Hello Herbert/list,
These patches implement the 'Arbitrary Block Length' blockcipher mode
as proposed by John Viega and David McGrew in
http://grouper.ieee.org/groups/1619/email/rtf00000.rtf (October 28, 2004) and
http://grouper.ieee.org/groups/1619/email/pdf00005.pdf (April 15, 2004).
The spec is unreviewed. Are there cryptologists on this list who are willing
to review the security proof of ABL in the April 15th paper and my
implementations (both this one and the "independent" implementation at
http://cube.dyndns.org/~rsnel/abl/).
ABL is the only patent-unencumbered wide block cipher mode that I know.
It can encrypt whole 512 byte sectors as whole blocks, this means that if
one bit in the unencrypted sector, it changes the corresponding cipherblock
completely. It can also operate on 4k blocks (or larger), this is useful for
deniable harddisk encryption. (it means all in-filesystem-block modifications
look like total block modifications). (operation on 4k block through dm-crypt
requires a patch which will be sent seperately)
I have emailed the authors, David McGrew confirmed that ABL is unencumbered
by patents (as far as he and John Viega know). David had no test vectors.
John might have some, but he hasn't responed yet.
Unfortunately the SISWG (http://siswg.org/) seems to be uninterested in
making ABL a standard because another contender (XCF) is faster. XCF
is however patented by Cisco.
Greetings,
Rik.
From: Rik Snel <[email protected]>
ABL-32-AES needs a certain IV. This IV should be provided dm-crypt.
The block cipher mode could, in principle, generate the correct IV from
the plain IV, but I think that it is cleaner to supply the right IV
directly.
The sector -> wide block calculation is currently just a conversion
to bigendian and an increment, but if dm-crypt will support cypher
blocksizes larger than 512 bytes (which would be interesting for
wide blocks) the conversion will include a shift also.
Signed-off-by: Rik Snel <[email protected]>
---
drivers/md/dm-crypt.c | 20 +++++++++++++++++++-
1 files changed, 19 insertions(+), 1 deletions(-)
diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c
index c09c8e0..10cc227 100644
--- a/drivers/md/dm-crypt.c
+++ b/drivers/md/dm-crypt.c
@@ -109,6 +109,9 @@ static kmem_cache_t *_crypt_io_pool;
* benbi: the 64-bit "big-endian 'narrow block'-count", starting at 1
* (needed for LRW-32-AES and possible other narrow block modes)
*
+ * bewbi: the 64-bit "big-endian 'wide block'-count", starting at 1
+ * (needed for ABL-32-AES and possible other wide block modes)
+ *
* plumb: unimplemented, see:
* http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/454
*/
@@ -248,6 +251,14 @@ static int crypt_iv_benbi_gen(struct cry
return 0;
}
+static int crypt_iv_bewbi_gen(struct crypt_config *cc, u8 *iv, sector_t sector)
+{
+ memset(iv, 0, cc->iv_size - sizeof(u32));
+ *((u32*)iv + 3) = cpu_to_be32((sector & 0xffffffff) + 1);
+
+ return 0;
+}
+
static struct crypt_iv_operations crypt_iv_plain_ops = {
.generator = crypt_iv_plain_gen
};
@@ -264,6 +275,10 @@ static struct crypt_iv_operations crypt_
.generator = crypt_iv_benbi_gen
};
+static struct crypt_iv_operations crypt_iv_bewbi_ops = {
+ .generator = crypt_iv_bewbi_gen
+};
+
static int
crypt_convert_scatterlist(struct crypt_config *cc, struct scatterlist *out,
struct scatterlist *in, unsigned int length,
@@ -632,7 +647,8 @@ static int crypt_ctr(struct dm_target *t
cc->tfm = tfm;
/*
- * Choose ivmode. Valid modes: "plain", "essiv:<esshash>", "benbi".
+ * Choose ivmode. Valid modes: "plain", "essiv:<esshash>",
+ * "benbi", "bewbi".
*
* See comments at iv code
*/
@@ -645,6 +661,8 @@ static int crypt_ctr(struct dm_target *t
cc->iv_gen_ops = &crypt_iv_essiv_ops;
else if (strcmp(ivmode, "benbi") == 0)
cc->iv_gen_ops = &crypt_iv_benbi_ops;
+ else if (strcmp(ivmode, "bewbi") == 0)
+ cc->iv_gen_ops = &crypt_iv_bewbi_ops;
else {
ti->error = "Invalid IV mode";
goto bad2;
--
1.4.2.1
From: Rik Snel <[email protected]>
This is a preliminary implementation of ABL as specified by David McGrew
and John Viega in:
- http://grouper.ieee.org/groups/1619/email/rtf00000.rtf (October 28, 2004)
- http://grouper.ieee.org/groups/1619/email/pdf00005.pdf (April 15, 2004)
Preliminary, because the specification has not been sufficiently reviewed and
is subject to change because the two contradict eachother in a few places (see
the comments at the top of abl.c).
Currently I have no official test vectors This implementation is only checked
against an "independent" and minimal userspace implementation I wrote, which
is available at: http://cube.dyndns.org/~rsnel/abl/
I added a self-generated test vector to tcrypt.h and also an ABL specific
speed_test_template because this implementation cannot handle input
shorter than two blocks. The spec allows it, but I chose not to implement it
because it is not needed for harddisk encryption. This implementation also
does not handle partial blocks, while the spec allows it.
Please do not use this mode for anything serious yet.
Signed-off-by: Rik Snel <[email protected]>
---
crypto/Kconfig | 14 ++
crypto/Makefile | 1
crypto/abl.c | 395 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
crypto/tcrypt.c | 12 ++
crypto/tcrypt.h | 300 ++++++++++++++++++++++++++++++++++++++++++
5 files changed, 722 insertions(+), 0 deletions(-)
diff --git a/crypto/Kconfig b/crypto/Kconfig
index dfdfe08..a665079 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -169,6 +169,20 @@ config CRYPTO_LRW
or 256 bits in the key are used for AES and the rest is used to tie
each cipher block to its logical position.
+config CRYPTO_ABL
+ tristate "ABL support (EXPERIMENTAL)"
+ depends on EXPERIMENTAL
+ select CRYPTO_BLKCIPHER
+ select CRYPTO_GF128MUL
+ default n
+ help
+ ABL: Arbitrary Block Length, a tweakable, non malleable, non movable
+ wide block cipher mode. Use it with cipher specification string
+ aes-lrw-bewbi, the key must be 128, 192 or 256 bits.
+
+ WARNING: The ABL spec is not finalized and still has to be reviewed.
+ Do not use this mode for anything serious yet.
+
config CRYPTO_DES
tristate "DES and Triple DES EDE cipher algorithms"
select CRYPTO_ALGAPI
diff --git a/crypto/Makefile b/crypto/Makefile
index e2e57be..647019e 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -27,6 +27,7 @@ obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mu
obj-$(CONFIG_CRYPTO_ECB) += ecb.o
obj-$(CONFIG_CRYPTO_CBC) += cbc.o
obj-$(CONFIG_CRYPTO_LRW) += lrw.o
+obj-$(CONFIG_CRYPTO_ABL) += abl.o
obj-$(CONFIG_CRYPTO_DES) += des.o
obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
diff --git a/crypto/abl.c b/crypto/abl.c
new file mode 100644
index 0000000..2912c8e
--- /dev/null
+++ b/crypto/abl.c
@@ -0,0 +1,395 @@
+/* ABL: as defined by David A. McGrew and John Viega
+ * http://grouper.ieee.org/groups/1619/email/rtf00000.rtf (October 28, 2004)
+ * http://grouper.ieee.org/groups/1619/email/pdf00005.pdf (April 15 2004)
+ *
+ * Copyright (c) 2006 Rik Snel <[email protected]>
+ *
+ * Based om ebc.c
+ * Copyright (c) 2006 Herbert Xu <[email protected]>
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the Free
+ * Software Foundation; either version 2 of the License, or (at your option)
+ * any later version.
+ *
+ * Limitations: - this module does not support partial blocks
+ * - the minimum length of the data is 2 blocks
+ *
+ * Both limitations do not exist in the ABL specification, but are do not
+ * influence the use of this module for hard disk encryption
+ *
+ * There are three problems with the current specs.
+ * 1. I use the GHASH specification from the April 15 2004 draft
+ * 2. The decryption formulas in the October 28 2004 draft are written in
+ * a weird way (the result is at the wrong side of the equation). This is
+ * a minor issue, it doesnt affect the bitstream.
+ * 3. The specs disagree about the order of the IV and the data in the GHASH
+ * function. I chose the order from the October 28 2004 draft.
+ */
+#include <crypto/algapi.h>
+#include <linux/err.h>
+#include <linux/init.h>
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/scatterlist.h>
+#include <linux/slab.h>
+
+#include "b128ops.h"
+#include "gf128mul.h"
+
+struct priv {
+ struct crypto_cipher *child;
+ struct gf128mul_64k table; /* mult table for H */
+ u64 l0[2], l1[2], m0[2], m1[2];
+};
+
+static int setkey(struct crypto_tfm *parent, const u8 *key,
+ unsigned int keylen)
+{
+ struct priv *ctx = crypto_tfm_ctx(parent);
+ struct crypto_cipher *child = ctx->child;
+ int err;
+ u64 H[2] = { 0, }; /* get proper alignment for the
+ price of some casts */
+
+ crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+ crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) &
+ CRYPTO_TFM_REQ_MASK);
+ if ((err = crypto_cipher_setkey(child, key, keylen))) return err;
+ crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) &
+ CRYPTO_TFM_RES_MASK);
+
+ crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child),
+ (u8 *)H, (u8 *)H);
+ gf128mul_init_64k_lle(&ctx->table, H);
+
+ /* setup L0, L1, M0, M1 as per paragraph 5.3 of
+ * the October 28 2004 draft */
+ memset(ctx->l0, 0, 16);
+ ((u8 *)ctx->l0)[15] = 0x01; /* 00000001 */
+ crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child),
+ (u8 *)ctx->l0, (u8 *)ctx->l0);
+
+ memset(ctx->l1, 0, 16);
+ ((u8 *)ctx->l1)[15] = 0x02; /* 00000010 */
+ crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child),
+ (u8 *)ctx->l1, (u8 *)ctx->l1);
+
+ memset(ctx->m0, 0, 16);
+ ((u8 *)ctx->m0)[15] = 0x03; /* 00000011 */
+ crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child),
+ (u8 *)ctx->m0, (u8 *)ctx->m0);
+
+ memset(ctx->m1, 0, 16);
+ ((u8 *)ctx->m1)[15] = 0x04; /* 00000100 */
+ crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child),
+ (u8 *)ctx->m1, (u8 *)ctx->m1);
+
+ return 0;
+}
+
+struct sinfo {
+ const int bs;
+ u64 b1[2], b2[2], *m;
+ struct gf128mul_64k *t;
+ u8 **iv; /* we need to pass the iv to the inner
+ loop, this is a way to doing that */
+
+ /* sometimes we must read from *src and sometimes from *dst,
+ this must be set by the caller to help us decide */
+ int rd_dst;
+
+ struct crypto_tfm *tfm;
+ void (*fn)(struct crypto_tfm*, u8 *, const u8 *);
+};
+
+/* this define makes it easy to read from the right place */
+#define SRC (s->rd_dst ? dst : src)
+
+/* round is the function that is called for the first round, it
+ * may not be NULL, it must return the function (pointer) to
+ * be used for the next block also non-NULL */
+static int do_stuff(struct blkcipher_desc *d,
+ struct blkcipher_walk *w, struct sinfo *s,
+ void *(*round)(struct sinfo*, u8 *, const u8 *))
+{
+ unsigned int nbytes_avail;
+ int err;
+
+ err = blkcipher_walk_virt(d, w);
+
+ while ((nbytes_avail = w->nbytes)) {
+ u8 *src = w->src.virt.addr;
+ u8 *dst = w->dst.virt.addr;
+
+ do {
+ round = round(s, dst, src);
+
+ src += s->bs;
+ dst += s->bs;
+ } while ((nbytes_avail -= s->bs) >= s->bs);
+
+ blkcipher_walk_done(d, w, nbytes_avail);
+ }
+
+ return err;
+}
+
+/* add a complete block to the ghash, don't write anything to dst (!) */
+static inline void *ghash_add_block(struct sinfo *s, u8 *dst, const u8 *src)
+{
+ b128ops_xor(s->b1, SRC);
+ gf128mul_64k_lle(s->b1, s->t, s->b2);
+ return ghash_add_block;
+}
+
+static void *ghash_init_add_iv(struct sinfo *s, u8 *dst, const u8 *src)
+{
+ memset(s->b1, 0, 16);
+
+ /* ghash_add_block may read from src as well as from dst (depending
+ * on s->rd_dst), we supply the iv in both places since it never
+ * writes to dst */
+ ghash_add_block(s, *s->iv, *s->iv);
+ return ghash_add_block;
+}
+
+static void ghash_finalize_calc_f(struct sinfo *s, u32 lx, u64 l[2])
+{
+ u64 last[2] = { cpu_to_be64(16<<3), cpu_to_be64(((u64)lx)<<3) };
+ b128ops_xor(s->b1, last);
+ gf128mul_64k_lle(s->b1, s->t, s->b2);
+ b128ops_xor(s->b1, l);
+ s->fn(s->tfm, (u8 *)s->b1, (u8 *)s->b1);
+}
+
+/* increment the bigendian u32 at incd */
+static void inc(u8 *incd)
+{
+ int left = 3;
+ while (!++incd[left]) {
+ if (!left--) return;
+ }
+}
+
+static void *xor_g(struct sinfo *s, u8 *dst, const u8 *src)
+{
+ b128ops_mov(s->b2, s->b1);
+ b128ops_xor(s->b2, s->m);
+ s->fn(s->tfm, (u8 *)s->b2, (u8 *)s->b2);
+ b128ops_xor(s->b2, SRC);
+ b128ops_mov(dst, s->b2);
+ inc((u8 *)s->b1 + 12);
+ return xor_g;
+}
+
+static void *xor_f_init_g(struct sinfo *s, u8 *dst, const u8 *src)
+{
+ b128ops_xor(s->b1, SRC);
+ b128ops_mov(dst, s->b1);
+ return xor_g;
+}
+
+static void *init_g(struct sinfo *s, u8 *dst, const u8 *src)
+{
+ b128ops_mov(s->b1, SRC);
+ b128ops_mov(dst, s->b1);
+ return xor_g;
+}
+
+static int crypt_common(struct sinfo *s, struct priv *ctx,
+ struct blkcipher_walk *w, unsigned int n)
+{
+ if (n < 32) {
+ printk("ABL for streams < 2 blocks not implemented");
+ return -EINVAL; /* there may be a more appropriate message... */
+ }
+
+ s->iv = &w->iv;
+ s->t = &ctx->table;
+ s->tfm = crypto_cipher_tfm(ctx->child);
+ s->fn = crypto_cipher_alg(ctx->child)->cia_encrypt;
+ s->rd_dst = 0;
+
+ return 0;
+}
+
+static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
+ struct scatterlist *src, unsigned int nbytes)
+{
+ struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
+ struct blkcipher_walk w;
+ struct sinfo s = { .bs = crypto_cipher_blocksize(ctx->child) };
+ int err;
+
+ if ((err = crypt_common(&s, ctx, &w, nbytes))) return err;
+
+ /* calc f0(H, Z, B) */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err;
+ ghash_finalize_calc_f(&s, nbytes - 16, ctx->l0);
+
+ /* C <- A xor f0(H, Z, B)
+ * D <- B xor g0(K, C) */
+ s.m = ctx->m0; /* set the correct value of m */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, xor_f_init_g))) return err;
+
+ /* from here the data is in *dst, so read it from there */
+ s.rd_dst = 1;
+
+ /* calc f1(H, Z, D) */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err;
+ ghash_finalize_calc_f(&s, nbytes - 16, ctx->l1);
+
+ /* E <- C xor f1(H, Z, D)
+ * F <- D xor g1(K, E) */
+ s.m = ctx->m1; /* set the correct value of m */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ err = do_stuff(desc, &w, &s, xor_f_init_g);
+
+ return err;
+}
+
+static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,
+ struct scatterlist *src, unsigned int nbytes)
+{
+ struct priv *ctx = crypto_blkcipher_ctx(desc->tfm);
+ struct blkcipher_walk w;
+ struct sinfo s = { .bs = crypto_cipher_blocksize(ctx->child) };
+ int err;
+
+ if ((err = crypt_common(&s, ctx, &w, nbytes))) return err;
+
+ /* D <- F xor g1(K, E) */
+ s.m = ctx->m1; /* set the correct value of m */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, init_g))) return err;
+
+ /* from here the data is in *dst, so read it from there */
+ s.rd_dst = 1;
+
+ /* calc f1(H, Z, D) */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err;
+ ghash_finalize_calc_f(&s, nbytes - 16, ctx->l1);
+
+ /* C <- E xor f1(H, Z, D)
+ * B <- D xor g0(K, C) */
+ s.m = ctx->m0; /* set the correct value of m */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, xor_f_init_g))) return err;
+
+ /* calc f0(H, Z, B) */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err;
+ ghash_finalize_calc_f(&s, nbytes - 16, ctx->l0);
+
+ /* A <- C xor f0(H, Z, B) (we only need the first block) */
+ blkcipher_walk_init(&w, dst, src, nbytes);
+ err = blkcipher_walk_virt(desc, &w);
+ if (w.nbytes) b128ops_xor(w.dst.virt.addr, s.b1);
+
+ return err;
+}
+
+static int init_tfm(struct crypto_tfm *tfm)
+{
+ struct crypto_instance *inst = (void *)tfm->__crt_alg;
+ struct crypto_spawn *spawn = crypto_instance_ctx(inst);
+ struct priv *ctx = crypto_tfm_ctx(tfm);
+ u32 *flags = &tfm->crt_flags;
+
+ tfm = crypto_spawn_tfm(spawn);
+ if (IS_ERR(tfm))
+ return PTR_ERR(tfm);
+
+ if (crypto_tfm_alg_blocksize(tfm) != 16) {
+ *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN;
+ return -EINVAL;
+ }
+
+ ctx->child = crypto_cipher_cast(tfm);
+ return 0;
+}
+
+static void exit_tfm(struct crypto_tfm *tfm)
+{
+ struct priv *ctx = crypto_tfm_ctx(tfm);
+ crypto_free_cipher(ctx->child);
+}
+
+static struct crypto_instance *alloc(void *param, unsigned int len)
+{
+ struct crypto_instance *inst;
+ struct crypto_alg *alg;
+
+ alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER,
+ CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC);
+ if (IS_ERR(alg))
+ return ERR_PTR(PTR_ERR(alg));
+
+ inst = crypto_alloc_instance("abl", alg);
+ if (IS_ERR(inst))
+ goto out_put_alg;
+
+ inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
+ inst->alg.cra_priority = alg->cra_priority;
+ inst->alg.cra_blocksize = alg->cra_blocksize;
+
+ if (alg->cra_alignmask < sizeof(int) - 1)
+ inst->alg.cra_alignmask = sizeof(int) -1;
+ else inst->alg.cra_alignmask = alg->cra_alignmask;
+ inst->alg.cra_type = &crypto_blkcipher_type;
+
+ inst->alg.cra_type = &crypto_blkcipher_type;
+
+ if (!(alg->cra_blocksize % 4))
+ inst->alg.cra_alignmask |= 3;
+ inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
+ inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize;
+ inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize;
+
+ inst->alg.cra_ctxsize = sizeof(struct priv);
+
+ inst->alg.cra_init = init_tfm;
+ inst->alg.cra_exit = exit_tfm;
+
+ inst->alg.cra_blkcipher.setkey = setkey;
+ inst->alg.cra_blkcipher.encrypt = encrypt;
+ inst->alg.cra_blkcipher.decrypt = decrypt;
+
+out_put_alg:
+ crypto_mod_put(alg);
+ return inst;
+}
+
+static void free(struct crypto_instance *inst)
+{
+ crypto_drop_spawn(crypto_instance_ctx(inst));
+ kfree(inst);
+}
+
+static struct crypto_template crypto_tmpl = {
+ .name = "abl",
+ .alloc = alloc,
+ .free = free,
+ .module = THIS_MODULE,
+};
+
+static int __init crypto_module_init(void)
+{
+ return crypto_register_template(&crypto_tmpl);
+}
+
+static void __exit crypto_module_exit(void)
+{
+ crypto_unregister_template(&crypto_tmpl);
+}
+
+module_init(crypto_module_init);
+module_exit(crypto_module_exit);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("ABL block cipher mode");
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c
index 777fc63..32c8457 100644
--- a/crypto/tcrypt.c
+++ b/crypto/tcrypt.c
@@ -910,6 +910,10 @@ static void do_test(void)
AES_LRW_ENC_TEST_VECTORS);
test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
AES_LRW_DEC_TEST_VECTORS);
+ test_cipher("abl(aes)", ENCRYPT, aes_abl_enc_tv_template,
+ AES_ABL_ENC_TEST_VECTORS);
+ test_cipher("abl(aes)", DECRYPT, aes_abl_dec_tv_template,
+ AES_ABL_DEC_TEST_VECTORS);
//CAST5
test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template,
@@ -1060,6 +1064,10 @@ static void do_test(void)
AES_LRW_ENC_TEST_VECTORS);
test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template,
AES_LRW_DEC_TEST_VECTORS);
+ test_cipher("abl(aes)", ENCRYPT, aes_abl_enc_tv_template,
+ AES_ABL_ENC_TEST_VECTORS);
+ test_cipher("abl(aes)", DECRYPT, aes_abl_dec_tv_template,
+ AES_ABL_DEC_TEST_VECTORS);
break;
case 11:
@@ -1203,6 +1211,10 @@ static void do_test(void)
aes_lrw_speed_template);
test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0,
aes_lrw_speed_template);
+ test_cipher_speed("abl(aes)", ENCRYPT, sec, NULL, 0,
+ aes_abl_speed_template);
+ test_cipher_speed("abl(aes)", DECRYPT, sec, NULL, 0,
+ aes_abl_speed_template);
break;
case 201:
diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h
index 59fbc39..d6696b2 100644
--- a/crypto/tcrypt.h
+++ b/crypto/tcrypt.h
@@ -1833,6 +1833,8 @@ #define AES_CBC_ENC_TEST_VECTORS 2
#define AES_CBC_DEC_TEST_VECTORS 2
#define AES_LRW_ENC_TEST_VECTORS 8
#define AES_LRW_DEC_TEST_VECTORS 8
+#define AES_ABL_ENC_TEST_VECTORS 1
+#define AES_ABL_DEC_TEST_VECTORS 1
static struct cipher_testvec aes_enc_tv_template[] = {
{ /* From FIPS-197 */
@@ -2473,6 +2475,286 @@ static struct cipher_testvec aes_lrw_dec
}
};
+static struct cipher_testvec aes_abl_enc_tv_template[] = {
+ { /* self-generated based on mostly independent implementation */
+ .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
+ .klen = 16,
+ .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+ .input = { 0xaa, 0x31, 0x30, 0x88, 0xdb, 0xbc, 0x32, 0xb6,
+ 0x71, 0xd6, 0x5d, 0x31, 0x3d, 0x91, 0x01, 0xf5,
+ 0x11, 0x5f, 0x4b, 0xdd, 0x4f, 0x6c, 0x01, 0xd4,
+ 0x57, 0xb3, 0x5f, 0x0f, 0x7a, 0x55, 0x5a, 0xc4,
+ 0x51, 0x59, 0xcf, 0x6b, 0x49, 0x77, 0x0e, 0x46,
+ 0xb0, 0x7e, 0xa8, 0xa9, 0x4e, 0x0f, 0xb1, 0x4f,
+ 0x56, 0xa8, 0x5b, 0x96, 0x7a, 0xa4, 0x68, 0x19,
+ 0xbd, 0x7f, 0x50, 0x58, 0x5c, 0x24, 0x09, 0x0a,
+ 0x8f, 0x58, 0xb9, 0x29, 0x05, 0x8a, 0x53, 0xdd,
+ 0x87, 0x7c, 0x7e, 0x89, 0x9b, 0xf7, 0x59, 0xdf,
+ 0x8f, 0x31, 0xa4, 0x91, 0x41, 0x85, 0x21, 0x99,
+ 0xbf, 0x15, 0x20, 0xc0, 0xd3, 0xba, 0xe1, 0x55,
+ 0x50, 0xd2, 0x08, 0xd1, 0xe0, 0xb5, 0x56, 0xd5,
+ 0xe6, 0x3e, 0xbc, 0xac, 0xf5, 0x6f, 0x9d, 0xcc,
+ 0x53, 0xad, 0xfb, 0x1b, 0x75, 0xcf, 0xd5, 0x96,
+ 0x3a, 0x96, 0xe5, 0x66, 0x40, 0x74, 0x10, 0xfe,
+ 0xe8, 0xe3, 0x54, 0xcb, 0x4d, 0x3e, 0x8c, 0x53,
+ 0x30, 0x3d, 0xdf, 0xe4, 0x30, 0xe3, 0x1c, 0x83,
+ 0xdb, 0xd8, 0x2e, 0xe8, 0x3a, 0x85, 0xed, 0x6b,
+ 0xd4, 0xa7, 0x69, 0x1d, 0x6f, 0xb5, 0xca, 0x0b,
+ 0x73, 0x94, 0x09, 0xb3, 0xfe, 0xa0, 0x18, 0x56,
+ 0x6a, 0x3f, 0xa1, 0x1c, 0xee, 0x5c, 0xa5, 0xc0,
+ 0x59, 0x38, 0xe7, 0x28, 0xf6, 0x0e, 0xd9, 0xd7,
+ 0xdd, 0x1d, 0x38, 0x71, 0xed, 0xdf, 0xc5, 0x21,
+ 0x31, 0x1f, 0xcb, 0xa3, 0x0c, 0xfb, 0xc2, 0xe0,
+ 0x27, 0xf0, 0x76, 0xa8, 0x39, 0xac, 0xdc, 0x61,
+ 0x00, 0x4e, 0xf3, 0xe5, 0xb7, 0x5c, 0xdc, 0xfa,
+ 0xec, 0x00, 0x5d, 0x2e, 0x94, 0x9f, 0x70, 0xe2,
+ 0xb0, 0x7c, 0x2d, 0xb0, 0xca, 0x0b, 0x60, 0x12,
+ 0xea, 0x9d, 0x1e, 0xfc, 0x78, 0x29, 0xbf, 0xcf,
+ 0x13, 0x2c, 0x86, 0x9a, 0x47, 0xfb, 0x4b, 0xf5,
+ 0xf0, 0x2c, 0x62, 0xfd, 0xda, 0x4b, 0x4e, 0xe8,
+ 0xa0, 0x83, 0xb0, 0x56, 0x81, 0x25, 0x88, 0x36,
+ 0xad, 0xbb, 0x4f, 0x6e, 0xa7, 0x03, 0x69, 0xc4,
+ 0x10, 0xac, 0x6c, 0xac, 0xe3, 0xcc, 0x66, 0xaf,
+ 0xbb, 0x52, 0x20, 0x5f, 0x66, 0x98, 0x3d, 0x67,
+ 0x2b, 0x5d, 0xd9, 0xb8, 0x1c, 0x82, 0x48, 0x35,
+ 0x19, 0xc1, 0xe7, 0x62, 0x18, 0x90, 0xd8, 0x75,
+ 0xde, 0x9e, 0x1d, 0x91, 0x9a, 0x8b, 0xba, 0x41,
+ 0xa1, 0xcd, 0xf6, 0x04, 0xc5, 0x76, 0xaf, 0x2d,
+ 0x6e, 0xef, 0xd8, 0x72, 0x1a, 0x51, 0xff, 0x1e,
+ 0x26, 0x29, 0x37, 0x23, 0x27, 0x26, 0x08, 0x77,
+ 0xfe, 0x73, 0xa6, 0x7a, 0x1e, 0x36, 0xb4, 0x74,
+ 0xe3, 0x4a, 0xcd, 0xc5, 0x19, 0x6e, 0x59, 0xf3,
+ 0xd7, 0x89, 0xfd, 0x14, 0xad, 0xed, 0x4e, 0xbe,
+ 0x1a, 0xd5, 0x87, 0xec, 0x3d, 0x46, 0x2f, 0x08,
+ 0x47, 0x42, 0x76, 0xb6, 0x9e, 0x70, 0x0e, 0x57,
+ 0x72, 0x16, 0xb4, 0x69, 0xd6, 0xc1, 0x39, 0x5b,
+ 0xdb, 0x9f, 0xfb, 0xb3, 0x36, 0xcf, 0xd5, 0x42,
+ 0x06, 0x72, 0xfd, 0x11, 0xaf, 0x56, 0x2b, 0x16,
+ 0xdc, 0xb9, 0x84, 0x43, 0xca, 0x94, 0x71, 0x1b,
+ 0xb6, 0x32, 0xc3, 0x16, 0xb0, 0x2a, 0x3b, 0xaf,
+ 0x90, 0xf6, 0xa8, 0x08, 0x9c, 0x82, 0xba, 0x0a,
+ 0x9f, 0x61, 0x4d, 0x3e, 0x35, 0x0a, 0x7f, 0x17,
+ 0x2d, 0x1d, 0x22, 0xa8, 0xdf, 0x48, 0xbb, 0xec,
+ 0xf6, 0x0c, 0x21, 0x1a, 0x8f, 0xb9, 0x79, 0xc9,
+ 0xba, 0xd5, 0xac, 0x11, 0x34, 0x90, 0x4f, 0x75,
+ 0x51, 0x7e, 0x7b, 0xa2, 0xf7, 0x47, 0x48, 0xd1,
+ 0x56, 0xad, 0x1d, 0xf2, 0x6a, 0x9b, 0x7c, 0xf2,
+ 0xd3, 0x67, 0xd8, 0x77, 0x42, 0xe2, 0x41, 0x24,
+ 0x1e, 0x60, 0x81, 0x5d, 0x99, 0xa8, 0x91, 0x3e,
+ 0x55, 0xea, 0xda, 0xb2, 0x1b, 0x46, 0x82, 0x6f,
+ 0x14, 0x18, 0xc8, 0x61, 0x89, 0xcc, 0x8c, 0x03,
+ 0x43, 0x4f, 0xb4, 0xe6, 0xdc, 0xc0, 0xb3, 0x80 },
+ .ilen = 512,
+ .result = { 0xab, 0xd1, 0x19, 0xa6, 0x58, 0xd9, 0x51, 0xf6,
+ 0x45, 0x67, 0x1b, 0xab, 0x2f, 0x75, 0x4b, 0x22,
+ 0xa5, 0x5b, 0x1d, 0xdb, 0x50, 0x9c, 0x60, 0xe3,
+ 0xf8, 0x39, 0x01, 0x5d, 0xbc, 0x67, 0x6f, 0x6a,
+ 0x52, 0xda, 0x36, 0xa3, 0x7b, 0xce, 0x3e, 0x1c,
+ 0x9e, 0x35, 0xef, 0x65, 0xf3, 0x9a, 0x58, 0x1c,
+ 0x6a, 0xa0, 0x78, 0x15, 0x8a, 0x93, 0x94, 0xb6,
+ 0x2d, 0xfc, 0xca, 0x2c, 0x35, 0x0f, 0x98, 0x51,
+ 0x5d, 0x92, 0xb5, 0xfe, 0xb9, 0x82, 0xda, 0x7b,
+ 0x4b, 0xd6, 0xe5, 0xd8, 0xc0, 0x27, 0x16, 0x47,
+ 0x04, 0x36, 0x1f, 0xcf, 0xfc, 0x06, 0x68, 0x10,
+ 0x86, 0x6e, 0xcc, 0x2a, 0x17, 0xa8, 0x65, 0x59,
+ 0x35, 0x78, 0x20, 0x0f, 0xc8, 0xf5, 0x14, 0xad,
+ 0xa3, 0x1b, 0x0a, 0x50, 0x72, 0xdd, 0x19, 0xa2,
+ 0xa3, 0xe1, 0x2c, 0x6f, 0xcc, 0x85, 0xe5, 0x46,
+ 0x17, 0xf4, 0x0c, 0x59, 0xde, 0xfa, 0x73, 0x15,
+ 0x4e, 0x75, 0x00, 0x6c, 0x0f, 0x1e, 0xe6, 0xa0,
+ 0x86, 0x7c, 0xe6, 0xf8, 0x1b, 0xcc, 0x90, 0x90,
+ 0x2e, 0x9c, 0x76, 0x19, 0x49, 0xea, 0xab, 0x9f,
+ 0x7c, 0xd0, 0x22, 0x8a, 0x85, 0xc5, 0xe6, 0x74,
+ 0x6a, 0xce, 0xe9, 0x05, 0x9b, 0x16, 0x1e, 0xe4,
+ 0x31, 0x5a, 0x33, 0xd9, 0x28, 0xb6, 0xc4, 0xe9,
+ 0xf6, 0xa4, 0x71, 0xe0, 0xa4, 0x93, 0x1e, 0x13,
+ 0xee, 0x35, 0x96, 0x4c, 0xb4, 0xf6, 0xfa, 0xa4,
+ 0xab, 0x35, 0xec, 0x7d, 0x7f, 0x85, 0x0c, 0x95,
+ 0xc4, 0x76, 0x76, 0xbc, 0xcd, 0xb1, 0xed, 0x91,
+ 0xa5, 0xfd, 0x92, 0x67, 0x5f, 0x16, 0x29, 0xf9,
+ 0xb0, 0xdb, 0x66, 0x2f, 0x3b, 0x78, 0x1c, 0xfd,
+ 0x05, 0xd3, 0x6f, 0xe0, 0x77, 0xf6, 0x0b, 0xba,
+ 0x16, 0x8d, 0x48, 0x77, 0xf7, 0xbc, 0xe0, 0x65,
+ 0xb8, 0x33, 0xa6, 0xfc, 0xae, 0xc6, 0xb5, 0x34,
+ 0xf5, 0x7a, 0x3d, 0x8e, 0x36, 0x70, 0xd4, 0x80,
+ 0xdb, 0x86, 0xa2, 0xbe, 0xb0, 0xb6, 0x40, 0xa8,
+ 0xd6, 0x84, 0x97, 0x8a, 0xa9, 0x30, 0x7c, 0xfa,
+ 0xf3, 0x1a, 0x3a, 0xd0, 0xf7, 0xad, 0x4b, 0x8f,
+ 0x60, 0x86, 0xf7, 0xb8, 0xb9, 0xfb, 0x6f, 0x9b,
+ 0x52, 0xbc, 0x8a, 0x11, 0x85, 0xfa, 0xab, 0x89,
+ 0x1f, 0x8c, 0x39, 0xb3, 0xbd, 0x44, 0x34, 0xe0,
+ 0x6f, 0x59, 0x7c, 0x02, 0x75, 0x3e, 0x12, 0x77,
+ 0xa6, 0x78, 0xf0, 0xea, 0x62, 0xbf, 0x40, 0x64,
+ 0xde, 0xb1, 0xb5, 0xe1, 0x2c, 0x92, 0x1c, 0xda,
+ 0xe7, 0xeb, 0xb0, 0x1d, 0x23, 0x94, 0x15, 0x42,
+ 0x46, 0x2a, 0xa5, 0x64, 0x13, 0x23, 0xec, 0x67,
+ 0x3e, 0xae, 0xcc, 0xd9, 0xd8, 0x1f, 0x87, 0x59,
+ 0x9c, 0x8c, 0xc4, 0xeb, 0xa5, 0x9e, 0xf7, 0x49,
+ 0xf9, 0xe3, 0x7e, 0x6a, 0x0a, 0xd0, 0x51, 0xc2,
+ 0x04, 0xbe, 0xce, 0x6e, 0xa4, 0x0f, 0x50, 0xb0,
+ 0xf9, 0xb5, 0xd8, 0x67, 0xb5, 0x55, 0x03, 0x75,
+ 0xae, 0x28, 0xa3, 0xe4, 0x30, 0xcd, 0x95, 0x23,
+ 0x7f, 0x05, 0xf7, 0xa3, 0x68, 0x8b, 0x08, 0x42,
+ 0xf1, 0x9a, 0xb1, 0x8c, 0xae, 0x8f, 0x9c, 0xc4,
+ 0x37, 0xf6, 0x04, 0xaf, 0x8c, 0x2d, 0xc7, 0xe3,
+ 0x32, 0x8d, 0xe6, 0xc9, 0x7d, 0x5c, 0x4e, 0xd6,
+ 0xa4, 0x9f, 0x28, 0xf9, 0x78, 0x25, 0x25, 0x19,
+ 0x77, 0xa7, 0x9a, 0x30, 0xcd, 0x19, 0x30, 0x62,
+ 0x5f, 0x13, 0xab, 0x81, 0x23, 0xc3, 0x6c, 0x77,
+ 0x24, 0xb4, 0x03, 0x22, 0x96, 0x58, 0x66, 0x25,
+ 0x87, 0x11, 0xe9, 0x12, 0xc4, 0x29, 0xba, 0xc3,
+ 0x2a, 0xad, 0xb6, 0xb4, 0x96, 0x6a, 0x82, 0x36,
+ 0xdb, 0x7d, 0xf1, 0x1c, 0x6e, 0xf8, 0xa2, 0x84,
+ 0xd5, 0x2a, 0xf7, 0x41, 0xf6, 0x2a, 0xff, 0xd7,
+ 0x9c, 0x7f, 0x6e, 0x7a, 0xbe, 0xa5, 0x7e, 0xc2,
+ 0xe6, 0x28, 0x9c, 0xdb, 0x73, 0x67, 0x15, 0xad,
+ 0x09, 0xbf, 0x73, 0x90, 0x2b, 0x64, 0xef, 0x12 },
+ .rlen = 512,
+ }
+};
+
+static struct cipher_testvec aes_abl_dec_tv_template[] = {
+ { /* self-generated based on mostly independent implementation */
+ .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+ 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
+ .klen = 16,
+ .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+ .input = { 0xab, 0xd1, 0x19, 0xa6, 0x58, 0xd9, 0x51, 0xf6,
+ 0x45, 0x67, 0x1b, 0xab, 0x2f, 0x75, 0x4b, 0x22,
+ 0xa5, 0x5b, 0x1d, 0xdb, 0x50, 0x9c, 0x60, 0xe3,
+ 0xf8, 0x39, 0x01, 0x5d, 0xbc, 0x67, 0x6f, 0x6a,
+ 0x52, 0xda, 0x36, 0xa3, 0x7b, 0xce, 0x3e, 0x1c,
+ 0x9e, 0x35, 0xef, 0x65, 0xf3, 0x9a, 0x58, 0x1c,
+ 0x6a, 0xa0, 0x78, 0x15, 0x8a, 0x93, 0x94, 0xb6,
+ 0x2d, 0xfc, 0xca, 0x2c, 0x35, 0x0f, 0x98, 0x51,
+ 0x5d, 0x92, 0xb5, 0xfe, 0xb9, 0x82, 0xda, 0x7b,
+ 0x4b, 0xd6, 0xe5, 0xd8, 0xc0, 0x27, 0x16, 0x47,
+ 0x04, 0x36, 0x1f, 0xcf, 0xfc, 0x06, 0x68, 0x10,
+ 0x86, 0x6e, 0xcc, 0x2a, 0x17, 0xa8, 0x65, 0x59,
+ 0x35, 0x78, 0x20, 0x0f, 0xc8, 0xf5, 0x14, 0xad,
+ 0xa3, 0x1b, 0x0a, 0x50, 0x72, 0xdd, 0x19, 0xa2,
+ 0xa3, 0xe1, 0x2c, 0x6f, 0xcc, 0x85, 0xe5, 0x46,
+ 0x17, 0xf4, 0x0c, 0x59, 0xde, 0xfa, 0x73, 0x15,
+ 0x4e, 0x75, 0x00, 0x6c, 0x0f, 0x1e, 0xe6, 0xa0,
+ 0x86, 0x7c, 0xe6, 0xf8, 0x1b, 0xcc, 0x90, 0x90,
+ 0x2e, 0x9c, 0x76, 0x19, 0x49, 0xea, 0xab, 0x9f,
+ 0x7c, 0xd0, 0x22, 0x8a, 0x85, 0xc5, 0xe6, 0x74,
+ 0x6a, 0xce, 0xe9, 0x05, 0x9b, 0x16, 0x1e, 0xe4,
+ 0x31, 0x5a, 0x33, 0xd9, 0x28, 0xb6, 0xc4, 0xe9,
+ 0xf6, 0xa4, 0x71, 0xe0, 0xa4, 0x93, 0x1e, 0x13,
+ 0xee, 0x35, 0x96, 0x4c, 0xb4, 0xf6, 0xfa, 0xa4,
+ 0xab, 0x35, 0xec, 0x7d, 0x7f, 0x85, 0x0c, 0x95,
+ 0xc4, 0x76, 0x76, 0xbc, 0xcd, 0xb1, 0xed, 0x91,
+ 0xa5, 0xfd, 0x92, 0x67, 0x5f, 0x16, 0x29, 0xf9,
+ 0xb0, 0xdb, 0x66, 0x2f, 0x3b, 0x78, 0x1c, 0xfd,
+ 0x05, 0xd3, 0x6f, 0xe0, 0x77, 0xf6, 0x0b, 0xba,
+ 0x16, 0x8d, 0x48, 0x77, 0xf7, 0xbc, 0xe0, 0x65,
+ 0xb8, 0x33, 0xa6, 0xfc, 0xae, 0xc6, 0xb5, 0x34,
+ 0xf5, 0x7a, 0x3d, 0x8e, 0x36, 0x70, 0xd4, 0x80,
+ 0xdb, 0x86, 0xa2, 0xbe, 0xb0, 0xb6, 0x40, 0xa8,
+ 0xd6, 0x84, 0x97, 0x8a, 0xa9, 0x30, 0x7c, 0xfa,
+ 0xf3, 0x1a, 0x3a, 0xd0, 0xf7, 0xad, 0x4b, 0x8f,
+ 0x60, 0x86, 0xf7, 0xb8, 0xb9, 0xfb, 0x6f, 0x9b,
+ 0x52, 0xbc, 0x8a, 0x11, 0x85, 0xfa, 0xab, 0x89,
+ 0x1f, 0x8c, 0x39, 0xb3, 0xbd, 0x44, 0x34, 0xe0,
+ 0x6f, 0x59, 0x7c, 0x02, 0x75, 0x3e, 0x12, 0x77,
+ 0xa6, 0x78, 0xf0, 0xea, 0x62, 0xbf, 0x40, 0x64,
+ 0xde, 0xb1, 0xb5, 0xe1, 0x2c, 0x92, 0x1c, 0xda,
+ 0xe7, 0xeb, 0xb0, 0x1d, 0x23, 0x94, 0x15, 0x42,
+ 0x46, 0x2a, 0xa5, 0x64, 0x13, 0x23, 0xec, 0x67,
+ 0x3e, 0xae, 0xcc, 0xd9, 0xd8, 0x1f, 0x87, 0x59,
+ 0x9c, 0x8c, 0xc4, 0xeb, 0xa5, 0x9e, 0xf7, 0x49,
+ 0xf9, 0xe3, 0x7e, 0x6a, 0x0a, 0xd0, 0x51, 0xc2,
+ 0x04, 0xbe, 0xce, 0x6e, 0xa4, 0x0f, 0x50, 0xb0,
+ 0xf9, 0xb5, 0xd8, 0x67, 0xb5, 0x55, 0x03, 0x75,
+ 0xae, 0x28, 0xa3, 0xe4, 0x30, 0xcd, 0x95, 0x23,
+ 0x7f, 0x05, 0xf7, 0xa3, 0x68, 0x8b, 0x08, 0x42,
+ 0xf1, 0x9a, 0xb1, 0x8c, 0xae, 0x8f, 0x9c, 0xc4,
+ 0x37, 0xf6, 0x04, 0xaf, 0x8c, 0x2d, 0xc7, 0xe3,
+ 0x32, 0x8d, 0xe6, 0xc9, 0x7d, 0x5c, 0x4e, 0xd6,
+ 0xa4, 0x9f, 0x28, 0xf9, 0x78, 0x25, 0x25, 0x19,
+ 0x77, 0xa7, 0x9a, 0x30, 0xcd, 0x19, 0x30, 0x62,
+ 0x5f, 0x13, 0xab, 0x81, 0x23, 0xc3, 0x6c, 0x77,
+ 0x24, 0xb4, 0x03, 0x22, 0x96, 0x58, 0x66, 0x25,
+ 0x87, 0x11, 0xe9, 0x12, 0xc4, 0x29, 0xba, 0xc3,
+ 0x2a, 0xad, 0xb6, 0xb4, 0x96, 0x6a, 0x82, 0x36,
+ 0xdb, 0x7d, 0xf1, 0x1c, 0x6e, 0xf8, 0xa2, 0x84,
+ 0xd5, 0x2a, 0xf7, 0x41, 0xf6, 0x2a, 0xff, 0xd7,
+ 0x9c, 0x7f, 0x6e, 0x7a, 0xbe, 0xa5, 0x7e, 0xc2,
+ 0xe6, 0x28, 0x9c, 0xdb, 0x73, 0x67, 0x15, 0xad,
+ 0x09, 0xbf, 0x73, 0x90, 0x2b, 0x64, 0xef, 0x12 },
+ .ilen = 512,
+ .result = { 0xaa, 0x31, 0x30, 0x88, 0xdb, 0xbc, 0x32, 0xb6,
+ 0x71, 0xd6, 0x5d, 0x31, 0x3d, 0x91, 0x01, 0xf5,
+ 0x11, 0x5f, 0x4b, 0xdd, 0x4f, 0x6c, 0x01, 0xd4,
+ 0x57, 0xb3, 0x5f, 0x0f, 0x7a, 0x55, 0x5a, 0xc4,
+ 0x51, 0x59, 0xcf, 0x6b, 0x49, 0x77, 0x0e, 0x46,
+ 0xb0, 0x7e, 0xa8, 0xa9, 0x4e, 0x0f, 0xb1, 0x4f,
+ 0x56, 0xa8, 0x5b, 0x96, 0x7a, 0xa4, 0x68, 0x19,
+ 0xbd, 0x7f, 0x50, 0x58, 0x5c, 0x24, 0x09, 0x0a,
+ 0x8f, 0x58, 0xb9, 0x29, 0x05, 0x8a, 0x53, 0xdd,
+ 0x87, 0x7c, 0x7e, 0x89, 0x9b, 0xf7, 0x59, 0xdf,
+ 0x8f, 0x31, 0xa4, 0x91, 0x41, 0x85, 0x21, 0x99,
+ 0xbf, 0x15, 0x20, 0xc0, 0xd3, 0xba, 0xe1, 0x55,
+ 0x50, 0xd2, 0x08, 0xd1, 0xe0, 0xb5, 0x56, 0xd5,
+ 0xe6, 0x3e, 0xbc, 0xac, 0xf5, 0x6f, 0x9d, 0xcc,
+ 0x53, 0xad, 0xfb, 0x1b, 0x75, 0xcf, 0xd5, 0x96,
+ 0x3a, 0x96, 0xe5, 0x66, 0x40, 0x74, 0x10, 0xfe,
+ 0xe8, 0xe3, 0x54, 0xcb, 0x4d, 0x3e, 0x8c, 0x53,
+ 0x30, 0x3d, 0xdf, 0xe4, 0x30, 0xe3, 0x1c, 0x83,
+ 0xdb, 0xd8, 0x2e, 0xe8, 0x3a, 0x85, 0xed, 0x6b,
+ 0xd4, 0xa7, 0x69, 0x1d, 0x6f, 0xb5, 0xca, 0x0b,
+ 0x73, 0x94, 0x09, 0xb3, 0xfe, 0xa0, 0x18, 0x56,
+ 0x6a, 0x3f, 0xa1, 0x1c, 0xee, 0x5c, 0xa5, 0xc0,
+ 0x59, 0x38, 0xe7, 0x28, 0xf6, 0x0e, 0xd9, 0xd7,
+ 0xdd, 0x1d, 0x38, 0x71, 0xed, 0xdf, 0xc5, 0x21,
+ 0x31, 0x1f, 0xcb, 0xa3, 0x0c, 0xfb, 0xc2, 0xe0,
+ 0x27, 0xf0, 0x76, 0xa8, 0x39, 0xac, 0xdc, 0x61,
+ 0x00, 0x4e, 0xf3, 0xe5, 0xb7, 0x5c, 0xdc, 0xfa,
+ 0xec, 0x00, 0x5d, 0x2e, 0x94, 0x9f, 0x70, 0xe2,
+ 0xb0, 0x7c, 0x2d, 0xb0, 0xca, 0x0b, 0x60, 0x12,
+ 0xea, 0x9d, 0x1e, 0xfc, 0x78, 0x29, 0xbf, 0xcf,
+ 0x13, 0x2c, 0x86, 0x9a, 0x47, 0xfb, 0x4b, 0xf5,
+ 0xf0, 0x2c, 0x62, 0xfd, 0xda, 0x4b, 0x4e, 0xe8,
+ 0xa0, 0x83, 0xb0, 0x56, 0x81, 0x25, 0x88, 0x36,
+ 0xad, 0xbb, 0x4f, 0x6e, 0xa7, 0x03, 0x69, 0xc4,
+ 0x10, 0xac, 0x6c, 0xac, 0xe3, 0xcc, 0x66, 0xaf,
+ 0xbb, 0x52, 0x20, 0x5f, 0x66, 0x98, 0x3d, 0x67,
+ 0x2b, 0x5d, 0xd9, 0xb8, 0x1c, 0x82, 0x48, 0x35,
+ 0x19, 0xc1, 0xe7, 0x62, 0x18, 0x90, 0xd8, 0x75,
+ 0xde, 0x9e, 0x1d, 0x91, 0x9a, 0x8b, 0xba, 0x41,
+ 0xa1, 0xcd, 0xf6, 0x04, 0xc5, 0x76, 0xaf, 0x2d,
+ 0x6e, 0xef, 0xd8, 0x72, 0x1a, 0x51, 0xff, 0x1e,
+ 0x26, 0x29, 0x37, 0x23, 0x27, 0x26, 0x08, 0x77,
+ 0xfe, 0x73, 0xa6, 0x7a, 0x1e, 0x36, 0xb4, 0x74,
+ 0xe3, 0x4a, 0xcd, 0xc5, 0x19, 0x6e, 0x59, 0xf3,
+ 0xd7, 0x89, 0xfd, 0x14, 0xad, 0xed, 0x4e, 0xbe,
+ 0x1a, 0xd5, 0x87, 0xec, 0x3d, 0x46, 0x2f, 0x08,
+ 0x47, 0x42, 0x76, 0xb6, 0x9e, 0x70, 0x0e, 0x57,
+ 0x72, 0x16, 0xb4, 0x69, 0xd6, 0xc1, 0x39, 0x5b,
+ 0xdb, 0x9f, 0xfb, 0xb3, 0x36, 0xcf, 0xd5, 0x42,
+ 0x06, 0x72, 0xfd, 0x11, 0xaf, 0x56, 0x2b, 0x16,
+ 0xdc, 0xb9, 0x84, 0x43, 0xca, 0x94, 0x71, 0x1b,
+ 0xb6, 0x32, 0xc3, 0x16, 0xb0, 0x2a, 0x3b, 0xaf,
+ 0x90, 0xf6, 0xa8, 0x08, 0x9c, 0x82, 0xba, 0x0a,
+ 0x9f, 0x61, 0x4d, 0x3e, 0x35, 0x0a, 0x7f, 0x17,
+ 0x2d, 0x1d, 0x22, 0xa8, 0xdf, 0x48, 0xbb, 0xec,
+ 0xf6, 0x0c, 0x21, 0x1a, 0x8f, 0xb9, 0x79, 0xc9,
+ 0xba, 0xd5, 0xac, 0x11, 0x34, 0x90, 0x4f, 0x75,
+ 0x51, 0x7e, 0x7b, 0xa2, 0xf7, 0x47, 0x48, 0xd1,
+ 0x56, 0xad, 0x1d, 0xf2, 0x6a, 0x9b, 0x7c, 0xf2,
+ 0xd3, 0x67, 0xd8, 0x77, 0x42, 0xe2, 0x41, 0x24,
+ 0x1e, 0x60, 0x81, 0x5d, 0x99, 0xa8, 0x91, 0x3e,
+ 0x55, 0xea, 0xda, 0xb2, 0x1b, 0x46, 0x82, 0x6f,
+ 0x14, 0x18, 0xc8, 0x61, 0x89, 0xcc, 0x8c, 0x03,
+ 0x43, 0x4f, 0xb4, 0xe6, 0xdc, 0xc0, 0xb3, 0x80 },
+ .rlen = 512,
+ }
+};
+
/* Cast5 test vectors from RFC 2144 */
#define CAST5_ENC_TEST_VECTORS 3
#define CAST5_DEC_TEST_VECTORS 3
@@ -3610,6 +3892,24 @@ static struct cipher_speed aes_lrw_speed
{ .klen = 0, .blen = 0, }
};
+static struct cipher_speed aes_abl_speed_template[] = {
+ { .klen = 16, .blen = 64, },
+ { .klen = 16, .blen = 256, },
+ { .klen = 16, .blen = 1024, },
+ { .klen = 16, .blen = 8192, },
+ { .klen = 24, .blen = 64, },
+ { .klen = 24, .blen = 256, },
+ { .klen = 24, .blen = 1024, },
+ { .klen = 24, .blen = 8192, },
+ { .klen = 32, .blen = 64, },
+ { .klen = 32, .blen = 256, },
+ { .klen = 32, .blen = 1024, },
+ { .klen = 32, .blen = 8192, },
+
+ /* End marker */
+ { .klen = 0, .blen = 0, }
+};
+
static struct cipher_speed des3_ede_speed_template[] = {
{ .klen = 24, .blen = 16, },
{ .klen = 24, .blen = 64, },
--
1.4.2.1