Commit f19f5111 authored by Rik Snel's avatar Rik Snel Committed by David S. Miller
Browse files

[CRYPTO] xts: XTS blockcipher mode implementation without partial blocks 

XTS currently considered to be the successor of the LRW mode by the IEEE1619
workgroup. LRW was discarded, because it was not secure if the encyption key
itself is encrypted with LRW.

XTS does not have this problem. The implementation is pretty straightforward,
a new function was added to gf128mul to handle GF(128) elements in ble format.
Four testvectors from the specification
	http://grouper.ieee.org/groups/1619/email/pdf00086.pdf


were added, and they verify on my system.

Signed-off-by: default avatarRik Snel <rsnel@cube.dyndns.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 5aaff0c8

crypto/Kconfig

+11 −0
Original line number Diff line number Diff line
@@ -184,6 +184,17 @@ config CRYPTO_LRW 
	  The first 128, 192 or 256 bits in the key are used for AES and the

	  rest is used to tie each cipher block to its logical position.



config CRYPTO_XTS

	tristate "XTS support (EXPERIMENTAL)"

	depends on EXPERIMENTAL

	select CRYPTO_BLKCIPHER

	select CRYPTO_MANAGER

	select CRYPTO_GF128MUL

	help

	  XTS: IEEE1619/D16 narrow block cipher use with aes-xts-plain,

	  key size 256, 384 or 512 bits. This implementation currently

	  can't handle a sectorsize which is not a multiple of 16 bytes.



config CRYPTO_CRYPTD

	tristate "Software async crypto daemon"

	select CRYPTO_ABLKCIPHER

crypto/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -31,6 +31,7 @@ obj-$(CONFIG_CRYPTO_ECB) += ecb.o 
obj-$(CONFIG_CRYPTO_CBC) += cbc.o

obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o

obj-$(CONFIG_CRYPTO_LRW) += lrw.o

obj-$(CONFIG_CRYPTO_XTS) += xts.o

obj-$(CONFIG_CRYPTO_CRYPTD) += cryptd.o

obj-$(CONFIG_CRYPTO_DES) += des.o

obj-$(CONFIG_CRYPTO_FCRYPT) += fcrypt.o

crypto/gf128mul.c

+11 −0
Original line number Diff line number Diff line
@@ -142,6 +142,17 @@ static void gf128mul_x_bbe(be128 *r, const be128 *x) 
	r->b = cpu_to_be64((b << 1) ^ _tt);

}



void gf128mul_x_ble(be128 *r, const be128 *x)

{

	u64 a = le64_to_cpu(x->a);

	u64 b = le64_to_cpu(x->b);

	u64 _tt = gf128mul_table_bbe[b >> 63];



	r->a = cpu_to_le64((a << 1) ^ _tt);

	r->b = cpu_to_le64((b << 1) | (a >> 63));

}

EXPORT_SYMBOL(gf128mul_x_ble);



static void gf128mul_x8_lle(be128 *x)

{

	u64 a = be64_to_cpu(x->a);

crypto/tcrypt.c

+12 −0
Original line number Diff line number Diff line
@@ -955,6 +955,10 @@ static void do_test(void) 
			    AES_LRW_ENC_TEST_VECTORS);

		test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,

			    AES_LRW_DEC_TEST_VECTORS);

		test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template,

			    AES_XTS_ENC_TEST_VECTORS);

		test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,

			    AES_XTS_DEC_TEST_VECTORS);



		//CAST5

		test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -1138,6 +1142,10 @@ static void do_test(void) 
			    AES_LRW_ENC_TEST_VECTORS);

		test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,

			    AES_LRW_DEC_TEST_VECTORS);

		test_cipher("xts(aes)", ENCRYPT, aes_xts_enc_tv_template,

			    AES_XTS_ENC_TEST_VECTORS);

		test_cipher("xts(aes)", DECRYPT, aes_xts_dec_tv_template,

			    AES_XTS_DEC_TEST_VECTORS);

		break;



	case 11:
@@ -1313,6 +1321,10 @@ static void do_test(void) 
				  aes_lrw_speed_template);

		test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,

				  aes_lrw_speed_template);

		test_cipher_speed("xts(aes)", ENCRYPT, sec, NULL, 0,

				  aes_xts_speed_template);

		test_cipher_speed("xts(aes)", DECRYPT, sec, NULL, 0,

				  aes_xts_speed_template);

		break;



	case 201:

crypto/tcrypt.h

+417 −0

File changed.

Preview size limit exceeded, changes collapsed.

CRA Git | Maintained and supported by SUSTech CRA and CCSE