1 /* SPDX-License-Identifier: GPL-2.0-or-later */
2 /*
3 * Cryptographic API.
4 *
5 * ARIA Cipher Algorithm.
6 *
7 * Documentation of ARIA can be found in RFC 5794.
8 * Copyright (c) 2022 Taehee Yoo <ap420073@gmail.com>
9 * Copyright (c) 2022 Taehee Yoo <ap420073@gmail.com>
10 *
11 * Information for ARIA
12 * http://210.104.33.10/ARIA/index-e.html (English)
13 * http://seed.kisa.or.kr/ (Korean)
14 *
15 * Public domain version is distributed above.
16 */
17
18 #ifndef _CRYPTO_ARIA_H
19 #define _CRYPTO_ARIA_H
20
21 #include <linux/module.h>
22 #include <linux/init.h>
23 #include <linux/types.h>
24 #include <linux/errno.h>
25 #include <linux/crypto.h>
26 #include <asm/byteorder.h>
27
28 #define ARIA_MIN_KEY_SIZE 16
29 #define ARIA_MAX_KEY_SIZE 32
30 #define ARIA_BLOCK_SIZE 16
31 #define ARIA_MAX_RD_KEYS 17
32 #define ARIA_RD_KEY_WORDS (ARIA_BLOCK_SIZE / sizeof(u32))
33
34 struct aria_ctx {
35 u32 enc_key[ARIA_MAX_RD_KEYS][ARIA_RD_KEY_WORDS];
36 u32 dec_key[ARIA_MAX_RD_KEYS][ARIA_RD_KEY_WORDS];
37 int rounds;
38 int key_length;
39 };
40
41 static const u32 s1[256] = {
42 0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b,
43 0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5,
44 0x00303030, 0x00010101, 0x00676767, 0x002b2b2b,
45 0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676,
46 0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d,
47 0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0,
48 0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf,
49 0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0,
50 0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626,
51 0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc,
52 0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1,
53 0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515,
54 0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3,
55 0x00181818, 0x00969696, 0x00050505, 0x009a9a9a,
56 0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2,
57 0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575,
58 0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a,
59 0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0,
60 0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3,
61 0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484,
62 0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed,
63 0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b,
64 0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939,
65 0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf,
66 0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb,
67 0x00434343, 0x004d4d4d, 0x00333333, 0x00858585,
68 0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f,
69 0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8,
70 0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f,
71 0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5,
72 0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121,
73 0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2,
74 0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec,
75 0x005f5f5f, 0x00979797, 0x00444444, 0x00171717,
76 0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d,
77 0x00646464, 0x005d5d5d, 0x00191919, 0x00737373,
78 0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc,
79 0x00222222, 0x002a2a2a, 0x00909090, 0x00888888,
80 0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414,
81 0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb,
82 0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a,
83 0x00494949, 0x00060606, 0x00242424, 0x005c5c5c,
84 0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262,
85 0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979,
86 0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d,
87 0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9,
88 0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea,
89 0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808,
90 0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e,
91 0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6,
92 0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f,
93 0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a,
94 0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666,
95 0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e,
96 0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9,
97 0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e,
98 0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111,
99 0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494,
100 0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9,
101 0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf,
102 0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d,
103 0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868,
104 0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f,
105 0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616
106 };
107
108 static const u32 s2[256] = {
109 0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc,
110 0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc,
111 0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646,
112 0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1,
113 0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb,
114 0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b,
115 0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303,
116 0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1,
117 0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b,
118 0x55005555, 0xf000f0f0, 0x99009999, 0x69006969,
119 0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae,
120 0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb,
121 0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb,
122 0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4,
123 0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa,
124 0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb,
125 0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929,
126 0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191,
127 0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595,
128 0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd,
129 0x08000808, 0x7a007a7a, 0x88008888, 0x38003838,
130 0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828,
131 0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7,
132 0x93009393, 0xa400a4a4, 0x12001212, 0x53005353,
133 0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131,
134 0x36003636, 0x21002121, 0x58005858, 0x48004848,
135 0x01000101, 0x8e008e8e, 0x37003737, 0x74007474,
136 0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1,
137 0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7,
138 0xc400c4c4, 0x56005656, 0x42004242, 0x26002626,
139 0x07000707, 0x98009898, 0x60006060, 0xd900d9d9,
140 0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040,
141 0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd,
142 0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404,
143 0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f,
144 0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc,
145 0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757,
146 0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565,
147 0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e,
148 0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5,
149 0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717,
150 0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a,
151 0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767,
152 0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343,
153 0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5,
154 0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434,
155 0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a,
156 0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8,
157 0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b,
158 0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6,
159 0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424,
160 0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada,
161 0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef,
162 0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f,
163 0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a,
164 0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c,
165 0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333,
166 0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3,
167 0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0,
168 0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d,
169 0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5,
170 0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8,
171 0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a,
172 0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181
173 };
174
175 static const u32 x1[256] = {
176 0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5,
177 0x30300030, 0x36360036, 0xa5a500a5, 0x38380038,
178 0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e,
179 0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb,
180 0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082,
181 0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087,
182 0x34340034, 0x8e8e008e, 0x43430043, 0x44440044,
183 0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb,
184 0x54540054, 0x7b7b007b, 0x94940094, 0x32320032,
185 0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d,
186 0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b,
187 0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e,
188 0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066,
189 0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2,
190 0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049,
191 0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025,
192 0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064,
193 0x86860086, 0x68680068, 0x98980098, 0x16160016,
194 0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc,
195 0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092,
196 0x6c6c006c, 0x70700070, 0x48480048, 0x50500050,
197 0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da,
198 0x5e5e005e, 0x15150015, 0x46460046, 0x57570057,
199 0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084,
200 0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000,
201 0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a,
202 0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005,
203 0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006,
204 0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f,
205 0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002,
206 0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003,
207 0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b,
208 0x3a3a003a, 0x91910091, 0x11110011, 0x41410041,
209 0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea,
210 0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce,
211 0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073,
212 0x96960096, 0xacac00ac, 0x74740074, 0x22220022,
213 0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085,
214 0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8,
215 0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e,
216 0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071,
217 0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089,
218 0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e,
219 0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b,
220 0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b,
221 0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020,
222 0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe,
223 0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4,
224 0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033,
225 0x88880088, 0x07070007, 0xc7c700c7, 0x31310031,
226 0xb1b100b1, 0x12120012, 0x10100010, 0x59590059,
227 0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f,
228 0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9,
229 0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d,
230 0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f,
231 0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef,
232 0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d,
233 0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0,
234 0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c,
235 0x83830083, 0x53530053, 0x99990099, 0x61610061,
236 0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e,
237 0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026,
238 0xe1e100e1, 0x69690069, 0x14140014, 0x63630063,
239 0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d
240 };
241
242 static const u32 x2[256] = {
243 0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00,
244 0x87878700, 0xb9b9b900, 0x21212100, 0x78787800,
245 0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100,
246 0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00,
247 0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00,
248 0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300,
249 0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600,
250 0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00,
251 0x81818100, 0x65656500, 0xf5f5f500, 0x89898900,
252 0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600,
253 0x57575700, 0x43434300, 0x56565600, 0x17171700,
254 0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00,
255 0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300,
256 0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00,
257 0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800,
258 0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00,
259 0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00,
260 0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800,
261 0x67676700, 0x88888800, 0x06060600, 0xc3c3c300,
262 0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00,
263 0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00,
264 0x02020200, 0x24242400, 0x75757500, 0x93939300,
265 0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200,
266 0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00,
267 0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00,
268 0x12121200, 0x97979700, 0x32323200, 0xababab00,
269 0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300,
270 0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900,
271 0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100,
272 0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900,
273 0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600,
274 0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100,
275 0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500,
276 0x86868600, 0x36363600, 0xbebebe00, 0x61616100,
277 0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00,
278 0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00,
279 0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00,
280 0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500,
281 0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00,
282 0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700,
283 0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00,
284 0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000,
285 0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100,
286 0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00,
287 0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600,
288 0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000,
289 0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00,
290 0x18181800, 0x83838300, 0x16161600, 0xa5a5a500,
291 0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500,
292 0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00,
293 0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300,
294 0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500,
295 0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00,
296 0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300,
297 0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900,
298 0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00,
299 0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400,
300 0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00,
301 0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00,
302 0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300,
303 0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700,
304 0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00,
305 0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300,
306 0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000
307 };
308
rotl32(u32 v,u32 r)309 static inline u32 rotl32(u32 v, u32 r)
310 {
311 return ((v << r) | (v >> (32 - r)));
312 }
313
rotr32(u32 v,u32 r)314 static inline u32 rotr32(u32 v, u32 r)
315 {
316 return ((v >> r) | (v << (32 - r)));
317 }
318
bswap32(u32 v)319 static inline u32 bswap32(u32 v)
320 {
321 return ((v << 24) ^
322 (v >> 24) ^
323 ((v & 0x0000ff00) << 8) ^
324 ((v & 0x00ff0000) >> 8));
325 }
326
get_u8(u32 x,u32 y)327 static inline u8 get_u8(u32 x, u32 y)
328 {
329 return (x >> ((3 - y) * 8));
330 }
331
make_u32(u8 v0,u8 v1,u8 v2,u8 v3)332 static inline u32 make_u32(u8 v0, u8 v1, u8 v2, u8 v3)
333 {
334 return ((u32)v0 << 24) | ((u32)v1 << 16) | ((u32)v2 << 8) | ((u32)v3);
335 }
336
aria_m(u32 t0)337 static inline u32 aria_m(u32 t0)
338 {
339 return rotr32(t0, 8) ^ rotr32(t0 ^ rotr32(t0, 8), 16);
340 }
341
342 /* S-Box Layer 1 + M */
aria_sbox_layer1_with_pre_diff(u32 * t0,u32 * t1,u32 * t2,u32 * t3)343 static inline void aria_sbox_layer1_with_pre_diff(u32 *t0, u32 *t1, u32 *t2,
344 u32 *t3)
345 {
346 *t0 = s1[get_u8(*t0, 0)] ^
347 s2[get_u8(*t0, 1)] ^
348 x1[get_u8(*t0, 2)] ^
349 x2[get_u8(*t0, 3)];
350 *t1 = s1[get_u8(*t1, 0)] ^
351 s2[get_u8(*t1, 1)] ^
352 x1[get_u8(*t1, 2)] ^
353 x2[get_u8(*t1, 3)];
354 *t2 = s1[get_u8(*t2, 0)] ^
355 s2[get_u8(*t2, 1)] ^
356 x1[get_u8(*t2, 2)] ^
357 x2[get_u8(*t2, 3)];
358 *t3 = s1[get_u8(*t3, 0)] ^
359 s2[get_u8(*t3, 1)] ^
360 x1[get_u8(*t3, 2)] ^
361 x2[get_u8(*t3, 3)];
362 }
363
364 /* S-Box Layer 2 + M */
aria_sbox_layer2_with_pre_diff(u32 * t0,u32 * t1,u32 * t2,u32 * t3)365 static inline void aria_sbox_layer2_with_pre_diff(u32 *t0, u32 *t1, u32 *t2,
366 u32 *t3)
367 {
368 *t0 = x1[get_u8(*t0, 0)] ^
369 x2[get_u8(*t0, 1)] ^
370 s1[get_u8(*t0, 2)] ^
371 s2[get_u8(*t0, 3)];
372 *t1 = x1[get_u8(*t1, 0)] ^
373 x2[get_u8(*t1, 1)] ^
374 s1[get_u8(*t1, 2)] ^
375 s2[get_u8(*t1, 3)];
376 *t2 = x1[get_u8(*t2, 0)] ^
377 x2[get_u8(*t2, 1)] ^
378 s1[get_u8(*t2, 2)] ^
379 s2[get_u8(*t2, 3)];
380 *t3 = x1[get_u8(*t3, 0)] ^
381 x2[get_u8(*t3, 1)] ^
382 s1[get_u8(*t3, 2)] ^
383 s2[get_u8(*t3, 3)];
384 }
385
386 /* Word-level diffusion */
aria_diff_word(u32 * t0,u32 * t1,u32 * t2,u32 * t3)387 static inline void aria_diff_word(u32 *t0, u32 *t1, u32 *t2, u32 *t3)
388 {
389 *t1 ^= *t2;
390 *t2 ^= *t3;
391 *t0 ^= *t1;
392
393 *t3 ^= *t1;
394 *t2 ^= *t0;
395 *t1 ^= *t2;
396 }
397
398 /* Byte-level diffusion */
aria_diff_byte(u32 * t1,u32 * t2,u32 * t3)399 static inline void aria_diff_byte(u32 *t1, u32 *t2, u32 *t3)
400 {
401 *t1 = ((*t1 << 8) & 0xff00ff00) ^ ((*t1 >> 8) & 0x00ff00ff);
402 *t2 = rotr32(*t2, 16);
403 *t3 = bswap32(*t3);
404 }
405
406 /* Key XOR Layer */
aria_add_round_key(u32 * rk,u32 * t0,u32 * t1,u32 * t2,u32 * t3)407 static inline void aria_add_round_key(u32 *rk, u32 *t0, u32 *t1, u32 *t2,
408 u32 *t3)
409 {
410 *t0 ^= rk[0];
411 *t1 ^= rk[1];
412 *t2 ^= rk[2];
413 *t3 ^= rk[3];
414 }
415 /* Odd round Substitution & Diffusion */
aria_subst_diff_odd(u32 * t0,u32 * t1,u32 * t2,u32 * t3)416 static inline void aria_subst_diff_odd(u32 *t0, u32 *t1, u32 *t2, u32 *t3)
417 {
418 aria_sbox_layer1_with_pre_diff(t0, t1, t2, t3);
419 aria_diff_word(t0, t1, t2, t3);
420 aria_diff_byte(t1, t2, t3);
421 aria_diff_word(t0, t1, t2, t3);
422 }
423
424 /* Even round Substitution & Diffusion */
aria_subst_diff_even(u32 * t0,u32 * t1,u32 * t2,u32 * t3)425 static inline void aria_subst_diff_even(u32 *t0, u32 *t1, u32 *t2, u32 *t3)
426 {
427 aria_sbox_layer2_with_pre_diff(t0, t1, t2, t3);
428 aria_diff_word(t0, t1, t2, t3);
429 aria_diff_byte(t3, t0, t1);
430 aria_diff_word(t0, t1, t2, t3);
431 }
432
433 /* Q, R Macro expanded ARIA GSRK */
aria_gsrk(u32 * rk,u32 * x,u32 * y,u32 n)434 static inline void aria_gsrk(u32 *rk, u32 *x, u32 *y, u32 n)
435 {
436 int q = 4 - (n / 32);
437 int r = n % 32;
438
439 rk[0] = (x[0]) ^
440 ((y[q % 4]) >> r) ^
441 ((y[(q + 3) % 4]) << (32 - r));
442 rk[1] = (x[1]) ^
443 ((y[(q + 1) % 4]) >> r) ^
444 ((y[q % 4]) << (32 - r));
445 rk[2] = (x[2]) ^
446 ((y[(q + 2) % 4]) >> r) ^
447 ((y[(q + 1) % 4]) << (32 - r));
448 rk[3] = (x[3]) ^
449 ((y[(q + 3) % 4]) >> r) ^
450 ((y[(q + 2) % 4]) << (32 - r));
451 }
452
453 void aria_encrypt(void *ctx, u8 *out, const u8 *in);
454 void aria_decrypt(void *ctx, u8 *out, const u8 *in);
455 int aria_set_key(struct crypto_tfm *tfm, const u8 *in_key,
456 unsigned int key_len);
457
458 #endif
459