0001
0002
0003
0004
0005
0006
0007
0008
0009
0010 #include <linux/init.h>
0011 #include <linux/module.h>
0012 #include <linux/errno.h>
0013 #include <asm/unaligned.h>
0014 #include <linux/crypto.h>
0015 #include <linux/types.h>
0016 #include <crypto/serpent.h>
0017
0018
0019
0020
0021
0022 #define PHI 0x9e3779b9UL
0023
0024 #define keyiter(a, b, c, d, i, j) \
0025 ({ b ^= d; b ^= c; b ^= a; b ^= PHI ^ i; b = rol32(b, 11); k[j] = b; })
0026
0027 #define loadkeys(x0, x1, x2, x3, i) \
0028 ({ x0 = k[i]; x1 = k[i+1]; x2 = k[i+2]; x3 = k[i+3]; })
0029
0030 #define storekeys(x0, x1, x2, x3, i) \
0031 ({ k[i] = x0; k[i+1] = x1; k[i+2] = x2; k[i+3] = x3; })
0032
0033 #define store_and_load_keys(x0, x1, x2, x3, s, l) \
0034 ({ storekeys(x0, x1, x2, x3, s); loadkeys(x0, x1, x2, x3, l); })
0035
0036 #define K(x0, x1, x2, x3, i) ({ \
0037 x3 ^= k[4*(i)+3]; x2 ^= k[4*(i)+2]; \
0038 x1 ^= k[4*(i)+1]; x0 ^= k[4*(i)+0]; \
0039 })
0040
0041 #define LK(x0, x1, x2, x3, x4, i) ({ \
0042 x0 = rol32(x0, 13);\
0043 x2 = rol32(x2, 3); x1 ^= x0; x4 = x0 << 3; \
0044 x3 ^= x2; x1 ^= x2; \
0045 x1 = rol32(x1, 1); x3 ^= x4; \
0046 x3 = rol32(x3, 7); x4 = x1; \
0047 x0 ^= x1; x4 <<= 7; x2 ^= x3; \
0048 x0 ^= x3; x2 ^= x4; x3 ^= k[4*i+3]; \
0049 x1 ^= k[4*i+1]; x0 = rol32(x0, 5); x2 = rol32(x2, 22);\
0050 x0 ^= k[4*i+0]; x2 ^= k[4*i+2]; \
0051 })
0052
0053 #define KL(x0, x1, x2, x3, x4, i) ({ \
0054 x0 ^= k[4*i+0]; x1 ^= k[4*i+1]; x2 ^= k[4*i+2]; \
0055 x3 ^= k[4*i+3]; x0 = ror32(x0, 5); x2 = ror32(x2, 22);\
0056 x4 = x1; x2 ^= x3; x0 ^= x3; \
0057 x4 <<= 7; x0 ^= x1; x1 = ror32(x1, 1); \
0058 x2 ^= x4; x3 = ror32(x3, 7); x4 = x0 << 3; \
0059 x1 ^= x0; x3 ^= x4; x0 = ror32(x0, 13);\
0060 x1 ^= x2; x3 ^= x2; x2 = ror32(x2, 3); \
0061 })
0062
0063 #define S0(x0, x1, x2, x3, x4) ({ \
0064 x4 = x3; \
0065 x3 |= x0; x0 ^= x4; x4 ^= x2; \
0066 x4 = ~x4; x3 ^= x1; x1 &= x0; \
0067 x1 ^= x4; x2 ^= x0; x0 ^= x3; \
0068 x4 |= x0; x0 ^= x2; x2 &= x1; \
0069 x3 ^= x2; x1 = ~x1; x2 ^= x4; \
0070 x1 ^= x2; \
0071 })
0072
0073 #define S1(x0, x1, x2, x3, x4) ({ \
0074 x4 = x1; \
0075 x1 ^= x0; x0 ^= x3; x3 = ~x3; \
0076 x4 &= x1; x0 |= x1; x3 ^= x2; \
0077 x0 ^= x3; x1 ^= x3; x3 ^= x4; \
0078 x1 |= x4; x4 ^= x2; x2 &= x0; \
0079 x2 ^= x1; x1 |= x0; x0 = ~x0; \
0080 x0 ^= x2; x4 ^= x1; \
0081 })
0082
0083 #define S2(x0, x1, x2, x3, x4) ({ \
0084 x3 = ~x3; \
0085 x1 ^= x0; x4 = x0; x0 &= x2; \
0086 x0 ^= x3; x3 |= x4; x2 ^= x1; \
0087 x3 ^= x1; x1 &= x0; x0 ^= x2; \
0088 x2 &= x3; x3 |= x1; x0 = ~x0; \
0089 x3 ^= x0; x4 ^= x0; x0 ^= x2; \
0090 x1 |= x2; \
0091 })
0092
0093 #define S3(x0, x1, x2, x3, x4) ({ \
0094 x4 = x1; \
0095 x1 ^= x3; x3 |= x0; x4 &= x0; \
0096 x0 ^= x2; x2 ^= x1; x1 &= x3; \
0097 x2 ^= x3; x0 |= x4; x4 ^= x3; \
0098 x1 ^= x0; x0 &= x3; x3 &= x4; \
0099 x3 ^= x2; x4 |= x1; x2 &= x1; \
0100 x4 ^= x3; x0 ^= x3; x3 ^= x2; \
0101 })
0102
0103 #define S4(x0, x1, x2, x3, x4) ({ \
0104 x4 = x3; \
0105 x3 &= x0; x0 ^= x4; \
0106 x3 ^= x2; x2 |= x4; x0 ^= x1; \
0107 x4 ^= x3; x2 |= x0; \
0108 x2 ^= x1; x1 &= x0; \
0109 x1 ^= x4; x4 &= x2; x2 ^= x3; \
0110 x4 ^= x0; x3 |= x1; x1 = ~x1; \
0111 x3 ^= x0; \
0112 })
0113
0114 #define S5(x0, x1, x2, x3, x4) ({ \
0115 x4 = x1; x1 |= x0; \
0116 x2 ^= x1; x3 = ~x3; x4 ^= x0; \
0117 x0 ^= x2; x1 &= x4; x4 |= x3; \
0118 x4 ^= x0; x0 &= x3; x1 ^= x3; \
0119 x3 ^= x2; x0 ^= x1; x2 &= x4; \
0120 x1 ^= x2; x2 &= x0; \
0121 x3 ^= x2; \
0122 })
0123
0124 #define S6(x0, x1, x2, x3, x4) ({ \
0125 x4 = x1; \
0126 x3 ^= x0; x1 ^= x2; x2 ^= x0; \
0127 x0 &= x3; x1 |= x3; x4 = ~x4; \
0128 x0 ^= x1; x1 ^= x2; \
0129 x3 ^= x4; x4 ^= x0; x2 &= x0; \
0130 x4 ^= x1; x2 ^= x3; x3 &= x1; \
0131 x3 ^= x0; x1 ^= x2; \
0132 })
0133
0134 #define S7(x0, x1, x2, x3, x4) ({ \
0135 x1 = ~x1; \
0136 x4 = x1; x0 = ~x0; x1 &= x2; \
0137 x1 ^= x3; x3 |= x4; x4 ^= x2; \
0138 x2 ^= x3; x3 ^= x0; x0 |= x1; \
0139 x2 &= x0; x0 ^= x4; x4 ^= x3; \
0140 x3 &= x0; x4 ^= x1; \
0141 x2 ^= x4; x3 ^= x1; x4 |= x0; \
0142 x4 ^= x1; \
0143 })
0144
0145 #define SI0(x0, x1, x2, x3, x4) ({ \
0146 x4 = x3; x1 ^= x0; \
0147 x3 |= x1; x4 ^= x1; x0 = ~x0; \
0148 x2 ^= x3; x3 ^= x0; x0 &= x1; \
0149 x0 ^= x2; x2 &= x3; x3 ^= x4; \
0150 x2 ^= x3; x1 ^= x3; x3 &= x0; \
0151 x1 ^= x0; x0 ^= x2; x4 ^= x3; \
0152 })
0153
0154 #define SI1(x0, x1, x2, x3, x4) ({ \
0155 x1 ^= x3; x4 = x0; \
0156 x0 ^= x2; x2 = ~x2; x4 |= x1; \
0157 x4 ^= x3; x3 &= x1; x1 ^= x2; \
0158 x2 &= x4; x4 ^= x1; x1 |= x3; \
0159 x3 ^= x0; x2 ^= x0; x0 |= x4; \
0160 x2 ^= x4; x1 ^= x0; \
0161 x4 ^= x1; \
0162 })
0163
0164 #define SI2(x0, x1, x2, x3, x4) ({ \
0165 x2 ^= x1; x4 = x3; x3 = ~x3; \
0166 x3 |= x2; x2 ^= x4; x4 ^= x0; \
0167 x3 ^= x1; x1 |= x2; x2 ^= x0; \
0168 x1 ^= x4; x4 |= x3; x2 ^= x3; \
0169 x4 ^= x2; x2 &= x1; \
0170 x2 ^= x3; x3 ^= x4; x4 ^= x0; \
0171 })
0172
0173 #define SI3(x0, x1, x2, x3, x4) ({ \
0174 x2 ^= x1; \
0175 x4 = x1; x1 &= x2; \
0176 x1 ^= x0; x0 |= x4; x4 ^= x3; \
0177 x0 ^= x3; x3 |= x1; x1 ^= x2; \
0178 x1 ^= x3; x0 ^= x2; x2 ^= x3; \
0179 x3 &= x1; x1 ^= x0; x0 &= x2; \
0180 x4 ^= x3; x3 ^= x0; x0 ^= x1; \
0181 })
0182
0183 #define SI4(x0, x1, x2, x3, x4) ({ \
0184 x2 ^= x3; x4 = x0; x0 &= x1; \
0185 x0 ^= x2; x2 |= x3; x4 = ~x4; \
0186 x1 ^= x0; x0 ^= x2; x2 &= x4; \
0187 x2 ^= x0; x0 |= x4; \
0188 x0 ^= x3; x3 &= x2; \
0189 x4 ^= x3; x3 ^= x1; x1 &= x0; \
0190 x4 ^= x1; x0 ^= x3; \
0191 })
0192
0193 #define SI5(x0, x1, x2, x3, x4) ({ \
0194 x4 = x1; x1 |= x2; \
0195 x2 ^= x4; x1 ^= x3; x3 &= x4; \
0196 x2 ^= x3; x3 |= x0; x0 = ~x0; \
0197 x3 ^= x2; x2 |= x0; x4 ^= x1; \
0198 x2 ^= x4; x4 &= x0; x0 ^= x1; \
0199 x1 ^= x3; x0 &= x2; x2 ^= x3; \
0200 x0 ^= x2; x2 ^= x4; x4 ^= x3; \
0201 })
0202
0203 #define SI6(x0, x1, x2, x3, x4) ({ \
0204 x0 ^= x2; \
0205 x4 = x0; x0 &= x3; x2 ^= x3; \
0206 x0 ^= x2; x3 ^= x1; x2 |= x4; \
0207 x2 ^= x3; x3 &= x0; x0 = ~x0; \
0208 x3 ^= x1; x1 &= x2; x4 ^= x0; \
0209 x3 ^= x4; x4 ^= x2; x0 ^= x1; \
0210 x2 ^= x0; \
0211 })
0212
0213 #define SI7(x0, x1, x2, x3, x4) ({ \
0214 x4 = x3; x3 &= x0; x0 ^= x2; \
0215 x2 |= x4; x4 ^= x1; x0 = ~x0; \
0216 x1 |= x3; x4 ^= x0; x0 &= x2; \
0217 x0 ^= x1; x1 &= x2; x3 ^= x2; \
0218 x4 ^= x3; x2 &= x3; x3 |= x0; \
0219 x1 ^= x4; x3 ^= x4; x4 &= x0; \
0220 x4 ^= x2; \
0221 })
0222
0223
0224
0225
0226
0227
0228 static noinline void __serpent_setkey_sbox(u32 r0, u32 r1, u32 r2,
0229 u32 r3, u32 r4, u32 *k)
0230 {
0231 k += 100;
0232 S3(r3, r4, r0, r1, r2); store_and_load_keys(r1, r2, r4, r3, 28, 24);
0233 S4(r1, r2, r4, r3, r0); store_and_load_keys(r2, r4, r3, r0, 24, 20);
0234 S5(r2, r4, r3, r0, r1); store_and_load_keys(r1, r2, r4, r0, 20, 16);
0235 S6(r1, r2, r4, r0, r3); store_and_load_keys(r4, r3, r2, r0, 16, 12);
0236 S7(r4, r3, r2, r0, r1); store_and_load_keys(r1, r2, r0, r4, 12, 8);
0237 S0(r1, r2, r0, r4, r3); store_and_load_keys(r0, r2, r4, r1, 8, 4);
0238 S1(r0, r2, r4, r1, r3); store_and_load_keys(r3, r4, r1, r0, 4, 0);
0239 S2(r3, r4, r1, r0, r2); store_and_load_keys(r2, r4, r3, r0, 0, -4);
0240 S3(r2, r4, r3, r0, r1); store_and_load_keys(r0, r1, r4, r2, -4, -8);
0241 S4(r0, r1, r4, r2, r3); store_and_load_keys(r1, r4, r2, r3, -8, -12);
0242 S5(r1, r4, r2, r3, r0); store_and_load_keys(r0, r1, r4, r3, -12, -16);
0243 S6(r0, r1, r4, r3, r2); store_and_load_keys(r4, r2, r1, r3, -16, -20);
0244 S7(r4, r2, r1, r3, r0); store_and_load_keys(r0, r1, r3, r4, -20, -24);
0245 S0(r0, r1, r3, r4, r2); store_and_load_keys(r3, r1, r4, r0, -24, -28);
0246 k -= 50;
0247 S1(r3, r1, r4, r0, r2); store_and_load_keys(r2, r4, r0, r3, 22, 18);
0248 S2(r2, r4, r0, r3, r1); store_and_load_keys(r1, r4, r2, r3, 18, 14);
0249 S3(r1, r4, r2, r3, r0); store_and_load_keys(r3, r0, r4, r1, 14, 10);
0250 S4(r3, r0, r4, r1, r2); store_and_load_keys(r0, r4, r1, r2, 10, 6);
0251 S5(r0, r4, r1, r2, r3); store_and_load_keys(r3, r0, r4, r2, 6, 2);
0252 S6(r3, r0, r4, r2, r1); store_and_load_keys(r4, r1, r0, r2, 2, -2);
0253 S7(r4, r1, r0, r2, r3); store_and_load_keys(r3, r0, r2, r4, -2, -6);
0254 S0(r3, r0, r2, r4, r1); store_and_load_keys(r2, r0, r4, r3, -6, -10);
0255 S1(r2, r0, r4, r3, r1); store_and_load_keys(r1, r4, r3, r2, -10, -14);
0256 S2(r1, r4, r3, r2, r0); store_and_load_keys(r0, r4, r1, r2, -14, -18);
0257 S3(r0, r4, r1, r2, r3); store_and_load_keys(r2, r3, r4, r0, -18, -22);
0258 k -= 50;
0259 S4(r2, r3, r4, r0, r1); store_and_load_keys(r3, r4, r0, r1, 28, 24);
0260 S5(r3, r4, r0, r1, r2); store_and_load_keys(r2, r3, r4, r1, 24, 20);
0261 S6(r2, r3, r4, r1, r0); store_and_load_keys(r4, r0, r3, r1, 20, 16);
0262 S7(r4, r0, r3, r1, r2); store_and_load_keys(r2, r3, r1, r4, 16, 12);
0263 S0(r2, r3, r1, r4, r0); store_and_load_keys(r1, r3, r4, r2, 12, 8);
0264 S1(r1, r3, r4, r2, r0); store_and_load_keys(r0, r4, r2, r1, 8, 4);
0265 S2(r0, r4, r2, r1, r3); store_and_load_keys(r3, r4, r0, r1, 4, 0);
0266 S3(r3, r4, r0, r1, r2); storekeys(r1, r2, r4, r3, 0);
0267 }
0268
0269 int __serpent_setkey(struct serpent_ctx *ctx, const u8 *key,
0270 unsigned int keylen)
0271 {
0272 u32 *k = ctx->expkey;
0273 u8 *k8 = (u8 *)k;
0274 u32 r0, r1, r2, r3, r4;
0275 __le32 *lk;
0276 int i;
0277
0278
0279
0280 for (i = 0; i < keylen; ++i)
0281 k8[i] = key[i];
0282 if (i < SERPENT_MAX_KEY_SIZE)
0283 k8[i++] = 1;
0284 while (i < SERPENT_MAX_KEY_SIZE)
0285 k8[i++] = 0;
0286
0287 lk = (__le32 *)k;
0288 k[0] = le32_to_cpu(lk[0]);
0289 k[1] = le32_to_cpu(lk[1]);
0290 k[2] = le32_to_cpu(lk[2]);
0291 k[3] = le32_to_cpu(lk[3]);
0292 k[4] = le32_to_cpu(lk[4]);
0293 k[5] = le32_to_cpu(lk[5]);
0294 k[6] = le32_to_cpu(lk[6]);
0295 k[7] = le32_to_cpu(lk[7]);
0296
0297
0298
0299 r0 = k[3];
0300 r1 = k[4];
0301 r2 = k[5];
0302 r3 = k[6];
0303 r4 = k[7];
0304
0305 keyiter(k[0], r0, r4, r2, 0, 0);
0306 keyiter(k[1], r1, r0, r3, 1, 1);
0307 keyiter(k[2], r2, r1, r4, 2, 2);
0308 keyiter(k[3], r3, r2, r0, 3, 3);
0309 keyiter(k[4], r4, r3, r1, 4, 4);
0310 keyiter(k[5], r0, r4, r2, 5, 5);
0311 keyiter(k[6], r1, r0, r3, 6, 6);
0312 keyiter(k[7], r2, r1, r4, 7, 7);
0313
0314 keyiter(k[0], r3, r2, r0, 8, 8);
0315 keyiter(k[1], r4, r3, r1, 9, 9);
0316 keyiter(k[2], r0, r4, r2, 10, 10);
0317 keyiter(k[3], r1, r0, r3, 11, 11);
0318 keyiter(k[4], r2, r1, r4, 12, 12);
0319 keyiter(k[5], r3, r2, r0, 13, 13);
0320 keyiter(k[6], r4, r3, r1, 14, 14);
0321 keyiter(k[7], r0, r4, r2, 15, 15);
0322 keyiter(k[8], r1, r0, r3, 16, 16);
0323 keyiter(k[9], r2, r1, r4, 17, 17);
0324 keyiter(k[10], r3, r2, r0, 18, 18);
0325 keyiter(k[11], r4, r3, r1, 19, 19);
0326 keyiter(k[12], r0, r4, r2, 20, 20);
0327 keyiter(k[13], r1, r0, r3, 21, 21);
0328 keyiter(k[14], r2, r1, r4, 22, 22);
0329 keyiter(k[15], r3, r2, r0, 23, 23);
0330 keyiter(k[16], r4, r3, r1, 24, 24);
0331 keyiter(k[17], r0, r4, r2, 25, 25);
0332 keyiter(k[18], r1, r0, r3, 26, 26);
0333 keyiter(k[19], r2, r1, r4, 27, 27);
0334 keyiter(k[20], r3, r2, r0, 28, 28);
0335 keyiter(k[21], r4, r3, r1, 29, 29);
0336 keyiter(k[22], r0, r4, r2, 30, 30);
0337 keyiter(k[23], r1, r0, r3, 31, 31);
0338
0339 k += 50;
0340
0341 keyiter(k[-26], r2, r1, r4, 32, -18);
0342 keyiter(k[-25], r3, r2, r0, 33, -17);
0343 keyiter(k[-24], r4, r3, r1, 34, -16);
0344 keyiter(k[-23], r0, r4, r2, 35, -15);
0345 keyiter(k[-22], r1, r0, r3, 36, -14);
0346 keyiter(k[-21], r2, r1, r4, 37, -13);
0347 keyiter(k[-20], r3, r2, r0, 38, -12);
0348 keyiter(k[-19], r4, r3, r1, 39, -11);
0349 keyiter(k[-18], r0, r4, r2, 40, -10);
0350 keyiter(k[-17], r1, r0, r3, 41, -9);
0351 keyiter(k[-16], r2, r1, r4, 42, -8);
0352 keyiter(k[-15], r3, r2, r0, 43, -7);
0353 keyiter(k[-14], r4, r3, r1, 44, -6);
0354 keyiter(k[-13], r0, r4, r2, 45, -5);
0355 keyiter(k[-12], r1, r0, r3, 46, -4);
0356 keyiter(k[-11], r2, r1, r4, 47, -3);
0357 keyiter(k[-10], r3, r2, r0, 48, -2);
0358 keyiter(k[-9], r4, r3, r1, 49, -1);
0359 keyiter(k[-8], r0, r4, r2, 50, 0);
0360 keyiter(k[-7], r1, r0, r3, 51, 1);
0361 keyiter(k[-6], r2, r1, r4, 52, 2);
0362 keyiter(k[-5], r3, r2, r0, 53, 3);
0363 keyiter(k[-4], r4, r3, r1, 54, 4);
0364 keyiter(k[-3], r0, r4, r2, 55, 5);
0365 keyiter(k[-2], r1, r0, r3, 56, 6);
0366 keyiter(k[-1], r2, r1, r4, 57, 7);
0367 keyiter(k[0], r3, r2, r0, 58, 8);
0368 keyiter(k[1], r4, r3, r1, 59, 9);
0369 keyiter(k[2], r0, r4, r2, 60, 10);
0370 keyiter(k[3], r1, r0, r3, 61, 11);
0371 keyiter(k[4], r2, r1, r4, 62, 12);
0372 keyiter(k[5], r3, r2, r0, 63, 13);
0373 keyiter(k[6], r4, r3, r1, 64, 14);
0374 keyiter(k[7], r0, r4, r2, 65, 15);
0375 keyiter(k[8], r1, r0, r3, 66, 16);
0376 keyiter(k[9], r2, r1, r4, 67, 17);
0377 keyiter(k[10], r3, r2, r0, 68, 18);
0378 keyiter(k[11], r4, r3, r1, 69, 19);
0379 keyiter(k[12], r0, r4, r2, 70, 20);
0380 keyiter(k[13], r1, r0, r3, 71, 21);
0381 keyiter(k[14], r2, r1, r4, 72, 22);
0382 keyiter(k[15], r3, r2, r0, 73, 23);
0383 keyiter(k[16], r4, r3, r1, 74, 24);
0384 keyiter(k[17], r0, r4, r2, 75, 25);
0385 keyiter(k[18], r1, r0, r3, 76, 26);
0386 keyiter(k[19], r2, r1, r4, 77, 27);
0387 keyiter(k[20], r3, r2, r0, 78, 28);
0388 keyiter(k[21], r4, r3, r1, 79, 29);
0389 keyiter(k[22], r0, r4, r2, 80, 30);
0390 keyiter(k[23], r1, r0, r3, 81, 31);
0391
0392 k += 50;
0393
0394 keyiter(k[-26], r2, r1, r4, 82, -18);
0395 keyiter(k[-25], r3, r2, r0, 83, -17);
0396 keyiter(k[-24], r4, r3, r1, 84, -16);
0397 keyiter(k[-23], r0, r4, r2, 85, -15);
0398 keyiter(k[-22], r1, r0, r3, 86, -14);
0399 keyiter(k[-21], r2, r1, r4, 87, -13);
0400 keyiter(k[-20], r3, r2, r0, 88, -12);
0401 keyiter(k[-19], r4, r3, r1, 89, -11);
0402 keyiter(k[-18], r0, r4, r2, 90, -10);
0403 keyiter(k[-17], r1, r0, r3, 91, -9);
0404 keyiter(k[-16], r2, r1, r4, 92, -8);
0405 keyiter(k[-15], r3, r2, r0, 93, -7);
0406 keyiter(k[-14], r4, r3, r1, 94, -6);
0407 keyiter(k[-13], r0, r4, r2, 95, -5);
0408 keyiter(k[-12], r1, r0, r3, 96, -4);
0409 keyiter(k[-11], r2, r1, r4, 97, -3);
0410 keyiter(k[-10], r3, r2, r0, 98, -2);
0411 keyiter(k[-9], r4, r3, r1, 99, -1);
0412 keyiter(k[-8], r0, r4, r2, 100, 0);
0413 keyiter(k[-7], r1, r0, r3, 101, 1);
0414 keyiter(k[-6], r2, r1, r4, 102, 2);
0415 keyiter(k[-5], r3, r2, r0, 103, 3);
0416 keyiter(k[-4], r4, r3, r1, 104, 4);
0417 keyiter(k[-3], r0, r4, r2, 105, 5);
0418 keyiter(k[-2], r1, r0, r3, 106, 6);
0419 keyiter(k[-1], r2, r1, r4, 107, 7);
0420 keyiter(k[0], r3, r2, r0, 108, 8);
0421 keyiter(k[1], r4, r3, r1, 109, 9);
0422 keyiter(k[2], r0, r4, r2, 110, 10);
0423 keyiter(k[3], r1, r0, r3, 111, 11);
0424 keyiter(k[4], r2, r1, r4, 112, 12);
0425 keyiter(k[5], r3, r2, r0, 113, 13);
0426 keyiter(k[6], r4, r3, r1, 114, 14);
0427 keyiter(k[7], r0, r4, r2, 115, 15);
0428 keyiter(k[8], r1, r0, r3, 116, 16);
0429 keyiter(k[9], r2, r1, r4, 117, 17);
0430 keyiter(k[10], r3, r2, r0, 118, 18);
0431 keyiter(k[11], r4, r3, r1, 119, 19);
0432 keyiter(k[12], r0, r4, r2, 120, 20);
0433 keyiter(k[13], r1, r0, r3, 121, 21);
0434 keyiter(k[14], r2, r1, r4, 122, 22);
0435 keyiter(k[15], r3, r2, r0, 123, 23);
0436 keyiter(k[16], r4, r3, r1, 124, 24);
0437 keyiter(k[17], r0, r4, r2, 125, 25);
0438 keyiter(k[18], r1, r0, r3, 126, 26);
0439 keyiter(k[19], r2, r1, r4, 127, 27);
0440 keyiter(k[20], r3, r2, r0, 128, 28);
0441 keyiter(k[21], r4, r3, r1, 129, 29);
0442 keyiter(k[22], r0, r4, r2, 130, 30);
0443 keyiter(k[23], r1, r0, r3, 131, 31);
0444
0445
0446 __serpent_setkey_sbox(r0, r1, r2, r3, r4, ctx->expkey);
0447
0448 return 0;
0449 }
0450 EXPORT_SYMBOL_GPL(__serpent_setkey);
0451
0452 int serpent_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
0453 {
0454 return __serpent_setkey(crypto_tfm_ctx(tfm), key, keylen);
0455 }
0456 EXPORT_SYMBOL_GPL(serpent_setkey);
0457
0458 void __serpent_encrypt(const void *c, u8 *dst, const u8 *src)
0459 {
0460 const struct serpent_ctx *ctx = c;
0461 const u32 *k = ctx->expkey;
0462 u32 r0, r1, r2, r3, r4;
0463
0464 r0 = get_unaligned_le32(src);
0465 r1 = get_unaligned_le32(src + 4);
0466 r2 = get_unaligned_le32(src + 8);
0467 r3 = get_unaligned_le32(src + 12);
0468
0469 K(r0, r1, r2, r3, 0);
0470 S0(r0, r1, r2, r3, r4); LK(r2, r1, r3, r0, r4, 1);
0471 S1(r2, r1, r3, r0, r4); LK(r4, r3, r0, r2, r1, 2);
0472 S2(r4, r3, r0, r2, r1); LK(r1, r3, r4, r2, r0, 3);
0473 S3(r1, r3, r4, r2, r0); LK(r2, r0, r3, r1, r4, 4);
0474 S4(r2, r0, r3, r1, r4); LK(r0, r3, r1, r4, r2, 5);
0475 S5(r0, r3, r1, r4, r2); LK(r2, r0, r3, r4, r1, 6);
0476 S6(r2, r0, r3, r4, r1); LK(r3, r1, r0, r4, r2, 7);
0477 S7(r3, r1, r0, r4, r2); LK(r2, r0, r4, r3, r1, 8);
0478 S0(r2, r0, r4, r3, r1); LK(r4, r0, r3, r2, r1, 9);
0479 S1(r4, r0, r3, r2, r1); LK(r1, r3, r2, r4, r0, 10);
0480 S2(r1, r3, r2, r4, r0); LK(r0, r3, r1, r4, r2, 11);
0481 S3(r0, r3, r1, r4, r2); LK(r4, r2, r3, r0, r1, 12);
0482 S4(r4, r2, r3, r0, r1); LK(r2, r3, r0, r1, r4, 13);
0483 S5(r2, r3, r0, r1, r4); LK(r4, r2, r3, r1, r0, 14);
0484 S6(r4, r2, r3, r1, r0); LK(r3, r0, r2, r1, r4, 15);
0485 S7(r3, r0, r2, r1, r4); LK(r4, r2, r1, r3, r0, 16);
0486 S0(r4, r2, r1, r3, r0); LK(r1, r2, r3, r4, r0, 17);
0487 S1(r1, r2, r3, r4, r0); LK(r0, r3, r4, r1, r2, 18);
0488 S2(r0, r3, r4, r1, r2); LK(r2, r3, r0, r1, r4, 19);
0489 S3(r2, r3, r0, r1, r4); LK(r1, r4, r3, r2, r0, 20);
0490 S4(r1, r4, r3, r2, r0); LK(r4, r3, r2, r0, r1, 21);
0491 S5(r4, r3, r2, r0, r1); LK(r1, r4, r3, r0, r2, 22);
0492 S6(r1, r4, r3, r0, r2); LK(r3, r2, r4, r0, r1, 23);
0493 S7(r3, r2, r4, r0, r1); LK(r1, r4, r0, r3, r2, 24);
0494 S0(r1, r4, r0, r3, r2); LK(r0, r4, r3, r1, r2, 25);
0495 S1(r0, r4, r3, r1, r2); LK(r2, r3, r1, r0, r4, 26);
0496 S2(r2, r3, r1, r0, r4); LK(r4, r3, r2, r0, r1, 27);
0497 S3(r4, r3, r2, r0, r1); LK(r0, r1, r3, r4, r2, 28);
0498 S4(r0, r1, r3, r4, r2); LK(r1, r3, r4, r2, r0, 29);
0499 S5(r1, r3, r4, r2, r0); LK(r0, r1, r3, r2, r4, 30);
0500 S6(r0, r1, r3, r2, r4); LK(r3, r4, r1, r2, r0, 31);
0501 S7(r3, r4, r1, r2, r0); K(r0, r1, r2, r3, 32);
0502
0503 put_unaligned_le32(r0, dst);
0504 put_unaligned_le32(r1, dst + 4);
0505 put_unaligned_le32(r2, dst + 8);
0506 put_unaligned_le32(r3, dst + 12);
0507 }
0508 EXPORT_SYMBOL_GPL(__serpent_encrypt);
0509
0510 static void serpent_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
0511 {
0512 struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
0513
0514 __serpent_encrypt(ctx, dst, src);
0515 }
0516
0517 void __serpent_decrypt(const void *c, u8 *dst, const u8 *src)
0518 {
0519 const struct serpent_ctx *ctx = c;
0520 const u32 *k = ctx->expkey;
0521 u32 r0, r1, r2, r3, r4;
0522
0523 r0 = get_unaligned_le32(src);
0524 r1 = get_unaligned_le32(src + 4);
0525 r2 = get_unaligned_le32(src + 8);
0526 r3 = get_unaligned_le32(src + 12);
0527
0528 K(r0, r1, r2, r3, 32);
0529 SI7(r0, r1, r2, r3, r4); KL(r1, r3, r0, r4, r2, 31);
0530 SI6(r1, r3, r0, r4, r2); KL(r0, r2, r4, r1, r3, 30);
0531 SI5(r0, r2, r4, r1, r3); KL(r2, r3, r0, r4, r1, 29);
0532 SI4(r2, r3, r0, r4, r1); KL(r2, r0, r1, r4, r3, 28);
0533 SI3(r2, r0, r1, r4, r3); KL(r1, r2, r3, r4, r0, 27);
0534 SI2(r1, r2, r3, r4, r0); KL(r2, r0, r4, r3, r1, 26);
0535 SI1(r2, r0, r4, r3, r1); KL(r1, r0, r4, r3, r2, 25);
0536 SI0(r1, r0, r4, r3, r2); KL(r4, r2, r0, r1, r3, 24);
0537 SI7(r4, r2, r0, r1, r3); KL(r2, r1, r4, r3, r0, 23);
0538 SI6(r2, r1, r4, r3, r0); KL(r4, r0, r3, r2, r1, 22);
0539 SI5(r4, r0, r3, r2, r1); KL(r0, r1, r4, r3, r2, 21);
0540 SI4(r0, r1, r4, r3, r2); KL(r0, r4, r2, r3, r1, 20);
0541 SI3(r0, r4, r2, r3, r1); KL(r2, r0, r1, r3, r4, 19);
0542 SI2(r2, r0, r1, r3, r4); KL(r0, r4, r3, r1, r2, 18);
0543 SI1(r0, r4, r3, r1, r2); KL(r2, r4, r3, r1, r0, 17);
0544 SI0(r2, r4, r3, r1, r0); KL(r3, r0, r4, r2, r1, 16);
0545 SI7(r3, r0, r4, r2, r1); KL(r0, r2, r3, r1, r4, 15);
0546 SI6(r0, r2, r3, r1, r4); KL(r3, r4, r1, r0, r2, 14);
0547 SI5(r3, r4, r1, r0, r2); KL(r4, r2, r3, r1, r0, 13);
0548 SI4(r4, r2, r3, r1, r0); KL(r4, r3, r0, r1, r2, 12);
0549 SI3(r4, r3, r0, r1, r2); KL(r0, r4, r2, r1, r3, 11);
0550 SI2(r0, r4, r2, r1, r3); KL(r4, r3, r1, r2, r0, 10);
0551 SI1(r4, r3, r1, r2, r0); KL(r0, r3, r1, r2, r4, 9);
0552 SI0(r0, r3, r1, r2, r4); KL(r1, r4, r3, r0, r2, 8);
0553 SI7(r1, r4, r3, r0, r2); KL(r4, r0, r1, r2, r3, 7);
0554 SI6(r4, r0, r1, r2, r3); KL(r1, r3, r2, r4, r0, 6);
0555 SI5(r1, r3, r2, r4, r0); KL(r3, r0, r1, r2, r4, 5);
0556 SI4(r3, r0, r1, r2, r4); KL(r3, r1, r4, r2, r0, 4);
0557 SI3(r3, r1, r4, r2, r0); KL(r4, r3, r0, r2, r1, 3);
0558 SI2(r4, r3, r0, r2, r1); KL(r3, r1, r2, r0, r4, 2);
0559 SI1(r3, r1, r2, r0, r4); KL(r4, r1, r2, r0, r3, 1);
0560 SI0(r4, r1, r2, r0, r3); K(r2, r3, r1, r4, 0);
0561
0562 put_unaligned_le32(r2, dst);
0563 put_unaligned_le32(r3, dst + 4);
0564 put_unaligned_le32(r1, dst + 8);
0565 put_unaligned_le32(r4, dst + 12);
0566 }
0567 EXPORT_SYMBOL_GPL(__serpent_decrypt);
0568
0569 static void serpent_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
0570 {
0571 struct serpent_ctx *ctx = crypto_tfm_ctx(tfm);
0572
0573 __serpent_decrypt(ctx, dst, src);
0574 }
0575
0576 static struct crypto_alg srp_alg = {
0577 .cra_name = "serpent",
0578 .cra_driver_name = "serpent-generic",
0579 .cra_priority = 100,
0580 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
0581 .cra_blocksize = SERPENT_BLOCK_SIZE,
0582 .cra_ctxsize = sizeof(struct serpent_ctx),
0583 .cra_module = THIS_MODULE,
0584 .cra_u = { .cipher = {
0585 .cia_min_keysize = SERPENT_MIN_KEY_SIZE,
0586 .cia_max_keysize = SERPENT_MAX_KEY_SIZE,
0587 .cia_setkey = serpent_setkey,
0588 .cia_encrypt = serpent_encrypt,
0589 .cia_decrypt = serpent_decrypt } }
0590 };
0591
0592 static int __init serpent_mod_init(void)
0593 {
0594 return crypto_register_alg(&srp_alg);
0595 }
0596
0597 static void __exit serpent_mod_fini(void)
0598 {
0599 crypto_unregister_alg(&srp_alg);
0600 }
0601
0602 subsys_initcall(serpent_mod_init);
0603 module_exit(serpent_mod_fini);
0604
0605 MODULE_LICENSE("GPL");
0606 MODULE_DESCRIPTION("Serpent Cipher Algorithm");
0607 MODULE_AUTHOR("Dag Arne Osvik <osvik@ii.uib.no>");
0608 MODULE_ALIAS_CRYPTO("serpent");
0609 MODULE_ALIAS_CRYPTO("serpent-generic");
