From: "Rik Snel" Subject: [PATCH 2/2] ABL, Arbitrary Block Length, a tweakable wide block cipher mode Date: Sat, 23 Sep 2006 19:41:04 +0200 Message-ID: <11590332722227-git-send-email-rsnel@cube.dyndns.org> References: <11590332641118-git-send-email-rsnel@cube.dyndns.org> Cc: linux-crypto@vger.kernel.org, Rik Snel Return-path: Received: from smtp-vbr12.xs4all.nl ([194.109.24.32]:6924 "EHLO smtp-vbr12.xs4all.nl") by vger.kernel.org with ESMTP id S1751370AbWIWRle (ORCPT ); Sat, 23 Sep 2006 13:41:34 -0400 To: herbert@gondor.apana.org.au In-Reply-To: <11590332641118-git-send-email-rsnel@cube.dyndns.org> Sender: linux-crypto-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org From: Rik Snel This is a preliminary implementation of ABL as specified by David McGrew and John Viega in: - http://grouper.ieee.org/groups/1619/email/rtf00000.rtf (October 28, 2004) - http://grouper.ieee.org/groups/1619/email/pdf00005.pdf (April 15, 2004) Preliminary, because the specification has not been sufficiently reviewed and is subject to change because the two contradict eachother in a few places (see the comments at the top of abl.c). Currently I have no official test vectors This implementation is only checked against an "independent" and minimal userspace implementation I wrote, which is available at: http://cube.dyndns.org/~rsnel/abl/ I added a self-generated test vector to tcrypt.h and also an ABL specific speed_test_template because this implementation cannot handle input shorter than two blocks. The spec allows it, but I chose not to implement it because it is not needed for harddisk encryption. This implementation also does not handle partial blocks, while the spec allows it. Please do not use this mode for anything serious yet. Signed-off-by: Rik Snel --- crypto/Kconfig | 14 ++ crypto/Makefile | 1 crypto/abl.c | 395 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ crypto/tcrypt.c | 12 ++ crypto/tcrypt.h | 300 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 722 insertions(+), 0 deletions(-) diff --git a/crypto/Kconfig b/crypto/Kconfig index dfdfe08..a665079 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -169,6 +169,20 @@ config CRYPTO_LRW or 256 bits in the key are used for AES and the rest is used to tie each cipher block to its logical position. +config CRYPTO_ABL + tristate "ABL support (EXPERIMENTAL)" + depends on EXPERIMENTAL + select CRYPTO_BLKCIPHER + select CRYPTO_GF128MUL + default n + help + ABL: Arbitrary Block Length, a tweakable, non malleable, non movable + wide block cipher mode. Use it with cipher specification string + aes-lrw-bewbi, the key must be 128, 192 or 256 bits. + + WARNING: The ABL spec is not finalized and still has to be reviewed. + Do not use this mode for anything serious yet. + config CRYPTO_DES tristate "DES and Triple DES EDE cipher algorithms" select CRYPTO_ALGAPI diff --git a/crypto/Makefile b/crypto/Makefile index e2e57be..647019e 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -27,6 +27,7 @@ obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mu obj-$(CONFIG_CRYPTO_ECB) += ecb.o obj-$(CONFIG_CRYPTO_CBC) += cbc.o obj-$(CONFIG_CRYPTO_LRW) += lrw.o +obj-$(CONFIG_CRYPTO_ABL) += abl.o obj-$(CONFIG_CRYPTO_DES) += des.o obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o diff --git a/crypto/abl.c b/crypto/abl.c new file mode 100644 index 0000000..2912c8e --- /dev/null +++ b/crypto/abl.c @@ -0,0 +1,395 @@ +/* ABL: as defined by David A. McGrew and John Viega + * http://grouper.ieee.org/groups/1619/email/rtf00000.rtf (October 28, 2004) + * http://grouper.ieee.org/groups/1619/email/pdf00005.pdf (April 15 2004) + * + * Copyright (c) 2006 Rik Snel + * + * Based om ebc.c + * Copyright (c) 2006 Herbert Xu + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * Limitations: - this module does not support partial blocks + * - the minimum length of the data is 2 blocks + * + * Both limitations do not exist in the ABL specification, but are do not + * influence the use of this module for hard disk encryption + * + * There are three problems with the current specs. + * 1. I use the GHASH specification from the April 15 2004 draft + * 2. The decryption formulas in the October 28 2004 draft are written in + * a weird way (the result is at the wrong side of the equation). This is + * a minor issue, it doesnt affect the bitstream. + * 3. The specs disagree about the order of the IV and the data in the GHASH + * function. I chose the order from the October 28 2004 draft. + */ +#include +#include +#include +#include +#include +#include +#include + +#include "b128ops.h" +#include "gf128mul.h" + +struct priv { + struct crypto_cipher *child; + struct gf128mul_64k table; /* mult table for H */ + u64 l0[2], l1[2], m0[2], m1[2]; +}; + +static int setkey(struct crypto_tfm *parent, const u8 *key, + unsigned int keylen) +{ + struct priv *ctx = crypto_tfm_ctx(parent); + struct crypto_cipher *child = ctx->child; + int err; + u64 H[2] = { 0, }; /* get proper alignment for the + price of some casts */ + + crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK); + crypto_cipher_set_flags(child, crypto_tfm_get_flags(parent) & + CRYPTO_TFM_REQ_MASK); + if ((err = crypto_cipher_setkey(child, key, keylen))) return err; + crypto_tfm_set_flags(parent, crypto_cipher_get_flags(child) & + CRYPTO_TFM_RES_MASK); + + crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child), + (u8 *)H, (u8 *)H); + gf128mul_init_64k_lle(&ctx->table, H); + + /* setup L0, L1, M0, M1 as per paragraph 5.3 of + * the October 28 2004 draft */ + memset(ctx->l0, 0, 16); + ((u8 *)ctx->l0)[15] = 0x01; /* 00000001 */ + crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child), + (u8 *)ctx->l0, (u8 *)ctx->l0); + + memset(ctx->l1, 0, 16); + ((u8 *)ctx->l1)[15] = 0x02; /* 00000010 */ + crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child), + (u8 *)ctx->l1, (u8 *)ctx->l1); + + memset(ctx->m0, 0, 16); + ((u8 *)ctx->m0)[15] = 0x03; /* 00000011 */ + crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child), + (u8 *)ctx->m0, (u8 *)ctx->m0); + + memset(ctx->m1, 0, 16); + ((u8 *)ctx->m1)[15] = 0x04; /* 00000100 */ + crypto_cipher_alg(child)->cia_encrypt(crypto_cipher_tfm(child), + (u8 *)ctx->m1, (u8 *)ctx->m1); + + return 0; +} + +struct sinfo { + const int bs; + u64 b1[2], b2[2], *m; + struct gf128mul_64k *t; + u8 **iv; /* we need to pass the iv to the inner + loop, this is a way to doing that */ + + /* sometimes we must read from *src and sometimes from *dst, + this must be set by the caller to help us decide */ + int rd_dst; + + struct crypto_tfm *tfm; + void (*fn)(struct crypto_tfm*, u8 *, const u8 *); +}; + +/* this define makes it easy to read from the right place */ +#define SRC (s->rd_dst ? dst : src) + +/* round is the function that is called for the first round, it + * may not be NULL, it must return the function (pointer) to + * be used for the next block also non-NULL */ +static int do_stuff(struct blkcipher_desc *d, + struct blkcipher_walk *w, struct sinfo *s, + void *(*round)(struct sinfo*, u8 *, const u8 *)) +{ + unsigned int nbytes_avail; + int err; + + err = blkcipher_walk_virt(d, w); + + while ((nbytes_avail = w->nbytes)) { + u8 *src = w->src.virt.addr; + u8 *dst = w->dst.virt.addr; + + do { + round = round(s, dst, src); + + src += s->bs; + dst += s->bs; + } while ((nbytes_avail -= s->bs) >= s->bs); + + blkcipher_walk_done(d, w, nbytes_avail); + } + + return err; +} + +/* add a complete block to the ghash, don't write anything to dst (!) */ +static inline void *ghash_add_block(struct sinfo *s, u8 *dst, const u8 *src) +{ + b128ops_xor(s->b1, SRC); + gf128mul_64k_lle(s->b1, s->t, s->b2); + return ghash_add_block; +} + +static void *ghash_init_add_iv(struct sinfo *s, u8 *dst, const u8 *src) +{ + memset(s->b1, 0, 16); + + /* ghash_add_block may read from src as well as from dst (depending + * on s->rd_dst), we supply the iv in both places since it never + * writes to dst */ + ghash_add_block(s, *s->iv, *s->iv); + return ghash_add_block; +} + +static void ghash_finalize_calc_f(struct sinfo *s, u32 lx, u64 l[2]) +{ + u64 last[2] = { cpu_to_be64(16<<3), cpu_to_be64(((u64)lx)<<3) }; + b128ops_xor(s->b1, last); + gf128mul_64k_lle(s->b1, s->t, s->b2); + b128ops_xor(s->b1, l); + s->fn(s->tfm, (u8 *)s->b1, (u8 *)s->b1); +} + +/* increment the bigendian u32 at incd */ +static void inc(u8 *incd) +{ + int left = 3; + while (!++incd[left]) { + if (!left--) return; + } +} + +static void *xor_g(struct sinfo *s, u8 *dst, const u8 *src) +{ + b128ops_mov(s->b2, s->b1); + b128ops_xor(s->b2, s->m); + s->fn(s->tfm, (u8 *)s->b2, (u8 *)s->b2); + b128ops_xor(s->b2, SRC); + b128ops_mov(dst, s->b2); + inc((u8 *)s->b1 + 12); + return xor_g; +} + +static void *xor_f_init_g(struct sinfo *s, u8 *dst, const u8 *src) +{ + b128ops_xor(s->b1, SRC); + b128ops_mov(dst, s->b1); + return xor_g; +} + +static void *init_g(struct sinfo *s, u8 *dst, const u8 *src) +{ + b128ops_mov(s->b1, SRC); + b128ops_mov(dst, s->b1); + return xor_g; +} + +static int crypt_common(struct sinfo *s, struct priv *ctx, + struct blkcipher_walk *w, unsigned int n) +{ + if (n < 32) { + printk("ABL for streams < 2 blocks not implemented"); + return -EINVAL; /* there may be a more appropriate message... */ + } + + s->iv = &w->iv; + s->t = &ctx->table; + s->tfm = crypto_cipher_tfm(ctx->child); + s->fn = crypto_cipher_alg(ctx->child)->cia_encrypt; + s->rd_dst = 0; + + return 0; +} + +static int encrypt(struct blkcipher_desc *desc, struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes) +{ + struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); + struct blkcipher_walk w; + struct sinfo s = { .bs = crypto_cipher_blocksize(ctx->child) }; + int err; + + if ((err = crypt_common(&s, ctx, &w, nbytes))) return err; + + /* calc f0(H, Z, B) */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err; + ghash_finalize_calc_f(&s, nbytes - 16, ctx->l0); + + /* C <- A xor f0(H, Z, B) + * D <- B xor g0(K, C) */ + s.m = ctx->m0; /* set the correct value of m */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, xor_f_init_g))) return err; + + /* from here the data is in *dst, so read it from there */ + s.rd_dst = 1; + + /* calc f1(H, Z, D) */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err; + ghash_finalize_calc_f(&s, nbytes - 16, ctx->l1); + + /* E <- C xor f1(H, Z, D) + * F <- D xor g1(K, E) */ + s.m = ctx->m1; /* set the correct value of m */ + blkcipher_walk_init(&w, dst, src, nbytes); + err = do_stuff(desc, &w, &s, xor_f_init_g); + + return err; +} + +static int decrypt(struct blkcipher_desc *desc, struct scatterlist *dst, + struct scatterlist *src, unsigned int nbytes) +{ + struct priv *ctx = crypto_blkcipher_ctx(desc->tfm); + struct blkcipher_walk w; + struct sinfo s = { .bs = crypto_cipher_blocksize(ctx->child) }; + int err; + + if ((err = crypt_common(&s, ctx, &w, nbytes))) return err; + + /* D <- F xor g1(K, E) */ + s.m = ctx->m1; /* set the correct value of m */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, init_g))) return err; + + /* from here the data is in *dst, so read it from there */ + s.rd_dst = 1; + + /* calc f1(H, Z, D) */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err; + ghash_finalize_calc_f(&s, nbytes - 16, ctx->l1); + + /* C <- E xor f1(H, Z, D) + * B <- D xor g0(K, C) */ + s.m = ctx->m0; /* set the correct value of m */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, xor_f_init_g))) return err; + + /* calc f0(H, Z, B) */ + blkcipher_walk_init(&w, dst, src, nbytes); + if ((err = do_stuff(desc, &w, &s, ghash_init_add_iv))) return err; + ghash_finalize_calc_f(&s, nbytes - 16, ctx->l0); + + /* A <- C xor f0(H, Z, B) (we only need the first block) */ + blkcipher_walk_init(&w, dst, src, nbytes); + err = blkcipher_walk_virt(desc, &w); + if (w.nbytes) b128ops_xor(w.dst.virt.addr, s.b1); + + return err; +} + +static int init_tfm(struct crypto_tfm *tfm) +{ + struct crypto_instance *inst = (void *)tfm->__crt_alg; + struct crypto_spawn *spawn = crypto_instance_ctx(inst); + struct priv *ctx = crypto_tfm_ctx(tfm); + u32 *flags = &tfm->crt_flags; + + tfm = crypto_spawn_tfm(spawn); + if (IS_ERR(tfm)) + return PTR_ERR(tfm); + + if (crypto_tfm_alg_blocksize(tfm) != 16) { + *flags |= CRYPTO_TFM_RES_BAD_BLOCK_LEN; + return -EINVAL; + } + + ctx->child = crypto_cipher_cast(tfm); + return 0; +} + +static void exit_tfm(struct crypto_tfm *tfm) +{ + struct priv *ctx = crypto_tfm_ctx(tfm); + crypto_free_cipher(ctx->child); +} + +static struct crypto_instance *alloc(void *param, unsigned int len) +{ + struct crypto_instance *inst; + struct crypto_alg *alg; + + alg = crypto_get_attr_alg(param, len, CRYPTO_ALG_TYPE_CIPHER, + CRYPTO_ALG_TYPE_MASK | CRYPTO_ALG_ASYNC); + if (IS_ERR(alg)) + return ERR_PTR(PTR_ERR(alg)); + + inst = crypto_alloc_instance("abl", alg); + if (IS_ERR(inst)) + goto out_put_alg; + + inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER; + inst->alg.cra_priority = alg->cra_priority; + inst->alg.cra_blocksize = alg->cra_blocksize; + + if (alg->cra_alignmask < sizeof(int) - 1) + inst->alg.cra_alignmask = sizeof(int) -1; + else inst->alg.cra_alignmask = alg->cra_alignmask; + inst->alg.cra_type = &crypto_blkcipher_type; + + inst->alg.cra_type = &crypto_blkcipher_type; + + if (!(alg->cra_blocksize % 4)) + inst->alg.cra_alignmask |= 3; + inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize; + inst->alg.cra_blkcipher.min_keysize = alg->cra_cipher.cia_min_keysize; + inst->alg.cra_blkcipher.max_keysize = alg->cra_cipher.cia_max_keysize; + + inst->alg.cra_ctxsize = sizeof(struct priv); + + inst->alg.cra_init = init_tfm; + inst->alg.cra_exit = exit_tfm; + + inst->alg.cra_blkcipher.setkey = setkey; + inst->alg.cra_blkcipher.encrypt = encrypt; + inst->alg.cra_blkcipher.decrypt = decrypt; + +out_put_alg: + crypto_mod_put(alg); + return inst; +} + +static void free(struct crypto_instance *inst) +{ + crypto_drop_spawn(crypto_instance_ctx(inst)); + kfree(inst); +} + +static struct crypto_template crypto_tmpl = { + .name = "abl", + .alloc = alloc, + .free = free, + .module = THIS_MODULE, +}; + +static int __init crypto_module_init(void) +{ + return crypto_register_template(&crypto_tmpl); +} + +static void __exit crypto_module_exit(void) +{ + crypto_unregister_template(&crypto_tmpl); +} + +module_init(crypto_module_init); +module_exit(crypto_module_exit); + +MODULE_LICENSE("GPL"); +MODULE_DESCRIPTION("ABL block cipher mode"); diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 777fc63..32c8457 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -910,6 +910,10 @@ static void do_test(void) AES_LRW_ENC_TEST_VECTORS); test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, AES_LRW_DEC_TEST_VECTORS); + test_cipher("abl(aes)", ENCRYPT, aes_abl_enc_tv_template, + AES_ABL_ENC_TEST_VECTORS); + test_cipher("abl(aes)", DECRYPT, aes_abl_dec_tv_template, + AES_ABL_DEC_TEST_VECTORS); //CAST5 test_cipher("ecb(cast5)", ENCRYPT, cast5_enc_tv_template, @@ -1060,6 +1064,10 @@ static void do_test(void) AES_LRW_ENC_TEST_VECTORS); test_cipher("lrw(aes)", DECRYPT, aes_lrw_dec_tv_template, AES_LRW_DEC_TEST_VECTORS); + test_cipher("abl(aes)", ENCRYPT, aes_abl_enc_tv_template, + AES_ABL_ENC_TEST_VECTORS); + test_cipher("abl(aes)", DECRYPT, aes_abl_dec_tv_template, + AES_ABL_DEC_TEST_VECTORS); break; case 11: @@ -1203,6 +1211,10 @@ static void do_test(void) aes_lrw_speed_template); test_cipher_speed("lrw(aes)", DECRYPT, sec, NULL, 0, aes_lrw_speed_template); + test_cipher_speed("abl(aes)", ENCRYPT, sec, NULL, 0, + aes_abl_speed_template); + test_cipher_speed("abl(aes)", DECRYPT, sec, NULL, 0, + aes_abl_speed_template); break; case 201: diff --git a/crypto/tcrypt.h b/crypto/tcrypt.h index 59fbc39..d6696b2 100644 --- a/crypto/tcrypt.h +++ b/crypto/tcrypt.h @@ -1833,6 +1833,8 @@ #define AES_CBC_ENC_TEST_VECTORS 2 #define AES_CBC_DEC_TEST_VECTORS 2 #define AES_LRW_ENC_TEST_VECTORS 8 #define AES_LRW_DEC_TEST_VECTORS 8 +#define AES_ABL_ENC_TEST_VECTORS 1 +#define AES_ABL_DEC_TEST_VECTORS 1 static struct cipher_testvec aes_enc_tv_template[] = { { /* From FIPS-197 */ @@ -2473,6 +2475,286 @@ static struct cipher_testvec aes_lrw_dec } }; +static struct cipher_testvec aes_abl_enc_tv_template[] = { + { /* self-generated based on mostly independent implementation */ + .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, + .klen = 16, + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + .input = { 0xaa, 0x31, 0x30, 0x88, 0xdb, 0xbc, 0x32, 0xb6, + 0x71, 0xd6, 0x5d, 0x31, 0x3d, 0x91, 0x01, 0xf5, + 0x11, 0x5f, 0x4b, 0xdd, 0x4f, 0x6c, 0x01, 0xd4, + 0x57, 0xb3, 0x5f, 0x0f, 0x7a, 0x55, 0x5a, 0xc4, + 0x51, 0x59, 0xcf, 0x6b, 0x49, 0x77, 0x0e, 0x46, + 0xb0, 0x7e, 0xa8, 0xa9, 0x4e, 0x0f, 0xb1, 0x4f, + 0x56, 0xa8, 0x5b, 0x96, 0x7a, 0xa4, 0x68, 0x19, + 0xbd, 0x7f, 0x50, 0x58, 0x5c, 0x24, 0x09, 0x0a, + 0x8f, 0x58, 0xb9, 0x29, 0x05, 0x8a, 0x53, 0xdd, + 0x87, 0x7c, 0x7e, 0x89, 0x9b, 0xf7, 0x59, 0xdf, + 0x8f, 0x31, 0xa4, 0x91, 0x41, 0x85, 0x21, 0x99, + 0xbf, 0x15, 0x20, 0xc0, 0xd3, 0xba, 0xe1, 0x55, + 0x50, 0xd2, 0x08, 0xd1, 0xe0, 0xb5, 0x56, 0xd5, + 0xe6, 0x3e, 0xbc, 0xac, 0xf5, 0x6f, 0x9d, 0xcc, + 0x53, 0xad, 0xfb, 0x1b, 0x75, 0xcf, 0xd5, 0x96, + 0x3a, 0x96, 0xe5, 0x66, 0x40, 0x74, 0x10, 0xfe, + 0xe8, 0xe3, 0x54, 0xcb, 0x4d, 0x3e, 0x8c, 0x53, + 0x30, 0x3d, 0xdf, 0xe4, 0x30, 0xe3, 0x1c, 0x83, + 0xdb, 0xd8, 0x2e, 0xe8, 0x3a, 0x85, 0xed, 0x6b, + 0xd4, 0xa7, 0x69, 0x1d, 0x6f, 0xb5, 0xca, 0x0b, + 0x73, 0x94, 0x09, 0xb3, 0xfe, 0xa0, 0x18, 0x56, + 0x6a, 0x3f, 0xa1, 0x1c, 0xee, 0x5c, 0xa5, 0xc0, + 0x59, 0x38, 0xe7, 0x28, 0xf6, 0x0e, 0xd9, 0xd7, + 0xdd, 0x1d, 0x38, 0x71, 0xed, 0xdf, 0xc5, 0x21, + 0x31, 0x1f, 0xcb, 0xa3, 0x0c, 0xfb, 0xc2, 0xe0, + 0x27, 0xf0, 0x76, 0xa8, 0x39, 0xac, 0xdc, 0x61, + 0x00, 0x4e, 0xf3, 0xe5, 0xb7, 0x5c, 0xdc, 0xfa, + 0xec, 0x00, 0x5d, 0x2e, 0x94, 0x9f, 0x70, 0xe2, + 0xb0, 0x7c, 0x2d, 0xb0, 0xca, 0x0b, 0x60, 0x12, + 0xea, 0x9d, 0x1e, 0xfc, 0x78, 0x29, 0xbf, 0xcf, + 0x13, 0x2c, 0x86, 0x9a, 0x47, 0xfb, 0x4b, 0xf5, + 0xf0, 0x2c, 0x62, 0xfd, 0xda, 0x4b, 0x4e, 0xe8, + 0xa0, 0x83, 0xb0, 0x56, 0x81, 0x25, 0x88, 0x36, + 0xad, 0xbb, 0x4f, 0x6e, 0xa7, 0x03, 0x69, 0xc4, + 0x10, 0xac, 0x6c, 0xac, 0xe3, 0xcc, 0x66, 0xaf, + 0xbb, 0x52, 0x20, 0x5f, 0x66, 0x98, 0x3d, 0x67, + 0x2b, 0x5d, 0xd9, 0xb8, 0x1c, 0x82, 0x48, 0x35, + 0x19, 0xc1, 0xe7, 0x62, 0x18, 0x90, 0xd8, 0x75, + 0xde, 0x9e, 0x1d, 0x91, 0x9a, 0x8b, 0xba, 0x41, + 0xa1, 0xcd, 0xf6, 0x04, 0xc5, 0x76, 0xaf, 0x2d, + 0x6e, 0xef, 0xd8, 0x72, 0x1a, 0x51, 0xff, 0x1e, + 0x26, 0x29, 0x37, 0x23, 0x27, 0x26, 0x08, 0x77, + 0xfe, 0x73, 0xa6, 0x7a, 0x1e, 0x36, 0xb4, 0x74, + 0xe3, 0x4a, 0xcd, 0xc5, 0x19, 0x6e, 0x59, 0xf3, + 0xd7, 0x89, 0xfd, 0x14, 0xad, 0xed, 0x4e, 0xbe, + 0x1a, 0xd5, 0x87, 0xec, 0x3d, 0x46, 0x2f, 0x08, + 0x47, 0x42, 0x76, 0xb6, 0x9e, 0x70, 0x0e, 0x57, + 0x72, 0x16, 0xb4, 0x69, 0xd6, 0xc1, 0x39, 0x5b, + 0xdb, 0x9f, 0xfb, 0xb3, 0x36, 0xcf, 0xd5, 0x42, + 0x06, 0x72, 0xfd, 0x11, 0xaf, 0x56, 0x2b, 0x16, + 0xdc, 0xb9, 0x84, 0x43, 0xca, 0x94, 0x71, 0x1b, + 0xb6, 0x32, 0xc3, 0x16, 0xb0, 0x2a, 0x3b, 0xaf, + 0x90, 0xf6, 0xa8, 0x08, 0x9c, 0x82, 0xba, 0x0a, + 0x9f, 0x61, 0x4d, 0x3e, 0x35, 0x0a, 0x7f, 0x17, + 0x2d, 0x1d, 0x22, 0xa8, 0xdf, 0x48, 0xbb, 0xec, + 0xf6, 0x0c, 0x21, 0x1a, 0x8f, 0xb9, 0x79, 0xc9, + 0xba, 0xd5, 0xac, 0x11, 0x34, 0x90, 0x4f, 0x75, + 0x51, 0x7e, 0x7b, 0xa2, 0xf7, 0x47, 0x48, 0xd1, + 0x56, 0xad, 0x1d, 0xf2, 0x6a, 0x9b, 0x7c, 0xf2, + 0xd3, 0x67, 0xd8, 0x77, 0x42, 0xe2, 0x41, 0x24, + 0x1e, 0x60, 0x81, 0x5d, 0x99, 0xa8, 0x91, 0x3e, + 0x55, 0xea, 0xda, 0xb2, 0x1b, 0x46, 0x82, 0x6f, + 0x14, 0x18, 0xc8, 0x61, 0x89, 0xcc, 0x8c, 0x03, + 0x43, 0x4f, 0xb4, 0xe6, 0xdc, 0xc0, 0xb3, 0x80 }, + .ilen = 512, + .result = { 0xab, 0xd1, 0x19, 0xa6, 0x58, 0xd9, 0x51, 0xf6, + 0x45, 0x67, 0x1b, 0xab, 0x2f, 0x75, 0x4b, 0x22, + 0xa5, 0x5b, 0x1d, 0xdb, 0x50, 0x9c, 0x60, 0xe3, + 0xf8, 0x39, 0x01, 0x5d, 0xbc, 0x67, 0x6f, 0x6a, + 0x52, 0xda, 0x36, 0xa3, 0x7b, 0xce, 0x3e, 0x1c, + 0x9e, 0x35, 0xef, 0x65, 0xf3, 0x9a, 0x58, 0x1c, + 0x6a, 0xa0, 0x78, 0x15, 0x8a, 0x93, 0x94, 0xb6, + 0x2d, 0xfc, 0xca, 0x2c, 0x35, 0x0f, 0x98, 0x51, + 0x5d, 0x92, 0xb5, 0xfe, 0xb9, 0x82, 0xda, 0x7b, + 0x4b, 0xd6, 0xe5, 0xd8, 0xc0, 0x27, 0x16, 0x47, + 0x04, 0x36, 0x1f, 0xcf, 0xfc, 0x06, 0x68, 0x10, + 0x86, 0x6e, 0xcc, 0x2a, 0x17, 0xa8, 0x65, 0x59, + 0x35, 0x78, 0x20, 0x0f, 0xc8, 0xf5, 0x14, 0xad, + 0xa3, 0x1b, 0x0a, 0x50, 0x72, 0xdd, 0x19, 0xa2, + 0xa3, 0xe1, 0x2c, 0x6f, 0xcc, 0x85, 0xe5, 0x46, + 0x17, 0xf4, 0x0c, 0x59, 0xde, 0xfa, 0x73, 0x15, + 0x4e, 0x75, 0x00, 0x6c, 0x0f, 0x1e, 0xe6, 0xa0, + 0x86, 0x7c, 0xe6, 0xf8, 0x1b, 0xcc, 0x90, 0x90, + 0x2e, 0x9c, 0x76, 0x19, 0x49, 0xea, 0xab, 0x9f, + 0x7c, 0xd0, 0x22, 0x8a, 0x85, 0xc5, 0xe6, 0x74, + 0x6a, 0xce, 0xe9, 0x05, 0x9b, 0x16, 0x1e, 0xe4, + 0x31, 0x5a, 0x33, 0xd9, 0x28, 0xb6, 0xc4, 0xe9, + 0xf6, 0xa4, 0x71, 0xe0, 0xa4, 0x93, 0x1e, 0x13, + 0xee, 0x35, 0x96, 0x4c, 0xb4, 0xf6, 0xfa, 0xa4, + 0xab, 0x35, 0xec, 0x7d, 0x7f, 0x85, 0x0c, 0x95, + 0xc4, 0x76, 0x76, 0xbc, 0xcd, 0xb1, 0xed, 0x91, + 0xa5, 0xfd, 0x92, 0x67, 0x5f, 0x16, 0x29, 0xf9, + 0xb0, 0xdb, 0x66, 0x2f, 0x3b, 0x78, 0x1c, 0xfd, + 0x05, 0xd3, 0x6f, 0xe0, 0x77, 0xf6, 0x0b, 0xba, + 0x16, 0x8d, 0x48, 0x77, 0xf7, 0xbc, 0xe0, 0x65, + 0xb8, 0x33, 0xa6, 0xfc, 0xae, 0xc6, 0xb5, 0x34, + 0xf5, 0x7a, 0x3d, 0x8e, 0x36, 0x70, 0xd4, 0x80, + 0xdb, 0x86, 0xa2, 0xbe, 0xb0, 0xb6, 0x40, 0xa8, + 0xd6, 0x84, 0x97, 0x8a, 0xa9, 0x30, 0x7c, 0xfa, + 0xf3, 0x1a, 0x3a, 0xd0, 0xf7, 0xad, 0x4b, 0x8f, + 0x60, 0x86, 0xf7, 0xb8, 0xb9, 0xfb, 0x6f, 0x9b, + 0x52, 0xbc, 0x8a, 0x11, 0x85, 0xfa, 0xab, 0x89, + 0x1f, 0x8c, 0x39, 0xb3, 0xbd, 0x44, 0x34, 0xe0, + 0x6f, 0x59, 0x7c, 0x02, 0x75, 0x3e, 0x12, 0x77, + 0xa6, 0x78, 0xf0, 0xea, 0x62, 0xbf, 0x40, 0x64, + 0xde, 0xb1, 0xb5, 0xe1, 0x2c, 0x92, 0x1c, 0xda, + 0xe7, 0xeb, 0xb0, 0x1d, 0x23, 0x94, 0x15, 0x42, + 0x46, 0x2a, 0xa5, 0x64, 0x13, 0x23, 0xec, 0x67, + 0x3e, 0xae, 0xcc, 0xd9, 0xd8, 0x1f, 0x87, 0x59, + 0x9c, 0x8c, 0xc4, 0xeb, 0xa5, 0x9e, 0xf7, 0x49, + 0xf9, 0xe3, 0x7e, 0x6a, 0x0a, 0xd0, 0x51, 0xc2, + 0x04, 0xbe, 0xce, 0x6e, 0xa4, 0x0f, 0x50, 0xb0, + 0xf9, 0xb5, 0xd8, 0x67, 0xb5, 0x55, 0x03, 0x75, + 0xae, 0x28, 0xa3, 0xe4, 0x30, 0xcd, 0x95, 0x23, + 0x7f, 0x05, 0xf7, 0xa3, 0x68, 0x8b, 0x08, 0x42, + 0xf1, 0x9a, 0xb1, 0x8c, 0xae, 0x8f, 0x9c, 0xc4, + 0x37, 0xf6, 0x04, 0xaf, 0x8c, 0x2d, 0xc7, 0xe3, + 0x32, 0x8d, 0xe6, 0xc9, 0x7d, 0x5c, 0x4e, 0xd6, + 0xa4, 0x9f, 0x28, 0xf9, 0x78, 0x25, 0x25, 0x19, + 0x77, 0xa7, 0x9a, 0x30, 0xcd, 0x19, 0x30, 0x62, + 0x5f, 0x13, 0xab, 0x81, 0x23, 0xc3, 0x6c, 0x77, + 0x24, 0xb4, 0x03, 0x22, 0x96, 0x58, 0x66, 0x25, + 0x87, 0x11, 0xe9, 0x12, 0xc4, 0x29, 0xba, 0xc3, + 0x2a, 0xad, 0xb6, 0xb4, 0x96, 0x6a, 0x82, 0x36, + 0xdb, 0x7d, 0xf1, 0x1c, 0x6e, 0xf8, 0xa2, 0x84, + 0xd5, 0x2a, 0xf7, 0x41, 0xf6, 0x2a, 0xff, 0xd7, + 0x9c, 0x7f, 0x6e, 0x7a, 0xbe, 0xa5, 0x7e, 0xc2, + 0xe6, 0x28, 0x9c, 0xdb, 0x73, 0x67, 0x15, 0xad, + 0x09, 0xbf, 0x73, 0x90, 0x2b, 0x64, 0xef, 0x12 }, + .rlen = 512, + } +}; + +static struct cipher_testvec aes_abl_dec_tv_template[] = { + { /* self-generated based on mostly independent implementation */ + .key = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 }, + .klen = 16, + .iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, + .input = { 0xab, 0xd1, 0x19, 0xa6, 0x58, 0xd9, 0x51, 0xf6, + 0x45, 0x67, 0x1b, 0xab, 0x2f, 0x75, 0x4b, 0x22, + 0xa5, 0x5b, 0x1d, 0xdb, 0x50, 0x9c, 0x60, 0xe3, + 0xf8, 0x39, 0x01, 0x5d, 0xbc, 0x67, 0x6f, 0x6a, + 0x52, 0xda, 0x36, 0xa3, 0x7b, 0xce, 0x3e, 0x1c, + 0x9e, 0x35, 0xef, 0x65, 0xf3, 0x9a, 0x58, 0x1c, + 0x6a, 0xa0, 0x78, 0x15, 0x8a, 0x93, 0x94, 0xb6, + 0x2d, 0xfc, 0xca, 0x2c, 0x35, 0x0f, 0x98, 0x51, + 0x5d, 0x92, 0xb5, 0xfe, 0xb9, 0x82, 0xda, 0x7b, + 0x4b, 0xd6, 0xe5, 0xd8, 0xc0, 0x27, 0x16, 0x47, + 0x04, 0x36, 0x1f, 0xcf, 0xfc, 0x06, 0x68, 0x10, + 0x86, 0x6e, 0xcc, 0x2a, 0x17, 0xa8, 0x65, 0x59, + 0x35, 0x78, 0x20, 0x0f, 0xc8, 0xf5, 0x14, 0xad, + 0xa3, 0x1b, 0x0a, 0x50, 0x72, 0xdd, 0x19, 0xa2, + 0xa3, 0xe1, 0x2c, 0x6f, 0xcc, 0x85, 0xe5, 0x46, + 0x17, 0xf4, 0x0c, 0x59, 0xde, 0xfa, 0x73, 0x15, + 0x4e, 0x75, 0x00, 0x6c, 0x0f, 0x1e, 0xe6, 0xa0, + 0x86, 0x7c, 0xe6, 0xf8, 0x1b, 0xcc, 0x90, 0x90, + 0x2e, 0x9c, 0x76, 0x19, 0x49, 0xea, 0xab, 0x9f, + 0x7c, 0xd0, 0x22, 0x8a, 0x85, 0xc5, 0xe6, 0x74, + 0x6a, 0xce, 0xe9, 0x05, 0x9b, 0x16, 0x1e, 0xe4, + 0x31, 0x5a, 0x33, 0xd9, 0x28, 0xb6, 0xc4, 0xe9, + 0xf6, 0xa4, 0x71, 0xe0, 0xa4, 0x93, 0x1e, 0x13, + 0xee, 0x35, 0x96, 0x4c, 0xb4, 0xf6, 0xfa, 0xa4, + 0xab, 0x35, 0xec, 0x7d, 0x7f, 0x85, 0x0c, 0x95, + 0xc4, 0x76, 0x76, 0xbc, 0xcd, 0xb1, 0xed, 0x91, + 0xa5, 0xfd, 0x92, 0x67, 0x5f, 0x16, 0x29, 0xf9, + 0xb0, 0xdb, 0x66, 0x2f, 0x3b, 0x78, 0x1c, 0xfd, + 0x05, 0xd3, 0x6f, 0xe0, 0x77, 0xf6, 0x0b, 0xba, + 0x16, 0x8d, 0x48, 0x77, 0xf7, 0xbc, 0xe0, 0x65, + 0xb8, 0x33, 0xa6, 0xfc, 0xae, 0xc6, 0xb5, 0x34, + 0xf5, 0x7a, 0x3d, 0x8e, 0x36, 0x70, 0xd4, 0x80, + 0xdb, 0x86, 0xa2, 0xbe, 0xb0, 0xb6, 0x40, 0xa8, + 0xd6, 0x84, 0x97, 0x8a, 0xa9, 0x30, 0x7c, 0xfa, + 0xf3, 0x1a, 0x3a, 0xd0, 0xf7, 0xad, 0x4b, 0x8f, + 0x60, 0x86, 0xf7, 0xb8, 0xb9, 0xfb, 0x6f, 0x9b, + 0x52, 0xbc, 0x8a, 0x11, 0x85, 0xfa, 0xab, 0x89, + 0x1f, 0x8c, 0x39, 0xb3, 0xbd, 0x44, 0x34, 0xe0, + 0x6f, 0x59, 0x7c, 0x02, 0x75, 0x3e, 0x12, 0x77, + 0xa6, 0x78, 0xf0, 0xea, 0x62, 0xbf, 0x40, 0x64, + 0xde, 0xb1, 0xb5, 0xe1, 0x2c, 0x92, 0x1c, 0xda, + 0xe7, 0xeb, 0xb0, 0x1d, 0x23, 0x94, 0x15, 0x42, + 0x46, 0x2a, 0xa5, 0x64, 0x13, 0x23, 0xec, 0x67, + 0x3e, 0xae, 0xcc, 0xd9, 0xd8, 0x1f, 0x87, 0x59, + 0x9c, 0x8c, 0xc4, 0xeb, 0xa5, 0x9e, 0xf7, 0x49, + 0xf9, 0xe3, 0x7e, 0x6a, 0x0a, 0xd0, 0x51, 0xc2, + 0x04, 0xbe, 0xce, 0x6e, 0xa4, 0x0f, 0x50, 0xb0, + 0xf9, 0xb5, 0xd8, 0x67, 0xb5, 0x55, 0x03, 0x75, + 0xae, 0x28, 0xa3, 0xe4, 0x30, 0xcd, 0x95, 0x23, + 0x7f, 0x05, 0xf7, 0xa3, 0x68, 0x8b, 0x08, 0x42, + 0xf1, 0x9a, 0xb1, 0x8c, 0xae, 0x8f, 0x9c, 0xc4, + 0x37, 0xf6, 0x04, 0xaf, 0x8c, 0x2d, 0xc7, 0xe3, + 0x32, 0x8d, 0xe6, 0xc9, 0x7d, 0x5c, 0x4e, 0xd6, + 0xa4, 0x9f, 0x28, 0xf9, 0x78, 0x25, 0x25, 0x19, + 0x77, 0xa7, 0x9a, 0x30, 0xcd, 0x19, 0x30, 0x62, + 0x5f, 0x13, 0xab, 0x81, 0x23, 0xc3, 0x6c, 0x77, + 0x24, 0xb4, 0x03, 0x22, 0x96, 0x58, 0x66, 0x25, + 0x87, 0x11, 0xe9, 0x12, 0xc4, 0x29, 0xba, 0xc3, + 0x2a, 0xad, 0xb6, 0xb4, 0x96, 0x6a, 0x82, 0x36, + 0xdb, 0x7d, 0xf1, 0x1c, 0x6e, 0xf8, 0xa2, 0x84, + 0xd5, 0x2a, 0xf7, 0x41, 0xf6, 0x2a, 0xff, 0xd7, + 0x9c, 0x7f, 0x6e, 0x7a, 0xbe, 0xa5, 0x7e, 0xc2, + 0xe6, 0x28, 0x9c, 0xdb, 0x73, 0x67, 0x15, 0xad, + 0x09, 0xbf, 0x73, 0x90, 0x2b, 0x64, 0xef, 0x12 }, + .ilen = 512, + .result = { 0xaa, 0x31, 0x30, 0x88, 0xdb, 0xbc, 0x32, 0xb6, + 0x71, 0xd6, 0x5d, 0x31, 0x3d, 0x91, 0x01, 0xf5, + 0x11, 0x5f, 0x4b, 0xdd, 0x4f, 0x6c, 0x01, 0xd4, + 0x57, 0xb3, 0x5f, 0x0f, 0x7a, 0x55, 0x5a, 0xc4, + 0x51, 0x59, 0xcf, 0x6b, 0x49, 0x77, 0x0e, 0x46, + 0xb0, 0x7e, 0xa8, 0xa9, 0x4e, 0x0f, 0xb1, 0x4f, + 0x56, 0xa8, 0x5b, 0x96, 0x7a, 0xa4, 0x68, 0x19, + 0xbd, 0x7f, 0x50, 0x58, 0x5c, 0x24, 0x09, 0x0a, + 0x8f, 0x58, 0xb9, 0x29, 0x05, 0x8a, 0x53, 0xdd, + 0x87, 0x7c, 0x7e, 0x89, 0x9b, 0xf7, 0x59, 0xdf, + 0x8f, 0x31, 0xa4, 0x91, 0x41, 0x85, 0x21, 0x99, + 0xbf, 0x15, 0x20, 0xc0, 0xd3, 0xba, 0xe1, 0x55, + 0x50, 0xd2, 0x08, 0xd1, 0xe0, 0xb5, 0x56, 0xd5, + 0xe6, 0x3e, 0xbc, 0xac, 0xf5, 0x6f, 0x9d, 0xcc, + 0x53, 0xad, 0xfb, 0x1b, 0x75, 0xcf, 0xd5, 0x96, + 0x3a, 0x96, 0xe5, 0x66, 0x40, 0x74, 0x10, 0xfe, + 0xe8, 0xe3, 0x54, 0xcb, 0x4d, 0x3e, 0x8c, 0x53, + 0x30, 0x3d, 0xdf, 0xe4, 0x30, 0xe3, 0x1c, 0x83, + 0xdb, 0xd8, 0x2e, 0xe8, 0x3a, 0x85, 0xed, 0x6b, + 0xd4, 0xa7, 0x69, 0x1d, 0x6f, 0xb5, 0xca, 0x0b, + 0x73, 0x94, 0x09, 0xb3, 0xfe, 0xa0, 0x18, 0x56, + 0x6a, 0x3f, 0xa1, 0x1c, 0xee, 0x5c, 0xa5, 0xc0, + 0x59, 0x38, 0xe7, 0x28, 0xf6, 0x0e, 0xd9, 0xd7, + 0xdd, 0x1d, 0x38, 0x71, 0xed, 0xdf, 0xc5, 0x21, + 0x31, 0x1f, 0xcb, 0xa3, 0x0c, 0xfb, 0xc2, 0xe0, + 0x27, 0xf0, 0x76, 0xa8, 0x39, 0xac, 0xdc, 0x61, + 0x00, 0x4e, 0xf3, 0xe5, 0xb7, 0x5c, 0xdc, 0xfa, + 0xec, 0x00, 0x5d, 0x2e, 0x94, 0x9f, 0x70, 0xe2, + 0xb0, 0x7c, 0x2d, 0xb0, 0xca, 0x0b, 0x60, 0x12, + 0xea, 0x9d, 0x1e, 0xfc, 0x78, 0x29, 0xbf, 0xcf, + 0x13, 0x2c, 0x86, 0x9a, 0x47, 0xfb, 0x4b, 0xf5, + 0xf0, 0x2c, 0x62, 0xfd, 0xda, 0x4b, 0x4e, 0xe8, + 0xa0, 0x83, 0xb0, 0x56, 0x81, 0x25, 0x88, 0x36, + 0xad, 0xbb, 0x4f, 0x6e, 0xa7, 0x03, 0x69, 0xc4, + 0x10, 0xac, 0x6c, 0xac, 0xe3, 0xcc, 0x66, 0xaf, + 0xbb, 0x52, 0x20, 0x5f, 0x66, 0x98, 0x3d, 0x67, + 0x2b, 0x5d, 0xd9, 0xb8, 0x1c, 0x82, 0x48, 0x35, + 0x19, 0xc1, 0xe7, 0x62, 0x18, 0x90, 0xd8, 0x75, + 0xde, 0x9e, 0x1d, 0x91, 0x9a, 0x8b, 0xba, 0x41, + 0xa1, 0xcd, 0xf6, 0x04, 0xc5, 0x76, 0xaf, 0x2d, + 0x6e, 0xef, 0xd8, 0x72, 0x1a, 0x51, 0xff, 0x1e, + 0x26, 0x29, 0x37, 0x23, 0x27, 0x26, 0x08, 0x77, + 0xfe, 0x73, 0xa6, 0x7a, 0x1e, 0x36, 0xb4, 0x74, + 0xe3, 0x4a, 0xcd, 0xc5, 0x19, 0x6e, 0x59, 0xf3, + 0xd7, 0x89, 0xfd, 0x14, 0xad, 0xed, 0x4e, 0xbe, + 0x1a, 0xd5, 0x87, 0xec, 0x3d, 0x46, 0x2f, 0x08, + 0x47, 0x42, 0x76, 0xb6, 0x9e, 0x70, 0x0e, 0x57, + 0x72, 0x16, 0xb4, 0x69, 0xd6, 0xc1, 0x39, 0x5b, + 0xdb, 0x9f, 0xfb, 0xb3, 0x36, 0xcf, 0xd5, 0x42, + 0x06, 0x72, 0xfd, 0x11, 0xaf, 0x56, 0x2b, 0x16, + 0xdc, 0xb9, 0x84, 0x43, 0xca, 0x94, 0x71, 0x1b, + 0xb6, 0x32, 0xc3, 0x16, 0xb0, 0x2a, 0x3b, 0xaf, + 0x90, 0xf6, 0xa8, 0x08, 0x9c, 0x82, 0xba, 0x0a, + 0x9f, 0x61, 0x4d, 0x3e, 0x35, 0x0a, 0x7f, 0x17, + 0x2d, 0x1d, 0x22, 0xa8, 0xdf, 0x48, 0xbb, 0xec, + 0xf6, 0x0c, 0x21, 0x1a, 0x8f, 0xb9, 0x79, 0xc9, + 0xba, 0xd5, 0xac, 0x11, 0x34, 0x90, 0x4f, 0x75, + 0x51, 0x7e, 0x7b, 0xa2, 0xf7, 0x47, 0x48, 0xd1, + 0x56, 0xad, 0x1d, 0xf2, 0x6a, 0x9b, 0x7c, 0xf2, + 0xd3, 0x67, 0xd8, 0x77, 0x42, 0xe2, 0x41, 0x24, + 0x1e, 0x60, 0x81, 0x5d, 0x99, 0xa8, 0x91, 0x3e, + 0x55, 0xea, 0xda, 0xb2, 0x1b, 0x46, 0x82, 0x6f, + 0x14, 0x18, 0xc8, 0x61, 0x89, 0xcc, 0x8c, 0x03, + 0x43, 0x4f, 0xb4, 0xe6, 0xdc, 0xc0, 0xb3, 0x80 }, + .rlen = 512, + } +}; + /* Cast5 test vectors from RFC 2144 */ #define CAST5_ENC_TEST_VECTORS 3 #define CAST5_DEC_TEST_VECTORS 3 @@ -3610,6 +3892,24 @@ static struct cipher_speed aes_lrw_speed { .klen = 0, .blen = 0, } }; +static struct cipher_speed aes_abl_speed_template[] = { + { .klen = 16, .blen = 64, }, + { .klen = 16, .blen = 256, }, + { .klen = 16, .blen = 1024, }, + { .klen = 16, .blen = 8192, }, + { .klen = 24, .blen = 64, }, + { .klen = 24, .blen = 256, }, + { .klen = 24, .blen = 1024, }, + { .klen = 24, .blen = 8192, }, + { .klen = 32, .blen = 64, }, + { .klen = 32, .blen = 256, }, + { .klen = 32, .blen = 1024, }, + { .klen = 32, .blen = 8192, }, + + /* End marker */ + { .klen = 0, .blen = 0, } +}; + static struct cipher_speed des3_ede_speed_template[] = { { .klen = 24, .blen = 16, }, { .klen = 24, .blen = 64, }, -- 1.4.2.1