1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Minimal library implementation of GCM 4 * 5 * Copyright 2022 Google LLC 6 */ 7 8 #include <crypto/algapi.h> 9 #include <crypto/gcm.h> 10 #include <crypto/ghash.h> 11 #include <linux/export.h> 12 #include <linux/module.h> 13 #include <asm/irqflags.h> 14 15 static void aesgcm_encrypt_block(const struct crypto_aes_ctx *ctx, void *dst, 16 const void *src) 17 { 18 unsigned long flags; 19 20 /* 21 * In AES-GCM, both the GHASH key derivation and the CTR mode 22 * encryption operate on known plaintext, making them susceptible to 23 * timing attacks on the encryption key. The AES library already 24 * mitigates this risk to some extent by pulling the entire S-box into 25 * the caches before doing any substitutions, but this strategy is more 26 * effective when running with interrupts disabled. 27 */ 28 local_irq_save(flags); 29 aes_encrypt(ctx, dst, src); 30 local_irq_restore(flags); 31 } 32 33 /** 34 * aesgcm_expandkey - Expands the AES and GHASH keys for the AES-GCM key 35 * schedule 36 * 37 * @ctx: The data structure that will hold the AES-GCM key schedule 38 * @key: The AES encryption input key 39 * @keysize: The length in bytes of the input key 40 * @authsize: The size in bytes of the GCM authentication tag 41 * 42 * Returns: 0 on success, or -EINVAL if @keysize or @authsize contain values 43 * that are not permitted by the GCM specification. 44 */ 45 int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key, 46 unsigned int keysize, unsigned int authsize) 47 { 48 u8 kin[AES_BLOCK_SIZE] = {}; 49 int ret; 50 51 ret = crypto_gcm_check_authsize(authsize) ?: 52 aes_expandkey(&ctx->aes_ctx, key, keysize); 53 if (ret) 54 return ret; 55 56 ctx->authsize = authsize; 57 aesgcm_encrypt_block(&ctx->aes_ctx, &ctx->ghash_key, kin); 58 59 return 0; 60 } 61 EXPORT_SYMBOL(aesgcm_expandkey); 62 63 static void aesgcm_ghash(be128 *ghash, const be128 *key, const void *src, 64 int len) 65 { 66 while (len > 0) { 67 crypto_xor((u8 *)ghash, src, min(len, GHASH_BLOCK_SIZE)); 68 gf128mul_lle(ghash, key); 69 70 src += GHASH_BLOCK_SIZE; 71 len -= GHASH_BLOCK_SIZE; 72 } 73 } 74 75 /** 76 * aesgcm_mac - Generates the authentication tag using AES-GCM algorithm. 77 * @ctx: The data structure that will hold the AES-GCM key schedule 78 * @src: The input source data. 79 * @src_len: Length of the source data. 80 * @assoc: Points to the associated data. 81 * @assoc_len: Length of the associated data values. 82 * @ctr: Points to the counter value. 83 * @authtag: The output buffer for the authentication tag. 84 * 85 * It takes in the AES-GCM context, source data, associated data, counter value, 86 * and an output buffer for the authentication tag. 87 */ 88 static void aesgcm_mac(const struct aesgcm_ctx *ctx, const u8 *src, int src_len, 89 const u8 *assoc, int assoc_len, __be32 *ctr, u8 *authtag) 90 { 91 be128 tail = { cpu_to_be64(assoc_len * 8), cpu_to_be64(src_len * 8) }; 92 u8 buf[AES_BLOCK_SIZE]; 93 be128 ghash = {}; 94 95 aesgcm_ghash(&ghash, &ctx->ghash_key, assoc, assoc_len); 96 aesgcm_ghash(&ghash, &ctx->ghash_key, src, src_len); 97 aesgcm_ghash(&ghash, &ctx->ghash_key, &tail, sizeof(tail)); 98 99 ctr[3] = cpu_to_be32(1); 100 aesgcm_encrypt_block(&ctx->aes_ctx, buf, ctr); 101 crypto_xor_cpy(authtag, buf, (u8 *)&ghash, ctx->authsize); 102 103 memzero_explicit(&ghash, sizeof(ghash)); 104 memzero_explicit(buf, sizeof(buf)); 105 } 106 107 static void aesgcm_crypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, 108 int len, __be32 *ctr) 109 { 110 u8 buf[AES_BLOCK_SIZE]; 111 unsigned int n = 2; 112 113 while (len > 0) { 114 /* 115 * The counter increment below must not result in overflow or 116 * carry into the next 32-bit word, as this could result in 117 * inadvertent IV reuse, which must be avoided at all cost for 118 * stream ciphers such as AES-CTR. Given the range of 'int 119 * len', this cannot happen, so no explicit test is necessary. 120 */ 121 ctr[3] = cpu_to_be32(n++); 122 aesgcm_encrypt_block(&ctx->aes_ctx, buf, ctr); 123 crypto_xor_cpy(dst, src, buf, min(len, AES_BLOCK_SIZE)); 124 125 dst += AES_BLOCK_SIZE; 126 src += AES_BLOCK_SIZE; 127 len -= AES_BLOCK_SIZE; 128 } 129 memzero_explicit(buf, sizeof(buf)); 130 } 131 132 /** 133 * aesgcm_encrypt - Perform AES-GCM encryption on a block of data 134 * 135 * @ctx: The AES-GCM key schedule 136 * @dst: Pointer to the ciphertext output buffer 137 * @src: Pointer the plaintext (may equal @dst for encryption in place) 138 * @crypt_len: The size in bytes of the plaintext and ciphertext. 139 * @assoc: Pointer to the associated data, 140 * @assoc_len: The size in bytes of the associated data 141 * @iv: The initialization vector (IV) to use for this block of data 142 * (must be 12 bytes in size as per the GCM spec recommendation) 143 * @authtag: The address of the buffer in memory where the authentication 144 * tag should be stored. The buffer is assumed to have space for 145 * @ctx->authsize bytes. 146 */ 147 void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, 148 int crypt_len, const u8 *assoc, int assoc_len, 149 const u8 iv[GCM_AES_IV_SIZE], u8 *authtag) 150 { 151 __be32 ctr[4]; 152 153 memcpy(ctr, iv, GCM_AES_IV_SIZE); 154 155 aesgcm_crypt(ctx, dst, src, crypt_len, ctr); 156 aesgcm_mac(ctx, dst, crypt_len, assoc, assoc_len, ctr, authtag); 157 } 158 EXPORT_SYMBOL(aesgcm_encrypt); 159 160 /** 161 * aesgcm_decrypt - Perform AES-GCM decryption on a block of data 162 * 163 * @ctx: The AES-GCM key schedule 164 * @dst: Pointer to the plaintext output buffer 165 * @src: Pointer the ciphertext (may equal @dst for decryption in place) 166 * @crypt_len: The size in bytes of the plaintext and ciphertext. 167 * @assoc: Pointer to the associated data, 168 * @assoc_len: The size in bytes of the associated data 169 * @iv: The initialization vector (IV) to use for this block of data 170 * (must be 12 bytes in size as per the GCM spec recommendation) 171 * @authtag: The address of the buffer in memory where the authentication 172 * tag is stored. 173 * 174 * Returns: true on success, or false if the ciphertext failed authentication. 175 * On failure, no plaintext will be returned. 176 */ 177 bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst, 178 const u8 *src, int crypt_len, const u8 *assoc, 179 int assoc_len, const u8 iv[GCM_AES_IV_SIZE], 180 const u8 *authtag) 181 { 182 u8 tagbuf[AES_BLOCK_SIZE]; 183 __be32 ctr[4]; 184 185 memcpy(ctr, iv, GCM_AES_IV_SIZE); 186 187 aesgcm_mac(ctx, src, crypt_len, assoc, assoc_len, ctr, tagbuf); 188 if (crypto_memneq(authtag, tagbuf, ctx->authsize)) { 189 memzero_explicit(tagbuf, sizeof(tagbuf)); 190 return false; 191 } 192 aesgcm_crypt(ctx, dst, src, crypt_len, ctr); 193 return true; 194 } 195 EXPORT_SYMBOL(aesgcm_decrypt); 196 197 MODULE_DESCRIPTION("Generic AES-GCM library"); 198 MODULE_AUTHOR("Ard Biesheuvel <ardb@kernel.org>"); 199 MODULE_LICENSE("GPL"); 200 201 #ifdef CONFIG_CRYPTO_SELFTESTS 202 203 /* 204 * Test code below. Vectors taken from crypto/testmgr.h 205 */ 206 207 static const u8 __initconst ctext0[16] __nonstring = 208 "\x58\xe2\xfc\xce\xfa\x7e\x30\x61" 209 "\x36\x7f\x1d\x57\xa4\xe7\x45\x5a"; 210 211 static const u8 __initconst ptext1[16]; 212 213 static const u8 __initconst ctext1[32] __nonstring = 214 "\x03\x88\xda\xce\x60\xb6\xa3\x92" 215 "\xf3\x28\xc2\xb9\x71\xb2\xfe\x78" 216 "\xab\x6e\x47\xd4\x2c\xec\x13\xbd" 217 "\xf5\x3a\x67\xb2\x12\x57\xbd\xdf"; 218 219 static const u8 __initconst ptext2[64] __nonstring = 220 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 221 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 222 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 223 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 224 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 225 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 226 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 227 "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; 228 229 static const u8 __initconst ctext2[80] __nonstring = 230 "\x42\x83\x1e\xc2\x21\x77\x74\x24" 231 "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" 232 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" 233 "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" 234 "\x21\xd5\x14\xb2\x54\x66\x93\x1c" 235 "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" 236 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" 237 "\x3d\x58\xe0\x91\x47\x3f\x59\x85" 238 "\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6" 239 "\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4"; 240 241 static const u8 __initconst ptext3[60] __nonstring = 242 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 243 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 244 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 245 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 246 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 247 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 248 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 249 "\xba\x63\x7b\x39"; 250 251 static const u8 __initconst ctext3[76] __nonstring = 252 "\x42\x83\x1e\xc2\x21\x77\x74\x24" 253 "\x4b\x72\x21\xb7\x84\xd0\xd4\x9c" 254 "\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0" 255 "\x35\xc1\x7e\x23\x29\xac\xa1\x2e" 256 "\x21\xd5\x14\xb2\x54\x66\x93\x1c" 257 "\x7d\x8f\x6a\x5a\xac\x84\xaa\x05" 258 "\x1b\xa3\x0b\x39\x6a\x0a\xac\x97" 259 "\x3d\x58\xe0\x91" 260 "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb" 261 "\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"; 262 263 static const u8 __initconst ctext4[16] __nonstring = 264 "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b" 265 "\xa0\x0e\xd1\xf3\x12\x57\x24\x35"; 266 267 static const u8 __initconst ctext5[32] __nonstring = 268 "\x98\xe7\x24\x7c\x07\xf0\xfe\x41" 269 "\x1c\x26\x7e\x43\x84\xb0\xf6\x00" 270 "\x2f\xf5\x8d\x80\x03\x39\x27\xab" 271 "\x8e\xf4\xd4\x58\x75\x14\xf0\xfb"; 272 273 static const u8 __initconst ptext6[64] __nonstring = 274 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 275 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 276 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 277 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 278 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 279 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 280 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 281 "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; 282 283 static const u8 __initconst ctext6[80] __nonstring = 284 "\x39\x80\xca\x0b\x3c\x00\xe8\x41" 285 "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" 286 "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" 287 "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" 288 "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" 289 "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" 290 "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" 291 "\xcc\xda\x27\x10\xac\xad\xe2\x56" 292 "\x99\x24\xa7\xc8\x58\x73\x36\xbf" 293 "\xb1\x18\x02\x4d\xb8\x67\x4a\x14"; 294 295 static const u8 __initconst ctext7[16] __nonstring = 296 "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9" 297 "\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b"; 298 299 static const u8 __initconst ctext8[32] __nonstring = 300 "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e" 301 "\x07\x4e\xc5\xd3\xba\xf3\x9d\x18" 302 "\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0" 303 "\x26\x5b\x98\xb5\xd4\x8a\xb9\x19"; 304 305 static const u8 __initconst ptext9[64] __nonstring = 306 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 307 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 308 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 309 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 310 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 311 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 312 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 313 "\xba\x63\x7b\x39\x1a\xaf\xd2\x55"; 314 315 static const u8 __initconst ctext9[80] __nonstring = 316 "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" 317 "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" 318 "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" 319 "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" 320 "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" 321 "\xa7\xb0\x8b\x10\x56\x82\x88\x38" 322 "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" 323 "\xbc\xc9\xf6\x62\x89\x80\x15\xad" 324 "\xb0\x94\xda\xc5\xd9\x34\x71\xbd" 325 "\xec\x1a\x50\x22\x70\xe3\xcc\x6c"; 326 327 static const u8 __initconst ptext10[60] __nonstring = 328 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 329 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 330 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 331 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 332 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 333 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 334 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 335 "\xba\x63\x7b\x39"; 336 337 static const u8 __initconst ctext10[76] __nonstring = 338 "\x52\x2d\xc1\xf0\x99\x56\x7d\x07" 339 "\xf4\x7f\x37\xa3\x2a\x84\x42\x7d" 340 "\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9" 341 "\x75\x98\xa2\xbd\x25\x55\xd1\xaa" 342 "\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d" 343 "\xa7\xb0\x8b\x10\x56\x82\x88\x38" 344 "\xc5\xf6\x1e\x63\x93\xba\x7a\x0a" 345 "\xbc\xc9\xf6\x62" 346 "\x76\xfc\x6e\xce\x0f\x4e\x17\x68" 347 "\xcd\xdf\x88\x53\xbb\x2d\x55\x1b"; 348 349 static const u8 __initconst ptext11[60] __nonstring = 350 "\xd9\x31\x32\x25\xf8\x84\x06\xe5" 351 "\xa5\x59\x09\xc5\xaf\xf5\x26\x9a" 352 "\x86\xa7\xa9\x53\x15\x34\xf7\xda" 353 "\x2e\x4c\x30\x3d\x8a\x31\x8a\x72" 354 "\x1c\x3c\x0c\x95\x95\x68\x09\x53" 355 "\x2f\xcf\x0e\x24\x49\xa6\xb5\x25" 356 "\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57" 357 "\xba\x63\x7b\x39"; 358 359 static const u8 __initconst ctext11[76] __nonstring = 360 "\x39\x80\xca\x0b\x3c\x00\xe8\x41" 361 "\xeb\x06\xfa\xc4\x87\x2a\x27\x57" 362 "\x85\x9e\x1c\xea\xa6\xef\xd9\x84" 363 "\x62\x85\x93\xb4\x0c\xa1\xe1\x9c" 364 "\x7d\x77\x3d\x00\xc1\x44\xc5\x25" 365 "\xac\x61\x9d\x18\xc8\x4a\x3f\x47" 366 "\x18\xe2\x44\x8b\x2f\xe3\x24\xd9" 367 "\xcc\xda\x27\x10" 368 "\x25\x19\x49\x8e\x80\xf1\x47\x8f" 369 "\x37\xba\x55\xbd\x6d\x27\x61\x8c"; 370 371 static const u8 __initconst ptext12[719] __nonstring = 372 "\x42\xc1\xcc\x08\x48\x6f\x41\x3f" 373 "\x2f\x11\x66\x8b\x2a\x16\xf0\xe0" 374 "\x58\x83\xf0\xc3\x70\x14\xc0\x5b" 375 "\x3f\xec\x1d\x25\x3c\x51\xd2\x03" 376 "\xcf\x59\x74\x1f\xb2\x85\xb4\x07" 377 "\xc6\x6a\x63\x39\x8a\x5b\xde\xcb" 378 "\xaf\x08\x44\xbd\x6f\x91\x15\xe1" 379 "\xf5\x7a\x6e\x18\xbd\xdd\x61\x50" 380 "\x59\xa9\x97\xab\xbb\x0e\x74\x5c" 381 "\x00\xa4\x43\x54\x04\x54\x9b\x3b" 382 "\x77\xec\xfd\x5c\xa6\xe8\x7b\x08" 383 "\xae\xe6\x10\x3f\x32\x65\xd1\xfc" 384 "\xa4\x1d\x2c\x31\xfb\x33\x7a\xb3" 385 "\x35\x23\xf4\x20\x41\xd4\xad\x82" 386 "\x8b\xa4\xad\x96\x1c\x20\x53\xbe" 387 "\x0e\xa6\xf4\xdc\x78\x49\x3e\x72" 388 "\xb1\xa9\xb5\x83\xcb\x08\x54\xb7" 389 "\xad\x49\x3a\xae\x98\xce\xa6\x66" 390 "\x10\x30\x90\x8c\x55\x83\xd7\x7c" 391 "\x8b\xe6\x53\xde\xd2\x6e\x18\x21" 392 "\x01\x52\xd1\x9f\x9d\xbb\x9c\x73" 393 "\x57\xcc\x89\x09\x75\x9b\x78\x70" 394 "\xed\x26\x97\x4d\xb4\xe4\x0c\xa5" 395 "\xfa\x70\x04\x70\xc6\x96\x1c\x7d" 396 "\x54\x41\x77\xa8\xe3\xb0\x7e\x96" 397 "\x82\xd9\xec\xa2\x87\x68\x55\xf9" 398 "\x8f\x9e\x73\x43\x47\x6a\x08\x36" 399 "\x93\x67\xa8\x2d\xde\xac\x41\xa9" 400 "\x5c\x4d\x73\x97\x0f\x70\x68\xfa" 401 "\x56\x4d\x00\xc2\x3b\x1f\xc8\xb9" 402 "\x78\x1f\x51\x07\xe3\x9a\x13\x4e" 403 "\xed\x2b\x2e\xa3\xf7\x44\xb2\xe7" 404 "\xab\x19\x37\xd9\xba\x76\x5e\xd2" 405 "\xf2\x53\x15\x17\x4c\x6b\x16\x9f" 406 "\x02\x66\x49\xca\x7c\x91\x05\xf2" 407 "\x45\x36\x1e\xf5\x77\xad\x1f\x46" 408 "\xa8\x13\xfb\x63\xb6\x08\x99\x63" 409 "\x82\xa2\xed\xb3\xac\xdf\x43\x19" 410 "\x45\xea\x78\x73\xd9\xb7\x39\x11" 411 "\xa3\x13\x7c\xf8\x3f\xf7\xad\x81" 412 "\x48\x2f\xa9\x5c\x5f\xa0\xf0\x79" 413 "\xa4\x47\x7d\x80\x20\x26\xfd\x63" 414 "\x0a\xc7\x7e\x6d\x75\x47\xff\x76" 415 "\x66\x2e\x8a\x6c\x81\x35\xaf\x0b" 416 "\x2e\x6a\x49\x60\xc1\x10\xe1\xe1" 417 "\x54\x03\xa4\x09\x0c\x37\x7a\x15" 418 "\x23\x27\x5b\x8b\x4b\xa5\x64\x97" 419 "\xae\x4a\x50\x73\x1f\x66\x1c\x5c" 420 "\x03\x25\x3c\x8d\x48\x58\x71\x34" 421 "\x0e\xec\x4e\x55\x1a\x03\x6a\xe5" 422 "\xb6\x19\x2b\x84\x2a\x20\xd1\xea" 423 "\x80\x6f\x96\x0e\x05\x62\xc7\x78" 424 "\x87\x79\x60\x38\x46\xb4\x25\x57" 425 "\x6e\x16\x63\xf8\xad\x6e\xd7\x42" 426 "\x69\xe1\x88\xef\x6e\xd5\xb4\x9a" 427 "\x3c\x78\x6c\x3b\xe5\xa0\x1d\x22" 428 "\x86\x5c\x74\x3a\xeb\x24\x26\xc7" 429 "\x09\xfc\x91\x96\x47\x87\x4f\x1a" 430 "\xd6\x6b\x2c\x18\x47\xc0\xb8\x24" 431 "\xa8\x5a\x4a\x9e\xcb\x03\xe7\x2a" 432 "\x09\xe6\x4d\x9c\x6d\x86\x60\xf5" 433 "\x2f\x48\x69\x37\x9f\xf2\xd2\xcb" 434 "\x0e\x5a\xdd\x6e\x8a\xfb\x6a\xfe" 435 "\x0b\x63\xde\x87\x42\x79\x8a\x68" 436 "\x51\x28\x9b\x7a\xeb\xaf\xb8\x2f" 437 "\x9d\xd1\xc7\x45\x90\x08\xc9\x83" 438 "\xe9\x83\x84\xcb\x28\x69\x09\x69" 439 "\xce\x99\x46\x00\x54\xcb\xd8\x38" 440 "\xf9\x53\x4a\xbf\x31\xce\x57\x15" 441 "\x33\xfa\x96\x04\x33\x42\xe3\xc0" 442 "\xb7\x54\x4a\x65\x7a\x7c\x02\xe6" 443 "\x19\x95\xd0\x0e\x82\x07\x63\xf9" 444 "\xe1\x2b\x2a\xfc\x55\x92\x52\xc9" 445 "\xb5\x9f\x23\x28\x60\xe7\x20\x51" 446 "\x10\xd3\xed\x6d\x9b\xab\xb8\xe2" 447 "\x5d\x9a\x34\xb3\xbe\x9c\x64\xcb" 448 "\x78\xc6\x91\x22\x40\x91\x80\xbe" 449 "\xd7\x78\x5c\x0e\x0a\xdc\x08\xe9" 450 "\x67\x10\xa4\x83\x98\x79\x23\xe7" 451 "\x92\xda\xa9\x22\x16\xb1\xe7\x78" 452 "\xa3\x1c\x6c\x8f\x35\x7c\x4d\x37" 453 "\x2f\x6e\x0b\x50\x5c\x34\xb9\xf9" 454 "\xe6\x3d\x91\x0d\x32\x95\xaa\x3d" 455 "\x48\x11\x06\xbb\x2d\xf2\x63\x88" 456 "\x3f\x73\x09\xe2\x45\x56\x31\x51" 457 "\xfa\x5e\x4e\x62\xf7\x90\xf9\xa9" 458 "\x7d\x7b\x1b\xb1\xc8\x26\x6e\x66" 459 "\xf6\x90\x9a\x7f\xf2\x57\xcc\x23" 460 "\x59\xfa\xfa\xaa\x44\x04\x01\xa7" 461 "\xa4\x78\xdb\x74\x3d\x8b\xb5"; 462 463 static const u8 __initconst ctext12[735] __nonstring = 464 "\x84\x0b\xdb\xd5\xb7\xa8\xfe\x20" 465 "\xbb\xb1\x12\x7f\x41\xea\xb3\xc0" 466 "\xa2\xb4\x37\x19\x11\x58\xb6\x0b" 467 "\x4c\x1d\x38\x05\x54\xd1\x16\x73" 468 "\x8e\x1c\x20\x90\xa2\x9a\xb7\x74" 469 "\x47\xe6\xd8\xfc\x18\x3a\xb4\xea" 470 "\xd5\x16\x5a\x2c\x53\x01\x46\xb3" 471 "\x18\x33\x74\x6c\x50\xf2\xe8\xc0" 472 "\x73\xda\x60\x22\xeb\xe3\xe5\x9b" 473 "\x20\x93\x6c\x4b\x37\x99\xb8\x23" 474 "\x3b\x4e\xac\xe8\x5b\xe8\x0f\xb7" 475 "\xc3\x8f\xfb\x4a\x37\xd9\x39\x95" 476 "\x34\xf1\xdb\x8f\x71\xd9\xc7\x0b" 477 "\x02\xf1\x63\xfc\x9b\xfc\xc5\xab" 478 "\xb9\x14\x13\x21\xdf\xce\xaa\x88" 479 "\x44\x30\x1e\xce\x26\x01\x92\xf8" 480 "\x9f\x00\x4b\x0c\x4b\xf7\x5f\xe0" 481 "\x89\xca\x94\x66\x11\x21\x97\xca" 482 "\x3e\x83\x74\x2d\xdb\x4d\x11\xeb" 483 "\x97\xc2\x14\xff\x9e\x1e\xa0\x6b" 484 "\x08\xb4\x31\x2b\x85\xc6\x85\x6c" 485 "\x90\xec\x39\xc0\xec\xb3\xb5\x4e" 486 "\xf3\x9c\xe7\x83\x3a\x77\x0a\xf4" 487 "\x56\xfe\xce\x18\x33\x6d\x0b\x2d" 488 "\x33\xda\xc8\x05\x5c\xb4\x09\x2a" 489 "\xde\x6b\x52\x98\x01\xef\x36\x3d" 490 "\xbd\xf9\x8f\xa8\x3e\xaa\xcd\xd1" 491 "\x01\x2d\x42\x49\xc3\xb6\x84\xbb" 492 "\x48\x96\xe0\x90\x93\x6c\x48\x64" 493 "\xd4\xfa\x7f\x93\x2c\xa6\x21\xc8" 494 "\x7a\x23\x7b\xaa\x20\x56\x12\xae" 495 "\x16\x9d\x94\x0f\x54\xa1\xec\xca" 496 "\x51\x4e\xf2\x39\xf4\xf8\x5f\x04" 497 "\x5a\x0d\xbf\xf5\x83\xa1\x15\xe1" 498 "\xf5\x3c\xd8\x62\xa3\xed\x47\x89" 499 "\x85\x4c\xe5\xdb\xac\x9e\x17\x1d" 500 "\x0c\x09\xe3\x3e\x39\x5b\x4d\x74" 501 "\x0e\xf5\x34\xee\x70\x11\x4c\xfd" 502 "\xdb\x34\xb1\xb5\x10\x3f\x73\xb7" 503 "\xf5\xfa\xed\xb0\x1f\xa5\xcd\x3c" 504 "\x8d\x35\x83\xd4\x11\x44\x6e\x6c" 505 "\x5b\xe0\x0e\x69\xa5\x39\xe5\xbb" 506 "\xa9\x57\x24\x37\xe6\x1f\xdd\xcf" 507 "\x16\x2a\x13\xf9\x6a\x2d\x90\xa0" 508 "\x03\x60\x7a\xed\x69\xd5\x00\x8b" 509 "\x7e\x4f\xcb\xb9\xfa\x91\xb9\x37" 510 "\xc1\x26\xce\x90\x97\x22\x64\x64" 511 "\xc1\x72\x43\x1b\xf6\xac\xc1\x54" 512 "\x8a\x10\x9c\xdd\x8d\xd5\x8e\xb2" 513 "\xe4\x85\xda\xe0\x20\x5f\xf4\xb4" 514 "\x15\xb5\xa0\x8d\x12\x74\x49\x23" 515 "\x3a\xdf\x4a\xd3\xf0\x3b\x89\xeb" 516 "\xf8\xcc\x62\x7b\xfb\x93\x07\x41" 517 "\x61\x26\x94\x58\x70\xa6\x3c\xe4" 518 "\xff\x58\xc4\x13\x3d\xcb\x36\x6b" 519 "\x32\xe5\xb2\x6d\x03\x74\x6f\x76" 520 "\x93\x77\xde\x48\xc4\xfa\x30\x4a" 521 "\xda\x49\x80\x77\x0f\x1c\xbe\x11" 522 "\xc8\x48\xb1\xe5\xbb\xf2\x8a\xe1" 523 "\x96\x2f\x9f\xd1\x8e\x8a\x5c\xe2" 524 "\xf7\xd7\xd8\x54\xf3\x3f\xc4\x91" 525 "\xb8\xfb\x86\xdc\x46\x24\x91\x60" 526 "\x6c\x2f\xc9\x41\x37\x51\x49\x54" 527 "\x09\x81\x21\xf3\x03\x9f\x2b\xe3" 528 "\x1f\x39\x63\xaf\xf4\xd7\x53\x60" 529 "\xa7\xc7\x54\xf9\xee\xb1\xb1\x7d" 530 "\x75\x54\x65\x93\xfe\xb1\x68\x6b" 531 "\x57\x02\xf9\xbb\x0e\xf9\xf8\xbf" 532 "\x01\x12\x27\xb4\xfe\xe4\x79\x7a" 533 "\x40\x5b\x51\x4b\xdf\x38\xec\xb1" 534 "\x6a\x56\xff\x35\x4d\x42\x33\xaa" 535 "\x6f\x1b\xe4\xdc\xe0\xdb\x85\x35" 536 "\x62\x10\xd4\xec\xeb\xc5\x7e\x45" 537 "\x1c\x6f\x17\xca\x3b\x8e\x2d\x66" 538 "\x4f\x4b\x36\x56\xcd\x1b\x59\xaa" 539 "\xd2\x9b\x17\xb9\x58\xdf\x7b\x64" 540 "\x8a\xff\x3b\x9c\xa6\xb5\x48\x9e" 541 "\xaa\xe2\x5d\x09\x71\x32\x5f\xb6" 542 "\x29\xbe\xe7\xc7\x52\x7e\x91\x82" 543 "\x6b\x6d\x33\xe1\x34\x06\x36\x21" 544 "\x5e\xbe\x1e\x2f\x3e\xc1\xfb\xea" 545 "\x49\x2c\xb5\xca\xf7\xb0\x37\xea" 546 "\x1f\xed\x10\x04\xd9\x48\x0d\x1a" 547 "\x1c\xfb\xe7\x84\x0e\x83\x53\x74" 548 "\xc7\x65\xe2\x5c\xe5\xba\x73\x4c" 549 "\x0e\xe1\xb5\x11\x45\x61\x43\x46" 550 "\xaa\x25\x8f\xbd\x85\x08\xfa\x4c" 551 "\x15\xc1\xc0\xd8\xf5\xdc\x16\xbb" 552 "\x7b\x1d\xe3\x87\x57\xa7\x2a\x1d" 553 "\x38\x58\x9e\x8a\x43\xdc\x57" 554 "\xd1\x81\x7d\x2b\xe9\xff\x99\x3a" 555 "\x4b\x24\x52\x58\x55\xe1\x49\x14"; 556 557 static struct { 558 const u8 *ptext; 559 const u8 *ctext; 560 561 u8 key[AES_MAX_KEY_SIZE] __nonstring; 562 u8 iv[GCM_AES_IV_SIZE] __nonstring; 563 u8 assoc[20] __nonstring; 564 565 int klen; 566 int clen; 567 int plen; 568 int alen; 569 } const aesgcm_tv[] __initconst = { 570 { /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */ 571 .klen = 16, 572 .ctext = ctext0, 573 .clen = sizeof(ctext0), 574 }, { 575 .klen = 16, 576 .ptext = ptext1, 577 .plen = sizeof(ptext1), 578 .ctext = ctext1, 579 .clen = sizeof(ctext1), 580 }, { 581 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 582 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 583 .klen = 16, 584 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 585 "\xde\xca\xf8\x88", 586 .ptext = ptext2, 587 .plen = sizeof(ptext2), 588 .ctext = ctext2, 589 .clen = sizeof(ctext2), 590 }, { 591 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 592 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 593 .klen = 16, 594 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 595 "\xde\xca\xf8\x88", 596 .ptext = ptext3, 597 .plen = sizeof(ptext3), 598 .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 599 "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 600 "\xab\xad\xda\xd2", 601 .alen = 20, 602 .ctext = ctext3, 603 .clen = sizeof(ctext3), 604 }, { 605 .klen = 24, 606 .ctext = ctext4, 607 .clen = sizeof(ctext4), 608 }, { 609 .klen = 24, 610 .ptext = ptext1, 611 .plen = sizeof(ptext1), 612 .ctext = ctext5, 613 .clen = sizeof(ctext5), 614 }, { 615 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 616 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 617 "\xfe\xff\xe9\x92\x86\x65\x73\x1c", 618 .klen = 24, 619 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 620 "\xde\xca\xf8\x88", 621 .ptext = ptext6, 622 .plen = sizeof(ptext6), 623 .ctext = ctext6, 624 .clen = sizeof(ctext6), 625 }, { 626 .klen = 32, 627 .ctext = ctext7, 628 .clen = sizeof(ctext7), 629 }, { 630 .klen = 32, 631 .ptext = ptext1, 632 .plen = sizeof(ptext1), 633 .ctext = ctext8, 634 .clen = sizeof(ctext8), 635 }, { 636 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 637 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 638 "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 639 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 640 .klen = 32, 641 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 642 "\xde\xca\xf8\x88", 643 .ptext = ptext9, 644 .plen = sizeof(ptext9), 645 .ctext = ctext9, 646 .clen = sizeof(ctext9), 647 }, { 648 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 649 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 650 "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 651 "\x6d\x6a\x8f\x94\x67\x30\x83\x08", 652 .klen = 32, 653 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 654 "\xde\xca\xf8\x88", 655 .ptext = ptext10, 656 .plen = sizeof(ptext10), 657 .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 658 "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 659 "\xab\xad\xda\xd2", 660 .alen = 20, 661 .ctext = ctext10, 662 .clen = sizeof(ctext10), 663 }, { 664 .key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c" 665 "\x6d\x6a\x8f\x94\x67\x30\x83\x08" 666 "\xfe\xff\xe9\x92\x86\x65\x73\x1c", 667 .klen = 24, 668 .iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad" 669 "\xde\xca\xf8\x88", 670 .ptext = ptext11, 671 .plen = sizeof(ptext11), 672 .assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 673 "\xfe\xed\xfa\xce\xde\xad\xbe\xef" 674 "\xab\xad\xda\xd2", 675 .alen = 20, 676 .ctext = ctext11, 677 .clen = sizeof(ctext11), 678 }, { 679 .key = "\x62\x35\xf8\x95\xfc\xa5\xeb\xf6" 680 "\x0e\x92\x12\x04\xd3\xa1\x3f\x2e" 681 "\x8b\x32\xcf\xe7\x44\xed\x13\x59" 682 "\x04\x38\x77\xb0\xb9\xad\xb4\x38", 683 .klen = 32, 684 .iv = "\x00\xff\xff\xff\xff\x00\x00\xff" 685 "\xff\xff\x00\xff", 686 .ptext = ptext12, 687 .plen = sizeof(ptext12), 688 .ctext = ctext12, 689 .clen = sizeof(ctext12), 690 } 691 }; 692 693 static int __init libaesgcm_init(void) 694 { 695 for (int i = 0; i < ARRAY_SIZE(aesgcm_tv); i++) { 696 u8 tagbuf[AES_BLOCK_SIZE]; 697 int plen = aesgcm_tv[i].plen; 698 struct aesgcm_ctx ctx; 699 static u8 buf[sizeof(ptext12)]; 700 701 if (aesgcm_expandkey(&ctx, aesgcm_tv[i].key, aesgcm_tv[i].klen, 702 aesgcm_tv[i].clen - plen)) { 703 pr_err("aesgcm_expandkey() failed on vector %d\n", i); 704 return -ENODEV; 705 } 706 707 if (!aesgcm_decrypt(&ctx, buf, aesgcm_tv[i].ctext, plen, 708 aesgcm_tv[i].assoc, aesgcm_tv[i].alen, 709 aesgcm_tv[i].iv, aesgcm_tv[i].ctext + plen) 710 || memcmp(buf, aesgcm_tv[i].ptext, plen)) { 711 pr_err("aesgcm_decrypt() #1 failed on vector %d\n", i); 712 return -ENODEV; 713 } 714 715 /* encrypt in place */ 716 aesgcm_encrypt(&ctx, buf, buf, plen, aesgcm_tv[i].assoc, 717 aesgcm_tv[i].alen, aesgcm_tv[i].iv, tagbuf); 718 if (memcmp(buf, aesgcm_tv[i].ctext, plen)) { 719 pr_err("aesgcm_encrypt() failed on vector %d\n", i); 720 return -ENODEV; 721 } 722 723 /* decrypt in place */ 724 if (!aesgcm_decrypt(&ctx, buf, buf, plen, aesgcm_tv[i].assoc, 725 aesgcm_tv[i].alen, aesgcm_tv[i].iv, tagbuf) 726 || memcmp(buf, aesgcm_tv[i].ptext, plen)) { 727 pr_err("aesgcm_decrypt() #2 failed on vector %d\n", i); 728 return -ENODEV; 729 } 730 } 731 return 0; 732 } 733 module_init(libaesgcm_init); 734 735 static void __exit libaesgcm_exit(void) 736 { 737 } 738 module_exit(libaesgcm_exit); 739 #endif 740