv + * @dpio: portal used for data path operations */ struct dpaa2_caam_priv_per_cpu { struct napi_struct napi; @@ -86,6 +87,7 @@ struct dpaa2_caam_priv_per_cpu { struct dpaa2_io_notification_ctx nctx; struct dpaa2_io_store *store; struct dpaa2_caam_priv *priv; + struct dpaa2_io *dpio; }; /* -- cgit From f1657eb99e4a2e03649f57b785e906647cdcc76e Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Mon, 11 Feb 2019 13:46:13 +0200 Subject: crypto: caam/qi2 - rate-limit enqueue failure prints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Avoid console being flooded with prints in case HW is too busy to accept new enqueue requests. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg_qi2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index ce27c88e750f..6a6a508f5fd2 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -5280,7 +5280,7 @@ int dpaa2_caam_enqueue(struct device *dev, struct caam_request *req) } if (unlikely(err)) { - dev_err(dev, "Error enqueuing frame: %d\n", err); + dev_err_ratelimited(dev, "Error enqueuing frame: %d\n", err); goto err_out; } -- cgit From 05bd1beec2748d74cbc41ee476be2af0f91bd2d3 Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Mon, 11 Feb 2019 13:46:14 +0200 Subject: crypto: caam/qi2 - relax busy polling while enqueuing FDs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add cpu_relax() in the loop that tries to enqueue the FDs. Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg_qi2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index 6a6a508f5fd2..c2c1abc68f81 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -5277,6 +5277,8 @@ int dpaa2_caam_enqueue(struct device *dev, struct caam_request *req) &fd); if (err != -EBUSY) break; + + cpu_relax(); } if (unlikely(err)) { -- cgit From b5be853181a8d4a6e20f2073ccd273d6280cad88 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" Date: Mon, 11 Feb 2019 12:31:31 -0600 Subject: crypto: ccree - fix missing break in switch statement Add missing break statement in order to prevent the code from falling through to case S_DIN_to_DES. This bug was found thanks to the ongoing efforts to enable -Wimplicit-fallthrough. Fixes: 63ee04c8b491 ("crypto: ccree - add skcipher support") Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva Signed-off-by: Herbert Xu --- drivers/crypto/ccree/cc_cipher.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/crypto/ccree/cc_cipher.c b/drivers/crypto/ccree/cc_cipher.c index 5e3361a363b5..d9c17078517b 100644 --- a/drivers/crypto/ccree/cc_cipher.c +++ b/drivers/crypto/ccree/cc_cipher.c @@ -80,6 +80,7 @@ static int validate_keys_sizes(struct cc_cipher_ctx *ctx_p, u32 size) default: break; } + break; case S_DIN_to_DES: if (size == DES3_EDE_KEY_SIZE || size == DES_KEY_SIZE) return 0; -- cgit From 4359669a087633132203c52d67dd8c31e09e7b2e Mon Sep 17 00:00:00 2001 From: Zhang Zhijie Date: Wed, 13 Feb 2019 16:24:38 +0800 Subject: crypto: rockchip - fix scatterlist nents error In some cases, the nents of src scatterlist is different from dst scatterlist. So two variables are used to handle the nents of src&dst scatterlist. Reported-by: Eric Biggers Fixes: 433cd2c617bf ("crypto: rockchip - add crypto driver for rk3288") Cc: # v4.5+ Signed-off-by: Zhang Zhijie Signed-off-by: Herbert Xu --- drivers/crypto/rockchip/rk3288_crypto.c | 2 +- drivers/crypto/rockchip/rk3288_crypto.h | 3 ++- drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c | 5 +++-- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/rockchip/rk3288_crypto.c b/drivers/crypto/rockchip/rk3288_crypto.c index c9d622abd90c..0ce4a65b95f5 100644 --- a/drivers/crypto/rockchip/rk3288_crypto.c +++ b/drivers/crypto/rockchip/rk3288_crypto.c @@ -119,7 +119,7 @@ static int rk_load_data(struct rk_crypto_info *dev, count = (dev->left_bytes > PAGE_SIZE) ? PAGE_SIZE : dev->left_bytes; - if (!sg_pcopy_to_buffer(dev->first, dev->nents, + if (!sg_pcopy_to_buffer(dev->first, dev->src_nents, dev->addr_vir, count, dev->total - dev->left_bytes)) { dev_err(dev->dev, "[%s:%d] pcopy err\n", diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h index d5fb4013fb42..417c445d8dea 100644 --- a/drivers/crypto/rockchip/rk3288_crypto.h +++ b/drivers/crypto/rockchip/rk3288_crypto.h @@ -207,7 +207,8 @@ struct rk_crypto_info { void *addr_vir; int aligned; int align_size; - size_t nents; + size_t src_nents; + size_t dst_nents; unsigned int total; unsigned int count; dma_addr_t addr_in; diff --git a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c index 87dd571466c1..fe2fc6c7b51b 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c @@ -260,8 +260,9 @@ static int rk_ablk_start(struct rk_crypto_info *dev) dev->total = req->nbytes; dev->sg_src = req->src; dev->first = req->src; - dev->nents = sg_nents(req->src); + dev->src_nents = sg_nents(req->src); dev->sg_dst = req->dst; + dev->dst_nents = sg_nents(req->dst); dev->aligned = 1; spin_lock_irqsave(&dev->lock, flags); @@ -297,7 +298,7 @@ static int rk_ablk_rx(struct rk_crypto_info *dev) dev->unload_data(dev); if (!dev->aligned) { - if (!sg_pcopy_from_buffer(req->dst, dev->nents, + if (!sg_pcopy_from_buffer(req->dst, dev->dst_nents, dev->addr_vir, dev->count, dev->total - dev->left_bytes - dev->count)) { diff --git a/drivers/crypto/rockchip/rk3288_crypto_ahash.c b/drivers/crypto/rockchip/rk3288_crypto_ahash.c index 821a506b9e17..c336ae75e361 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c @@ -206,7 +206,7 @@ static int rk_ahash_start(struct rk_crypto_info *dev) dev->sg_dst = NULL; dev->sg_src = req->src; dev->first = req->src; - dev->nents = sg_nents(req->src); + dev->src_nents = sg_nents(req->src); rctx = ahash_request_ctx(req); rctx->mode = 0; -- cgit From c1c214adcb56d36433480c8fedf772498e7e539c Mon Sep 17 00:00:00 2001 From: Zhang Zhijie Date: Wed, 13 Feb 2019 16:24:39 +0800 Subject: crypto: rockchip - update new iv to device in multiple operations For chain mode in cipher(eg. AES-CBC/DES-CBC), the iv is continuously updated in the operation. The new iv value should be written to device register by software. Reported-by: Eric Biggers Fixes: 433cd2c617bf ("crypto: rockchip - add crypto driver for rk3288") Cc: # v4.5+ Signed-off-by: Zhang Zhijie Signed-off-by: Herbert Xu --- drivers/crypto/rockchip/rk3288_crypto.h | 1 + drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c | 34 ++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/drivers/crypto/rockchip/rk3288_crypto.h b/drivers/crypto/rockchip/rk3288_crypto.h index 417c445d8dea..54ee5b3ed9db 100644 --- a/drivers/crypto/rockchip/rk3288_crypto.h +++ b/drivers/crypto/rockchip/rk3288_crypto.h @@ -245,6 +245,7 @@ struct rk_cipher_ctx { struct rk_crypto_info *dev; unsigned int keylen; u32 mode; + u8 iv[AES_BLOCK_SIZE]; }; enum alg_type { diff --git a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c index fe2fc6c7b51b..02dac6ae7e53 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c @@ -242,6 +242,17 @@ static void crypto_dma_start(struct rk_crypto_info *dev) static int rk_set_data_start(struct rk_crypto_info *dev) { int err; + struct ablkcipher_request *req = + ablkcipher_request_cast(dev->async_req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); + struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); + u32 ivsize = crypto_ablkcipher_ivsize(tfm); + u8 *src_last_blk = page_address(sg_page(dev->sg_src)) + + dev->sg_src->offset + dev->sg_src->length - ivsize; + + /* store the iv that need to be updated in chain mode */ + if (ctx->mode & RK_CRYPTO_DEC) + memcpy(ctx->iv, src_last_blk, ivsize); err = dev->load_data(dev, dev->sg_src, dev->sg_dst); if (!err) @@ -286,6 +297,28 @@ static void rk_iv_copyback(struct rk_crypto_info *dev) memcpy_fromio(req->info, dev->reg + RK_CRYPTO_AES_IV_0, ivsize); } +static void rk_update_iv(struct rk_crypto_info *dev) +{ + struct ablkcipher_request *req = + ablkcipher_request_cast(dev->async_req); + struct crypto_ablkcipher *tfm = crypto_ablkcipher_reqtfm(req); + struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(tfm); + u32 ivsize = crypto_ablkcipher_ivsize(tfm); + u8 *new_iv = NULL; + + if (ctx->mode & RK_CRYPTO_DEC) { + new_iv = ctx->iv; + } else { + new_iv = page_address(sg_page(dev->sg_dst)) + + dev->sg_dst->offset + dev->sg_dst->length - ivsize; + } + + if (ivsize == DES_BLOCK_SIZE) + memcpy_toio(dev->reg + RK_CRYPTO_TDES_IV_0, new_iv, ivsize); + else if (ivsize == AES_BLOCK_SIZE) + memcpy_toio(dev->reg + RK_CRYPTO_AES_IV_0, new_iv, ivsize); +} + /* return: * true some err was occurred * fault no err, continue @@ -307,6 +340,7 @@ static int rk_ablk_rx(struct rk_crypto_info *dev) } } if (dev->left_bytes) { + rk_update_iv(dev); if (dev->aligned) { if (sg_is_last(dev->sg_src)) { dev_err(dev->dev, "[%s:%d] Lack of data\n", -- cgit From c9e1d48a1122ef1d0f753cbbe6e9a309214b5430 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 00:03:50 -0800 Subject: crypto: testmgr - remove extra bytes from 3DES-CTR IVs 3DES only has an 8-byte block size, but the 3DES-CTR test vectors use 16-byte IVs. Remove the unused 8 bytes from the ends of the IVs. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 8f1d30b54a76..e01c77eeded3 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -7580,8 +7580,7 @@ static const struct cipher_testvec des3_ede_ctr_tv_template[] = { "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", .klen = 24, - .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" - "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" @@ -7712,8 +7711,7 @@ static const struct cipher_testvec des3_ede_ctr_tv_template[] = { "\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE" "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", .klen = 24, - .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12" - "\xB7\x28\x4D\x83\x24\x59\xF2\x17", + .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12", .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" -- cgit From 8efd972ef96a3f77ded9a838005d49efa9a96243 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 00:03:51 -0800 Subject: crypto: testmgr - support checking skcipher output IV Allow skcipher test vectors to declare the value the IV buffer should be updated to at the end of the encryption or decryption operation. (This check actually used to be supported in testmgr, but it was never used and therefore got removed except for the AES-Keywrap special case. But it will be used by CBC and CTR now, so re-add it.) Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.c | 6 ++++-- crypto/testmgr.h | 12 +++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/crypto/testmgr.c b/crypto/testmgr.c index d582a2758feb..8386038d67c7 100644 --- a/crypto/testmgr.c +++ b/crypto/testmgr.c @@ -1542,7 +1542,9 @@ static int test_skcipher_vec_cfg(const char *driver, int enc, if (ivsize) { if (WARN_ON(ivsize > MAX_IVLEN)) return -EINVAL; - if (vec->iv && !(vec->generates_iv && enc)) + if (vec->generates_iv && !enc) + memcpy(iv, vec->iv_out, ivsize); + else if (vec->iv) memcpy(iv, vec->iv, ivsize); else memset(iv, 0, ivsize); @@ -1635,7 +1637,7 @@ static int test_skcipher_vec_cfg(const char *driver, int enc, } /* If applicable, check that the algorithm generated the correct IV */ - if (vec->generates_iv && enc && memcmp(iv, vec->iv, ivsize) != 0) { + if (vec->iv_out && memcmp(iv, vec->iv_out, ivsize) != 0) { pr_err("alg: skcipher: %s %s test failed (wrong output IV) on test vector %u, cfg=\"%s\"\n", driver, op, vec_num, cfg->name); hexdump(iv, ivsize); diff --git a/crypto/testmgr.h b/crypto/testmgr.h index e01c77eeded3..980f7abb6115 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -47,7 +47,8 @@ struct hash_testvec { * cipher_testvec: structure to describe a symmetric cipher test * @key: Pointer to key * @klen: Length of @key in bytes - * @iv: Pointer to IV (optional for some ciphers) + * @iv: Pointer to IV. If NULL, an all-zeroes IV is used. + * @iv_out: Pointer to output IV, if applicable for the cipher. * @ptext: Pointer to plaintext * @ctext: Pointer to ciphertext * @len: Length of @ptext and @ctext in bytes @@ -55,12 +56,13 @@ struct hash_testvec { * @wk: Does the test need CRYPTO_TFM_REQ_FORBID_WEAK_KEYS? * ( e.g. test needs to fail due to a weak key ) * @fips_skip: Skip the test vector in FIPS mode - * @generates_iv: Encryption should ignore the given IV, and output @iv. - * Decryption takes @iv. Needed for AES Keywrap ("kw(aes)"). + * @generates_iv: Encryption should ignore the given IV, and output @iv_out. + * Decryption takes @iv_out. Needed for AES Keywrap ("kw(aes)"). */ struct cipher_testvec { const char *key; const char *iv; + const char *iv_out; const char *ptext; const char *ctext; bool fail; @@ -21771,7 +21773,7 @@ static const struct cipher_testvec aes_kw_tv_template[] = { .ctext = "\xf6\x85\x94\x81\x6f\x64\xca\xa3" "\xf5\x6f\xab\xea\x25\x48\xf5\xfb", .len = 16, - .iv = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d", + .iv_out = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d", .generates_iv = true, }, { .key = "\x80\xaa\x99\x73\x27\xa4\x80\x6b" @@ -21784,7 +21786,7 @@ static const struct cipher_testvec aes_kw_tv_template[] = { .ctext = "\xd3\x3d\x3d\x97\x7b\xf0\xa9\x15" "\x59\xf9\x9c\x8a\xcd\x29\x3d\x43", .len = 16, - .iv = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1", + .iv_out = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1", .generates_iv = true, }, }; -- cgit From cdc694699af1baf21b3281f6fe1cb6c8ef5a9d48 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 00:03:52 -0800 Subject: crypto: testmgr - add iv_out to all CBC test vectors Test that all CBC implementations update the IV buffer to contain the last ciphertext block, aka the IV to continue the encryption/decryption of a larger message. Users may rely on this for chaining. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 980f7abb6115..3e68d4062e51 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -7007,6 +7007,7 @@ static const struct cipher_testvec des_cbc_tv_template[] = { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .iv_out = "\x46\x8e\x91\x15\x78\x88\xba\x68", .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20" "\x4e\x6f\x77\x20\x69\x73\x20\x74" "\x68\x65\x20\x74\x69\x6d\x65\x20", @@ -7018,6 +7019,7 @@ static const struct cipher_testvec des_cbc_tv_template[] = { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\x12\x34\x56\x78\x90\xab\xcd\xef", + .iv_out = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", .ptext = "\x4e\x6f\x77\x20\x69\x73\x20\x74", .ctext = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", .len = 8, @@ -7025,6 +7027,7 @@ static const struct cipher_testvec des_cbc_tv_template[] = { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c", + .iv_out = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", .ptext = "\x68\x65\x20\x74\x69\x6d\x65\x20", .ctext = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", .len = 8, @@ -7032,6 +7035,7 @@ static const struct cipher_testvec des_cbc_tv_template[] = { .key = "\x01\x23\x45\x67\x89\xab\xcd\xef", .klen = 8, .iv = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f", + .iv_out = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", .ptext = "\x66\x6f\x72\x20\x61\x6c\x6c\x20", .ctext = "\x68\x37\x88\x49\x9a\x7c\x05\xf6", .len = 8, @@ -7039,6 +7043,7 @@ static const struct cipher_testvec des_cbc_tv_template[] = { .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47", + .iv_out = "\xC6\x4A\xF3\x55\xC7\x29\x2E\x63", .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" @@ -7408,6 +7413,7 @@ static const struct cipher_testvec des3_ede_cbc_tv_template[] = { "\xEA\xC2\x84\xE8\x14\x95\xDB\xE8", .klen = 24, .iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42", + .iv_out = "\x6b\xfa\xb1\x91\x13\xb0\xd9\x19", .ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e" "\x53\x20\x63\x65\x65\x72\x73\x74" "\x54\x20\x6f\x6f\x4d\x20\x6e\x61" @@ -7448,6 +7454,7 @@ static const struct cipher_testvec des3_ede_cbc_tv_template[] = { .klen = 24, .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12" "\xB7\x28\x4D\x83\x24\x59\xF2\x17", + .iv_out = "\x95\x63\x73\xA2\x44\xAC\xF8\xA5", .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" @@ -8035,6 +8042,7 @@ static const struct cipher_testvec bf_cbc_tv_template[] = { "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87", .klen = 16, .iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10", + .iv_out = "\x59\xf1\x65\x2b\xd5\xff\x92\xcc", .ptext = "\x37\x36\x35\x34\x33\x32\x31\x20" "\x4e\x6f\x77\x20\x69\x73\x20\x74" "\x68\x65\x20\x74\x69\x6d\x65\x20" @@ -8051,6 +8059,7 @@ static const struct cipher_testvec bf_cbc_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", + .iv_out = "\xB4\x98\xD8\x6B\x74\xE7\x65\xF4", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -8756,6 +8765,8 @@ static const struct cipher_testvec tf_cbc_tv_template[] = { .key = zeroed_string, .klen = 16, .iv = zeroed_string, + .iv_out = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" + "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", .ptext = zeroed_string, .ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", @@ -8765,6 +8776,8 @@ static const struct cipher_testvec tf_cbc_tv_template[] = { .klen = 16, .iv = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a", + .iv_out = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" + "\x86\xcb\x08\x6b\x78\x9f\x54\x19", .ptext = zeroed_string, .ctext = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" "\x86\xcb\x08\x6b\x78\x9f\x54\x19", @@ -8774,6 +8787,8 @@ static const struct cipher_testvec tf_cbc_tv_template[] = { .klen = 16, .iv = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e" "\x86\xcb\x08\x6b\x78\x9f\x54\x19", + .iv_out = "\x05\xef\x8c\x61\xa8\x11\x58\x26" + "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", .ptext = zeroed_string, .ctext = "\x05\xef\x8c\x61\xa8\x11\x58\x26" "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", @@ -8782,6 +8797,8 @@ static const struct cipher_testvec tf_cbc_tv_template[] = { .key = zeroed_string, .klen = 16, .iv = zeroed_string, + .iv_out = "\x05\xef\x8c\x61\xa8\x11\x58\x26" + "\x34\xba\x5c\xb7\x10\x6a\xa6\x41", .ptext = zeroed_string, .ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32" "\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a" @@ -8798,6 +8815,8 @@ static const struct cipher_testvec tf_cbc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\x30\x70\x56\xA4\x37\xDD\x7C\xC0" + "\x0A\xA3\x30\x10\x26\x25\x41\x2C", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -10166,6 +10185,8 @@ static const struct cipher_testvec serpent_cbc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xFC\x66\xAA\x37\xF2\x37\x39\x6B" + "\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -11375,6 +11396,8 @@ static const struct cipher_testvec sm4_cbc_tv_template[] = { "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb", .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + .iv_out = "\x4C\xB7\x01\x69\x51\x90\x92\x26" + "\x97\x9B\x0D\x15\xDC\x6A\x8F\x6D", .ctext = "\x78\xEB\xB1\x1C\xC4\x0B\x0A\x48" "\x31\x2A\xAE\xB2\x04\x02\x44\xCB" "\x4C\xB7\x01\x69\x51\x90\x92\x26" @@ -11390,6 +11413,8 @@ static const struct cipher_testvec sm4_cbc_tv_template[] = { "\xaa\xaa\xaa\xaa\xbb\xbb\xbb\xbb", .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + .iv_out = "\x91\xf2\xc1\x47\x91\x1a\x41\x44" + "\x66\x5e\x1f\xa1\xd4\x0b\xae\x38", .ctext = "\x0d\x3a\x6d\xdc\x2d\x21\xc6\x98" "\x85\x72\x15\x58\x7b\x7b\xb5\x9a" "\x91\xf2\xc1\x47\x91\x1a\x41\x44" @@ -11622,6 +11647,8 @@ static const struct cipher_testvec cast6_cbc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\x4D\x59\x7D\xC5\x28\x69\xFA\x92" + "\x22\x46\x89\x2D\x0F\x2B\x08\x24", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -12365,6 +12392,8 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { .klen = 16, .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", + .iv_out = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" + "\x27\x08\x94\x2d\xbe\x77\x18\x1a", .ptext = "Single block msg", .ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8" "\x27\x08\x94\x2d\xbe\x77\x18\x1a", @@ -12375,6 +12404,8 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { .klen = 16, .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", + .iv_out = "\x75\x86\x60\x2d\x25\x3c\xff\xf9" + "\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1", .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -12391,6 +12422,8 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { .klen = 24, .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .iv_out = "\x08\xb0\xe2\x79\x88\x59\x88\x81" + "\xd9\x20\xa9\xe6\x4f\x56\x15\xcd", .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" @@ -12416,6 +12449,8 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { .klen = 32, .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", + .iv_out = "\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc" + "\xda\x6c\x19\x07\x8c\x6a\x9d\x1b", .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" @@ -12441,6 +12476,8 @@ static const struct cipher_testvec aes_cbc_tv_template[] = { .klen = 32, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" "\xE2\x7D\x18\xD6\x71\x0C\xA7\x42", + .iv_out = "\xE0\x1F\x91\xF8\x82\x96\x2D\x65" + "\xA3\xAA\x13\xCC\x50\xFF\x7B\x02", .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" @@ -22874,6 +22911,7 @@ static const struct cipher_testvec cast5_cbc_tv_template[] = { "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", + .iv_out = "\x1D\x18\x66\x44\x5B\x8F\x14\xEB", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -23405,6 +23443,8 @@ static const struct cipher_testvec anubis_cbc_tv_template[] = { .key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe", .klen = 16, + .iv_out = "\x86\xd8\xb5\x6f\x98\x5e\x8a\x66" + "\x4f\x1f\x78\xa1\xbb\x37\xf1\xbe", .ptext = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe" @@ -23421,6 +23461,8 @@ static const struct cipher_testvec anubis_cbc_tv_template[] = { "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35", .klen = 40, + .iv_out = "\xa2\xbc\x06\x98\xc6\x4b\xda\x75" + "\x2e\xaa\xbe\x58\xce\x01\x5b\xc7", .ptext = "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35" "\x35\x35\x35\x35\x35\x35\x35\x35" @@ -23823,6 +23865,8 @@ static const struct cipher_testvec camellia_cbc_tv_template[] = { .klen = 16, .iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30" "\xb4\x22\xda\x80\x2c\x9f\xac\x41", + .iv_out = "\xea\x32\x12\x76\x3b\x50\x10\xe7" + "\x18\xf6\xfd\x5d\xf6\x8f\x13\x51", .ptext = "Single block msg", .ctext = "\xea\x32\x12\x76\x3b\x50\x10\xe7" "\x18\xf6\xfd\x5d\xf6\x8f\x13\x51", @@ -23833,6 +23877,8 @@ static const struct cipher_testvec camellia_cbc_tv_template[] = { .klen = 16, .iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28" "\xdd\xb3\xba\x69\x5a\x2e\x6f\x58", + .iv_out = "\x19\xb4\x3e\x57\x1c\x02\x5e\xa0" + "\x15\x78\xe0\x5e\xf2\xcb\x87\x16", .ptext = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f" "\x10\x11\x12\x13\x14\x15\x16\x17" @@ -23850,6 +23896,8 @@ static const struct cipher_testvec camellia_cbc_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\x55\x01\xD4\x58\xB2\xF2\x85\x49" + "\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" -- cgit From e674dbc088e52be7cee3badc6f5f06c85e1d1710 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 00:03:53 -0800 Subject: crypto: testmgr - add iv_out to all CTR test vectors Test that all CTR implementations update the IV buffer to contain the next counter block, aka the IV to continue the encryption/decryption of a larger message. When the length processed is a multiple of the block size, users may rely on this for chaining. When the length processed is *not* a multiple of the block size, simple chaining doesn't work. However, as noted in commit 88a3f582bea9 ("crypto: arm64/aes - don't use IV buffer to return final keystream block"), the generic CCM implementation assumes that the CTR IV is handled in some sane way, not e.g. overwritten with part of the keystream. Since this was gotten wrong once already, it's desirable to test for it. And, the most straightforward way to do this is to enforce that all CTR implementations have the same behavior as the generic implementation, which returns the *next* counter following the final partial block. This behavior also has the advantage that if someone does misuse this case for chaining, then the keystream won't be repeated. Thus, this patch makes the tests expect this behavior. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 3e68d4062e51..31bacd0f6823 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -7115,6 +7115,7 @@ static const struct cipher_testvec des_ctr_tv_template[] = { .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x1C", .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" @@ -7182,6 +7183,7 @@ static const struct cipher_testvec des_ctr_tv_template[] = { .key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55", .klen = 8, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47", + .iv_out = "\xE7\x82\x1D\xB8\x53\x11\xAC\x66", .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" @@ -7590,6 +7592,7 @@ static const struct cipher_testvec des3_ede_ctr_tv_template[] = { "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", .klen = 24, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x3D", .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" @@ -7721,6 +7724,7 @@ static const struct cipher_testvec des3_ede_ctr_tv_template[] = { "\xEB\xB4\x51\x72\xB4\x51\x72\x1F", .klen = 24, .iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12", + .iv_out = "\xB2\xD7\x48\xED\x06\x44\xF9\x51", .ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20" "\x8B\x12\x86\x69\xF0\x5B\xCF\x56" "\x39\xAD\x34\x9F\x66\xEA\x7D\xC4" @@ -8198,6 +8202,7 @@ static const struct cipher_testvec bf_ctr_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x9E", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -8332,6 +8337,7 @@ static const struct cipher_testvec bf_ctr_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x9E", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -8466,6 +8472,7 @@ static const struct cipher_testvec bf_ctr_tv_template[] = { "\x78\xBE\x9B\x78\x55\x32\x0F\x55", .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x3C", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -8954,6 +8961,8 @@ static const struct cipher_testvec tf_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -9087,6 +9096,8 @@ static const struct cipher_testvec tf_ctr_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x1C", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -9220,6 +9231,8 @@ static const struct cipher_testvec tf_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x84", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -10324,6 +10337,8 @@ static const struct cipher_testvec serpent_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -10457,6 +10472,8 @@ static const struct cipher_testvec serpent_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x84", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -10592,6 +10609,8 @@ static const struct cipher_testvec serpent_ctr_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x1C", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -11438,6 +11457,8 @@ static const struct cipher_testvec sm4_ctr_tv_template[] = { "\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb", .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + .iv_out = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0A\x0B\x0C\x0D\x0E\x13", .ctext = "\xac\x32\x36\xcb\x97\x0c\xc2\x07" "\x91\x36\x4c\x39\x5a\x13\x42\xd1" "\xa3\xcb\xc1\x87\x8c\x6f\x30\xcd" @@ -11461,6 +11482,8 @@ static const struct cipher_testvec sm4_ctr_tv_template[] = { "\xbb\xbb\xbb\xbb\xbb\xbb\xbb\xbb", .iv = "\x00\x01\x02\x03\x04\x05\x06\x07" "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F", + .iv_out = "\x00\x01\x02\x03\x04\x05\x06\x07" + "\x08\x09\x0A\x0B\x0C\x0D\x0E\x13", .ctext = "\x5d\xcc\xcd\x25\xb9\x5a\xb0\x74" "\x17\xa0\x85\x12\xee\x16\x0e\x2f" "\x8f\x66\x15\x21\xcb\xba\xb4\x4c" @@ -11786,6 +11809,8 @@ static const struct cipher_testvec cast6_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x66", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A", @@ -11801,6 +11826,8 @@ static const struct cipher_testvec cast6_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -14924,6 +14951,8 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { .klen = 16, .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + .iv_out = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" + "\xf8\xf9\xfa\xfb\xfc\xfd\xff\x03", .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" @@ -14948,6 +14977,8 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { .klen = 24, .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + .iv_out = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" + "\xf8\xf9\xfa\xfb\xfc\xfd\xff\x03", .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" @@ -14973,6 +15004,8 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { .klen = 32, .iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" "\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", + .iv_out = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7" + "\xf8\xf9\xfa\xfb\xfc\xfd\xff\x03", .ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96" "\xe9\x3d\x7e\x11\x73\x93\x17\x2a" "\xae\x2d\x8a\x57\x1e\x03\xac\x9c" @@ -14998,6 +15031,8 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x1C", .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" @@ -15131,6 +15166,8 @@ static const struct cipher_testvec aes_ctr_tv_template[] = { .klen = 32, .iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" "\xE2\x7D\x18\xD6\x71\x0C\xA7\x42", + .iv_out = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47" + "\xE2\x7D\x18\xD6\x71\x0C\xA7\x62", .ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75" "\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03" "\x6C\xF8\x61\xCA\x33\xBF\x28\x91" @@ -23046,6 +23083,7 @@ static const struct cipher_testvec cast5_ctr_tv_template[] = { "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x62", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A", @@ -23058,6 +23096,7 @@ static const struct cipher_testvec cast5_ctr_tv_template[] = { "\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A", .klen = 16, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x9D", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -24163,6 +24202,8 @@ static const struct cipher_testvec camellia_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\x83", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -24296,6 +24337,8 @@ static const struct cipher_testvec camellia_ctr_tv_template[] = { .klen = 32, .iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" "\xC4\x29\x8E\xF3\x35\x9A\xFF\x64", + .iv_out = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F" + "\xC4\x29\x8E\xF3\x35\x9A\xFF\xA4", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" @@ -24559,6 +24602,8 @@ static const struct cipher_testvec camellia_ctr_tv_template[] = { .klen = 32, .iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF" "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD", + .iv_out = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x3C", .ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31" "\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3" "\x3A\xD1\x45\xDC\x73\x0A\x7E\x15" -- cgit From fa5fd3afc7e64473bd9d417726c046b322ec0696 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 00:03:54 -0800 Subject: crypto: arm64/aes-blk - update IV after partial final CTR block Make the arm64 ctr-aes-neon and ctr-aes-ce algorithms update the IV buffer to contain the next counter after processing a partial final block, rather than leave it as the last counter. This makes these algorithms pass the updated AES-CTR tests. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/arm64/crypto/aes-modes.S | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index 67700045a0e0..4c7ce231963c 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -320,8 +320,7 @@ AES_ENTRY(aes_ctr_encrypt) .Lctrtailblock: st1 {v0.16b}, [x0] - ldp x29, x30, [sp], #16 - ret + b .Lctrout .Lctrcarry: umov x7, v4.d[0] /* load upper word of ctr */ -- cgit From 511306b2d075e3cb1e5dd805bffcf4041535f2b5 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 00:03:55 -0800 Subject: crypto: arm/aes-ce - update IV after partial final CTR block Make the arm ctr-aes-ce algorithm update the IV buffer to contain the next counter after processing a partial final block, rather than leave it as the last counter. This makes ctr-aes-ce pass the updated AES-CTR tests. This change also makes the code match the arm64 version in arch/arm64/crypto/aes-modes.S more closely. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- arch/arm/crypto/aes-ce-core.S | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/arch/arm/crypto/aes-ce-core.S b/arch/arm/crypto/aes-ce-core.S index ba8e6a32fdc9..bc53bcaa772e 100644 --- a/arch/arm/crypto/aes-ce-core.S +++ b/arch/arm/crypto/aes-ce-core.S @@ -317,25 +317,27 @@ ENTRY(ce_aes_ctr_encrypt) .Lctrloop: vmov q0, q6 bl aes_encrypt - subs r4, r4, #1 - bmi .Lctrtailblock @ blocks < 0 means tail block - vld1.8 {q3}, [r1]! - veor q3, q0, q3 - vst1.8 {q3}, [r0]! adds r6, r6, #1 @ increment BE ctr rev ip, r6 vmov s27, ip bcs .Lctrcarry - teq r4, #0 + +.Lctrcarrydone: + subs r4, r4, #1 + bmi .Lctrtailblock @ blocks < 0 means tail block + vld1.8 {q3}, [r1]! + veor q3, q0, q3 + vst1.8 {q3}, [r0]! bne .Lctrloop + .Lctrout: - vst1.8 {q6}, [r5] + vst1.8 {q6}, [r5] @ return next CTR value pop {r4-r6, pc} .Lctrtailblock: - vst1.8 {q0}, [r0, :64] @ return just the key stream - pop {r4-r6, pc} + vst1.8 {q0}, [r0, :64] @ return the key stream + b .Lctrout .Lctrcarry: .irp sreg, s26, s25, s24 @@ -344,11 +346,9 @@ ENTRY(ce_aes_ctr_encrypt) adds ip, ip, #1 rev ip, ip vmov \sreg, ip - bcc 0f + bcc .Lctrcarrydone .endr -0: teq r4, #0 - beq .Lctrout - b .Lctrloop + b .Lctrcarrydone ENDPROC(ce_aes_ctr_encrypt) /* -- cgit From 367ecc07314a650084f8a46fe3ce550a9cdabef3 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 10:27:48 -0800 Subject: crypto: nhpoly1305 - add a test vector with len % 16 != 0 This is needed to test that the end of the message is zero-padded when the length is not a multiple of 16 (NH_MESSAGE_UNIT). It's already tested indirectly by the 31-byte Adiantum test vector, but it should be tested directly at the nhpoly1305 level too. As with the other nhpoly1305 test vectors, this was generated by the reference Python implementation at https://github.com/google/adiantum and then automatically formatted for testmgr by a script. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 144 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 31bacd0f6823..6bf5a4ddbb5c 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -5924,6 +5924,150 @@ static const struct hash_testvec nhpoly1305_tv_template[] = { .psize = 16, .digest = "\x04\xbf\x7f\x6a\xce\x72\xea\x6a" "\x79\xdb\xb0\xc9\x60\xf6\x12\xcc", + }, { + .key = "\x2e\x77\x1e\x2c\x63\x76\x34\x3f" + "\x71\x08\x4f\x5a\xe3\x3d\x74\x56" + "\xc7\x98\x46\x52\xe5\x8a\xba\x0d" + "\x72\x41\x11\x15\x14\x72\x50\x8a" + "\xd5\xec\x60\x09\xdd\x71\xcc\xb9" + "\x59\x81\x65\x2d\x9e\x50\x18\xf3" + "\x32\xf3\xf1\xe7\x01\x82\x1c\xad" + "\x88\xa0\x21\x0c\x4b\x80\x5e\x62" + "\xfc\x81\xec\x52\xaa\xe4\xa5\x86" + "\xc2\xe6\x03\x11\xdc\x66\x09\x86" + "\x3c\x3b\xf0\x59\x0f\xb3\xf7\x44" + "\x24\xb7\x88\xc5\xfc\xc8\x77\x9f" + "\x8c\x44\xc4\x11\x55\xce\x7a\xa3" + "\xe0\xa2\xb8\xbf\xb5\x3d\x07\x2c" + "\x32\xb6\x6c\xfc\xb4\x42\x95\x95" + "\x98\x32\x81\xc4\xe7\xe2\xd9\x6a" + "\x87\xf4\xf4\x1e\x74\x7c\xb5\xcd" + "\x51\x45\x68\x38\x51\xdb\x30\x74" + "\x11\xe0\xaa\xae\x19\x8f\x15\x55" + "\xdd\x47\x4a\x35\xb9\x0c\xb4\x4e" + "\xa9\xce\x2f\xfa\x8f\xc1\x8a\x5e" + "\x5b\xec\xa5\x81\x3b\xb3\x43\x06" + "\x24\x81\xf4\x24\xe2\x21\xfa\xcb" + "\x49\xa8\xf8\xbd\x31\x4a\x5b\x2d" + "\x64\x0a\x07\xf0\x80\xc9\x0d\x81" + "\x14\x58\x54\x2b\xba\x22\x31\xba" + "\xef\x66\xc9\x49\x69\x69\x83\x0d" + "\xf2\xf9\x80\x9d\x30\x36\xfb\xe3" + "\xc0\x72\x2b\xcc\x5a\x81\x2c\x5d" + "\x3b\x5e\xf8\x2b\xd3\x14\x28\x73" + "\xf9\x1c\x70\xe6\xd8\xbb\xac\x30" + "\xf9\xd9\xa0\xe2\x33\x7c\x33\x34" + "\xa5\x6a\x77\x6d\xd5\xaf\xf4\xf3" + "\xc7\xb3\x0e\x83\x3d\xcb\x01\xcc" + "\x81\xc0\xf9\x4a\xae\x36\x92\xf7" + "\x69\x7b\x65\x01\xc3\xc8\xb8\xae" + "\x16\xd8\x30\xbb\xba\x6d\x78\x6e" + "\x0d\xf0\x7d\x84\xb7\x87\xda\x28" + "\x7a\x18\x10\x0b\x29\xec\x29\xf3" + "\xb0\x7b\xa1\x28\xbf\xbc\x2b\x2c" + "\x92\x2c\x16\xfb\x02\x39\xf9\xa6" + "\xa2\x15\x05\xa6\x72\x10\xbc\x62" + "\x4a\x6e\xb8\xb5\x5d\x59\xae\x3c" + "\x32\xd3\x68\xd7\x8e\x5a\xcd\x1b" + "\xef\xf6\xa7\x5e\x10\x51\x15\x4b" + "\x2c\xe3\xba\x70\x4f\x2c\xa0\x1c" + "\x7b\x97\xd7\xb2\xa5\x05\x17\xcc" + "\xf7\x3a\x29\x6f\xd5\x4b\xb8\x24" + "\xf4\x65\x95\x12\xc0\x86\xd1\x64" + "\x81\xdf\x46\x55\x0d\x22\x06\x77" + "\xd8\xca\x8d\xc8\x87\xc3\xfa\xb9" + "\xe1\x98\x94\xe6\x7b\xed\x65\x66" + "\x0e\xc7\x25\x15\xee\x4a\xe6\x7e" + "\xea\x1b\x58\xee\x96\xa0\x75\x9a" + "\xa3\x00\x9e\x42\xc2\x26\x20\x8c" + "\x3d\x22\x1f\x94\x3e\x74\x43\x72" + "\xe9\x1d\xa6\xa1\x6c\xa7\xb8\x03" + "\xdf\xb9\x7a\xaf\xe9\xe9\x3b\xfe" + "\xdf\x91\xc1\x01\xa8\xba\x5d\x29" + "\xa5\xe0\x98\x9b\x13\xe5\x13\x11" + "\x7c\x04\x3a\xe8\x44\x7e\x78\xfc" + "\xd6\x96\xa8\xbc\x7d\xc1\x89\x3d" + "\x75\x64\xa9\x0e\x86\x33\xfb\x73" + "\xf7\x15\xbc\x2c\x9a\x3f\x29\xce" + "\x1c\x9d\x10\x4e\x85\xe1\x77\x41" + "\x01\xe2\xbc\x88\xec\x81\xef\xc2" + "\x6a\xed\x4f\xf7\xdf\xac\x10\x71" + "\x94\xed\x71\xa4\x01\xd4\xd6\xbe" + "\xfe\x3e\xc3\x92\x6a\xf2\x2b\xb5" + "\xab\x15\x96\xb7\x88\x2c\xc2\xe1" + "\xb0\x04\x22\xe7\x3d\xa9\xc9\x7d" + "\x2c\x7c\x21\xff\x97\x86\x6b\x0c" + "\x2b\x5b\xe0\xb6\x48\x74\x8f\x24" + "\xef\x8e\xdd\x0f\x2a\x5f\xff\x33" + "\xf4\x8e\xc5\xeb\x9c\xd7\x2a\x45" + "\xf3\x50\xf1\xc0\x91\x8f\xc7\xf9" + "\x97\xc1\x3c\x9c\xf4\xed\x8a\x23" + "\x61\x5b\x40\x1a\x09\xee\x23\xa8" + "\x7c\x7a\x96\xe1\x31\x55\x3d\x12" + "\x04\x1f\x21\x78\x72\xf0\x0f\xa5" + "\x80\x58\x7c\x2f\x37\xb5\x67\x24" + "\x2f\xce\xf9\xf6\x86\x9f\xb3\x34" + "\x0c\xfe\x0a\xaf\x27\xe6\x5e\x0a" + "\x21\x44\x68\xe1\x5d\x84\x25\xae" + "\x2c\x5a\x94\x66\x9a\x3f\x0e\x5a" + "\xd0\x60\x2a\xd5\x3a\x4e\x2f\x40" + "\x87\xe9\x27\x3e\xee\x92\xe1\x07" + "\x22\x43\x52\xed\x67\x49\x13\xdd" + "\x68\xd7\x54\xc2\x76\x72\x7e\x75" + "\xaf\x24\x98\x5c\xe8\x22\xaa\x35" + "\x0f\x9a\x1c\x4c\x0b\x43\x68\x99" + "\x45\xdd\xbf\x82\xa5\x6f\x0a\xef" + "\x44\x90\x85\xe7\x57\x23\x22\x41" + "\x2e\xda\x24\x28\x65\x7f\x96\x85" + "\x9f\x4b\x0d\x43\xb9\xa8\xbd\x84" + "\xad\x0b\x09\xcc\x2c\x4a\x0c\xec" + "\x71\x58\xba\xf1\xfc\x49\x4c\xca" + "\x5c\x5d\xb2\x77\x0c\x99\xae\x1c" + "\xce\x70\x05\x5b\x73\x6b\x7c\x28" + "\x3b\xeb\x21\x3f\xa3\x71\xe1\x6a" + "\xf4\x87\xd0\xbf\x73\xaa\x0b\x0b" + "\xed\x70\xb3\xd4\xa3\xca\x76\x3a" + "\xdb\xfa\xd8\x08\x95\xec\xac\x59" + "\xd0\x79\x90\xc2\x33\x7b\xcc\x28" + "\x65\xb6\x5f\x92\xc4\xac\x23\x40" + "\xd1\x20\x44\x1f\xd7\x29\xab\x46" + "\x79\x32\xc6\x8f\x79\xe5\xaa\x2c" + "\xa6\x76\x70\x3a\x9e\x46\x3f\x8c" + "\x1a\x89\x32\x28\x61\x5c\xcf\x93" + "\x1e\xde\x9e\x98\xbe\x06\x30\x23" + "\xc4\x8b\xda\x1c\xd1\x67\x46\x93" + "\x9d\x41\xa2\x8c\x03\x22\xbd\x55" + "\x7e\x91\x51\x13\xdc\xcf\x5c\x1e" + "\xcb\x5d\xfb\x14\x16\x1a\x44\x56" + "\x27\x77\xfd\xed\x7d\xbd\xd1\x49" + "\x7f\x0d\xc3\x59\x48\x6b\x3c\x02" + "\x6b\xb5\xd0\x83\xd5\x81\x29\xe7" + "\xe0\xc9\x36\x23\x8d\x41\x33\x77" + "\xff\x5f\x54\xde\x4d\x3f\xd2\x4e" + "\xb6\x4d\xdd\x85\xf8\x9b\x20\x7d" + "\x39\x27\x68\x63\xd3\x8e\x61\x39" + "\xfa\xe1\xc3\x04\x74\x27\x5a\x34" + "\x7f\xec\x59\x2d\xc5\x6e\x54\x23" + "\xf5\x7b\x4b\xbe\x58\x2b\xf2\x81" + "\x93\x63\xcc\x13\xd9\x90\xbb\x6a" + "\x41\x03\x8d\x95\xeb\xbb\x5d\x06" + "\x38\x4c\x0e\xd6\xa9\x5b\x84\x97" + "\x3e\x64\x72\xe9\x96\x07\x0f\x73" + "\x6e\xc6\x3b\x32\xbe\xac\x13\x14" + "\xd0\x0a\x17\x5f\xb9\x9c\x3e\x34" + "\xd9\xec\xd6\x8f\x89\xbf\x1e\xd3" + "\xda\x80\xb2\x29\xff\x28\x96\xb3" + "\x46\x50\x5b\x15\x80\x97\xee\x1f" + "\x6c\xd8\xe8\xe0\xbd\x09\xe7\x20" + "\x8c\x23\x8e\xd9\xbb\x92\xfa\x82" + "\xaa\x0f\xb5\xf8\x78\x60\x11\xf0", + .ksize = 1088, + .plaintext = "\x0b\xb2\x31\x2d\xad\xfe\xce\xf9" + "\xec\x5d\x3d\x64\x5f\x3f\x75\x43" + "\x05\x5b\x97", + .psize = 19, + .digest = "\x5f\x02\xae\x65\x6c\x13\x21\x67" + "\x77\x9e\xc4\x43\x58\x68\xde\x8f", }, { .key = "\x65\x4d\xe3\xf8\xd2\x4c\xac\x28" "\x68\xf5\xb3\x81\x71\x4b\xa1\xfa" -- cgit From 333e664772c5b8cfd5c019e300b378cd9d1c5ae3 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Thu, 14 Feb 2019 10:29:39 -0800 Subject: crypto: adiantum - add 1536 and 4096-byte test vectors Add 1536 and 4096-byte Adiantum test vectors so that the case where there are multiple NH hashes is tested. This is already tested by the nhpoly1305 test vectors, but it should be tested at the Adiantum level too. Moreover the 4096-byte case is especially important. As with the other Adiantum test vectors, these were generated by the reference Python implementation at https://github.com/google/adiantum and then automatically formatted for testmgr by a script. Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- crypto/testmgr.h | 2860 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2860 insertions(+) diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 6bf5a4ddbb5c..f267633cf13a 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -28820,6 +28820,1436 @@ static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = { "\x21\xb0\x21\x52\xba\xa7\x37\xaa" "\xcc\xbf\x95\xa8\xf4\xd0\x91\xf6", .len = 512, + }, { + .key = "\xeb\xe5\x11\x3a\x72\xeb\x10\xbe" + "\x70\xcf\xe3\xea\xc2\x74\xa4\x48" + "\x29\x0f\x8f\x3f\xcf\x4c\x28\x2a" + "\x4e\x1e\x3c\xc3\x27\x9f\x16\x13", + .klen = 32, + .iv = "\x84\x3e\xa2\x7c\x06\x72\xb2\xad" + "\x88\x76\x65\xb4\x1a\x29\x27\x12" + "\x45\xb6\x8d\x0e\x4b\x87\x04\xfc" + "\xb5\xcd\x1c\x4d\xe8\x06\xf1\xcb", + .ptext = "\x8e\xb6\x07\x9b\x7c\xe4\xa4\xa2" + "\x41\x6c\x24\x1d\xc0\x77\x4e\xd9" + "\x4a\xa4\x2c\xb6\xe4\x55\x02\x7f" + "\xc4\xec\xab\xc2\x5c\x63\x40\x92" + "\x38\x24\x62\xdb\x65\x82\x10\x7f" + "\x21\xa5\x39\x3a\x3f\x38\x7e\xad" + "\x6c\x7b\xc9\x3f\x89\x8f\xa8\x08" + "\xbd\x31\x57\x3c\x7a\x45\x67\x30" + "\xa9\x27\x58\x34\xbe\xe3\xa4\xc3" + "\xff\xc2\x9f\x43\xf0\x04\xba\x1e" + "\xb6\xf3\xc4\xce\x09\x7a\x2e\x42" + "\x7d\xad\x97\xc9\x77\x9a\x3a\x78" + "\x6c\xaf\x7c\x2a\x46\xb4\x41\x86" + "\x1a\x20\xf2\x5b\x1a\x60\xc9\xc4" + "\x47\x5d\x10\xa4\xd2\x15\x6a\x19" + "\x4f\xd5\x51\x37\xd5\x06\x70\x1a" + "\x3e\x78\xf0\x2e\xaa\xb5\x2a\xbd" + "\x83\x09\x7c\xcb\x29\xac\xd7\x9c" + "\xbf\x80\xfd\x9d\xd4\xcf\x64\xca" + "\xf8\xc9\xf1\x77\x2e\xbb\x39\x26" + "\xac\xd9\xbe\xce\x24\x7f\xbb\xa2" + "\x82\xba\xeb\x5f\x65\xc5\xf1\x56" + "\x8a\x52\x02\x4d\x45\x23\x6d\xeb" + "\xb0\x60\x7b\xd8\x6e\xb2\x98\xd2" + "\xaf\x76\xf2\x33\x9b\xf3\xbb\x95" + "\xc0\x50\xaa\xc7\x47\xf6\xb3\xf3" + "\x77\x16\xcb\x14\x95\xbf\x1d\x32" + "\x45\x0c\x75\x52\x2c\xe8\xd7\x31" + "\xc0\x87\xb0\x97\x30\x30\xc5\x5e" + "\x50\x70\x6e\xb0\x4b\x4e\x38\x19" + "\x46\xca\x38\x6a\xca\x7d\xfe\x05" + "\xc8\x80\x7c\x14\x6c\x24\xb5\x42" + "\x28\x04\x4c\xff\x98\x20\x08\x10" + "\x90\x31\x03\x78\xd8\xa1\xe6\xf9" + "\x52\xc2\xfc\x3e\xa7\x68\xce\xeb" + "\x59\x5d\xeb\xd8\x64\x4e\xf8\x8b" + "\x24\x62\xcf\x17\x36\x84\xc0\x72" + "\x60\x4f\x3e\x47\xda\x72\x3b\x0e" + "\xce\x0b\xa9\x9c\x51\xdc\xa5\xb9" + "\x71\x73\x08\x4e\x22\x31\xfd\x88" + "\x29\xfc\x8d\x17\x3a\x7a\xe5\xb9" + "\x0b\x9c\x6d\xdb\xce\xdb\xde\x81" + "\x73\x5a\x16\x9d\x3c\x72\x88\x51" + "\x10\x16\xf3\x11\x6e\x32\x5f\x4c" + "\x87\xce\x88\x2c\xd2\xaf\xf5\xb7" + "\xd8\x22\xed\xc9\xae\x68\x7f\xc5" + "\x30\x62\xbe\xc9\xe0\x27\xa1\xb5" + "\x57\x74\x36\x60\xb8\x6b\x8c\xec" + "\x14\xad\xed\x69\xc9\xd8\xa5\x5b" + "\x38\x07\x5b\xf3\x3e\x74\x48\x90" + "\x61\x17\x23\xdd\x44\xbc\x9d\x12" + "\x0a\x3a\x63\xb2\xab\x86\xb8\x67" + "\x85\xd6\xb2\x5d\xde\x4a\xc1\x73" + "\x2a\x7c\x53\x8e\xd6\x7d\x0e\xe4" + "\x3b\xab\xc5\x3d\x32\x79\x18\xb7" + "\xd6\x50\x4d\xf0\x8a\x37\xbb\xd3" + "\x8d\xd8\x08\xd7\x7d\xaa\x24\x52" + "\xf7\x90\xe3\xaa\xd6\x49\x7a\x47" + "\xec\x37\xad\x74\x8b\xc1\xb7\xfe" + "\x4f\x70\x14\x62\x22\x8c\x63\xc2" + "\x1c\x4e\x38\xc3\x63\xb7\xbf\x53" + "\xbd\x1f\xac\xa6\x94\xc5\x81\xfa" + "\xe0\xeb\x81\xe9\xd9\x1d\x32\x3c" + "\x85\x12\xca\x61\x65\xd1\x66\xd8" + "\xe2\x0e\xc3\xa3\xff\x0d\xd3\xee" + "\xdf\xcc\x3e\x01\xf5\x9b\x45\x5c" + "\x33\xb5\xb0\x8d\x36\x1a\xdf\xf8" + "\xa3\x81\xbe\xdb\x3d\x4b\xf6\xc6" + "\xdf\x7f\xb0\x89\xbd\x39\x32\x50" + "\xbb\xb2\xe3\x5c\xbb\x4b\x18\x98" + "\x08\x66\x51\xe7\x4d\xfb\xfc\x4e" + "\x22\x42\x6f\x61\xdb\x7f\x27\x88" + "\x29\x3f\x02\xa9\xc6\x83\x30\xcc" + "\x8b\xd5\x64\x7b\x7c\x76\x16\xbe" + "\xb6\x8b\x26\xb8\x83\x16\xf2\x6b" + "\xd1\xdc\x20\x6b\x42\x5a\xef\x7a" + "\xa9\x60\xb8\x1a\xd3\x0d\x4e\xcb" + "\x75\x6b\xc5\x80\x43\x38\x7f\xad" + "\x9c\x56\xd9\xc4\xf1\x01\x74\xf0" + "\x16\x53\x8d\x69\xbe\xf2\x5d\x92" + "\x34\x38\xc8\x84\xf9\x1a\xfc\x26" + "\x16\xcb\xae\x7d\x38\x21\x67\x74" + "\x4c\x40\xaa\x6b\x97\xe0\xb0\x2f" + "\xf5\x3e\xf6\xe2\x24\xc8\x22\xa4" + "\xa8\x88\x27\x86\x44\x75\x5b\x29" + "\x34\x08\x4b\xa1\xfe\x0c\x26\xe5" + "\xac\x26\xf6\x21\x0c\xfb\xde\x14" + "\xfe\xd7\xbe\xee\x48\x93\xd6\x99" + "\x56\x9c\xcf\x22\xad\xa2\x53\x41" + "\xfd\x58\xa1\x68\xdc\xc4\xef\x20" + "\xa1\xee\xcf\x2b\x43\xb6\x57\xd8" + "\xfe\x01\x80\x25\xdf\xd2\x35\x44" + "\x0d\x15\x15\xc3\xfc\x49\xbf\xd0" + "\xbf\x2f\x95\x81\x09\xa6\xb6\xd7" + "\x21\x03\xfe\x52\xb7\xa8\x32\x4d" + "\x75\x1e\x46\x44\xbc\x2b\x61\x04" + "\x1b\x1c\xeb\x39\x86\x8f\xe9\x49" + "\xce\x78\xa5\x5e\x67\xc5\xe9\xef" + "\x43\xf8\xf1\x35\x22\x43\x61\xc1" + "\x27\xb5\x09\xb2\xb8\xe1\x5e\x26" + "\xcc\xf3\x6f\xb2\xb7\x55\x30\x98" + "\x87\xfc\xe7\xa8\xc8\x94\x86\xa1" + "\xd9\xa0\x3c\x74\x16\xb3\x25\x98" + "\xba\xc6\x84\x4a\x27\xa6\x58\xfe" + "\xe1\x68\x04\x30\xc8\xdb\x44\x52" + "\x4e\xb2\xa4\x6f\xf7\x63\xf2\xd6" + "\x63\x36\x17\x04\xf8\x06\xdb\xeb" + "\x99\x17\xa5\x1b\x61\x90\xa3\x9f" + "\x05\xae\x3e\xe4\xdb\xc8\x1c\x8e" + "\x77\x27\x88\xdf\xd3\x22\x5a\xc5" + "\x9c\xd6\x22\xf8\xc4\xd8\x92\x9d" + "\x16\xcc\x54\x25\x3b\x6f\xdb\xc0" + "\x78\xd8\xe3\xb3\x03\x69\xd7\x5d" + "\xf8\x08\x04\x63\x61\x9d\x76\xf9" + "\xad\x1d\xc4\x30\x9f\x75\x89\x6b" + "\xfb\x62\xba\xae\xcb\x1b\x6c\xe5" + "\x7e\xea\x58\x6b\xae\xce\x9b\x48" + "\x4b\x80\xd4\x5e\x71\x53\xa7\x24" + "\x73\xca\xf5\x3e\xbb\x5e\xd3\x1c" + "\x33\xe3\xec\x5b\xa0\x32\x9d\x25" + "\x0e\x0c\x28\x29\x39\x51\xc5\x70" + "\xec\x60\x8f\x77\xfc\x06\x7a\x33" + "\x19\xd5\x7a\x6e\x94\xea\xa3\xeb" + "\x13\xa4\x2e\x09\xd8\x81\x65\x83" + "\x03\x63\x8b\xb5\xc9\x89\x98\x73" + "\x69\x53\x8e\xab\xf1\xd2\x2f\x67" + "\xbd\xa6\x16\x6e\xd0\x8b\xc1\x25" + "\x93\xd2\x50\x7c\x1f\xe1\x11\xd0" + "\x58\x0d\x2f\x72\xe7\x5e\xdb\xa2" + "\x55\x9a\xe0\x09\x21\xac\x61\x85" + "\x4b\x20\x95\x73\x63\x26\xe3\x83" + "\x4b\x5b\x40\x03\x14\xb0\x44\x16" + "\xbd\xe0\x0e\xb7\x66\x56\xd7\x30" + "\xb3\xfd\x8a\xd3\xda\x6a\xa7\x3d" + "\x98\x09\x11\xb7\x00\x06\x24\x5a" + "\xf7\x42\x94\xa6\x0e\xb1\x6d\x48" + "\x74\xb1\xa7\xe6\x92\x0a\x15\x9a" + "\xf5\xfa\x55\x1a\x6c\xdd\x71\x08" + "\xd0\xf7\x8d\x0e\x7c\x67\x4d\xc6" + "\xe6\xde\x78\x88\x88\x3c\x5e\x23" + "\x46\xd2\x25\xa4\xfb\xa3\x26\x3f" + "\x2b\xfd\x9c\x20\xda\x72\xe1\x81" + "\x8f\xe6\xae\x08\x1d\x67\x15\xde" + "\x86\x69\x1d\xc6\x1e\x6d\xb7\x5c" + "\xdd\x43\x72\x5a\x7d\xa7\xd8\xd7" + "\x1e\x66\xc5\x90\xf6\x51\x76\x91" + "\xb3\xe3\x39\x81\x75\x08\xfa\xc5" + "\x06\x70\x69\x1b\x2c\x20\x74\xe0" + "\x53\xb0\x0c\x9d\xda\xa9\x5b\xdd" + "\x1c\x38\x6c\x9e\x3b\xc4\x7a\x82" + "\x93\x9e\xbb\x75\xfb\x19\x4a\x55" + "\x65\x7a\x3c\xda\xcb\x66\x5c\x13" + "\x17\x97\xe8\xbd\xae\x24\xd9\x76" + "\xfb\x8c\x73\xde\xbd\xb4\x1b\xe0" + "\xb9\x2c\xe8\xe0\x1d\x3f\xa8\x2c" + "\x1e\x81\x5b\x77\xe7\xdf\x6d\x06" + "\x7c\x9a\xf0\x2b\x5d\xfc\x86\xd5" + "\xb1\xad\xbc\xa8\x73\x48\x61\x67" + "\xd6\xba\xc8\xe8\xe2\xb8\xee\x40" + "\x36\x22\x3e\x61\xf6\xc8\x16\xe4" + "\x0e\x88\xad\x71\x53\x58\xe1\x6c" + "\x8f\x4f\x89\x4b\x3e\x9c\x7f\xe9" + "\xad\xc2\x28\xc2\x3a\x29\xf3\xec" + "\xa9\x28\x39\xba\xc2\x86\xe1\x06" + "\xf3\x8b\xe3\x95\x0c\x87\xb8\x1b" + "\x72\x35\x8e\x8f\x6d\x18\xc8\x1c" + "\xa5\x5d\x57\x9d\x73\x8a\xbb\x9e" + "\x21\x05\x12\xd7\xe0\x21\x1c\x16" + "\x3a\x95\x85\xbc\xb0\x71\x0b\x36" + "\x6c\x44\x8d\xef\x3b\xec\x3f\x8e" + "\x24\xa9\xe3\xa7\x63\x23\xca\x09" + "\x62\x96\x79\x0c\x81\x05\x41\xf2" + "\x07\x20\x26\xe5\x8e\x10\x54\x03" + "\x05\x7b\xfe\x0c\xcc\x8c\x50\xe5" + "\xca\x33\x4d\x48\x7a\x03\xd5\x64" + "\x49\x09\xf2\x5c\x5d\xfe\x2b\x30" + "\xbf\x29\x14\x29\x8b\x9b\x7c\x96" + "\x47\x07\x86\x4d\x4e\x4d\xf1\x47" + "\xd1\x10\x2a\xa8\xd3\x15\x8c\xf2" + "\x2f\xf4\x3a\xdf\xd0\xa7\xcb\x5a" + "\xad\x99\x39\x4a\xdf\x60\xbe\xf9" + "\x91\x4e\xf5\x94\xef\xc5\x56\x32" + "\x33\x86\x78\xa3\xd6\x4c\x29\x7c" + "\xe8\xac\x06\xb5\xf5\x01\x5c\x9f" + "\x02\xc8\xe8\xbf\x5c\x1a\x7f\x4d" + "\x28\xa5\xb9\xda\xa9\x5e\xe7\x4b" + "\xf4\x3d\xe9\x1d\x28\xaa\x1a\x8a" + "\x76\xc8\x6c\x19\x61\x3c\x9e\x29" + "\xcd\xbe\xff\xe0\x1c\xb8\x67\xb5" + "\xa4\x46\xf8\xb9\x8a\xa2\xf6\x7c" + "\xef\x23\x73\x0c\xe9\x72\x0a\x0d" + "\x9b\x40\xd8\xfb\x0c\x9c\xab\xa8", + .ctext = "\xcb\x78\x87\x9c\xc7\x13\xc1\x30" + "\xdd\x2c\x7d\xb2\x97\xab\x06\x69" + "\x47\x87\x8a\x12\x2b\x5d\x86\xd7" + "\x2e\xe6\x7a\x0d\x58\x5d\xe7\x01" + "\x78\x0e\xff\xc7\xc5\xd2\x94\xd6" + "\xdd\x6b\x38\x1f\xa4\xe3\x3d\xe7" + "\xc5\x8a\xb5\xbe\x65\x11\x2b\xe1" + "\x2b\x8e\x84\xe8\xe0\x00\x7f\xdd" + "\x15\x15\xab\xbd\x22\x94\xf7\xce" + "\x99\x6f\xfd\x0e\x9b\x16\xeb\xeb" + "\x24\xc7\xbb\xc6\xe1\x6c\x57\xba" + "\x84\xab\x16\xf2\x57\xd6\x42\x9d" + "\x56\x92\x5b\x44\x18\xd4\xa2\x1b" + "\x1e\xa9\xdc\x7a\x16\x88\xc4\x4f" + "\x6d\x77\x9a\x2e\x82\xa9\xc3\xee" + "\xa4\xca\x05\x1b\x0e\xdc\x48\x96" + "\xd0\x50\x21\x1f\x46\xc7\xc7\x70" + "\x53\xcd\x1e\x4e\x5f\x2d\x4b\xb2" + "\x86\xe5\x3a\xe6\x1d\xec\x7b\x9d" + "\x8f\xd6\x41\xc6\xbb\x00\x4f\xe6" + "\x02\x47\x07\x73\x50\x6b\xcf\xb2" + "\x9e\x1c\x01\xc9\x09\xcc\xc3\x52" + "\x27\xe6\x63\xe0\x5b\x55\x60\x4d" + "\x72\xd0\xda\x4b\xec\xcb\x72\x5d" + "\x37\x4a\xf5\xb8\xd9\xe2\x08\x10" + "\xf3\xb9\xdc\x07\xc0\x02\x10\x14" + "\x9f\xe6\x8f\xc4\xc4\xe1\x39\x7b" + "\x47\xea\xae\x7c\xdd\x27\xa8\x4c" + "\x6b\x0f\x4c\xf8\xff\x16\x4e\xcb" + "\xec\x88\x33\x0d\x15\x10\x82\x66" + "\xa7\x3d\x2c\xb6\xbc\x2e\xe4\xce" + "\x4c\x2f\x4b\x46\x0f\x67\x78\xa5" + "\xff\x6a\x7d\x0d\x5e\x6d\xab\xfb" + "\x59\x99\xd8\x1f\x30\xd4\x33\xe8" + "\x7d\x11\xae\xe3\xba\xd0\x3f\xa7" + "\xa5\x5e\x43\xda\xf3\x0f\x3a\x5f" + "\xba\xb0\x47\xb2\x08\x60\xf4\xed" + "\x35\x23\x0c\xe9\x4f\x81\xc4\xc5" + "\xa8\x35\xdc\x99\x52\x33\x19\xd4" + "\x00\x01\x8d\x5a\x10\x82\x39\x78" + "\xfc\x72\x24\x63\x4a\x38\xc5\x6f" + "\xfe\xec\x2f\x26\x0c\x3c\x1c\xf6" + "\x4d\x99\x7a\x77\x59\xfe\x10\xa5" + "\xa1\x35\xbf\x2f\x15\xfa\x4e\x52" + "\xe6\xd5\x1c\x88\x90\x75\xd5\xcc" + "\xdb\x2a\xb1\xf0\x70\x54\x89\xc7" + "\xeb\x1d\x6e\x61\x45\xa3\x50\x48" + "\xcd\xdb\x32\xba\x7f\x6b\xaf\xef" + "\x50\xcb\x0d\x36\xf7\x29\x3a\x10" + "\x02\x73\xca\x8f\x3f\x5d\x82\x17" + "\x91\x9a\xd8\x15\x15\xe3\xe1\x41" + "\x43\xef\x85\xa6\xb0\xc7\x3b\x0f" + "\xf0\xa5\xaa\x66\x77\x70\x5e\x70" + "\xce\x17\x84\x68\x45\x39\x2c\x25" + "\xc6\xc1\x5f\x7e\xe8\xfa\xe4\x3a" + "\x47\x51\x7b\x9d\x54\x84\x98\x04" + "\x5f\xf7\x5f\x3c\x34\xe7\xa3\x1d" + "\xea\xb7\x6d\x05\xab\x28\xe4\x2c" + "\xb1\x7f\x08\xa8\x5d\x07\xbf\xfe" + "\x39\x72\x44\x87\x51\xc5\x73\xe4" + "\x9a\x5f\xdd\x46\xbc\x4e\xb1\x39" + "\xe4\x78\xb8\xbf\xdc\x5b\x88\x9b" + "\xc1\x3f\xd9\xd0\xb3\x5a\xdf\xaa" + "\x53\x6a\x91\x6d\x2a\x09\xf0\x0b" + "\x5e\xe8\xb2\xa0\xb4\x73\x07\x1d" + "\xc8\x33\x84\xe6\xda\xe6\xad\xd6" + "\xad\x91\x01\x4e\x14\x42\x34\x2c" + "\xe5\xf9\x99\x21\x56\x1f\x6c\x2b" + "\x4c\xe3\xd5\x9e\x04\xdc\x9a\x16" + "\xd1\x54\xe9\xc2\xf7\xc0\xd5\x06" + "\x2f\xa1\x38\x2a\x55\x88\x23\xf8" + "\xb0\xdb\x87\x32\xc9\x4e\xb0\x0c" + "\xc5\x05\x78\x58\xa1\x2e\x75\x75" + "\x68\xdc\xea\xdd\x0c\x33\x16\x5e" + "\xe7\xdc\xfd\x42\x74\xbe\xae\x60" + "\x3c\x37\x4b\x27\xf5\x2c\x5f\x55" + "\x4a\x0b\x64\xfd\xa2\x01\x65\x9c" + "\x27\x9f\x5e\x87\xd5\x95\x88\x66" + "\x09\x84\x42\xab\x00\xe2\x58\xc3" + "\x97\x45\xf1\x93\xe2\x34\x37\x3d" + "\xfe\x93\x8c\x17\xb9\x79\x65\x06" + "\xf7\x58\xe5\x1b\x3b\x4e\xda\x36" + "\x17\xe3\x56\xec\x26\x0f\x2e\xfa" + "\xd1\xb9\x2b\x3e\x7f\x1d\xe3\x4b" + "\x67\xdf\x43\x53\x10\xba\xa3\xfb" + "\x5d\x5a\xd8\xc4\xab\x19\x7e\x12" + "\xaa\x83\xf1\xc0\xa1\xe0\xbf\x72" + "\x5f\xe8\x68\x39\xef\x1a\xbe\xee" + "\x6f\x47\x79\x19\xed\xf2\xa1\x4a" + "\xe5\xfc\xb5\x58\xae\x63\x82\xcb" + "\x16\x0b\x94\xbb\x3e\x02\x49\xc4" + "\x3c\x33\xf1\xec\x1b\x11\x71\x9b" + "\x5b\x80\xf1\x6f\x88\x1c\x05\x36" + "\xa8\xd8\xee\x44\xb5\x18\xc3\x14" + "\x62\xba\x98\xb9\xc0\x2a\x70\x93" + "\xb3\xd8\x11\x69\x95\x1d\x43\x7b" + "\x39\xc1\x91\x05\xc4\xe3\x1e\xc2" + "\x1e\x5d\xe7\xde\xbe\xfd\xae\x99" + "\x4b\x8f\x83\x1e\xf4\x9b\xb0\x2b" + "\x66\x6e\x62\x24\x8d\xe0\x1b\x22" + "\x59\xeb\xbd\x2a\x6b\x2e\x37\x17" + "\x9e\x1f\x66\xcb\x66\xb4\xfb\x2c" + "\x36\x22\x5d\x73\x56\xc1\xb0\x27" + "\xe0\xf0\x1b\xe4\x47\x8b\xc6\xdc" + "\x7c\x0c\x3d\x29\xcb\x33\x10\xfe" + "\xc3\xc3\x1e\xff\x4c\x9b\x27\x86" + "\xe2\xb0\xaf\xb7\x89\xce\x61\x69" + "\xe7\x00\x3e\x92\xea\x5f\x9e\xc1" + "\xfa\x6b\x20\xe2\x41\x23\x82\xeb" + "\x07\x76\x4c\x4c\x2a\x96\x33\xbe" + "\x89\xa9\xa8\xb9\x9a\x7d\x27\x18" + "\x48\x23\x70\x46\xf3\x87\xa7\x91" + "\x58\xb8\x74\xba\xed\xc6\xb2\xa1" + "\x4d\xb6\x43\x9a\xe1\xa2\x41\xa5" + "\x35\xd3\x90\x8a\xc7\x4d\xb7\x88" + "\x0b\xe3\x74\x9f\x84\xfc\xd9\x73" + "\xf2\x86\x0c\xad\xeb\x5d\x70\xac" + "\x65\x07\x14\x8e\x57\xf6\xdc\xb4" + "\xc2\x02\x7c\xd6\x89\xe2\x8a\x3e" + "\x8e\x08\x3c\x12\x37\xaf\xe1\xa8" + "\x04\x11\x5c\xae\x5a\x2b\x60\xa0" + "\x03\x3c\x7a\xa2\x38\x92\xbe\xce" + "\x09\xa2\x5e\x0f\xc2\xb2\xb5\x06" + "\xc2\x97\x97\x9b\x09\x2f\x04\xfe" + "\x2c\xe7\xa3\xc4\x42\xe9\xa3\x40" + "\xa5\x52\x07\x2c\x3b\x89\x1a\xa5" + "\x28\xb1\x93\x05\x98\x0c\x2f\x3d" + "\xc6\xf5\x83\xac\x24\x1d\x28\x9f" + "\x32\x66\x4d\x70\xb7\xe0\xab\xb8" + "\x75\xc5\xf3\xd2\x7b\x26\x3e\xec" + "\x64\xe6\xf7\x70\xe7\xf8\x10\x8e" + "\x67\xd2\xb3\x87\x69\x40\x06\x9a" + "\x2f\x6a\x1a\xfd\x62\x0c\xee\x31" + "\x2e\xbe\x58\x97\x77\xd1\x09\x08" + "\x1f\x8d\x42\x29\x34\xd5\xd8\xb5" + "\x1f\xd7\x21\x18\xe3\xe7\x2e\x4a" + "\x42\xfc\xdb\x19\xe9\xee\xb9\x22" + "\xad\x5c\x07\xe9\xc8\x07\xe5\xe9" + "\x95\xa2\x0d\x30\x46\xe2\x65\x51" + "\x01\xa5\x74\x85\xe2\x52\x6e\x07" + "\xc9\xf5\x33\x09\xde\x78\x62\xa9" + "\x30\x2a\xd3\x86\xe5\x46\x2e\x60" + "\xff\x74\xb0\x5f\xec\x76\xb7\xd1" + "\x5e\x4d\x61\x97\x3c\x9c\x99\xc3" + "\x41\x65\x21\x47\xf9\xb1\x06\xec" + "\x18\xf8\x3f\xc7\x38\xfa\x7b\x14" + "\x62\x79\x6a\x0b\x0c\xf5\x2c\xb7" + "\xab\xcf\x63\x49\x6d\x1f\x46\xa8" + "\xbc\x7d\x42\x53\x75\x6b\xca\x38" + "\xac\x8b\xe7\xa1\xa1\x92\x19\x6b" + "\x0d\x75\x80\x5b\x7d\x35\x86\x70" + "\x12\x6b\xe5\x3e\xe5\x85\xa0\xa4" + "\xd6\x77\x5e\x4d\x24\x57\x84\xa9" + "\xe5\xa4\xbf\x25\xfb\x36\x65\x3b" + "\x81\x39\x61\xec\x5e\x4a\x7e\x10" + "\x58\x19\x13\x5c\x0f\x79\xec\xcf" + "\xbb\x5f\x69\x21\xc3\xa7\x5a\xff" + "\x3b\xc7\x85\x9b\x47\xbc\x3e\xad" + "\xbf\x54\x60\xb6\x5b\x3f\xfc\x50" + "\x68\x83\x76\x24\xb0\xc3\x3f\x93" + "\x0d\xce\x36\x0a\x58\x9d\xcc\xe9" + "\x52\xbb\xd0\x0b\x65\xe5\x0f\x62" + "\x82\x16\xaa\xd2\xba\x5a\x4c\xd0" + "\x67\xb5\x4e\x84\x1c\x02\x6e\xa3" + "\xaa\x22\x54\x96\xc8\xd9\x9c\x58" + "\x15\x63\xf4\x98\x1a\xa1\xd9\x11" + "\x64\x25\x56\xb5\x03\x8e\x29\x85" + "\x75\x88\xd1\xd2\xe4\xe6\x27\x48" + "\x13\x9c\x2b\xaa\xfb\xd3\x6e\x2c" + "\xe6\xd4\xe4\x8b\xd9\xf7\x01\x16" + "\x46\xf9\x5c\x88\x7a\x93\x9e\x2d" + "\xa6\xeb\x01\x2a\x72\xe4\x7f\xb4" + "\x78\x0c\x50\x18\xd3\x8e\x65\xa7" + "\x1b\xf9\x28\x5d\x89\x70\x96\x2f" + "\xa1\xc2\x9b\x34\xfc\x7c\x27\x63" + "\x93\xe6\xe3\xa4\x9d\x17\x97\x7e" + "\x13\x79\x9c\x4b\x2c\x23\x91\x2c" + "\x4f\xb1\x1d\x4b\xb4\x61\x6e\xe8" + "\x32\x35\xc3\x41\x7a\x50\x60\xc8" + "\x3e\xd8\x3f\x38\xfc\xc2\xa2\xe0" + "\x3a\x21\x25\x8f\xc2\x22\xed\x04" + "\x31\xb8\x72\x69\xaf\x6c\x6d\xab" + "\x25\x16\x95\x87\x92\xc7\x46\x3f" + "\x47\x05\x6c\xad\xa0\xa6\x1d\xf0" + "\x66\x2e\x01\x1a\xc3\xbe\xe4\xf6" + "\x51\xec\xa3\x95\x81\xe1\xcc\xab" + "\xc1\x71\x65\x0a\xe6\x53\xfb\xb8" + "\x53\x69\xad\x8b\xab\x8b\xa7\xcd" + "\x8f\x15\x01\x25\xb1\x1f\x9c\x3b" + "\x9b\x47\xad\x38\x38\x89\x6b\x1c" + "\x8a\x33\xdd\x8a\x06\x23\x06\x0b" + "\x7f\x70\xbe\x7e\xa1\x80\xbc\x7a", + .len = 1536, + }, { + .key = "\x60\xd5\x36\xb0\x8e\x5d\x0e\x5f" + "\x70\x47\x8c\xea\x87\x30\x1d\x58" + "\x2a\xb2\xe8\xc6\xcb\x60\xe7\x6f" + "\x56\x95\x83\x98\x38\x80\x84\x8a", + .klen = 32, + .iv = "\x43\xfe\x63\x3c\xdc\x9e\x0c\xa6" + "\xee\x9c\x0b\x97\x65\xc2\x56\x1d" + "\x5d\xd0\xbf\xa3\x9f\x1e\xfb\x78" + "\xbf\x51\x1b\x18\x73\x27\x27\x8c", + .ptext = "\x0b\x77\xd8\xa3\x8c\xa6\xb2\x2d" + "\x3e\xdd\xcc\x7c\x4a\x3e\x61\xc4" + "\x9a\x7f\x73\xb0\xb3\x29\x32\x61" + "\x13\x25\x62\xcc\x59\x4c\xf4\xdb" + "\xd7\xf5\xf4\xac\x75\x51\xb2\x83" + "\x64\x9d\x1c\x8b\xd1\x8b\x0c\x06" + "\xf1\x9f\xba\x9d\xae\x62\xd4\xd8" + "\x96\xbe\x3c\x4c\x32\xe4\x82\x44" + "\x47\x5a\xec\xb8\x8a\x5b\xd5\x35" + "\x57\x1e\x5c\x80\x6f\x77\xa9\xb9" + "\xf2\x4f\x71\x1e\x48\x51\x86\x43" + "\x0d\xd5\x5b\x52\x30\x40\xcd\xbb" + "\x2c\x25\xc1\x47\x8b\xb7\x13\xc2" + "\x3a\x11\x40\xfc\xed\x45\xa4\xf0" + "\xd6\xfd\x32\x99\x13\x71\x47\x2e" + "\x4c\xb0\x81\xac\x95\x31\xd6\x23" + "\xa4\x2f\xa9\xe8\x5a\x62\xdc\x96" + "\xcf\x49\xa7\x17\x77\x76\x8a\x8c" + "\x04\x22\xaf\xaf\x6d\xd9\x16\xba" + "\x35\x21\x66\x78\x3d\xb6\x65\x83" + "\xc6\xc1\x67\x8c\x32\xd6\xc0\xc7" + "\xf5\x8a\xfc\x47\xd5\x87\x09\x2f" + "\x51\x9d\x57\x6c\x29\x0b\x1c\x32" + "\x47\x6e\x47\xb5\xf3\x81\xc8\x82" + "\xca\x5d\xe3\x61\x38\xa0\xdc\xcc" + "\x35\x73\xfd\xb3\x92\x5c\x72\xd2" + "\x2d\xad\xf6\xcd\x20\x36\xff\x49" + "\x48\x80\x21\xd3\x2f\x5f\xe9\xd8" + "\x91\x20\x6b\xb1\x38\x52\x1e\xbc" + "\x88\x48\xa1\xde\xc0\xa5\x46\xce" + "\x9f\x32\x29\xbc\x2b\x51\x0b\xae" + "\x7a\x44\x4e\xed\xeb\x95\x63\x99" + "\x96\x87\xc9\x34\x02\x26\xde\x20" + "\xe4\xcb\x59\x0c\xb5\x55\xbd\x55" + "\x3f\xa9\x15\x25\xa7\x5f\xab\x10" + "\xbe\x9a\x59\x6c\xd5\x27\xf3\xf0" + "\x73\x4a\xb3\xe4\x08\x11\x00\xeb" + "\xf1\xae\xc8\x0d\xef\xcd\xb5\xfc" + "\x0d\x7e\x03\x67\xad\x0d\xec\xf1" + "\x9a\xfd\x31\x60\x3e\xa2\xfa\x1c" + "\x93\x79\x31\x31\xd6\x66\x7a\xbd" + "\x85\xfd\x22\x08\x00\xae\x72\x10" + "\xd6\xb0\xf4\xb8\x4a\x72\x5b\x9c" + "\xbf\x84\xdd\xeb\x13\x05\x28\xb7" + "\x61\x60\xfd\x7f\xf0\xbe\x4d\x18" + "\x7d\xc9\xba\xb0\x01\x59\x74\x18" + "\xe4\xf6\xa6\x74\x5d\x3f\xdc\xa0" + "\x9e\x57\x93\xbf\x16\x6c\xf6\xbd" + "\x93\x45\x38\x95\xb9\x69\xe9\x62" + "\x21\x73\xbd\x81\x73\xac\x15\x74" + "\x9e\x68\x28\x91\x38\xb7\xd4\x47" + "\xc7\xab\xc9\x14\xad\x52\xe0\x4c" + "\x17\x1c\x42\xc1\xb4\x9f\xac\xcc" + "\xc8\x12\xea\xa9\x9e\x30\x21\x14" + "\xa8\x74\xb4\x74\xec\x8d\x40\x06" + "\x82\xb7\x92\xd7\x42\x5b\xf2\xf9" + "\x6a\x1e\x75\x6e\x44\x55\xc2\x8d" + "\x73\x5b\xb8\x8c\x3c\xef\x97\xde" + "\x24\x43\xb3\x0e\xba\xad\x63\x63" + "\x16\x0a\x77\x03\x48\xcf\x02\x8d" + "\x76\x83\xa3\xba\x73\xbe\x80\x3f" + "\x8f\x6e\x76\x24\xc1\xff\x2d\xb4" + "\x20\x06\x9b\x67\xea\x29\xb5\xe0" + "\x57\xda\x30\x9d\x38\xa2\x7d\x1e" + "\x8f\xb9\xa8\x17\x64\xea\xbe\x04" + "\x84\xd1\xce\x2b\xfd\x84\xf9\x26" + "\x1f\x26\x06\x5c\x77\x6d\xc5\x9d" + "\xe6\x37\x76\x60\x7d\x3e\xf9\x02" + "\xba\xa6\xf3\x7f\xd3\x95\xb4\x0e" + "\x52\x1c\x6a\x00\x8f\x3a\x0b\xce" + "\x30\x98\xb2\x63\x2f\xff\x2d\x3b" + "\x3a\x06\x65\xaf\xf4\x2c\xef\xbb" + "\x88\xff\x2d\x4c\xa9\xf4\xff\x69" + "\x9d\x46\xae\x67\x00\x3b\x40\x94" + "\xe9\x7a\xf7\x0b\xb7\x3c\xa2\x2f" + "\xc3\xde\x5e\x29\x01\xde\xca\xfa" + "\xc6\xda\xd7\x19\xc7\xde\x4a\x16" + "\x93\x6a\xb3\x9b\x47\xe9\xd2\xfc" + "\xa1\xc3\x95\x9c\x0b\xa0\x2b\xd4" + "\xd3\x1e\xd7\x21\x96\xf9\x1e\xf4" + "\x59\xf4\xdf\x00\xf3\x37\x72\x7e" + "\xd8\xfd\x49\xd4\xcd\x61\x7b\x22" + "\x99\x56\x94\xff\x96\xcd\x9b\xb2" + "\x76\xca\x9f\x56\xae\x04\x2e\x75" + "\x89\x4e\x1b\x60\x52\xeb\x84\xf4" + "\xd1\x33\xd2\x6c\x09\xb1\x1c\x43" + "\x08\x67\x02\x01\xe3\x64\x82\xee" + "\x36\xcd\xd0\x70\xf1\x93\xd5\x63" + "\xef\x48\xc5\x56\xdb\x0a\x35\xfe" + "\x85\x48\xb6\x97\x97\x02\x43\x1f" + "\x7d\xc9\xa8\x2e\x71\x90\x04\x83" + "\xe7\x46\xbd\x94\x52\xe3\xc5\xd1" + "\xce\x6a\x2d\x6b\x86\x9a\xf5\x31" + "\xcd\x07\x9c\xa2\xcd\x49\xf5\xec" + "\x01\x3e\xdf\xd5\xdc\x15\x12\x9b" + "\x0c\x99\x19\x7b\x2e\x83\xfb\xd8" + "\x89\x3a\x1c\x1e\xb4\xdb\xeb\x23" + "\xd9\x42\xae\x47\xfc\xda\x37\xe0" + "\xd2\xb7\x47\xd9\xe8\xb5\xf6\x20" + "\x42\x8a\x9d\xaf\xb9\x46\x80\xfd" + "\xd4\x74\x6f\x38\x64\xf3\x8b\xed" + "\x81\x94\x56\xe7\xf1\x1a\x64\x17" + "\xd4\x27\x59\x09\xdf\x9b\x74\x05" + "\x79\x6e\x13\x29\x2b\x9e\x1b\x86" + "\x73\x9f\x40\xbe\x6e\xff\x92\x4e" + "\xbf\xaa\xf4\xd0\x88\x8b\x6f\x73" + "\x9d\x8b\xbf\xe5\x8a\x85\x45\x67" + "\xd3\x13\x72\xc6\x2a\x63\x3d\xb1" + "\x35\x7c\xb4\x38\xbb\x31\xe3\x77" + "\x37\xad\x75\xa9\x6f\x84\x4e\x4f" + "\xeb\x5b\x5d\x39\x6d\xed\x0a\xad" + "\x6c\x1b\x8e\x1f\x57\xfa\xc7\x7c" + "\xbf\xcf\xf2\xd1\x72\x3b\x70\x78" + "\xee\x8e\xf3\x4f\xfd\x61\x30\x9f" + "\x56\x05\x1d\x7d\x94\x9b\x5f\x8c" + "\xa1\x0f\xeb\xc3\xa9\x9e\xb8\xa0" + "\xc6\x4e\x1e\xb1\xbc\x0a\x87\xa8" + "\x52\xa9\x1e\x3d\x58\x8e\xc6\x95" + "\x85\x58\xa3\xc3\x3a\x43\x32\x50" + "\x6c\xb3\x61\xe1\x0c\x7d\x02\x63" + "\x5f\x8b\xdf\xef\x13\xf8\x66\xea" + "\x89\x00\x1f\xbd\x5b\x4c\xd5\x67" + "\x8f\x89\x84\x33\x2d\xd3\x70\x94" + "\xde\x7b\xd4\xb0\xeb\x07\x96\x98" + "\xc5\xc0\xbf\xc8\xcf\xdc\xc6\x5c" + "\xd3\x7d\x78\x30\x0e\x14\xa0\x86" + "\xd7\x8a\xb7\x53\xa3\xec\x71\xbf" + "\x85\xf2\xea\xbd\x77\xa6\xd1\xfd" + "\x5a\x53\x0c\xc3\xff\xf5\x1d\x46" + "\x37\xb7\x2d\x88\x5c\xeb\x7a\x0c" + "\x0d\x39\xc6\x40\x08\x90\x1f\x58" + "\x36\x12\x35\x28\x64\x12\xe7\xbb" + "\x50\xac\x45\x15\x7b\x16\x23\x5e" + "\xd4\x11\x2a\x8e\x17\x47\xe1\xd0" + "\x69\xc6\xd2\x5c\x2c\x76\xe6\xbb" + "\xf7\xe7\x34\x61\x8e\x07\x36\xc8" + "\xce\xcf\x3b\xeb\x0a\x55\xbd\x4e" + "\x59\x95\xc9\x32\x5b\x79\x7a\x86" + "\x03\x74\x4b\x10\x87\xb3\x60\xf6" + "\x21\xa4\xa6\xa8\x9a\xc9\x3a\x6f" + "\xd8\x13\xc9\x18\xd4\x38\x2b\xc2" + "\xa5\x7e\x6a\x09\x0f\x06\xdf\x53" + "\x9a\x44\xd9\x69\x2d\x39\x61\xb7" + "\x1c\x36\x7f\x9e\xc6\x44\x9f\x42" + "\x18\x0b\x99\xe6\x27\xa3\x1e\xa6" + "\xd0\xb9\x9a\x2b\x6f\x60\x75\xbd" + "\x52\x4a\x91\xd4\x7b\x8f\x95\x9f" + "\xdd\x74\xed\x8b\x20\x00\xdd\x08" + "\x6e\x5b\x61\x7b\x06\x6a\x19\x84" + "\x1c\xf9\x86\x65\xcd\x1c\x73\x3f" + "\x28\x5c\x8a\x93\x1a\xf3\xa3\x6c" + "\x6c\xa9\x7c\xea\x3c\xd4\x15\x45" + "\x7f\xbc\xe3\xbb\x42\xf0\x2e\x10" + "\xcd\x0c\x8b\x44\x1a\x82\x83\x0c" + "\x58\xb1\x24\x28\xa0\x11\x2f\x63" + "\xa5\x82\xc5\x9f\x86\x42\xf4\x4d" + "\x89\xdb\x76\x4a\xc3\x7f\xc4\xb8" + "\xdd\x0d\x14\xde\xd2\x62\x02\xcb" + "\x70\xb7\xee\xf4\x6a\x09\x12\x5e" + "\xd1\x26\x1a\x2c\x20\x71\x31\xef" + "\x7d\x65\x57\x65\x98\xff\x8b\x02" + "\x9a\xb5\xa4\xa1\xaf\x03\xc4\x50" + "\x33\xcf\x1b\x25\xfa\x7a\x79\xcc" + "\x55\xe3\x21\x63\x0c\x6d\xeb\x5b" + "\x1c\xad\x61\x0b\xbd\xb0\x48\xdb" + "\xb3\xc8\xa0\x87\x7f\x8b\xac\xfd" + "\xd2\x68\x9e\xb4\x11\x3c\x6f\xb1" + "\xfe\x25\x7d\x84\x5a\xae\xc9\x31" + "\xc3\xe5\x6a\x6f\xbc\xab\x41\xd9" + "\xde\xce\xf9\xfa\xd5\x7c\x47\xd2" + "\x66\x30\xc9\x97\xf2\x67\xdf\x59" + "\xef\x4e\x11\xbc\x4e\x70\xe3\x46" + "\x53\xbe\x16\x6d\x33\xfb\x57\x98" + "\x4e\x34\x79\x3b\xc7\x3b\xaf\x94" + "\xc1\x87\x4e\x47\x11\x1b\x22\x41" + "\x99\x12\x61\xe0\xe0\x8c\xa9\xbd" + "\x79\xb6\x06\x4d\x90\x3b\x0d\x30" + "\x1a\x00\xaa\x0e\xed\x7c\x16\x2f" + "\x0d\x1a\xfb\xf8\xad\x51\x4c\xab" + "\x98\x4c\x80\xb6\x92\x03\xcb\xa9" + "\x99\x9d\x16\xab\x43\x8c\x3f\x52" + "\x96\x53\x63\x7e\xbb\xd2\x76\xb7" + "\x6b\x77\xab\x52\x80\x33\xe3\xdf" + "\x4b\x3c\x23\x1a\x33\xe1\x43\x40" + "\x39\x1a\xe8\xbd\x3c\x6a\x77\x42" + "\x88\x9f\xc6\xaa\x65\x28\xf2\x1e" + "\xb0\x7c\x8e\x10\x41\x31\xe9\xd5" + "\x9d\xfd\x28\x7f\xfb\x61\xd3\x39" + "\x5f\x7e\xb4\xfb\x9c\x7d\x98\xb7" + "\x37\x2f\x18\xd9\x3b\x83\xaf\x4e" + "\xbb\xd5\x49\x69\x46\x93\x3a\x21" + "\x46\x1d\xad\x84\xb5\xe7\x8c\xff" + "\xbf\x81\x7e\x22\xf6\x88\x8c\x82" + "\xf5\xde\xfe\x18\xc9\xfb\x58\x07" + "\xe4\x68\xff\x9c\xf4\xe0\x24\x20" + "\x90\x92\x01\x49\xc2\x38\xe1\x7c" + "\xac\x61\x0b\x96\x36\xa4\x77\xe9" + "\x29\xd4\x97\xae\x15\x13\x7c\x6c" + "\x2d\xf1\xc5\x83\x97\x02\xa8\x2e" + "\x0b\x0f\xaf\xb5\x42\x18\x8a\x8c" + "\xb8\x28\x85\x28\x1b\x2a\x12\xa5" + "\x4b\x0a\xaf\xd2\x72\x37\x66\x23" + "\x28\xe6\x71\xa0\x77\x85\x7c\xff" + "\xf3\x8d\x2f\x0c\x33\x30\xcd\x7f" + "\x61\x64\x23\xb2\xe9\x79\x05\xb8" + "\x61\x47\xb1\x2b\xda\xf7\x9a\x24" + "\x94\xf6\xcf\x07\x78\xa2\x80\xaa" + "\x6e\xe9\x58\x97\x19\x0c\x58\x73" + "\xaf\xee\x2d\x6e\x26\x67\x18\x8a" + "\xc6\x6d\xf6\xbc\x65\xa9\xcb\xe7" + "\x53\xf1\x61\x97\x63\x52\x38\x86" + "\x0e\xdd\x33\xa5\x30\xe9\x9f\x32" + "\x43\x64\xbc\x2d\xdc\x28\x43\xd8" + "\x6c\xcd\x00\x2c\x87\x9a\x33\x79" + "\xbd\x63\x6d\x4d\xf9\x8a\x91\x83" + "\x9a\xdb\xf7\x9a\x11\xe1\xd1\x93" + "\x4a\x54\x0d\x51\x38\x30\x84\x0b" + "\xc5\x29\x8d\x92\x18\x6c\x28\xfe" + "\x1b\x07\x57\xec\x94\x74\x0b\x2c" + "\x21\x01\xf6\x23\xf9\xb0\xa0\xaf" + "\xb1\x3e\x2e\xa8\x0d\xbc\x2a\x68" + "\x59\xde\x0b\x2d\xde\x74\x42\xa1" + "\xb4\xce\xaf\xd8\x42\xeb\x59\xbd" + "\x61\xcc\x27\x28\xc6\xf2\xde\x3e" + "\x68\x64\x13\xd3\xc3\xc0\x31\xe0" + "\x5d\xf9\xb4\xa1\x09\x20\x46\x8b" + "\x48\xb9\x27\x62\x00\x12\xc5\x03" + "\x28\xfd\x55\x27\x1c\x31\xfc\xdb" + "\xc1\xcb\x7e\x67\x91\x2e\x50\x0c" + "\x61\xf8\x9f\x31\x26\x5a\x3d\x2e" + "\xa0\xc7\xef\x2a\xb6\x24\x48\xc9" + "\xbb\x63\x99\xf4\x7c\x4e\xc5\x94" + "\x99\xd5\xff\x34\x93\x8f\x31\x45" + "\xae\x5e\x7b\xfd\xf4\x81\x84\x65" + "\x5b\x41\x70\x0b\xe5\xaa\xec\x95" + "\x6b\x3d\xe3\xdc\x12\x78\xf8\x28" + "\x26\xec\x3a\x64\xc4\xab\x74\x97" + "\x3d\xcf\x21\x7d\xcf\x59\xd3\x15" + "\x47\x94\xe4\xd9\x48\x4c\x02\x49" + "\x68\x50\x22\x16\x96\x2f\xc4\x23" + "\x80\x47\x27\xd1\xee\x10\x3b\xa7" + "\x19\xae\xe1\x40\x5f\x3a\xde\x5d" + "\x97\x1c\x59\xce\xe1\xe7\x32\xa7" + "\x20\x89\xef\x44\x22\x38\x3c\x14" + "\x99\x3f\x1b\xd6\x37\xfe\x93\xbf" + "\x34\x13\x86\xd7\x9b\xe5\x2a\x37" + "\x72\x16\xa4\xdf\x7f\xe4\xa4\x66" + "\x9d\xf2\x0b\x29\xa1\xe2\x9d\x36" + "\xe1\x9d\x56\x95\x73\xe1\x91\x58" + "\x0f\x64\xf8\x90\xbb\x0c\x48\x0f" + "\xf5\x52\xae\xd9\xeb\x95\xb7\xdd" + "\xae\x0b\x20\x55\x87\x3d\xf0\x69" + "\x3c\x0a\x54\x61\xea\x00\xbd\xba" + "\x5f\x7e\x25\x8c\x3e\x61\xee\xb2" + "\x1a\xc8\x0e\x0b\xa5\x18\x49\xf2" + "\x6e\x1d\x3f\x83\xc3\xf1\x1a\xcb" + "\x9f\xc9\x82\x4e\x7b\x26\xfd\x68" + "\x28\x25\x8d\x22\x17\xab\xf8\x4e" + "\x1a\xa9\x81\x48\xb0\x9f\x52\x75" + "\xe4\xef\xdd\xbd\x5b\xbe\xab\x3c" + "\x43\x76\x23\x62\xce\xb8\xc2\x5b" + "\xc6\x31\xe6\x81\xb4\x42\xb2\xfd" + "\xf3\x74\xdd\x02\x3c\xa0\xd7\x97" + "\xb0\xe7\xe9\xe0\xce\xef\xe9\x1c" + "\x09\xa2\x6d\xd3\xc4\x60\xd6\xd6" + "\x9e\x54\x31\x45\x76\xc9\x14\xd4" + "\x95\x17\xe9\xbe\x69\x92\x71\xcb" + "\xde\x7c\xf1\xbd\x2b\xef\x8d\xaf" + "\x51\xe8\x28\xec\x48\x7f\xf8\xfa" + "\x9f\x9f\x5e\x52\x61\xc3\xfc\x9a" + "\x7e\xeb\xe3\x30\xb6\xfe\xc4\x4a" + "\x87\x1a\xff\x54\x64\xc7\xaa\xa2" + "\xfa\xb7\xb2\xe7\x25\xce\x95\xb4" + "\x15\x93\xbd\x24\xb6\xbc\xe4\x62" + "\x93\x7f\x44\x40\x72\xcb\xfb\xb2" + "\xbf\xe8\x03\xa5\x87\x12\x27\xfd" + "\xc6\x21\x8a\x8f\xc2\x48\x48\xb9" + "\x6b\xb6\xf0\xf0\x0e\x0a\x0e\xa4" + "\x40\xa9\xd8\x23\x24\xd0\x7f\xe2" + "\xf9\xed\x76\xf0\x91\xa5\x83\x3c" + "\x55\xe1\x92\xb8\xb6\x32\x9e\x63" + "\x60\x81\x75\x29\x9e\xce\x2a\x70" + "\x28\x0c\x87\xe5\x46\x73\x76\x66" + "\xbc\x4b\x6c\x37\xc7\xd0\x1a\xa0" + "\x9d\xcf\x04\xd3\x8c\x42\xae\x9d" + "\x35\x5a\xf1\x40\x4c\x4e\x81\xaa" + "\xfe\xd5\x83\x4f\x29\x19\xf3\x6c" + "\x9e\xd0\x53\xe5\x05\x8f\x14\xfb" + "\x68\xec\x0a\x3a\x85\xcd\x3e\xb4" + "\x4a\xc2\x5b\x92\x2e\x0b\x58\x64" + "\xde\xca\x64\x86\x53\xdb\x7f\x4e" + "\x54\xc6\x5e\xaa\xe5\x82\x3b\x98" + "\x5b\x01\xa7\x1f\x7b\x3d\xcc\x19" + "\xf1\x11\x02\x64\x09\x25\x7c\x26" + "\xee\xad\x50\x68\x31\x26\x16\x0f" + "\xb6\x7b\x6f\xa2\x17\x1a\xba\xbe" + "\xc3\x60\xdc\xd2\x44\xe0\xb4\xc4" + "\xfe\xff\x69\xdb\x60\xa6\xaf\x39" + "\x0a\xbd\x6e\x41\xd1\x9f\x87\x71" + "\xcc\x43\xa8\x47\x10\xbc\x2b\x7d" + "\x40\x12\x43\x31\xb8\x12\xe0\x95" + "\x6f\x9d\xf8\x75\x51\x3d\x61\xbe" + "\xa0\xd1\x0b\x8d\x50\xc7\xb8\xe7" + "\xab\x03\xda\x41\xab\xc5\x4e\x33" + "\x5a\x63\x94\x90\x22\x72\x54\x26" + "\x93\x65\x99\x45\x55\xd3\x55\x56" + "\xc5\x39\xe4\xb4\xb1\xea\xd8\xf9" + "\xb5\x31\xf7\xeb\x80\x1a\x9e\x8d" + "\xd2\x40\x01\xea\x33\xb9\xf2\x7a" + "\x43\x41\x72\x0c\xbf\x20\xab\xf7" + "\xfa\x65\xec\x3e\x35\x57\x1e\xef" + "\x2a\x81\xfa\x10\xb2\xdb\x8e\xfa" + "\x7f\xe7\xaf\x73\xfc\xbb\x57\xa2" + "\xaf\x6f\x41\x11\x30\xd8\xaf\x94" + "\x53\x8d\x4c\x23\xa5\x20\x63\xcf" + "\x0d\x00\xe0\x94\x5e\x92\xaa\xb5" + "\xe0\x4e\x96\x3c\xf4\x26\x2f\xf0" + "\x3f\xd7\xed\x75\x2c\x63\xdf\xc8" + "\xfb\x20\xb5\xae\x44\x83\xc0\xab" + "\x05\xf9\xbb\xa7\x62\x7d\x21\x5b" + "\x04\x80\x93\x84\x5f\x1d\x9e\xcd" + "\xa2\x07\x7e\x22\x2f\x55\x94\x23" + "\x74\x35\xa3\x0f\x03\xbe\x07\x62" + "\xe9\x16\x69\x7e\xae\x38\x0e\x9b" + "\xad\x6e\x83\x90\x21\x10\xb8\x07" + "\xdc\xc1\x44\x20\xa5\x88\x00\xdc" + "\xe1\x82\x16\xf1\x0c\xdc\xed\x8c" + "\x32\xb5\x49\xab\x11\x41\xd5\xd2" + "\x35\x2c\x70\x73\xce\xeb\xe3\xd6" + "\xe4\x7d\x2c\xe8\x8c\xec\x8a\x92" + "\x50\x87\x51\xbd\x2d\x9d\xf2\xf0" + "\x3c\x7d\xb1\x87\xf5\x01\xb0\xed" + "\x02\x5a\x20\x4d\x43\x08\x71\x49" + "\x77\x72\x9b\xe6\xef\x30\xc9\xa2" + "\x66\x66\xb8\x68\x9d\xdf\xc6\x16" + "\xa5\x78\xee\x3c\x47\xa6\x7a\x31" + "\x07\x6d\xce\x7b\x86\xf8\xb2\x31" + "\xa8\xa4\x77\x3c\x63\x36\xe8\xd3" + "\x7d\x40\x56\xd8\x48\x56\x9e\x3e" + "\x56\xf6\x3d\xd2\x12\x6e\x35\x29" + "\xd4\x7a\xdb\xff\x97\x4c\xeb\x3c" + "\x28\x2a\xeb\xe9\x43\x40\x61\x06" + "\xb8\xa8\x6d\x18\xc8\xbc\xc7\x23" + "\x53\x2b\x8b\xcc\xce\x88\xdf\xf8" + "\xff\xf8\x94\xe4\x5c\xee\xcf\x39" + "\xe0\xf6\x1a\xae\xf2\xd5\x41\x6a" + "\x09\x5a\x50\x66\xc4\xf4\x66\xdc" + "\x6a\x69\xee\xc8\x47\xe6\x87\x52" + "\x9e\x28\xe4\x39\x02\x0d\xc4\x7e" + "\x18\xe6\xc6\x09\x07\x03\x30\xb9" + "\xd1\xb0\x48\xe6\x80\xe8\x8c\xe6" + "\xc7\x2c\x33\xca\x64\xe5\xc0\x6e" + "\xac\x14\x4b\xe1\xf6\xeb\xce\xe4" + "\xc1\x8c\xea\x5b\x8d\x3c\x86\x91" + "\xd1\xd7\x16\x9c\x09\x9c\x6a\x51" + "\xe5\xcd\xe3\xb0\x33\x1f\x03\xcd" + "\xe5\xd8\x40\x9b\xdc\x29\xbe\xfa" + "\x24\xcc\xf1\x55\x68\x3a\x89\x0d" + "\x08\x48\xfd\x9b\x47\x41\x10\xae" + "\x53\x3a\x83\x87\xd4\x89\xe7\x38" + "\x47\xee\xd7\xbe\xe2\x58\x37\xd2" + "\xfc\x21\x1d\x20\xa5\x2d\x69\x0c" + "\x36\x5b\x2f\xcd\xa1\xa6\xe4\xa1" + "\x00\x4d\xf7\xc8\x2d\xc7\x16\x6c" + "\x6d\xad\x32\x8c\x8f\x74\xf9\xfa" + "\x78\x1c\x9a\x0f\x6e\x93\x9c\x20" + "\x43\xb9\xe4\xda\xc4\xc7\x90\x47" + "\x86\x68\xb7\x6f\x82\x59\x4a\x30" + "\xf1\xfd\x31\x0f\xa1\xea\x9b\x6b" + "\x18\x5c\x39\xb0\xc7\x80\x64\xff" + "\x6d\x5b\xb4\x8b\xba\x90\xea\x4e" + "\x9a\x04\xd2\x68\x18\x50\xb5\x91" + "\x45\x4f\x58\x5a\xe5\xc6\x7c\xab" + "\x61\x3e\x3d\xec\x18\x87\xfc\xea" + "\x26\x35\x4c\x99\x8a\x3f\x00\x7b" + "\xf5\x89\x62\xda\xdd\xf1\x43\xef" + "\x2c\x1d\x92\xfa\x9a\xd0\x37\x03" + "\x69\x9c\xd8\x1f\x41\x44\xb7\x73" + "\x54\x14\x91\x12\x41\x41\x54\xa2" + "\x91\x55\xb6\xf7\x23\x41\xc9\xc2" + "\x5b\x53\xf2\x61\x63\x0d\xa9\x87" + "\x1a\xbb\x11\x1f\x3c\xbb\xa8\x1f" + "\xe2\x66\x56\x88\x06\x3c\xd2\x0f" + "\x3b\xc4\xd6\x8c\xbe\x54\x9f\xa8" + "\x9c\x89\xfb\x88\x05\xef\xcd\xe7" + "\xc1\xc4\x21\x36\x22\x8d\x9a\x5d" + "\x1b\x1e\x4a\xc0\x89\xdd\x76\x16" + "\x5a\xce\xcd\x1e\x6a\x1f\xa0\x2b" + "\x83\xf6\x5e\x28\x8e\x65\xb5\x86" + "\x72\x8f\xc5\xf2\x54\x81\x10\x8d" + "\x63\x7b\x42\x7d\x06\x08\x16\xb3" + "\xb0\x60\x65\x41\x49\xdb\x0d\xc1" + "\xe2\xef\x72\x72\x06\xe7\x60\x5c" + "\x95\x1c\x7d\x52\xec\x82\xee\xd3" + "\x5b\xab\x61\xa4\x1f\x61\x64\x0c" + "\x28\x32\x21\x7a\x81\xe7\x81\xf3" + "\xdb\xc0\x18\xd9\xae\x0b\x3c\x9a" + "\x58\xec\x70\x4f\x40\x25\x2b\xba" + "\x96\x59\xac\x34\x45\x29\xc6\x57" + "\xc1\xc3\x93\x60\x77\x92\xbb\x83" + "\x8a\xa7\x72\x45\x2a\xc9\x35\xe7" + "\x66\xd6\xa9\xe9\x43\x87\x20\x11" + "\x6a\x2f\x87\xac\xe0\x93\x82\xe5" + "\x6c\x57\xa9\x4c\x9e\x56\x57\x33" + "\x1c\xd8\x7e\x25\x27\x41\x89\x97" + "\xea\xa5\x56\x02\x5b\x93\x13\x46" + "\xdc\x53\x3d\x95\xef\xaf\x9f\xf0" + "\x0a\x8a\xfe\x0c\xbf\xf0\x25\x5f" + "\xb4\x9f\x1b\x72\x9c\x37\xba\x46" + "\x4e\xcc\xcc\x02\x5c\xec\x3f\x98" + "\xff\x56\x1a\xc2\x7a\x65\x8f\xf6" + "\xd2\x81\x37\x7a\x0a\xfc\x79\xb9" + "\xcb\x8c\xc8\x1a\xd0\xba\x5d\x55" + "\xbc\x6d\x2e\xb2\x2f\x75\x29\x3f" + "\x1a\x4b\xa8\xd7\xe8\xf6\xf4\x2a" + "\xa5\xa1\x68\xec\xf3\xd5\xdd\x0f" + "\xad\x57\xae\x98\x83\xd5\x92\x4e" + "\x76\x86\x8e\x5e\x4b\x87\x7b\xf7" + "\x2d\x79\x3f\x12\x6a\x24\x58\xc8" + "\xab\x9a\x65\x75\x82\x6f\xa5\x39" + "\x72\xb0\xdf\x93\xb5\xa2\xf3\xdd" + "\x1f\x32\xfa\xdb\xfe\x1b\xbf\x0a" + "\xd9\x95\xdd\x02\xf1\x23\x54\xb1" + "\xa5\xbb\x24\x04\x5c\x2a\x97\x92" + "\xe6\xe0\x10\x61\xe3\x46\xc7\x0c" + "\xcb\xbc\x51\x9a\x35\x16\xd9\x42" + "\x62\xb3\x5e\xa4\x3c\x84\xa0\x7f" + "\xb8\x7f\x70\xd1\x8b\x03\xdf\x27" + "\x32\x06\x3f\x12\x23\x19\x22\x82" + "\x2d\x37\xa5\x00\x31\x9b\xa9\x21" + "\x8e\x34\x8c\x8e\x4f\xe8\xd4\x63" + "\x6c\xb2\xa9\x6e\xf6\x7c\x96\xf1" + "\x0e\x64\xab\x14\x3d\x8f\x74\xb3" + "\x35\x79\x84\x78\x06\x68\x97\x30" + "\xe0\x22\x55\xd6\xc5\x5b\x38\xb2" + "\x75\x24\x0c\x52\xb6\x57\xcc\x0a" + "\xbd\x3c\xd0\x73\x47\xd1\x25\xd6" + "\x1c\xfd\x27\x05\x3f\x70\xe1\xa7" + "\x69\x3b\xee\xc9\x9f\xfd\x2a\x7e" + "\xab\x58\xe6\x0b\x35\x5e\x52\xf9" + "\xff\xac\x5b\x82\x88\xa7\x65\xbc" + "\x61\x29\xdc\xa1\x94\x42\xd1\xd3" + "\xa0\xd8\xba\x3b\x49\xc8\xa7\xce" + "\x01\x6c\xb7\x3f\xe3\x98\x4d\xd1" + "\x9f\x46\x0d\xb3\xf2\x43\x33\x49" + "\xb7\x27\xbd\xba\xcc\x3f\x09\x56" + "\xfa\x64\x18\xb8\x17\x28\xde\x0d" + "\x29\xfa\x1f\xad\x60\x3b\x90\xa7" + "\x05\x9f\x4c\xc4\xdc\x05\x3b\x17" + "\x58\xea\x99\xfd\x6b\x8a\x93\x77" + "\xa5\x44\xbd\x8d\x29\x44\x29\x89" + "\x52\x1d\x89\x8b\x44\x8f\xb9\x68" + "\xeb\x93\xfd\x92\xd9\x14\x35\x9c" + "\x28\x3a\x9f\x1d\xd8\xe0\x2a\x76" + "\x51\xc1\xf0\xa9\x1d\xb4\xf8\xb9" + "\xfc\x14\x78\x5a\xa2\xb1\xdb\x94" + "\xcb\x18\xb9\x34\xbd\x0c\x65\x1d" + "\x64\xde\xd0\x3a\xe4\x68\x0e\xbc" + "\x13\xa7\x47\x89\x62\xa3\x03\x19" + "\x64\xa1\x02\x27\x3a\x8d\x43\xfa" + "\x68\xff\xda\x8b\x40\xe9\x19\x8b" + "\x56\xbe\x1c\x9b\xe6\xf6\x3f\x60" + "\xdb\x7a\xd5\xab\x82\xd8\xd9\x99" + "\xe3\x5b\x0c\x0c\x69\x18\x5c\xed" + "\x03\xf9\xc1\x61\xc4\x7b\xd4\x90" + "\x43\xc3\x39\xec\xac\xcb\x1f\x4b" + "\x23\xf8\xa9\x98\x2f\xf6\x48\x90" + "\x6c\x2b\x94\xad\x14\xdd\xcc\xa2" + "\x3d\xc7\x86\x0f\x7f\x1c\x0b\x93" + "\x4b\x74\x1f\x80\x75\xb4\x91\xdf" + "\xa8\x26\xf9\x06\x2b\x3a\x2c\xfd" + "\x3c\x31\x40\x1e\x5b\xa6\x86\x01" + "\xc4\xa2\x80\x4f\xf5\xa2\xf4\xff" + "\xf6\x07\x8c\x92\xf7\x74\xbd\x42" + "\xb0\x3f\x6b\x05\xca\x40\xeb\x04" + "\x20\xa9\x37\x78\x32\x03\x60\xcc" + "\xf3\xec\xb2\x2d\xb5\x80\x7c\xe4" + "\x37\x53\x25\xd1\xe8\x91\x6a\xe5" + "\xdf\xdd\xb0\xab\x69\xc7\xa1\xb2" + "\xfc\xb3\xd1\x9e\xda\xa8\x0d\x68" + "\xfe\x7d\xdc\x56\x33\x65\x99\xd2" + "\xec\xa5\xa0\xa1\x26\xc9\xec\xbd" + "\x22\x20\x5e\x0d\xcb\x93\x64\x7a" + "\x56\x75\xed\xe5\x45\xa2\xbd\x16" + "\x59\xf7\x43\xd9\x5b\x2c\xdd\xb6" + "\x1d\xa8\x05\x89\x2f\x65\x2e\x66" + "\xfe\xad\x93\xeb\x85\x8f\xe8\x4c" + "\x00\x44\x71\x03\x0e\x26\xaf\xfd" + "\xfa\x56\x0f\xdc\x9c\xf3\x2e\xab" + "\x88\x26\x61\xc6\x13\xfe\xba\xc1" + "\xd8\x8a\x38\xc3\xb6\x4e\x6d\x80" + "\x4c\x65\x93\x2f\xf5\x54\xff\x63" + "\xbe\xdf\x9a\xe3\x4f\xca\xc9\x71" + "\x12\xab\x95\x66\xec\x09\x64\xea" + "\xdc\x9f\x01\x61\x24\x88\xd1\xa7" + "\xd0\x69\x26\xf0\x80\xb0\xec\x86" + "\xc2\x58\x2f\x6a\xc5\xfd\xfc\x2a" + "\xf6\x3e\x23\x77\x3b\x7e\xc5\xc5" + "\xe7\xf9\x4d\xcc\x68\x53\x11\xc8" + "\x5b\x44\xbd\x48\x0f\xb3\x35\x1a" + "\x93\x4a\x80\x16\xa3\x0d\x50\x85" + "\xa6\xc4\xd4\x74\x4d\x87\x59\x51" + "\xd7\xf7\x7d\xee\xd0\x9b\xd1\x83" + "\x25\x2b\xc6\x39\x27\x6a\xb3\x41" + "\x5f\xd2\x24\xd4\xd6\xfa\x8c\x3e" + "\xb2\xf9\x11\x71\x7a\x9e\x5e\x7b" + "\x5b\x9a\x47\x80\xca\x1c\xbe\x04" + "\x5d\x34\xc4\xa2\x2d\x41\xfe\x73" + "\x53\x15\x9f\xdb\xe7\x7d\x82\x19" + "\x21\x1b\x67\x2a\x74\x7a\x21\x4a" + "\xc4\x96\x6f\x00\x92\x69\xf1\x99" + "\x50\xf1\x4a\x16\x11\xf1\x16\x51", + .ctext = "\x57\xd1\xcf\x26\xe5\x07\x7a\x3f" + "\xa5\x5e\xd4\xa8\x12\xe9\x4e\x36" + "\x9c\x28\x65\xe0\xbd\xef\xf1\x49" + "\x04\xd4\xd4\x01\x4d\xf5\xfc\x2a" + "\x32\xd8\x19\x21\xcd\x58\x2a\x1a" + "\x43\x78\xa4\x57\x69\xa0\x52\xeb" + "\xcd\xa5\x9c\x4d\x03\x28\xef\x8b" + "\x54\xc6\x6c\x31\xab\x3e\xaf\x6d" + "\x0a\x87\x83\x3d\xb7\xea\x6b\x3d" + "\x11\x58\x7d\x5f\xaf\xc9\xfc\x50" + "\x58\x9a\x84\xa1\xcf\x76\xdc\x77" + "\x83\x9a\x28\x74\x69\xc9\x0c\xc2" + "\x7b\x1e\x4e\xe4\x25\x41\x23\x0d" + "\x4e\x0e\x2d\x7a\x87\xaa\x0f\x7c" + "\x98\xad\xf0\x6f\xbf\xcb\xd5\x1a" + "\x3e\xcf\x0e\xc5\xde\xbd\x8d\xf1" + "\xaa\x19\x16\xb8\xc5\x25\x02\x33" + "\xbd\x5a\x85\xe2\xc0\x77\x71\xda" + "\x12\x4c\xdf\x7f\xce\xc0\x32\x95" + "\x1a\xde\xcb\x0a\x70\xd0\x9e\x89" + "\xc5\x97\x18\x04\xab\x8c\x38\x56" + "\x69\xe5\xf6\xa5\x76\x2c\x52\x7a" + "\x49\xd2\x9a\x95\xa6\xa8\x82\x42" + "\x20\x1f\x58\x57\x4e\x22\xdb\x92" + "\xec\xbd\x4a\x21\x66\x9b\x7a\xcb" + "\x73\xcd\x6d\x15\x07\xc9\x97\xb8" + "\x11\x35\xee\x29\xa4\x90\xfc\x46" + "\x0f\x39\x56\xc6\x4a\x3a\xcf\xcc" + "\xb1\xbf\x62\x1c\x16\xc5\x12\x6c" + "\x0e\x69\x89\xce\xcf\x11\x4e\xe5" + "\x7e\x4e\x7c\x8f\xb4\xc9\xe6\x54" + "\x42\x89\x28\x27\xe6\xec\x50\xb7" + "\x69\x91\x44\x3e\x46\xd4\x64\xf6" + "\x25\x4c\x4d\x2f\x60\xd9\x9a\xd3" + "\x1c\x70\xf4\xd8\x24\x1e\xdb\xcf" + "\xa8\xc0\x22\xe6\x82\x57\xf6\xf0" + "\xe1\x1e\x38\x66\xec\xdc\x20\xdb" + "\x6a\x57\x68\xb1\x43\x61\xe1\x12" + "\x18\x5f\x31\x57\x39\xcb\xea\x3c" + "\x6e\x5d\x9a\xe0\xa6\x70\x4d\xd8" + "\xf9\x47\x4e\xef\x31\xa5\x66\x9b" + "\xb7\xf1\xd9\x59\x85\xfc\xdb\x7e" + "\xa2\x7a\x70\x25\x0c\xfd\x18\x0d" + "\x00\x42\xc9\x48\x8a\xbd\x74\xc5" + "\x3e\xe1\x20\x5a\x5d\x2e\xe5\x32" + "\x1d\x1c\x08\x65\x80\x69\xae\x24" + "\x80\xde\xb6\xdf\x97\xaa\x42\x8d" + "\xce\x39\x07\xe6\x69\x94\x5a\x75" + "\x39\xda\x5e\x1a\xed\x4a\x4c\x23" + "\x66\x1f\xf3\xb1\x6e\x8f\x21\x94" + "\x45\xc4\x63\xbd\x06\x93\x5e\x30" + "\xe7\x8f\xcb\xe0\xbb\x2a\x27\xcf" + "\x57\xa9\xa6\x28\xaf\xae\xcb\xa5" + "\x7b\x36\x61\x77\x3a\x4f\xec\x51" + "\x71\xfd\x52\x9e\x32\x7b\x98\x09" + "\xae\x27\xbc\x93\x96\xab\xb6\x02" + "\xf7\x21\xd3\x42\x00\x7e\x7a\x92" + "\x17\xfe\x1b\x3d\xcf\xb6\xfe\x1e" + "\x40\xc3\x10\x25\xac\x22\x9e\xcc" + "\xc2\x02\x61\xf5\x0a\x4b\xc3\xec" + "\xb1\x44\x06\x05\xb8\xd6\xcb\xd5" + "\xf1\xf5\xb5\x65\xbc\x1a\x19\xa2" + "\x7d\x60\x87\x11\x06\x83\x25\xe3" + "\x5e\xf0\xeb\x15\x93\xb6\x8e\xab" + "\x49\x52\xe8\xdb\xde\xd1\x8e\xa2" + "\x3a\x64\x13\x30\xaa\x20\xaf\x81" + "\x8d\x3c\x24\x2a\x76\x6d\xca\x32" + "\x63\x51\x6b\x8e\x4b\xa7\xf6\xad" + "\xa5\x94\x16\x82\xa6\x97\x3b\xe5" + "\x41\xcd\x87\x33\xdc\xc1\x48\xca" + "\x4e\xa2\x82\xad\x8e\x1b\xae\xcb" + "\x12\x93\x27\xa3\x2b\xfa\xe6\x26" + "\x43\xbd\xb0\x00\x01\x22\x1d\xd3" + "\x28\x9d\x69\xe0\xd4\xf8\x5b\x01" + "\x40\x7d\x54\xe5\xe2\xbd\x78\x5a" + "\x0e\xab\x51\xfc\xd4\xde\xba\xbc" + "\xa4\x7a\x74\x6d\xf8\x36\xc2\x70" + "\x03\x27\x36\xa2\xc0\xde\xf2\xc7" + "\x55\xd4\x66\xee\x9a\x9e\xaa\x99" + "\x2b\xeb\xa2\x6f\x17\x80\x60\x64" + "\xed\x73\xdb\xc1\x70\xda\xde\x67" + "\xcd\x6e\xc9\xfa\x3f\xef\x49\xd9" + "\x18\x42\xf1\x87\x6e\x2c\xac\xe1" + "\x12\x26\x52\xbe\x3e\xf1\xcc\x85" + "\x9a\xd1\x9e\xc1\x02\xd3\xca\x2b" + "\x99\xe7\xe8\x95\x7f\x91\x4b\xc0" + "\xab\xd4\x5a\xf7\x88\x1c\x7e\xea" + "\xd3\x15\x38\x26\xb5\xa3\xf2\xfc" + "\xc4\x12\x70\x5a\x37\x83\x49\xac" + "\xf4\x5e\x4c\xc8\x64\x03\x98\xad" + "\xd2\xbb\x8d\x90\x01\x80\xa1\x2a" + "\x23\xd1\x8d\x26\x43\x7d\x2b\xd0" + "\x87\xe1\x8e\x6a\xb3\x73\x9d\xc2" + "\x66\x75\xee\x2b\x41\x1a\xa0\x3b" + "\x1b\xdd\xb9\x21\x69\x5c\xef\x52" + "\x21\x57\xd6\x53\x31\x67\x7e\xd1" + "\xd0\x67\x8b\xc0\x97\x2c\x0a\x09" + "\x1d\xd4\x35\xc5\xd4\x11\x68\xf8" + "\x5e\x75\xaf\x0c\xc3\x9d\xa7\x09" + "\x38\xf5\x77\xb9\x80\xa9\x6b\xbd" + "\x0c\x98\xb4\x8d\xf0\x35\x5a\x19" + "\x1d\xf8\xb3\x5b\x45\xad\x4e\x4e" + "\xd5\x59\xf5\xd7\x53\x63\x3e\x97" + "\x7f\x91\x50\x65\x61\x21\xa9\xb7" + "\x65\x12\xdc\x01\x56\x40\xe0\xb1" + "\xe1\x23\xba\x9d\xb9\xc4\x8b\x1f" + "\xa6\xfe\x24\x19\xe9\x42\x9f\x9b" + "\x02\x48\xaa\x60\x0b\xf5\x7f\x8f" + "\x35\x70\xed\x85\xb8\xc4\xdc\xb7" + "\x16\xb7\x03\xe0\x2e\xa0\x25\xab" + "\x02\x1f\x97\x8e\x5a\x48\xb6\xdb" + "\x25\x7a\x16\xf6\x4c\xec\xec\xa6" + "\xc1\x4e\xe3\x4e\xe3\x27\x78\xc8" + "\xb6\xd7\x01\x61\x98\x1b\x38\xaa" + "\x36\x93\xac\x6d\x05\x61\x4d\x5a" + "\xc9\xe5\x27\xa9\x22\xf2\x38\x5e" + "\x9e\xe5\xf7\x4a\x64\xd2\x14\x15" + "\x71\x7c\x65\x6e\x90\x31\xc7\x49" + "\x25\xec\x9f\xf1\xb2\xd6\xbc\x20" + "\x6a\x13\xd5\x70\x65\xfc\x8b\x66" + "\x2c\xf1\x57\xc2\xe7\xb8\x89\xf7" + "\x17\xb2\x45\x64\xe0\xb3\x8c\x0d" + "\x69\x57\xf9\x5c\xff\xc2\x3c\x18" + "\x1e\xfd\x4b\x5e\x0d\x20\x01\x1a" + "\xa3\xa3\xb3\x76\x98\x9c\x92\x41" + "\xb4\xcd\x9f\x8f\x88\xcb\xb1\xb5" + "\x25\x87\x45\x4c\x07\xa7\x15\x99" + "\x24\x85\x15\x9e\xfc\x28\x98\x2b" + "\xd0\x22\x0a\xcc\x62\x12\x86\x0a" + "\xa8\x0e\x7d\x15\x32\x98\xae\x2d" + "\x95\x25\x55\x33\x41\x5b\x8d\x75" + "\x46\x61\x01\xa4\xfb\xf8\x6e\xe5" + "\xec\x24\xfe\xd2\xd2\x46\xe2\x3a" + "\x77\xf3\xa1\x39\xd3\x39\x32\xd8" + "\x2a\x6b\x44\xd7\x70\x36\x23\x89" + "\x4f\x75\x85\x42\x70\xd4\x2d\x4f" + "\xea\xfc\xc9\xfe\xb4\x86\xd8\x73" + "\x1d\xeb\xf7\x54\x0a\x47\x7e\x2c" + "\x04\x7b\x47\xea\x52\x8f\x13\x1a" + "\xf0\x19\x65\xe2\x0a\x1c\xae\x89" + "\xe1\xc5\x87\x6e\x5d\x7f\xf8\x79" + "\x08\xbf\xd2\x7f\x2c\x95\x22\xba" + "\x32\x78\xa9\xf6\x03\x98\x18\xed" + "\x15\xbf\x49\xb0\x6c\xa1\x4b\xb0" + "\xf3\x17\xd5\x35\x5d\x19\x57\x5b" + "\xf1\x07\x1e\xaa\x4d\xef\xd0\xd6" + "\x72\x12\x6b\xd9\xbc\x10\x49\xc5" + "\x28\xd4\xec\xe9\x8a\xb1\x6d\x50" + "\x4b\xf3\x44\xb8\x49\x04\x62\xe9" + "\xa4\xd8\x5a\xe7\x90\x02\xb7\x1e" + "\x66\x89\xbc\x5a\x71\x4e\xbd\xf8" + "\x18\xfb\x34\x2f\x67\xa2\x65\x71" + "\x00\x63\x22\xef\x3a\xa5\x18\x0e" + "\x54\x76\xaa\x58\xae\x87\x23\x93" + "\xb0\x3c\xa2\xa4\x07\x77\x3e\xd7" + "\x1a\x9c\xfe\x32\xc3\x54\x04\x4e" + "\xd6\x98\x44\xda\x98\xf8\xd3\xc8" + "\x1c\x07\x4b\xcd\x97\x5d\x96\x95" + "\x9a\x1d\x4a\xfc\x19\xcb\x0b\xd0" + "\x6d\x43\x3a\x9a\x39\x1c\xa8\x90" + "\x9f\x53\x8b\xc4\x41\x75\xb5\xb9" + "\x91\x5f\x02\x0a\x57\x6c\x8f\xc3" + "\x1b\x0b\x3a\x8b\x58\x3b\xbe\x2e" + "\xdc\x4c\x23\x71\x2e\x14\x06\x21" + "\x0b\x3b\x58\xb8\x97\xd1\x00\x62" + "\x2e\x74\x3e\x6e\x21\x8a\xcf\x60" + "\xda\x0c\xf8\x7c\xfd\x07\x55\x7f" + "\xb9\x1d\xda\x34\xc7\x27\xbf\x2a" + "\xd9\xba\x41\x9b\x37\xa1\xc4\x5d" + "\x03\x01\xce\xbb\x58\xff\xee\x74" + "\x08\xbd\x0b\x80\xb1\xd5\xf8\xb5" + "\x92\xf9\xbb\xbe\x03\xb5\xec\xbe" + "\x17\xee\xd7\x4e\x87\x2b\x61\x1b" + "\x27\xc3\x51\x50\xa0\x02\x73\x00" + "\x1a\xea\x2a\x2b\xf8\xf6\xe6\x96" + "\x75\x00\x56\xcc\xcb\x7a\x24\x29" + "\xe8\xdb\x95\xbf\x4e\x8f\x0a\x78" + "\xb8\xeb\x5a\x90\x37\xd0\x21\x94" + "\x6a\x89\x6b\x41\x3a\x1b\xa7\x20" + "\x43\x37\xda\xad\x81\xdd\xb4\xfc" + "\xe9\x60\x82\x77\x44\x3f\x89\x23" + "\x35\x04\x8f\xa1\xe8\xc0\xb6\x9f" + "\x56\xa7\x86\x3d\x65\x9c\x57\xbb" + "\x27\xdb\xe1\xb2\x13\x07\x9c\xb1" + "\x60\x8b\x38\x6b\x7f\x24\x28\x14" + "\xfe\xbf\xc0\xda\x61\x6e\xc2\xc7" + "\x63\x36\xa8\x02\x54\x93\xb0\xba" + "\xbd\x4d\x29\x14\x5a\x8b\xbc\x78" + "\xb3\xa6\xc5\x15\x5d\x36\x4d\x38" + "\x20\x9c\x1e\x98\x2e\x16\x89\x33" + "\x66\xa2\x54\x57\xcc\xde\x12\xa6" + "\x3b\x44\xf1\xac\x36\x3b\x97\xc1" + "\x96\x94\xf2\x67\x57\x23\x9c\x29" + "\xcd\xb7\x24\x2a\x8c\x86\xee\xaa" + "\x0f\xee\xaf\xa0\xec\x40\x8c\x08" + "\x18\xa1\xb4\x2c\x09\x46\x11\x7e" + "\x97\x84\xb1\x03\xa5\x3e\x59\x05" + "\x07\xc5\xf0\xcc\xb6\x71\x72\x2a" + "\xa2\x02\x78\x60\x0b\xc4\x47\x93" + "\xab\xcd\x67\x2b\xf5\xc5\x67\xa0" + "\xc0\x3c\x6a\xd4\x7e\xc9\x93\x0c" + "\x02\xdc\x15\x87\x48\x16\x26\x18" + "\x4e\x0b\x16\x0e\xb3\x02\x3e\x4b" + "\xc2\xe4\x49\x08\x9f\xb9\x8b\x1a" + "\xca\x10\xe8\x6c\x58\xa9\x7e\xb8" + "\xbe\xff\x58\x0e\x8a\xfb\x35\x93" + "\xcc\x76\x7d\xd9\x44\x7c\x31\x96" + "\xc0\x29\x73\xd3\x91\x0a\xc0\x65" + "\x5c\xbe\xe7\x4e\xda\x31\x85\xf2" + "\x72\xee\x34\xbe\x41\x90\xd4\x07" + "\x50\x64\x56\x81\xe3\x27\xfb\xcc" + "\xb7\x5c\x36\xb4\x6e\xbd\x23\xf8" + "\xe8\x71\xce\xa8\x73\x77\x82\x74" + "\xab\x8d\x0e\xe5\x93\x68\xb1\xd2" + "\x51\xc2\x18\x58\xd5\x3f\x29\x6b" + "\x2e\xd0\x88\x7f\x4a\x9d\xa2\xb8" + "\xae\x96\x09\xbf\x47\xae\x7d\x12" + "\x70\x67\xf1\xdd\xda\xdf\x47\x57" + "\xc9\x2c\x0f\xcb\xf3\x57\xd4\xda" + "\x00\x2e\x13\x48\x8f\xc0\xaa\x46" + "\xe1\xc1\x57\x75\x1e\xce\x74\xc2" + "\x82\xef\x31\x85\x8e\x38\x56\xff" + "\xcb\xab\xe0\x78\x40\x51\xd3\xc5" + "\xc3\xb1\xee\x9b\xd7\x72\x7f\x13" + "\x83\x7f\x45\x49\x45\xa1\x05\x8e" + "\xdc\x83\x81\x3c\x24\x28\x87\x08" + "\xa0\x70\x73\x80\x42\xcf\x5c\x26" + "\x39\xa5\xc5\x90\x5c\x56\xda\x58" + "\x93\x45\x5d\x45\x64\x59\x16\x3f" + "\xf1\x20\xf7\xa8\x2a\xd4\x3d\xbd" + "\x17\xfb\x90\x01\xcf\x1e\x71\xab" + "\x22\xa2\x24\xb5\x80\xac\xa2\x9a" + "\x9c\x2d\x85\x69\xa7\x87\x33\x55" + "\x65\x72\xc0\x91\x2a\x3d\x05\x33" + "\x25\x0d\x29\x25\x9f\x45\x4e\xfa" + "\x5d\x90\x3f\x34\x08\x54\xdb\x7d" + "\x94\x20\xa2\x3b\x10\x01\xa4\x89" + "\x1e\x90\x4f\x36\x3f\xc2\x40\x07" + "\x3f\xab\x2e\x89\xce\x80\xe1\xf5" + "\xac\xaf\x17\x10\x18\x0f\x4d\xe3" + "\xfc\x82\x2b\xbe\xe2\x91\xfa\x5b" + "\x9a\x9b\x2a\xd7\x99\x8d\x8f\xdc" + "\x54\x99\xc4\xa3\x97\xfd\xd3\xdb" + "\xd1\x51\x7c\xce\x13\x5c\x3b\x74" + "\xda\x9a\xe3\xdc\xdc\x87\x84\x98" + "\x16\x6d\xb0\x3d\x65\x57\x0b\xb2" + "\xb8\x04\xd4\xea\x49\x72\xc3\x66" + "\xbc\xdc\x91\x05\x2b\xa6\x5e\xeb" + "\x55\x72\x3e\x34\xd4\x28\x4b\x9c" + "\x07\x51\xf7\x30\xf3\xca\x04\xc1" + "\xd3\x69\x50\x2c\x27\x27\xc4\xb9" + "\x56\xc7\xa2\xd2\x66\x29\xea\xe0" + "\x25\xb8\x49\xd1\x60\xc9\x5e\xb5" + "\xed\x87\xb8\x74\x98\x0d\x16\x86" + "\x2a\x02\x24\xde\xb9\xa9\x5e\xf0" + "\xdd\xf7\x55\xb0\x26\x7a\x93\xd4" + "\xe6\x7d\xd2\x43\xb2\x8f\x7e\x9a" + "\x5d\x81\xe6\x28\xe5\x96\x7d\xc8" + "\x33\xe0\x56\x57\xe2\xa0\xf2\x1d" + "\x61\x78\x60\xd5\x81\x70\xa4\x11" + "\x43\x36\xe9\xd1\x68\x27\x21\x3c" + "\xb2\xa2\xad\x5f\x04\xd4\x55\x00" + "\x25\x71\x91\xed\x3a\xc9\x7b\x57" + "\x7b\xd1\x8a\xfb\x0e\xf5\x7b\x08" + "\xa9\x26\x4f\x24\x5f\xdd\x79\xed" + "\x19\xc4\xe1\xd5\xa8\x66\x60\xfc" + "\x5d\x48\x11\xb0\xa3\xc3\xe6\xc0" + "\xc6\x16\x7d\x20\x3f\x7c\x25\x52" + "\xdf\x05\xdd\xb5\x0b\x92\xee\xc5" + "\xe6\xd2\x7c\x3e\x2e\xd5\xac\xda" + "\xdb\x48\x31\xac\x87\x13\x8c\xfa" + "\xac\x18\xbc\xd1\x7f\x2d\xc6\x19" + "\x8a\xfa\xa0\x97\x89\x26\x50\x46" + "\x9c\xca\xe1\x73\x97\x26\x0a\x50" + "\x95\xec\x79\x19\xf6\xbd\x9a\xa1" + "\xcf\xc9\xab\xf7\x85\x84\xb2\xf5" + "\x2c\x7c\x73\xaa\xe2\xc2\xfb\xcd" + "\x5f\x08\x46\x2f\x8e\xd9\xff\xfd" + "\x19\xf6\xf4\x5d\x2b\x4b\x54\xe2" + "\x27\xaa\xfd\x2c\x5f\x75\x7c\xf6" + "\x2c\x95\x77\xcc\x90\xa2\xda\x1e" + "\x85\x37\x18\x34\x1d\xcf\x1b\xf2" + "\x86\xda\x71\xfb\x72\xab\x87\x0f" + "\x1e\x10\xb3\xba\x51\xea\x29\xd3" + "\x8c\x87\xce\x4b\x66\xbf\x60\x6d" + "\x81\x7c\xb8\x9c\xcc\x2e\x35\x02" + "\x02\x32\x4a\x7a\x24\xc4\x9f\xce" + "\xf0\x8a\x85\x90\xf3\x24\x95\x02" + "\xec\x13\xc1\xa4\xdd\x44\x01\xef" + "\xf6\xaa\x30\x70\xbf\x4e\x1a\xb9" + "\xc0\xff\x3b\x57\x5d\x12\xfe\xc3" + "\x1d\x5c\x3f\x74\xf9\xd9\x64\x61" + "\x20\xb2\x76\x79\x38\xd2\x21\xfb" + "\xc9\x32\xe8\xcc\x8e\x5f\xd7\x01" + "\x9e\x25\x76\x4d\xa7\xc1\x33\x21" + "\xfa\xcf\x98\x40\xd2\x1d\x48\xbd" + "\xd0\xc0\x38\x90\x27\x9b\x89\x4a" + "\x10\x1e\xaf\xa0\x78\x7d\x87\x2b" + "\x72\x10\x02\xf0\x5d\x22\x8b\x22" + "\xd7\x56\x7c\xd7\x6d\xcd\x9b\xc6" + "\xbc\xb2\xa6\x36\xde\xac\x87\x14" + "\x92\x93\x47\xca\x7d\xf4\x0b\x88" + "\xea\xbf\x3f\x2f\xa9\x94\x24\x13" + "\xa1\x52\x29\xfd\x5d\xa9\x76\x85" + "\x21\x62\x39\xa3\xf0\xf7\xb5\xa3" + "\xe0\x6c\x1b\xcb\xdb\x41\x91\xc6" + "\x4f\xaa\x26\x8b\x15\xd5\x84\x3a" + "\xda\xd6\x05\xc8\x8c\x0f\xe9\x19" + "\x00\x81\x38\xfb\x8f\xdf\xb0\x63" + "\x75\xe0\xe8\x8f\xef\x4a\xe0\x83" + "\x34\xe9\x4e\x06\xd7\xbb\xcd\xed" + "\x70\x0c\x72\x80\x64\x94\x67\xad" + "\x4a\xda\x82\xcf\x60\xfc\x92\x43" + "\xe3\x2f\xd1\x1e\x81\x1d\xdc\x62" + "\xec\xb1\xb0\xad\x4f\x43\x1d\x38" + "\x4e\x0d\x90\x40\x29\x1b\x98\xf1" + "\xbc\x70\x4e\x5a\x08\xbe\x88\x3a" + "\x55\xfb\x8c\x33\x1f\x0a\x7d\x2d" + "\xdc\x75\x03\xd2\x3b\xe8\xb8\x32" + "\x13\xab\x04\xbc\xe2\x33\x44\xa6" + "\xff\x6e\xba\xbd\xdc\xe2\xbf\x54" + "\x99\x71\x76\x59\x3b\x7a\xbc\xde" + "\xa1\x6e\x73\x62\x96\x73\x56\x66" + "\xfb\x1a\x56\x91\x2a\x8b\x12\xb0" + "\x82\x9f\x9b\x0c\x42\xc7\x22\x2c" + "\xbc\x49\xc5\x3c\x3b\xbf\x52\x64" + "\xd6\xd4\x03\x52\xf3\xfd\x13\x98" + "\xcc\xd8\xaa\x3e\x1d\x1f\x04\x8a" + "\x03\x41\x19\x5b\x31\xf3\x48\x83" + "\x49\xa3\xdd\xc9\x7c\x01\x34\x64" + "\xe5\xf3\xdf\xc9\x7f\x17\xa2\xf5" + "\x9c\x21\x79\x93\x91\x93\xbf\x9b" + "\xa5\xa5\xda\x1d\x55\x32\x72\x78" + "\xa6\x45\x2d\x21\x97\x6b\xfe\xbc" + "\xd0\xe7\x8e\x97\x66\x85\x9e\x41" + "\xfa\x2c\x8a\xee\x0d\x5a\x18\xf2" + "\x15\x89\x8f\xfb\xbc\xd8\xa6\x0c" + "\x83\xcc\x20\x08\xce\x70\xe5\xe6" + "\xbb\x7d\x9f\x11\x5f\x1e\x16\x68" + "\x18\xad\xa9\x4b\x04\x97\x8c\x18" + "\xed\x2a\x70\x79\x39\xcf\x36\x72" + "\x1e\x3e\x6d\x3c\x19\xce\x13\x19" + "\xb5\x13\xe7\x02\xd8\x5c\xec\x0c" + "\x81\xc5\xe5\x86\x10\x83\x9e\x67" + "\x3b\x74\x29\x63\xda\x23\xbc\x43" + "\xe9\x73\xa6\x2d\x25\x77\x66\xd0" + "\x2e\x05\x38\xae\x2e\x0e\x7f\xaf" + "\x82\xed\xef\x28\x39\x4c\x4b\x6f" + "\xdb\xa1\xb5\x79\xd0\x5b\x50\x77" + "\x6d\x75\x9f\x3c\xcf\xde\x41\xb8" + "\xa9\x13\x11\x60\x19\x23\xc7\x35" + "\x48\xbc\x14\x08\xf9\x57\xfe\x15" + "\xfd\xb2\xbb\x8c\x44\x3b\xf1\x62" + "\xbc\x0e\x01\x45\x39\xc0\xbb\xce" + "\xf5\xb7\xe1\x16\x7b\xcc\x8d\x7f" + "\xd3\x15\x36\xef\x8e\x4b\xaa\xee" + "\x49\x0c\x6e\x9b\x8c\x0e\x9f\xe0" + "\xd5\x7b\xdd\xbc\xb3\x67\x53\x6d" + "\x8b\xbe\xa3\xcd\x1e\x37\x9d\xc3" + "\x61\x36\xf4\x77\xec\x2b\xc7\x8b" + "\xd7\xad\x8d\x23\xdd\xf7\x9d\xf1" + "\x61\x1c\xbf\x09\xa5\x5e\xb9\x14" + "\xa6\x3f\x1a\xd9\x12\xb4\xef\x56" + "\x20\xa0\x77\x3e\xab\xf1\xb9\x91" + "\x5a\x92\x85\x5c\x92\x15\xb2\x1f" + "\xaf\xb0\x92\x23\x2d\x27\x8b\x7e" + "\x12\xcc\x56\xaa\x62\x85\x15\xd7" + "\x41\x89\x62\xd6\xd9\xd0\x6d\xbd" + "\x21\xa8\x49\xb6\x35\x40\x2f\x8d" + "\x2e\xfa\x24\x1e\x30\x12\x9c\x05" + "\x59\xfa\xe1\xad\xc0\x53\x09\xda" + "\xc0\x2e\x9d\x24\x0e\x4b\x6e\xd7" + "\x68\x32\x6a\xa0\x3c\x23\xb6\x5a" + "\x90\xb1\x1f\x62\xc8\x37\x36\x88" + "\xa4\x4d\x91\x12\x8d\x51\x8d\x81" + "\x44\x21\xfe\xd3\x61\x8d\xea\x5b" + "\x87\x24\xa9\xe9\x87\xde\x75\x77" + "\xc6\xa0\xd3\xf6\x99\x8b\x32\x56" + "\x47\xc6\x60\x65\xb6\x4f\xd1\x59" + "\x08\xb2\xe0\x15\x3e\xcb\x2c\xd6" + "\x8d\xc6\xbf\xda\x63\xe2\x04\x88" + "\x30\x9f\x37\x38\x98\x1c\x3e\x7a" + "\xa8\x8f\x3e\x2c\xcf\x90\x15\x6e" + "\x5d\xe9\x76\xd5\xdf\xc6\x2f\xf6" + "\xf5\x4a\x86\xbd\x36\x2a\xda\xdf" + "\x2f\xd8\x6e\x15\x18\x6b\xe9\xdb" + "\x26\x54\x6e\x60\x3b\xb8\xf9\x91" + "\xc1\x1d\xc0\x4f\x26\x8b\xdf\x55" + "\x47\x2f\xce\xdd\x4e\x93\x58\x3f" + "\x70\xdc\xf9\x4e\x9b\x37\x5e\x4f" + "\x39\xb9\x30\xe6\xce\xdb\xaf\x46" + "\xca\xfa\x52\xc9\x75\x3e\xd6\x96" + "\xe8\x97\xf1\xb1\x64\x31\x71\x1e" + "\x9f\xb6\xff\x69\xd6\xcd\x85\x4e" + "\x20\xf5\xfc\x84\x3c\xaf\xcc\x8d" + "\x5b\x52\xb8\xa2\x1c\x38\x47\x82" + "\x96\xff\x06\x4c\xaf\x8a\xf4\x8f" + "\xf8\x15\x97\xf6\xc3\xbc\x8c\x9e" + "\xc2\x06\xd9\x64\xb8\x1b\x0d\xd1" + "\x53\x55\x83\x7d\xcb\x8b\x7d\x20" + "\xa7\x70\xcb\xaa\x25\xae\x5a\x4f" + "\xdc\x66\xad\xe4\x54\xff\x09\xef" + "\x25\xcb\xac\x59\x89\x1d\x06\xcf" + "\xc7\x74\xe0\x5d\xa6\xd0\x04\xb4" + "\x41\x75\x34\x80\x6c\x4c\xc9\xd0" + "\x51\x0c\x0f\x84\x26\x75\x69\x23" + "\x81\x67\xde\xbf\x6c\x57\x8a\xc4" + "\xba\x91\xba\x8c\x2c\x75\xeb\x55" + "\xe5\x1b\x13\xbc\xaa\xec\x31\xdb" + "\xcc\x00\x3b\xe6\x50\xd8\xc3\xcc" + "\x9c\xb8\x6e\xb4\x9b\x16\xee\x74" + "\x26\x51\xda\x39\xe6\x31\xa1\xb2" + "\xd7\x6f\xcb\xae\x7d\x9f\x38\x7d" + "\x86\x49\x2a\x16\x5c\xc0\x08\xea" + "\x6b\x55\x85\x47\xbb\x90\xba\x69" + "\x56\xa5\x44\x62\x5b\xe6\x3b\xcc" + "\xe7\x6d\x1e\xca\x4b\xf3\x86\xe0" + "\x09\x76\x51\x83\x0a\x46\x19\x61" + "\xf0\xce\xe1\x06\x7d\x06\xb4\xfe" + "\xd9\xd3\x64\x8e\x0f\xd9\x64\x9e" + "\x74\x44\x97\x5d\x92\x7b\xe3\xcf" + "\x51\x44\xe7\xf2\xe7\xc0\x0c\xc2" + "\xf1\xf7\xa6\x36\x52\x2f\x7c\x09" + "\xfe\x8c\x59\x77\x52\x6a\x7e\xb3" + "\x2b\xb9\x17\x78\xe4\xf2\x82\x62" + "\x7f\x68\x8e\x04\xb4\x8f\x60\xd2" + "\xc6\x22\x1e\x0f\x3a\x8e\x3c\xb2" + "\x60\xbc\xa9\xb3\xda\xbd\x50\xe4" + "\x33\x98\xdd\x6f\xe9\x3b\x77\x57" + "\xeb\x7c\x8f\xbc\xfc\x34\x34\xb9" + "\x40\x31\x67\xcf\xfe\x22\x20\xa5" + "\x97\xe8\x4c\xa2\xc3\x94\xc6\x28" + "\xa6\x24\xe5\xa6\xb5\xd8\x24\xef" + "\x16\xa1\xc9\xe5\x92\xe6\x8c\x45" + "\x24\x24\x51\x22\x1e\xad\xef\x2f" + "\xb6\xbe\xfc\x92\x20\xac\x45\xe6" + "\xc0\xb0\xc8\xfb\x21\x34\xd4\x05" + "\x54\xb3\x99\xa4\xfe\xa9\xd5\xb5" + "\x3b\x72\x83\xf6\xe2\xf9\x88\x0e" + "\x20\x80\x3e\x4e\x8f\xa1\x75\x69" + "\x43\x5a\x7c\x38\x62\x51\xb5\xb7" + "\x84\x95\x3f\x6d\x24\xcc\xfd\x4b" + "\x4a\xaa\x97\x83\x6d\x16\xa8\xc5" + "\x18\xd9\xb9\xfe\xe2\x3f\xe8\xbd" + "\x37\x44\xdf\x79\x3b\x34\x19\x1a" + "\x65\x5e\xc7\x61\x1f\x17\x5e\x84" + "\x20\x72\x32\x98\x8c\x9e\xac\x1f" + "\x6e\x32\xae\x86\x46\x4f\x0f\x64" + "\x3f\xce\x96\xe6\x02\x41\x53\x1f" + "\x35\x30\x57\x7f\xfe\xb7\x47\xb9" + "\x0c\x2f\x14\x34\x9b\x1c\x88\x17" + "\xb5\xe5\x94\x17\x3e\xdc\x4d\x49" + "\xe1\x5d\x75\x3e\xa6\x16\x42\xd4" + "\x59\xb5\x24\x7c\x4c\x54\x1c\xf9" + "\xd6\xed\x69\x22\x5f\x74\xc9\xa9" + "\x7c\xb8\x09\xa7\xf9\x2b\x0d\x5f" + "\x42\xff\x4e\x57\xde\x0c\x67\x45" + "\xa4\x6e\xa0\x7e\x28\x34\xc5\xfe" + "\x58\x7e\xda\xec\x9f\x0b\x31\x2a" + "\x1f\x1b\x98\xad\x14\xcf\x9f\x96" + "\xf8\x87\x0e\x14\x19\x81\x23\x53" + "\x5f\x38\x08\xd9\xc1\xcb\xb2\xc5" + "\x19\x72\x75\x01\xd4\xcf\xd9\x91" + "\xfc\x48\xcc\xa3\x3c\xe6\x4c\xc6" + "\x73\xde\x5e\x90\xce\x6c\x85\x43" + "\x0d\xdf\xe3\x8c\x02\x62\xef\xac" + "\xb8\x05\x80\x81\xf6\x22\x30\xad" + "\x30\xa8\xcb\x55\x1e\xe6\x05\x7f" + "\xc5\x58\x1a\x78\xb7\x2f\x8e\x3c" + "\x80\x09\xca\xa2\x9a\x72\xeb\x10" + "\x84\x54\xaa\x98\x35\x5e\xb1\xc2" + "\xb7\x73\x14\x69\xef\xf8\x28\x43" + "\x36\xd3\x10\x0a\xd6\x69\xf8\xc8" + "\xbb\xe9\xe9\xf9\x29\x52\xf8\x6f" + "\x12\x78\xf9\xc6\xb2\x12\xfd\x39" + "\xa9\xeb\xe2\x47\xb9\x22\xc5\x8f" + "\x4d\xb1\x17\x40\x02\x84\xed\x53" + "\xc5\xfa\xc1\xcd\x59\x56\x93\xaa" + "\x3f\x23\x3f\x02\xb7\xe9\x6e\xa0" + "\xbc\x96\xb8\xb2\xf8\x04\x19\x87" + "\xe9\x4f\x29\xbf\x3a\xcb\x6d\x48" + "\xc9\xe7\x1f\xb7\xa8\xf8\xd4\xb4" + "\x6d\x0f\xb4\xf6\x44\x11\x0f\xf7" + "\x3d\xd2\x36\x05\x67\xa1\x46\x81" + "\x90\xe9\x60\x64\xfa\x52\x87\x37" + "\x44\x01\xbd\x58\xe1\xda\xda\x1e" + "\xa7\x09\xf7\x43\x31\x2b\x4b\x55" + "\xbd\x0d\x53\x7f\x12\x6c\xf5\x07" + "\xfc\x61\xda\xd6\x0a\xbd\x89\x5f" + "\x2c\xf5\xa8\x1f\x0d\x60\xe4\x3c" + "\x5d\x94\x8a\x1f\x64\xce\xd5\x16" + "\x73\xbc\xbe\xb1\x85\x28\xcb\x0b" + "\x47\x5c\x1f\x66\x25\x89\x61\x6a" + "\xa7\xcd\xf8\x1b\x31\x88\x42\x71" + "\x58\x65\x53\xd5\xc0\xa3\x56\x2e" + "\xb6\x86\x9e\x13\x78\x34\x36\x85" + "\xbb\xce\x6e\x54\x33\xb9\x97\xc5" + "\x72\xb8\xe0\x13\x34\x04\xbf\x83" + "\xbf\x78\x1d\x7c\x23\x34\x90\xe0" + "\x57\xd4\x3f\xc6\x61\xe3\xca\x96" + "\x13\xdd\x9e\x20\x51\x18\x73\x37" + "\x69\x37\xfb\xe5\x60\x1f\xf2\xa1" + "\xef\xa2\x6e\x16\x32\x8e\xc3\xb6" + "\x21\x5e\xc2\x1c\xb6\xc6\x96\x72" + "\x4f\xa6\x85\x69\xa9\x5d\xb2\x2e" + "\xac\xfe\x6e\xc3\xe7\xb3\x51\x08" + "\x66\x2a\xac\x59\xb3\x73\x86\xae" + "\x6d\x85\x97\x37\x68\xef\xa7\x85" + "\xb7\xdd\xdd\xd9\x85\xc9\x57\x01" + "\x10\x2b\x9a\x1e\x44\x12\x87\xa5" + "\x60\x1f\x88\xae\xbf\x14\x2d\x05" + "\x4c\x60\x85\x8a\x45\xac\x0f\xc2", + .len = 4096, } }; @@ -29042,6 +30472,1436 @@ static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = { "\xb8\x78\xd2\xa3\xc6\xf3\x79\x9c" "\xc7\x27\xe1\x6a\x29\xad\xa4\x03", .len = 512, + }, { + .key = "\xeb\xe5\x11\x3a\x72\xeb\x10\xbe" + "\x70\xcf\xe3\xea\xc2\x74\xa4\x48" + "\x29\x0f\x8f\x3f\xcf\x4c\x28\x2a" + "\x4e\x1e\x3c\xc3\x27\x9f\x16\x13", + .klen = 32, + .iv = "\x84\x3e\xa2\x7c\x06\x72\xb2\xad" + "\x88\x76\x65\xb4\x1a\x29\x27\x12" + "\x45\xb6\x8d\x0e\x4b\x87\x04\xfc" + "\xb5\xcd\x1c\x4d\xe8\x06\xf1\xcb", + .ptext = "\x8e\xb6\x07\x9b\x7c\xe4\xa4\xa2" + "\x41\x6c\x24\x1d\xc0\x77\x4e\xd9" + "\x4a\xa4\x2c\xb6\xe4\x55\x02\x7f" + "\xc4\xec\xab\xc2\x5c\x63\x40\x92" + "\x38\x24\x62\xdb\x65\x82\x10\x7f" + "\x21\xa5\x39\x3a\x3f\x38\x7e\xad" + "\x6c\x7b\xc9\x3f\x89\x8f\xa8\x08" + "\xbd\x31\x57\x3c\x7a\x45\x67\x30" + "\xa9\x27\x58\x34\xbe\xe3\xa4\xc3" + "\xff\xc2\x9f\x43\xf0\x04\xba\x1e" + "\xb6\xf3\xc4\xce\x09\x7a\x2e\x42" + "\x7d\xad\x97\xc9\x77\x9a\x3a\x78" + "\x6c\xaf\x7c\x2a\x46\xb4\x41\x86" + "\x1a\x20\xf2\x5b\x1a\x60\xc9\xc4" + "\x47\x5d\x10\xa4\xd2\x15\x6a\x19" + "\x4f\xd5\x51\x37\xd5\x06\x70\x1a" + "\x3e\x78\xf0\x2e\xaa\xb5\x2a\xbd" + "\x83\x09\x7c\xcb\x29\xac\xd7\x9c" + "\xbf\x80\xfd\x9d\xd4\xcf\x64\xca" + "\xf8\xc9\xf1\x77\x2e\xbb\x39\x26" + "\xac\xd9\xbe\xce\x24\x7f\xbb\xa2" + "\x82\xba\xeb\x5f\x65\xc5\xf1\x56" + "\x8a\x52\x02\x4d\x45\x23\x6d\xeb" + "\xb0\x60\x7b\xd8\x6e\xb2\x98\xd2" + "\xaf\x76\xf2\x33\x9b\xf3\xbb\x95" + "\xc0\x50\xaa\xc7\x47\xf6\xb3\xf3" + "\x77\x16\xcb\x14\x95\xbf\x1d\x32" + "\x45\x0c\x75\x52\x2c\xe8\xd7\x31" + "\xc0\x87\xb0\x97\x30\x30\xc5\x5e" + "\x50\x70\x6e\xb0\x4b\x4e\x38\x19" + "\x46\xca\x38\x6a\xca\x7d\xfe\x05" + "\xc8\x80\x7c\x14\x6c\x24\xb5\x42" + "\x28\x04\x4c\xff\x98\x20\x08\x10" + "\x90\x31\x03\x78\xd8\xa1\xe6\xf9" + "\x52\xc2\xfc\x3e\xa7\x68\xce\xeb" + "\x59\x5d\xeb\xd8\x64\x4e\xf8\x8b" + "\x24\x62\xcf\x17\x36\x84\xc0\x72" + "\x60\x4f\x3e\x47\xda\x72\x3b\x0e" + "\xce\x0b\xa9\x9c\x51\xdc\xa5\xb9" + "\x71\x73\x08\x4e\x22\x31\xfd\x88" + "\x29\xfc\x8d\x17\x3a\x7a\xe5\xb9" + "\x0b\x9c\x6d\xdb\xce\xdb\xde\x81" + "\x73\x5a\x16\x9d\x3c\x72\x88\x51" + "\x10\x16\xf3\x11\x6e\x32\x5f\x4c" + "\x87\xce\x88\x2c\xd2\xaf\xf5\xb7" + "\xd8\x22\xed\xc9\xae\x68\x7f\xc5" + "\x30\x62\xbe\xc9\xe0\x27\xa1\xb5" + "\x57\x74\x36\x60\xb8\x6b\x8c\xec" + "\x14\xad\xed\x69\xc9\xd8\xa5\x5b" + "\x38\x07\x5b\xf3\x3e\x74\x48\x90" + "\x61\x17\x23\xdd\x44\xbc\x9d\x12" + "\x0a\x3a\x63\xb2\xab\x86\xb8\x67" + "\x85\xd6\xb2\x5d\xde\x4a\xc1\x73" + "\x2a\x7c\x53\x8e\xd6\x7d\x0e\xe4" + "\x3b\xab\xc5\x3d\x32\x79\x18\xb7" + "\xd6\x50\x4d\xf0\x8a\x37\xbb\xd3" + "\x8d\xd8\x08\xd7\x7d\xaa\x24\x52" + "\xf7\x90\xe3\xaa\xd6\x49\x7a\x47" + "\xec\x37\xad\x74\x8b\xc1\xb7\xfe" + "\x4f\x70\x14\x62\x22\x8c\x63\xc2" + "\x1c\x4e\x38\xc3\x63\xb7\xbf\x53" + "\xbd\x1f\xac\xa6\x94\xc5\x81\xfa" + "\xe0\xeb\x81\xe9\xd9\x1d\x32\x3c" + "\x85\x12\xca\x61\x65\xd1\x66\xd8" + "\xe2\x0e\xc3\xa3\xff\x0d\xd3\xee" + "\xdf\xcc\x3e\x01\xf5\x9b\x45\x5c" + "\x33\xb5\xb0\x8d\x36\x1a\xdf\xf8" + "\xa3\x81\xbe\xdb\x3d\x4b\xf6\xc6" + "\xdf\x7f\xb0\x89\xbd\x39\x32\x50" + "\xbb\xb2\xe3\x5c\xbb\x4b\x18\x98" + "\x08\x66\x51\xe7\x4d\xfb\xfc\x4e" + "\x22\x42\x6f\x61\xdb\x7f\x27\x88" + "\x29\x3f\x02\xa9\xc6\x83\x30\xcc" + "\x8b\xd5\x64\x7b\x7c\x76\x16\xbe" + "\xb6\x8b\x26\xb8\x83\x16\xf2\x6b" + "\xd1\xdc\x20\x6b\x42\x5a\xef\x7a" + "\xa9\x60\xb8\x1a\xd3\x0d\x4e\xcb" + "\x75\x6b\xc5\x80\x43\x38\x7f\xad" + "\x9c\x56\xd9\xc4\xf1\x01\x74\xf0" + "\x16\x53\x8d\x69\xbe\xf2\x5d\x92" + "\x34\x38\xc8\x84\xf9\x1a\xfc\x26" + "\x16\xcb\xae\x7d\x38\x21\x67\x74" + "\x4c\x40\xaa\x6b\x97\xe0\xb0\x2f" + "\xf5\x3e\xf6\xe2\x24\xc8\x22\xa4" + "\xa8\x88\x27\x86\x44\x75\x5b\x29" + "\x34\x08\x4b\xa1\xfe\x0c\x26\xe5" + "\xac\x26\xf6\x21\x0c\xfb\xde\x14" + "\xfe\xd7\xbe\xee\x48\x93\xd6\x99" + "\x56\x9c\xcf\x22\xad\xa2\x53\x41" + "\xfd\x58\xa1\x68\xdc\xc4\xef\x20" + "\xa1\xee\xcf\x2b\x43\xb6\x57\xd8" + "\xfe\x01\x80\x25\xdf\xd2\x35\x44" + "\x0d\x15\x15\xc3\xfc\x49\xbf\xd0" + "\xbf\x2f\x95\x81\x09\xa6\xb6\xd7" + "\x21\x03\xfe\x52\xb7\xa8\x32\x4d" + "\x75\x1e\x46\x44\xbc\x2b\x61\x04" + "\x1b\x1c\xeb\x39\x86\x8f\xe9\x49" + "\xce\x78\xa5\x5e\x67\xc5\xe9\xef" + "\x43\xf8\xf1\x35\x22\x43\x61\xc1" + "\x27\xb5\x09\xb2\xb8\xe1\x5e\x26" + "\xcc\xf3\x6f\xb2\xb7\x55\x30\x98" + "\x87\xfc\xe7\xa8\xc8\x94\x86\xa1" + "\xd9\xa0\x3c\x74\x16\xb3\x25\x98" + "\xba\xc6\x84\x4a\x27\xa6\x58\xfe" + "\xe1\x68\x04\x30\xc8\xdb\x44\x52" + "\x4e\xb2\xa4\x6f\xf7\x63\xf2\xd6" + "\x63\x36\x17\x04\xf8\x06\xdb\xeb" + "\x99\x17\xa5\x1b\x61\x90\xa3\x9f" + "\x05\xae\x3e\xe4\xdb\xc8\x1c\x8e" + "\x77\x27\x88\xdf\xd3\x22\x5a\xc5" + "\x9c\xd6\x22\xf8\xc4\xd8\x92\x9d" + "\x16\xcc\x54\x25\x3b\x6f\xdb\xc0" + "\x78\xd8\xe3\xb3\x03\x69\xd7\x5d" + "\xf8\x08\x04\x63\x61\x9d\x76\xf9" + "\xad\x1d\xc4\x30\x9f\x75\x89\x6b" + "\xfb\x62\xba\xae\xcb\x1b\x6c\xe5" + "\x7e\xea\x58\x6b\xae\xce\x9b\x48" + "\x4b\x80\xd4\x5e\x71\x53\xa7\x24" + "\x73\xca\xf5\x3e\xbb\x5e\xd3\x1c" + "\x33\xe3\xec\x5b\xa0\x32\x9d\x25" + "\x0e\x0c\x28\x29\x39\x51\xc5\x70" + "\xec\x60\x8f\x77\xfc\x06\x7a\x33" + "\x19\xd5\x7a\x6e\x94\xea\xa3\xeb" + "\x13\xa4\x2e\x09\xd8\x81\x65\x83" + "\x03\x63\x8b\xb5\xc9\x89\x98\x73" + "\x69\x53\x8e\xab\xf1\xd2\x2f\x67" + "\xbd\xa6\x16\x6e\xd0\x8b\xc1\x25" + "\x93\xd2\x50\x7c\x1f\xe1\x11\xd0" + "\x58\x0d\x2f\x72\xe7\x5e\xdb\xa2" + "\x55\x9a\xe0\x09\x21\xac\x61\x85" + "\x4b\x20\x95\x73\x63\x26\xe3\x83" + "\x4b\x5b\x40\x03\x14\xb0\x44\x16" + "\xbd\xe0\x0e\xb7\x66\x56\xd7\x30" + "\xb3\xfd\x8a\xd3\xda\x6a\xa7\x3d" + "\x98\x09\x11\xb7\x00\x06\x24\x5a" + "\xf7\x42\x94\xa6\x0e\xb1\x6d\x48" + "\x74\xb1\xa7\xe6\x92\x0a\x15\x9a" + "\xf5\xfa\x55\x1a\x6c\xdd\x71\x08" + "\xd0\xf7\x8d\x0e\x7c\x67\x4d\xc6" + "\xe6\xde\x78\x88\x88\x3c\x5e\x23" + "\x46\xd2\x25\xa4\xfb\xa3\x26\x3f" + "\x2b\xfd\x9c\x20\xda\x72\xe1\x81" + "\x8f\xe6\xae\x08\x1d\x67\x15\xde" + "\x86\x69\x1d\xc6\x1e\x6d\xb7\x5c" + "\xdd\x43\x72\x5a\x7d\xa7\xd8\xd7" + "\x1e\x66\xc5\x90\xf6\x51\x76\x91" + "\xb3\xe3\x39\x81\x75\x08\xfa\xc5" + "\x06\x70\x69\x1b\x2c\x20\x74\xe0" + "\x53\xb0\x0c\x9d\xda\xa9\x5b\xdd" + "\x1c\x38\x6c\x9e\x3b\xc4\x7a\x82" + "\x93\x9e\xbb\x75\xfb\x19\x4a\x55" + "\x65\x7a\x3c\xda\xcb\x66\x5c\x13" + "\x17\x97\xe8\xbd\xae\x24\xd9\x76" + "\xfb\x8c\x73\xde\xbd\xb4\x1b\xe0" + "\xb9\x2c\xe8\xe0\x1d\x3f\xa8\x2c" + "\x1e\x81\x5b\x77\xe7\xdf\x6d\x06" + "\x7c\x9a\xf0\x2b\x5d\xfc\x86\xd5" + "\xb1\xad\xbc\xa8\x73\x48\x61\x67" + "\xd6\xba\xc8\xe8\xe2\xb8\xee\x40" + "\x36\x22\x3e\x61\xf6\xc8\x16\xe4" + "\x0e\x88\xad\x71\x53\x58\xe1\x6c" + "\x8f\x4f\x89\x4b\x3e\x9c\x7f\xe9" + "\xad\xc2\x28\xc2\x3a\x29\xf3\xec" + "\xa9\x28\x39\xba\xc2\x86\xe1\x06" + "\xf3\x8b\xe3\x95\x0c\x87\xb8\x1b" + "\x72\x35\x8e\x8f\x6d\x18\xc8\x1c" + "\xa5\x5d\x57\x9d\x73\x8a\xbb\x9e" + "\x21\x05\x12\xd7\xe0\x21\x1c\x16" + "\x3a\x95\x85\xbc\xb0\x71\x0b\x36" + "\x6c\x44\x8d\xef\x3b\xec\x3f\x8e" + "\x24\xa9\xe3\xa7\x63\x23\xca\x09" + "\x62\x96\x79\x0c\x81\x05\x41\xf2" + "\x07\x20\x26\xe5\x8e\x10\x54\x03" + "\x05\x7b\xfe\x0c\xcc\x8c\x50\xe5" + "\xca\x33\x4d\x48\x7a\x03\xd5\x64" + "\x49\x09\xf2\x5c\x5d\xfe\x2b\x30" + "\xbf\x29\x14\x29\x8b\x9b\x7c\x96" + "\x47\x07\x86\x4d\x4e\x4d\xf1\x47" + "\xd1\x10\x2a\xa8\xd3\x15\x8c\xf2" + "\x2f\xf4\x3a\xdf\xd0\xa7\xcb\x5a" + "\xad\x99\x39\x4a\xdf\x60\xbe\xf9" + "\x91\x4e\xf5\x94\xef\xc5\x56\x32" + "\x33\x86\x78\xa3\xd6\x4c\x29\x7c" + "\xe8\xac\x06\xb5\xf5\x01\x5c\x9f" + "\x02\xc8\xe8\xbf\x5c\x1a\x7f\x4d" + "\x28\xa5\xb9\xda\xa9\x5e\xe7\x4b" + "\xf4\x3d\xe9\x1d\x28\xaa\x1a\x8a" + "\x76\xc8\x6c\x19\x61\x3c\x9e\x29" + "\xcd\xbe\xff\xe0\x1c\xb8\x67\xb5" + "\xa4\x46\xf8\xb9\x8a\xa2\xf6\x7c" + "\xef\x23\x73\x0c\xe9\x72\x0a\x0d" + "\x9b\x40\xd8\xfb\x0c\x9c\xab\xa8", + .ctext = "\xfc\x02\x83\x13\x73\x06\x70\x3f" + "\x71\x28\x98\x61\xe5\x2c\x45\x49" + "\x18\xa2\x0e\x17\xc9\xdb\x4d\xf6" + "\xbe\x05\x02\x35\xc1\x18\x61\x28" + "\xff\x28\x0a\xd9\x00\xb8\xed\xec" + "\x14\x80\x88\x56\xcf\x98\x32\xcc" + "\xb0\xee\xb4\x5e\x2d\x61\x59\xcb" + "\x48\xc9\x25\xaa\x7e\x5f\xe5\x4f" + "\x95\x8f\x5d\x47\xe8\xc3\x09\xb4" + "\xce\xe7\x74\xcd\xc6\x09\x5c\xfc" + "\xc7\x79\xc9\x39\xe4\xe3\x9b\x59" + "\x67\x61\x10\xc9\xb7\x7a\xa8\x11" + "\x59\xf6\x7a\x67\x1c\x3a\x70\x76" + "\x2e\x0e\xbd\x10\x93\x01\x06\xea" + "\x51\xc6\x5c\xa7\xda\xd1\x7d\x06" + "\x8b\x1d\x5b\xb6\x87\xf0\x32\xbe" + "\xff\x55\xaa\x58\x5a\x28\xd1\x64" + "\x45\x3b\x0b\x5c\xee\xc4\x12\x2d" + "\x1f\xb7\xa5\x73\xf5\x20\xf5\xa8" + "\x10\x9d\xd8\x16\xd2\x05\x4d\x49" + "\x99\x4a\x71\x56\xec\xa3\xc7\x27" + "\xb0\x98\xcd\x59\x3c\x8a\xd1\x9e" + "\x33\xa5\x92\xf2\xb7\x87\x23\x5d" + "\x53\x9a\x8e\x7c\x63\x57\x5e\x9a" + "\x21\x54\x7a\x3c\x5a\xd5\x68\x69" + "\x35\x17\x51\x06\x19\x82\x9d\x44" + "\x9e\x8a\x75\xc5\x16\x55\xa4\x78" + "\x95\x63\xc3\xf0\x91\x73\x77\x44" + "\x0c\xff\xb9\xb3\xa7\x5f\xcf\x2a" + "\xa2\x54\x9c\xe3\x8b\x7e\x9d\x65" + "\xe5\x64\x8b\xbe\x06\x3a\x90\x31" + "\xdb\x42\x78\xe9\xe6\x8a\xae\xba" + "\x8f\xfb\xc9\x3d\xd9\xc2\x3e\x57" + "\xd5\x58\xfe\x70\x44\xe5\x2a\xd5" + "\x87\xcf\x9f\x6a\x02\xde\x48\xe9" + "\x13\xed\x8d\x2b\xf2\xa1\x56\x07" + "\x36\x2d\xcf\xc3\x5c\xd4\x4b\x20" + "\xb0\xdf\x1a\x70\xed\x0a\xe4\x2e" + "\x9a\xfc\x88\xa1\xc4\x2d\xd6\xb8" + "\xf1\x6e\x2c\x5c\xdc\x0e\xb0\x21" + "\x2d\x76\xb8\xc3\x05\x4c\xf5\xc5" + "\x9a\x14\xab\x08\xc2\x67\x59\x30" + "\x7a\xef\xd8\x4a\x89\x49\xd4\xf0" + "\x22\x39\xf2\x61\xaa\x70\x36\xcf" + "\x65\xee\x43\x83\x2e\x32\xe4\xc9" + "\xc2\xf1\xc7\x08\x28\x59\x10\x6f" + "\x7a\xeb\x8f\x78\x9e\xdf\x07\x0f" + "\xca\xc7\x02\x6a\x2e\x2a\xf0\x64" + "\xfa\x4c\x8c\x4c\xfc\x13\x23\x63" + "\x54\xeb\x1d\x41\xdf\x88\xd6\x66" + "\xae\x5e\x31\x74\x5d\x84\x65\xb8" + "\x61\x1c\x88\x1b\x8f\xb6\x14\x4e" + "\x73\x23\x27\x71\x85\x04\x07\x59" + "\x18\xa3\x2b\x69\x2a\x42\x81\xbf" + "\x40\xf4\x40\xdf\x04\xb8\x6c\x2e" + "\x21\x5b\x22\x25\x61\x01\x96\xce" + "\xfb\xbc\x75\x25\x2c\x03\x55\xea" + "\xb6\x56\x31\x03\xc8\x98\x77\xd6" + "\x30\x19\x9e\x45\x05\xfd\xca\xdf" + "\xae\x89\x30\xa3\xc1\x65\x41\x67" + "\x12\x8e\xa4\x61\xd0\x87\x04\x0a" + "\xe6\xf3\x43\x3a\x38\xce\x22\x36" + "\x41\xdc\xe1\x7d\xd2\xa6\xe2\x66" + "\x21\x8d\xc9\x59\x73\x52\x34\xd8" + "\x1f\xf1\x87\x00\x9b\x12\x74\xeb" + "\xbb\xa9\x34\x0c\x8e\x79\x74\x64" + "\xbf\x94\x97\xe4\x94\xda\xf0\x39" + "\x66\xa8\xd9\x82\xe3\x11\x3d\xe7" + "\xb3\x9a\x40\x7a\x6f\x71\xc7\x0f" + "\x7b\x6d\x59\x79\x18\x2f\x11\x60" + "\x1e\xe0\xae\x1b\x1b\xb4\xad\x4d" + "\x63\xd9\x3e\xa0\x8f\xe3\x66\x8c" + "\xfe\x5a\x73\x07\x95\x27\x1a\x07" + "\x6e\xd6\x14\x3f\xbe\xc5\x99\x94" + "\xcf\x40\xf4\x39\x1c\xf2\x99\x5b" + "\xb7\xfb\xb4\x4e\x5f\x21\x10\x04" + "\x24\x08\xd4\x0d\x10\x7a\x2f\x52" + "\x7d\x91\xc3\x38\xd3\x16\xf0\xfd" + "\x53\xba\xda\x88\xa5\xf6\xc7\xfd" + "\x63\x4a\x9f\x48\xb5\x31\xc2\xe1" + "\x7b\x3e\xac\x8d\xc9\x95\x02\x92" + "\xcc\xbd\x0e\x15\x2d\x97\x08\x82" + "\xa6\x99\xbc\x2c\x96\x91\xde\xa4" + "\x9c\xf5\x2c\xef\x12\x29\xb0\x72" + "\x5f\x60\x5d\x3d\xf3\x85\x59\x79" + "\xac\x06\x63\x74\xcc\x1a\x8d\x0e" + "\xa7\x5f\xd9\x3e\x84\xf7\xbb\xde" + "\x06\xd9\x4b\xab\xee\xb2\x03\xbe" + "\x68\x49\x72\x84\x8e\xf8\x45\x2b" + "\x59\x99\x17\xd3\xe9\x32\x79\xc3" + "\x83\x4c\x7a\x6c\x71\x53\x8c\x09" + "\x76\xfb\x3e\x80\x99\xbc\x2c\x7d" + "\x42\xe5\x70\x08\x80\xc7\xaf\x15" + "\x90\xda\x98\x98\x81\x04\x1c\x4d" + "\x78\xf1\xf3\xcc\x1b\x3a\x7b\xef" + "\xea\xe1\xee\x0e\xd2\x32\xb6\x63" + "\xbf\xb2\xb5\x86\x8d\x16\xd3\x23" + "\x04\x59\x51\xbb\x17\x03\xc0\x07" + "\x93\xbf\x72\x58\x30\xf2\x0a\xa2" + "\xbc\x60\x86\x3b\x68\x91\x67\x14" + "\x10\x76\xda\xa3\x98\x2d\xfc\x8a" + "\xb8\x95\xf7\xd2\x8b\x97\x8b\xfc" + "\xf2\x9e\x86\x20\xb6\xdf\x93\x41" + "\x06\x5e\x37\x3e\xe2\xb8\xd5\x06" + "\x59\xd2\x8d\x43\x91\x5a\xed\x94" + "\x54\xc2\x77\xbc\x0b\xb4\x29\x80" + "\x22\x19\xe7\x35\x1f\x29\x4f\xd8" + "\x02\x98\xee\x83\xca\x4c\x94\xa3" + "\xec\xde\x4b\xf5\xca\x57\x93\xa3" + "\x72\x69\xfe\x27\x7d\x39\x24\x9a" + "\x60\x19\x72\xbe\x24\xb2\x2d\x99" + "\x8c\xb7\x32\xf8\x74\x77\xfc\x8d" + "\xb2\xc1\x7a\x88\x28\x26\xea\xb7" + "\xad\xf0\x38\x49\x88\x78\x73\xcd" + "\x01\xef\xb9\x30\x1a\x33\xa3\x24" + "\x9b\x0b\xc5\x89\x64\x3f\xbe\x76" + "\xd5\xa5\x28\x74\xa2\xc6\xa0\xa0" + "\xdd\x13\x81\x64\x2f\xd1\xab\x15" + "\xab\x13\xb5\x68\x59\xa4\x9f\x0e" + "\x1e\x0a\xaf\xf7\x0b\x6e\x6b\x0b" + "\xf7\x95\x4c\xbc\x1d\x40\x6d\x9c" + "\x08\x42\xef\x07\x03\xb7\xa3\xea" + "\x2a\x5f\xec\x41\x3c\x72\x31\x9d" + "\xdc\x6b\x3a\x5e\x35\x3d\x12\x09" + "\x27\xe8\x63\xbe\xcf\xb3\xbc\x01" + "\x2d\x0c\x86\xb2\xab\x4a\x69\xe5" + "\xf8\x45\x97\x76\x0e\x31\xe5\xc6" + "\x4c\x4f\x94\xa5\x26\x19\x9f\x1b" + "\xe1\xf4\x79\x04\xb4\x93\x92\xdc" + "\xa5\x2a\x66\x25\x0d\xb2\x9e\xea" + "\xa8\xf6\x02\x77\x2d\xd1\x3f\x59" + "\x5c\x04\xe2\x36\x52\x5f\xa1\x27" + "\x0a\x07\x56\xb6\x2d\xd5\x90\x32" + "\x64\xee\x3f\x42\x8f\x61\xf8\xa0" + "\xc1\x8b\x1e\x0b\xa2\x73\xa9\xf3" + "\xc9\x0e\xb1\x96\x3a\x67\x5f\x1e" + "\xd1\x98\x57\xa2\xba\xb3\x23\x9d" + "\xa3\xc6\x3c\x7d\x5e\x3e\xb3\xe8" + "\x80\xae\x2d\xda\x85\x90\x69\x3c" + "\xf0\xe7\xdd\x9e\x20\x10\x52\xdb" + "\xc3\xa0\x15\x73\xee\xb1\xf1\x0f" + "\xf1\xf8\x3f\x40\xe5\x17\x80\x4e" + "\x91\x95\xc7\xec\xd1\x9c\xd9\x1a" + "\x8b\xac\xec\xc9\x0c\x07\xf4\xdc" + "\x77\x2d\xa2\xc4\xf8\x27\xb5\x41" + "\x2f\x85\xa6\x48\xad\x2a\x58\xc5" + "\xea\xfa\x1c\xdb\xfd\xb7\x70\x45" + "\xfc\xad\x11\xaf\x05\xed\xbf\xb6" + "\x3c\xe1\x57\xb8\x72\x4a\xa0\x6b" + "\x40\xd3\xda\xa9\xbc\xa5\x02\x95" + "\x8c\xf0\x4e\x67\xb2\x58\x66\xea" + "\x58\x0e\xc4\x88\xbc\x1d\x3b\x15" + "\x17\xc8\xf5\xd0\x69\x08\x0a\x01" + "\x80\x2e\x9e\x69\x4c\x37\x0b\xba" + "\xfb\x1a\xa9\xc3\x5f\xec\x93\x7c" + "\x4f\x72\x68\x1a\x05\xa1\x32\xe1" + "\x16\x57\x9e\xa6\xe0\x42\xfa\x76" + "\xc2\xf6\xd3\x9b\x37\x0d\xa3\x58" + "\x30\x27\xe7\xea\xb1\xc3\x43\xfb" + "\x67\x04\x70\x86\x0a\x71\x69\x34" + "\xca\xb1\xe3\x4a\x56\xc9\x29\xd1" + "\x12\x6a\xee\x89\xfd\x27\x83\xdf" + "\x32\x1a\xc2\xe9\x94\xcc\x44\x2e" + "\x0f\x3e\xc8\xc1\x70\x5b\xb0\xe8" + "\x6d\x47\xe3\x39\x75\xd5\x45\x8a" + "\x48\x4c\x64\x76\x6f\xae\x24\x6f" + "\xae\x77\x33\x5b\xf5\xca\x9c\x30" + "\x2c\x27\x15\x5e\x9c\x65\xad\x2a" + "\x88\xb1\x36\xf6\xcd\x5e\x73\x72" + "\x99\x5c\xe2\xe4\xb8\x3e\x12\xfb" + "\x55\x86\xfa\xab\x53\x12\xdc\x6a" + "\xe3\xfe\x6a\xeb\x9b\x5d\xeb\x72" + "\x9d\xf1\xbb\x80\x80\x76\x2d\x57" + "\x11\xde\xcf\xae\x46\xad\xdb\xcd" + "\x62\x66\x3d\x7b\x7f\xcb\xc4\x43" + "\x81\x0c\x7e\xb9\xb7\x47\x1a\x40" + "\xfd\x08\x51\xbe\x01\x1a\xd8\x31" + "\x43\x5e\x24\x91\xa2\x53\xa1\xc5" + "\x8a\xe4\xbc\x00\x8e\xf7\x0c\x30" + "\xdf\x03\x34\x2f\xce\xe4\x2e\xda" + "\x2b\x87\xfc\xf8\x9b\x50\xd5\xb0" + "\x5b\x08\xc6\x17\xa0\xae\x6b\x24" + "\xe2\x1d\xd0\x47\xbe\xc4\x8f\x62" + "\x1d\x12\x26\xc7\x78\xd4\xf2\xa3" + "\xea\x39\x8c\xcb\x54\x3e\x2b\xb9" + "\x9a\x8f\x97\xcf\x68\x53\x40\x02" + "\x56\xac\x52\xbb\x62\x3c\xc6\x3f" + "\x3a\x53\x3c\xe8\x21\x9a\x60\x65" + "\x10\x6e\x59\xc3\x4f\xc3\x07\xc8" + "\x61\x1c\xea\x62\x6e\xa2\x5a\x12" + "\xd6\x10\x91\xbe\x5e\x58\x73\xbe" + "\x77\xb8\xb7\x98\xc7\x7e\x78\x9a", + .len = 1536, + }, { + .key = "\x60\xd5\x36\xb0\x8e\x5d\x0e\x5f" + "\x70\x47\x8c\xea\x87\x30\x1d\x58" + "\x2a\xb2\xe8\xc6\xcb\x60\xe7\x6f" + "\x56\x95\x83\x98\x38\x80\x84\x8a", + .klen = 32, + .iv = "\x43\xfe\x63\x3c\xdc\x9e\x0c\xa6" + "\xee\x9c\x0b\x97\x65\xc2\x56\x1d" + "\x5d\xd0\xbf\xa3\x9f\x1e\xfb\x78" + "\xbf\x51\x1b\x18\x73\x27\x27\x8c", + .ptext = "\x0b\x77\xd8\xa3\x8c\xa6\xb2\x2d" + "\x3e\xdd\xcc\x7c\x4a\x3e\x61\xc4" + "\x9a\x7f\x73\xb0\xb3\x29\x32\x61" + "\x13\x25\x62\xcc\x59\x4c\xf4\xdb" + "\xd7\xf5\xf4\xac\x75\x51\xb2\x83" + "\x64\x9d\x1c\x8b\xd1\x8b\x0c\x06" + "\xf1\x9f\xba\x9d\xae\x62\xd4\xd8" + "\x96\xbe\x3c\x4c\x32\xe4\x82\x44" + "\x47\x5a\xec\xb8\x8a\x5b\xd5\x35" + "\x57\x1e\x5c\x80\x6f\x77\xa9\xb9" + "\xf2\x4f\x71\x1e\x48\x51\x86\x43" + "\x0d\xd5\x5b\x52\x30\x40\xcd\xbb" + "\x2c\x25\xc1\x47\x8b\xb7\x13\xc2" + "\x3a\x11\x40\xfc\xed\x45\xa4\xf0" + "\xd6\xfd\x32\x99\x13\x71\x47\x2e" + "\x4c\xb0\x81\xac\x95\x31\xd6\x23" + "\xa4\x2f\xa9\xe8\x5a\x62\xdc\x96" + "\xcf\x49\xa7\x17\x77\x76\x8a\x8c" + "\x04\x22\xaf\xaf\x6d\xd9\x16\xba" + "\x35\x21\x66\x78\x3d\xb6\x65\x83" + "\xc6\xc1\x67\x8c\x32\xd6\xc0\xc7" + "\xf5\x8a\xfc\x47\xd5\x87\x09\x2f" + "\x51\x9d\x57\x6c\x29\x0b\x1c\x32" + "\x47\x6e\x47\xb5\xf3\x81\xc8\x82" + "\xca\x5d\xe3\x61\x38\xa0\xdc\xcc" + "\x35\x73\xfd\xb3\x92\x5c\x72\xd2" + "\x2d\xad\xf6\xcd\x20\x36\xff\x49" + "\x48\x80\x21\xd3\x2f\x5f\xe9\xd8" + "\x91\x20\x6b\xb1\x38\x52\x1e\xbc" + "\x88\x48\xa1\xde\xc0\xa5\x46\xce" + "\x9f\x32\x29\xbc\x2b\x51\x0b\xae" + "\x7a\x44\x4e\xed\xeb\x95\x63\x99" + "\x96\x87\xc9\x34\x02\x26\xde\x20" + "\xe4\xcb\x59\x0c\xb5\x55\xbd\x55" + "\x3f\xa9\x15\x25\xa7\x5f\xab\x10" + "\xbe\x9a\x59\x6c\xd5\x27\xf3\xf0" + "\x73\x4a\xb3\xe4\x08\x11\x00\xeb" + "\xf1\xae\xc8\x0d\xef\xcd\xb5\xfc" + "\x0d\x7e\x03\x67\xad\x0d\xec\xf1" + "\x9a\xfd\x31\x60\x3e\xa2\xfa\x1c" + "\x93\x79\x31\x31\xd6\x66\x7a\xbd" + "\x85\xfd\x22\x08\x00\xae\x72\x10" + "\xd6\xb0\xf4\xb8\x4a\x72\x5b\x9c" + "\xbf\x84\xdd\xeb\x13\x05\x28\xb7" + "\x61\x60\xfd\x7f\xf0\xbe\x4d\x18" + "\x7d\xc9\xba\xb0\x01\x59\x74\x18" + "\xe4\xf6\xa6\x74\x5d\x3f\xdc\xa0" + "\x9e\x57\x93\xbf\x16\x6c\xf6\xbd" + "\x93\x45\x38\x95\xb9\x69\xe9\x62" + "\x21\x73\xbd\x81\x73\xac\x15\x74" + "\x9e\x68\x28\x91\x38\xb7\xd4\x47" + "\xc7\xab\xc9\x14\xad\x52\xe0\x4c" + "\x17\x1c\x42\xc1\xb4\x9f\xac\xcc" + "\xc8\x12\xea\xa9\x9e\x30\x21\x14" + "\xa8\x74\xb4\x74\xec\x8d\x40\x06" + "\x82\xb7\x92\xd7\x42\x5b\xf2\xf9" + "\x6a\x1e\x75\x6e\x44\x55\xc2\x8d" + "\x73\x5b\xb8\x8c\x3c\xef\x97\xde" + "\x24\x43\xb3\x0e\xba\xad\x63\x63" + "\x16\x0a\x77\x03\x48\xcf\x02\x8d" + "\x76\x83\xa3\xba\x73\xbe\x80\x3f" + "\x8f\x6e\x76\x24\xc1\xff\x2d\xb4" + "\x20\x06\x9b\x67\xea\x29\xb5\xe0" + "\x57\xda\x30\x9d\x38\xa2\x7d\x1e" + "\x8f\xb9\xa8\x17\x64\xea\xbe\x04" + "\x84\xd1\xce\x2b\xfd\x84\xf9\x26" + "\x1f\x26\x06\x5c\x77\x6d\xc5\x9d" + "\xe6\x37\x76\x60\x7d\x3e\xf9\x02" + "\xba\xa6\xf3\x7f\xd3\x95\xb4\x0e" + "\x52\x1c\x6a\x00\x8f\x3a\x0b\xce" + "\x30\x98\xb2\x63\x2f\xff\x2d\x3b" + "\x3a\x06\x65\xaf\xf4\x2c\xef\xbb" + "\x88\xff\x2d\x4c\xa9\xf4\xff\x69" + "\x9d\x46\xae\x67\x00\x3b\x40\x94" + "\xe9\x7a\xf7\x0b\xb7\x3c\xa2\x2f" + "\xc3\xde\x5e\x29\x01\xde\xca\xfa" + "\xc6\xda\xd7\x19\xc7\xde\x4a\x16" + "\x93\x6a\xb3\x9b\x47\xe9\xd2\xfc" + "\xa1\xc3\x95\x9c\x0b\xa0\x2b\xd4" + "\xd3\x1e\xd7\x21\x96\xf9\x1e\xf4" + "\x59\xf4\xdf\x00\xf3\x37\x72\x7e" + "\xd8\xfd\x49\xd4\xcd\x61\x7b\x22" + "\x99\x56\x94\xff\x96\xcd\x9b\xb2" + "\x76\xca\x9f\x56\xae\x04\x2e\x75" + "\x89\x4e\x1b\x60\x52\xeb\x84\xf4" + "\xd1\x33\xd2\x6c\x09\xb1\x1c\x43" + "\x08\x67\x02\x01\xe3\x64\x82\xee" + "\x36\xcd\xd0\x70\xf1\x93\xd5\x63" + "\xef\x48\xc5\x56\xdb\x0a\x35\xfe" + "\x85\x48\xb6\x97\x97\x02\x43\x1f" + "\x7d\xc9\xa8\x2e\x71\x90\x04\x83" + "\xe7\x46\xbd\x94\x52\xe3\xc5\xd1" + "\xce\x6a\x2d\x6b\x86\x9a\xf5\x31" + "\xcd\x07\x9c\xa2\xcd\x49\xf5\xec" + "\x01\x3e\xdf\xd5\xdc\x15\x12\x9b" + "\x0c\x99\x19\x7b\x2e\x83\xfb\xd8" + "\x89\x3a\x1c\x1e\xb4\xdb\xeb\x23" + "\xd9\x42\xae\x47\xfc\xda\x37\xe0" + "\xd2\xb7\x47\xd9\xe8\xb5\xf6\x20" + "\x42\x8a\x9d\xaf\xb9\x46\x80\xfd" + "\xd4\x74\x6f\x38\x64\xf3\x8b\xed" + "\x81\x94\x56\xe7\xf1\x1a\x64\x17" + "\xd4\x27\x59\x09\xdf\x9b\x74\x05" + "\x79\x6e\x13\x29\x2b\x9e\x1b\x86" + "\x73\x9f\x40\xbe\x6e\xff\x92\x4e" + "\xbf\xaa\xf4\xd0\x88\x8b\x6f\x73" + "\x9d\x8b\xbf\xe5\x8a\x85\x45\x67" + "\xd3\x13\x72\xc6\x2a\x63\x3d\xb1" + "\x35\x7c\xb4\x38\xbb\x31\xe3\x77" + "\x37\xad\x75\xa9\x6f\x84\x4e\x4f" + "\xeb\x5b\x5d\x39\x6d\xed\x0a\xad" + "\x6c\x1b\x8e\x1f\x57\xfa\xc7\x7c" + "\xbf\xcf\xf2\xd1\x72\x3b\x70\x78" + "\xee\x8e\xf3\x4f\xfd\x61\x30\x9f" + "\x56\x05\x1d\x7d\x94\x9b\x5f\x8c" + "\xa1\x0f\xeb\xc3\xa9\x9e\xb8\xa0" + "\xc6\x4e\x1e\xb1\xbc\x0a\x87\xa8" + "\x52\xa9\x1e\x3d\x58\x8e\xc6\x95" + "\x85\x58\xa3\xc3\x3a\x43\x32\x50" + "\x6c\xb3\x61\xe1\x0c\x7d\x02\x63" + "\x5f\x8b\xdf\xef\x13\xf8\x66\xea" + "\x89\x00\x1f\xbd\x5b\x4c\xd5\x67" + "\x8f\x89\x84\x33\x2d\xd3\x70\x94" + "\xde\x7b\xd4\xb0\xeb\x07\x96\x98" + "\xc5\xc0\xbf\xc8\xcf\xdc\xc6\x5c" + "\xd3\x7d\x78\x30\x0e\x14\xa0\x86" + "\xd7\x8a\xb7\x53\xa3\xec\x71\xbf" + "\x85\xf2\xea\xbd\x77\xa6\xd1\xfd" + "\x5a\x53\x0c\xc3\xff\xf5\x1d\x46" + "\x37\xb7\x2d\x88\x5c\xeb\x7a\x0c" + "\x0d\x39\xc6\x40\x08\x90\x1f\x58" + "\x36\x12\x35\x28\x64\x12\xe7\xbb" + "\x50\xac\x45\x15\x7b\x16\x23\x5e" + "\xd4\x11\x2a\x8e\x17\x47\xe1\xd0" + "\x69\xc6\xd2\x5c\x2c\x76\xe6\xbb" + "\xf7\xe7\x34\x61\x8e\x07\x36\xc8" + "\xce\xcf\x3b\xeb\x0a\x55\xbd\x4e" + "\x59\x95\xc9\x32\x5b\x79\x7a\x86" + "\x03\x74\x4b\x10\x87\xb3\x60\xf6" + "\x21\xa4\xa6\xa8\x9a\xc9\x3a\x6f" + "\xd8\x13\xc9\x18\xd4\x38\x2b\xc2" + "\xa5\x7e\x6a\x09\x0f\x06\xdf\x53" + "\x9a\x44\xd9\x69\x2d\x39\x61\xb7" + "\x1c\x36\x7f\x9e\xc6\x44\x9f\x42" + "\x18\x0b\x99\xe6\x27\xa3\x1e\xa6" + "\xd0\xb9\x9a\x2b\x6f\x60\x75\xbd" + "\x52\x4a\x91\xd4\x7b\x8f\x95\x9f" + "\xdd\x74\xed\x8b\x20\x00\xdd\x08" + "\x6e\x5b\x61\x7b\x06\x6a\x19\x84" + "\x1c\xf9\x86\x65\xcd\x1c\x73\x3f" + "\x28\x5c\x8a\x93\x1a\xf3\xa3\x6c" + "\x6c\xa9\x7c\xea\x3c\xd4\x15\x45" + "\x7f\xbc\xe3\xbb\x42\xf0\x2e\x10" + "\xcd\x0c\x8b\x44\x1a\x82\x83\x0c" + "\x58\xb1\x24\x28\xa0\x11\x2f\x63" + "\xa5\x82\xc5\x9f\x86\x42\xf4\x4d" + "\x89\xdb\x76\x4a\xc3\x7f\xc4\xb8" + "\xdd\x0d\x14\xde\xd2\x62\x02\xcb" + "\x70\xb7\xee\xf4\x6a\x09\x12\x5e" + "\xd1\x26\x1a\x2c\x20\x71\x31\xef" + "\x7d\x65\x57\x65\x98\xff\x8b\x02" + "\x9a\xb5\xa4\xa1\xaf\x03\xc4\x50" + "\x33\xcf\x1b\x25\xfa\x7a\x79\xcc" + "\x55\xe3\x21\x63\x0c\x6d\xeb\x5b" + "\x1c\xad\x61\x0b\xbd\xb0\x48\xdb" + "\xb3\xc8\xa0\x87\x7f\x8b\xac\xfd" + "\xd2\x68\x9e\xb4\x11\x3c\x6f\xb1" + "\xfe\x25\x7d\x84\x5a\xae\xc9\x31" + "\xc3\xe5\x6a\x6f\xbc\xab\x41\xd9" + "\xde\xce\xf9\xfa\xd5\x7c\x47\xd2" + "\x66\x30\xc9\x97\xf2\x67\xdf\x59" + "\xef\x4e\x11\xbc\x4e\x70\xe3\x46" + "\x53\xbe\x16\x6d\x33\xfb\x57\x98" + "\x4e\x34\x79\x3b\xc7\x3b\xaf\x94" + "\xc1\x87\x4e\x47\x11\x1b\x22\x41" + "\x99\x12\x61\xe0\xe0\x8c\xa9\xbd" + "\x79\xb6\x06\x4d\x90\x3b\x0d\x30" + "\x1a\x00\xaa\x0e\xed\x7c\x16\x2f" + "\x0d\x1a\xfb\xf8\xad\x51\x4c\xab" + "\x98\x4c\x80\xb6\x92\x03\xcb\xa9" + "\x99\x9d\x16\xab\x43\x8c\x3f\x52" + "\x96\x53\x63\x7e\xbb\xd2\x76\xb7" + "\x6b\x77\xab\x52\x80\x33\xe3\xdf" + "\x4b\x3c\x23\x1a\x33\xe1\x43\x40" + "\x39\x1a\xe8\xbd\x3c\x6a\x77\x42" + "\x88\x9f\xc6\xaa\x65\x28\xf2\x1e" + "\xb0\x7c\x8e\x10\x41\x31\xe9\xd5" + "\x9d\xfd\x28\x7f\xfb\x61\xd3\x39" + "\x5f\x7e\xb4\xfb\x9c\x7d\x98\xb7" + "\x37\x2f\x18\xd9\x3b\x83\xaf\x4e" + "\xbb\xd5\x49\x69\x46\x93\x3a\x21" + "\x46\x1d\xad\x84\xb5\xe7\x8c\xff" + "\xbf\x81\x7e\x22\xf6\x88\x8c\x82" + "\xf5\xde\xfe\x18\xc9\xfb\x58\x07" + "\xe4\x68\xff\x9c\xf4\xe0\x24\x20" + "\x90\x92\x01\x49\xc2\x38\xe1\x7c" + "\xac\x61\x0b\x96\x36\xa4\x77\xe9" + "\x29\xd4\x97\xae\x15\x13\x7c\x6c" + "\x2d\xf1\xc5\x83\x97\x02\xa8\x2e" + "\x0b\x0f\xaf\xb5\x42\x18\x8a\x8c" + "\xb8\x28\x85\x28\x1b\x2a\x12\xa5" + "\x4b\x0a\xaf\xd2\x72\x37\x66\x23" + "\x28\xe6\x71\xa0\x77\x85\x7c\xff" + "\xf3\x8d\x2f\x0c\x33\x30\xcd\x7f" + "\x61\x64\x23\xb2\xe9\x79\x05\xb8" + "\x61\x47\xb1\x2b\xda\xf7\x9a\x24" + "\x94\xf6\xcf\x07\x78\xa2\x80\xaa" + "\x6e\xe9\x58\x97\x19\x0c\x58\x73" + "\xaf\xee\x2d\x6e\x26\x67\x18\x8a" + "\xc6\x6d\xf6\xbc\x65\xa9\xcb\xe7" + "\x53\xf1\x61\x97\x63\x52\x38\x86" + "\x0e\xdd\x33\xa5\x30\xe9\x9f\x32" + "\x43\x64\xbc\x2d\xdc\x28\x43\xd8" + "\x6c\xcd\x00\x2c\x87\x9a\x33\x79" + "\xbd\x63\x6d\x4d\xf9\x8a\x91\x83" + "\x9a\xdb\xf7\x9a\x11\xe1\xd1\x93" + "\x4a\x54\x0d\x51\x38\x30\x84\x0b" + "\xc5\x29\x8d\x92\x18\x6c\x28\xfe" + "\x1b\x07\x57\xec\x94\x74\x0b\x2c" + "\x21\x01\xf6\x23\xf9\xb0\xa0\xaf" + "\xb1\x3e\x2e\xa8\x0d\xbc\x2a\x68" + "\x59\xde\x0b\x2d\xde\x74\x42\xa1" + "\xb4\xce\xaf\xd8\x42\xeb\x59\xbd" + "\x61\xcc\x27\x28\xc6\xf2\xde\x3e" + "\x68\x64\x13\xd3\xc3\xc0\x31\xe0" + "\x5d\xf9\xb4\xa1\x09\x20\x46\x8b" + "\x48\xb9\x27\x62\x00\x12\xc5\x03" + "\x28\xfd\x55\x27\x1c\x31\xfc\xdb" + "\xc1\xcb\x7e\x67\x91\x2e\x50\x0c" + "\x61\xf8\x9f\x31\x26\x5a\x3d\x2e" + "\xa0\xc7\xef\x2a\xb6\x24\x48\xc9" + "\xbb\x63\x99\xf4\x7c\x4e\xc5\x94" + "\x99\xd5\xff\x34\x93\x8f\x31\x45" + "\xae\x5e\x7b\xfd\xf4\x81\x84\x65" + "\x5b\x41\x70\x0b\xe5\xaa\xec\x95" + "\x6b\x3d\xe3\xdc\x12\x78\xf8\x28" + "\x26\xec\x3a\x64\xc4\xab\x74\x97" + "\x3d\xcf\x21\x7d\xcf\x59\xd3\x15" + "\x47\x94\xe4\xd9\x48\x4c\x02\x49" + "\x68\x50\x22\x16\x96\x2f\xc4\x23" + "\x80\x47\x27\xd1\xee\x10\x3b\xa7" + "\x19\xae\xe1\x40\x5f\x3a\xde\x5d" + "\x97\x1c\x59\xce\xe1\xe7\x32\xa7" + "\x20\x89\xef\x44\x22\x38\x3c\x14" + "\x99\x3f\x1b\xd6\x37\xfe\x93\xbf" + "\x34\x13\x86\xd7\x9b\xe5\x2a\x37" + "\x72\x16\xa4\xdf\x7f\xe4\xa4\x66" + "\x9d\xf2\x0b\x29\xa1\xe2\x9d\x36" + "\xe1\x9d\x56\x95\x73\xe1\x91\x58" + "\x0f\x64\xf8\x90\xbb\x0c\x48\x0f" + "\xf5\x52\xae\xd9\xeb\x95\xb7\xdd" + "\xae\x0b\x20\x55\x87\x3d\xf0\x69" + "\x3c\x0a\x54\x61\xea\x00\xbd\xba" + "\x5f\x7e\x25\x8c\x3e\x61\xee\xb2" + "\x1a\xc8\x0e\x0b\xa5\x18\x49\xf2" + "\x6e\x1d\x3f\x83\xc3\xf1\x1a\xcb" + "\x9f\xc9\x82\x4e\x7b\x26\xfd\x68" + "\x28\x25\x8d\x22\x17\xab\xf8\x4e" + "\x1a\xa9\x81\x48\xb0\x9f\x52\x75" + "\xe4\xef\xdd\xbd\x5b\xbe\xab\x3c" + "\x43\x76\x23\x62\xce\xb8\xc2\x5b" + "\xc6\x31\xe6\x81\xb4\x42\xb2\xfd" + "\xf3\x74\xdd\x02\x3c\xa0\xd7\x97" + "\xb0\xe7\xe9\xe0\xce\xef\xe9\x1c" + "\x09\xa2\x6d\xd3\xc4\x60\xd6\xd6" + "\x9e\x54\x31\x45\x76\xc9\x14\xd4" + "\x95\x17\xe9\xbe\x69\x92\x71\xcb" + "\xde\x7c\xf1\xbd\x2b\xef\x8d\xaf" + "\x51\xe8\x28\xec\x48\x7f\xf8\xfa" + "\x9f\x9f\x5e\x52\x61\xc3\xfc\x9a" + "\x7e\xeb\xe3\x30\xb6\xfe\xc4\x4a" + "\x87\x1a\xff\x54\x64\xc7\xaa\xa2" + "\xfa\xb7\xb2\xe7\x25\xce\x95\xb4" + "\x15\x93\xbd\x24\xb6\xbc\xe4\x62" + "\x93\x7f\x44\x40\x72\xcb\xfb\xb2" + "\xbf\xe8\x03\xa5\x87\x12\x27\xfd" + "\xc6\x21\x8a\x8f\xc2\x48\x48\xb9" + "\x6b\xb6\xf0\xf0\x0e\x0a\x0e\xa4" + "\x40\xa9\xd8\x23\x24\xd0\x7f\xe2" + "\xf9\xed\x76\xf0\x91\xa5\x83\x3c" + "\x55\xe1\x92\xb8\xb6\x32\x9e\x63" + "\x60\x81\x75\x29\x9e\xce\x2a\x70" + "\x28\x0c\x87\xe5\x46\x73\x76\x66" + "\xbc\x4b\x6c\x37\xc7\xd0\x1a\xa0" + "\x9d\xcf\x04\xd3\x8c\x42\xae\x9d" + "\x35\x5a\xf1\x40\x4c\x4e\x81\xaa" + "\xfe\xd5\x83\x4f\x29\x19\xf3\x6c" + "\x9e\xd0\x53\xe5\x05\x8f\x14\xfb" + "\x68\xec\x0a\x3a\x85\xcd\x3e\xb4" + "\x4a\xc2\x5b\x92\x2e\x0b\x58\x64" + "\xde\xca\x64\x86\x53\xdb\x7f\x4e" + "\x54\xc6\x5e\xaa\xe5\x82\x3b\x98" + "\x5b\x01\xa7\x1f\x7b\x3d\xcc\x19" + "\xf1\x11\x02\x64\x09\x25\x7c\x26" + "\xee\xad\x50\x68\x31\x26\x16\x0f" + "\xb6\x7b\x6f\xa2\x17\x1a\xba\xbe" + "\xc3\x60\xdc\xd2\x44\xe0\xb4\xc4" + "\xfe\xff\x69\xdb\x60\xa6\xaf\x39" + "\x0a\xbd\x6e\x41\xd1\x9f\x87\x71" + "\xcc\x43\xa8\x47\x10\xbc\x2b\x7d" + "\x40\x12\x43\x31\xb8\x12\xe0\x95" + "\x6f\x9d\xf8\x75\x51\x3d\x61\xbe" + "\xa0\xd1\x0b\x8d\x50\xc7\xb8\xe7" + "\xab\x03\xda\x41\xab\xc5\x4e\x33" + "\x5a\x63\x94\x90\x22\x72\x54\x26" + "\x93\x65\x99\x45\x55\xd3\x55\x56" + "\xc5\x39\xe4\xb4\xb1\xea\xd8\xf9" + "\xb5\x31\xf7\xeb\x80\x1a\x9e\x8d" + "\xd2\x40\x01\xea\x33\xb9\xf2\x7a" + "\x43\x41\x72\x0c\xbf\x20\xab\xf7" + "\xfa\x65\xec\x3e\x35\x57\x1e\xef" + "\x2a\x81\xfa\x10\xb2\xdb\x8e\xfa" + "\x7f\xe7\xaf\x73\xfc\xbb\x57\xa2" + "\xaf\x6f\x41\x11\x30\xd8\xaf\x94" + "\x53\x8d\x4c\x23\xa5\x20\x63\xcf" + "\x0d\x00\xe0\x94\x5e\x92\xaa\xb5" + "\xe0\x4e\x96\x3c\xf4\x26\x2f\xf0" + "\x3f\xd7\xed\x75\x2c\x63\xdf\xc8" + "\xfb\x20\xb5\xae\x44\x83\xc0\xab" + "\x05\xf9\xbb\xa7\x62\x7d\x21\x5b" + "\x04\x80\x93\x84\x5f\x1d\x9e\xcd" + "\xa2\x07\x7e\x22\x2f\x55\x94\x23" + "\x74\x35\xa3\x0f\x03\xbe\x07\x62" + "\xe9\x16\x69\x7e\xae\x38\x0e\x9b" + "\xad\x6e\x83\x90\x21\x10\xb8\x07" + "\xdc\xc1\x44\x20\xa5\x88\x00\xdc" + "\xe1\x82\x16\xf1\x0c\xdc\xed\x8c" + "\x32\xb5\x49\xab\x11\x41\xd5\xd2" + "\x35\x2c\x70\x73\xce\xeb\xe3\xd6" + "\xe4\x7d\x2c\xe8\x8c\xec\x8a\x92" + "\x50\x87\x51\xbd\x2d\x9d\xf2\xf0" + "\x3c\x7d\xb1\x87\xf5\x01\xb0\xed" + "\x02\x5a\x20\x4d\x43\x08\x71\x49" + "\x77\x72\x9b\xe6\xef\x30\xc9\xa2" + "\x66\x66\xb8\x68\x9d\xdf\xc6\x16" + "\xa5\x78\xee\x3c\x47\xa6\x7a\x31" + "\x07\x6d\xce\x7b\x86\xf8\xb2\x31" + "\xa8\xa4\x77\x3c\x63\x36\xe8\xd3" + "\x7d\x40\x56\xd8\x48\x56\x9e\x3e" + "\x56\xf6\x3d\xd2\x12\x6e\x35\x29" + "\xd4\x7a\xdb\xff\x97\x4c\xeb\x3c" + "\x28\x2a\xeb\xe9\x43\x40\x61\x06" + "\xb8\xa8\x6d\x18\xc8\xbc\xc7\x23" + "\x53\x2b\x8b\xcc\xce\x88\xdf\xf8" + "\xff\xf8\x94\xe4\x5c\xee\xcf\x39" + "\xe0\xf6\x1a\xae\xf2\xd5\x41\x6a" + "\x09\x5a\x50\x66\xc4\xf4\x66\xdc" + "\x6a\x69\xee\xc8\x47\xe6\x87\x52" + "\x9e\x28\xe4\x39\x02\x0d\xc4\x7e" + "\x18\xe6\xc6\x09\x07\x03\x30\xb9" + "\xd1\xb0\x48\xe6\x80\xe8\x8c\xe6" + "\xc7\x2c\x33\xca\x64\xe5\xc0\x6e" + "\xac\x14\x4b\xe1\xf6\xeb\xce\xe4" + "\xc1\x8c\xea\x5b\x8d\x3c\x86\x91" + "\xd1\xd7\x16\x9c\x09\x9c\x6a\x51" + "\xe5\xcd\xe3\xb0\x33\x1f\x03\xcd" + "\xe5\xd8\x40\x9b\xdc\x29\xbe\xfa" + "\x24\xcc\xf1\x55\x68\x3a\x89\x0d" + "\x08\x48\xfd\x9b\x47\x41\x10\xae" + "\x53\x3a\x83\x87\xd4\x89\xe7\x38" + "\x47\xee\xd7\xbe\xe2\x58\x37\xd2" + "\xfc\x21\x1d\x20\xa5\x2d\x69\x0c" + "\x36\x5b\x2f\xcd\xa1\xa6\xe4\xa1" + "\x00\x4d\xf7\xc8\x2d\xc7\x16\x6c" + "\x6d\xad\x32\x8c\x8f\x74\xf9\xfa" + "\x78\x1c\x9a\x0f\x6e\x93\x9c\x20" + "\x43\xb9\xe4\xda\xc4\xc7\x90\x47" + "\x86\x68\xb7\x6f\x82\x59\x4a\x30" + "\xf1\xfd\x31\x0f\xa1\xea\x9b\x6b" + "\x18\x5c\x39\xb0\xc7\x80\x64\xff" + "\x6d\x5b\xb4\x8b\xba\x90\xea\x4e" + "\x9a\x04\xd2\x68\x18\x50\xb5\x91" + "\x45\x4f\x58\x5a\xe5\xc6\x7c\xab" + "\x61\x3e\x3d\xec\x18\x87\xfc\xea" + "\x26\x35\x4c\x99\x8a\x3f\x00\x7b" + "\xf5\x89\x62\xda\xdd\xf1\x43\xef" + "\x2c\x1d\x92\xfa\x9a\xd0\x37\x03" + "\x69\x9c\xd8\x1f\x41\x44\xb7\x73" + "\x54\x14\x91\x12\x41\x41\x54\xa2" + "\x91\x55\xb6\xf7\x23\x41\xc9\xc2" + "\x5b\x53\xf2\x61\x63\x0d\xa9\x87" + "\x1a\xbb\x11\x1f\x3c\xbb\xa8\x1f" + "\xe2\x66\x56\x88\x06\x3c\xd2\x0f" + "\x3b\xc4\xd6\x8c\xbe\x54\x9f\xa8" + "\x9c\x89\xfb\x88\x05\xef\xcd\xe7" + "\xc1\xc4\x21\x36\x22\x8d\x9a\x5d" + "\x1b\x1e\x4a\xc0\x89\xdd\x76\x16" + "\x5a\xce\xcd\x1e\x6a\x1f\xa0\x2b" + "\x83\xf6\x5e\x28\x8e\x65\xb5\x86" + "\x72\x8f\xc5\xf2\x54\x81\x10\x8d" + "\x63\x7b\x42\x7d\x06\x08\x16\xb3" + "\xb0\x60\x65\x41\x49\xdb\x0d\xc1" + "\xe2\xef\x72\x72\x06\xe7\x60\x5c" + "\x95\x1c\x7d\x52\xec\x82\xee\xd3" + "\x5b\xab\x61\xa4\x1f\x61\x64\x0c" + "\x28\x32\x21\x7a\x81\xe7\x81\xf3" + "\xdb\xc0\x18\xd9\xae\x0b\x3c\x9a" + "\x58\xec\x70\x4f\x40\x25\x2b\xba" + "\x96\x59\xac\x34\x45\x29\xc6\x57" + "\xc1\xc3\x93\x60\x77\x92\xbb\x83" + "\x8a\xa7\x72\x45\x2a\xc9\x35\xe7" + "\x66\xd6\xa9\xe9\x43\x87\x20\x11" + "\x6a\x2f\x87\xac\xe0\x93\x82\xe5" + "\x6c\x57\xa9\x4c\x9e\x56\x57\x33" + "\x1c\xd8\x7e\x25\x27\x41\x89\x97" + "\xea\xa5\x56\x02\x5b\x93\x13\x46" + "\xdc\x53\x3d\x95\xef\xaf\x9f\xf0" + "\x0a\x8a\xfe\x0c\xbf\xf0\x25\x5f" + "\xb4\x9f\x1b\x72\x9c\x37\xba\x46" + "\x4e\xcc\xcc\x02\x5c\xec\x3f\x98" + "\xff\x56\x1a\xc2\x7a\x65\x8f\xf6" + "\xd2\x81\x37\x7a\x0a\xfc\x79\xb9" + "\xcb\x8c\xc8\x1a\xd0\xba\x5d\x55" + "\xbc\x6d\x2e\xb2\x2f\x75\x29\x3f" + "\x1a\x4b\xa8\xd7\xe8\xf6\xf4\x2a" + "\xa5\xa1\x68\xec\xf3\xd5\xdd\x0f" + "\xad\x57\xae\x98\x83\xd5\x92\x4e" + "\x76\x86\x8e\x5e\x4b\x87\x7b\xf7" + "\x2d\x79\x3f\x12\x6a\x24\x58\xc8" + "\xab\x9a\x65\x75\x82\x6f\xa5\x39" + "\x72\xb0\xdf\x93\xb5\xa2\xf3\xdd" + "\x1f\x32\xfa\xdb\xfe\x1b\xbf\x0a" + "\xd9\x95\xdd\x02\xf1\x23\x54\xb1" + "\xa5\xbb\x24\x04\x5c\x2a\x97\x92" + "\xe6\xe0\x10\x61\xe3\x46\xc7\x0c" + "\xcb\xbc\x51\x9a\x35\x16\xd9\x42" + "\x62\xb3\x5e\xa4\x3c\x84\xa0\x7f" + "\xb8\x7f\x70\xd1\x8b\x03\xdf\x27" + "\x32\x06\x3f\x12\x23\x19\x22\x82" + "\x2d\x37\xa5\x00\x31\x9b\xa9\x21" + "\x8e\x34\x8c\x8e\x4f\xe8\xd4\x63" + "\x6c\xb2\xa9\x6e\xf6\x7c\x96\xf1" + "\x0e\x64\xab\x14\x3d\x8f\x74\xb3" + "\x35\x79\x84\x78\x06\x68\x97\x30" + "\xe0\x22\x55\xd6\xc5\x5b\x38\xb2" + "\x75\x24\x0c\x52\xb6\x57\xcc\x0a" + "\xbd\x3c\xd0\x73\x47\xd1\x25\xd6" + "\x1c\xfd\x27\x05\x3f\x70\xe1\xa7" + "\x69\x3b\xee\xc9\x9f\xfd\x2a\x7e" + "\xab\x58\xe6\x0b\x35\x5e\x52\xf9" + "\xff\xac\x5b\x82\x88\xa7\x65\xbc" + "\x61\x29\xdc\xa1\x94\x42\xd1\xd3" + "\xa0\xd8\xba\x3b\x49\xc8\xa7\xce" + "\x01\x6c\xb7\x3f\xe3\x98\x4d\xd1" + "\x9f\x46\x0d\xb3\xf2\x43\x33\x49" + "\xb7\x27\xbd\xba\xcc\x3f\x09\x56" + "\xfa\x64\x18\xb8\x17\x28\xde\x0d" + "\x29\xfa\x1f\xad\x60\x3b\x90\xa7" + "\x05\x9f\x4c\xc4\xdc\x05\x3b\x17" + "\x58\xea\x99\xfd\x6b\x8a\x93\x77" + "\xa5\x44\xbd\x8d\x29\x44\x29\x89" + "\x52\x1d\x89\x8b\x44\x8f\xb9\x68" + "\xeb\x93\xfd\x92\xd9\x14\x35\x9c" + "\x28\x3a\x9f\x1d\xd8\xe0\x2a\x76" + "\x51\xc1\xf0\xa9\x1d\xb4\xf8\xb9" + "\xfc\x14\x78\x5a\xa2\xb1\xdb\x94" + "\xcb\x18\xb9\x34\xbd\x0c\x65\x1d" + "\x64\xde\xd0\x3a\xe4\x68\x0e\xbc" + "\x13\xa7\x47\x89\x62\xa3\x03\x19" + "\x64\xa1\x02\x27\x3a\x8d\x43\xfa" + "\x68\xff\xda\x8b\x40\xe9\x19\x8b" + "\x56\xbe\x1c\x9b\xe6\xf6\x3f\x60" + "\xdb\x7a\xd5\xab\x82\xd8\xd9\x99" + "\xe3\x5b\x0c\x0c\x69\x18\x5c\xed" + "\x03\xf9\xc1\x61\xc4\x7b\xd4\x90" + "\x43\xc3\x39\xec\xac\xcb\x1f\x4b" + "\x23\xf8\xa9\x98\x2f\xf6\x48\x90" + "\x6c\x2b\x94\xad\x14\xdd\xcc\xa2" + "\x3d\xc7\x86\x0f\x7f\x1c\x0b\x93" + "\x4b\x74\x1f\x80\x75\xb4\x91\xdf" + "\xa8\x26\xf9\x06\x2b\x3a\x2c\xfd" + "\x3c\x31\x40\x1e\x5b\xa6\x86\x01" + "\xc4\xa2\x80\x4f\xf5\xa2\xf4\xff" + "\xf6\x07\x8c\x92\xf7\x74\xbd\x42" + "\xb0\x3f\x6b\x05\xca\x40\xeb\x04" + "\x20\xa9\x37\x78\x32\x03\x60\xcc" + "\xf3\xec\xb2\x2d\xb5\x80\x7c\xe4" + "\x37\x53\x25\xd1\xe8\x91\x6a\xe5" + "\xdf\xdd\xb0\xab\x69\xc7\xa1\xb2" + "\xfc\xb3\xd1\x9e\xda\xa8\x0d\x68" + "\xfe\x7d\xdc\x56\x33\x65\x99\xd2" + "\xec\xa5\xa0\xa1\x26\xc9\xec\xbd" + "\x22\x20\x5e\x0d\xcb\x93\x64\x7a" + "\x56\x75\xed\xe5\x45\xa2\xbd\x16" + "\x59\xf7\x43\xd9\x5b\x2c\xdd\xb6" + "\x1d\xa8\x05\x89\x2f\x65\x2e\x66" + "\xfe\xad\x93\xeb\x85\x8f\xe8\x4c" + "\x00\x44\x71\x03\x0e\x26\xaf\xfd" + "\xfa\x56\x0f\xdc\x9c\xf3\x2e\xab" + "\x88\x26\x61\xc6\x13\xfe\xba\xc1" + "\xd8\x8a\x38\xc3\xb6\x4e\x6d\x80" + "\x4c\x65\x93\x2f\xf5\x54\xff\x63" + "\xbe\xdf\x9a\xe3\x4f\xca\xc9\x71" + "\x12\xab\x95\x66\xec\x09\x64\xea" + "\xdc\x9f\x01\x61\x24\x88\xd1\xa7" + "\xd0\x69\x26\xf0\x80\xb0\xec\x86" + "\xc2\x58\x2f\x6a\xc5\xfd\xfc\x2a" + "\xf6\x3e\x23\x77\x3b\x7e\xc5\xc5" + "\xe7\xf9\x4d\xcc\x68\x53\x11\xc8" + "\x5b\x44\xbd\x48\x0f\xb3\x35\x1a" + "\x93\x4a\x80\x16\xa3\x0d\x50\x85" + "\xa6\xc4\xd4\x74\x4d\x87\x59\x51" + "\xd7\xf7\x7d\xee\xd0\x9b\xd1\x83" + "\x25\x2b\xc6\x39\x27\x6a\xb3\x41" + "\x5f\xd2\x24\xd4\xd6\xfa\x8c\x3e" + "\xb2\xf9\x11\x71\x7a\x9e\x5e\x7b" + "\x5b\x9a\x47\x80\xca\x1c\xbe\x04" + "\x5d\x34\xc4\xa2\x2d\x41\xfe\x73" + "\x53\x15\x9f\xdb\xe7\x7d\x82\x19" + "\x21\x1b\x67\x2a\x74\x7a\x21\x4a" + "\xc4\x96\x6f\x00\x92\x69\xf1\x99" + "\x50\xf1\x4a\x16\x11\xf1\x16\x51", + .ctext = "\x2c\xf5\x4c\xc9\x99\x19\x83\x84" + "\x09\xbc\xe6\xad\xbe\xb6\x6b\x1b" + "\x75\x0b\x3d\x33\x10\xb4\x8b\xf7" + "\xa7\xc7\xba\x9f\x6e\xd7\xc7\xfd" + "\x58\xef\x24\xf4\xdc\x26\x3f\x35" + "\x02\x98\xf2\x8c\x96\xca\xfc\xca" + "\xca\xfa\x27\xe6\x23\x1f\xf0\xc7" + "\xe3\x46\xbf\xca\x7b\x4e\x24\xcd" + "\xd0\x13\x3f\x80\xd6\x5b\x0b\xdc" + "\xad\xc6\x49\x77\xd7\x58\xf5\xfd" + "\x58\xba\x72\x0d\x9e\x0b\x63\xc3" + "\x86\xac\x06\x97\x70\x42\xec\x3a" + "\x0d\x53\x27\x17\xbd\x3e\xcb\xe0" + "\xaa\x19\xb4\xfe\x5d\x1b\xcb\xd7" + "\x99\xc3\x19\x45\x6f\xdf\x64\x44" + "\x9f\xf8\x55\x1b\x72\x8d\x78\x51" + "\x3c\x83\x48\x8f\xaf\x05\x60\x7d" + "\x22\xce\x07\x53\xfd\x91\xcf\xfa" + "\x5f\x86\x66\x3e\x72\x67\x7f\xc1" + "\x49\x82\xc7\x1c\x91\x1e\x48\xcd" + "\x5e\xc6\x5f\xd9\xc9\x43\x88\x35" + "\x80\xba\x91\xe1\x54\x4b\x14\xbe" + "\xbd\x75\x48\xb8\xde\x22\x64\xb5" + "\x8c\xcb\x5e\x92\x99\x8f\x4a\xab" + "\x00\x6c\xb4\x2e\x03\x3b\x0e\xee" + "\x4d\x39\x05\xbc\x94\x80\xbb\xb2" + "\x36\x16\xa3\xd9\x8f\x61\xd7\x67" + "\xb5\x90\x46\x85\xe1\x4e\x71\x84" + "\xd0\x84\xc0\xc0\x8f\xad\xdb\xeb" + "\x44\xf4\x66\x35\x3f\x92\xa2\x05" + "\xa4\x9c\xb8\xdc\x77\x6c\x85\x34" + "\xd2\x6a\xea\x32\xb8\x08\xf6\x13" + "\x78\x1e\x29\xef\x12\x54\x16\x28" + "\x25\xf8\x32\x0e\x4f\x94\xe6\xb3" + "\x0b\x97\x79\x97\xb3\xb0\x37\x61" + "\xa4\x10\x6f\x15\x9c\x7d\x22\x41" + "\xe2\xd7\xa7\xa0\xfc\xc5\x62\x55" + "\xed\x68\x39\x7b\x09\xd2\x17\xaa" + "\xf2\xb8\xc9\x1d\xa2\x23\xfd\xaa" + "\x9c\x57\x16\x0d\xe3\x63\x3c\x2b" + "\x13\xdd\xa2\xf0\x8e\xd3\x02\x81" + "\x09\xba\x80\x02\xdb\x97\xfe\x0f" + "\x77\x8d\x18\xf1\xf4\x59\x27\x79" + "\xa3\x46\x88\xda\x51\x67\xd0\xe9" + "\x5d\x22\x98\xc1\xe4\xea\x08\xda" + "\xf7\xb9\x16\x71\x36\xbd\x43\x8a" + "\x4b\x6e\xf3\xaa\xb0\xba\x1a\xbc" + "\xaa\xca\xde\x5c\xc0\xa5\x11\x6d" + "\x8a\x8f\xcc\x04\xfc\x6c\x89\x75" + "\x4b\x2c\x29\x6f\x41\xc7\x6e\xda" + "\xea\xa6\xaf\xb0\xb1\x46\x9e\x30" + "\x5e\x11\x46\x07\x3b\xd6\xaa\x36" + "\xa4\x01\x84\x1d\xb9\x8e\x58\x9d" + "\xa9\xb6\x1c\x56\x5c\x5a\xde\xfa" + "\x66\x96\xe6\x29\x26\xd4\x68\xd0" + "\x1a\xcb\x98\xbb\xce\x19\xbb\x87" + "\x00\x6c\x59\x17\xe3\xd1\xe6\x5c" + "\xd0\x98\xe1\x91\xc4\x28\xaf\xbf" + "\xbb\xdf\x75\x4e\xd9\x9d\x99\x0f" + "\xc6\x0c\x03\x24\x3e\xb6\xd7\x3f" + "\xd5\x43\x4a\x47\x26\xab\xf6\x3f" + "\x7f\xf1\x15\x0c\xde\x68\xa0\x5f" + "\x63\xf9\xe2\x5e\x5d\x42\xf1\x36" + "\x38\x90\x06\x18\x84\xf2\xfa\x81" + "\x36\x33\x29\x18\xaa\x8c\x49\x0e" + "\xda\x27\x38\x9c\x12\x8b\x83\xfa" + "\x40\xd0\xb6\x0a\x72\x85\xf0\xc7" + "\xaa\x5f\x30\x1a\x6f\x45\xe4\x35" + "\x4c\xf3\x4c\xe4\x1c\xd7\x48\x77" + "\xdd\x3e\xe4\x73\x44\xb1\xb8\x1c" + "\x42\x40\x90\x61\xb1\x6d\x8b\x20" + "\x2d\x30\x63\x01\x26\x71\xbc\x5a" + "\x76\xce\xc1\xfb\x13\xf9\x4c\x6e" + "\x7a\x16\x8a\x53\xcb\x07\xaa\xa1" + "\xba\xd0\x68\x7a\x2d\x25\x48\x85" + "\xb7\x6b\x0a\x05\xf2\xdf\x0e\x46" + "\x4e\xc8\xcd\x59\x5b\x9a\x2e\x9e" + "\xdb\x4a\xf6\xfd\x7b\xa4\x5c\x4d" + "\x78\x8d\xe7\xb0\x84\x3f\xf0\xc1" + "\x47\x39\xbf\x1e\x8c\xc2\x11\x0d" + "\x90\xd1\x17\x42\xb3\x50\xeb\xaa" + "\xcd\xc0\x98\x36\x84\xd0\xfe\x75" + "\xf8\x8f\xdc\xa0\xa1\x53\xe5\x8c" + "\xf2\x0f\x4a\x31\x48\xae\x3d\xaf" + "\x19\x4b\x75\x2e\xc1\xe3\xcd\x4d" + "\x2c\xa4\x54\x7b\x4d\x5e\x93\xa2" + "\xe7\x1f\x34\x19\x9f\xb2\xbf\x22" + "\x65\x1a\x03\x48\x12\x66\x50\x3e" + "\x0e\x5d\x60\x29\x44\x69\x90\xee" + "\x9d\x8b\x55\x78\xdf\x63\x31\xc3" + "\x1b\x21\x7d\x06\x21\x86\x60\xb0" + "\x9d\xdb\x3d\xcc\xe2\x20\xf4\x88" + "\x20\x62\x2e\xe8\xa9\xea\x42\x41" + "\xb0\xab\x73\x61\x40\x39\xac\x11" + "\x55\x27\x51\x5f\x11\xef\xb1\x23" + "\xff\x81\x99\x86\x0c\x6f\x16\xaf" + "\xf6\x89\x86\xd8\xf6\x41\xc2\x80" + "\x21\xf4\xd5\x6d\xef\xa3\x0c\x4d" + "\x59\xfd\xdc\x93\x1a\x4f\xe6\x22" + "\x83\x40\x0c\x98\x67\xba\x7c\x93" + "\x0b\xa9\x89\xfc\x3e\xff\x84\x12" + "\x3e\x27\xa3\x8a\x48\x17\xd6\x08" + "\x85\x2f\xf1\xa8\x90\x90\x71\xbe" + "\x44\xd6\x34\xbf\x74\x52\x0a\x17" + "\x39\x64\x78\x1a\xbc\x81\xbe\xc8" + "\xea\x7f\x0b\x5a\x2c\x77\xff\xac" + "\xdd\x37\x35\x78\x09\x28\x29\x4a" + "\xd1\xd6\x6c\xc3\xd5\x70\xdd\xfc" + "\x21\xcd\xce\xeb\x51\x11\xf7\xbc" + "\x12\x43\x1e\x6c\xa1\xa3\x79\xe6" + "\x1d\x63\x52\xff\xf0\xbb\xcf\xec" + "\x56\x58\x63\xe2\x21\x0b\x2d\x5c" + "\x64\x09\xf3\xee\x05\x42\x34\x93" + "\x38\xa8\x60\xea\x1d\x95\x90\x65" + "\xad\x2f\xda\x1d\xdd\x21\x1a\xf1" + "\x94\xe0\x6a\x81\xa1\xd3\x63\x31" + "\x45\x73\xce\x54\x4e\xb1\x75\x26" + "\x59\x18\xc2\x31\x73\xe6\xf5\x7d" + "\x06\x5b\x65\x67\xe5\x69\x90\xdf" + "\x27\x6a\xbf\x81\x7d\x92\xbe\xd1" + "\x4e\x0b\xa8\x18\x94\x72\xe1\xd0" + "\xb6\x2a\x16\x08\x7a\x34\xb8\xf2" + "\xe1\xac\x08\x66\xe6\x78\x66\xfd" + "\x36\xbd\xee\xc6\x71\xa4\x09\x4e" + "\x3b\x09\xf2\x8e\x3a\x90\xba\xa0" + "\xc2\x1d\x9f\xad\x52\x0e\xc9\x10" + "\x99\x40\x90\xd5\x7d\x73\x56\xef" + "\x48\x1e\x56\x5c\x7d\x3c\xcb\x84" + "\x10\x0a\xcc\xda\xce\xad\xd8\xa8" + "\x79\xc7\x29\x95\x31\x3b\xd9\x9b" + "\xb6\x84\x3e\x03\x74\xc5\x76\xba" + "\x4b\xd9\x4f\x7c\xc4\x5f\x7f\x70" + "\xc5\xe3\x6e\xd0\x14\x32\xec\x60" + "\xb0\x69\x78\xb7\xef\xda\x5a\xe7" + "\x4e\x50\x97\xd4\x94\x58\x67\x57" + "\x4e\x7c\x75\xe0\xcf\x8d\xe1\x78" + "\x97\x52\xc8\x73\x81\xf9\xb6\x02" + "\x54\x72\x6d\xc0\x70\xff\xe2\xeb" + "\x6c\xe1\x30\x0a\x94\xd0\x55\xec" + "\xed\x61\x9c\x6d\xd9\xa0\x92\x62" + "\x4e\xfd\xd8\x79\x27\x02\x4e\x13" + "\xb2\x04\xba\x00\x9a\x77\xed\xc3" + "\x5b\xa4\x22\x02\xa9\xed\xaf\xac" + "\x4f\xe1\x74\x73\x51\x36\x78\x8b" + "\xdb\xf5\x32\xfd\x0d\xb9\xcb\x15" + "\x4c\xae\x43\x72\xeb\xbe\xc0\xf8" + "\x91\x67\xf1\x4f\x5a\xd4\xa4\x69" + "\x8f\x3e\x16\xd2\x09\x31\x72\x5a" + "\x5e\x0a\xc4\xbc\x44\xd4\xbb\x82" + "\x7a\xdf\x52\x25\x8c\x45\xdc\xe4" + "\xe0\x71\x84\xe4\xe0\x3d\x59\x30" + "\x5b\x94\x12\x33\x78\x85\x90\x84" + "\x52\x05\x33\xa7\xa7\x16\xe0\x4d" + "\x6a\xf7\xfa\x03\x98\x6c\x4f\xb0" + "\x06\x66\x06\xa1\xdd\x3c\xbe\xbb" + "\xb2\x62\xab\x64\xd3\xbf\x2c\x30" + "\x0e\xfc\xd9\x95\x32\x32\xf3\x3b" + "\x39\x7e\xda\x62\x62\x0f\xc3\xfe" + "\x55\x76\x09\xf5\x8a\x09\x91\x93" + "\x32\xea\xbc\x2b\x0b\xcf\x1d\x65" + "\x48\x33\xba\xeb\x0f\xd4\xf9\x3b" + "\x1e\x90\x74\x6d\x93\x52\x61\x81" + "\xa3\xf2\xb5\xea\x1d\x61\x86\x68" + "\x00\x40\xcc\x58\xdd\xf2\x64\x01" + "\xab\xfd\x94\xc0\xa3\x83\x83\x33" + "\xa4\xb0\xb8\xd3\x9d\x08\x3c\x7f" + "\x8e\xa8\xaf\x87\xa5\xe7\xcd\x36" + "\x92\x96\xdc\xa1\xf2\xea\xe6\xd1" + "\x1e\xe9\x65\xa4\xff\xda\x17\x96" + "\xad\x91\x4a\xc5\x26\xb4\x1d\x1c" + "\x2b\x50\x48\x26\xc8\x86\x3f\x05" + "\xb8\x87\x1b\x3f\xee\x2e\x55\x61" + "\x0d\xdc\xcf\x56\x0e\xe2\xcc\xda" + "\x87\xee\xc5\xcd\x0e\xf4\xa4\xaf" + "\x8a\x02\xee\x16\x0b\xc4\xdd\x6d" + "\x80\x3e\xf3\xfe\x95\xb4\xfe\x97" + "\x0d\xe2\xab\xbb\x27\x84\xee\x25" + "\x39\x74\xb0\xfb\xdc\x5a\x0f\x65" + "\x31\x2a\x89\x08\xa4\x8c\x9f\x25" + "\x5f\x93\x83\x39\xda\xb4\x22\x17" + "\xbd\xd2\x0d\xfc\xde\xf8\x00\x34" + "\xc2\x48\x55\x06\x4c\x8b\x79\xe5" + "\xba\x0c\x50\x4f\x98\xa3\x59\x3d" + "\xc4\xec\xd1\x85\xf3\x60\x41\x16" + "\x0a\xe2\xf4\x38\x33\x24\xc1\xe0" + "\x0d\x86\x1f\x5a\xd2\xba\x7c\x5f" + "\x97\x60\x54\xa3\x52\x31\x78\x57" + "\x7a\xc0\xc7\x1e\xd4\x11\x8f\xef" + "\x86\x0a\x60\x26\x4a\x8f\x06\xf7" + "\x1f\x47\x45\x6e\x87\x13\x15\xf3" + "\x91\x08\xbf\x2a\x6e\x71\x21\x8e" + "\x92\x90\xde\x01\x97\x81\x46\x87" + "\x8a\xfc\xab\x12\x0c\x60\x3e\x9d" + "\xbd\x40\x0a\x45\x3f\x5b\x83\x04" + "\xb5\x8f\x42\x78\x68\xfe\x3a\xd1" + "\x59\xf7\x12\xaa\x86\x86\x1c\x77" + "\xfc\xc6\x64\x47\x0f\x7e\xd3\xbc" + "\x95\x90\x23\xb3\x60\xdc\x0d\xf4" + "\x67\xe6\x32\xee\xad\xbf\x60\x07" + "\xbd\xdb\x6e\x3f\x55\x88\xdb\x93" + "\x62\x41\xd6\xeb\x34\xd6\xa3\x96" + "\xd2\xbc\x29\xaa\x75\x65\x41\x9f" + "\x70\x43\xbb\x6d\xd9\xa5\x95\x22" + "\x3e\xf9\x07\xa0\x7d\x75\xba\xb8" + "\xcd\x81\x3b\x94\x01\x19\xc3\x67" + "\x9d\xa4\x7f\xa0\x99\xcc\x4a\xc4" + "\xfa\x76\x3f\xab\x5c\xea\x26\xdf" + "\xa2\x4c\x5b\x11\x55\xa3\x6a\x70" + "\xcb\xbc\x93\x11\x48\x38\x73\x7a" + "\x40\xbf\xbc\x04\x05\xb0\x2d\x9b" + "\x9a\x23\x57\xa5\xf6\x63\xfa\xc7" + "\xd8\x4d\xc2\xc0\xf8\xbd\xfb\x7d" + "\xea\x20\xa2\xe0\x4d\xaa\x63\x1e" + "\x9a\xa2\xed\x54\xe6\x49\xaf\x52" + "\xaf\x7e\x94\x57\x19\x07\x06\x74" + "\x57\x5b\x62\x61\x99\x20\xe7\x95" + "\x14\x19\xcf\x42\x83\x6a\x94\xf5" + "\xab\xa7\xf2\x48\xf6\x0b\x40\x3d" + "\x93\x8d\x3d\x14\x5d\xf2\x45\x2c" + "\xac\x1c\x0b\x12\xc9\x56\x3f\x7c" + "\x17\xeb\x1d\xed\x7e\x5c\xaa\x37" + "\xe3\xb4\x56\xf9\x0e\xb9\x8e\xc8" + "\x16\x70\x3e\xff\x95\xb9\x89\x9c" + "\x19\x0d\x0d\x48\xbd\xb9\xe3\x73" + "\xdf\x4e\x67\x9d\x93\x6c\x0b\x75" + "\x8a\x2d\x89\x5c\x32\x9d\x75\x05" + "\xd9\x13\xbe\x14\x5f\xf0\xb7\xb4" + "\xd9\x2c\x02\x22\x41\xf2\x9c\x1f" + "\xc1\x8c\xf5\x6a\x8c\xd5\xa5\x6b" + "\x54\x47\xec\x3a\x76\x08\xf6\xf7" + "\xed\x7c\x7e\x3b\x55\xb8\xa9\x20" + "\xa6\xec\x2d\x8c\x03\x38\x9d\x74" + "\xe9\x36\xe7\x05\x40\xec\xf4\xa1" + "\xa7\x70\xa7\x6f\x1f\x93\xc2\x1d" + "\x2c\x4e\x5f\xe8\x04\x6d\x91\x67" + "\x23\xd9\x47\xb4\xf6\xbc\x35\x25" + "\x1b\xa8\xe1\x17\xa8\x21\x38\xd8" + "\x7a\x55\xd9\xc6\x6f\x0a\x1b\xcb" + "\xde\xf8\x1e\x20\x8c\xa1\x14\x49" + "\x49\x00\x00\x31\x0f\xa8\x24\x67" + "\x97\x7a\x1f\x04\xb9\x6b\x60\xd0" + "\x32\xc3\xf4\xf9\x4f\xb2\xfd\x7b" + "\xf9\xb3\x43\xd8\x23\xaa\x21\x37" + "\x9e\x91\xc5\xa4\xce\xd8\xe4\xf5" + "\x55\x3e\xc9\xe4\xc5\x51\xd3\x4d" + "\xc6\x83\xe9\x23\x8e\x3e\x21\xe0" + "\x40\x23\x4e\x2b\x2d\x89\xc4\x5d" + "\x58\xdc\x43\x03\x8e\x9a\xfb\xef" + "\x76\xac\x78\x57\xc3\xb8\xf7\x9f" + "\xf5\xb1\xc2\xa4\x0c\xee\x58\x52" + "\x45\xdf\x1a\xd9\x0e\xe0\x56\x1f" + "\x23\x79\x99\x5f\x34\xad\x9f\x41" + "\x67\x2a\xc7\x8b\xe7\x82\x6e\x67" + "\x58\xb5\xae\x18\xd7\x2f\x8f\x57" + "\x0e\xa4\x21\x3c\x84\x21\x05\x50" + "\x57\xb0\xd1\xb1\xc8\x9d\xd4\x44" + "\x25\x40\x6b\xd5\x6f\x18\x92\x89" + "\x6d\x5b\xe9\x5a\x3c\x74\xc0\x33" + "\x2c\x7a\xa7\x99\x71\x4e\x9d\x1b" + "\xe1\x1d\xcb\x62\x8b\x3c\x07\x07" + "\x67\xf6\xa6\x54\x10\x72\x3f\xea" + "\xe5\xcd\xe6\xf1\xeb\x3d\x43\x0b" + "\xfe\x4b\xc7\x1d\x3d\xd9\xa3\xe2" + "\x9b\x79\x47\xc7\xab\x28\xcc\x4d" + "\xa8\x77\x9c\xec\xef\x56\xf8\x92" + "\x07\x48\x1b\x21\x04\xa8\x24\xb0" + "\x82\x7d\xd1\x17\xa4\xaf\x5f\xfa" + "\x92\xbf\x6a\xb7\x7e\xc7\xb7\x75" + "\x40\x3c\x14\x09\x57\xae\xe0\x4e" + "\xf8\xc9\xda\x1e\x5d\x27\xc4\x8c" + "\x27\xe3\x4d\xe3\x55\x8c\xd2\xef" + "\x0c\xab\x67\x53\x96\xd3\x48\xfb" + "\x75\x4f\x74\x9e\xcb\x82\xa4\x96" + "\x91\x41\x48\xaa\x65\xdb\x34\x72" + "\xc9\xee\xa2\x77\x8b\x6e\x44\x12" + "\x4e\x51\x51\xc3\xf5\xef\x6a\x50" + "\x99\x26\x41\x1e\x66\xa4\x2b\xb9" + "\x21\x15\x38\xc2\x0b\x7f\x37\xb6" + "\x89\x8b\x27\x70\xae\xa1\x90\x28" + "\x04\xe7\xd5\x17\xcb\x60\x99\xb4" + "\xe2\xd7\x04\xd3\x11\x27\x86\xe4" + "\xd0\x0d\x36\x04\x68\xe0\xb4\x71" + "\xe8\x86\x4b\x9f\xa3\xd2\xda\x87" + "\xc2\x2c\xad\x66\xfa\x53\x18\xf8" + "\xec\x10\x74\xc5\xb6\x53\x09\x93" + "\x21\x09\xbd\x77\x2d\x2a\x12\x4c" + "\x86\xfe\x50\x8e\xd1\x16\xab\xb1" + "\xfd\xd7\x87\xde\xc3\x6f\x7c\x16" + "\xe2\x88\x3d\x41\xac\x36\x7e\xf8" + "\xc2\x3b\x46\xd5\x44\x3d\x9d\xe8" + "\xe9\x0c\xb7\xb3\xc6\xb9\xe5\xe7" + "\x27\x17\x78\x03\xd4\xda\xe4\x73" + "\x38\x34\xe7\x53\x29\xc4\xcb\x93" + "\xc9\xa1\x10\x8a\xb2\xfc\x0b\x07" + "\x47\xb8\xb1\x13\x49\x86\x24\x8b" + "\x10\xb1\xd9\x5f\xbb\xd8\x90\x37" + "\x06\x03\xe0\x76\xff\x19\x1a\x16" + "\xd8\x2d\xa7\x4a\xea\x22\x64\xbe" + "\xed\x1c\xc8\x33\xb4\xf4\xb1\x48" + "\x95\xb5\x2f\xaa\x05\xc7\x03\xa0" + "\xf1\xa4\xf3\x63\x4b\xbe\x79\xb9" + "\x4b\x67\x7e\x4e\x3e\x81\x8f\xef" + "\xe9\x55\x99\x30\xd0\x26\xec\x5d" + "\x89\xb6\x3f\x28\x38\x81\x7a\x00" + "\x89\x85\xb8\xff\x19\x0f\x8f\x5d" + "\x5c\x6d\x6a\x3d\x6c\xb9\xfb\x7c" + "\x0c\x4b\x7e\xbc\x0c\xc4\xad\xbb" + "\x0a\x8b\xc8\x48\xb7\xfa\x4d\x53" + "\x82\x10\xd6\x29\x58\x83\x50\x3c" + "\xd4\x5a\xfd\x14\xa3\xb5\x88\xfb" + "\x23\xee\xc9\xcc\xab\x92\x52\xb3" + "\x0b\x07\xf3\x1e\x9a\x2a\x2e\x35" + "\x32\x37\xa5\x86\xd0\xe5\x5f\xdd" + "\x3d\x67\x70\xb4\x9a\xc9\x93\xdc" + "\x31\x33\xe3\x3a\xc5\xcf\xd9\x44" + "\x2f\x3f\x87\xb2\x0c\x36\x55\x17" + "\xa9\xda\xb1\xca\x00\x09\x87\xe6" + "\x66\x34\xb3\x9f\x52\x37\x98\x10" + "\x2e\x5d\xa4\x14\x7f\x63\xa6\xcd" + "\x6c\x2d\x7c\x74\x4c\xae\x9c\x65" + "\xe0\x79\xc0\xd6\xc3\xfe\xa8\xf4" + "\x1a\x4f\xf5\xbc\xea\x7a\x92\x40" + "\x51\xa7\x05\x45\x40\xd8\x9c\x3c" + "\xde\x5f\x0b\x6e\x10\x5c\x1c\xdc" + "\xd2\x65\x60\xbb\x70\x68\x5c\xa9" + "\x59\x25\x0e\x4e\x93\xb8\x49\x89" + "\xf6\xae\xeb\x1f\x8b\x56\xc8\x56" + "\xb0\xb5\xc9\xee\xa5\x15\x07\x4d" + "\x8a\xcc\xad\x04\x4d\x99\x8c\x49" + "\x8d\x7c\xe0\xa5\x7d\x7f\x33\x61" + "\xf2\xfc\xe7\x88\x3f\x2b\x73\xab" + "\x2e\x38\x17\x48\xa9\x86\xdd\x81" + "\x21\x45\xbc\x98\x1d\xe5\xa5\xbc" + "\x0d\x0b\x18\x8e\x86\x1e\x76\x0a" + "\x30\x12\x21\xf0\x51\xed\xc1\xcd" + "\x9a\xf1\x7e\x7e\x64\xb2\xa3\xd6" + "\x37\xe7\xc6\xde\x97\xb9\x5d\x05" + "\xf5\x50\xe2\x0a\xaa\x68\x16\xa6" + "\x26\x9c\x7d\xff\x4c\x05\xce\x48" + "\xa7\xff\x10\x19\x5e\xef\x46\x54" + "\xec\xe4\x7b\xb6\x12\x23\xae\x93" + "\x4f\x79\xf8\x3c\x1c\x07\x15\x66" + "\x07\xc1\x52\xde\x7f\xda\x51\x7b" + "\xfe\x13\x67\xab\x8d\x56\xdc\xc1" + "\x70\x4b\x13\xd2\x30\x00\xc1\x97" + "\x22\xa7\x83\xf8\x18\xd9\x6d\x40" + "\x54\xe0\xc1\xdb\x3e\x83\x73\x12" + "\xe1\x48\x49\xb9\xd4\x20\x0c\x06" + "\x1c\x82\xb5\xbe\x5a\xae\x60\x5e" + "\xe2\x09\xba\x05\xbb\x9a\x80\x63" + "\xf2\xc4\x4b\x41\x39\x16\x76\x26" + "\xb1\x03\x06\x23\x65\x37\x33\x92" + "\xca\xf9\x72\xf5\xcd\x95\xc1\xc0" + "\x91\x5a\xfd\x28\xb9\x62\x59\x84" + "\x87\x9d\x82\xcb\xe0\x67\x7c\x26" + "\xb8\x00\x16\xd9\x5d\xb4\x74\xd4" + "\x75\x8c\x75\xf8\x87\x3b\xa8\x77" + "\xcd\x82\x3d\x7b\xb9\x63\x44\x0f" + "\x44\x83\x55\x5b\xc7\xdc\x18\x0b" + "\x8c\x36\xb3\x59\xeb\x58\x13\x38" + "\x4b\x8a\xb7\xa3\x9a\xa2\xf3\xeb" + "\xc6\x30\x84\x86\x0a\xcf\x8b\xfa" + "\x36\x66\x26\xbc\xd0\x96\xa3\xb4" + "\x8d\x6b\xf7\x5b\x75\x59\xbb\xd3" + "\x14\x78\x57\x2f\x27\xa8\x95\xcf" + "\xa2\xa5\x76\x28\xbd\xab\x8b\x59" + "\x04\x91\x8a\xc5\x3c\xc3\xa7\xcf" + "\xe0\xfb\xdd\x7a\xbb\x10\xde\x36" + "\x43\x1c\x59\xf7\x41\xb6\xa5\x80" + "\x72\x7b\xe3\x7a\xa3\x01\xc3\x8c" + "\x7e\xf3\xf2\x42\x1a\x0c\x7e\xf3" + "\xfc\x5b\x6e\x1f\x20\xf1\x32\x76" + "\x83\x71\x36\x3e\x7e\xa7\xf7\xdd" + "\x25\x2e\xe6\x04\xe2\x5b\x44\xb5" + "\x16\xfb\xdf\x9b\x46\x2a\xa8\x81" + "\x89\x15\x3e\xb5\xb0\x09\x40\x33" + "\x60\xc7\x37\x63\x14\x09\xc1\x6e" + "\x56\x52\xbe\xe4\x88\xe0\x75\xbc" + "\x49\x62\x8c\xf1\xdf\x62\xe6\xac" + "\xd5\x87\xf7\xc9\x92\x52\x36\x59" + "\x22\x6f\x31\x99\x76\xdb\x41\xb6" + "\x26\x91\x79\x7e\xd2\x78\xaf\x07" + "\x78\x4b\xed\x54\x30\xb2\xff\xbc" + "\x2c\x0a\x1a\xbe\xbf\xd5\x5a\x4d" + "\xd1\xbc\x30\xc2\xf4\xf1\xc1\x9e" + "\x9a\x96\x89\x00\x50\xfc\xf6\xaf" + "\xfa\x60\xbf\x1a\x32\x8f\x57\x36" + "\x2f\x02\xb7\x28\x50\xc3\xd3\xfd" + "\x6b\xc4\xe6\xbb\xc9\xec\xed\x86" + "\xdf\x27\x45\x2c\x0c\x6d\x65\x3b" + "\x6e\x63\x96\xc7\xd6\xb5\xb2\x05" + "\x8b\xe0\x02\x2a\xfa\x20\x0c\x82" + "\xa5\x45\x75\x12\x01\x40\xff\x3e" + "\xfd\xfc\xfb\xbc\x30\x49\xe8\x99" + "\x8d\x48\x8e\x49\x65\x2a\xe3\xa5" + "\x06\xe3\x22\x68\x3b\xd9\xa4\xcf" + "\x84\x6f\xfa\x2b\xb1\xd8\x8c\x30" + "\xd5\x5d\x0c\x63\x32\x59\x28\x6e" + "\x2a\x60\xa4\x57\x12\xf8\xc2\x95" + "\x0a\xf6\xc6\x48\x23\xce\x72\x40" + "\x0d\x75\xa0\xd4\x48\x03\xf5\xc4" + "\xcd\x26\xe7\x83\xcc\x0d\xcf\x7f" + "\x22\x5f\x91\xb3\x42\x02\x9a\x26" + "\x12\x26\x68\x12\x25\x0b\x08\x61" + "\xcb\x25\x86\x95\xfc\x57\x4d\xb6" + "\x36\x6c\xb4\xdc\xa9\x2d\x76\x7f" + "\x25\x06\xa2\x08\x69\x09\xd9\x09" + "\x3c\x40\xe1\xfd\x30\x8f\xc2\x13" + "\x92\xd4\xb5\x3b\x0c\xb2\x32\x4f" + "\x10\xc9\x1a\x41\xa6\xb2\x11\xf6" + "\x3b\x1b\x88\x56\xbf\x61\x3c\xb2" + "\xe6\xdb\x24\x9a\x55\x7e\x35\xf8" + "\x82\x5e\x52\xe3\xf2\xb3\x40\x1c" + "\xdd\xe3\x29\x37\xe0\x85\x08\x8b" + "\xb2\x8b\x09\x38\xac\xa9\x85\xe5" + "\x9e\x36\xb8\x95\x0b\x84\x9d\x10" + "\xcc\xae\xe2\x06\x56\x3c\x85\xce" + "\xc0\xdc\x36\x59\x17\xf9\x48\xf4" + "\x5b\x08\x8e\x86\x00\xa0\xf5\xdd" + "\x0c\xb6\x63\xfd\x5a\xe5\x1e\xa6" + "\x0a\xef\x76\xc2\xc7\x9b\x96\x2f" + "\x66\x2b\x7d\x50\xa6\x0c\x42\xc6" + "\xa5\x05\x05\x10\xeb\xd8\xda\x15" + "\x03\xbe\x2f\x24\x34\x8f\x84\xd8" + "\x58\xb8\xa3\xf2\x63\xc8\xc3\xf6" + "\xc2\xde\x27\x58\x69\xf9\x07\xca" + "\x12\x3e\xe2\xf4\xc8\x29\x60\x30" + "\x2f\x87\xf4\x50\xc2\x25\xcc\xfd" + "\xdc\x76\x4f\x56\x1c\xb2\xd9\x78" + "\x11\x6b\x6e\xb4\x67\xbf\x25\xc4" + "\xae\x7d\x50\x7f\xb2\x5c\x69\x26" + "\xed\x6b\xd2\x3b\x42\x64\xe3\x0c" + "\x15\xa6\xd1\xb6\x3e\x23\x76\x09" + "\x48\xd2\x08\x41\x76\xc9\x7d\x5f" + "\x50\x5d\x8e\xf9\x04\x96\xed\x3a" + "\xf8\x7c\x3b\x7d\x84\xba\xea\xe6" + "\x24\xd2\x0f\x7f\x5a\x0b\x6f\xd9" + "\x33\x14\x67\xfb\x9f\xe7\x44\x4e" + "\x3b\x4b\x06\xaa\xb4\x7a\x8b\x83" + "\x82\x74\xa6\x5e\x10\xea\xd6\x4b" + "\x56\x32\xd7\x79\x7c\x05\xf4\x64" + "\x9c\x64\x25\x9c\xc2\xda\x21\x9a" + "\xd8\xde\x37\x83\x3f\xd8\x83\xa2" + "\x1e\x3c\x1e\x41\x7e\xf2\x97\x84" + "\xe5\xa2\x02\x2b\x6e\xc5\xd7\x91" + "\x24\x66\xc1\xf0\x05\x1c\x0f\x3d" + "\xcf\x63\x94\x10\x2e\x0e\x89\xda" + "\x0d\xe9\x58\x2a\x48\x0c\xc8\x36" + "\xc4\x7b\xf0\xd3\xe2\x5b\xf1\xf6" + "\xad\x3d\xe7\x25\x6b\x83\x08\x5c" + "\xd9\x79\xde\x93\x37\x93\x92\x46" + "\xe7\xf4\x1c\x9e\x94\x91\x30\xd9" + "\xb6\x57\xf1\x04\xb5\x2f\xe3\xb9" + "\x0a\x78\xfe\xcb\xb5\x31\xc1\xc6" + "\x99\xb3\xaf\x73\xfb\x69\xcb\x49" + "\xd2\xec\xea\xd3\x0f\x45\x13\x23" + "\xc8\xae\x92\x29\xce\x71\xd0\xba" + "\xcf\xfd\xb2\x14\x61\xfd\xf6\x7b" + "\xdf\x05\xe5\xbb\x58\xf7\x41\x3b" + "\x6e\xd2\x14\x28\x7c\x15\xb7\x70" + "\xca\xc7\x7a\xd7\x4e\x4b\x35\x6e" + "\x9e\x09\x24\x33\xaf\xca\x41\x1f" + "\x0d\xe3\xf1\x7c\x35\xcb\xe2\x0a" + "\xb2\xeb\x94\x7a\xbc\x53\xd7\xe1" + "\x5e\xbc\xa1\x55\xef\x3c\x37\xef" + "\x6d\xfe\x3a\xcd\xcf\x48\x36\x26" + "\xdb\x3e\x44\xdd\xc8\x03\xa6\xa6" + "\x85\xb5\xfe\xf3\xec\x44\xb3\x22" + "\x9d\x21\x82\xc6\x0b\x1a\x7c\xc6" + "\xf7\xa9\x8e\x7e\x13\x1a\x85\x1f" + "\x93\x81\x38\x47\xc0\x83\x21\xa3" + "\xde\xec\xc0\x8f\x4c\x3b\x57\x2f" + "\x92\xbb\x66\xe3\x24\xeb\xae\x1e" + "\xb3\x18\x57\xf2\xf3\x4a\x50\x52" + "\xe9\x91\x08\x1f\x85\x44\xc1\x07" + "\xa1\xd3\x62\xe9\xe0\x82\x38\xfd" + "\x27\x3f\x7e\x10\x7d\xaf\xa1\x7a" + "\xf0\xaa\x79\xee\x6e\xa2\xc0\xbb" + "\x01\xda\xfb\xc4\x85\x26\x85\x31" + "\x15\xf4\x3c\xe0\x96\x79\x0e\xd7" + "\x50\x68\x37\x57\xb5\x31\xf7\x3c" + "\xbd\xaa\xcc\x2c\x8f\x57\x59\xa5" + "\xd4\x4b\xc6\x45\xc0\x32\x3d\x85" + "\x6d\xee\xf4\x6b\x63\xf9\x3a\xfb" + "\x2f\xdb\xb8\x42\x19\x8e\x88\x1f" + "\xfd\x7d\x0b\x69\x14\x8f\x36\xb2" + "\xd9\x27\x34\x53\x9c\x52\x00\x94" + "\xcc\x8b\x37\x82\xaf\x8e\xb3\xc0" + "\x8a\xcf\x44\xc6\x3a\x19\xbe\x1f" + "\x23\x33\x68\xc4\xb6\xbb\x13\x20" + "\xec\x6a\x87\x5b\xc2\x7c\xd3\x04" + "\x34\x97\x32\xd5\x11\x02\x06\x45" + "\x98\x0b\xaa\xab\xbe\xfb\xd0\x2c" + "\x0e\xf1\x8b\x7f\x1c\x70\x85\x67" + "\x60\x50\x66\x79\xbb\x45\x21\xc4" + "\xb5\xd3\xb9\x4f\xe5\x41\x49\x86" + "\x6b\x20\xef\xac\x16\x74\xe9\x23" + "\xa5\x2d\x5c\x2b\x85\xb2\x33\xe8" + "\x2a\xd1\x24\xd1\x5b\x9b\x7f\xfc" + "\x2f\x3b\xf7\x6a\x8b\xde\x55\x7e" + "\xda\x13\x1b\xd6\x90\x74\xb0\xbe" + "\x46\x0d\xcf\xc7\x78\x33\x31\xdc" + "\x6a\x6a\x50\x3e\x4c\xe2\xab\x48" + "\xbc\x4e\x7d\x62\xb9\xfc\xdd\x85" + "\x1c\x5d\x93\x15\x5e\x01\xd9\x2b" + "\x48\x71\x82\xd6\x44\xd6\x0e\x92" + "\x6e\x75\xc9\x3c\x1d\x31\x18\x6f" + "\x8b\xd7\x18\xf3\x09\x08\x45\xb1" + "\x3e\xa4\x25\xc6\x34\x48\xaf\x42" + "\x77\x33\x03\x65\x3e\x2f\xff\x8f" + "\xe9\xe1\xa0\xfe\xb2\xc3\x80\x77" + "\x20\x05\xe4\x9b\x47\x3b\xb2\xbd", + .len = 4096, } }; -- cgit From 7df5218d66750ff5f84413ea307391bf9bbace1e Mon Sep 17 00:00:00 2001 From: "Lendacky, Thomas" Date: Fri, 15 Feb 2019 17:26:33 +0000 Subject: crypto: ccp - Update driver messages to remove some confusion The current content of some of the driver messages and the way that they are issued results in some confusion, especially in the area of the PSP as it relates to SEV support. If SEV is not supported, a message is issued that says "psp initialization failed." This makes it seem like there was a problem, when in fact, the PSP support is just disabled if SEV is not supported. Update the driver to check SEV support a bit earlier and issue a debug- level message if SEV is not supported, followed by a debug-level message that the PSP is disabled. This way you will only see PSP messages if SEV is supported or if debug information is desired. Also, remove the overall "enabled" and "disabled" messages for the driver and rely on the CCP and PSP support to issue component-specific messages. Signed-off-by: Tom Lendacky Signed-off-by: Herbert Xu --- drivers/crypto/ccp/psp-dev.c | 19 ++++++++++++++----- drivers/crypto/ccp/sp-pci.c | 4 ---- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 638f138debd7..fadf859a14b8 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -858,15 +858,15 @@ static int sev_misc_init(struct psp_device *psp) return 0; } -static int sev_init(struct psp_device *psp) +static int psp_check_sev_support(struct psp_device *psp) { /* Check if device supports SEV feature */ if (!(ioread32(psp->io_regs + psp->vdata->feature_reg) & 1)) { - dev_dbg(psp->dev, "device does not support SEV\n"); - return 1; + dev_dbg(psp->dev, "psp does not support SEV\n"); + return -ENODEV; } - return sev_misc_init(psp); + return 0; } int psp_dev_init(struct sp_device *sp) @@ -891,6 +891,10 @@ int psp_dev_init(struct sp_device *sp) psp->io_regs = sp->io_map; + ret = psp_check_sev_support(psp); + if (ret) + goto e_disable; + /* Disable and clear interrupts until ready */ iowrite32(0, psp->io_regs + psp->vdata->inten_reg); iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg); @@ -902,7 +906,7 @@ int psp_dev_init(struct sp_device *sp) goto e_err; } - ret = sev_init(psp); + ret = sev_misc_init(psp); if (ret) goto e_irq; @@ -923,6 +927,11 @@ e_err: dev_notice(dev, "psp initialization failed\n"); + return ret; + +e_disable: + sp->psp_data = NULL; + return ret; } diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c index 6d730d3e3f6f..41bce0a3f4bb 100644 --- a/drivers/crypto/ccp/sp-pci.c +++ b/drivers/crypto/ccp/sp-pci.c @@ -226,8 +226,6 @@ static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) if (ret) goto e_err; - dev_notice(dev, "enabled\n"); - return 0; e_err: @@ -246,8 +244,6 @@ static void sp_pci_remove(struct pci_dev *pdev) sp_destroy(sp); sp_free_irqs(sp); - - dev_notice(dev, "disabled\n"); } #ifdef CONFIG_PM -- cgit From bf432e72c170f28c08bb8c0f45356a5a48a7cae2 Mon Sep 17 00:00:00 2001 From: YueHaibing Date: Mon, 18 Feb 2019 08:59:47 +0000 Subject: crypto: marvell - Remove set but not used variable 'ivsize' Fixes gcc '-Wunused-but-set-variable' warning: drivers/crypto/marvell/cipher.c: In function 'mv_cesa_skcipher_dma_req_init': drivers/crypto/marvell/cipher.c:325:15: warning: variable 'ivsize' set but not used [-Wunused-but-set-variable] It's not used any more after 0c99620f0ac1 ("crypto: marvell - Use an unique pool to copy results of requests") Signed-off-by: YueHaibing Signed-off-by: Herbert Xu --- drivers/crypto/marvell/cipher.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/crypto/marvell/cipher.c b/drivers/crypto/marvell/cipher.c index 066830dcc53e..fb279b3a1ca1 100644 --- a/drivers/crypto/marvell/cipher.c +++ b/drivers/crypto/marvell/cipher.c @@ -322,7 +322,6 @@ static int mv_cesa_skcipher_dma_req_init(struct skcipher_request *req, struct mv_cesa_skcipher_dma_iter iter; bool skip_ctx = false; int ret; - unsigned int ivsize; basereq->chain.first = NULL; basereq->chain.last = NULL; @@ -381,7 +380,6 @@ static int mv_cesa_skcipher_dma_req_init(struct skcipher_request *req, } while (mv_cesa_skcipher_req_iter_next_op(&iter)); /* Add output data for IV */ - ivsize = crypto_skcipher_ivsize(crypto_skcipher_reqtfm(req)); ret = mv_cesa_dma_add_result_op(&basereq->chain, CESA_SA_CFG_SRAM_OFFSET, CESA_SA_DATA_SRAM_OFFSET, CESA_TDMA_SRC_IN_SRAM, flags); -- cgit From 8cd9d183731a8b54e7ca40de1c72e3c6bec40113 Mon Sep 17 00:00:00 2001 From: Atul Gupta Date: Mon, 18 Feb 2019 02:04:37 -0800 Subject: crypto: chelsio - Fixed Traffic Stall Fixed Traffic Stall caused by - Subcommands except last should have more bit set - For esn case subcommand is required for linear skb only - Also Optimized is_eth_imm usage Signed-off-by: Atul Gupta Signed-off-by: Herbert Xu --- drivers/crypto/chelsio/chcr_ipsec.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/drivers/crypto/chelsio/chcr_ipsec.c b/drivers/crypto/chelsio/chcr_ipsec.c index 0c826d0e1bfc..2f60049361ef 100644 --- a/drivers/crypto/chelsio/chcr_ipsec.c +++ b/drivers/crypto/chelsio/chcr_ipsec.c @@ -336,7 +336,8 @@ static inline int is_eth_imm(const struct sk_buff *skb, } static inline unsigned int calc_tx_sec_flits(const struct sk_buff *skb, - struct ipsec_sa_entry *sa_entry) + struct ipsec_sa_entry *sa_entry, + bool *immediate) { unsigned int kctx_len; unsigned int flits; @@ -354,8 +355,10 @@ static inline unsigned int calc_tx_sec_flits(const struct sk_buff *skb, * TX Packet header plus the skb data in the Work Request. */ - if (hdrlen) + if (hdrlen) { + *immediate = true; return DIV_ROUND_UP(skb->len + hdrlen, sizeof(__be64)); + } flits = sgl_len(skb_shinfo(skb)->nr_frags + 1); @@ -418,7 +421,7 @@ inline void *copy_esn_pktxt(struct sk_buff *skb, iv = skb_transport_header(skb) + sizeof(struct ip_esp_hdr); memcpy(aadiv->iv, iv, 8); - if (is_eth_imm(skb, sa_entry)) { + if (is_eth_imm(skb, sa_entry) && !skb_is_nonlinear(skb)) { sc_imm = (struct ulptx_idata *)(pos + (DIV_ROUND_UP(sizeof(struct chcr_ipsec_aadiv), sizeof(__be64)) << 3)); @@ -531,15 +534,18 @@ inline void *chcr_crypto_wreq(struct sk_buff *skb, struct adapter *adap = pi->adapter; unsigned int ivsize = GCM_ESP_IV_SIZE; struct chcr_ipsec_wr *wr; + bool immediate = false; u16 immdatalen = 0; unsigned int flits; u32 ivinoffset; u32 aadstart; u32 aadstop; u32 ciphstart; + u16 sc_more = 0; u32 ivdrop = 0; u32 esnlen = 0; u32 wr_mid; + u16 ndesc; int qidx = skb_get_queue_mapping(skb); struct sge_eth_txq *q = &adap->sge.ethtxq[qidx + pi->first_qset]; unsigned int kctx_len = sa_entry->kctx_len; @@ -547,20 +553,24 @@ inline void *chcr_crypto_wreq(struct sk_buff *skb, atomic_inc(&adap->chcr_stats.ipsec_cnt); - flits = calc_tx_sec_flits(skb, sa_entry); + flits = calc_tx_sec_flits(skb, sa_entry, &immediate); + ndesc = DIV_ROUND_UP(flits, 2); if (sa_entry->esn) ivdrop = 1; - if (is_eth_imm(skb, sa_entry)) + if (immediate) immdatalen = skb->len; - if (sa_entry->esn) + if (sa_entry->esn) { esnlen = sizeof(struct chcr_ipsec_aadiv); + if (!skb_is_nonlinear(skb)) + sc_more = 1; + } /* WR Header */ wr = (struct chcr_ipsec_wr *)pos; wr->wreq.op_to_compl = htonl(FW_WR_OP_V(FW_ULPTX_WR)); - wr_mid = FW_CRYPTO_LOOKASIDE_WR_LEN16_V(DIV_ROUND_UP(flits, 2)); + wr_mid = FW_CRYPTO_LOOKASIDE_WR_LEN16_V(ndesc); if (unlikely(credits < ETHTXQ_STOP_THRES)) { netif_tx_stop_queue(q->txq); @@ -572,10 +582,10 @@ inline void *chcr_crypto_wreq(struct sk_buff *skb, /* ULPTX */ wr->req.ulptx.cmd_dest = FILL_ULPTX_CMD_DEST(pi->port_id, qid); - wr->req.ulptx.len = htonl(DIV_ROUND_UP(flits, 2) - 1); + wr->req.ulptx.len = htonl(ndesc - 1); /* Sub-command */ - wr->req.sc_imm.cmd_more = FILL_CMD_MORE(!immdatalen); + wr->req.sc_imm.cmd_more = FILL_CMD_MORE(!immdatalen || sc_more); wr->req.sc_imm.len = cpu_to_be32(sizeof(struct cpl_tx_sec_pdu) + sizeof(wr->req.key_ctx) + kctx_len + @@ -698,7 +708,7 @@ out_free: dev_kfree_skb_any(skb); cxgb4_reclaim_completed_tx(adap, &q->q, true); - flits = calc_tx_sec_flits(skb, sa_entry); + flits = calc_tx_sec_flits(skb, sa_entry, &immediate); ndesc = flits_to_desc(flits); credits = txq_avail(&q->q) - ndesc; @@ -711,9 +721,6 @@ out_free: dev_kfree_skb_any(skb); return NETDEV_TX_BUSY; } - if (is_eth_imm(skb, sa_entry)) - immediate = true; - if (!immediate && unlikely(cxgb4_map_skb(adap->pdev_dev, skb, addr) < 0)) { q->mapping_err++; -- cgit From d9a5289d291874a855dd84763559ff83ad0620c5 Mon Sep 17 00:00:00 2001 From: Mao Wenan Date: Mon, 18 Feb 2019 22:49:00 +0800 Subject: crypto: stm32 - drop pointless static qualifier in stm32_hash_remove() There is no need to have the struct stm32_hash_dev *hdev static since new value always be assigned before use it. Signed-off-by: Mao Wenan Signed-off-by: Herbert Xu --- drivers/crypto/stm32/stm32-hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/crypto/stm32/stm32-hash.c b/drivers/crypto/stm32/stm32-hash.c index 590d7352837e..4a6cc8a3045d 100644 --- a/drivers/crypto/stm32/stm32-hash.c +++ b/drivers/crypto/stm32/stm32-hash.c @@ -1564,7 +1564,7 @@ err_engine: static int stm32_hash_remove(struct platform_device *pdev) { - static struct stm32_hash_dev *hdev; + struct stm32_hash_dev *hdev; int ret; hdev = platform_get_drvdata(pdev); -- cgit From ef5c73b3384743efae6d6080154e189dc672359f Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski Date: Tue, 19 Feb 2019 13:01:03 +0100 Subject: crypto: s5p-sss - Use AES_BLOCK_SIZE define instead of number Replace hard coded AES block size with define. Signed-off-by: Krzysztof Kozlowski Signed-off-by: Herbert Xu --- drivers/crypto/s5p-sss.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 0064be0e3941..39fc6942364b 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -1819,10 +1819,12 @@ static void s5p_set_aes(struct s5p_aes_dev *dev, void __iomem *keystart; if (iv) - memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, 0x10); + memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), iv, + AES_BLOCK_SIZE); if (ctr) - memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_CNT_DATA(0), ctr, 0x10); + memcpy_toio(dev->aes_ioaddr + SSS_REG_AES_CNT_DATA(0), ctr, + AES_BLOCK_SIZE); if (keylen == AES_KEYSIZE_256) keystart = dev->aes_ioaddr + SSS_REG_AES_KEY_DATA(0); -- cgit From 984798de671a927ac73da31096a150df42e6aaf3 Mon Sep 17 00:00:00 2001 From: Jonas Gorski Date: Tue, 19 Feb 2019 13:16:08 +0100 Subject: hwrng: bcm2835 - fix probe as platform device BCM63XX (MIPS) does not use device tree, so there cannot be any of_device_id, causing the driver to fail on probe: [ 0.904564] bcm2835-rng: probe of bcm63xx-rng failed with error -22 Fix this by checking for match data only if we are probing from device tree. Fixes: 8705f24f7b57 ("hwrng: bcm2835 - Enable BCM2835 RNG to work on BCM63xx platforms") Signed-off-by: Jonas Gorski Acked-by: Florian Fainelli Signed-off-by: Herbert Xu --- drivers/char/hw_random/bcm2835-rng.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/drivers/char/hw_random/bcm2835-rng.c b/drivers/char/hw_random/bcm2835-rng.c index 256b0b1d0f26..f759790c3cdb 100644 --- a/drivers/char/hw_random/bcm2835-rng.c +++ b/drivers/char/hw_random/bcm2835-rng.c @@ -168,14 +168,16 @@ static int bcm2835_rng_probe(struct platform_device *pdev) priv->rng.read = bcm2835_rng_read; priv->rng.cleanup = bcm2835_rng_cleanup; - rng_id = of_match_node(bcm2835_rng_of_match, np); - if (!rng_id) - return -EINVAL; - - /* Check for rng init function, execute it */ - of_data = rng_id->data; - if (of_data) - priv->mask_interrupts = of_data->mask_interrupts; + if (dev_of_node(dev)) { + rng_id = of_match_node(bcm2835_rng_of_match, np); + if (!rng_id) + return -EINVAL; + + /* Check for rng init function, execute it */ + of_data = rng_id->data; + if (of_data) + priv->mask_interrupts = of_data->mask_interrupts; + } /* register driver */ err = devm_hwrng_register(dev, &priv->rng); -- cgit From 65055e2108847af5e577cc7ce6bde45ea136d29a Mon Sep 17 00:00:00 2001 From: Franck LENORMAND Date: Tue, 19 Feb 2019 16:56:55 +0200 Subject: crypto: caam - fix hash context DMA unmap size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When driver started using state->caam_ctxt for storing both running hash and final hash, it was not updated to handle different DMA unmap lengths. Cc: # v4.19+ Fixes: c19650d6ea99 ("crypto: caam - fix DMA mapping of stack memory") Signed-off-by: Franck LENORMAND Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 3bba3cb92f03..2c5aca59229b 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -114,6 +114,7 @@ struct caam_hash_ctx { struct caam_hash_state { dma_addr_t buf_dma; dma_addr_t ctx_dma; + int ctx_dma_len; u8 buf_0[CAAM_MAX_HASH_BLOCK_SIZE] ____cacheline_aligned; int buflen_0; u8 buf_1[CAAM_MAX_HASH_BLOCK_SIZE] ____cacheline_aligned; @@ -171,6 +172,7 @@ static inline int map_seq_out_ptr_ctx(u32 *desc, struct device *jrdev, struct caam_hash_state *state, int ctx_len) { + state->ctx_dma_len = ctx_len; state->ctx_dma = dma_map_single(jrdev, state->caam_ctx, ctx_len, DMA_FROM_DEVICE); if (dma_mapping_error(jrdev, state->ctx_dma)) { @@ -212,6 +214,7 @@ static inline int ctx_map_to_sec4_sg(struct device *jrdev, struct caam_hash_state *state, int ctx_len, struct sec4_sg_entry *sec4_sg, u32 flag) { + state->ctx_dma_len = ctx_len; state->ctx_dma = dma_map_single(jrdev, state->caam_ctx, ctx_len, flag); if (dma_mapping_error(jrdev, state->ctx_dma)) { dev_err(jrdev, "unable to map ctx\n"); @@ -594,12 +597,10 @@ static inline void ahash_unmap_ctx(struct device *dev, struct ahash_edesc *edesc, struct ahash_request *req, int dst_len, u32 flag) { - struct crypto_ahash *ahash = crypto_ahash_reqtfm(req); - struct caam_hash_ctx *ctx = crypto_ahash_ctx(ahash); struct caam_hash_state *state = ahash_request_ctx(req); if (state->ctx_dma) { - dma_unmap_single(dev, state->ctx_dma, ctx->ctx_len, flag); + dma_unmap_single(dev, state->ctx_dma, state->ctx_dma_len, flag); state->ctx_dma = 0; } ahash_unmap(dev, edesc, req, dst_len); @@ -1580,6 +1581,7 @@ static int ahash_init(struct ahash_request *req) state->final = ahash_final_no_ctx; state->ctx_dma = 0; + state->ctx_dma_len = 0; state->current_buf = 0; state->buf_dma = 0; state->buflen_0 = 0; -- cgit From 8e731ee5e2a5aa37b736c05ee2562e1169af866e Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Tue, 19 Feb 2019 16:56:56 +0200 Subject: crypto: caam - fix DMA mapping xcbc key twice MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix a side effect of adding xcbc support, which leads to DMA mapping the key twice. Fixes: 12b8567f6fa4 ("crypto: caam - add support for xcbc(aes)") Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index 2c5aca59229b..a71408f36654 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -1897,8 +1897,7 @@ static int caam_hash_cra_init(struct crypto_tfm *tfm) } dma_addr = dma_map_single_attrs(ctx->jrdev, ctx->sh_desc_update, - offsetof(struct caam_hash_ctx, - sh_desc_update_dma), + offsetof(struct caam_hash_ctx, key), ctx->dir, DMA_ATTR_SKIP_CPU_SYNC); if (dma_mapping_error(ctx->jrdev, dma_addr)) { dev_err(ctx->jrdev, "unable to map shared descriptors\n"); -- cgit From 307244452d3de657744712f1208ae89a75707cbc Mon Sep 17 00:00:00 2001 From: Horia Geantă Date: Tue, 19 Feb 2019 16:56:57 +0200 Subject: crypto: caam - generate hash keys in-place MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When generating a split key or hashing the key, DMA mapping the key buffers coming directly from user is incorrect, since they are not guaranteed to be DMAable. Update driver to first copy user-provided key in the output buffer ("key_out") and then use this buffer for in-place computation (split key generation, respectively key hashing). Signed-off-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamhash.c | 40 +++++++++++++--------------------------- drivers/crypto/caam/key_gen.c | 30 ++++++++++-------------------- 2 files changed, 23 insertions(+), 47 deletions(-) diff --git a/drivers/crypto/caam/caamhash.c b/drivers/crypto/caam/caamhash.c index a71408f36654..d7483e4d0ce2 100644 --- a/drivers/crypto/caam/caamhash.c +++ b/drivers/crypto/caam/caamhash.c @@ -395,13 +395,13 @@ static int acmac_set_sh_desc(struct crypto_ahash *ahash) } /* Digest hash size if it is too large */ -static int hash_digest_key(struct caam_hash_ctx *ctx, const u8 *key_in, - u32 *keylen, u8 *key_out, u32 digestsize) +static int hash_digest_key(struct caam_hash_ctx *ctx, u32 *keylen, u8 *key, + u32 digestsize) { struct device *jrdev = ctx->jrdev; u32 *desc; struct split_key_result result; - dma_addr_t src_dma, dst_dma; + dma_addr_t key_dma; int ret; desc = kmalloc(CAAM_CMD_SZ * 8 + CAAM_PTR_SZ * 2, GFP_KERNEL | GFP_DMA); @@ -412,18 +412,9 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, const u8 *key_in, init_job_desc(desc, 0); - src_dma = dma_map_single(jrdev, (void *)key_in, *keylen, - DMA_TO_DEVICE); - if (dma_mapping_error(jrdev, src_dma)) { - dev_err(jrdev, "unable to map key input memory\n"); - kfree(desc); - return -ENOMEM; - } - dst_dma = dma_map_single(jrdev, (void *)key_out, digestsize, - DMA_FROM_DEVICE); - if (dma_mapping_error(jrdev, dst_dma)) { - dev_err(jrdev, "unable to map key output memory\n"); - dma_unmap_single(jrdev, src_dma, *keylen, DMA_TO_DEVICE); + key_dma = dma_map_single(jrdev, key, *keylen, DMA_BIDIRECTIONAL); + if (dma_mapping_error(jrdev, key_dma)) { + dev_err(jrdev, "unable to map key memory\n"); kfree(desc); return -ENOMEM; } @@ -431,16 +422,16 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, const u8 *key_in, /* Job descriptor to perform unkeyed hash on key_in */ append_operation(desc, ctx->adata.algtype | OP_ALG_ENCRYPT | OP_ALG_AS_INITFINAL); - append_seq_in_ptr(desc, src_dma, *keylen, 0); + append_seq_in_ptr(desc, key_dma, *keylen, 0); append_seq_fifo_load(desc, *keylen, FIFOLD_CLASS_CLASS2 | FIFOLD_TYPE_LAST2 | FIFOLD_TYPE_MSG); - append_seq_out_ptr(desc, dst_dma, digestsize, 0); + append_seq_out_ptr(desc, key_dma, digestsize, 0); append_seq_store(desc, digestsize, LDST_CLASS_2_CCB | LDST_SRCDST_BYTE_CONTEXT); #ifdef DEBUG print_hex_dump(KERN_ERR, "key_in@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 4, key_in, *keylen, 1); + DUMP_PREFIX_ADDRESS, 16, 4, key, *keylen, 1); print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), 1); #endif @@ -456,12 +447,10 @@ static int hash_digest_key(struct caam_hash_ctx *ctx, const u8 *key_in, #ifdef DEBUG print_hex_dump(KERN_ERR, "digested key@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 4, key_in, - digestsize, 1); + DUMP_PREFIX_ADDRESS, 16, 4, key, digestsize, 1); #endif } - dma_unmap_single(jrdev, src_dma, *keylen, DMA_TO_DEVICE); - dma_unmap_single(jrdev, dst_dma, digestsize, DMA_FROM_DEVICE); + dma_unmap_single(jrdev, key_dma, *keylen, DMA_BIDIRECTIONAL); *keylen = digestsize; @@ -485,13 +474,10 @@ static int ahash_setkey(struct crypto_ahash *ahash, #endif if (keylen > blocksize) { - hashed_key = kmalloc_array(digestsize, - sizeof(*hashed_key), - GFP_KERNEL | GFP_DMA); + hashed_key = kmemdup(key, keylen, GFP_KERNEL | GFP_DMA); if (!hashed_key) return -ENOMEM; - ret = hash_digest_key(ctx, key, &keylen, hashed_key, - digestsize); + ret = hash_digest_key(ctx, &keylen, hashed_key, digestsize); if (ret) goto bad_free_key; key = hashed_key; diff --git a/drivers/crypto/caam/key_gen.c b/drivers/crypto/caam/key_gen.c index 312b5f042f31..8d0713fae6ac 100644 --- a/drivers/crypto/caam/key_gen.c +++ b/drivers/crypto/caam/key_gen.c @@ -48,7 +48,7 @@ int gen_split_key(struct device *jrdev, u8 *key_out, { u32 *desc; struct split_key_result result; - dma_addr_t dma_addr_in, dma_addr_out; + dma_addr_t dma_addr; int ret = -ENOMEM; adata->keylen = split_key_len(adata->algtype & OP_ALG_ALGSEL_MASK); @@ -71,22 +71,17 @@ int gen_split_key(struct device *jrdev, u8 *key_out, return ret; } - dma_addr_in = dma_map_single(jrdev, (void *)key_in, keylen, - DMA_TO_DEVICE); - if (dma_mapping_error(jrdev, dma_addr_in)) { - dev_err(jrdev, "unable to map key input memory\n"); - goto out_free; - } + memcpy(key_out, key_in, keylen); - dma_addr_out = dma_map_single(jrdev, key_out, adata->keylen_pad, - DMA_FROM_DEVICE); - if (dma_mapping_error(jrdev, dma_addr_out)) { - dev_err(jrdev, "unable to map key output memory\n"); - goto out_unmap_in; + dma_addr = dma_map_single(jrdev, key_out, adata->keylen_pad, + DMA_BIDIRECTIONAL); + if (dma_mapping_error(jrdev, dma_addr)) { + dev_err(jrdev, "unable to map key memory\n"); + goto out_free; } init_job_desc(desc, 0); - append_key(desc, dma_addr_in, keylen, CLASS_2 | KEY_DEST_CLASS_REG); + append_key(desc, dma_addr, keylen, CLASS_2 | KEY_DEST_CLASS_REG); /* Sets MDHA up into an HMAC-INIT */ append_operation(desc, (adata->algtype & OP_ALG_ALGSEL_MASK) | @@ -104,12 +99,10 @@ int gen_split_key(struct device *jrdev, u8 *key_out, * FIFO_STORE with the explicit split-key content store * (0x26 output type) */ - append_fifo_store(desc, dma_addr_out, adata->keylen, + append_fifo_store(desc, dma_addr, adata->keylen, LDST_CLASS_2_CCB | FIFOST_TYPE_SPLIT_KEK); #ifdef DEBUG - print_hex_dump(KERN_ERR, "ctx.key@"__stringify(__LINE__)": ", - DUMP_PREFIX_ADDRESS, 16, 4, key_in, keylen, 1); print_hex_dump(KERN_ERR, "jobdesc@"__stringify(__LINE__)": ", DUMP_PREFIX_ADDRESS, 16, 4, desc, desc_bytes(desc), 1); #endif @@ -129,10 +122,7 @@ int gen_split_key(struct device *jrdev, u8 *key_out, #endif } - dma_unmap_single(jrdev, dma_addr_out, adata->keylen_pad, - DMA_FROM_DEVICE); -out_unmap_in: - dma_unmap_single(jrdev, dma_addr_in, keylen, DMA_TO_DEVICE); + dma_unmap_single(jrdev, dma_addr, adata->keylen_pad, DMA_BIDIRECTIONAL); out_free: kfree(desc); return ret; -- cgit From 7748168c66404a3ee732972a3a55b5332245eb25 Mon Sep 17 00:00:00 2001 From: Tommi Hirvola Date: Tue, 19 Feb 2019 17:45:54 +0200 Subject: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant 1-block SSE2 variant of poly1305 stores variables s1..s4 containing key material on the stack. This commit adds missing zeroing of the stack memory. Benchmarks show negligible performance hit (tested on i7-3770). Signed-off-by: Tommi Hirvola Signed-off-by: Herbert Xu --- arch/x86/crypto/poly1305-sse2-x86_64.S | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/crypto/poly1305-sse2-x86_64.S b/arch/x86/crypto/poly1305-sse2-x86_64.S index c88c670cb5fc..e6add74d78a5 100644 --- a/arch/x86/crypto/poly1305-sse2-x86_64.S +++ b/arch/x86/crypto/poly1305-sse2-x86_64.S @@ -272,6 +272,10 @@ ENTRY(poly1305_block_sse2) dec %rcx jnz .Ldoblock + # Zeroing of key material + mov %rcx,0x00(%rsp) + mov %rcx,0x08(%rsp) + add $0x10,%rsp pop %r12 pop %rbx -- cgit From e8e3c1ca57d4dbee0d23b5e17787bb7385a8c928 Mon Sep 17 00:00:00 2001 From: Kamil Konieczny Date: Tue, 19 Feb 2019 17:02:32 +0100 Subject: crypto: s5p - update iv after AES-CBC op end Fix bug "s5p-sss crypto driver doesn't set next AES-CBC IV". While at this, fix also AES-CTR mode. Tested on Odroid U3 with Eric Biggers branch "iv-out-testing". Signed-off-by: Kamil Konieczny Reported-by: Eric Biggers Reviewed-by: Krzysztof Kozlowski Signed-off-by: Herbert Xu --- drivers/crypto/s5p-sss.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 39fc6942364b..8d0afdc220ff 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -463,6 +463,9 @@ static void s5p_sg_copy_buf(void *buf, struct scatterlist *sg, static void s5p_sg_done(struct s5p_aes_dev *dev) { + struct ablkcipher_request *req = dev->req; + struct s5p_aes_reqctx *reqctx = ablkcipher_request_ctx(req); + if (dev->sg_dst_cpy) { dev_dbg(dev->dev, "Copying %d bytes of output data back to original place\n", @@ -472,6 +475,11 @@ static void s5p_sg_done(struct s5p_aes_dev *dev) } s5p_free_sg_cpy(dev, &dev->sg_src_cpy); s5p_free_sg_cpy(dev, &dev->sg_dst_cpy); + if (reqctx->mode & FLAGS_AES_CBC) + memcpy_fromio(req->info, dev->aes_ioaddr + SSS_REG_AES_IV_DATA(0), AES_BLOCK_SIZE); + + else if (reqctx->mode & FLAGS_AES_CTR) + memcpy_fromio(req->info, dev->aes_ioaddr + SSS_REG_AES_CNT_DATA(0), AES_BLOCK_SIZE); } /* Calls the completion. Cannot be called with dev->lock hold. */ -- cgit From 867659c63762b8e2b77102aa1c9b5d31e32b0690 Mon Sep 17 00:00:00 2001 From: Chengguang Xu Date: Wed, 20 Feb 2019 18:49:18 +0800 Subject: crypto: caam - remove redundant likely/unlikely annotation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unlikely has already included in IS_ERR(), so just remove redundant likely/unlikely annotation. Signed-off-by: Chengguang Xu Reviewed-by: Horia Geantă Signed-off-by: Herbert Xu --- drivers/crypto/caam/caamalg_qi.c | 6 +++--- drivers/crypto/caam/qi.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index 7bce97884663..a15ce9213310 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -782,7 +782,7 @@ static struct caam_drv_ctx *get_drv_ctx(struct caam_ctx *ctx, cpu = smp_processor_id(); drv_ctx = caam_drv_ctx_init(ctx->qidev, &cpu, desc); - if (likely(!IS_ERR_OR_NULL(drv_ctx))) + if (!IS_ERR_OR_NULL(drv_ctx)) drv_ctx->op_type = type; ctx->drv_ctx[type] = drv_ctx; @@ -893,7 +893,7 @@ static struct aead_edesc *aead_edesc_alloc(struct aead_request *req, struct caam_drv_ctx *drv_ctx; drv_ctx = get_drv_ctx(ctx, encrypt ? ENCRYPT : DECRYPT); - if (unlikely(IS_ERR_OR_NULL(drv_ctx))) + if (IS_ERR_OR_NULL(drv_ctx)) return (struct aead_edesc *)drv_ctx; /* allocate space for base edesc and hw desc commands, link tables */ @@ -1191,7 +1191,7 @@ static struct skcipher_edesc *skcipher_edesc_alloc(struct skcipher_request *req, struct caam_drv_ctx *drv_ctx; drv_ctx = get_drv_ctx(ctx, encrypt ? ENCRYPT : DECRYPT); - if (unlikely(IS_ERR_OR_NULL(drv_ctx))) + if (IS_ERR_OR_NULL(drv_ctx)) return (struct skcipher_edesc *)drv_ctx; src_nents = sg_nents_for_len(req->src, req->cryptlen); diff --git a/drivers/crypto/caam/qi.c b/drivers/crypto/caam/qi.c index b84e6c8b1e13..7cb8b1755e57 100644 --- a/drivers/crypto/caam/qi.c +++ b/drivers/crypto/caam/qi.c @@ -318,7 +318,7 @@ int caam_drv_ctx_update(struct caam_drv_ctx *drv_ctx, u32 *sh_desc) /* Create a new req FQ in parked state */ new_fq = create_caam_req_fq(drv_ctx->qidev, drv_ctx->rsp_fq, drv_ctx->context_a, 0); - if (unlikely(IS_ERR_OR_NULL(new_fq))) { + if (IS_ERR_OR_NULL(new_fq)) { dev_err(qidev, "FQ allocation for shdesc update failed\n"); return PTR_ERR(new_fq); } @@ -431,7 +431,7 @@ struct caam_drv_ctx *caam_drv_ctx_init(struct device *qidev, /* Attach request FQ */ drv_ctx->req_fq = create_caam_req_fq(qidev, drv_ctx->rsp_fq, hwdesc, QMAN_INITFQ_FLAG_SCHED); - if (unlikely(IS_ERR_OR_NULL(drv_ctx->req_fq))) { + if (IS_ERR_OR_NULL(drv_ctx->req_fq)) { dev_err(qidev, "create_caam_req_fq failed\n"); dma_unmap_single(qidev, hwdesc, size, DMA_BIDIRECTIONAL); kfree(drv_ctx); -- cgit From 91e14842f8ea8dc35669bad3c3dcd72d4614e4d1 Mon Sep 17 00:00:00 2001 From: "Gustavo A. R. Silva" Date: Thu, 21 Feb 2019 12:04:23 -0600 Subject: crypto: af_alg - use struct_size() in sock_kfree_s() Make use of the struct_size() helper instead of an open-coded version in order to avoid any potential type mistakes, in particular in the context in which this code is being used. So, change the following form: sizeof(*sgl) + sizeof(sgl->sg[0]) * (MAX_SGL_ENTS + 1) to : struct_size(sgl, sg, MAX_SGL_ENTS + 1) This code was detected with the help of Coccinelle. Signed-off-by: Gustavo A. R. Silva Signed-off-by: Herbert Xu --- crypto/af_alg.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/af_alg.c b/crypto/af_alg.c index c5937c812799..0f1032064340 100644 --- a/crypto/af_alg.c +++ b/crypto/af_alg.c @@ -635,8 +635,7 @@ void af_alg_pull_tsgl(struct sock *sk, size_t used, struct scatterlist *dst, } list_del(&sgl->list); - sock_kfree_s(sk, sgl, sizeof(*sgl) + sizeof(sgl->sg[0]) * - (MAX_SGL_ENTS + 1)); + sock_kfree_s(sk, sgl, struct_size(sgl, sg, MAX_SGL_ENTS + 1)); } if (!ctx->used) -- cgit From 41798036430015ad45137db2d4c213cd77fd0251 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Sat, 23 Feb 2019 00:23:23 -0800 Subject: crypto: cavium/zip - fix collision with generic cra_driver_name The cavium/zip implementation of the deflate compression algorithm is incorrectly being registered under the generic driver name, which prevents the generic implementation from being registered with the crypto API when CONFIG_CRYPTO_DEV_CAVIUM_ZIP=y. Similarly the lzs algorithm (which does not currently have a generic implementation...) is incorrectly being registered as lzs-generic. Fix the naming collision by adding a suffix "-cavium" to the cra_driver_name of the cavium/zip algorithms. Fixes: 640035a2dc55 ("crypto: zip - Add ThunderX ZIP driver core") Cc: Mahipal Challa Cc: Jan Glauber Signed-off-by: Eric Biggers Signed-off-by: Herbert Xu --- drivers/crypto/cavium/zip/zip_main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/cavium/zip/zip_main.c b/drivers/crypto/cavium/zip/zip_main.c index e6b09e784e66..a8447a3cf366 100644 --- a/drivers/crypto/cavium/zip/zip_main.c +++ b/drivers/crypto/cavium/zip/zip_main.c @@ -351,6 +351,7 @@ static struct pci_driver zip_driver = { static struct crypto_alg zip_comp_deflate = { .cra_name = "deflate", + .cra_driver_name = "deflate-cavium", .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, .cra_ctxsize = sizeof(struct zip_kernel_ctx), .cra_priority = 300, @@ -365,6 +366,7 @@ static struct crypto_alg zip_comp_deflate = { static struct crypto_alg zip_comp_lzs = { .cra_name = "lzs", + .cra_driver_name = "lzs-cavium", .cra_flags = CRYPTO_ALG_TYPE_COMPRESS, .cra_ctxsize = sizeof(struct zip_kernel_ctx), .cra_priority = 300, @@ -384,7 +386,7 @@ static struct scomp_alg zip_scomp_deflate = { .decompress = zip_scomp_decompress, .base = { .cra_name = "deflate", - .cra_driver_name = "deflate-scomp", + .cra_driver_name = "deflate-scomp-cavium", .cra_module = THIS_MODULE, .cra_priority = 300, } @@ -397,7 +399,7 @@ static struct scomp_alg zip_scomp_lzs = { .decompress = zip_scomp_decompress, .base = { .cra_name = "lzs", - .cra_driver_name = "lzs-scomp", + .cra_driver_name = "lzs-scomp-cavium", .cra_module = THIS_MODULE, .cra_priority = 300, } -- cgit From 8c2b43d2d85b48a97d2f8279278a4aac5b45f925 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 23 Feb 2019 14:20:39 +0100 Subject: crypto: crypto4xx - add missing of_node_put after of_device_is_available Add an of_node_put when a tested device node is not available. The semantic patch that fixes this problem is as follows (http://coccinelle.lip6.fr): // @@ identifier f; local idexpression e; expression x; @@ e = f(...); ... when != of_node_put(e) when != x = e when != e = x when any if (<+...of_device_is_available(e)...+>) { ... when != of_node_put(e) ( return e; | + of_node_put(e); return ...; ) } // Fixes: 5343e674f32fb ("crypto4xx: integrate ppc4xx-rng into crypto4xx") Signed-off-by: Julia Lawall Signed-off-by: Herbert Xu --- drivers/crypto/amcc/crypto4xx_trng.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/amcc/crypto4xx_trng.c b/drivers/crypto/amcc/crypto4xx_trng.c index 5e63742b0d22..53ab1f140a26 100644 --- a/drivers/crypto/amcc/crypto4xx_trng.c +++ b/drivers/crypto/amcc/crypto4xx_trng.c @@ -80,8 +80,10 @@ void ppc4xx_trng_probe(struct crypto4xx_core_device *core_dev) /* Find the TRNG device node and map it */ trng = of_find_matching_node(NULL, ppc4xx_trng_match); - if (!trng || !of_device_is_available(trng)) + if (!trng || !of_device_is_available(trng)) { + of_node_put(trng); return; + } dev->trng_base = of_iomap(trng, 0); of_node_put(trng); -- cgit From d3ff9f851b7ad892df8dc168f0d589308fb42ac3 Mon Sep 17 00:00:00 2001 From: Kamil Konieczny Date: Fri, 22 Feb 2019 13:21:43 +0100 Subject: dt-bindings: crypto: document Exynos5433 SlimSSS Document DT bindings for crypto Samsung Exynos5433 SlimSSS (Slim Security SubSystem) IP. Signed-off-by: Kamil Konieczny Signed-off-by: Herbert Xu --- .../devicetree/bindings/crypto/samsung-slimsss.txt | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 Documentation/devicetree/bindings/crypto/samsung-slimsss.txt diff --git a/Documentation/devicetree/bindings/crypto/samsung-slimsss.txt b/Documentation/devicetree/bindings/crypto/samsung-slimsss.txt new file mode 100644 index 000000000000..7ec9a5a7727a --- /dev/null +++ b/Documentation/devicetree/bindings/crypto/samsung-slimsss.txt @@ -0,0 +1,19 @@ +Samsung SoC SlimSSS (Slim Security SubSystem) module + +The SlimSSS module in Exynos5433 SoC supports the following: +-- Feeder (FeedCtrl) +-- Advanced Encryption Standard (AES) with ECB,CBC,CTR,XTS and (CBC/XTS)/CTS +-- SHA-1/SHA-256 and (SHA-1/SHA-256)/HMAC + +Required properties: + +- compatible : Should contain entry for slimSSS version: + - "samsung,exynos5433-slim-sss" for Exynos5433 SoC. +- reg : Offset and length of the register set for the module +- interrupts : interrupt specifiers of SlimSSS module interrupts (one feed + control interrupt). + +- clocks : list of clock phandle and specifier pairs for all clocks listed in + clock-names property. +- clock-names : list of device clock input names; should contain "pclk" and + "aclk" for slim-sss in Exynos5433. -- cgit From 0918f18c7179e8cdf718d01531a81b28130b4217 Mon Sep 17 00:00:00 2001 From: Kamil Konieczny Date: Fri, 22 Feb 2019 13:21:44 +0100 Subject: crypto: s5p - add AES support for Exynos5433 Add AES crypto HW acceleration for Exynos5433, with the help of SlimSSS IP. Reviewed-by: Krzysztof Kozlowski Signed-off-by: Kamil Konieczny Signed-off-by: Herbert Xu --- drivers/crypto/s5p-sss.c | 50 ++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 46 insertions(+), 4 deletions(-) diff --git a/drivers/crypto/s5p-sss.c b/drivers/crypto/s5p-sss.c index 8d0afdc220ff..f4e625cf53ca 100644 --- a/drivers/crypto/s5p-sss.c +++ b/drivers/crypto/s5p-sss.c @@ -232,6 +232,7 @@ * struct samsung_aes_variant - platform specific SSS driver data * @aes_offset: AES register offset from SSS module's base. * @hash_offset: HASH register offset from SSS module's base. + * @clk_names: names of clocks needed to run SSS IP * * Specifies platform specific configuration of SSS module. * Note: A structure for driver specific platform data is used for future @@ -240,6 +241,7 @@ struct samsung_aes_variant { unsigned int aes_offset; unsigned int hash_offset; + const char *clk_names[]; }; struct s5p_aes_reqctx { @@ -296,6 +298,7 @@ struct s5p_aes_ctx { struct s5p_aes_dev { struct device *dev; struct clk *clk; + struct clk *pclk; void __iomem *ioaddr; void __iomem *aes_ioaddr; int irq_fc; @@ -384,11 +387,19 @@ struct s5p_hash_ctx { static const struct samsung_aes_variant s5p_aes_data = { .aes_offset = 0x4000, .hash_offset = 0x6000, + .clk_names = { "secss", }, }; static const struct samsung_aes_variant exynos_aes_data = { .aes_offset = 0x200, .hash_offset = 0x400, + .clk_names = { "secss", }, +}; + +static const struct samsung_aes_variant exynos5433_slim_aes_data = { + .aes_offset = 0x400, + .hash_offset = 0x800, + .clk_names = { "pclk", "aclk", }, }; static const struct of_device_id s5p_sss_dt_match[] = { @@ -400,6 +411,10 @@ static const struct of_device_id s5p_sss_dt_match[] = { .compatible = "samsung,exynos4210-secss", .data = &exynos_aes_data, }, + { + .compatible = "samsung,exynos5433-slim-sss", + .data = &exynos5433_slim_aes_data, + }, { }, }; MODULE_DEVICE_TABLE(of, s5p_sss_dt_match); @@ -2218,18 +2233,39 @@ static int s5p_aes_probe(struct platform_device *pdev) return PTR_ERR(pdata->ioaddr); } - pdata->clk = devm_clk_get(dev, "secss"); + pdata->clk = devm_clk_get(dev, variant->clk_names[0]); if (IS_ERR(pdata->clk)) { - dev_err(dev, "failed to find secss clock source\n"); + dev_err(dev, "failed to find secss clock %s\n", + variant->clk_names[0]); return -ENOENT; } err = clk_prepare_enable(pdata->clk); if (err < 0) { - dev_err(dev, "Enabling SSS clk failed, err %d\n", err); + dev_err(dev, "Enabling clock %s failed, err %d\n", + variant->clk_names[0], err); return err; } + if (variant->clk_names[1]) { + pdata->pclk = devm_clk_get(dev, variant->clk_names[1]); + if (IS_ERR(pdata->pclk)) { + dev_err(dev, "failed to find clock %s\n", + variant->clk_names[1]); + err = -ENOENT; + goto err_clk; + } + + err = clk_prepare_enable(pdata->pclk); + if (err < 0) { + dev_err(dev, "Enabling clock %s failed, err %d\n", + variant->clk_names[0], err); + goto err_clk; + } + } else { + pdata->pclk = NULL; + } + spin_lock_init(&pdata->lock); spin_lock_init(&pdata->hash_lock); @@ -2305,8 +2341,11 @@ err_algs: tasklet_kill(&pdata->tasklet); err_irq: - clk_disable_unprepare(pdata->clk); + if (pdata->pclk) + clk_disable_unprepare(pdata->pclk); +err_clk: + clk_disable_unprepare(pdata->clk); s5p_dev = NULL; return err; @@ -2333,6 +2372,9 @@ static int s5p_aes_remove(struct platform_device *pdev) pdata->use_hash = false; } + if (pdata->pclk) + clk_disable_unprepare(pdata->pclk); + clk_disable_unprepare(pdata->clk); s5p_dev = NULL; -- cgit