Commit | Line | Data |
---|---|---|
520af5da AB |
1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* | |
3 | * Minimal library implementation of GCM | |
4 | * | |
5 | * Copyright 2022 Google LLC | |
6 | */ | |
7 | ||
8 | #include <linux/module.h> | |
9 | ||
10 | #include <crypto/algapi.h> | |
11 | #include <crypto/gcm.h> | |
12 | #include <crypto/ghash.h> | |
13 | ||
14 | #include <asm/irqflags.h> | |
15 | ||
16 | static void aesgcm_encrypt_block(const struct crypto_aes_ctx *ctx, void *dst, | |
17 | const void *src) | |
18 | { | |
19 | unsigned long flags; | |
20 | ||
21 | /* | |
22 | * In AES-GCM, both the GHASH key derivation and the CTR mode | |
23 | * encryption operate on known plaintext, making them susceptible to | |
24 | * timing attacks on the encryption key. The AES library already | |
25 | * mitigates this risk to some extent by pulling the entire S-box into | |
26 | * the caches before doing any substitutions, but this strategy is more | |
27 | * effective when running with interrupts disabled. | |
28 | */ | |
29 | local_irq_save(flags); | |
30 | aes_encrypt(ctx, dst, src); | |
31 | local_irq_restore(flags); | |
32 | } | |
33 | ||
34 | /** | |
35 | * aesgcm_expandkey - Expands the AES and GHASH keys for the AES-GCM key | |
36 | * schedule | |
37 | * | |
38 | * @ctx: The data structure that will hold the AES-GCM key schedule | |
39 | * @key: The AES encryption input key | |
40 | * @keysize: The length in bytes of the input key | |
41 | * @authsize: The size in bytes of the GCM authentication tag | |
42 | * | |
43 | * Returns: 0 on success, or -EINVAL if @keysize or @authsize contain values | |
44 | * that are not permitted by the GCM specification. | |
45 | */ | |
46 | int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key, | |
47 | unsigned int keysize, unsigned int authsize) | |
48 | { | |
49 | u8 kin[AES_BLOCK_SIZE] = {}; | |
50 | int ret; | |
51 | ||
52 | ret = crypto_gcm_check_authsize(authsize) ?: | |
53 | aes_expandkey(&ctx->aes_ctx, key, keysize); | |
54 | if (ret) | |
55 | return ret; | |
56 | ||
57 | ctx->authsize = authsize; | |
58 | aesgcm_encrypt_block(&ctx->aes_ctx, &ctx->ghash_key, kin); | |
59 | ||
60 | return 0; | |
61 | } | |
62 | EXPORT_SYMBOL(aesgcm_expandkey); | |
63 | ||
64 | static void aesgcm_ghash(be128 *ghash, const be128 *key, const void *src, | |
65 | int len) | |
66 | { | |
67 | while (len > 0) { | |
68 | crypto_xor((u8 *)ghash, src, min(len, GHASH_BLOCK_SIZE)); | |
69 | gf128mul_lle(ghash, key); | |
70 | ||
71 | src += GHASH_BLOCK_SIZE; | |
72 | len -= GHASH_BLOCK_SIZE; | |
73 | } | |
74 | } | |
75 | ||
76 | static void aesgcm_mac(const struct aesgcm_ctx *ctx, const u8 *src, int src_len, | |
77 | const u8 *assoc, int assoc_len, __be32 *ctr, u8 *authtag) | |
78 | { | |
79 | be128 tail = { cpu_to_be64(assoc_len * 8), cpu_to_be64(src_len * 8) }; | |
80 | u8 buf[AES_BLOCK_SIZE]; | |
81 | be128 ghash = {}; | |
82 | ||
83 | aesgcm_ghash(&ghash, &ctx->ghash_key, assoc, assoc_len); | |
84 | aesgcm_ghash(&ghash, &ctx->ghash_key, src, src_len); | |
85 | aesgcm_ghash(&ghash, &ctx->ghash_key, &tail, sizeof(tail)); | |
86 | ||
87 | ctr[3] = cpu_to_be32(1); | |
88 | aesgcm_encrypt_block(&ctx->aes_ctx, buf, ctr); | |
89 | crypto_xor_cpy(authtag, buf, (u8 *)&ghash, ctx->authsize); | |
90 | ||
91 | memzero_explicit(&ghash, sizeof(ghash)); | |
92 | memzero_explicit(buf, sizeof(buf)); | |
93 | } | |
94 | ||
95 | static void aesgcm_crypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, | |
96 | int len, __be32 *ctr) | |
97 | { | |
98 | u8 buf[AES_BLOCK_SIZE]; | |
99 | unsigned int n = 2; | |
100 | ||
101 | while (len > 0) { | |
102 | /* | |
103 | * The counter increment below must not result in overflow or | |
104 | * carry into the next 32-bit word, as this could result in | |
105 | * inadvertent IV reuse, which must be avoided at all cost for | |
106 | * stream ciphers such as AES-CTR. Given the range of 'int | |
107 | * len', this cannot happen, so no explicit test is necessary. | |
108 | */ | |
109 | ctr[3] = cpu_to_be32(n++); | |
110 | aesgcm_encrypt_block(&ctx->aes_ctx, buf, ctr); | |
111 | crypto_xor_cpy(dst, src, buf, min(len, AES_BLOCK_SIZE)); | |
112 | ||
113 | dst += AES_BLOCK_SIZE; | |
114 | src += AES_BLOCK_SIZE; | |
115 | len -= AES_BLOCK_SIZE; | |
116 | } | |
117 | memzero_explicit(buf, sizeof(buf)); | |
118 | } | |
119 | ||
120 | /** | |
121 | * aesgcm_encrypt - Perform AES-GCM encryption on a block of data | |
122 | * | |
123 | * @ctx: The AES-GCM key schedule | |
124 | * @dst: Pointer to the ciphertext output buffer | |
125 | * @src: Pointer the plaintext (may equal @dst for encryption in place) | |
126 | * @crypt_len: The size in bytes of the plaintext and ciphertext. | |
127 | * @assoc: Pointer to the associated data, | |
128 | * @assoc_len: The size in bytes of the associated data | |
129 | * @iv: The initialization vector (IV) to use for this block of data | |
130 | * (must be 12 bytes in size as per the GCM spec recommendation) | |
131 | * @authtag: The address of the buffer in memory where the authentication | |
132 | * tag should be stored. The buffer is assumed to have space for | |
133 | * @ctx->authsize bytes. | |
134 | */ | |
135 | void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, | |
136 | int crypt_len, const u8 *assoc, int assoc_len, | |
137 | const u8 iv[GCM_AES_IV_SIZE], u8 *authtag) | |
138 | { | |
139 | __be32 ctr[4]; | |
140 | ||
141 | memcpy(ctr, iv, GCM_AES_IV_SIZE); | |
142 | ||
143 | aesgcm_crypt(ctx, dst, src, crypt_len, ctr); | |
144 | aesgcm_mac(ctx, dst, crypt_len, assoc, assoc_len, ctr, authtag); | |
145 | } | |
146 | EXPORT_SYMBOL(aesgcm_encrypt); | |
147 | ||
148 | /** | |
149 | * aesgcm_decrypt - Perform AES-GCM decryption on a block of data | |
150 | * | |
151 | * @ctx: The AES-GCM key schedule | |
152 | * @dst: Pointer to the plaintext output buffer | |
153 | * @src: Pointer the ciphertext (may equal @dst for decryption in place) | |
154 | * @crypt_len: The size in bytes of the plaintext and ciphertext. | |
155 | * @assoc: Pointer to the associated data, | |
156 | * @assoc_len: The size in bytes of the associated data | |
157 | * @iv: The initialization vector (IV) to use for this block of data | |
158 | * (must be 12 bytes in size as per the GCM spec recommendation) | |
159 | * @authtag: The address of the buffer in memory where the authentication | |
160 | * tag is stored. | |
161 | * | |
162 | * Returns: true on success, or false if the ciphertext failed authentication. | |
163 | * On failure, no plaintext will be returned. | |
164 | */ | |
165 | bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst, | |
166 | const u8 *src, int crypt_len, const u8 *assoc, | |
167 | int assoc_len, const u8 iv[GCM_AES_IV_SIZE], | |
168 | const u8 *authtag) | |
169 | { | |
170 | u8 tagbuf[AES_BLOCK_SIZE]; | |
171 | __be32 ctr[4]; | |
172 | ||
173 | memcpy(ctr, iv, GCM_AES_IV_SIZE); | |
174 | ||
175 | aesgcm_mac(ctx, src, crypt_len, assoc, assoc_len, ctr, tagbuf); | |
176 | if (crypto_memneq(authtag, tagbuf, ctx->authsize)) { | |
177 | memzero_explicit(tagbuf, sizeof(tagbuf)); | |
178 | return false; | |
179 | } | |
180 | aesgcm_crypt(ctx, dst, src, crypt_len, ctr); | |
181 | return true; | |
182 | } | |
183 | EXPORT_SYMBOL(aesgcm_decrypt); | |
184 | ||
185 | MODULE_DESCRIPTION("Generic AES-GCM library"); | |
186 | MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>"); | |
187 | MODULE_LICENSE("GPL"); | |
188 | ||
189 | #ifndef CONFIG_CRYPTO_MANAGER_DISABLE_TESTS | |
190 | ||
191 | /* | |
192 | * Test code below. Vectors taken from crypto/testmgr.h | |
193 | */ | |
194 | ||
195 | static const u8 __initconst ctext0[16] = | |
196 | "\x58\xe2\xfc\xce\xfa\x7e\x30\x61" | |
197 | "\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"; | |
198 | ||
199 | static const u8 __initconst ptext1[16]; | |
200 | ||
201 | static const u8 __initconst ctext1[32] = | |
202 | "\x03\x88\xda\xce\x60\xb6\xa3\x92" | |
203 | "\xf3\x28\xc2\xb9\x71\xb2\xfe\x78" | |
204 | "\xab\x6e\x47\xd4\x2c\xec\x13\xbd" | |
205 | "\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"; | |
206 | ||
207 | static const u8 __initconst ptext2[64] = | |
208 | "\xd9\x31\x32\x25\xf8\x84\x06\xe5" | |
209 | "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" | |
210 | "\x86\xa7\xa9\x53\x15\x34\xf7\xda" | |
211 | "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" | |
212 | "\x1c\x3c\x0c\x95\x95\x68\x09\x53" | |
213 | "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" | |
214 | "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" | |
215 | "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; | |
216 | ||
217 | static const u8 __initconst ctext2[80] = | |
218 | "\x42\x83\x1e\xc2\x21\x77\x74\x24" | |
219 | "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" | |
220 | "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" | |
221 | "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" | |
222 | "\x21\xd5\x14\xb2\x54\x66\x93\x1c" | |
223 | "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" | |
224 | "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" | |
225 | "\x3d\x58\xe0\x91\x47\x3f\x59\x85" | |
226 | "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6" | |
227 | "\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4"; | |
228 | ||
229 | static const u8 __initconst ptext3[60] = | |
230 | "\xd9\x31\x32\x25\xf8\x84\x06\xe5" | |
231 | "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" | |
232 | "\x86\xa7\xa9\x53\x15\x34\xf7\xda" | |
233 | "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" | |
234 | "\x1c\x3c\x0c\x95\x95\x68\x09\x53" | |
235 | "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" | |
236 | "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" | |
237 | "\xba\x63\x7b\x39"; | |
238 | ||
239 | static const u8 __initconst ctext3[76] = | |
240 | "\x42\x83\x1e\xc2\x21\x77\x74\x24" | |
241 | "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" | |
242 | "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" | |
243 | "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" | |
244 | "\x21\xd5\x14\xb2\x54\x66\x93\x1c" | |
245 | "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" | |
246 | "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" | |
247 | "\x3d\x58\xe0\x91" | |
248 | "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb" | |
249 | "\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"; | |
250 | ||
251 | static const u8 __initconst ctext4[16] = | |
252 | "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b" | |
253 | "\xa0\x0e\xd1\xf3\x12\x57\x24\x35"; | |
254 | ||
255 | static const u8 __initconst ctext5[32] = | |
256 | "\x98\xe7\x24\x7c\x07\xf0\xfe\x41" | |
257 | "\x1c\x26\x7e\x43\x84\xb0\xf6\x00" | |
258 | "\x2f\xf5\x8d\x80\x03\x39\x27\xab" | |
259 | "\x8e\xf4\xd4\x58\x75\x14\xf0\xfb"; | |
260 | ||
261 | static const u8 __initconst ptext6[64] = | |
262 | "\xd9\x31\x32\x25\xf8\x84\x06\xe5" | |
263 | "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" | |
264 | "\x86\xa7\xa9\x53\x15\x34\xf7\xda" | |
265 | "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" | |
266 | "\x1c\x3c\x0c\x95\x95\x68\x09\x53" | |
267 | "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" | |
268 | "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" | |
269 | "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; | |
270 | ||
271 | static const u8 __initconst ctext6[80] = | |
272 | "\x39\x80\xca\x0b\x3c\x00\xe8\x41" | |
273 | "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" | |
274 | "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" | |
275 | "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" | |
276 | "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" | |
277 | "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" | |
278 | "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" | |
279 | "\xcc\xda\x27\x10\xac\xad\xe2\x56" | |
280 | "\x99\x24\xa7\xc8\x58\x73\x36\xbf" | |
281 | "\xb1\x18\x02\x4d\xb8\x67\x4a\x14"; | |
282 | ||
283 | static const u8 __initconst ctext7[16] = | |
284 | "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9" | |
285 | "\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b"; | |
286 | ||
287 | static const u8 __initconst ctext8[32] = | |
288 | "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" | |
289 | "\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" | |
290 | "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0" | |
291 | "\x26\x5b\x98\xb5\xd4\x8a\xb9\x19"; | |
292 | ||
293 | static const u8 __initconst ptext9[64] = | |
294 | "\xd9\x31\x32\x25\xf8\x84\x06\xe5" | |
295 | "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" | |
296 | "\x86\xa7\xa9\x53\x15\x34\xf7\xda" | |
297 | "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" | |
298 | "\x1c\x3c\x0c\x95\x95\x68\x09\x53" | |
299 | "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" | |
300 | "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" | |
301 | "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; | |
302 | ||
303 | static const u8 __initconst ctext9[80] = | |
304 | "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" | |
305 | "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" | |
306 | "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" | |
307 | "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" | |
308 | "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" | |
309 | "\xa7\xb0\x8b\x10\x56\x82\x88\x38" | |
310 | "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" | |
311 | "\xbc\xc9\xf6\x62\x89\x80\x15\xad" | |
312 | "\xb0\x94\xda\xc5\xd9\x34\x71\xbd" | |
313 | "\xec\x1a\x50\x22\x70\xe3\xcc\x6c"; | |
314 | ||
315 | static const u8 __initconst ptext10[60] = | |
316 | "\xd9\x31\x32\x25\xf8\x84\x06\xe5" | |
317 | "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" | |
318 | "\x86\xa7\xa9\x53\x15\x34\xf7\xda" | |
319 | "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" | |
320 | "\x1c\x3c\x0c\x95\x95\x68\x09\x53" | |
321 | "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" | |
322 | "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" | |
323 | "\xba\x63\x7b\x39"; | |
324 | ||
325 | static const u8 __initconst ctext10[76] = | |
326 | "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" | |
327 | "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" | |
328 | "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" | |
329 | "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" | |
330 | "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" | |
331 | "\xa7\xb0\x8b\x10\x56\x82\x88\x38" | |
332 | "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" | |
333 | "\xbc\xc9\xf6\x62" | |
334 | "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" | |
335 | "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b"; | |
336 | ||
337 | static const u8 __initconst ptext11[60] = | |
338 | "\xd9\x31\x32\x25\xf8\x84\x06\xe5" | |
339 | "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" | |
340 | "\x86\xa7\xa9\x53\x15\x34\xf7\xda" | |
341 | "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" | |
342 | "\x1c\x3c\x0c\x95\x95\x68\x09\x53" | |
343 | "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" | |
344 | "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" | |
345 | "\xba\x63\x7b\x39"; | |
346 | ||
347 | static const u8 __initconst ctext11[76] = | |
348 | "\x39\x80\xca\x0b\x3c\x00\xe8\x41" | |
349 | "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" | |
350 | "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" | |
351 | "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" | |
352 | "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" | |
353 | "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" | |
354 | "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" | |
355 | "\xcc\xda\x27\x10" | |
356 | "\x25\x19\x49\x8e\x80\xf1\x47\x8f" | |
357 | "\x37\xba\x55\xbd\x6d\x27\x61\x8c"; | |
358 | ||
359 | static const u8 __initconst ptext12[719] = | |
360 | "\x42\xc1\xcc\x08\x48\x6f\x41\x3f" | |
361 | "\x2f\x11\x66\x8b\x2a\x16\xf0\xe0" | |
362 | "\x58\x83\xf0\xc3\x70\x14\xc0\x5b" | |
363 | "\x3f\xec\x1d\x25\x3c\x51\xd2\x03" | |
364 | "\xcf\x59\x74\x1f\xb2\x85\xb4\x07" | |
365 | "\xc6\x6a\x63\x39\x8a\x5b\xde\xcb" | |
366 | "\xaf\x08\x44\xbd\x6f\x91\x15\xe1" | |
367 | "\xf5\x7a\x6e\x18\xbd\xdd\x61\x50" | |
368 | "\x59\xa9\x97\xab\xbb\x0e\x74\x5c" | |
369 | "\x00\xa4\x43\x54\x04\x54\x9b\x3b" | |
370 | "\x77\xec\xfd\x5c\xa6\xe8\x7b\x08" | |
371 | "\xae\xe6\x10\x3f\x32\x65\xd1\xfc" | |
372 | "\xa4\x1d\x2c\x31\xfb\x33\x7a\xb3" | |
373 | "\x35\x23\xf4\x20\x41\xd4\xad\x82" | |
374 | "\x8b\xa4\xad\x96\x1c\x20\x53\xbe" | |
375 | "\x0e\xa6\xf4\xdc\x78\x49\x3e\x72" | |
376 | "\xb1\xa9\xb5\x83\xcb\x08\x54\xb7" | |
377 | "\xad\x49\x3a\xae\x98\xce\xa6\x66" | |
378 | "\x10\x30\x90\x8c\x55\x83\xd7\x7c" | |
379 | "\x8b\xe6\x53\xde\xd2\x6e\x18\x21" | |
380 | "\x01\x52\xd1\x9f\x9d\xbb\x9c\x73" | |
381 | "\x57\xcc\x89\x09\x75\x9b\x78\x70" | |
382 | "\xed\x26\x97\x4d\xb4\xe4\x0c\xa5" | |
383 | "\xfa\x70\x04\x70\xc6\x96\x1c\x7d" | |
384 | "\x54\x41\x77\xa8\xe3\xb0\x7e\x96" | |
385 | "\x82\xd9\xec\xa2\x87\x68\x55\xf9" | |
386 | "\x8f\x9e\x73\x43\x47\x6a\x08\x36" | |
387 | "\x93\x67\xa8\x2d\xde\xac\x41\xa9" | |
388 | "\x5c\x4d\x73\x97\x0f\x70\x68\xfa" | |
389 | "\x56\x4d\x00\xc2\x3b\x1f\xc8\xb9" | |
390 | "\x78\x1f\x51\x07\xe3\x9a\x13\x4e" | |
391 | "\xed\x2b\x2e\xa3\xf7\x44\xb2\xe7" | |
392 | "\xab\x19\x37\xd9\xba\x76\x5e\xd2" | |
393 | "\xf2\x53\x15\x17\x4c\x6b\x16\x9f" | |
394 | "\x02\x66\x49\xca\x7c\x91\x05\xf2" | |
395 | "\x45\x36\x1e\xf5\x77\xad\x1f\x46" | |
396 | "\xa8\x13\xfb\x63\xb6\x08\x99\x63" | |
397 | "\x82\xa2\xed\xb3\xac\xdf\x43\x19" | |
398 | "\x45\xea\x78\x73\xd9\xb7\x39\x11" | |
399 | "\xa3\x13\x7c\xf8\x3f\xf7\xad\x81" | |
400 | "\x48\x2f\xa9\x5c\x5f\xa0\xf0\x79" | |
401 | "\xa4\x47\x7d\x80\x20\x26\xfd\x63" | |
402 | "\x0a\xc7\x7e\x6d\x75\x47\xff\x76" | |
403 | "\x66\x2e\x8a\x6c\x81\x35\xaf\x0b" | |
404 | "\x2e\x6a\x49\x60\xc1\x10\xe1\xe1" | |
405 | "\x54\x03\xa4\x09\x0c\x37\x7a\x15" | |
406 | "\x23\x27\x5b\x8b\x4b\xa5\x64\x97" | |
407 | "\xae\x4a\x50\x73\x1f\x66\x1c\x5c" | |
408 | "\x03\x25\x3c\x8d\x48\x58\x71\x34" | |
409 | "\x0e\xec\x4e\x55\x1a\x03\x6a\xe5" | |
410 | "\xb6\x19\x2b\x84\x2a\x20\xd1\xea" | |
411 | "\x80\x6f\x96\x0e\x05\x62\xc7\x78" | |
412 | "\x87\x79\x60\x38\x46\xb4\x25\x57" | |
413 | "\x6e\x16\x63\xf8\xad\x6e\xd7\x42" | |
414 | "\x69\xe1\x88\xef\x6e\xd5\xb4\x9a" | |
415 | "\x3c\x78\x6c\x3b\xe5\xa0\x1d\x22" | |
416 | "\x86\x5c\x74\x3a\xeb\x24\x26\xc7" | |
417 | "\x09\xfc\x91\x96\x47\x87\x4f\x1a" | |
418 | "\xd6\x6b\x2c\x18\x47\xc0\xb8\x24" | |
419 | "\xa8\x5a\x4a\x9e\xcb\x03\xe7\x2a" | |
420 | "\x09\xe6\x4d\x9c\x6d\x86\x60\xf5" | |
421 | "\x2f\x48\x69\x37\x9f\xf2\xd2\xcb" | |
422 | "\x0e\x5a\xdd\x6e\x8a\xfb\x6a\xfe" | |
423 | "\x0b\x63\xde\x87\x42\x79\x8a\x68" | |
424 | "\x51\x28\x9b\x7a\xeb\xaf\xb8\x2f" | |
425 | "\x9d\xd1\xc7\x45\x90\x08\xc9\x83" | |
426 | "\xe9\x83\x84\xcb\x28\x69\x09\x69" | |
427 | "\xce\x99\x46\x00\x54\xcb\xd8\x38" | |
428 | "\xf9\x53\x4a\xbf\x31\xce\x57\x15" | |
429 | "\x33\xfa\x96\x04\x33\x42\xe3\xc0" | |
430 | "\xb7\x54\x4a\x65\x7a\x7c\x02\xe6" | |
431 | "\x19\x95\xd0\x0e\x82\x07\x63\xf9" | |
432 | "\xe1\x2b\x2a\xfc\x55\x92\x52\xc9" | |
433 | "\xb5\x9f\x23\x28\x60\xe7\x20\x51" | |
434 | "\x10\xd3\xed\x6d\x9b\xab\xb8\xe2" | |
435 | "\x5d\x9a\x34\xb3\xbe\x9c\x64\xcb" | |
436 | "\x78\xc6\x91\x22\x40\x91\x80\xbe" | |
437 | "\xd7\x78\x5c\x0e\x0a\xdc\x08\xe9" | |
438 | "\x67\x10\xa4\x83\x98\x79\x23\xe7" | |
439 | "\x92\xda\xa9\x22\x16\xb1\xe7\x78" | |
440 | "\xa3\x1c\x6c\x8f\x35\x7c\x4d\x37" | |
441 | "\x2f\x6e\x0b\x50\x5c\x34\xb9\xf9" | |
442 | "\xe6\x3d\x91\x0d\x32\x95\xaa\x3d" | |
443 | "\x48\x11\x06\xbb\x2d\xf2\x63\x88" | |
444 | "\x3f\x73\x09\xe2\x45\x56\x31\x51" | |
445 | "\xfa\x5e\x4e\x62\xf7\x90\xf9\xa9" | |
446 | "\x7d\x7b\x1b\xb1\xc8\x26\x6e\x66" | |
447 | "\xf6\x90\x9a\x7f\xf2\x57\xcc\x23" | |
448 | "\x59\xfa\xfa\xaa\x44\x04\x01\xa7" | |
449 | "\xa4\x78\xdb\x74\x3d\x8b\xb5"; | |
450 | ||
451 | static const u8 __initconst ctext12[735] = | |
452 | "\x84\x0b\xdb\xd5\xb7\xa8\xfe\x20" | |
453 | "\xbb\xb1\x12\x7f\x41\xea\xb3\xc0" | |
454 | "\xa2\xb4\x37\x19\x11\x58\xb6\x0b" | |
455 | "\x4c\x1d\x38\x05\x54\xd1\x16\x73" | |
456 | "\x8e\x1c\x20\x90\xa2\x9a\xb7\x74" | |
457 | "\x47\xe6\xd8\xfc\x18\x3a\xb4\xea" | |
458 | "\xd5\x16\x5a\x2c\x53\x01\x46\xb3" | |
459 | "\x18\x33\x74\x6c\x50\xf2\xe8\xc0" | |
460 | "\x73\xda\x60\x22\xeb\xe3\xe5\x9b" | |
461 | "\x20\x93\x6c\x4b\x37\x99\xb8\x23" | |
462 | "\x3b\x4e\xac\xe8\x5b\xe8\x0f\xb7" | |
463 | "\xc3\x8f\xfb\x4a\x37\xd9\x39\x95" | |
464 | "\x34\xf1\xdb\x8f\x71\xd9\xc7\x0b" | |
465 | "\x02\xf1\x63\xfc\x9b\xfc\xc5\xab" | |
466 | "\xb9\x14\x13\x21\xdf\xce\xaa\x88" | |
467 | "\x44\x30\x1e\xce\x26\x01\x92\xf8" | |
468 | "\x9f\x00\x4b\x0c\x4b\xf7\x5f\xe0" | |
469 | "\x89\xca\x94\x66\x11\x21\x97\xca" | |
470 | "\x3e\x83\x74\x2d\xdb\x4d\x11\xeb" | |
471 | "\x97\xc2\x14\xff\x9e\x1e\xa0\x6b" | |
472 | "\x08\xb4\x31\x2b\x85\xc6\x85\x6c" | |
473 | "\x90\xec\x39\xc0\xec\xb3\xb5\x4e" | |
474 | "\xf3\x9c\xe7\x83\x3a\x77\x0a\xf4" | |
475 | "\x56\xfe\xce\x18\x33\x6d\x0b\x2d" | |
476 | "\x33\xda\xc8\x05\x5c\xb4\x09\x2a" | |
477 | "\xde\x6b\x52\x98\x01\xef\x36\x3d" | |
478 | "\xbd\xf9\x8f\xa8\x3e\xaa\xcd\xd1" | |
479 | "\x01\x2d\x42\x49\xc3\xb6\x84\xbb" | |
480 | "\x48\x96\xe0\x90\x93\x6c\x48\x64" | |
481 | "\xd4\xfa\x7f\x93\x2c\xa6\x21\xc8" | |
482 | "\x7a\x23\x7b\xaa\x20\x56\x12\xae" | |
483 | "\x16\x9d\x94\x0f\x54\xa1\xec\xca" | |
484 | "\x51\x4e\xf2\x39\xf4\xf8\x5f\x04" | |
485 | "\x5a\x0d\xbf\xf5\x83\xa1\x15\xe1" | |
486 | "\xf5\x3c\xd8\x62\xa3\xed\x47\x89" | |
487 | "\x85\x4c\xe5\xdb\xac\x9e\x17\x1d" | |
488 | "\x0c\x09\xe3\x3e\x39\x5b\x4d\x74" | |
489 | "\x0e\xf5\x34\xee\x70\x11\x4c\xfd" | |
490 | "\xdb\x34\xb1\xb5\x10\x3f\x73\xb7" | |
491 | "\xf5\xfa\xed\xb0\x1f\xa5\xcd\x3c" | |
492 | "\x8d\x35\x83\xd4\x11\x44\x6e\x6c" | |
493 | "\x5b\xe0\x0e\x69\xa5\x39\xe5\xbb" | |
494 | "\xa9\x57\x24\x37\xe6\x1f\xdd\xcf" | |
495 | "\x16\x2a\x13\xf9\x6a\x2d\x90\xa0" | |
496 | "\x03\x60\x7a\xed\x69\xd5\x00\x8b" | |
497 | "\x7e\x4f\xcb\xb9\xfa\x91\xb9\x37" | |
498 | "\xc1\x26\xce\x90\x97\x22\x64\x64" | |
499 | "\xc1\x72\x43\x1b\xf6\xac\xc1\x54" | |
500 | "\x8a\x10\x9c\xdd\x8d\xd5\x8e\xb2" | |
501 | "\xe4\x85\xda\xe0\x20\x5f\xf4\xb4" | |
502 | "\x15\xb5\xa0\x8d\x12\x74\x49\x23" | |
503 | "\x3a\xdf\x4a\xd3\xf0\x3b\x89\xeb" | |
504 | "\xf8\xcc\x62\x7b\xfb\x93\x07\x41" | |
505 | "\x61\x26\x94\x58\x70\xa6\x3c\xe4" | |
506 | "\xff\x58\xc4\x13\x3d\xcb\x36\x6b" | |
507 | "\x32\xe5\xb2\x6d\x03\x74\x6f\x76" | |
508 | "\x93\x77\xde\x48\xc4\xfa\x30\x4a" | |
509 | "\xda\x49\x80\x77\x0f\x1c\xbe\x11" | |
510 | "\xc8\x48\xb1\xe5\xbb\xf2\x8a\xe1" | |
511 | "\x96\x2f\x9f\xd1\x8e\x8a\x5c\xe2" | |
512 | "\xf7\xd7\xd8\x54\xf3\x3f\xc4\x91" | |
513 | "\xb8\xfb\x86\xdc\x46\x24\x91\x60" | |
514 | "\x6c\x2f\xc9\x41\x37\x51\x49\x54" | |
515 | "\x09\x81\x21\xf3\x03\x9f\x2b\xe3" | |
516 | "\x1f\x39\x63\xaf\xf4\xd7\x53\x60" | |
517 | "\xa7\xc7\x54\xf9\xee\xb1\xb1\x7d" | |
518 | "\x75\x54\x65\x93\xfe\xb1\x68\x6b" | |
519 | "\x57\x02\xf9\xbb\x0e\xf9\xf8\xbf" | |
520 | "\x01\x12\x27\xb4\xfe\xe4\x79\x7a" | |
521 | "\x40\x5b\x51\x4b\xdf\x38\xec\xb1" | |
522 | "\x6a\x56\xff\x35\x4d\x42\x33\xaa" | |
523 | "\x6f\x1b\xe4\xdc\xe0\xdb\x85\x35" | |
524 | "\x62\x10\xd4\xec\xeb\xc5\x7e\x45" | |
525 | "\x1c\x6f\x17\xca\x3b\x8e\x2d\x66" | |
526 | "\x4f\x4b\x36\x56\xcd\x1b\x59\xaa" | |
527 | "\xd2\x9b\x17\xb9\x58\xdf\x7b\x64" | |
528 | "\x8a\xff\x3b\x9c\xa6\xb5\x48\x9e" | |
529 | "\xaa\xe2\x5d\x09\x71\x32\x5f\xb6" | |
530 | "\x29\xbe\xe7\xc7\x52\x7e\x91\x82" | |
531 | "\x6b\x6d\x33\xe1\x34\x06\x36\x21" | |
532 | "\x5e\xbe\x1e\x2f\x3e\xc1\xfb\xea" | |
533 | "\x49\x2c\xb5\xca\xf7\xb0\x37\xea" | |
534 | "\x1f\xed\x10\x04\xd9\x48\x0d\x1a" | |
535 | "\x1c\xfb\xe7\x84\x0e\x83\x53\x74" | |
536 | "\xc7\x65\xe2\x5c\xe5\xba\x73\x4c" | |
537 | "\x0e\xe1\xb5\x11\x45\x61\x43\x46" | |
538 | "\xaa\x25\x8f\xbd\x85\x08\xfa\x4c" | |
539 | "\x15\xc1\xc0\xd8\xf5\xdc\x16\xbb" | |
540 | "\x7b\x1d\xe3\x87\x57\xa7\x2a\x1d" | |
541 | "\x38\x58\x9e\x8a\x43\xdc\x57" | |
542 | "\xd1\x81\x7d\x2b\xe9\xff\x99\x3a" | |
543 | "\x4b\x24\x52\x58\x55\xe1\x49\x14"; | |
544 | ||
545 | static struct { | |
546 | const u8 *ptext; | |
547 | const u8 *ctext; | |
548 | ||
549 | u8 key[AES_MAX_KEY_SIZE]; | |
550 | u8 iv[GCM_AES_IV_SIZE]; | |
551 | u8 assoc[20]; | |
552 | ||
553 | int klen; | |
554 | int clen; | |
555 | int plen; | |
556 | int alen; | |
557 | } const aesgcm_tv[] __initconst = { | |
558 | { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ | |
559 | .klen = 16, | |
560 | .ctext = ctext0, | |
561 | .clen = sizeof(ctext0), | |
562 | }, { | |
563 | .klen = 16, | |
564 | .ptext = ptext1, | |
565 | .plen = sizeof(ptext1), | |
566 | .ctext = ctext1, | |
567 | .clen = sizeof(ctext1), | |
568 | }, { | |
569 | .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
570 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08", | |
571 | .klen = 16, | |
572 | .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" | |
573 | "\xde\xca\xf8\x88", | |
574 | .ptext = ptext2, | |
575 | .plen = sizeof(ptext2), | |
576 | .ctext = ctext2, | |
577 | .clen = sizeof(ctext2), | |
578 | }, { | |
579 | .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
580 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08", | |
581 | .klen = 16, | |
582 | .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" | |
583 | "\xde\xca\xf8\x88", | |
584 | .ptext = ptext3, | |
585 | .plen = sizeof(ptext3), | |
586 | .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" | |
587 | "\xfe\xed\xfa\xce\xde\xad\xbe\xef" | |
588 | "\xab\xad\xda\xd2", | |
589 | .alen = 20, | |
590 | .ctext = ctext3, | |
591 | .clen = sizeof(ctext3), | |
592 | }, { | |
593 | .klen = 24, | |
594 | .ctext = ctext4, | |
595 | .clen = sizeof(ctext4), | |
596 | }, { | |
597 | .klen = 24, | |
598 | .ptext = ptext1, | |
599 | .plen = sizeof(ptext1), | |
600 | .ctext = ctext5, | |
601 | .clen = sizeof(ctext5), | |
602 | }, { | |
603 | .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
604 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08" | |
605 | "\xfe\xff\xe9\x92\x86\x65\x73\x1c", | |
606 | .klen = 24, | |
607 | .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" | |
608 | "\xde\xca\xf8\x88", | |
609 | .ptext = ptext6, | |
610 | .plen = sizeof(ptext6), | |
611 | .ctext = ctext6, | |
612 | .clen = sizeof(ctext6), | |
613 | }, { | |
614 | .klen = 32, | |
615 | .ctext = ctext7, | |
616 | .clen = sizeof(ctext7), | |
617 | }, { | |
618 | .klen = 32, | |
619 | .ptext = ptext1, | |
620 | .plen = sizeof(ptext1), | |
621 | .ctext = ctext8, | |
622 | .clen = sizeof(ctext8), | |
623 | }, { | |
624 | .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
625 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08" | |
626 | "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
627 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08", | |
628 | .klen = 32, | |
629 | .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" | |
630 | "\xde\xca\xf8\x88", | |
631 | .ptext = ptext9, | |
632 | .plen = sizeof(ptext9), | |
633 | .ctext = ctext9, | |
634 | .clen = sizeof(ctext9), | |
635 | }, { | |
636 | .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
637 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08" | |
638 | "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
639 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08", | |
640 | .klen = 32, | |
641 | .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" | |
642 | "\xde\xca\xf8\x88", | |
643 | .ptext = ptext10, | |
644 | .plen = sizeof(ptext10), | |
645 | .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" | |
646 | "\xfe\xed\xfa\xce\xde\xad\xbe\xef" | |
647 | "\xab\xad\xda\xd2", | |
648 | .alen = 20, | |
649 | .ctext = ctext10, | |
650 | .clen = sizeof(ctext10), | |
651 | }, { | |
652 | .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" | |
653 | "\x6d\x6a\x8f\x94\x67\x30\x83\x08" | |
654 | "\xfe\xff\xe9\x92\x86\x65\x73\x1c", | |
655 | .klen = 24, | |
656 | .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" | |
657 | "\xde\xca\xf8\x88", | |
658 | .ptext = ptext11, | |
659 | .plen = sizeof(ptext11), | |
660 | .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" | |
661 | "\xfe\xed\xfa\xce\xde\xad\xbe\xef" | |
662 | "\xab\xad\xda\xd2", | |
663 | .alen = 20, | |
664 | .ctext = ctext11, | |
665 | .clen = sizeof(ctext11), | |
666 | }, { | |
667 | .key = "\x62\x35\xf8\x95\xfc\xa5\xeb\xf6" | |
668 | "\x0e\x92\x12\x04\xd3\xa1\x3f\x2e" | |
669 | "\x8b\x32\xcf\xe7\x44\xed\x13\x59" | |
670 | "\x04\x38\x77\xb0\xb9\xad\xb4\x38", | |
671 | .klen = 32, | |
672 | .iv = "\x00\xff\xff\xff\xff\x00\x00\xff" | |
673 | "\xff\xff\x00\xff", | |
674 | .ptext = ptext12, | |
675 | .plen = sizeof(ptext12), | |
676 | .ctext = ctext12, | |
677 | .clen = sizeof(ctext12), | |
678 | } | |
679 | }; | |
680 | ||
681 | static int __init libaesgcm_init(void) | |
682 | { | |
683 | for (int i = 0; i < ARRAY_SIZE(aesgcm_tv); i++) { | |
684 | u8 tagbuf[AES_BLOCK_SIZE]; | |
685 | int plen = aesgcm_tv[i].plen; | |
686 | struct aesgcm_ctx ctx; | |
687 | u8 buf[sizeof(ptext12)]; | |
688 | ||
689 | if (aesgcm_expandkey(&ctx, aesgcm_tv[i].key, aesgcm_tv[i].klen, | |
690 | aesgcm_tv[i].clen - plen)) { | |
691 | pr_err("aesgcm_expandkey() failed on vector %d\n", i); | |
692 | return -ENODEV; | |
693 | } | |
694 | ||
695 | if (!aesgcm_decrypt(&ctx, buf, aesgcm_tv[i].ctext, plen, | |
696 | aesgcm_tv[i].assoc, aesgcm_tv[i].alen, | |
697 | aesgcm_tv[i].iv, aesgcm_tv[i].ctext + plen) | |
698 | || memcmp(buf, aesgcm_tv[i].ptext, plen)) { | |
699 | pr_err("aesgcm_decrypt() #1 failed on vector %d\n", i); | |
700 | return -ENODEV; | |
701 | } | |
702 | ||
703 | /* encrypt in place */ | |
704 | aesgcm_encrypt(&ctx, buf, buf, plen, aesgcm_tv[i].assoc, | |
705 | aesgcm_tv[i].alen, aesgcm_tv[i].iv, tagbuf); | |
706 | if (memcmp(buf, aesgcm_tv[i].ctext, plen)) { | |
707 | pr_err("aesgcm_encrypt() failed on vector %d\n", i); | |
708 | return -ENODEV; | |
709 | } | |
710 | ||
711 | /* decrypt in place */ | |
712 | if (!aesgcm_decrypt(&ctx, buf, buf, plen, aesgcm_tv[i].assoc, | |
713 | aesgcm_tv[i].alen, aesgcm_tv[i].iv, tagbuf) | |
714 | || memcmp(buf, aesgcm_tv[i].ptext, plen)) { | |
715 | pr_err("aesgcm_decrypt() #2 failed on vector %d\n", i); | |
716 | return -ENODEV; | |
717 | } | |
718 | } | |
719 | return 0; | |
720 | } | |
721 | module_init(libaesgcm_init); | |
722 | ||
723 | static void __exit libaesgcm_exit(void) | |
724 | { | |
725 | } | |
726 | module_exit(libaesgcm_exit); | |
727 | #endif |