Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * Cryptographic API.
4 *
5 * SEED Cipher Algorithm.
6 *
7 * Documentation of SEED can be found in RFC 4269.
8 * Copyright (C) 2007 Korea Information Security Agency (KISA).
9 */
10
11#include <crypto/algapi.h>
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/types.h>
15#include <linux/errno.h>
16#include <asm/byteorder.h>
17
18#define SEED_NUM_KCONSTANTS 16
19#define SEED_KEY_SIZE 16
20#define SEED_BLOCK_SIZE 16
21#define SEED_KEYSCHED_LEN 32
22
23/*
24 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
25 */
26static inline u8
27byte(const u32 x, const unsigned n)
28{
29 return x >> (n << 3);
30}
31
32struct seed_ctx {
33 u32 keysched[SEED_KEYSCHED_LEN];
34};
35
36static const u32 SS0[256] = {
37 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
38 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
39 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
40 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
41 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
42 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
43 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
44 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
45 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
46 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
47 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
48 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
49 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
50 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
51 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
52 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
53 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
54 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
55 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
56 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
57 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
58 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
59 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
60 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
61 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
62 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
63 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
64 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
65 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
66 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
67 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
68 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
69 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
70 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
71 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
72 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
73 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
74 0x36063234, 0x15051114, 0x22022220, 0x38083038,
75 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
76 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
77 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
78 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
79 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
80 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
81 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
82 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
83 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
84 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
85 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
86 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
87 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
88 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
89 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
90 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
91 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
92 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
93 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
94 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
95 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
96 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
97 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
98 0x22426260, 0x29092128, 0x07070304, 0x33033330,
99 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
100 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
101};
102
103static const u32 SS1[256] = {
104 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
105 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
106 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
107 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
108 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
109 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
110 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
111 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
112 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
113 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
114 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
115 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
116 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
117 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
118 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
119 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
120 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
121 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
122 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
123 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
124 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
125 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
126 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
127 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
128 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
129 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
130 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
131 0x20220222, 0x04040400, 0x68284860, 0x70314171,
132 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
133 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
134 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
135 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
136 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
137 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
138 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
139 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
140 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
141 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
142 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
143 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
144 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
145 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
146 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
147 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
148 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
149 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
150 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
151 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
152 0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
153 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
154 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
155 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
156 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
157 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
158 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
159 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
160 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
161 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
162 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
163 0x30320232, 0x84048480, 0x68294961, 0x90138393,
164 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
165 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
166 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
167 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
168};
169
170static const u32 SS2[256] = {
171 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
172 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
173 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
174 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
175 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
176 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
177 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
178 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
179 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
180 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
181 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
182 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
183 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
184 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
185 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
186 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
187 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
188 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
189 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
190 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
191 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
192 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
193 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
194 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
195 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
196 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
197 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
198 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
199 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
200 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
201 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
202 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
203 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
204 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
205 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
206 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
207 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
208 0x32343606, 0x11141505, 0x22202202, 0x30383808,
209 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
210 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
211 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
212 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
213 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
214 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
215 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
216 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
217 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
218 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
219 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
220 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
221 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
222 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
223 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
224 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
225 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
226 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
227 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
228 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
229 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
230 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
231 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
232 0x62602242, 0x21282909, 0x03040707, 0x33303303,
233 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
234 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
235};
236
237static const u32 SS3[256] = {
238 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
239 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
240 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
241 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
242 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
243 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
244 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
245 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
246 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
247 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
248 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
249 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
250 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
251 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
252 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
253 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
254 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
255 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
256 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
257 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
258 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
259 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
260 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
261 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
262 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
263 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
264 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
265 0x02222022, 0x04000404, 0x48606828, 0x41717031,
266 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
267 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
268 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
269 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
270 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
271 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
272 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
273 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
274 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
275 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
276 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
277 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
278 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
279 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
280 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
281 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
282 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
283 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
284 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
285 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
286 0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
287 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
288 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
289 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
290 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
291 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
292 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
293 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
294 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
295 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
296 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
297 0x02323032, 0x84808404, 0x49616829, 0x83939013,
298 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
299 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
300 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
301 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
302};
303
304static const u32 KC[SEED_NUM_KCONSTANTS] = {
305 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
306 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
307 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
308 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
309};
310
311#define OP(X1, X2, X3, X4, rbase) \
312 t0 = X3 ^ ks[rbase]; \
313 t1 = X4 ^ ks[rbase+1]; \
314 t1 ^= t0; \
315 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
316 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
317 t0 += t1; \
318 t0 = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^ \
319 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)]; \
320 t1 += t0; \
321 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
322 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
323 t0 += t1; \
324 X1 ^= t0; \
325 X2 ^= t1
326
327static int seed_set_key(struct crypto_tfm *tfm, const u8 *in_key,
328 unsigned int key_len)
329{
330 struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
331 u32 *keyout = ctx->keysched;
332 const __be32 *key = (const __be32 *)in_key;
333 u32 i, t0, t1, x1, x2, x3, x4;
334
335 x1 = be32_to_cpu(key[0]);
336 x2 = be32_to_cpu(key[1]);
337 x3 = be32_to_cpu(key[2]);
338 x4 = be32_to_cpu(key[3]);
339
340 for (i = 0; i < SEED_NUM_KCONSTANTS; i++) {
341 t0 = x1 + x3 - KC[i];
342 t1 = x2 + KC[i] - x4;
343 *(keyout++) = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^
344 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)];
345 *(keyout++) = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^
346 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];
347
348 if (i % 2 == 0) {
349 t0 = x1;
350 x1 = (x1 >> 8) ^ (x2 << 24);
351 x2 = (x2 >> 8) ^ (t0 << 24);
352 } else {
353 t0 = x3;
354 x3 = (x3 << 8) ^ (x4 >> 24);
355 x4 = (x4 << 8) ^ (t0 >> 24);
356 }
357 }
358
359 return 0;
360}
361
362/* encrypt a block of text */
363
364static void seed_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
365{
366 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
367 const __be32 *src = (const __be32 *)in;
368 __be32 *dst = (__be32 *)out;
369 u32 x1, x2, x3, x4, t0, t1;
370 const u32 *ks = ctx->keysched;
371
372 x1 = be32_to_cpu(src[0]);
373 x2 = be32_to_cpu(src[1]);
374 x3 = be32_to_cpu(src[2]);
375 x4 = be32_to_cpu(src[3]);
376
377 OP(x1, x2, x3, x4, 0);
378 OP(x3, x4, x1, x2, 2);
379 OP(x1, x2, x3, x4, 4);
380 OP(x3, x4, x1, x2, 6);
381 OP(x1, x2, x3, x4, 8);
382 OP(x3, x4, x1, x2, 10);
383 OP(x1, x2, x3, x4, 12);
384 OP(x3, x4, x1, x2, 14);
385 OP(x1, x2, x3, x4, 16);
386 OP(x3, x4, x1, x2, 18);
387 OP(x1, x2, x3, x4, 20);
388 OP(x3, x4, x1, x2, 22);
389 OP(x1, x2, x3, x4, 24);
390 OP(x3, x4, x1, x2, 26);
391 OP(x1, x2, x3, x4, 28);
392 OP(x3, x4, x1, x2, 30);
393
394 dst[0] = cpu_to_be32(x3);
395 dst[1] = cpu_to_be32(x4);
396 dst[2] = cpu_to_be32(x1);
397 dst[3] = cpu_to_be32(x2);
398}
399
400/* decrypt a block of text */
401
402static void seed_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
403{
404 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
405 const __be32 *src = (const __be32 *)in;
406 __be32 *dst = (__be32 *)out;
407 u32 x1, x2, x3, x4, t0, t1;
408 const u32 *ks = ctx->keysched;
409
410 x1 = be32_to_cpu(src[0]);
411 x2 = be32_to_cpu(src[1]);
412 x3 = be32_to_cpu(src[2]);
413 x4 = be32_to_cpu(src[3]);
414
415 OP(x1, x2, x3, x4, 30);
416 OP(x3, x4, x1, x2, 28);
417 OP(x1, x2, x3, x4, 26);
418 OP(x3, x4, x1, x2, 24);
419 OP(x1, x2, x3, x4, 22);
420 OP(x3, x4, x1, x2, 20);
421 OP(x1, x2, x3, x4, 18);
422 OP(x3, x4, x1, x2, 16);
423 OP(x1, x2, x3, x4, 14);
424 OP(x3, x4, x1, x2, 12);
425 OP(x1, x2, x3, x4, 10);
426 OP(x3, x4, x1, x2, 8);
427 OP(x1, x2, x3, x4, 6);
428 OP(x3, x4, x1, x2, 4);
429 OP(x1, x2, x3, x4, 2);
430 OP(x3, x4, x1, x2, 0);
431
432 dst[0] = cpu_to_be32(x3);
433 dst[1] = cpu_to_be32(x4);
434 dst[2] = cpu_to_be32(x1);
435 dst[3] = cpu_to_be32(x2);
436}
437
438
439static struct crypto_alg seed_alg = {
440 .cra_name = "seed",
441 .cra_driver_name = "seed-generic",
442 .cra_priority = 100,
443 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
444 .cra_blocksize = SEED_BLOCK_SIZE,
445 .cra_ctxsize = sizeof(struct seed_ctx),
446 .cra_alignmask = 3,
447 .cra_module = THIS_MODULE,
448 .cra_u = {
449 .cipher = {
450 .cia_min_keysize = SEED_KEY_SIZE,
451 .cia_max_keysize = SEED_KEY_SIZE,
452 .cia_setkey = seed_set_key,
453 .cia_encrypt = seed_encrypt,
454 .cia_decrypt = seed_decrypt
455 }
456 }
457};
458
459static int __init seed_init(void)
460{
461 return crypto_register_alg(&seed_alg);
462}
463
464static void __exit seed_fini(void)
465{
466 crypto_unregister_alg(&seed_alg);
467}
468
469subsys_initcall(seed_init);
470module_exit(seed_fini);
471
472MODULE_DESCRIPTION("SEED Cipher Algorithm");
473MODULE_LICENSE("GPL");
474MODULE_AUTHOR("Hye-Shik Chang <perky@FreeBSD.org>, Kim Hyun <hkim@kisa.or.kr>");
475MODULE_ALIAS_CRYPTO("seed");
1/*
2 * Cryptographic API.
3 *
4 * SEED Cipher Algorithm.
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * Documentation of SEED can be found in RFC 4269.
12 * Copyright (C) 2007 Korea Information Security Agency (KISA).
13 */
14
15#include <linux/module.h>
16#include <linux/init.h>
17#include <linux/types.h>
18#include <linux/errno.h>
19#include <linux/crypto.h>
20#include <asm/byteorder.h>
21
22#define SEED_NUM_KCONSTANTS 16
23#define SEED_KEY_SIZE 16
24#define SEED_BLOCK_SIZE 16
25#define SEED_KEYSCHED_LEN 32
26
27/*
28 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
29 */
30static inline u8
31byte(const u32 x, const unsigned n)
32{
33 return x >> (n << 3);
34}
35
36struct seed_ctx {
37 u32 keysched[SEED_KEYSCHED_LEN];
38};
39
40static const u32 SS0[256] = {
41 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
42 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
43 0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
44 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
45 0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
46 0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
47 0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
48 0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
49 0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
50 0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
51 0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
52 0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
53 0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
54 0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
55 0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
56 0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
57 0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
58 0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
59 0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
60 0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
61 0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
62 0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
63 0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
64 0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
65 0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
66 0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
67 0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
68 0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
69 0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
70 0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
71 0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
72 0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
73 0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
74 0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
75 0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
76 0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
77 0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
78 0x36063234, 0x15051114, 0x22022220, 0x38083038,
79 0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
80 0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
81 0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
82 0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
83 0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
84 0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
85 0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
86 0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
87 0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
88 0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
89 0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
90 0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
91 0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
92 0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
93 0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
94 0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
95 0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
96 0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
97 0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
98 0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
99 0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
100 0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
101 0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
102 0x22426260, 0x29092128, 0x07070304, 0x33033330,
103 0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
104 0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
105};
106
107static const u32 SS1[256] = {
108 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
109 0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
110 0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
111 0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
112 0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
113 0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
114 0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
115 0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
116 0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
117 0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
118 0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
119 0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
120 0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
121 0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
122 0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
123 0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
124 0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
125 0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
126 0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
127 0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
128 0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
129 0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
130 0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
131 0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
132 0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
133 0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
134 0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
135 0x20220222, 0x04040400, 0x68284860, 0x70314171,
136 0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
137 0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
138 0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
139 0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
140 0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
141 0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
142 0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
143 0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
144 0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
145 0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
146 0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
147 0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
148 0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
149 0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
150 0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
151 0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
152 0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
153 0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
154 0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
155 0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
156 0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
157 0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
158 0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
159 0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
160 0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
161 0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
162 0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
163 0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
164 0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
165 0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
166 0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
167 0x30320232, 0x84048480, 0x68294961, 0x90138393,
168 0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
169 0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
170 0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
171 0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
172};
173
174static const u32 SS2[256] = {
175 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
176 0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
177 0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
178 0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
179 0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
180 0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
181 0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
182 0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
183 0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
184 0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
185 0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
186 0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
187 0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
188 0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
189 0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
190 0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
191 0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
192 0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
193 0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
194 0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
195 0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
196 0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
197 0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
198 0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
199 0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
200 0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
201 0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
202 0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
203 0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
204 0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
205 0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
206 0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
207 0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
208 0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
209 0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
210 0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
211 0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
212 0x32343606, 0x11141505, 0x22202202, 0x30383808,
213 0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
214 0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
215 0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
216 0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
217 0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
218 0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
219 0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
220 0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
221 0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
222 0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
223 0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
224 0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
225 0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
226 0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
227 0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
228 0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
229 0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
230 0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
231 0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
232 0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
233 0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
234 0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
235 0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
236 0x62602242, 0x21282909, 0x03040707, 0x33303303,
237 0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
238 0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
239};
240
241static const u32 SS3[256] = {
242 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
243 0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
244 0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
245 0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
246 0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
247 0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
248 0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
249 0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
250 0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
251 0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
252 0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
253 0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
254 0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
255 0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
256 0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
257 0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
258 0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
259 0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
260 0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
261 0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
262 0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
263 0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
264 0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
265 0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
266 0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
267 0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
268 0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
269 0x02222022, 0x04000404, 0x48606828, 0x41717031,
270 0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
271 0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
272 0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
273 0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
274 0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
275 0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
276 0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
277 0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
278 0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
279 0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
280 0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
281 0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
282 0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
283 0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
284 0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
285 0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
286 0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
287 0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
288 0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
289 0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
290 0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
291 0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
292 0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
293 0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
294 0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
295 0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
296 0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
297 0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
298 0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
299 0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
300 0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
301 0x02323032, 0x84808404, 0x49616829, 0x83939013,
302 0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
303 0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
304 0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
305 0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
306};
307
308static const u32 KC[SEED_NUM_KCONSTANTS] = {
309 0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
310 0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
311 0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
312 0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
313};
314
315#define OP(X1, X2, X3, X4, rbase) \
316 t0 = X3 ^ ks[rbase]; \
317 t1 = X4 ^ ks[rbase+1]; \
318 t1 ^= t0; \
319 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
320 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
321 t0 += t1; \
322 t0 = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^ \
323 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)]; \
324 t1 += t0; \
325 t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^ \
326 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)]; \
327 t0 += t1; \
328 X1 ^= t0; \
329 X2 ^= t1;
330
331static int seed_set_key(struct crypto_tfm *tfm, const u8 *in_key,
332 unsigned int key_len)
333{
334 struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
335 u32 *keyout = ctx->keysched;
336 const __be32 *key = (const __be32 *)in_key;
337 u32 i, t0, t1, x1, x2, x3, x4;
338
339 x1 = be32_to_cpu(key[0]);
340 x2 = be32_to_cpu(key[1]);
341 x3 = be32_to_cpu(key[2]);
342 x4 = be32_to_cpu(key[3]);
343
344 for (i = 0; i < SEED_NUM_KCONSTANTS; i++) {
345 t0 = x1 + x3 - KC[i];
346 t1 = x2 + KC[i] - x4;
347 *(keyout++) = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^
348 SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)];
349 *(keyout++) = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^
350 SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];
351
352 if (i % 2 == 0) {
353 t0 = x1;
354 x1 = (x1 >> 8) ^ (x2 << 24);
355 x2 = (x2 >> 8) ^ (t0 << 24);
356 } else {
357 t0 = x3;
358 x3 = (x3 << 8) ^ (x4 >> 24);
359 x4 = (x4 << 8) ^ (t0 >> 24);
360 }
361 }
362
363 return 0;
364}
365
366/* encrypt a block of text */
367
368static void seed_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
369{
370 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
371 const __be32 *src = (const __be32 *)in;
372 __be32 *dst = (__be32 *)out;
373 u32 x1, x2, x3, x4, t0, t1;
374 const u32 *ks = ctx->keysched;
375
376 x1 = be32_to_cpu(src[0]);
377 x2 = be32_to_cpu(src[1]);
378 x3 = be32_to_cpu(src[2]);
379 x4 = be32_to_cpu(src[3]);
380
381 OP(x1, x2, x3, x4, 0);
382 OP(x3, x4, x1, x2, 2);
383 OP(x1, x2, x3, x4, 4);
384 OP(x3, x4, x1, x2, 6);
385 OP(x1, x2, x3, x4, 8);
386 OP(x3, x4, x1, x2, 10);
387 OP(x1, x2, x3, x4, 12);
388 OP(x3, x4, x1, x2, 14);
389 OP(x1, x2, x3, x4, 16);
390 OP(x3, x4, x1, x2, 18);
391 OP(x1, x2, x3, x4, 20);
392 OP(x3, x4, x1, x2, 22);
393 OP(x1, x2, x3, x4, 24);
394 OP(x3, x4, x1, x2, 26);
395 OP(x1, x2, x3, x4, 28);
396 OP(x3, x4, x1, x2, 30);
397
398 dst[0] = cpu_to_be32(x3);
399 dst[1] = cpu_to_be32(x4);
400 dst[2] = cpu_to_be32(x1);
401 dst[3] = cpu_to_be32(x2);
402}
403
404/* decrypt a block of text */
405
406static void seed_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
407{
408 const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
409 const __be32 *src = (const __be32 *)in;
410 __be32 *dst = (__be32 *)out;
411 u32 x1, x2, x3, x4, t0, t1;
412 const u32 *ks = ctx->keysched;
413
414 x1 = be32_to_cpu(src[0]);
415 x2 = be32_to_cpu(src[1]);
416 x3 = be32_to_cpu(src[2]);
417 x4 = be32_to_cpu(src[3]);
418
419 OP(x1, x2, x3, x4, 30);
420 OP(x3, x4, x1, x2, 28);
421 OP(x1, x2, x3, x4, 26);
422 OP(x3, x4, x1, x2, 24);
423 OP(x1, x2, x3, x4, 22);
424 OP(x3, x4, x1, x2, 20);
425 OP(x1, x2, x3, x4, 18);
426 OP(x3, x4, x1, x2, 16);
427 OP(x1, x2, x3, x4, 14);
428 OP(x3, x4, x1, x2, 12);
429 OP(x1, x2, x3, x4, 10);
430 OP(x3, x4, x1, x2, 8);
431 OP(x1, x2, x3, x4, 6);
432 OP(x3, x4, x1, x2, 4);
433 OP(x1, x2, x3, x4, 2);
434 OP(x3, x4, x1, x2, 0);
435
436 dst[0] = cpu_to_be32(x3);
437 dst[1] = cpu_to_be32(x4);
438 dst[2] = cpu_to_be32(x1);
439 dst[3] = cpu_to_be32(x2);
440}
441
442
443static struct crypto_alg seed_alg = {
444 .cra_name = "seed",
445 .cra_driver_name = "seed-generic",
446 .cra_priority = 100,
447 .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
448 .cra_blocksize = SEED_BLOCK_SIZE,
449 .cra_ctxsize = sizeof(struct seed_ctx),
450 .cra_alignmask = 3,
451 .cra_module = THIS_MODULE,
452 .cra_u = {
453 .cipher = {
454 .cia_min_keysize = SEED_KEY_SIZE,
455 .cia_max_keysize = SEED_KEY_SIZE,
456 .cia_setkey = seed_set_key,
457 .cia_encrypt = seed_encrypt,
458 .cia_decrypt = seed_decrypt
459 }
460 }
461};
462
463static int __init seed_init(void)
464{
465 return crypto_register_alg(&seed_alg);
466}
467
468static void __exit seed_fini(void)
469{
470 crypto_unregister_alg(&seed_alg);
471}
472
473module_init(seed_init);
474module_exit(seed_fini);
475
476MODULE_DESCRIPTION("SEED Cipher Algorithm");
477MODULE_LICENSE("GPL");
478MODULE_AUTHOR("Hye-Shik Chang <perky@FreeBSD.org>, Kim Hyun <hkim@kisa.or.kr>");