1 // SPDX-License-Identifier: GPL-2.0-or-later
3  * cast6.c - Cast6 cipher algorithm [rfc2612].
5  * CAST-256 (*cast6*) is a DES like Substitution-Permutation Network (SPN)
6  * cryptosystem built upon the CAST-128 (*cast5*) [rfc2144] encryption
28 	(((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]))
30 	(((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]))
31 #define F3(D, r, m)  ((I = ((m) - (D))), (I = rol32(I, (r))),   \
32 	(((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]))
93 static inline void W(u32 *key, unsigned int i)  in W()  argument
96 	key[6] ^= F1(key[7], Tr[i % 4][0], Tm[i][0]);  in W()
97 	key[5] ^= F2(key[6], Tr[i % 4][1], Tm[i][1]);  in W()
98 	key[4] ^= F3(key[5], Tr[i % 4][2], Tm[i][2]);  in W()
99 	key[3] ^= F1(key[4], Tr[i % 4][3], Tm[i][3]);  in W()
100 	key[2] ^= F2(key[3], Tr[i % 4][4], Tm[i][4]);  in W()
101 	key[1] ^= F3(key[2], Tr[i % 4][5], Tm[i][5]);  in W()
102 	key[0] ^= F1(key[1], Tr[i % 4][6], Tm[i][6]);  in W()
103 	key[7] ^= F2(key[0], Tr[i % 4][7], Tm[i][7]);  in W()
109 	u32 key[8];  in __cast6_setkey()  local
110 	__be32 p_key[8]; /* padded key */  in __cast6_setkey()
113 		return -EINVAL;  in __cast6_setkey()
118 	key[0] = be32_to_cpu(p_key[0]);		/* A */  in __cast6_setkey()
119 	key[1] = be32_to_cpu(p_key[1]);		/* B */  in __cast6_setkey()
120 	key[2] = be32_to_cpu(p_key[2]);		/* C */  in __cast6_setkey()
121 	key[3] = be32_to_cpu(p_key[3]);		/* D */  in __cast6_setkey()
122 	key[4] = be32_to_cpu(p_key[4]);		/* E */  in __cast6_setkey()
123 	key[5] = be32_to_cpu(p_key[5]);		/* F */  in __cast6_setkey()
124 	key[6] = be32_to_cpu(p_key[6]);		/* G */  in __cast6_setkey()
125 	key[7] = be32_to_cpu(p_key[7]);		/* H */  in __cast6_setkey()
128 		W(key, 2 * i);  in __cast6_setkey()
129 		W(key, 2 * i + 1);  in __cast6_setkey()
131 		c->Kr[i][0] = key[0] & 0x1f;  in __cast6_setkey()
132 		c->Kr[i][1] = key[2] & 0x1f;  in __cast6_setkey()
133 		c->Kr[i][2] = key[4] & 0x1f;  in __cast6_setkey()
134 		c->Kr[i][3] = key[6] & 0x1f;  in __cast6_setkey()
136 		c->Km[i][0] = key[7];  in __cast6_setkey()
137 		c->Km[i][1] = key[5];  in __cast6_setkey()
138 		c->Km[i][2] = key[3];  in __cast6_setkey()
139 		c->Km[i][3] = key[1];  in __cast6_setkey()
146 int cast6_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)  in cast6_setkey()  argument
148 	return __cast6_setkey(crypto_tfm_ctx(tfm), key, keylen);  in cast6_setkey()
156 	block[2] ^= F1(block[3], Kr[0], Km[0]);  in Q()
157 	block[1] ^= F2(block[2], Kr[1], Km[1]);  in Q()
158 	block[0] ^= F3(block[1], Kr[2], Km[2]);  in Q()
167 	block[0] ^= F3(block[1], Kr[2], Km[2]);  in QBAR()
168 	block[1] ^= F2(block[2], Kr[1], Km[1]);  in QBAR()
169 	block[2] ^= F1(block[3], Kr[0], Km[0]);  in QBAR()
181 	block[2] = get_unaligned_be32(inbuf + 8);  in __cast6_encrypt()
184 	Km = c->Km[0]; Kr = c->Kr[0]; Q(block, Kr, Km);  in __cast6_encrypt()
185 	Km = c->Km[1]; Kr = c->Kr[1]; Q(block, Kr, Km);  in __cast6_encrypt()
186 	Km = c->Km[2]; Kr = c->Kr[2]; Q(block, Kr, Km);  in __cast6_encrypt()
187 	Km = c->Km[3]; Kr = c->Kr[3]; Q(block, Kr, Km);  in __cast6_encrypt()
188 	Km = c->Km[4]; Kr = c->Kr[4]; Q(block, Kr, Km);  in __cast6_encrypt()
189 	Km = c->Km[5]; Kr = c->Kr[5]; Q(block, Kr, Km);  in __cast6_encrypt()
190 	Km = c->Km[6]; Kr = c->Kr[6]; QBAR(block, Kr, Km);  in __cast6_encrypt()
191 	Km = c->Km[7]; Kr = c->Kr[7]; QBAR(block, Kr, Km);  in __cast6_encrypt()
192 	Km = c->Km[8]; Kr = c->Kr[8]; QBAR(block, Kr, Km);  in __cast6_encrypt()
193 	Km = c->Km[9]; Kr = c->Kr[9]; QBAR(block, Kr, Km);  in __cast6_encrypt()
194 	Km = c->Km[10]; Kr = c->Kr[10]; QBAR(block, Kr, Km);  in __cast6_encrypt()
195 	Km = c->Km[11]; Kr = c->Kr[11]; QBAR(block, Kr, Km);  in __cast6_encrypt()
199 	put_unaligned_be32(block[2], outbuf + 8);  in __cast6_encrypt()
218 	block[2] = get_unaligned_be32(inbuf + 8);  in __cast6_decrypt()
221 	Km = c->Km[11]; Kr = c->Kr[11]; Q(block, Kr, Km);  in __cast6_decrypt()
222 	Km = c->Km[10]; Kr = c->Kr[10]; Q(block, Kr, Km);  in __cast6_decrypt()
223 	Km = c->Km[9]; Kr = c->Kr[9]; Q(block, Kr, Km);  in __cast6_decrypt()
224 	Km = c->Km[8]; Kr = c->Kr[8]; Q(block, Kr, Km);  in __cast6_decrypt()
225 	Km = c->Km[7]; Kr = c->Kr[7]; Q(block, Kr, Km);  in __cast6_decrypt()
226 	Km = c->Km[6]; Kr = c->Kr[6]; Q(block, Kr, Km);  in __cast6_decrypt()
227 	Km = c->Km[5]; Kr = c->Kr[5]; QBAR(block, Kr, Km);  in __cast6_decrypt()
228 	Km = c->Km[4]; Kr = c->Kr[4]; QBAR(block, Kr, Km);  in __cast6_decrypt()
229 	Km = c->Km[3]; Kr = c->Kr[3]; QBAR(block, Kr, Km);  in __cast6_decrypt()
230 	Km = c->Km[2]; Kr = c->Kr[2]; QBAR(block, Kr, Km);  in __cast6_decrypt()
231 	Km = c->Km[1]; Kr = c->Kr[1]; QBAR(block, Kr, Km);  in __cast6_decrypt()
232 	Km = c->Km[0]; Kr = c->Kr[0]; QBAR(block, Kr, Km);  in __cast6_decrypt()
236 	put_unaligned_be32(block[2], outbuf + 8);  in __cast6_decrypt()
248 	.cra_driver_name = "cast6-generic",
280 MODULE_ALIAS_CRYPTO("cast6-generic");