diff options
author | Rik Snel <rsnel@cube.dyndns.org> | 2007-09-19 14:23:13 +0200 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-11 01:55:45 +0200 |
commit | f19f5111c94053ba4931892f5c01c806de33942e (patch) | |
tree | b40dfae8fa170ebdc92fdcfeb3000c84d6203645 /crypto/gf128mul.c | |
parent | [CRYPTO] blkcipher: Use max() in blkcipher_get_spot() to state the intention (diff) | |
download | linux-f19f5111c94053ba4931892f5c01c806de33942e.tar.xz linux-f19f5111c94053ba4931892f5c01c806de33942e.zip |
[CRYPTO] xts: XTS blockcipher mode implementation without partial blocks
XTS currently considered to be the successor of the LRW mode by the IEEE1619
workgroup. LRW was discarded, because it was not secure if the encyption key
itself is encrypted with LRW.
XTS does not have this problem. The implementation is pretty straightforward,
a new function was added to gf128mul to handle GF(128) elements in ble format.
Four testvectors from the specification
http://grouper.ieee.org/groups/1619/email/pdf00086.pdf
were added, and they verify on my system.
Signed-off-by: Rik Snel <rsnel@cube.dyndns.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/gf128mul.c')
-rw-r--r-- | crypto/gf128mul.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c index 0a2aadfa1d85..ecbeaa1f17e1 100644 --- a/crypto/gf128mul.c +++ b/crypto/gf128mul.c @@ -142,6 +142,17 @@ static void gf128mul_x_bbe(be128 *r, const be128 *x) r->b = cpu_to_be64((b << 1) ^ _tt); } +void gf128mul_x_ble(be128 *r, const be128 *x) +{ + u64 a = le64_to_cpu(x->a); + u64 b = le64_to_cpu(x->b); + u64 _tt = gf128mul_table_bbe[b >> 63]; + + r->a = cpu_to_le64((a << 1) ^ _tt); + r->b = cpu_to_le64((b << 1) | (a >> 63)); +} +EXPORT_SYMBOL(gf128mul_x_ble); + static void gf128mul_x8_lle(be128 *x) { u64 a = be64_to_cpu(x->a); |