Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: [HWRNG] omap: Minor updates [CRYPTO] kconfig: Ordering cleanup [CRYPTO] all: Clean up init()/fini() [CRYPTO] padlock-aes: Use generic setkey function [CRYPTO] aes: Export generic setkey [CRYPTO] api: Make the crypto subsystem fully modular [CRYPTO] cts: Add CTS mode required for Kerberos AES support [CRYPTO] lrw: Replace all adds to big endians variables with be*_add_cpu [CRYPTO] tcrypt: Change the XTEA test vectors [CRYPTO] tcrypt: Shrink the tcrypt module [CRYPTO] tcrypt: Change the usage of the test vectors [CRYPTO] api: Constify function pointer tables [CRYPTO] aes-x86-32: Remove unused return code [CRYPTO] tcrypt: Shrink speed templates [CRYPTO] tcrypt: Group common speed templates [CRYPTO] sha512: Rename sha512 to sha512_generic [CRYPTO] sha384: Hardware acceleration for s390 [CRYPTO] sha512: Hardware acceleration for s390 [CRYPTO] s390: Generic sha_update and sha_final [CRYPTO] api: Switch to proc_create()
2026-05-01 15:00:59 -07:00 · 2008-04-21 15:57:09 -07:00
parent 98a1e95f9b c49a7f182c
commit 904e0ab54b
44 changed files with 7434 additions and 7120 deletions
@@ -2,8 +2,9 @@
 # Cryptographic API
 #
-obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o
+obj-$(CONFIG_CRYPTO_SHA1_S390) += sha1_s390.o sha_common.o
-obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o
+obj-$(CONFIG_CRYPTO_SHA256_S390) += sha256_s390.o sha_common.o
 obj-$(CONFIG_CRYPTO_SHA512_S390) += sha512_s390.o sha_common.o
 obj-$(CONFIG_CRYPTO_DES_S390) += des_s390.o des_check_key.o
 obj-$(CONFIG_CRYPTO_AES_S390) += aes_s390.o
 obj-$(CONFIG_S390_PRNG) += prng.o
@@ -82,6 +82,7 @@ enum crypt_s390_kimd_func {
 	KIMD_QUERY   = CRYPT_S390_KIMD | 0,
 	KIMD_SHA_1   = CRYPT_S390_KIMD | 1,
 	KIMD_SHA_256 = CRYPT_S390_KIMD | 2,
 	KIMD_SHA_512 = CRYPT_S390_KIMD | 3,
 };
 /*
@@ -92,6 +93,7 @@ enum crypt_s390_klmd_func {
 	KLMD_QUERY   = CRYPT_S390_KLMD | 0,
 	KLMD_SHA_1   = CRYPT_S390_KLMD | 1,
 	KLMD_SHA_256 = CRYPT_S390_KLMD | 2,
 	KLMD_SHA_512 = CRYPT_S390_KLMD | 3,
 };
 /*
@@ -0,0 +1,35 @@
 /*
 * Cryptographic API.
 *
 * s390 generic implementation of the SHA Secure Hash Algorithms.
 *
 * Copyright IBM Corp. 2007
 * Author(s): Jan Glauber (jang@de.ibm.com)
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */
 #ifndef _CRYPTO_ARCH_S390_SHA_H
 #define _CRYPTO_ARCH_S390_SHA_H
 #include <linux/crypto.h>
 #include <crypto/sha.h>
 /* must be big enough for the largest SHA variant */
 #define SHA_MAX_STATE_SIZE	16
 #define SHA_MAX_BLOCK_SIZE      SHA512_BLOCK_SIZE
 struct s390_sha_ctx {
 	u64 count;              /* message length in bytes */
 	u32 state[SHA_MAX_STATE_SIZE];
 	u8 buf[2 * SHA_MAX_BLOCK_SIZE];
 	int func;		/* KIMD function to use */
 };
 void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len);
 void s390_sha_final(struct crypto_tfm *tfm, u8 *out);
 #endif
@@ -29,16 +29,11 @@
 #include <crypto/sha.h>
 #include "crypt_s390.h"
-
+#include "sha.h"
 struct s390_sha1_ctx {
 	u64 count;		/* message length */
 	u32 state[5];
 	u8 buf[2 * SHA1_BLOCK_SIZE];
 };
 static void sha1_init(struct crypto_tfm *tfm)
 {
-	struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
+	struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm);
 	sctx->state[0] = SHA1_H0;
 	sctx->state[1] = SHA1_H1;
@@ -46,79 +41,7 @@ static void sha1_init(struct crypto_tfm *tfm)
 	sctx->state[3] = SHA1_H3;
 	sctx->state[4] = SHA1_H4;
 	sctx->count = 0;
-}
+	sctx->func = KIMD_SHA_1;
 static void sha1_update(struct crypto_tfm *tfm, const u8 *data,
 			unsigned int len)
 {
 	struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
 	unsigned int index;
 	int ret;
 	/* how much is already in the buffer? */
 	index = sctx->count & 0x3f;
 	sctx->count += len;
 	if (index + len < SHA1_BLOCK_SIZE)
 		goto store;
 	/* process one stored block */
 	if (index) {
 		memcpy(sctx->buf + index, data, SHA1_BLOCK_SIZE - index);
 		ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf,
 				      SHA1_BLOCK_SIZE);
 		BUG_ON(ret != SHA1_BLOCK_SIZE);
 		data += SHA1_BLOCK_SIZE - index;
 		len -= SHA1_BLOCK_SIZE - index;
 	}
 	/* process as many blocks as possible */
 	if (len >= SHA1_BLOCK_SIZE) {
 		ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, data,
 				      len & ~(SHA1_BLOCK_SIZE - 1));
 		BUG_ON(ret != (len & ~(SHA1_BLOCK_SIZE - 1)));
 		data += ret;
 		len -= ret;
 	}
 store:
 	/* anything left? */
 	if (len)
 		memcpy(sctx->buf + index , data, len);
 }
 /* Add padding and return the message digest. */
 static void sha1_final(struct crypto_tfm *tfm, u8 *out)
 {
 	struct s390_sha1_ctx *sctx = crypto_tfm_ctx(tfm);
 	u64 bits;
 	unsigned int index, end;
 	int ret;
 	/* must perform manual padding */
 	index = sctx->count & 0x3f;
 	end =  (index < 56) ? SHA1_BLOCK_SIZE : (2 * SHA1_BLOCK_SIZE);
 	/* start pad with 1 */
 	sctx->buf[index] = 0x80;
 	/* pad with zeros */
 	index++;
 	memset(sctx->buf + index, 0x00, end - index - 8);
 	/* append message length */
 	bits = sctx->count * 8;
 	memcpy(sctx->buf + end - 8, &bits, sizeof(bits));
 	ret = crypt_s390_kimd(KIMD_SHA_1, sctx->state, sctx->buf, end);
 	BUG_ON(ret != end);
 	/* copy digest to out */
 	memcpy(out, sctx->state, SHA1_DIGEST_SIZE);
 	/* wipe context */
 	memset(sctx, 0, sizeof *sctx);
 }
 static struct crypto_alg alg = {
@@ -127,21 +50,20 @@ static struct crypto_alg alg = {
 	.cra_priority	=	CRYPT_S390_PRIORITY,
 	.cra_flags	=	CRYPTO_ALG_TYPE_DIGEST,
 	.cra_blocksize	=	SHA1_BLOCK_SIZE,
-	.cra_ctxsize	=	sizeof(struct s390_sha1_ctx),
+	.cra_ctxsize	=	sizeof(struct s390_sha_ctx),
 	.cra_module	=	THIS_MODULE,
 	.cra_list	=	LIST_HEAD_INIT(alg.cra_list),
 	.cra_u		=	{ .digest = {
 	.dia_digestsize	=	SHA1_DIGEST_SIZE,
 	.dia_init	=	sha1_init,
-	.dia_update	=	sha1_update,
+	.dia_update	=	s390_sha_update,
-	.dia_final	=	sha1_final } }
+	.dia_final	=	s390_sha_final } }
 };
 static int __init sha1_s390_init(void)
 {
 	if (!crypt_s390_func_available(KIMD_SHA_1))
 		return -EOPNOTSUPP;
 	return crypto_register_alg(&alg);
 }
@@ -154,6 +76,5 @@ module_init(sha1_s390_init);
 module_exit(sha1_s390_fini);
 MODULE_ALIAS("sha1");
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("SHA1 Secure Hash Algorithm");
@@ -22,16 +22,11 @@
 #include <crypto/sha.h>
 #include "crypt_s390.h"
-
+#include "sha.h"
 struct s390_sha256_ctx {
 	u64 count;		/* message length */
 	u32 state[8];
 	u8 buf[2 * SHA256_BLOCK_SIZE];
 };
 static void sha256_init(struct crypto_tfm *tfm)
 {
-	struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm);
+	struct s390_sha_ctx *sctx = crypto_tfm_ctx(tfm);
 	sctx->state[0] = SHA256_H0;
 	sctx->state[1] = SHA256_H1;
@@ -42,79 +37,7 @@ static void sha256_init(struct crypto_tfm *tfm)
 	sctx->state[6] = SHA256_H6;
 	sctx->state[7] = SHA256_H7;
 	sctx->count = 0;
-}
+	sctx->func = KIMD_SHA_256;
 static void sha256_update(struct crypto_tfm *tfm, const u8 *data,
 			  unsigned int len)
 {
 	struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm);
 	unsigned int index;
 	int ret;
 	/* how much is already in the buffer? */
 	index = sctx->count & 0x3f;
 	sctx->count += len;
 	if ((index + len) < SHA256_BLOCK_SIZE)
 		goto store;
 	/* process one stored block */
 	if (index) {
 		memcpy(sctx->buf + index, data, SHA256_BLOCK_SIZE - index);
 		ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf,
 				      SHA256_BLOCK_SIZE);
 		BUG_ON(ret != SHA256_BLOCK_SIZE);
 		data += SHA256_BLOCK_SIZE - index;
 		len -= SHA256_BLOCK_SIZE - index;
 	}
 	/* process as many blocks as possible */
 	if (len >= SHA256_BLOCK_SIZE) {
 		ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, data,
 				      len & ~(SHA256_BLOCK_SIZE - 1));
 		BUG_ON(ret != (len & ~(SHA256_BLOCK_SIZE - 1)));
 		data += ret;
 		len -= ret;
 	}
 store:
 	/* anything left? */
 	if (len)
 		memcpy(sctx->buf + index , data, len);
 }
 /* Add padding and return the message digest */
 static void sha256_final(struct crypto_tfm *tfm, u8 *out)
 {
 	struct s390_sha256_ctx *sctx = crypto_tfm_ctx(tfm);
 	u64 bits;
 	unsigned int index, end;
 	int ret;
 	/* must perform manual padding */
 	index = sctx->count & 0x3f;
 	end = (index < 56) ? SHA256_BLOCK_SIZE : (2 * SHA256_BLOCK_SIZE);
 	/* start pad with 1 */
 	sctx->buf[index] = 0x80;
 	/* pad with zeros */
 	index++;
 	memset(sctx->buf + index, 0x00, end - index - 8);
 	/* append message length */
 	bits = sctx->count * 8;
 	memcpy(sctx->buf + end - 8, &bits, sizeof(bits));
 	ret = crypt_s390_kimd(KIMD_SHA_256, sctx->state, sctx->buf, end);
 	BUG_ON(ret != end);
 	/* copy digest to out */
 	memcpy(out, sctx->state, SHA256_DIGEST_SIZE);
 	/* wipe context */
 	memset(sctx, 0, sizeof *sctx);
 }
 static struct crypto_alg alg = {
@@ -123,14 +46,14 @@ static struct crypto_alg alg = {
 	.cra_priority	=	CRYPT_S390_PRIORITY,
 	.cra_flags	=	CRYPTO_ALG_TYPE_DIGEST,
 	.cra_blocksize	=	SHA256_BLOCK_SIZE,
-	.cra_ctxsize	=	sizeof(struct s390_sha256_ctx),
+	.cra_ctxsize	=	sizeof(struct s390_sha_ctx),
 	.cra_module	=	THIS_MODULE,
 	.cra_list	=	LIST_HEAD_INIT(alg.cra_list),
 	.cra_u		=	{ .digest = {
 	.dia_digestsize	=	SHA256_DIGEST_SIZE,
 	.dia_init	=	sha256_init,
-	.dia_update	=	sha256_update,
+	.dia_update	=	s390_sha_update,
-	.dia_final	=	sha256_final } }
+	.dia_final	=	s390_sha_final } }
 };
 static int sha256_s390_init(void)
@@ -150,6 +73,5 @@ module_init(sha256_s390_init);
 module_exit(sha256_s390_fini);
 MODULE_ALIAS("sha256");
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("SHA256 Secure Hash Algorithm");
@@ -0,0 +1,114 @@
 /*
 * Cryptographic API.
 *
 * s390 implementation of the SHA512 and SHA38 Secure Hash Algorithm.
 *
 * Copyright IBM Corp. 2007
 * Author(s): Jan Glauber (jang@de.ibm.com)
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */
 #include <linux/init.h>
 #include <linux/module.h>
 #include <linux/crypto.h>
 #include "sha.h"
 #include "crypt_s390.h"
 static void sha512_init(struct crypto_tfm *tfm)
 {
 	struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm);
 	*(__u64 *)&ctx->state[0] = 0x6a09e667f3bcc908ULL;
 	*(__u64 *)&ctx->state[2] = 0xbb67ae8584caa73bULL;
 	*(__u64 *)&ctx->state[4] = 0x3c6ef372fe94f82bULL;
 	*(__u64 *)&ctx->state[6] = 0xa54ff53a5f1d36f1ULL;
 	*(__u64 *)&ctx->state[8] = 0x510e527fade682d1ULL;
 	*(__u64 *)&ctx->state[10] = 0x9b05688c2b3e6c1fULL;
 	*(__u64 *)&ctx->state[12] = 0x1f83d9abfb41bd6bULL;
 	*(__u64 *)&ctx->state[14] = 0x5be0cd19137e2179ULL;
 	ctx->count = 0;
 	ctx->func = KIMD_SHA_512;
 }
 static struct crypto_alg sha512_alg = {
 	.cra_name	=	"sha512",
 	.cra_driver_name =	"sha512-s390",
 	.cra_priority	=	CRYPT_S390_PRIORITY,
 	.cra_flags	=	CRYPTO_ALG_TYPE_DIGEST,
 	.cra_blocksize	=	SHA512_BLOCK_SIZE,
 	.cra_ctxsize	=	sizeof(struct s390_sha_ctx),
 	.cra_module	=	THIS_MODULE,
 	.cra_list	=	LIST_HEAD_INIT(sha512_alg.cra_list),
 	.cra_u		=	{ .digest = {
 	.dia_digestsize	=	SHA512_DIGEST_SIZE,
 	.dia_init	=	sha512_init,
 	.dia_update	=	s390_sha_update,
 	.dia_final	=	s390_sha_final } }
 };
 MODULE_ALIAS("sha512");
 static void sha384_init(struct crypto_tfm *tfm)
 {
 	struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm);
 	*(__u64 *)&ctx->state[0] = 0xcbbb9d5dc1059ed8ULL;
 	*(__u64 *)&ctx->state[2] = 0x629a292a367cd507ULL;
 	*(__u64 *)&ctx->state[4] = 0x9159015a3070dd17ULL;
 	*(__u64 *)&ctx->state[6] = 0x152fecd8f70e5939ULL;
 	*(__u64 *)&ctx->state[8] = 0x67332667ffc00b31ULL;
 	*(__u64 *)&ctx->state[10] = 0x8eb44a8768581511ULL;
 	*(__u64 *)&ctx->state[12] = 0xdb0c2e0d64f98fa7ULL;
 	*(__u64 *)&ctx->state[14] = 0x47b5481dbefa4fa4ULL;
 	ctx->count = 0;
 	ctx->func = KIMD_SHA_512;
 }
 static struct crypto_alg sha384_alg = {
 	.cra_name	=	"sha384",
 	.cra_driver_name =	"sha384-s390",
 	.cra_priority	=	CRYPT_S390_PRIORITY,
 	.cra_flags	=	CRYPTO_ALG_TYPE_DIGEST,
 	.cra_blocksize	=	SHA384_BLOCK_SIZE,
 	.cra_ctxsize	=	sizeof(struct s390_sha_ctx),
 	.cra_module	=	THIS_MODULE,
 	.cra_list	=	LIST_HEAD_INIT(sha384_alg.cra_list),
 	.cra_u		=	{ .digest = {
 	.dia_digestsize	=	SHA384_DIGEST_SIZE,
 	.dia_init	=	sha384_init,
 	.dia_update	=	s390_sha_update,
 	.dia_final	=	s390_sha_final } }
 };
 MODULE_ALIAS("sha384");
 static int __init init(void)
 {
 	int ret;
 	if (!crypt_s390_func_available(KIMD_SHA_512))
 		return -EOPNOTSUPP;
 	if ((ret = crypto_register_alg(&sha512_alg)) < 0)
 		goto out;
 	if ((ret = crypto_register_alg(&sha384_alg)) < 0)
 		crypto_unregister_alg(&sha512_alg);
 out:
 	return ret;
 }
 static void __exit fini(void)
 {
 	crypto_unregister_alg(&sha512_alg);
 	crypto_unregister_alg(&sha384_alg);
 }
 module_init(init);
 module_exit(fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("SHA512 and SHA-384 Secure Hash Algorithm");
@@ -0,0 +1,97 @@
 /*
 * Cryptographic API.
 *
 * s390 generic implementation of the SHA Secure Hash Algorithms.
 *
 * Copyright IBM Corp. 2007
 * Author(s): Jan Glauber (jang@de.ibm.com)
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */
 #include <linux/crypto.h>
 #include "sha.h"
 #include "crypt_s390.h"
 void s390_sha_update(struct crypto_tfm *tfm, const u8 *data, unsigned int len)
 {
 	struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm);
 	unsigned int bsize = crypto_tfm_alg_blocksize(tfm);
 	unsigned int index;
 	int ret;
 	/* how much is already in the buffer? */
 	index = ctx->count & (bsize - 1);
 	ctx->count += len;
 	if ((index + len) < bsize)
 		goto store;
 	/* process one stored block */
 	if (index) {
 		memcpy(ctx->buf + index, data, bsize - index);
 		ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, bsize);
 		BUG_ON(ret != bsize);
 		data += bsize - index;
 		len -= bsize - index;
 	}
 	/* process as many blocks as possible */
 	if (len >= bsize) {
 		ret = crypt_s390_kimd(ctx->func, ctx->state, data,
 				      len & ~(bsize - 1));
 		BUG_ON(ret != (len & ~(bsize - 1)));
 		data += ret;
 		len -= ret;
 	}
 store:
 	if (len)
 		memcpy(ctx->buf + index , data, len);
 }
 EXPORT_SYMBOL_GPL(s390_sha_update);
 void s390_sha_final(struct crypto_tfm *tfm, u8 *out)
 {
 	struct s390_sha_ctx *ctx = crypto_tfm_ctx(tfm);
 	unsigned int bsize = crypto_tfm_alg_blocksize(tfm);
 	u64 bits;
 	unsigned int index, end, plen;
 	int ret;
 	/* SHA-512 uses 128 bit padding length */
 	plen = (bsize > SHA256_BLOCK_SIZE) ? 16 : 8;
 	/* must perform manual padding */
 	index = ctx->count & (bsize - 1);
 	end = (index < bsize - plen) ? bsize : (2 * bsize);
 	/* start pad with 1 */
 	ctx->buf[index] = 0x80;
 	index++;
 	/* pad with zeros */
 	memset(ctx->buf + index, 0x00, end - index - 8);
 	/*
 	 * Append message length. Well, SHA-512 wants a 128 bit lenght value,
 	 * nevertheless we use u64, should be enough for now...
 	 */
 	bits = ctx->count * 8;
 	memcpy(ctx->buf + end - 8, &bits, sizeof(bits));
 	ret = crypt_s390_kimd(ctx->func, ctx->state, ctx->buf, end);
 	BUG_ON(ret != end);
 	/* copy digest to out */
 	memcpy(out, ctx->state, crypto_hash_digestsize(crypto_hash_cast(tfm)));
 	/* wipe context */
 	memset(ctx, 0, sizeof *ctx);
 }
 EXPORT_SYMBOL_GPL(s390_sha_final);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("s390 SHA cipher common functions");
@@ -289,7 +289,6 @@ aes_enc_blk:
 	pop     %ebx
 	mov     %r0,(%ebp)
 	pop     %ebp
 	mov     $1,%eax
 	ret
 // AES (Rijndael) Decryption Subroutine
@@ -365,6 +364,4 @@ aes_dec_blk:
 	pop     %ebx
 	mov     %r0,(%ebp)
 	pop     %ebp
 	mov     $1,%eax
 	ret
@@ -2,7 +2,8 @@
 # Cryptographic API
 #
-obj-$(CONFIG_CRYPTO) += api.o cipher.o digest.o compress.o
+obj-$(CONFIG_CRYPTO) += crypto.o
 crypto-objs := api.o cipher.o digest.o compress.o
 crypto_algapi-$(CONFIG_PROC_FS) += proc.o
 crypto_algapi-objs := algapi.o scatterwalk.o $(crypto_algapi-y)
@@ -28,13 +29,14 @@ obj-$(CONFIG_CRYPTO_MD4) += md4.o
 obj-$(CONFIG_CRYPTO_MD5) += md5.o
 obj-$(CONFIG_CRYPTO_SHA1) += sha1_generic.o
 obj-$(CONFIG_CRYPTO_SHA256) += sha256_generic.o
-obj-$(CONFIG_CRYPTO_SHA512) += sha512.o
+obj-$(CONFIG_CRYPTO_SHA512) += sha512_generic.o
 obj-$(CONFIG_CRYPTO_WP512) += wp512.o
 obj-$(CONFIG_CRYPTO_TGR192) += tgr192.o
 obj-$(CONFIG_CRYPTO_GF128MUL) += gf128mul.o
 obj-$(CONFIG_CRYPTO_ECB) += ecb.o
 obj-$(CONFIG_CRYPTO_CBC) += cbc.o
 obj-$(CONFIG_CRYPTO_PCBC) += pcbc.o
 obj-$(CONFIG_CRYPTO_CTS) += cts.o
 obj-$(CONFIG_CRYPTO_LRW) += lrw.o
 obj-$(CONFIG_CRYPTO_XTS) += xts.o
 obj-$(CONFIG_CRYPTO_CTR) += ctr.o
@@ -229,18 +229,29 @@ static void __init gen_tabs(void)
 	ctx->key_enc[8 * i + 15] = t;			\
 } while (0)
-int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+/**
 * crypto_aes_expand_key - Expands the AES key as described in FIPS-197
 * @ctx:	The location where the computed key will be stored.
 * @in_key:	The supplied key.
 * @key_len:	The length of the supplied key.
 *
 * Returns 0 on success. The function fails only if an invalid key size (or
 * pointer) is supplied.
 * The expanded key size is 240 bytes (max of 14 rounds with a unique 16 bytes
 * key schedule plus a 16 bytes key which is used before the first round).
 * The decryption key is prepared for the "Equivalent Inverse Cipher" as
 * described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
 * for the initial combination, the second slot for the first round and so on.
 */
 int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
 		unsigned int key_len)
 {
 	struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
 	const __le32 *key = (const __le32 *)in_key;
 	u32 *flags = &tfm->crt_flags;
 	u32 i, t, u, v, w, j;
-	if (key_len % 8) {
+	if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
-		*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+			key_len != AES_KEYSIZE_256)
 		return -EINVAL;
 	}
 	ctx->key_length = key_len;
@@ -250,20 +261,20 @@ int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 	ctx->key_dec[key_len + 27] = ctx->key_enc[3] = le32_to_cpu(key[3]);
 	switch (key_len) {
-	case 16:
+	case AES_KEYSIZE_128:
 		t = ctx->key_enc[3];
 		for (i = 0; i < 10; ++i)
 			loop4(i);
 		break;
-	case 24:
+	case AES_KEYSIZE_192:
 		ctx->key_enc[4] = le32_to_cpu(key[4]);
 		t = ctx->key_enc[5] = le32_to_cpu(key[5]);
 		for (i = 0; i < 8; ++i)
 			loop6(i);
 		break;
-	case 32:
+	case AES_KEYSIZE_256:
 		ctx->key_enc[4] = le32_to_cpu(key[4]);
 		ctx->key_enc[5] = le32_to_cpu(key[5]);
 		ctx->key_enc[6] = le32_to_cpu(key[6]);
@@ -284,6 +295,33 @@ int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 	}
 	return 0;
 }
 EXPORT_SYMBOL_GPL(crypto_aes_expand_key);
 /**
 * crypto_aes_set_key - Set the AES key.
 * @tfm:	The %crypto_tfm that is used in the context.
 * @in_key:	The input key.
 * @key_len:	The size of the key.
 *
 * Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
 * is set. The function uses crypto_aes_expand_key() to expand the key.
 * &crypto_aes_ctx _must_ be the private data embedded in @tfm which is
 * retrieved with crypto_tfm_ctx().
 */
 int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 		unsigned int key_len)
 {
 	struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
 	u32 *flags = &tfm->crt_flags;
 	int ret;
 	ret = crypto_aes_expand_key(ctx, in_key, key_len);
 	if (!ret)
 		return 0;
 	*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
 	return -EINVAL;
 }
 EXPORT_SYMBOL_GPL(crypto_aes_set_key);
 /* encrypt a block of text */
@@ -687,7 +687,7 @@ static struct crypto_alg anubis_alg = {
 	.cia_decrypt		=	anubis_decrypt } }
 };
-static int __init init(void)
+static int __init anubis_mod_init(void)
 {
 	int ret = 0;
@@ -695,13 +695,13 @@ static int __init init(void)
 	return ret;
 }
-static void __exit fini(void)
+static void __exit anubis_mod_fini(void)
 {
 	crypto_unregister_alg(&anubis_alg);
 }
-module_init(init);
+module_init(anubis_mod_init);
-module_exit(fini);
+module_exit(anubis_mod_fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Anubis Cryptographic Algorithm");
@@ -445,3 +445,6 @@ int crypto_has_alg(const char *name, u32 type, u32 mask)
 	return ret;
 }
 EXPORT_SYMBOL_GPL(crypto_has_alg);
 MODULE_DESCRIPTION("Cryptographic core API");
 MODULE_LICENSE("GPL");
@@ -465,18 +465,18 @@ static struct crypto_alg alg = {
 	.cia_decrypt  		=	bf_decrypt } }
 };
-static int __init init(void)
+static int __init blowfish_mod_init(void)
 {
 	return crypto_register_alg(&alg);
 }
-static void __exit fini(void)
+static void __exit blowfish_mod_fini(void)
 {
 	crypto_unregister_alg(&alg);
 }
-module_init(init);
+module_init(blowfish_mod_init);
-module_exit(fini);
+module_exit(blowfish_mod_fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Blowfish Cipher Algorithm");
@@ -817,18 +817,18 @@ static struct crypto_alg alg = {
 	}
 };
-static int __init init(void)
+static int __init cast5_mod_init(void)
 {
 	return crypto_register_alg(&alg);
 }
-static void __exit fini(void)
+static void __exit cast5_mod_fini(void)
 {
 	crypto_unregister_alg(&alg);
 }
-module_init(init);
+module_init(cast5_mod_init);
-module_exit(fini);
+module_exit(cast5_mod_fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Cast5 Cipher Algorithm");
@@ -528,18 +528,18 @@ static struct crypto_alg alg = {
 		  }
 };
-static int __init init(void)
+static int __init cast6_mod_init(void)
 {
 	return crypto_register_alg(&alg);
 }
-static void __exit fini(void)
+static void __exit cast6_mod_fini(void)
 {
 	crypto_unregister_alg(&alg);
 }
-module_init(init);
+module_init(cast6_mod_init);
-module_exit(fini);
+module_exit(cast6_mod_fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Cast6 Cipher Algorithm");
@@ -98,18 +98,18 @@ static struct crypto_alg alg = {
 	}
 };
-static int __init init(void)
+static int __init crc32c_mod_init(void)
 {
 	return crypto_register_alg(&alg);
 }
-static void __exit fini(void)
+static void __exit crc32c_mod_fini(void)
 {
 	crypto_unregister_alg(&alg);
 }
-module_init(init);
+module_init(crc32c_mod_init);
-module_exit(fini);
+module_exit(crc32c_mod_fini);
 MODULE_AUTHOR("Clay Haapala <chaapala@cisco.com>");
 MODULE_DESCRIPTION("CRC32c (Castagnoli) calculations wrapper for lib/crc32c");
@@ -142,7 +142,7 @@ MODULE_ALIAS("compress_null");
 MODULE_ALIAS("digest_null");
 MODULE_ALIAS("cipher_null");
-static int __init init(void)
+static int __init crypto_null_mod_init(void)
 {
 	int ret = 0;
@@ -174,7 +174,7 @@ out_unregister_cipher:
 	goto out;
 }
-static void __exit fini(void)
+static void __exit crypto_null_mod_fini(void)
 {
 	crypto_unregister_alg(&compress_null);
 	crypto_unregister_alg(&digest_null);
@@ -182,8 +182,8 @@ static void __exit fini(void)
 	crypto_unregister_alg(&cipher_null);
 }
-module_init(init);
+module_init(crypto_null_mod_init);
-module_exit(fini);
+module_exit(crypto_null_mod_fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Null Cryptographic Algorithms");
@@ -0,0 +1,347 @@
 /*
 * CTS: Cipher Text Stealing mode
 *
 * COPYRIGHT (c) 2008
 * The Regents of the University of Michigan
 * ALL RIGHTS RESERVED
 *
 * Permission is granted to use, copy, create derivative works
 * and redistribute this software and such derivative works
 * for any purpose, so long as the name of The University of
 * Michigan is not used in any advertising or publicity
 * pertaining to the use of distribution of this software
 * without specific, written prior authorization.  If the
 * above copyright notice or any other identification of the
 * University of Michigan is included in any copy of any
 * portion of this software, then the disclaimer below must
 * also be included.
 *
 * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
 * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
 * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
 * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
 * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
 * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
 * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
 * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
 * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
 * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGES.
 */
 /* Derived from various:
 *	Copyright (c) 2006 Herbert Xu <herbert@gondor.apana.org.au>
 */
 /*
 * This is the Cipher Text Stealing mode as described by
 * Section 8 of rfc2040 and referenced by rfc3962.
 * rfc3962 includes errata information in its Appendix A.
 */
 #include <crypto/algapi.h>
 #include <linux/err.h>
 #include <linux/init.h>
 #include <linux/kernel.h>
 #include <linux/log2.h>
 #include <linux/module.h>
 #include <linux/scatterlist.h>
 #include <crypto/scatterwalk.h>
 #include <linux/slab.h>
 struct crypto_cts_ctx {
 	struct crypto_blkcipher *child;
 };
 static int crypto_cts_setkey(struct crypto_tfm *parent, const u8 *key,
 			     unsigned int keylen)
 {
 	struct crypto_cts_ctx *ctx = crypto_tfm_ctx(parent);
 	struct crypto_blkcipher *child = ctx->child;
 	int err;
 	crypto_blkcipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
 	crypto_blkcipher_set_flags(child, crypto_tfm_get_flags(parent) &
 				       CRYPTO_TFM_REQ_MASK);
 	err = crypto_blkcipher_setkey(child, key, keylen);
 	crypto_tfm_set_flags(parent, crypto_blkcipher_get_flags(child) &
 				     CRYPTO_TFM_RES_MASK);
 	return err;
 }
 static int cts_cbc_encrypt(struct crypto_cts_ctx *ctx,
 			   struct blkcipher_desc *desc,
 			   struct scatterlist *dst,
 			   struct scatterlist *src,
 			   unsigned int offset,
 			   unsigned int nbytes)
 {
 	int bsize = crypto_blkcipher_blocksize(desc->tfm);
 	u8 tmp[bsize], tmp2[bsize];
 	struct blkcipher_desc lcldesc;
 	struct scatterlist sgsrc[1], sgdst[1];
 	int lastn = nbytes - bsize;
 	u8 iv[bsize];
 	u8 s[bsize * 2], d[bsize * 2];
 	int err;
 	if (lastn < 0)
 		return -EINVAL;
 	memset(s, 0, sizeof(s));
 	scatterwalk_map_and_copy(s, src, offset, nbytes, 0);
 	memcpy(iv, desc->info, bsize);
 	lcldesc.tfm = ctx->child;
 	lcldesc.info = iv;
 	lcldesc.flags = desc->flags;
 	sg_set_buf(&sgsrc[0], s, bsize);
 	sg_set_buf(&sgdst[0], tmp, bsize);
 	err = crypto_blkcipher_encrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
 	memcpy(d + bsize, tmp, lastn);
 	lcldesc.info = tmp;
 	sg_set_buf(&sgsrc[0], s + bsize, bsize);
 	sg_set_buf(&sgdst[0], tmp2, bsize);
 	err = crypto_blkcipher_encrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
 	memcpy(d, tmp2, bsize);
 	scatterwalk_map_and_copy(d, dst, offset, nbytes, 1);
 	memcpy(desc->info, tmp2, bsize);
 	return err;
 }
 static int crypto_cts_encrypt(struct blkcipher_desc *desc,
 			      struct scatterlist *dst, struct scatterlist *src,
 			      unsigned int nbytes)
 {
 	struct crypto_cts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 	int bsize = crypto_blkcipher_blocksize(desc->tfm);
 	int tot_blocks = (nbytes + bsize - 1) / bsize;
 	int cbc_blocks = tot_blocks > 2 ? tot_blocks - 2 : 0;
 	struct blkcipher_desc lcldesc;
 	int err;
 	lcldesc.tfm = ctx->child;
 	lcldesc.info = desc->info;
 	lcldesc.flags = desc->flags;
 	if (tot_blocks == 1) {
 		err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src, bsize);
 	} else if (nbytes <= bsize * 2) {
 		err = cts_cbc_encrypt(ctx, desc, dst, src, 0, nbytes);
 	} else {
 		/* do normal function for tot_blocks - 2 */
 		err = crypto_blkcipher_encrypt_iv(&lcldesc, dst, src,
 							cbc_blocks * bsize);
 		if (err == 0) {
 			/* do cts for final two blocks */
 			err = cts_cbc_encrypt(ctx, desc, dst, src,
 						cbc_blocks * bsize,
 						nbytes - (cbc_blocks * bsize));
 		}
 	}
 	return err;
 }
 static int cts_cbc_decrypt(struct crypto_cts_ctx *ctx,
 			   struct blkcipher_desc *desc,
 			   struct scatterlist *dst,
 			   struct scatterlist *src,
 			   unsigned int offset,
 			   unsigned int nbytes)
 {
 	int bsize = crypto_blkcipher_blocksize(desc->tfm);
 	u8 tmp[bsize];
 	struct blkcipher_desc lcldesc;
 	struct scatterlist sgsrc[1], sgdst[1];
 	int lastn = nbytes - bsize;
 	u8 iv[bsize];
 	u8 s[bsize * 2], d[bsize * 2];
 	int err;
 	if (lastn < 0)
 		return -EINVAL;
 	scatterwalk_map_and_copy(s, src, offset, nbytes, 0);
 	lcldesc.tfm = ctx->child;
 	lcldesc.info = iv;
 	lcldesc.flags = desc->flags;
 	/* 1. Decrypt Cn-1 (s) to create Dn (tmp)*/
 	memset(iv, 0, sizeof(iv));
 	sg_set_buf(&sgsrc[0], s, bsize);
 	sg_set_buf(&sgdst[0], tmp, bsize);
 	err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
 	if (err)
 		return err;
 	/* 2. Pad Cn with zeros at the end to create C of length BB */
 	memset(iv, 0, sizeof(iv));
 	memcpy(iv, s + bsize, lastn);
 	/* 3. Exclusive-or Dn (tmp) with C (iv) to create Xn (tmp) */
 	crypto_xor(tmp, iv, bsize);
 	/* 4. Select the first Ln bytes of Xn (tmp) to create Pn */
 	memcpy(d + bsize, tmp, lastn);
 	/* 5. Append the tail (BB - Ln) bytes of Xn (tmp) to Cn to create En */
 	memcpy(s + bsize + lastn, tmp + lastn, bsize - lastn);
 	/* 6. Decrypt En to create Pn-1 */
 	memset(iv, 0, sizeof(iv));
 	sg_set_buf(&sgsrc[0], s + bsize, bsize);
 	sg_set_buf(&sgdst[0], d, bsize);
 	err = crypto_blkcipher_decrypt_iv(&lcldesc, sgdst, sgsrc, bsize);
 	/* XOR with previous block */
 	crypto_xor(d, desc->info, bsize);
 	scatterwalk_map_and_copy(d, dst, offset, nbytes, 1);
 	memcpy(desc->info, s, bsize);
 	return err;
 }
 static int crypto_cts_decrypt(struct blkcipher_desc *desc,
 			      struct scatterlist *dst, struct scatterlist *src,
 			      unsigned int nbytes)
 {
 	struct crypto_cts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);
 	int bsize = crypto_blkcipher_blocksize(desc->tfm);
 	int tot_blocks = (nbytes + bsize - 1) / bsize;
 	int cbc_blocks = tot_blocks > 2 ? tot_blocks - 2 : 0;
 	struct blkcipher_desc lcldesc;
 	int err;
 	lcldesc.tfm = ctx->child;
 	lcldesc.info = desc->info;
 	lcldesc.flags = desc->flags;
 	if (tot_blocks == 1) {
 		err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src, bsize);
 	} else if (nbytes <= bsize * 2) {
 		err = cts_cbc_decrypt(ctx, desc, dst, src, 0, nbytes);
 	} else {
 		/* do normal function for tot_blocks - 2 */
 		err = crypto_blkcipher_decrypt_iv(&lcldesc, dst, src,
 							cbc_blocks * bsize);
 		if (err == 0) {
 			/* do cts for final two blocks */
 			err = cts_cbc_decrypt(ctx, desc, dst, src,
 						cbc_blocks * bsize,
 						nbytes - (cbc_blocks * bsize));
 		}
 	}
 	return err;
 }
 static int crypto_cts_init_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_instance *inst = (void *)tfm->__crt_alg;
 	struct crypto_spawn *spawn = crypto_instance_ctx(inst);
 	struct crypto_cts_ctx *ctx = crypto_tfm_ctx(tfm);
 	struct crypto_blkcipher *cipher;
 	cipher = crypto_spawn_blkcipher(spawn);
 	if (IS_ERR(cipher))
 		return PTR_ERR(cipher);
 	ctx->child = cipher;
 	return 0;
 }
 static void crypto_cts_exit_tfm(struct crypto_tfm *tfm)
 {
 	struct crypto_cts_ctx *ctx = crypto_tfm_ctx(tfm);
 	crypto_free_blkcipher(ctx->child);
 }
 static struct crypto_instance *crypto_cts_alloc(struct rtattr **tb)
 {
 	struct crypto_instance *inst;
 	struct crypto_alg *alg;
 	int err;
 	err = crypto_check_attr_type(tb, CRYPTO_ALG_TYPE_BLKCIPHER);
 	if (err)
 		return ERR_PTR(err);
 	alg = crypto_attr_alg(tb[1], CRYPTO_ALG_TYPE_BLKCIPHER,
 				  CRYPTO_ALG_TYPE_MASK);
 	err = PTR_ERR(alg);
 	if (IS_ERR(alg))
 		return ERR_PTR(err);
 	inst = ERR_PTR(-EINVAL);
 	if (!is_power_of_2(alg->cra_blocksize))
 		goto out_put_alg;
 	inst = crypto_alloc_instance("cts", alg);
 	if (IS_ERR(inst))
 		goto out_put_alg;
 	inst->alg.cra_flags = CRYPTO_ALG_TYPE_BLKCIPHER;
 	inst->alg.cra_priority = alg->cra_priority;
 	inst->alg.cra_blocksize = alg->cra_blocksize;
 	inst->alg.cra_alignmask = alg->cra_alignmask;
 	inst->alg.cra_type = &crypto_blkcipher_type;
 	/* We access the data as u32s when xoring. */
 	inst->alg.cra_alignmask |= __alignof__(u32) - 1;
 	inst->alg.cra_blkcipher.ivsize = alg->cra_blocksize;
 	inst->alg.cra_blkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
 	inst->alg.cra_blkcipher.max_keysize = alg->cra_blkcipher.max_keysize;
 	inst->alg.cra_blkcipher.geniv = "seqiv";
 	inst->alg.cra_ctxsize = sizeof(struct crypto_cts_ctx);
 	inst->alg.cra_init = crypto_cts_init_tfm;
 	inst->alg.cra_exit = crypto_cts_exit_tfm;
 	inst->alg.cra_blkcipher.setkey = crypto_cts_setkey;
 	inst->alg.cra_blkcipher.encrypt = crypto_cts_encrypt;
 	inst->alg.cra_blkcipher.decrypt = crypto_cts_decrypt;
 out_put_alg:
 	crypto_mod_put(alg);
 	return inst;
 }
 static void crypto_cts_free(struct crypto_instance *inst)
 {
 	crypto_drop_spawn(crypto_instance_ctx(inst));
 	kfree(inst);
 }
 static struct crypto_template crypto_cts_tmpl = {
 	.name = "cts",
 	.alloc = crypto_cts_alloc,
 	.free = crypto_cts_free,
 	.module = THIS_MODULE,
 };
 static int __init crypto_cts_module_init(void)
 {
 	return crypto_register_template(&crypto_cts_tmpl);
 }
 static void __exit crypto_cts_module_exit(void)
 {
 	crypto_unregister_template(&crypto_cts_tmpl);
 }
 module_init(crypto_cts_module_init);
 module_exit(crypto_cts_module_exit);
 MODULE_LICENSE("Dual BSD/GPL");
 MODULE_DESCRIPTION("CTS-CBC CipherText Stealing for CBC");
@@ -208,18 +208,18 @@ static struct crypto_alg alg = {
 	.coa_decompress  	= deflate_decompress } }
 };
-static int __init init(void)
+static int __init deflate_mod_init(void)
 {
 	return crypto_register_alg(&alg);
 }
-static void __exit fini(void)
+static void __exit deflate_mod_fini(void)
 {
 	crypto_unregister_alg(&alg);
 }
-module_init(init);
+module_init(deflate_mod_init);
-module_exit(fini);
+module_exit(deflate_mod_fini);
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("Deflate Compression Algorithm for IPCOMP");
--- a/Show More
+++ b/Show More