summaryrefslogtreecommitdiffstats
path: root/crypto/gf128mul.c
diff options
context:
space:
mode:
authorRik Snel <rsnel@cube.dyndns.org>2007-09-19 14:23:13 +0200
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-11 01:55:45 +0200
commitf19f5111c94053ba4931892f5c01c806de33942e (patch)
treeb40dfae8fa170ebdc92fdcfeb3000c84d6203645 /crypto/gf128mul.c
parent[CRYPTO] blkcipher: Use max() in blkcipher_get_spot() to state the intention (diff)
downloadlinux-f19f5111c94053ba4931892f5c01c806de33942e.tar.xz
linux-f19f5111c94053ba4931892f5c01c806de33942e.zip
[CRYPTO] xts: XTS blockcipher mode implementation without partial blocks
XTS currently considered to be the successor of the LRW mode by the IEEE1619 workgroup. LRW was discarded, because it was not secure if the encyption key itself is encrypted with LRW. XTS does not have this problem. The implementation is pretty straightforward, a new function was added to gf128mul to handle GF(128) elements in ble format. Four testvectors from the specification http://grouper.ieee.org/groups/1619/email/pdf00086.pdf were added, and they verify on my system. Signed-off-by: Rik Snel <rsnel@cube.dyndns.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/gf128mul.c')
-rw-r--r--crypto/gf128mul.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/crypto/gf128mul.c b/crypto/gf128mul.c
index 0a2aadfa1d85..ecbeaa1f17e1 100644
--- a/crypto/gf128mul.c
+++ b/crypto/gf128mul.c
@@ -142,6 +142,17 @@ static void gf128mul_x_bbe(be128 *r, const be128 *x)
r->b = cpu_to_be64((b << 1) ^ _tt);
}
+void gf128mul_x_ble(be128 *r, const be128 *x)
+{
+ u64 a = le64_to_cpu(x->a);
+ u64 b = le64_to_cpu(x->b);
+ u64 _tt = gf128mul_table_bbe[b >> 63];
+
+ r->a = cpu_to_le64((a << 1) ^ _tt);
+ r->b = cpu_to_le64((b << 1) | (a >> 63));
+}
+EXPORT_SYMBOL(gf128mul_x_ble);
+
static void gf128mul_x8_lle(be128 *x)
{
u64 a = be64_to_cpu(x->a);