Back to home page

LXR

 
 

    


0001 /*
0002  * Cryptographic API.
0003  *
0004  * Serpent Cipher Algorithm.
0005  *
0006  * Copyright (C) 2002 Dag Arne Osvik <osvik@ii.uib.no>
0007  *               2003 Herbert Valerio Riedel <hvr@gnu.org>
0008  *
0009  * Added tnepres support:
0010  *      Ruben Jesus Garcia Hernandez <ruben@ugr.es>, 18.10.2004
0011  *              Based on code by hvr
0012  *
0013  * This program is free software; you can redistribute it and/or modify
0014  * it under the terms of the GNU General Public License as published by
0015  * the Free Software Foundation; either version 2 of the License, or
0016  * (at your option) any later version.
0017  */
0018 
0019 #include <linux/init.h>
0020 #include <linux/module.h>
0021 #include <linux/errno.h>
0022 #include <asm/byteorder.h>
0023 #include <linux/crypto.h>
0024 #include <linux/types.h>
0025 #include <crypto/serpent.h>
0026 
0027 /* Key is padded to the maximum of 256 bits before round key generation.
0028  * Any key length <= 256 bits (32 bytes) is allowed by the algorithm.
0029  */
0030 
0031 #define PHI 0x9e3779b9UL
0032 
0033 #define keyiter(a, b, c, d, i, j) \
0034     ({ b ^= d; b ^= c; b ^= a; b ^= PHI ^ i; b = rol32(b, 11); k[j] = b; })
0035 
0036 #define loadkeys(x0, x1, x2, x3, i) \
0037     ({ x0 = k[i]; x1 = k[i+1]; x2 = k[i+2]; x3 = k[i+3]; })
0038 
0039 #define storekeys(x0, x1, x2, x3, i) \
0040     ({ k[i] = x0; k[i+1] = x1; k[i+2] = x2; k[i+3] = x3; })
0041 
0042 #define store_and_load_keys(x0, x1, x2, x3, s, l) \
0043     ({ storekeys(x0, x1, x2, x3, s); loadkeys(x0, x1, x2, x3, l); })
0044 
0045 #define K(x0, x1, x2, x3, i) ({             \
0046     x3 ^= k[4*(i)+3];        x2 ^= k[4*(i)+2];  \
0047     x1 ^= k[4*(i)+1];        x0 ^= k[4*(i)+0];  \
0048     })
0049 
0050 #define LK(x0, x1, x2, x3, x4, i) ({                       \
0051                             x0 = rol32(x0, 13);\
0052     x2 = rol32(x2, 3);  x1 ^= x0;       x4  = x0 << 3;     \
0053     x3 ^= x2;       x1 ^= x2;                  \
0054     x1 = rol32(x1, 1);  x3 ^= x4;                  \
0055     x3 = rol32(x3, 7);  x4  = x1;                  \
0056     x0 ^= x1;       x4 <<= 7;       x2 ^= x3;      \
0057     x0 ^= x3;       x2 ^= x4;       x3 ^= k[4*i+3];    \
0058     x1 ^= k[4*i+1];     x0 = rol32(x0, 5);  x2 = rol32(x2, 22);\
0059     x0 ^= k[4*i+0];     x2 ^= k[4*i+2];                \
0060     })
0061 
0062 #define KL(x0, x1, x2, x3, x4, i) ({                       \
0063     x0 ^= k[4*i+0];     x1 ^= k[4*i+1];     x2 ^= k[4*i+2];    \
0064     x3 ^= k[4*i+3];     x0 = ror32(x0, 5);  x2 = ror32(x2, 22);\
0065     x4 =  x1;       x2 ^= x3;       x0 ^= x3;      \
0066     x4 <<= 7;       x0 ^= x1;       x1 = ror32(x1, 1); \
0067     x2 ^= x4;       x3 = ror32(x3, 7);  x4 = x0 << 3;      \
0068     x1 ^= x0;       x3 ^= x4;       x0 = ror32(x0, 13);\
0069     x1 ^= x2;       x3 ^= x2;       x2 = ror32(x2, 3); \
0070     })
0071 
0072 #define S0(x0, x1, x2, x3, x4) ({           \
0073                     x4  = x3;   \
0074     x3 |= x0;   x0 ^= x4;   x4 ^= x2;   \
0075     x4 = ~x4;   x3 ^= x1;   x1 &= x0;   \
0076     x1 ^= x4;   x2 ^= x0;   x0 ^= x3;   \
0077     x4 |= x0;   x0 ^= x2;   x2 &= x1;   \
0078     x3 ^= x2;   x1 = ~x1;   x2 ^= x4;   \
0079     x1 ^= x2;                   \
0080     })
0081 
0082 #define S1(x0, x1, x2, x3, x4) ({           \
0083                     x4  = x1;   \
0084     x1 ^= x0;   x0 ^= x3;   x3 = ~x3;   \
0085     x4 &= x1;   x0 |= x1;   x3 ^= x2;   \
0086     x0 ^= x3;   x1 ^= x3;   x3 ^= x4;   \
0087     x1 |= x4;   x4 ^= x2;   x2 &= x0;   \
0088     x2 ^= x1;   x1 |= x0;   x0 = ~x0;   \
0089     x0 ^= x2;   x4 ^= x1;           \
0090     })
0091 
0092 #define S2(x0, x1, x2, x3, x4) ({           \
0093                     x3 = ~x3;   \
0094     x1 ^= x0;   x4  = x0;   x0 &= x2;   \
0095     x0 ^= x3;   x3 |= x4;   x2 ^= x1;   \
0096     x3 ^= x1;   x1 &= x0;   x0 ^= x2;   \
0097     x2 &= x3;   x3 |= x1;   x0 = ~x0;   \
0098     x3 ^= x0;   x4 ^= x0;   x0 ^= x2;   \
0099     x1 |= x2;                   \
0100     })
0101 
0102 #define S3(x0, x1, x2, x3, x4) ({           \
0103                     x4  = x1;   \
0104     x1 ^= x3;   x3 |= x0;   x4 &= x0;   \
0105     x0 ^= x2;   x2 ^= x1;   x1 &= x3;   \
0106     x2 ^= x3;   x0 |= x4;   x4 ^= x3;   \
0107     x1 ^= x0;   x0 &= x3;   x3 &= x4;   \
0108     x3 ^= x2;   x4 |= x1;   x2 &= x1;   \
0109     x4 ^= x3;   x0 ^= x3;   x3 ^= x2;   \
0110     })
0111 
0112 #define S4(x0, x1, x2, x3, x4) ({           \
0113                     x4  = x3;   \
0114     x3 &= x0;   x0 ^= x4;           \
0115     x3 ^= x2;   x2 |= x4;   x0 ^= x1;   \
0116     x4 ^= x3;   x2 |= x0;           \
0117     x2 ^= x1;   x1 &= x0;           \
0118     x1 ^= x4;   x4 &= x2;   x2 ^= x3;   \
0119     x4 ^= x0;   x3 |= x1;   x1 = ~x1;   \
0120     x3 ^= x0;                   \
0121     })
0122 
0123 #define S5(x0, x1, x2, x3, x4) ({           \
0124     x4  = x1;   x1 |= x0;           \
0125     x2 ^= x1;   x3 = ~x3;   x4 ^= x0;   \
0126     x0 ^= x2;   x1 &= x4;   x4 |= x3;   \
0127     x4 ^= x0;   x0 &= x3;   x1 ^= x3;   \
0128     x3 ^= x2;   x0 ^= x1;   x2 &= x4;   \
0129     x1 ^= x2;   x2 &= x0;           \
0130     x3 ^= x2;                   \
0131     })
0132 
0133 #define S6(x0, x1, x2, x3, x4) ({           \
0134                     x4  = x1;   \
0135     x3 ^= x0;   x1 ^= x2;   x2 ^= x0;   \
0136     x0 &= x3;   x1 |= x3;   x4 = ~x4;   \
0137     x0 ^= x1;   x1 ^= x2;           \
0138     x3 ^= x4;   x4 ^= x0;   x2 &= x0;   \
0139     x4 ^= x1;   x2 ^= x3;   x3 &= x1;   \
0140     x3 ^= x0;   x1 ^= x2;           \
0141     })
0142 
0143 #define S7(x0, x1, x2, x3, x4) ({           \
0144                     x1 = ~x1;   \
0145     x4  = x1;   x0 = ~x0;   x1 &= x2;   \
0146     x1 ^= x3;   x3 |= x4;   x4 ^= x2;   \
0147     x2 ^= x3;   x3 ^= x0;   x0 |= x1;   \
0148     x2 &= x0;   x0 ^= x4;   x4 ^= x3;   \
0149     x3 &= x0;   x4 ^= x1;           \
0150     x2 ^= x4;   x3 ^= x1;   x4 |= x0;   \
0151     x4 ^= x1;                   \
0152     })
0153 
0154 #define SI0(x0, x1, x2, x3, x4) ({          \
0155             x4  = x3;   x1 ^= x0;   \
0156     x3 |= x1;   x4 ^= x1;   x0 = ~x0;   \
0157     x2 ^= x3;   x3 ^= x0;   x0 &= x1;   \
0158     x0 ^= x2;   x2 &= x3;   x3 ^= x4;   \
0159     x2 ^= x3;   x1 ^= x3;   x3 &= x0;   \
0160     x1 ^= x0;   x0 ^= x2;   x4 ^= x3;   \
0161     })
0162 
0163 #define SI1(x0, x1, x2, x3, x4) ({          \
0164     x1 ^= x3;   x4  = x0;           \
0165     x0 ^= x2;   x2 = ~x2;   x4 |= x1;   \
0166     x4 ^= x3;   x3 &= x1;   x1 ^= x2;   \
0167     x2 &= x4;   x4 ^= x1;   x1 |= x3;   \
0168     x3 ^= x0;   x2 ^= x0;   x0 |= x4;   \
0169     x2 ^= x4;   x1 ^= x0;           \
0170     x4 ^= x1;                   \
0171     })
0172 
0173 #define SI2(x0, x1, x2, x3, x4) ({          \
0174     x2 ^= x1;   x4  = x3;   x3 = ~x3;   \
0175     x3 |= x2;   x2 ^= x4;   x4 ^= x0;   \
0176     x3 ^= x1;   x1 |= x2;   x2 ^= x0;   \
0177     x1 ^= x4;   x4 |= x3;   x2 ^= x3;   \
0178     x4 ^= x2;   x2 &= x1;           \
0179     x2 ^= x3;   x3 ^= x4;   x4 ^= x0;   \
0180     })
0181 
0182 #define SI3(x0, x1, x2, x3, x4) ({          \
0183                     x2 ^= x1;   \
0184     x4  = x1;   x1 &= x2;           \
0185     x1 ^= x0;   x0 |= x4;   x4 ^= x3;   \
0186     x0 ^= x3;   x3 |= x1;   x1 ^= x2;   \
0187     x1 ^= x3;   x0 ^= x2;   x2 ^= x3;   \
0188     x3 &= x1;   x1 ^= x0;   x0 &= x2;   \
0189     x4 ^= x3;   x3 ^= x0;   x0 ^= x1;   \
0190     })
0191 
0192 #define SI4(x0, x1, x2, x3, x4) ({          \
0193     x2 ^= x3;   x4  = x0;   x0 &= x1;   \
0194     x0 ^= x2;   x2 |= x3;   x4 = ~x4;   \
0195     x1 ^= x0;   x0 ^= x2;   x2 &= x4;   \
0196     x2 ^= x0;   x0 |= x4;           \
0197     x0 ^= x3;   x3 &= x2;           \
0198     x4 ^= x3;   x3 ^= x1;   x1 &= x0;   \
0199     x4 ^= x1;   x0 ^= x3;           \
0200     })
0201 
0202 #define SI5(x0, x1, x2, x3, x4) ({          \
0203             x4  = x1;   x1 |= x2;   \
0204     x2 ^= x4;   x1 ^= x3;   x3 &= x4;   \
0205     x2 ^= x3;   x3 |= x0;   x0 = ~x0;   \
0206     x3 ^= x2;   x2 |= x0;   x4 ^= x1;   \
0207     x2 ^= x4;   x4 &= x0;   x0 ^= x1;   \
0208     x1 ^= x3;   x0 &= x2;   x2 ^= x3;   \
0209     x0 ^= x2;   x2 ^= x4;   x4 ^= x3;   \
0210     })
0211 
0212 #define SI6(x0, x1, x2, x3, x4) ({          \
0213             x0 ^= x2;           \
0214     x4  = x0;   x0 &= x3;   x2 ^= x3;   \
0215     x0 ^= x2;   x3 ^= x1;   x2 |= x4;   \
0216     x2 ^= x3;   x3 &= x0;   x0 = ~x0;   \
0217     x3 ^= x1;   x1 &= x2;   x4 ^= x0;   \
0218     x3 ^= x4;   x4 ^= x2;   x0 ^= x1;   \
0219     x2 ^= x0;                   \
0220     })
0221 
0222 #define SI7(x0, x1, x2, x3, x4) ({          \
0223     x4  = x3;   x3 &= x0;   x0 ^= x2;   \
0224     x2 |= x4;   x4 ^= x1;   x0 = ~x0;   \
0225     x1 |= x3;   x4 ^= x0;   x0 &= x2;   \
0226     x0 ^= x1;   x1 &= x2;   x3 ^= x2;   \
0227     x4 ^= x3;   x2 &= x3;   x3 |= x0;   \
0228     x1 ^= x4;   x3 ^= x4;   x4 &= x0;   \
0229     x4 ^= x2;                   \
0230     })
0231 
0232 int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key,
0233              unsigned int keylen)
0234 {
0235     u32 *k = ctx->expkey;
0236     u8  *k8 = (u8 *)k;
0237     u32 r0, r1, r2, r3, r4;
0238     int i;
0239 
0240     /* Copy key, add padding */
0241 
0242     for (i = 0; i < keylen; ++i)
0243         k8[i] = key[i];
0244     if (i < SERPENT_MAX_KEY_SIZE)
0245         k8[i++] = 1;
0246     while (i < SERPENT_MAX_KEY_SIZE)
0247         k8[i++] = 0;
0248 
0249     /* Expand key using polynomial */
0250 
0251     r0 = le32_to_cpu(k[3]);
0252     r1 = le32_to_cpu(k[4]);
0253     r2 = le32_to_cpu(k[5]);
0254     r3 = le32_to_cpu(k[6]);
0255     r4 = le32_to_cpu(k[7]);
0256 
0257     keyiter(le32_to_cpu(k[0]), r0, r4, r2, 0, 0);
0258     keyiter(le32_to_cpu(k[1]), r1, r0, r3, 1, 1);
0259     keyiter(le32_to_cpu(k[2]), r2, r1, r4, 2, 2);
0260     keyiter(le32_to_cpu(k[3]), r3, r2, r0, 3, 3);
0261     keyiter(le32_to_cpu(k[4]), r4, r3, r1, 4, 4);
0262     keyiter(le32_to_cpu(k[5]), r0, r4, r2, 5, 5);
0263     keyiter(le32_to_cpu(k[6]), r1, r0, r3, 6, 6);
0264     keyiter(le32_to_cpu(k[7]), r2, r1, r4, 7, 7);
0265 
0266     keyiter(k[0], r3, r2, r0, 8, 8);
0267     keyiter(k[1], r4, r3, r1, 9, 9);
0268     keyiter(k[2], r0, r4, r2, 10, 10);
0269     keyiter(k[3], r1, r0, r3, 11, 11);
0270     keyiter(k[4], r2, r1, r4, 12, 12);
0271     keyiter(k[5], r3, r2, r0, 13, 13);
0272     keyiter(k[6], r4, r3, r1, 14, 14);
0273     keyiter(k[7], r0, r4, r2, 15, 15);
0274     keyiter(k[8], r1, r0, r3, 16, 16);
0275     keyiter(k[9], r2, r1, r4, 17, 17);
0276     keyiter(k[10], r3, r2, r0, 18, 18);
0277     keyiter(k[11], r4, r3, r1, 19, 19);
0278     keyiter(k[12], r0, r4, r2, 20, 20);
0279     keyiter(k[13], r1, r0, r3, 21, 21);
0280     keyiter(k[14], r2, r1, r4, 22, 22);
0281     keyiter(k[15], r3, r2, r0, 23, 23);
0282     keyiter(k[16], r4, r3, r1, 24, 24);
0283     keyiter(k[17], r0, r4, r2, 25, 25);
0284     keyiter(k[18], r1, r0, r3, 26, 26);
0285     keyiter(k[19], r2, r1, r4, 27, 27);
0286     keyiter(k[20], r3, r2, r0, 28, 28);
0287     keyiter(k[21], r4, r3, r1, 29, 29);
0288     keyiter(k[22], r0, r4, r2, 30, 30);
0289     keyiter(k[23], r1, r0, r3, 31, 31);
0290 
0291     k += 50;
0292 
0293     keyiter(k[-26], r2, r1, r4, 32, -18);
0294     keyiter(k[-25], r3, r2, r0, 33, -17);
0295     keyiter(k[-24], r4, r3, r1, 34, -16);
0296     keyiter(k[-23], r0, r4, r2, 35, -15);
0297     keyiter(k[-22], r1, r0, r3, 36, -14);
0298     keyiter(k[-21], r2, r1, r4, 37, -13);
0299     keyiter(k[-20], r3, r2, r0, 38, -12);
0300     keyiter(k[-19], r4, r3, r1, 39, -11);
0301     keyiter(k[-18], r0, r4, r2, 40, -10);
0302     keyiter(k[-17], r1, r0, r3, 41, -9);
0303     keyiter(k[-16], r2, r1, r4, 42, -8);
0304     keyiter(k[-15], r3, r2, r0, 43, -7);
0305     keyiter(k[-14], r4, r3, r1, 44, -6);
0306     keyiter(k[-13], r0, r4, r2, 45, -5);
0307     keyiter(k[-12], r1, r0, r3, 46, -4);
0308     keyiter(k[-11], r2, r1, r4, 47, -3);
0309     keyiter(k[-10], r3, r2, r0, 48, -2);
0310     keyiter(k[-9], r4, r3, r1, 49, -1);
0311     keyiter(k[-8], r0, r4, r2, 50, 0);
0312     keyiter(k[-7], r1, r0, r3, 51, 1);
0313     keyiter(k[-6], r2, r1, r4, 52, 2);
0314     keyiter(k[-5], r3, r2, r0, 53, 3);
0315     keyiter(k[-4], r4, r3, r1, 54, 4);
0316     keyiter(k[-3], r0, r4, r2, 55, 5);
0317     keyiter(k[-2], r1, r0, r3, 56, 6);
0318     keyiter(k[-1], r2, r1, r4, 57, 7);
0319     keyiter(k[0], r3, r2, r0, 58, 8);
0320     keyiter(k[1], r4, r3, r1, 59, 9);
0321     keyiter(k[2], r0, r4, r2, 60, 10);
0322     keyiter(k[3], r1, r0, r3, 61, 11);
0323     keyiter(k[4], r2, r1, r4, 62, 12);
0324     keyiter(k[5], r3, r2, r0, 63, 13);
0325     keyiter(k[6], r4, r3, r1, 64, 14);
0326     keyiter(k[7], r0, r4, r2, 65, 15);
0327     keyiter(k[8], r1, r0, r3, 66, 16);
0328     keyiter(k[9], r2, r1, r4, 67, 17);
0329     keyiter(k[10], r3, r2, r0, 68, 18);
0330     keyiter(k[11], r4, r3, r1, 69, 19);
0331     keyiter(k[12], r0, r4, r2, 70, 20);
0332     keyiter(k[13], r1, r0, r3, 71, 21);
0333     keyiter(k[14], r2, r1, r4, 72, 22);
0334     keyiter(k[15], r3, r2, r0, 73, 23);
0335     keyiter(k[16], r4, r3, r1, 74, 24);
0336     keyiter(k[17], r0, r4, r2, 75, 25);
0337     keyiter(k[18], r1, r0, r3, 76, 26);
0338     keyiter(k[19], r2, r1, r4, 77, 27);
0339     keyiter(k[20], r3, r2, r0, 78, 28);
0340     keyiter(k[21], r4, r3, r1, 79, 29);
0341     keyiter(k[22], r0, r4, r2, 80, 30);
0342     keyiter(k[23], r1, r0, r3, 81, 31);
0343 
0344     k += 50;
0345 
0346     keyiter(k[-26], r2, r1, r4, 82, -18);
0347     keyiter(k[-25], r3, r2, r0, 83, -17);
0348     keyiter(k[-24], r4, r3, r1, 84, -16);
0349     keyiter(k[-23], r0, r4, r2, 85, -15);
0350     keyiter(k[-22], r1, r0, r3, 86, -14);
0351     keyiter(k[-21], r2, r1, r4, 87, -13);
0352     keyiter(k[-20], r3, r2, r0, 88, -12);
0353     keyiter(k[-19], r4, r3, r1, 89, -11);
0354     keyiter(k[-18], r0, r4, r2, 90, -10);
0355     keyiter(k[-17], r1, r0, r3, 91, -9);
0356     keyiter(k[-16], r2, r1, r4, 92, -8);
0357     keyiter(k[-15], r3, r2, r0, 93, -7);
0358     keyiter(k[-14], r4, r3, r1, 94, -6);
0359     keyiter(k[-13], r0, r4, r2, 95, -5);
0360     keyiter(k[-12], r1, r0, r3, 96, -4);
0361     keyiter(k[-11], r2, r1, r4, 97, -3);
0362     keyiter(k[-10], r3, r2, r0, 98, -2);
0363     keyiter(k[-9], r4, r3, r1, 99, -1);
0364     keyiter(k[-8], r0, r4, r2, 100, 0);
0365     keyiter(k[-7], r1, r0, r3, 101, 1);
0366     keyiter(k[-6], r2, r1, r4, 102, 2);
0367     keyiter(k[-5], r3, r2, r0, 103, 3);
0368     keyiter(k[-4], r4, r3, r1, 104, 4);
0369     keyiter(k[-3], r0, r4, r2, 105, 5);
0370     keyiter(k[-2], r1, r0, r3, 106, 6);
0371     keyiter(k[-1], r2, r1, r4, 107, 7);
0372     keyiter(k[0], r3, r2, r0, 108, 8);
0373     keyiter(k[1], r4, r3, r1, 109, 9);
0374     keyiter(k[2], r0, r4, r2, 110, 10);
0375     keyiter(k[3], r1, r0, r3, 111, 11);
0376     keyiter(k[4], r2, r1, r4, 112, 12);
0377     keyiter(k[5], r3, r2, r0, 113, 13);
0378     keyiter(k[6], r4, r3, r1, 114, 14);
0379     keyiter(k[7], r0, r4, r2, 115, 15);
0380     keyiter(k[8], r1, r0, r3, 116, 16);
0381     keyiter(k[9], r2, r1, r4, 117, 17);
0382     keyiter(k[10], r3, r2, r0, 118, 18);
0383     keyiter(k[11], r4, r3, r1, 119, 19);
0384     keyiter(k[12], r0, r4, r2, 120, 20);
0385     keyiter(k[13], r1, r0, r3, 121, 21);
0386     keyiter(k[14], r2, r1, r4, 122, 22);
0387     keyiter(k[15], r3, r2, r0, 123, 23);
0388     keyiter(k[16], r4, r3, r1, 124, 24);
0389     keyiter(k[17], r0, r4, r2, 125, 25);
0390     keyiter(k[18], r1, r0, r3, 126, 26);
0391     keyiter(k[19], r2, r1, r4, 127, 27);
0392     keyiter(k[20], r3, r2, r0, 128, 28);
0393     keyiter(k[21], r4, r3, r1, 129, 29);
0394     keyiter(k[22], r0, r4, r2, 130, 30);
0395     keyiter(k[23], r1, r0, r3, 131, 31);
0396 
0397     /* Apply S-boxes */
0398 
0399     S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24);
0400     S4(r1, r2, r4, r3, r0); store_and_load_keys(r2, r4, r3, r0, 24, 20);
0401     S5(r2, r4, r3, r0, r1); store_and_load_keys(r1, r2, r4, r0, 20, 16);
0402     S6(r1, r2, r4, r0, r3); store_and_load_keys(r4, r3, r2, r0, 16, 12);
0403     S7(r4, r3, r2, r0, r1); store_and_load_keys(r1, r2, r0, r4, 12, 8);
0404     S0(r1, r2, r0, r4, r3); store_and_load_keys(r0, r2, r4, r1, 8, 4);
0405     S1(r0, r2, r4, r1, r3); store_and_load_keys(r3, r4, r1, r0, 4, 0);
0406     S2(r3, r4, r1, r0, r2); store_and_load_keys(r2, r4, r3, r0, 0, -4);
0407     S3(r2, r4, r3, r0, r1); store_and_load_keys(r0, r1, r4, r2, -4, -8);
0408     S4(r0, r1, r4, r2, r3); store_and_load_keys(r1, r4, r2, r3, -8, -12);
0409     S5(r1, r4, r2, r3, r0); store_and_load_keys(r0, r1, r4, r3, -12, -16);
0410     S6(r0, r1, r4, r3, r2); store_and_load_keys(r4, r2, r1, r3, -16, -20);
0411     S7(r4, r2, r1, r3, r0); store_and_load_keys(r0, r1, r3, r4, -20, -24);
0412     S0(r0, r1, r3, r4, r2); store_and_load_keys(r3, r1, r4, r0, -24, -28);
0413     k -= 50;
0414     S1(r3, r1, r4, r0, r2); store_and_load_keys(r2, r4, r0, r3, 22, 18);
0415     S2(r2, r4, r0, r3, r1); store_and_load_keys(r1, r4, r2, r3, 18, 14);
0416     S3(r1, r4, r2, r3, r0); store_and_load_keys(r3, r0, r4, r1, 14, 10);
0417     S4(r3, r0, r4, r1, r2); store_and_load_keys(r0, r4, r1, r2, 10, 6);
0418     S5(r0, r4, r1, r2, r3); store_and_load_keys(r3, r0, r4, r2, 6, 2);
0419     S6(r3, r0, r4, r2, r1); store_and_load_keys(r4, r1, r0, r2, 2, -2);
0420     S7(r4, r1, r0, r2, r3); store_and_load_keys(r3, r0, r2, r4, -2, -6);
0421     S0(r3, r0, r2, r4, r1); store_and_load_keys(r2, r0, r4, r3, -6, -10);
0422     S1(r2, r0, r4, r3, r1); store_and_load_keys(r1, r4, r3, r2, -10, -14);
0423     S2(r1, r4, r3, r2, r0); store_and_load_keys(r0, r4, r1, r2, -14, -18);
0424     S3(r0, r4, r1, r2, r3); store_and_load_keys(r2, r3, r4, r0, -18, -22);
0425     k -= 50;
0426     S4(r2, r3, r4, r0, r1); store_and_load_keys(r3, r4, r0, r1, 28, 24);
0427     S5(r3, r4, r0, r1, r2); store_and_load_keys(r2, r3, r4, r1, 24, 20);
0428     S6(r2, r3, r4, r1, r0); store_and_load_keys(r4, r0, r3, r1, 20, 16);
0429     S7(r4, r0, r3, r1, r2); store_and_load_keys(r2, r3, r1, r4, 16, 12);
0430     S0(r2, r3, r1, r4, r0); store_and_load_keys(r1, r3, r4, r2, 12, 8);
0431     S1(r1, r3, r4, r2, r0); store_and_load_keys(r0, r4, r2, r1, 8, 4);
0432     S2(r0, r4, r2, r1, r3); store_and_load_keys(r3, r4, r0, r1, 4, 0);
0433     S3(r3, r4, r0, r1, r2); storekeys(r1, r2, r4, r3, 0);
0434 
0435     return 0;
0436 }
0437 EXPORT_SYMBOL_GPL(__serpent_setkey);
0438 
0439 int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
0440 {
0441     return __serpent_setkey(crypto_tfm_ctx(tfm), key, keylen);
0442 }
0443 EXPORT_SYMBOL_GPL(serpent_setkey);
0444 
0445 void __serpent_encrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src)
0446 {
0447     const u32 *k = ctx->expkey;
0448     const __le32 *s = (const __le32 *)src;
0449     __le32  *d = (__le32 *)dst;
0450     u32 r0, r1, r2, r3, r4;
0451 
0452 /*
0453  * Note: The conversions between u8* and u32* might cause trouble
0454  * on architectures with stricter alignment rules than x86
0455  */
0456 
0457     r0 = le32_to_cpu(s[0]);
0458     r1 = le32_to_cpu(s[1]);
0459     r2 = le32_to_cpu(s[2]);
0460     r3 = le32_to_cpu(s[3]);
0461 
0462                     K(r0, r1, r2, r3, 0);
0463     S0(r0, r1, r2, r3, r4);     LK(r2, r1, r3, r0, r4, 1);
0464     S1(r2, r1, r3, r0, r4);     LK(r4, r3, r0, r2, r1, 2);
0465     S2(r4, r3, r0, r2, r1);     LK(r1, r3, r4, r2, r0, 3);
0466     S3(r1, r3, r4, r2, r0);     LK(r2, r0, r3, r1, r4, 4);
0467     S4(r2, r0, r3, r1, r4);     LK(r0, r3, r1, r4, r2, 5);
0468     S5(r0, r3, r1, r4, r2);     LK(r2, r0, r3, r4, r1, 6);
0469     S6(r2, r0, r3, r4, r1);     LK(r3, r1, r0, r4, r2, 7);
0470     S7(r3, r1, r0, r4, r2);     LK(r2, r0, r4, r3, r1, 8);
0471     S0(r2, r0, r4, r3, r1);     LK(r4, r0, r3, r2, r1, 9);
0472     S1(r4, r0, r3, r2, r1);     LK(r1, r3, r2, r4, r0, 10);
0473     S2(r1, r3, r2, r4, r0);     LK(r0, r3, r1, r4, r2, 11);
0474     S3(r0, r3, r1, r4, r2);     LK(r4, r2, r3, r0, r1, 12);
0475     S4(r4, r2, r3, r0, r1);     LK(r2, r3, r0, r1, r4, 13);
0476     S5(r2, r3, r0, r1, r4);     LK(r4, r2, r3, r1, r0, 14);
0477     S6(r4, r2, r3, r1, r0);     LK(r3, r0, r2, r1, r4, 15);
0478     S7(r3, r0, r2, r1, r4);     LK(r4, r2, r1, r3, r0, 16);
0479     S0(r4, r2, r1, r3, r0);     LK(r1, r2, r3, r4, r0, 17);
0480     S1(r1, r2, r3, r4, r0);     LK(r0, r3, r4, r1, r2, 18);
0481     S2(r0, r3, r4, r1, r2);     LK(r2, r3, r0, r1, r4, 19);
0482     S3(r2, r3, r0, r1, r4);     LK(r1, r4, r3, r2, r0, 20);
0483     S4(r1, r4, r3, r2, r0);     LK(r4, r3, r2, r0, r1, 21);
0484     S5(r4, r3, r2, r0, r1);     LK(r1, r4, r3, r0, r2, 22);
0485     S6(r1, r4, r3, r0, r2);     LK(r3, r2, r4, r0, r1, 23);
0486     S7(r3, r2, r4, r0, r1);     LK(r1, r4, r0, r3, r2, 24);
0487     S0(r1, r4, r0, r3, r2);     LK(r0, r4, r3, r1, r2, 25);
0488     S1(r0, r4, r3, r1, r2);     LK(r2, r3, r1, r0, r4, 26);
0489     S2(r2, r3, r1, r0, r4);     LK(r4, r3, r2, r0, r1, 27);
0490     S3(r4, r3, r2, r0, r1);     LK(r0, r1, r3, r4, r2, 28);
0491     S4(r0, r1, r3, r4, r2);     LK(r1, r3, r4, r2, r0, 29);
0492     S5(r1, r3, r4, r2, r0);     LK(r0, r1, r3, r2, r4, 30);
0493     S6(r0, r1, r3, r2, r4);     LK(r3, r4, r1, r2, r0, 31);
0494     S7(r3, r4, r1, r2, r0);     K(r0, r1, r2, r3, 32);
0495 
0496     d[0] = cpu_to_le32(r0);
0497     d[1] = cpu_to_le32(r1);
0498     d[2] = cpu_to_le32(r2);
0499     d[3] = cpu_to_le32(r3);
0500 }
0501 EXPORT_SYMBOL_GPL(__serpent_encrypt);
0502 
0503 static void serpent_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
0504 {
0505     struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
0506 
0507     __serpent_encrypt(ctx, dst, src);
0508 }
0509 
0510 void __serpent_decrypt(struct serpent_ctx *ctx, u8 *dst, const u8 *src)
0511 {
0512     const u32 *k = ctx->expkey;
0513     const __le32 *s = (const __le32 *)src;
0514     __le32  *d = (__le32 *)dst;
0515     u32 r0, r1, r2, r3, r4;
0516 
0517     r0 = le32_to_cpu(s[0]);
0518     r1 = le32_to_cpu(s[1]);
0519     r2 = le32_to_cpu(s[2]);
0520     r3 = le32_to_cpu(s[3]);
0521 
0522                     K(r0, r1, r2, r3, 32);
0523     SI7(r0, r1, r2, r3, r4);    KL(r1, r3, r0, r4, r2, 31);
0524     SI6(r1, r3, r0, r4, r2);    KL(r0, r2, r4, r1, r3, 30);
0525     SI5(r0, r2, r4, r1, r3);    KL(r2, r3, r0, r4, r1, 29);
0526     SI4(r2, r3, r0, r4, r1);    KL(r2, r0, r1, r4, r3, 28);
0527     SI3(r2, r0, r1, r4, r3);    KL(r1, r2, r3, r4, r0, 27);
0528     SI2(r1, r2, r3, r4, r0);    KL(r2, r0, r4, r3, r1, 26);
0529     SI1(r2, r0, r4, r3, r1);    KL(r1, r0, r4, r3, r2, 25);
0530     SI0(r1, r0, r4, r3, r2);    KL(r4, r2, r0, r1, r3, 24);
0531     SI7(r4, r2, r0, r1, r3);    KL(r2, r1, r4, r3, r0, 23);
0532     SI6(r2, r1, r4, r3, r0);    KL(r4, r0, r3, r2, r1, 22);
0533     SI5(r4, r0, r3, r2, r1);    KL(r0, r1, r4, r3, r2, 21);
0534     SI4(r0, r1, r4, r3, r2);    KL(r0, r4, r2, r3, r1, 20);
0535     SI3(r0, r4, r2, r3, r1);    KL(r2, r0, r1, r3, r4, 19);
0536     SI2(r2, r0, r1, r3, r4);    KL(r0, r4, r3, r1, r2, 18);
0537     SI1(r0, r4, r3, r1, r2);    KL(r2, r4, r3, r1, r0, 17);
0538     SI0(r2, r4, r3, r1, r0);    KL(r3, r0, r4, r2, r1, 16);
0539     SI7(r3, r0, r4, r2, r1);    KL(r0, r2, r3, r1, r4, 15);
0540     SI6(r0, r2, r3, r1, r4);    KL(r3, r4, r1, r0, r2, 14);
0541     SI5(r3, r4, r1, r0, r2);    KL(r4, r2, r3, r1, r0, 13);
0542     SI4(r4, r2, r3, r1, r0);    KL(r4, r3, r0, r1, r2, 12);
0543     SI3(r4, r3, r0, r1, r2);    KL(r0, r4, r2, r1, r3, 11);
0544     SI2(r0, r4, r2, r1, r3);    KL(r4, r3, r1, r2, r0, 10);
0545     SI1(r4, r3, r1, r2, r0);    KL(r0, r3, r1, r2, r4, 9);
0546     SI0(r0, r3, r1, r2, r4);    KL(r1, r4, r3, r0, r2, 8);
0547     SI7(r1, r4, r3, r0, r2);    KL(r4, r0, r1, r2, r3, 7);
0548     SI6(r4, r0, r1, r2, r3);    KL(r1, r3, r2, r4, r0, 6);
0549     SI5(r1, r3, r2, r4, r0);    KL(r3, r0, r1, r2, r4, 5);
0550     SI4(r3, r0, r1, r2, r4);    KL(r3, r1, r4, r2, r0, 4);
0551     SI3(r3, r1, r4, r2, r0);    KL(r4, r3, r0, r2, r1, 3);
0552     SI2(r4, r3, r0, r2, r1);    KL(r3, r1, r2, r0, r4, 2);
0553     SI1(r3, r1, r2, r0, r4);    KL(r4, r1, r2, r0, r3, 1);
0554     SI0(r4, r1, r2, r0, r3);    K(r2, r3, r1, r4, 0);
0555 
0556     d[0] = cpu_to_le32(r2);
0557     d[1] = cpu_to_le32(r3);
0558     d[2] = cpu_to_le32(r1);
0559     d[3] = cpu_to_le32(r4);
0560 }
0561 EXPORT_SYMBOL_GPL(__serpent_decrypt);
0562 
0563 static void serpent_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
0564 {
0565     struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
0566 
0567     __serpent_decrypt(ctx, dst, src);
0568 }
0569 
0570 static int tnepres_setkey(struct crypto_tfm *tfm, const u8 *key,
0571               unsigned int keylen)
0572 {
0573     u8 rev_key[SERPENT_MAX_KEY_SIZE];
0574     int i;
0575 
0576     for (i = 0; i < keylen; ++i)
0577         rev_key[keylen - i - 1] = key[i];
0578 
0579     return serpent_setkey(tfm, rev_key, keylen);
0580 }
0581 
0582 static void tnepres_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
0583 {
0584     const u32 * const s = (const u32 * const)src;
0585     u32 * const d = (u32 * const)dst;
0586 
0587     u32 rs[4], rd[4];
0588 
0589     rs[0] = swab32(s[3]);
0590     rs[1] = swab32(s[2]);
0591     rs[2] = swab32(s[1]);
0592     rs[3] = swab32(s[0]);
0593 
0594     serpent_encrypt(tfm, (u8 *)rd, (u8 *)rs);
0595 
0596     d[0] = swab32(rd[3]);
0597     d[1] = swab32(rd[2]);
0598     d[2] = swab32(rd[1]);
0599     d[3] = swab32(rd[0]);
0600 }
0601 
0602 static void tnepres_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
0603 {
0604     const u32 * const s = (const u32 * const)src;
0605     u32 * const d = (u32 * const)dst;
0606 
0607     u32 rs[4], rd[4];
0608 
0609     rs[0] = swab32(s[3]);
0610     rs[1] = swab32(s[2]);
0611     rs[2] = swab32(s[1]);
0612     rs[3] = swab32(s[0]);
0613 
0614     serpent_decrypt(tfm, (u8 *)rd, (u8 *)rs);
0615 
0616     d[0] = swab32(rd[3]);
0617     d[1] = swab32(rd[2]);
0618     d[2] = swab32(rd[1]);
0619     d[3] = swab32(rd[0]);
0620 }
0621 
0622 static struct crypto_alg srp_algs[2] = { {
0623     .cra_name       =   "serpent",
0624     .cra_driver_name    =   "serpent-generic",
0625     .cra_priority       =   100,
0626     .cra_flags      =   CRYPTO_ALG_TYPE_CIPHER,
0627     .cra_blocksize      =   SERPENT_BLOCK_SIZE,
0628     .cra_ctxsize        =   sizeof(struct serpent_ctx),
0629     .cra_alignmask      =   3,
0630     .cra_module     =   THIS_MODULE,
0631     .cra_u          =   { .cipher = {
0632     .cia_min_keysize    =   SERPENT_MIN_KEY_SIZE,
0633     .cia_max_keysize    =   SERPENT_MAX_KEY_SIZE,
0634     .cia_setkey     =   serpent_setkey,
0635     .cia_encrypt        =   serpent_encrypt,
0636     .cia_decrypt        =   serpent_decrypt } }
0637 }, {
0638     .cra_name       =   "tnepres",
0639     .cra_flags      =   CRYPTO_ALG_TYPE_CIPHER,
0640     .cra_blocksize      =   SERPENT_BLOCK_SIZE,
0641     .cra_ctxsize        =   sizeof(struct serpent_ctx),
0642     .cra_alignmask      =   3,
0643     .cra_module     =   THIS_MODULE,
0644     .cra_u          =   { .cipher = {
0645     .cia_min_keysize    =   SERPENT_MIN_KEY_SIZE,
0646     .cia_max_keysize    =   SERPENT_MAX_KEY_SIZE,
0647     .cia_setkey     =   tnepres_setkey,
0648     .cia_encrypt        =   tnepres_encrypt,
0649     .cia_decrypt        =   tnepres_decrypt } }
0650 } };
0651 
0652 static int __init serpent_mod_init(void)
0653 {
0654     return crypto_register_algs(srp_algs, ARRAY_SIZE(srp_algs));
0655 }
0656 
0657 static void __exit serpent_mod_fini(void)
0658 {
0659     crypto_unregister_algs(srp_algs, ARRAY_SIZE(srp_algs));
0660 }
0661 
0662 module_init(serpent_mod_init);
0663 module_exit(serpent_mod_fini);
0664 
0665 MODULE_LICENSE("GPL");
0666 MODULE_DESCRIPTION("Serpent and tnepres (kerneli compatible serpent reversed) Cipher Algorithm");
0667 MODULE_AUTHOR("Dag Arne Osvik <osvik@ii.uib.no>");
0668 MODULE_ALIAS_CRYPTO("tnepres");
0669 MODULE_ALIAS_CRYPTO("serpent");
0670 MODULE_ALIAS_CRYPTO("serpent-generic");