1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Minimal library implementation of GCM 4 * 5 * Copyright 2022 Google LLC 6 */ 7 8 #include <crypto/gcm.h> 9 #include <crypto/utils.h> 10 #include <linux/export.h> 11 #include <linux/module.h> 12 13 /** 14 * aesgcm_expandkey - Expands the AES and GHASH keys for the AES-GCM key 15 * schedule 16 * 17 * @ctx: The data structure that will hold the AES-GCM key schedule 18 * @key: The AES encryption input key 19 * @keysize: The length in bytes of the input key 20 * @authsize: The size in bytes of the GCM authentication tag 21 * 22 * Returns: 0 on success, or -EINVAL if @keysize or @authsize contain values 23 * that are not permitted by the GCM specification. 24 */ 25 int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key, 26 unsigned int keysize, unsigned int authsize) 27 { 28 u8 h[AES_BLOCK_SIZE] = {}; 29 int ret; 30 31 ret = crypto_gcm_check_authsize(authsize) ?: 32 aes_prepareenckey(&ctx->aes_key, key, keysize); 33 if (ret) 34 return ret; 35 36 ctx->authsize = authsize; 37 aes_encrypt(&ctx->aes_key, h, h); 38 ghash_preparekey(&ctx->ghash_key, h); 39 memzero_explicit(h, sizeof(h)); 40 return 0; 41 } 42 EXPORT_SYMBOL(aesgcm_expandkey); 43 44 /** 45 * aesgcm_mac - Generates the authentication tag using AES-GCM algorithm. 46 * @ctx: The data structure that will hold the AES-GCM key schedule 47 * @src: The input source data. 48 * @src_len: Length of the source data. 49 * @assoc: Points to the associated data. 50 * @assoc_len: Length of the associated data values. 51 * @ctr: Points to the counter value. 52 * @authtag: The output buffer for the authentication tag. 53 * 54 * It takes in the AES-GCM context, source data, associated data, counter value, 55 * and an output buffer for the authentication tag. 56 */ 57 static void aesgcm_mac(const struct aesgcm_ctx *ctx, const u8 *src, int src_len, 58 const u8 *assoc, int assoc_len, __be32 *ctr, u8 *authtag) 59 { 60 static const u8 zeroes[GHASH_BLOCK_SIZE]; 61 __be64 tail[2] = { 62 cpu_to_be64((u64)assoc_len * 8), 63 cpu_to_be64((u64)src_len * 8), 64 }; 65 struct ghash_ctx ghash; 66 u8 ghash_out[AES_BLOCK_SIZE]; 67 u8 enc_ctr[AES_BLOCK_SIZE]; 68 69 ghash_init(&ghash, &ctx->ghash_key); 70 71 ghash_update(&ghash, assoc, assoc_len); 72 ghash_update(&ghash, zeroes, -assoc_len & (GHASH_BLOCK_SIZE - 1)); 73 74 ghash_update(&ghash, src, src_len); 75 ghash_update(&ghash, zeroes, -src_len & (GHASH_BLOCK_SIZE - 1)); 76 77 ghash_update(&ghash, (const u8 *)&tail, sizeof(tail)); 78 79 ghash_final(&ghash, ghash_out); 80 81 ctr[3] = cpu_to_be32(1); 82 aes_encrypt(&ctx->aes_key, enc_ctr, (const u8 *)ctr); 83 crypto_xor_cpy(authtag, ghash_out, enc_ctr, ctx->authsize); 84 85 memzero_explicit(ghash_out, sizeof(ghash_out)); 86 memzero_explicit(enc_ctr, sizeof(enc_ctr)); 87 } 88 89 static void aesgcm_crypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, 90 int len, __be32 *ctr) 91 { 92 u8 buf[AES_BLOCK_SIZE]; 93 unsigned int n = 2; 94 95 while (len > 0) { 96 /* 97 * The counter increment below must not result in overflow or 98 * carry into the next 32-bit word, as this could result in 99 * inadvertent IV reuse, which must be avoided at all cost for 100 * stream ciphers such as AES-CTR. Given the range of 'int 101 * len', this cannot happen, so no explicit test is necessary. 102 */ 103 ctr[3] = cpu_to_be32(n++); 104 aes_encrypt(&ctx->aes_key, buf, (const u8 *)ctr); 105 crypto_xor_cpy(dst, src, buf, min(len, AES_BLOCK_SIZE)); 106 107 dst += AES_BLOCK_SIZE; 108 src += AES_BLOCK_SIZE; 109 len -= AES_BLOCK_SIZE; 110 } 111 memzero_explicit(buf, sizeof(buf)); 112 } 113 114 /** 115 * aesgcm_encrypt - Perform AES-GCM encryption on a block of data 116 * 117 * @ctx: The AES-GCM key schedule 118 * @dst: Pointer to the ciphertext output buffer 119 * @src: Pointer the plaintext (may equal @dst for encryption in place) 120 * @crypt_len: The size in bytes of the plaintext and ciphertext. 121 * @assoc: Pointer to the associated data, 122 * @assoc_len: The size in bytes of the associated data 123 * @iv: The initialization vector (IV) to use for this block of data 124 * (must be 12 bytes in size as per the GCM spec recommendation) 125 * @authtag: The address of the buffer in memory where the authentication 126 * tag should be stored. The buffer is assumed to have space for 127 * @ctx->authsize bytes. 128 */ 129 void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, 130 int crypt_len, const u8 *assoc, int assoc_len, 131 const u8 iv[GCM_AES_IV_SIZE], u8 *authtag) 132 { 133 __be32 ctr[4]; 134 135 memcpy(ctr, iv, GCM_AES_IV_SIZE); 136 137 aesgcm_crypt(ctx, dst, src, crypt_len, ctr); 138 aesgcm_mac(ctx, dst, crypt_len, assoc, assoc_len, ctr, authtag); 139 } 140 EXPORT_SYMBOL(aesgcm_encrypt); 141 142 /** 143 * aesgcm_decrypt - Perform AES-GCM decryption on a block of data 144 * 145 * @ctx: The AES-GCM key schedule 146 * @dst: Pointer to the plaintext output buffer 147 * @src: Pointer the ciphertext (may equal @dst for decryption in place) 148 * @crypt_len: The size in bytes of the plaintext and ciphertext. 149 * @assoc: Pointer to the associated data, 150 * @assoc_len: The size in bytes of the associated data 151 * @iv: The initialization vector (IV) to use for this block of data 152 * (must be 12 bytes in size as per the GCM spec recommendation) 153 * @authtag: The address of the buffer in memory where the authentication 154 * tag is stored. 155 * 156 * Returns: true on success, or false if the ciphertext failed authentication. 157 * On failure, no plaintext will be returned. 158 */ 159 bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst, 160 const u8 *src, int crypt_len, const u8 *assoc, 161 int assoc_len, const u8 iv[GCM_AES_IV_SIZE], 162 const u8 *authtag) 163 { 164 u8 tagbuf[AES_BLOCK_SIZE]; 165 __be32 ctr[4]; 166 167 memcpy(ctr, iv, GCM_AES_IV_SIZE); 168 169 aesgcm_mac(ctx, src, crypt_len, assoc, assoc_len, ctr, tagbuf); 170 if (crypto_memneq(authtag, tagbuf, ctx->authsize)) { 171 memzero_explicit(tagbuf, sizeof(tagbuf)); 172 return false; 173 } 174 aesgcm_crypt(ctx, dst, src, crypt_len, ctr); 175 return true; 176 } 177 EXPORT_SYMBOL(aesgcm_decrypt); 178 179 MODULE_DESCRIPTION("Generic AES-GCM library"); 180 MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>"); 181 MODULE_LICENSE("GPL"); 182 183 #ifdef CONFIG_CRYPTO_SELFTESTS 184 185 /* 186 * Test code below. Vectors taken from crypto/testmgr.h 187 */ 188 189 static const u8 __initconst ctext0[16] __nonstring = 190 "\x58\xe2\xfc\xce\xfa\x7e\x30\x61" 191 "\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"; 192 193 static const u8 __initconst ptext1[16]; 194 195 static const u8 __initconst ctext1[32] __nonstring = 196 "\x03\x88\xda\xce\x60\xb6\xa3\x92" 197 "\xf3\x28\xc2\xb9\x71\xb2\xfe\x78" 198 "\xab\x6e\x47\xd4\x2c\xec\x13\xbd" 199 "\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"; 200 201 static const u8 __initconst ptext2[64] __nonstring = 202 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 203 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 204 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 205 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 206 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 207 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 208 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 209 "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; 210 211 static const u8 __initconst ctext2[80] __nonstring = 212 "\x42\x83\x1e\xc2\x21\x77\x74\x24" 213 "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" 214 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" 215 "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" 216 "\x21\xd5\x14\xb2\x54\x66\x93\x1c" 217 "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" 218 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" 219 "\x3d\x58\xe0\x91\x47\x3f\x59\x85" 220 "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6" 221 "\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4"; 222 223 static const u8 __initconst ptext3[60] __nonstring = 224 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 225 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 226 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 227 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 228 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 229 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 230 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 231 "\xba\x63\x7b\x39"; 232 233 static const u8 __initconst ctext3[76] __nonstring = 234 "\x42\x83\x1e\xc2\x21\x77\x74\x24" 235 "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" 236 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" 237 "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" 238 "\x21\xd5\x14\xb2\x54\x66\x93\x1c" 239 "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" 240 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" 241 "\x3d\x58\xe0\x91" 242 "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb" 243 "\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"; 244 245 static const u8 __initconst ctext4[16] __nonstring = 246 "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b" 247 "\xa0\x0e\xd1\xf3\x12\x57\x24\x35"; 248 249 static const u8 __initconst ctext5[32] __nonstring = 250 "\x98\xe7\x24\x7c\x07\xf0\xfe\x41" 251 "\x1c\x26\x7e\x43\x84\xb0\xf6\x00" 252 "\x2f\xf5\x8d\x80\x03\x39\x27\xab" 253 "\x8e\xf4\xd4\x58\x75\x14\xf0\xfb"; 254 255 static const u8 __initconst ptext6[64] __nonstring = 256 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 257 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 258 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 259 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 260 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 261 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 262 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 263 "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; 264 265 static const u8 __initconst ctext6[80] __nonstring = 266 "\x39\x80\xca\x0b\x3c\x00\xe8\x41" 267 "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" 268 "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" 269 "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" 270 "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" 271 "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" 272 "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" 273 "\xcc\xda\x27\x10\xac\xad\xe2\x56" 274 "\x99\x24\xa7\xc8\x58\x73\x36\xbf" 275 "\xb1\x18\x02\x4d\xb8\x67\x4a\x14"; 276 277 static const u8 __initconst ctext7[16] __nonstring = 278 "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9" 279 "\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b"; 280 281 static const u8 __initconst ctext8[32] __nonstring = 282 "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" 283 "\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" 284 "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0" 285 "\x26\x5b\x98\xb5\xd4\x8a\xb9\x19"; 286 287 static const u8 __initconst ptext9[64] __nonstring = 288 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 289 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 290 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 291 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 292 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 293 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 294 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 295 "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; 296 297 static const u8 __initconst ctext9[80] __nonstring = 298 "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" 299 "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" 300 "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" 301 "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" 302 "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" 303 "\xa7\xb0\x8b\x10\x56\x82\x88\x38" 304 "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" 305 "\xbc\xc9\xf6\x62\x89\x80\x15\xad" 306 "\xb0\x94\xda\xc5\xd9\x34\x71\xbd" 307 "\xec\x1a\x50\x22\x70\xe3\xcc\x6c"; 308 309 static const u8 __initconst ptext10[60] __nonstring = 310 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 311 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 312 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 313 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 314 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 315 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 316 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 317 "\xba\x63\x7b\x39"; 318 319 static const u8 __initconst ctext10[76] __nonstring = 320 "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" 321 "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" 322 "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" 323 "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" 324 "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" 325 "\xa7\xb0\x8b\x10\x56\x82\x88\x38" 326 "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" 327 "\xbc\xc9\xf6\x62" 328 "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" 329 "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b"; 330 331 static const u8 __initconst ptext11[60] __nonstring = 332 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 333 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 334 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 335 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 336 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 337 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 338 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 339 "\xba\x63\x7b\x39"; 340 341 static const u8 __initconst ctext11[76] __nonstring = 342 "\x39\x80\xca\x0b\x3c\x00\xe8\x41" 343 "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" 344 "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" 345 "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" 346 "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" 347 "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" 348 "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" 349 "\xcc\xda\x27\x10" 350 "\x25\x19\x49\x8e\x80\xf1\x47\x8f" 351 "\x37\xba\x55\xbd\x6d\x27\x61\x8c"; 352 353 static const u8 __initconst ptext12[719] __nonstring = 354 "\x42\xc1\xcc\x08\x48\x6f\x41\x3f" 355 "\x2f\x11\x66\x8b\x2a\x16\xf0\xe0" 356 "\x58\x83\xf0\xc3\x70\x14\xc0\x5b" 357 "\x3f\xec\x1d\x25\x3c\x51\xd2\x03" 358 "\xcf\x59\x74\x1f\xb2\x85\xb4\x07" 359 "\xc6\x6a\x63\x39\x8a\x5b\xde\xcb" 360 "\xaf\x08\x44\xbd\x6f\x91\x15\xe1" 361 "\xf5\x7a\x6e\x18\xbd\xdd\x61\x50" 362 "\x59\xa9\x97\xab\xbb\x0e\x74\x5c" 363 "\x00\xa4\x43\x54\x04\x54\x9b\x3b" 364 "\x77\xec\xfd\x5c\xa6\xe8\x7b\x08" 365 "\xae\xe6\x10\x3f\x32\x65\xd1\xfc" 366 "\xa4\x1d\x2c\x31\xfb\x33\x7a\xb3" 367 "\x35\x23\xf4\x20\x41\xd4\xad\x82" 368 "\x8b\xa4\xad\x96\x1c\x20\x53\xbe" 369 "\x0e\xa6\xf4\xdc\x78\x49\x3e\x72" 370 "\xb1\xa9\xb5\x83\xcb\x08\x54\xb7" 371 "\xad\x49\x3a\xae\x98\xce\xa6\x66" 372 "\x10\x30\x90\x8c\x55\x83\xd7\x7c" 373 "\x8b\xe6\x53\xde\xd2\x6e\x18\x21" 374 "\x01\x52\xd1\x9f\x9d\xbb\x9c\x73" 375 "\x57\xcc\x89\x09\x75\x9b\x78\x70" 376 "\xed\x26\x97\x4d\xb4\xe4\x0c\xa5" 377 "\xfa\x70\x04\x70\xc6\x96\x1c\x7d" 378 "\x54\x41\x77\xa8\xe3\xb0\x7e\x96" 379 "\x82\xd9\xec\xa2\x87\x68\x55\xf9" 380 "\x8f\x9e\x73\x43\x47\x6a\x08\x36" 381 "\x93\x67\xa8\x2d\xde\xac\x41\xa9" 382 "\x5c\x4d\x73\x97\x0f\x70\x68\xfa" 383 "\x56\x4d\x00\xc2\x3b\x1f\xc8\xb9" 384 "\x78\x1f\x51\x07\xe3\x9a\x13\x4e" 385 "\xed\x2b\x2e\xa3\xf7\x44\xb2\xe7" 386 "\xab\x19\x37\xd9\xba\x76\x5e\xd2" 387 "\xf2\x53\x15\x17\x4c\x6b\x16\x9f" 388 "\x02\x66\x49\xca\x7c\x91\x05\xf2" 389 "\x45\x36\x1e\xf5\x77\xad\x1f\x46" 390 "\xa8\x13\xfb\x63\xb6\x08\x99\x63" 391 "\x82\xa2\xed\xb3\xac\xdf\x43\x19" 392 "\x45\xea\x78\x73\xd9\xb7\x39\x11" 393 "\xa3\x13\x7c\xf8\x3f\xf7\xad\x81" 394 "\x48\x2f\xa9\x5c\x5f\xa0\xf0\x79" 395 "\xa4\x47\x7d\x80\x20\x26\xfd\x63" 396 "\x0a\xc7\x7e\x6d\x75\x47\xff\x76" 397 "\x66\x2e\x8a\x6c\x81\x35\xaf\x0b" 398 "\x2e\x6a\x49\x60\xc1\x10\xe1\xe1" 399 "\x54\x03\xa4\x09\x0c\x37\x7a\x15" 400 "\x23\x27\x5b\x8b\x4b\xa5\x64\x97" 401 "\xae\x4a\x50\x73\x1f\x66\x1c\x5c" 402 "\x03\x25\x3c\x8d\x48\x58\x71\x34" 403 "\x0e\xec\x4e\x55\x1a\x03\x6a\xe5" 404 "\xb6\x19\x2b\x84\x2a\x20\xd1\xea" 405 "\x80\x6f\x96\x0e\x05\x62\xc7\x78" 406 "\x87\x79\x60\x38\x46\xb4\x25\x57" 407 "\x6e\x16\x63\xf8\xad\x6e\xd7\x42" 408 "\x69\xe1\x88\xef\x6e\xd5\xb4\x9a" 409 "\x3c\x78\x6c\x3b\xe5\xa0\x1d\x22" 410 "\x86\x5c\x74\x3a\xeb\x24\x26\xc7" 411 "\x09\xfc\x91\x96\x47\x87\x4f\x1a" 412 "\xd6\x6b\x2c\x18\x47\xc0\xb8\x24" 413 "\xa8\x5a\x4a\x9e\xcb\x03\xe7\x2a" 414 "\x09\xe6\x4d\x9c\x6d\x86\x60\xf5" 415 "\x2f\x48\x69\x37\x9f\xf2\xd2\xcb" 416 "\x0e\x5a\xdd\x6e\x8a\xfb\x6a\xfe" 417 "\x0b\x63\xde\x87\x42\x79\x8a\x68" 418 "\x51\x28\x9b\x7a\xeb\xaf\xb8\x2f" 419 "\x9d\xd1\xc7\x45\x90\x08\xc9\x83" 420 "\xe9\x83\x84\xcb\x28\x69\x09\x69" 421 "\xce\x99\x46\x00\x54\xcb\xd8\x38" 422 "\xf9\x53\x4a\xbf\x31\xce\x57\x15" 423 "\x33\xfa\x96\x04\x33\x42\xe3\xc0" 424 "\xb7\x54\x4a\x65\x7a\x7c\x02\xe6" 425 "\x19\x95\xd0\x0e\x82\x07\x63\xf9" 426 "\xe1\x2b\x2a\xfc\x55\x92\x52\xc9" 427 "\xb5\x9f\x23\x28\x60\xe7\x20\x51" 428 "\x10\xd3\xed\x6d\x9b\xab\xb8\xe2" 429 "\x5d\x9a\x34\xb3\xbe\x9c\x64\xcb" 430 "\x78\xc6\x91\x22\x40\x91\x80\xbe" 431 "\xd7\x78\x5c\x0e\x0a\xdc\x08\xe9" 432 "\x67\x10\xa4\x83\x98\x79\x23\xe7" 433 "\x92\xda\xa9\x22\x16\xb1\xe7\x78" 434 "\xa3\x1c\x6c\x8f\x35\x7c\x4d\x37" 435 "\x2f\x6e\x0b\x50\x5c\x34\xb9\xf9" 436 "\xe6\x3d\x91\x0d\x32\x95\xaa\x3d" 437 "\x48\x11\x06\xbb\x2d\xf2\x63\x88" 438 "\x3f\x73\x09\xe2\x45\x56\x31\x51" 439 "\xfa\x5e\x4e\x62\xf7\x90\xf9\xa9" 440 "\x7d\x7b\x1b\xb1\xc8\x26\x6e\x66" 441 "\xf6\x90\x9a\x7f\xf2\x57\xcc\x23" 442 "\x59\xfa\xfa\xaa\x44\x04\x01\xa7" 443 "\xa4\x78\xdb\x74\x3d\x8b\xb5"; 444 445 static const u8 __initconst ctext12[735] __nonstring = 446 "\x84\x0b\xdb\xd5\xb7\xa8\xfe\x20" 447 "\xbb\xb1\x12\x7f\x41\xea\xb3\xc0" 448 "\xa2\xb4\x37\x19\x11\x58\xb6\x0b" 449 "\x4c\x1d\x38\x05\x54\xd1\x16\x73" 450 "\x8e\x1c\x20\x90\xa2\x9a\xb7\x74" 451 "\x47\xe6\xd8\xfc\x18\x3a\xb4\xea" 452 "\xd5\x16\x5a\x2c\x53\x01\x46\xb3" 453 "\x18\x33\x74\x6c\x50\xf2\xe8\xc0" 454 "\x73\xda\x60\x22\xeb\xe3\xe5\x9b" 455 "\x20\x93\x6c\x4b\x37\x99\xb8\x23" 456 "\x3b\x4e\xac\xe8\x5b\xe8\x0f\xb7" 457 "\xc3\x8f\xfb\x4a\x37\xd9\x39\x95" 458 "\x34\xf1\xdb\x8f\x71\xd9\xc7\x0b" 459 "\x02\xf1\x63\xfc\x9b\xfc\xc5\xab" 460 "\xb9\x14\x13\x21\xdf\xce\xaa\x88" 461 "\x44\x30\x1e\xce\x26\x01\x92\xf8" 462 "\x9f\x00\x4b\x0c\x4b\xf7\x5f\xe0" 463 "\x89\xca\x94\x66\x11\x21\x97\xca" 464 "\x3e\x83\x74\x2d\xdb\x4d\x11\xeb" 465 "\x97\xc2\x14\xff\x9e\x1e\xa0\x6b" 466 "\x08\xb4\x31\x2b\x85\xc6\x85\x6c" 467 "\x90\xec\x39\xc0\xec\xb3\xb5\x4e" 468 "\xf3\x9c\xe7\x83\x3a\x77\x0a\xf4" 469 "\x56\xfe\xce\x18\x33\x6d\x0b\x2d" 470 "\x33\xda\xc8\x05\x5c\xb4\x09\x2a" 471 "\xde\x6b\x52\x98\x01\xef\x36\x3d" 472 "\xbd\xf9\x8f\xa8\x3e\xaa\xcd\xd1" 473 "\x01\x2d\x42\x49\xc3\xb6\x84\xbb" 474 "\x48\x96\xe0\x90\x93\x6c\x48\x64" 475 "\xd4\xfa\x7f\x93\x2c\xa6\x21\xc8" 476 "\x7a\x23\x7b\xaa\x20\x56\x12\xae" 477 "\x16\x9d\x94\x0f\x54\xa1\xec\xca" 478 "\x51\x4e\xf2\x39\xf4\xf8\x5f\x04" 479 "\x5a\x0d\xbf\xf5\x83\xa1\x15\xe1" 480 "\xf5\x3c\xd8\x62\xa3\xed\x47\x89" 481 "\x85\x4c\xe5\xdb\xac\x9e\x17\x1d" 482 "\x0c\x09\xe3\x3e\x39\x5b\x4d\x74" 483 "\x0e\xf5\x34\xee\x70\x11\x4c\xfd" 484 "\xdb\x34\xb1\xb5\x10\x3f\x73\xb7" 485 "\xf5\xfa\xed\xb0\x1f\xa5\xcd\x3c" 486 "\x8d\x35\x83\xd4\x11\x44\x6e\x6c" 487 "\x5b\xe0\x0e\x69\xa5\x39\xe5\xbb" 488 "\xa9\x57\x24\x37\xe6\x1f\xdd\xcf" 489 "\x16\x2a\x13\xf9\x6a\x2d\x90\xa0" 490 "\x03\x60\x7a\xed\x69\xd5\x00\x8b" 491 "\x7e\x4f\xcb\xb9\xfa\x91\xb9\x37" 492 "\xc1\x26\xce\x90\x97\x22\x64\x64" 493 "\xc1\x72\x43\x1b\xf6\xac\xc1\x54" 494 "\x8a\x10\x9c\xdd\x8d\xd5\x8e\xb2" 495 "\xe4\x85\xda\xe0\x20\x5f\xf4\xb4" 496 "\x15\xb5\xa0\x8d\x12\x74\x49\x23" 497 "\x3a\xdf\x4a\xd3\xf0\x3b\x89\xeb" 498 "\xf8\xcc\x62\x7b\xfb\x93\x07\x41" 499 "\x61\x26\x94\x58\x70\xa6\x3c\xe4" 500 "\xff\x58\xc4\x13\x3d\xcb\x36\x6b" 501 "\x32\xe5\xb2\x6d\x03\x74\x6f\x76" 502 "\x93\x77\xde\x48\xc4\xfa\x30\x4a" 503 "\xda\x49\x80\x77\x0f\x1c\xbe\x11" 504 "\xc8\x48\xb1\xe5\xbb\xf2\x8a\xe1" 505 "\x96\x2f\x9f\xd1\x8e\x8a\x5c\xe2" 506 "\xf7\xd7\xd8\x54\xf3\x3f\xc4\x91" 507 "\xb8\xfb\x86\xdc\x46\x24\x91\x60" 508 "\x6c\x2f\xc9\x41\x37\x51\x49\x54" 509 "\x09\x81\x21\xf3\x03\x9f\x2b\xe3" 510 "\x1f\x39\x63\xaf\xf4\xd7\x53\x60" 511 "\xa7\xc7\x54\xf9\xee\xb1\xb1\x7d" 512 "\x75\x54\x65\x93\xfe\xb1\x68\x6b" 513 "\x57\x02\xf9\xbb\x0e\xf9\xf8\xbf" 514 "\x01\x12\x27\xb4\xfe\xe4\x79\x7a" 515 "\x40\x5b\x51\x4b\xdf\x38\xec\xb1" 516 "\x6a\x56\xff\x35\x4d\x42\x33\xaa" 517 "\x6f\x1b\xe4\xdc\xe0\xdb\x85\x35" 518 "\x62\x10\xd4\xec\xeb\xc5\x7e\x45" 519 "\x1c\x6f\x17\xca\x3b\x8e\x2d\x66" 520 "\x4f\x4b\x36\x56\xcd\x1b\x59\xaa" 521 "\xd2\x9b\x17\xb9\x58\xdf\x7b\x64" 522 "\x8a\xff\x3b\x9c\xa6\xb5\x48\x9e" 523 "\xaa\xe2\x5d\x09\x71\x32\x5f\xb6" 524 "\x29\xbe\xe7\xc7\x52\x7e\x91\x82" 525 "\x6b\x6d\x33\xe1\x34\x06\x36\x21" 526 "\x5e\xbe\x1e\x2f\x3e\xc1\xfb\xea" 527 "\x49\x2c\xb5\xca\xf7\xb0\x37\xea" 528 "\x1f\xed\x10\x04\xd9\x48\x0d\x1a" 529 "\x1c\xfb\xe7\x84\x0e\x83\x53\x74" 530 "\xc7\x65\xe2\x5c\xe5\xba\x73\x4c" 531 "\x0e\xe1\xb5\x11\x45\x61\x43\x46" 532 "\xaa\x25\x8f\xbd\x85\x08\xfa\x4c" 533 "\x15\xc1\xc0\xd8\xf5\xdc\x16\xbb" 534 "\x7b\x1d\xe3\x87\x57\xa7\x2a\x1d" 535 "\x38\x58\x9e\x8a\x43\xdc\x57" 536 "\xd1\x81\x7d\x2b\xe9\xff\x99\x3a" 537 "\x4b\x24\x52\x58\x55\xe1\x49\x14"; 538 539 static struct { 540 const u8 *ptext; 541 const u8 *ctext; 542 543 u8 key[AES_MAX_KEY_SIZE] __nonstring; 544 u8 iv[GCM_AES_IV_SIZE] __nonstring; 545 u8 assoc[20] __nonstring; 546 547 int klen; 548 int clen; 549 int plen; 550 int alen; 551 } const aesgcm_tv[] __initconst = { 552 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ 553 .klen = 16, 554 .ctext = ctext0, 555 .clen = sizeof(ctext0), 556 }, { 557 .klen = 16, 558 .ptext = ptext1, 559 .plen = sizeof(ptext1), 560 .ctext = ctext1, 561 .clen = sizeof(ctext1), 562 }, { 563 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 564 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 565 .klen = 16, 566 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 567 "\xde\xca\xf8\x88", 568 .ptext = ptext2, 569 .plen = sizeof(ptext2), 570 .ctext = ctext2, 571 .clen = sizeof(ctext2), 572 }, { 573 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 574 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 575 .klen = 16, 576 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 577 "\xde\xca\xf8\x88", 578 .ptext = ptext3, 579 .plen = sizeof(ptext3), 580 .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 581 "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 582 "\xab\xad\xda\xd2", 583 .alen = 20, 584 .ctext = ctext3, 585 .clen = sizeof(ctext3), 586 }, { 587 .klen = 24, 588 .ctext = ctext4, 589 .clen = sizeof(ctext4), 590 }, { 591 .klen = 24, 592 .ptext = ptext1, 593 .plen = sizeof(ptext1), 594 .ctext = ctext5, 595 .clen = sizeof(ctext5), 596 }, { 597 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 598 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 599 "\xfe\xff\xe9\x92\x86\x65\x73\x1c", 600 .klen = 24, 601 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 602 "\xde\xca\xf8\x88", 603 .ptext = ptext6, 604 .plen = sizeof(ptext6), 605 .ctext = ctext6, 606 .clen = sizeof(ctext6), 607 }, { 608 .klen = 32, 609 .ctext = ctext7, 610 .clen = sizeof(ctext7), 611 }, { 612 .klen = 32, 613 .ptext = ptext1, 614 .plen = sizeof(ptext1), 615 .ctext = ctext8, 616 .clen = sizeof(ctext8), 617 }, { 618 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 619 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 620 "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 621 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 622 .klen = 32, 623 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 624 "\xde\xca\xf8\x88", 625 .ptext = ptext9, 626 .plen = sizeof(ptext9), 627 .ctext = ctext9, 628 .clen = sizeof(ctext9), 629 }, { 630 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 631 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 632 "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 633 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 634 .klen = 32, 635 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 636 "\xde\xca\xf8\x88", 637 .ptext = ptext10, 638 .plen = sizeof(ptext10), 639 .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 640 "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 641 "\xab\xad\xda\xd2", 642 .alen = 20, 643 .ctext = ctext10, 644 .clen = sizeof(ctext10), 645 }, { 646 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 647 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 648 "\xfe\xff\xe9\x92\x86\x65\x73\x1c", 649 .klen = 24, 650 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 651 "\xde\xca\xf8\x88", 652 .ptext = ptext11, 653 .plen = sizeof(ptext11), 654 .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 655 "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 656 "\xab\xad\xda\xd2", 657 .alen = 20, 658 .ctext = ctext11, 659 .clen = sizeof(ctext11), 660 }, { 661 .key = "\x62\x35\xf8\x95\xfc\xa5\xeb\xf6" 662 "\x0e\x92\x12\x04\xd3\xa1\x3f\x2e" 663 "\x8b\x32\xcf\xe7\x44\xed\x13\x59" 664 "\x04\x38\x77\xb0\xb9\xad\xb4\x38", 665 .klen = 32, 666 .iv = "\x00\xff\xff\xff\xff\x00\x00\xff" 667 "\xff\xff\x00\xff", 668 .ptext = ptext12, 669 .plen = sizeof(ptext12), 670 .ctext = ctext12, 671 .clen = sizeof(ctext12), 672 } 673 }; 674 675 static int __init libaesgcm_init(void) 676 { 677 for (int i = 0; i < ARRAY_SIZE(aesgcm_tv); i++) { 678 u8 tagbuf[AES_BLOCK_SIZE]; 679 int plen = aesgcm_tv[i].plen; 680 struct aesgcm_ctx ctx; 681 static u8 buf[sizeof(ptext12)]; 682 683 if (aesgcm_expandkey(&ctx, aesgcm_tv[i].key, aesgcm_tv[i].klen, 684 aesgcm_tv[i].clen - plen)) { 685 pr_err("aesgcm_expandkey() failed on vector %d\n", i); 686 return -ENODEV; 687 } 688 689 if (!aesgcm_decrypt(&ctx, buf, aesgcm_tv[i].ctext, plen, 690 aesgcm_tv[i].assoc, aesgcm_tv[i].alen, 691 aesgcm_tv[i].iv, aesgcm_tv[i].ctext + plen) 692 || memcmp(buf, aesgcm_tv[i].ptext, plen)) { 693 pr_err("aesgcm_decrypt() #1 failed on vector %d\n", i); 694 return -ENODEV; 695 } 696 697 /* encrypt in place */ 698 aesgcm_encrypt(&ctx, buf, buf, plen, aesgcm_tv[i].assoc, 699 aesgcm_tv[i].alen, aesgcm_tv[i].iv, tagbuf); 700 if (memcmp(buf, aesgcm_tv[i].ctext, plen)) { 701 pr_err("aesgcm_encrypt() failed on vector %d\n", i); 702 return -ENODEV; 703 } 704 705 /* decrypt in place */ 706 if (!aesgcm_decrypt(&ctx, buf, buf, plen, aesgcm_tv[i].assoc, 707 aesgcm_tv[i].alen, aesgcm_tv[i].iv, tagbuf) 708 || memcmp(buf, aesgcm_tv[i].ptext, plen)) { 709 pr_err("aesgcm_decrypt() #2 failed on vector %d\n", i); 710 return -ENODEV; 711 } 712 } 713 return 0; 714 } 715 module_init(libaesgcm_init); 716 717 static void __exit libaesgcm_exit(void) 718 { 719 } 720 module_exit(libaesgcm_exit); 721 #endif 722