xref: /openbmc/linux/crypto/seed.c (revision 14386d47)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * Cryptographic API.
4  *
5  * SEED Cipher Algorithm.
6  *
7  * Documentation of SEED can be found in RFC 4269.
8  * Copyright (C) 2007 Korea Information Security Agency (KISA).
9  */
10 
11 #include <crypto/algapi.h>
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/types.h>
15 #include <linux/errno.h>
16 #include <asm/byteorder.h>
17 
18 #define SEED_NUM_KCONSTANTS	16
19 #define SEED_KEY_SIZE		16
20 #define SEED_BLOCK_SIZE		16
21 #define SEED_KEYSCHED_LEN	32
22 
23 /*
24  * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
25  */
26 static inline u8
byte(const u32 x,const unsigned n)27 byte(const u32 x, const unsigned n)
28 {
29 	return x >> (n << 3);
30 }
31 
32 struct seed_ctx {
33 	u32 keysched[SEED_KEYSCHED_LEN];
34 };
35 
36 static const u32 SS0[256] = {
37 	0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
38 	0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
39 	0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
40 	0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
41 	0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
42 	0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
43 	0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
44 	0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
45 	0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
46 	0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
47 	0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
48 	0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
49 	0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
50 	0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
51 	0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
52 	0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
53 	0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
54 	0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
55 	0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
56 	0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
57 	0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
58 	0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
59 	0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
60 	0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
61 	0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
62 	0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
63 	0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
64 	0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
65 	0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
66 	0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
67 	0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
68 	0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
69 	0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
70 	0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
71 	0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
72 	0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
73 	0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
74 	0x36063234, 0x15051114, 0x22022220, 0x38083038,
75 	0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
76 	0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
77 	0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
78 	0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
79 	0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
80 	0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
81 	0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
82 	0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
83 	0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
84 	0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
85 	0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
86 	0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
87 	0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
88 	0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
89 	0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
90 	0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
91 	0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
92 	0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
93 	0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
94 	0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
95 	0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
96 	0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
97 	0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
98 	0x22426260, 0x29092128, 0x07070304, 0x33033330,
99 	0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
100 	0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298,
101 };
102 
103 static const u32 SS1[256] = {
104 	0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
105 	0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
106 	0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
107 	0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
108 	0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
109 	0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
110 	0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
111 	0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
112 	0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
113 	0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
114 	0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
115 	0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
116 	0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
117 	0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
118 	0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
119 	0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
120 	0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
121 	0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
122 	0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
123 	0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
124 	0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
125 	0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
126 	0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
127 	0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
128 	0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
129 	0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
130 	0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
131 	0x20220222, 0x04040400, 0x68284860, 0x70314171,
132 	0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
133 	0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
134 	0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
135 	0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
136 	0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
137 	0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
138 	0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
139 	0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
140 	0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
141 	0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
142 	0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
143 	0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
144 	0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
145 	0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
146 	0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
147 	0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
148 	0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
149 	0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
150 	0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
151 	0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
152 	0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
153 	0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
154 	0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
155 	0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
156 	0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
157 	0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
158 	0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
159 	0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
160 	0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
161 	0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
162 	0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
163 	0x30320232, 0x84048480, 0x68294961, 0x90138393,
164 	0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
165 	0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
166 	0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
167 	0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3,
168 };
169 
170 static const u32 SS2[256] = {
171 	0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
172 	0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
173 	0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
174 	0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
175 	0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
176 	0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
177 	0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
178 	0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
179 	0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
180 	0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
181 	0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
182 	0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
183 	0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
184 	0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
185 	0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
186 	0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
187 	0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
188 	0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
189 	0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
190 	0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
191 	0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
192 	0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
193 	0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
194 	0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
195 	0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
196 	0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
197 	0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
198 	0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
199 	0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
200 	0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
201 	0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
202 	0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
203 	0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
204 	0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
205 	0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
206 	0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
207 	0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
208 	0x32343606, 0x11141505, 0x22202202, 0x30383808,
209 	0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
210 	0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
211 	0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
212 	0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
213 	0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
214 	0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
215 	0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
216 	0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
217 	0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
218 	0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
219 	0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
220 	0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
221 	0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
222 	0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
223 	0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
224 	0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
225 	0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
226 	0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
227 	0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
228 	0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
229 	0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
230 	0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
231 	0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
232 	0x62602242, 0x21282909, 0x03040707, 0x33303303,
233 	0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
234 	0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a,
235 };
236 
237 static const u32 SS3[256] = {
238 	0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
239 	0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
240 	0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
241 	0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
242 	0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
243 	0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
244 	0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
245 	0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
246 	0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
247 	0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
248 	0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
249 	0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
250 	0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
251 	0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
252 	0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
253 	0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
254 	0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
255 	0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
256 	0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
257 	0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
258 	0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
259 	0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
260 	0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
261 	0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
262 	0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
263 	0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
264 	0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
265 	0x02222022, 0x04000404, 0x48606828, 0x41717031,
266 	0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
267 	0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
268 	0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
269 	0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
270 	0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
271 	0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
272 	0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
273 	0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
274 	0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
275 	0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
276 	0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
277 	0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
278 	0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
279 	0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
280 	0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
281 	0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
282 	0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
283 	0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
284 	0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
285 	0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
286 	0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
287 	0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
288 	0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
289 	0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
290 	0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
291 	0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
292 	0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
293 	0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
294 	0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
295 	0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
296 	0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
297 	0x02323032, 0x84808404, 0x49616829, 0x83939013,
298 	0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
299 	0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
300 	0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
301 	0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437,
302 };
303 
304 static const u32 KC[SEED_NUM_KCONSTANTS] = {
305 	0x9e3779b9, 0x3c6ef373, 0x78dde6e6, 0xf1bbcdcc,
306 	0xe3779b99, 0xc6ef3733, 0x8dde6e67, 0x1bbcdccf,
307 	0x3779b99e, 0x6ef3733c, 0xdde6e678, 0xbbcdccf1,
308 	0x779b99e3, 0xef3733c6, 0xde6e678d, 0xbcdccf1b,
309 };
310 
311 #define OP(X1, X2, X3, X4, rbase)			\
312 	t0 = X3 ^ ks[rbase];				\
313 	t1 = X4 ^ ks[rbase+1];				\
314 	t1 ^= t0;					\
315 	t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^	\
316 		SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];	\
317 	t0 += t1;					\
318 	t0 = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^	\
319 		SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)];	\
320 	t1 += t0;					\
321 	t1 = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^	\
322 		SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];	\
323 	t0 += t1;					\
324 	X1 ^= t0;					\
325 	X2 ^= t1
326 
seed_set_key(struct crypto_tfm * tfm,const u8 * in_key,unsigned int key_len)327 static int seed_set_key(struct crypto_tfm *tfm, const u8 *in_key,
328 		        unsigned int key_len)
329 {
330 	struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
331 	u32 *keyout = ctx->keysched;
332 	const __be32 *key = (const __be32 *)in_key;
333 	u32 i, t0, t1, x1, x2, x3, x4;
334 
335 	x1 = be32_to_cpu(key[0]);
336 	x2 = be32_to_cpu(key[1]);
337 	x3 = be32_to_cpu(key[2]);
338 	x4 = be32_to_cpu(key[3]);
339 
340 	for (i = 0; i < SEED_NUM_KCONSTANTS; i++) {
341 		t0 = x1 + x3 - KC[i];
342 		t1 = x2 + KC[i] - x4;
343 		*(keyout++) = SS0[byte(t0, 0)] ^ SS1[byte(t0, 1)] ^
344 				SS2[byte(t0, 2)] ^ SS3[byte(t0, 3)];
345 		*(keyout++) = SS0[byte(t1, 0)] ^ SS1[byte(t1, 1)] ^
346 				SS2[byte(t1, 2)] ^ SS3[byte(t1, 3)];
347 
348 		if (i % 2 == 0) {
349 			t0 = x1;
350 			x1 = (x1 >> 8) ^ (x2 << 24);
351 			x2 = (x2 >> 8) ^ (t0 << 24);
352 		} else {
353 			t0 = x3;
354 			x3 = (x3 << 8) ^ (x4 >> 24);
355 			x4 = (x4 << 8) ^ (t0 >> 24);
356 		}
357 	}
358 
359 	return 0;
360 }
361 
362 /* encrypt a block of text */
363 
seed_encrypt(struct crypto_tfm * tfm,u8 * out,const u8 * in)364 static void seed_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
365 {
366 	const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
367 	const __be32 *src = (const __be32 *)in;
368 	__be32 *dst = (__be32 *)out;
369 	u32 x1, x2, x3, x4, t0, t1;
370 	const u32 *ks = ctx->keysched;
371 
372 	x1 = be32_to_cpu(src[0]);
373 	x2 = be32_to_cpu(src[1]);
374 	x3 = be32_to_cpu(src[2]);
375 	x4 = be32_to_cpu(src[3]);
376 
377 	OP(x1, x2, x3, x4, 0);
378 	OP(x3, x4, x1, x2, 2);
379 	OP(x1, x2, x3, x4, 4);
380 	OP(x3, x4, x1, x2, 6);
381 	OP(x1, x2, x3, x4, 8);
382 	OP(x3, x4, x1, x2, 10);
383 	OP(x1, x2, x3, x4, 12);
384 	OP(x3, x4, x1, x2, 14);
385 	OP(x1, x2, x3, x4, 16);
386 	OP(x3, x4, x1, x2, 18);
387 	OP(x1, x2, x3, x4, 20);
388 	OP(x3, x4, x1, x2, 22);
389 	OP(x1, x2, x3, x4, 24);
390 	OP(x3, x4, x1, x2, 26);
391 	OP(x1, x2, x3, x4, 28);
392 	OP(x3, x4, x1, x2, 30);
393 
394 	dst[0] = cpu_to_be32(x3);
395 	dst[1] = cpu_to_be32(x4);
396 	dst[2] = cpu_to_be32(x1);
397 	dst[3] = cpu_to_be32(x2);
398 }
399 
400 /* decrypt a block of text */
401 
seed_decrypt(struct crypto_tfm * tfm,u8 * out,const u8 * in)402 static void seed_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
403 {
404 	const struct seed_ctx *ctx = crypto_tfm_ctx(tfm);
405 	const __be32 *src = (const __be32 *)in;
406 	__be32 *dst = (__be32 *)out;
407 	u32 x1, x2, x3, x4, t0, t1;
408 	const u32 *ks = ctx->keysched;
409 
410 	x1 = be32_to_cpu(src[0]);
411 	x2 = be32_to_cpu(src[1]);
412 	x3 = be32_to_cpu(src[2]);
413 	x4 = be32_to_cpu(src[3]);
414 
415 	OP(x1, x2, x3, x4, 30);
416 	OP(x3, x4, x1, x2, 28);
417 	OP(x1, x2, x3, x4, 26);
418 	OP(x3, x4, x1, x2, 24);
419 	OP(x1, x2, x3, x4, 22);
420 	OP(x3, x4, x1, x2, 20);
421 	OP(x1, x2, x3, x4, 18);
422 	OP(x3, x4, x1, x2, 16);
423 	OP(x1, x2, x3, x4, 14);
424 	OP(x3, x4, x1, x2, 12);
425 	OP(x1, x2, x3, x4, 10);
426 	OP(x3, x4, x1, x2, 8);
427 	OP(x1, x2, x3, x4, 6);
428 	OP(x3, x4, x1, x2, 4);
429 	OP(x1, x2, x3, x4, 2);
430 	OP(x3, x4, x1, x2, 0);
431 
432 	dst[0] = cpu_to_be32(x3);
433 	dst[1] = cpu_to_be32(x4);
434 	dst[2] = cpu_to_be32(x1);
435 	dst[3] = cpu_to_be32(x2);
436 }
437 
438 
439 static struct crypto_alg seed_alg = {
440 	.cra_name		=	"seed",
441 	.cra_driver_name	=	"seed-generic",
442 	.cra_priority		=	100,
443 	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
444 	.cra_blocksize		=	SEED_BLOCK_SIZE,
445 	.cra_ctxsize		=	sizeof(struct seed_ctx),
446 	.cra_alignmask		=	3,
447 	.cra_module		=	THIS_MODULE,
448 	.cra_u			=	{
449 		.cipher = {
450 			.cia_min_keysize	=	SEED_KEY_SIZE,
451 			.cia_max_keysize	=	SEED_KEY_SIZE,
452 			.cia_setkey		=	seed_set_key,
453 			.cia_encrypt		=	seed_encrypt,
454 			.cia_decrypt		=	seed_decrypt
455 		}
456 	}
457 };
458 
seed_init(void)459 static int __init seed_init(void)
460 {
461 	return crypto_register_alg(&seed_alg);
462 }
463 
seed_fini(void)464 static void __exit seed_fini(void)
465 {
466 	crypto_unregister_alg(&seed_alg);
467 }
468 
469 subsys_initcall(seed_init);
470 module_exit(seed_fini);
471 
472 MODULE_DESCRIPTION("SEED Cipher Algorithm");
473 MODULE_LICENSE("GPL");
474 MODULE_AUTHOR("Hye-Shik Chang <perky@FreeBSD.org>, Kim Hyun <hkim@kisa.or.kr>");
475 MODULE_ALIAS_CRYPTO("seed");
476