1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Kernel cryptographic api.
3 * cast5.c - Cast5 cipher algorithm (rfc2144).
4 *
5 * Derived from GnuPG implementation of cast5.
6 *
7 * Major Changes.
8 *	Complete conformance to rfc2144.
9 *	Supports key size from 40 to 128 bits.
10 *
11 * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
12 * Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
13 */
14 
15 
16 #include <asm/byteorder.h>
17 #include <linux/init.h>
18 #include <linux/crypto.h>
19 #include <linux/module.h>
20 #include <linux/errno.h>
21 #include <linux/string.h>
22 #include <linux/types.h>
23 #include <crypto/cast5.h>
24 
25 static const u32 s5[256] = {
26 	0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911, 0xb86a7fff,
27 	0x1dd358f5, 0x44dd9d44, 0x1731167f,
28 	0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00, 0x2ab722d8,
29 	0x386381cb, 0xacf6243a, 0x69befd7a,
30 	0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180, 0x38851640,
31 	0x15b0a848, 0xe68b18cb, 0x4caadeff,
32 	0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2, 0x4e40b48d,
33 	0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
34 	0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725, 0xc106ecd7,
35 	0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
36 	0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b, 0xe1eb5a88,
37 	0x8709e6b0, 0xd7e07156, 0x4e29fea7,
38 	0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571, 0x0c05372a,
39 	0x578535f2, 0x2261be02, 0xd642a0c9,
40 	0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec, 0x53fb3ce8,
41 	0xc8adedb3, 0x28a87fc9, 0x3d959981,
42 	0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea, 0xaa2f4fb1,
43 	0x4fb96976, 0x90c79505, 0xb0a8a774,
44 	0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263, 0xdf65001f,
45 	0x0ec50966, 0xdfdd55bc, 0x29de0655,
46 	0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468, 0x0d01e980,
47 	0x524755f4, 0x03b63cc9, 0x0cc844b2,
48 	0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b, 0x1a9e7449,
49 	0x64ee2d7e, 0xcddbb1da, 0x01c94910,
50 	0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284, 0x636737b6,
51 	0x50f5b616, 0xf24766e3, 0x8eca36c1,
52 	0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4, 0xc7fb7dc9,
53 	0x3063fcdf, 0xb6f589de, 0xec2941da,
54 	0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7, 0x48925401,
55 	0xc1bacb7f, 0xe5ff550f, 0xb6083049,
56 	0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce, 0xc62bf3cd,
57 	0x9e0885f9, 0x68cb3e47, 0x086c010f,
58 	0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6, 0x407edac3,
59 	0xcbb3d550, 0x1793084d, 0xb0d70eba,
60 	0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4, 0x94ca0b56,
61 	0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
62 	0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561, 0xc3dc0280,
63 	0x05687715, 0x646c6bd7, 0x44904db3,
64 	0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6, 0x309e374f,
65 	0x2cb6356a, 0x85808573, 0x4991f840,
66 	0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406, 0x736e4cb8,
67 	0xc1092910, 0x8bc95fc6, 0x7d869cf4,
68 	0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472, 0x3ca5d717,
69 	0x7d161bba, 0x9cad9010, 0xaf462ba2,
70 	0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487, 0xf3e4f94e,
71 	0x176d486f, 0x097c13ea, 0x631da5c7,
72 	0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288, 0xb3cdcf72,
73 	0x6e5dd2f3, 0x20936079, 0x459b80a5,
74 	0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2, 0x1c5c1572,
75 	0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
76 	0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78, 0xdc0fd66e,
77 	0x75922283, 0x784d6b17, 0x58ebb16e,
78 	0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76, 0x8c2302bf,
79 	0xaaf47556, 0x5f46b02a, 0x2b092801,
80 	0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0, 0xdf3b0874,
81 	0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
82 	0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58, 0x4a046826,
83 	0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
84 	0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2, 0x85360fa9,
85 	0x17e3fe2a, 0x24b79767, 0xf5a96b20,
86 	0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be, 0xf9e0659a,
87 	0xeeb9491d, 0x34010718, 0xbb30cab8,
88 	0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55, 0x5e76ffa8,
89 	0xb1534546, 0x6d47de08, 0xefe9e7d4
90 };
91 static const u32 s6[256] = {
92 	0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c, 0x95db08e7,
93 	0x016843b4, 0xeced5cbc, 0x325553ac,
94 	0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9, 0x1ab6a6b8,
95 	0xde5ebe39, 0xf38ff732, 0x8989b138,
96 	0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e, 0xa308ea99,
97 	0x4e23e33c, 0x79cbd7cc, 0x48a14367,
98 	0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866, 0xa084db2d,
99 	0x09a8486f, 0xa888614a, 0x2900af98,
100 	0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c, 0xd0d51932,
101 	0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
102 	0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd, 0x372da53c,
103 	0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
104 	0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53, 0x5c3d9c01,
105 	0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
106 	0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d, 0xf0d48d8c,
107 	0xb88153e2, 0x08a19866, 0x1ae2eac8,
108 	0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf, 0x16434be3,
109 	0x9aea3906, 0xefe8c36e, 0xf890cdd9,
110 	0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807, 0x5b7c5ecc,
111 	0x221db3a6, 0x9a69a02f, 0x68818a54,
112 	0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a, 0xb4628abc,
113 	0xcf222ebf, 0x25ac6f48, 0xa9a99387,
114 	0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563, 0x8e342bc1,
115 	0xe8a11be9, 0x4980740d, 0xc8087dfc,
116 	0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0, 0xe81f994f,
117 	0x9528cd89, 0xfd339fed, 0xb87834bf,
118 	0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be, 0x4f628daa,
119 	0x57f55ec5, 0xe2220abe, 0xd2916ebf,
120 	0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0, 0x7b6e27ff,
121 	0xa8dc8af0, 0x7345c106, 0xf41e232f,
122 	0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2, 0x372b74af,
123 	0x692573e4, 0xe9a9d848, 0xf3160289,
124 	0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853, 0x20951063,
125 	0x4576698d, 0xb6fad407, 0x592af950,
126 	0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa, 0xcb0396a8,
127 	0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
128 	0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9, 0x2b05d08d,
129 	0x48b9d585, 0xdc049441, 0xc8098f9b,
130 	0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751, 0x0ef3c8a6,
131 	0x890072d6, 0x28207682, 0xa9a9f7be,
132 	0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358, 0x830f220a,
133 	0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
134 	0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397, 0x47cf8e7a,
135 	0xb6c85283, 0x3cc2acfb, 0x3fc06976,
136 	0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459, 0xc10908f0,
137 	0x513021a5, 0x6c5b68b7, 0x822f8aa0,
138 	0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4, 0x7e432fd9,
139 	0x0c5ec241, 0x8809286c, 0xf592d891,
140 	0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f, 0x6fe4ac98,
141 	0xb173ecc0, 0xbc60b42a, 0x953498da,
142 	0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb, 0xe2969123,
143 	0x257f0c3d, 0x9348af49, 0x361400bc,
144 	0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2, 0xbc704f57,
145 	0xda41e7f9, 0xc25ad33a, 0x54f4a084,
146 	0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab, 0xba5ac7b5,
147 	0xb6f6deaf, 0x3a479c3a, 0x5302da25,
148 	0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b, 0xd7d25d88,
149 	0x44136c76, 0x0404a8c8, 0xb8e5a121,
150 	0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b, 0x29935913,
151 	0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
152 	0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855, 0xd36b4cf1,
153 	0xf544edeb, 0xb0e93524, 0xbebb8fbd,
154 	0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454, 0x48392905,
155 	0xa65b1db8, 0x851c97bd, 0xd675cf2f
156 };
157 static const u32 s7[256] = {
158 	0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693, 0x2a8d7f6f,
159 	0xab9bc912, 0xde6008a1, 0x2028da1f,
160 	0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82, 0x2cb2cb11,
161 	0xb232e75c, 0x4b3695f2, 0xb28707de,
162 	0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd, 0xb168c381,
163 	0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
164 	0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f, 0x089766be,
165 	0xbaeeadf4, 0x1286becf, 0xb6eacb19,
166 	0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9, 0xc3b3ad66,
167 	0x28136086, 0x0bd8dfa8, 0x356d1cf2,
168 	0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e, 0x166bf52a,
169 	0xeb12ff82, 0xe3486911, 0xd34d7516,
170 	0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83, 0x334266ce,
171 	0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
172 	0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e, 0x0c5cbafa,
173 	0x4437f107, 0xb6e79962, 0x42d2d816,
174 	0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a, 0xb1d139f7,
175 	0xf9583745, 0xcf19df58, 0xbec3f756,
176 	0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f, 0xbc8ec511,
177 	0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
178 	0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b, 0x821dba9f,
179 	0xaff60ff4, 0xea2c4e6d, 0x16e39264,
180 	0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78, 0x06a5b79a,
181 	0xb2856e6e, 0x1aec3ca9, 0xbe838688,
182 	0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d, 0xf7debb85,
183 	0x61fe033c, 0x16746233, 0x3c034c28,
184 	0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802, 0x98f8f35a,
185 	0x1626a49f, 0xeed82b29, 0x1d382fe3,
186 	0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9, 0xcb658b5c,
187 	0xd45230c7, 0x2bd1408b, 0x60c03eb7,
188 	0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302, 0xb96d8c32,
189 	0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
190 	0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858, 0x8d6b786f,
191 	0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
192 	0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a, 0xa3d9d2b0,
193 	0x79d34217, 0x021a718d, 0x9ac6336a,
194 	0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4, 0x826d2bef,
195 	0x4eeb8476, 0x488dcf25, 0x36c9d566,
196 	0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df, 0xb65f8de6,
197 	0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
198 	0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9, 0x50b1b887,
199 	0x2b9f4fd5, 0x625aba82, 0x6a017962,
200 	0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c, 0x93d29a22,
201 	0xe32dbf9a, 0x058745b9, 0x3453dc1e,
202 	0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07, 0xb87242d1,
203 	0x19de7eae, 0x053e561a, 0x15ad6f8c,
204 	0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939, 0x17dcb0f0,
205 	0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
206 	0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e, 0xd3a0c108,
207 	0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
208 	0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378, 0xa132234f,
209 	0x3d321c5d, 0xc3f5e194, 0x4b269301,
210 	0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd, 0x76f7ad0e,
211 	0x296693f4, 0x3d1fce6f, 0xc61e45be,
212 	0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567, 0x5592a33d,
213 	0xb5229301, 0xcfd2a87f, 0x60aeb767,
214 	0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2, 0xc363519b,
215 	0x589dd390, 0x5479f8e6, 0x1cb8d647,
216 	0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf, 0xe84e63ad,
217 	0x462e1b78, 0x6580f87e, 0xf3817914,
218 	0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2, 0x3ffa50bc,
219 	0x3d40f021, 0xc3c0bdae, 0x4958c24c,
220 	0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada, 0xf2a279c7,
221 	0x94e01be8, 0x90716f4b, 0x954b8aa3
222 };
223 static const u32 sb8[256] = {
224 	0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095, 0x7789f8b7,
225 	0xe6c1121b, 0x0e241600, 0x052ce8b5,
226 	0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174, 0x2a42931c,
227 	0x76e38111, 0xb12def3a, 0x37ddddfc,
228 	0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940, 0xbb243a0f,
229 	0xb4d137cf, 0xb44e79f0, 0x049eedfd,
230 	0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42, 0xc7ece831,
231 	0x3f8f95e7, 0x72df191b, 0x7580330d,
232 	0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164, 0xb301d40a,
233 	0x02e7d1ca, 0x53571dae, 0x7a3182a2,
234 	0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4, 0x38129022,
235 	0xce949ad4, 0xb84769ad, 0x965bd862,
236 	0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0, 0x4cfde06f,
237 	0xc28ec4b8, 0x57e8726e, 0x647a78fc,
238 	0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6, 0x5d0b00a3,
239 	0xae63aff2, 0x7e8bd632, 0x70108c0c,
240 	0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491, 0x9e7edd53,
241 	0x06918548, 0x58cb7e07, 0x3b74ef2e,
242 	0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b, 0x3cf1d2e2,
243 	0x19b47a38, 0x424f7618, 0x35856039,
244 	0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8, 0x09c467cd,
245 	0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
246 	0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006, 0xbcc0c62c,
247 	0x3dd00db3, 0x708f8f34, 0x77d51b42,
248 	0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564, 0xf8d7e54e,
249 	0x3e378160, 0x7895cda5, 0x859c15a5,
250 	0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab, 0x7f229b1e,
251 	0x31842e7b, 0x24259fd7, 0xf8bef472,
252 	0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc, 0xb0fe134c,
253 	0xe2506d3d, 0x4f9b12ea, 0xf215f225,
254 	0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8, 0xc4618187,
255 	0xea7a6e98, 0x7cd16efc, 0x1436876c,
256 	0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441, 0x3cf7c899,
257 	0x92ecbae6, 0xdd67016d, 0x151682eb,
258 	0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f, 0x24d8c29e,
259 	0xe139673b, 0xefa63fb8, 0x71873054,
260 	0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504, 0xf1e47d8d,
261 	0x844a1be5, 0xbae7dfdc, 0x42cbda70,
262 	0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c, 0xcea4d428,
263 	0x79d130a4, 0x3486ebfb, 0x33d3cddc,
264 	0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6, 0x4e68b8f4,
265 	0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
266 	0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd, 0xdd06caa2,
267 	0x37df932b, 0xc4248289, 0xacf3ebc3,
268 	0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4, 0x9052815e,
269 	0x5e410fab, 0xb48a2465, 0x2eda7fa4,
270 	0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc, 0xdd07d35b,
271 	0xdb485694, 0x38d7e5b2, 0x57720101,
272 	0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba, 0x646f1282,
273 	0x7523d24a, 0xe0779695, 0xf9c17a8f,
274 	0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf, 0x81f47c9f,
275 	0xad1163ed, 0xea7b5965, 0x1a00726e,
276 	0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603, 0x605bdfb0,
277 	0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
278 	0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37, 0x2de705ca,
279 	0x8951570f, 0xdf09822b, 0xbd691a6c,
280 	0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819, 0x4cf1764f,
281 	0x0d771c2b, 0x67cdb156, 0x350d8384,
282 	0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d, 0x4aa93e61,
283 	0x8360d87b, 0x1fa98b0c, 0x1149382c,
284 	0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347, 0x589e8d82,
285 	0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
286 	0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d, 0x50b2ad80,
287 	0xeaee6801, 0x8db2a283, 0xea8bf59e
288 };
289 
290 #define s1 cast_s1
291 #define s2 cast_s2
292 #define s3 cast_s3
293 #define s4 cast_s4
294 
295 #define F1(D, m, r)  ((I = ((m) + (D))), (I = rol32(I, (r))),   \
296 	(((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]))
297 #define F2(D, m, r)  ((I = ((m) ^ (D))), (I = rol32(I, (r))),   \
298 	(((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]))
299 #define F3(D, m, r)  ((I = ((m) - (D))), (I = rol32(I, (r))),   \
300 	(((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]))
301 
302 
__cast5_encrypt(struct cast5_ctx * c,u8 * outbuf,const u8 * inbuf)303 void __cast5_encrypt(struct cast5_ctx *c, u8 *outbuf, const u8 *inbuf)
304 {
305 	const __be32 *src = (const __be32 *)inbuf;
306 	__be32 *dst = (__be32 *)outbuf;
307 	u32 l, r, t;
308 	u32 I;			/* used by the Fx macros */
309 	u32 *Km;
310 	u8 *Kr;
311 
312 	Km = c->Km;
313 	Kr = c->Kr;
314 
315 	/* (L0,R0) <-- (m1...m64).  (Split the plaintext into left and
316 	 * right 32-bit halves L0 = m1...m32 and R0 = m33...m64.)
317 	 */
318 	l = be32_to_cpu(src[0]);
319 	r = be32_to_cpu(src[1]);
320 
321 	/* (16 rounds) for i from 1 to 16, compute Li and Ri as follows:
322 	 *  Li = Ri-1;
323 	 *  Ri = Li-1 ^ f(Ri-1,Kmi,Kri), where f is defined in Section 2.2
324 	 * Rounds 1, 4, 7, 10, 13, and 16 use f function Type 1.
325 	 * Rounds 2, 5, 8, 11, and 14 use f function Type 2.
326 	 * Rounds 3, 6, 9, 12, and 15 use f function Type 3.
327 	 */
328 
329 	t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
330 	t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
331 	t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
332 	t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
333 	t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
334 	t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
335 	t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
336 	t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
337 	t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
338 	t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
339 	t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
340 	t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
341 	if (!(c->rr)) {
342 		t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
343 		t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
344 		t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
345 		t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
346 	}
347 
348 	/* c1...c64 <-- (R16,L16).  (Exchange final blocks L16, R16 and
349 	 *  concatenate to form the ciphertext.) */
350 	dst[0] = cpu_to_be32(r);
351 	dst[1] = cpu_to_be32(l);
352 }
353 EXPORT_SYMBOL_GPL(__cast5_encrypt);
354 
cast5_encrypt(struct crypto_tfm * tfm,u8 * outbuf,const u8 * inbuf)355 static void cast5_encrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
356 {
357 	__cast5_encrypt(crypto_tfm_ctx(tfm), outbuf, inbuf);
358 }
359 
__cast5_decrypt(struct cast5_ctx * c,u8 * outbuf,const u8 * inbuf)360 void __cast5_decrypt(struct cast5_ctx *c, u8 *outbuf, const u8 *inbuf)
361 {
362 	const __be32 *src = (const __be32 *)inbuf;
363 	__be32 *dst = (__be32 *)outbuf;
364 	u32 l, r, t;
365 	u32 I;
366 	u32 *Km;
367 	u8 *Kr;
368 
369 	Km = c->Km;
370 	Kr = c->Kr;
371 
372 	l = be32_to_cpu(src[0]);
373 	r = be32_to_cpu(src[1]);
374 
375 	if (!(c->rr)) {
376 		t = l; l = r; r = t ^ F1(r, Km[15], Kr[15]);
377 		t = l; l = r; r = t ^ F3(r, Km[14], Kr[14]);
378 		t = l; l = r; r = t ^ F2(r, Km[13], Kr[13]);
379 		t = l; l = r; r = t ^ F1(r, Km[12], Kr[12]);
380 	}
381 	t = l; l = r; r = t ^ F3(r, Km[11], Kr[11]);
382 	t = l; l = r; r = t ^ F2(r, Km[10], Kr[10]);
383 	t = l; l = r; r = t ^ F1(r, Km[9], Kr[9]);
384 	t = l; l = r; r = t ^ F3(r, Km[8], Kr[8]);
385 	t = l; l = r; r = t ^ F2(r, Km[7], Kr[7]);
386 	t = l; l = r; r = t ^ F1(r, Km[6], Kr[6]);
387 	t = l; l = r; r = t ^ F3(r, Km[5], Kr[5]);
388 	t = l; l = r; r = t ^ F2(r, Km[4], Kr[4]);
389 	t = l; l = r; r = t ^ F1(r, Km[3], Kr[3]);
390 	t = l; l = r; r = t ^ F3(r, Km[2], Kr[2]);
391 	t = l; l = r; r = t ^ F2(r, Km[1], Kr[1]);
392 	t = l; l = r; r = t ^ F1(r, Km[0], Kr[0]);
393 
394 	dst[0] = cpu_to_be32(r);
395 	dst[1] = cpu_to_be32(l);
396 }
397 EXPORT_SYMBOL_GPL(__cast5_decrypt);
398 
cast5_decrypt(struct crypto_tfm * tfm,u8 * outbuf,const u8 * inbuf)399 static void cast5_decrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
400 {
401 	__cast5_decrypt(crypto_tfm_ctx(tfm), outbuf, inbuf);
402 }
403 
key_schedule(u32 * x,u32 * z,u32 * k)404 static void key_schedule(u32 *x, u32 *z, u32 *k)
405 {
406 
407 #define xi(i)   ((x[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
408 #define zi(i)   ((z[(i)/4] >> (8*(3-((i)%4)))) & 0xff)
409 
410 	z[0] = x[0] ^ s5[xi(13)] ^ s6[xi(15)] ^ s7[xi(12)] ^ sb8[xi(14)] ^
411 	    s7[xi(8)];
412 	z[1] = x[2] ^ s5[zi(0)] ^ s6[zi(2)] ^ s7[zi(1)] ^ sb8[zi(3)] ^
413 	    sb8[xi(10)];
414 	z[2] = x[3] ^ s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
415 	    s5[xi(9)];
416 	z[3] = x[1] ^ s5[zi(10)] ^ s6[zi(9)] ^ s7[zi(11)] ^ sb8[zi(8)] ^
417 	    s6[xi(11)];
418 	k[0] = s5[zi(8)] ^ s6[zi(9)] ^ s7[zi(7)] ^ sb8[zi(6)] ^ s5[zi(2)];
419 	k[1] = s5[zi(10)] ^ s6[zi(11)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
420 	    s6[zi(6)];
421 	k[2] = s5[zi(12)] ^ s6[zi(13)] ^ s7[zi(3)] ^ sb8[zi(2)] ^
422 	    s7[zi(9)];
423 	k[3] = s5[zi(14)] ^ s6[zi(15)] ^ s7[zi(1)] ^ sb8[zi(0)] ^
424 	    sb8[zi(12)];
425 
426 	x[0] = z[2] ^ s5[zi(5)] ^ s6[zi(7)] ^ s7[zi(4)] ^ sb8[zi(6)] ^
427 	    s7[zi(0)];
428 	x[1] = z[0] ^ s5[xi(0)] ^ s6[xi(2)] ^ s7[xi(1)] ^ sb8[xi(3)] ^
429 	    sb8[zi(2)];
430 	x[2] = z[1] ^ s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
431 	    s5[zi(1)];
432 	x[3] = z[3] ^ s5[xi(10)] ^ s6[xi(9)] ^ s7[xi(11)] ^ sb8[xi(8)] ^
433 	    s6[zi(3)];
434 	k[4] = s5[xi(3)] ^ s6[xi(2)] ^ s7[xi(12)] ^ sb8[xi(13)] ^
435 	    s5[xi(8)];
436 	k[5] = s5[xi(1)] ^ s6[xi(0)] ^ s7[xi(14)] ^ sb8[xi(15)] ^
437 	    s6[xi(13)];
438 	k[6] = s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(8)] ^ sb8[xi(9)] ^ s7[xi(3)];
439 	k[7] = s5[xi(5)] ^ s6[xi(4)] ^ s7[xi(10)] ^ sb8[xi(11)] ^
440 	    sb8[xi(7)];
441 
442 	z[0] = x[0] ^ s5[xi(13)] ^ s6[xi(15)] ^ s7[xi(12)] ^ sb8[xi(14)] ^
443 	    s7[xi(8)];
444 	z[1] = x[2] ^ s5[zi(0)] ^ s6[zi(2)] ^ s7[zi(1)] ^ sb8[zi(3)] ^
445 	    sb8[xi(10)];
446 	z[2] = x[3] ^ s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(5)] ^ sb8[zi(4)] ^
447 	    s5[xi(9)];
448 	z[3] = x[1] ^ s5[zi(10)] ^ s6[zi(9)] ^ s7[zi(11)] ^ sb8[zi(8)] ^
449 	    s6[xi(11)];
450 	k[8] = s5[zi(3)] ^ s6[zi(2)] ^ s7[zi(12)] ^ sb8[zi(13)] ^
451 	    s5[zi(9)];
452 	k[9] = s5[zi(1)] ^ s6[zi(0)] ^ s7[zi(14)] ^ sb8[zi(15)] ^
453 	    s6[zi(12)];
454 	k[10] = s5[zi(7)] ^ s6[zi(6)] ^ s7[zi(8)] ^ sb8[zi(9)] ^ s7[zi(2)];
455 	k[11] = s5[zi(5)] ^ s6[zi(4)] ^ s7[zi(10)] ^ sb8[zi(11)] ^
456 	    sb8[zi(6)];
457 
458 	x[0] = z[2] ^ s5[zi(5)] ^ s6[zi(7)] ^ s7[zi(4)] ^ sb8[zi(6)] ^
459 	    s7[zi(0)];
460 	x[1] = z[0] ^ s5[xi(0)] ^ s6[xi(2)] ^ s7[xi(1)] ^ sb8[xi(3)] ^
461 	    sb8[zi(2)];
462 	x[2] = z[1] ^ s5[xi(7)] ^ s6[xi(6)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
463 	    s5[zi(1)];
464 	x[3] = z[3] ^ s5[xi(10)] ^ s6[xi(9)] ^ s7[xi(11)] ^ sb8[xi(8)] ^
465 	    s6[zi(3)];
466 	k[12] = s5[xi(8)] ^ s6[xi(9)] ^ s7[xi(7)] ^ sb8[xi(6)] ^ s5[xi(3)];
467 	k[13] = s5[xi(10)] ^ s6[xi(11)] ^ s7[xi(5)] ^ sb8[xi(4)] ^
468 	    s6[xi(7)];
469 	k[14] = s5[xi(12)] ^ s6[xi(13)] ^ s7[xi(3)] ^ sb8[xi(2)] ^
470 	    s7[xi(8)];
471 	k[15] = s5[xi(14)] ^ s6[xi(15)] ^ s7[xi(1)] ^ sb8[xi(0)] ^
472 	    sb8[xi(13)];
473 
474 #undef xi
475 #undef zi
476 }
477 
478 
cast5_setkey(struct crypto_tfm * tfm,const u8 * key,unsigned int key_len)479 int cast5_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int key_len)
480 {
481 	struct cast5_ctx *c = crypto_tfm_ctx(tfm);
482 	int i;
483 	u32 x[4];
484 	u32 z[4];
485 	u32 k[16];
486 	__be32 p_key[4];
487 
488 	c->rr = key_len <= 10 ? 1 : 0;
489 
490 	memset(p_key, 0, 16);
491 	memcpy(p_key, key, key_len);
492 
493 
494 	x[0] = be32_to_cpu(p_key[0]);
495 	x[1] = be32_to_cpu(p_key[1]);
496 	x[2] = be32_to_cpu(p_key[2]);
497 	x[3] = be32_to_cpu(p_key[3]);
498 
499 	key_schedule(x, z, k);
500 	for (i = 0; i < 16; i++)
501 		c->Km[i] = k[i];
502 	key_schedule(x, z, k);
503 	for (i = 0; i < 16; i++)
504 		c->Kr[i] = k[i] & 0x1f;
505 	return 0;
506 }
507 EXPORT_SYMBOL_GPL(cast5_setkey);
508 
509 static struct crypto_alg alg = {
510 	.cra_name		= "cast5",
511 	.cra_driver_name	= "cast5-generic",
512 	.cra_priority		= 100,
513 	.cra_flags		= CRYPTO_ALG_TYPE_CIPHER,
514 	.cra_blocksize		= CAST5_BLOCK_SIZE,
515 	.cra_ctxsize		= sizeof(struct cast5_ctx),
516 	.cra_alignmask		= 3,
517 	.cra_module		= THIS_MODULE,
518 	.cra_u			= {
519 		.cipher = {
520 			.cia_min_keysize = CAST5_MIN_KEY_SIZE,
521 			.cia_max_keysize = CAST5_MAX_KEY_SIZE,
522 			.cia_setkey  = cast5_setkey,
523 			.cia_encrypt = cast5_encrypt,
524 			.cia_decrypt = cast5_decrypt
525 		}
526 	}
527 };
528 
cast5_mod_init(void)529 static int __init cast5_mod_init(void)
530 {
531 	return crypto_register_alg(&alg);
532 }
533 
cast5_mod_fini(void)534 static void __exit cast5_mod_fini(void)
535 {
536 	crypto_unregister_alg(&alg);
537 }
538 
539 subsys_initcall(cast5_mod_init);
540 module_exit(cast5_mod_fini);
541 
542 MODULE_LICENSE("GPL");
543 MODULE_DESCRIPTION("Cast5 Cipher Algorithm");
544 MODULE_ALIAS_CRYPTO("cast5");
545 MODULE_ALIAS_CRYPTO("cast5-generic");
546