[CRYPTO]: Add AES algorithm.

- Merged AES code from Adam J. Richter <adam@yggdrasil.com>
- Add kconfig help and test vector code from
  Martin Clausen <martin@ostenfeld.dk>
- Minor cleanups: removed EXPORT_NO_SYMBOLS (not needed for 2.5),
  removed debugging code etc.
- Documentation updates.

Documentation/crypto/api-intro.txt

@@ -186,6 +186,7 @@ Original developers of the crypto algorithms:
   Kazunori Miyazawa / USAGI (HMAC)
   Matthew Skala (Twofish)
   Dag Arne Osvik (Serpent)
+  Brian Gladman (AES)
   
 DES algorithm contributors:
   Raimar Falke
@@ -203,6 +204,10 @@ Twofish algorithm contributors:
 SHA256 algorithm contributors:
   Andrew McDonald
 
+AES algorithm contributors:
+  Alexander Kjeldaas
+  Adam J. Richter
+
 Please send any credits updates or corrections to:
 James Morris <jmorris@intercode.com.au>
 

crypto/Kconfig

@@ -94,6 +94,26 @@ config CRYPTO_SERPENT
 	  See also:
 	  http://www.cl.cam.ac.uk/~rja14/serpent.html
 
+config CRYPTO_AES
+	tristate "AES cipher algorithms"
+	depends on CRYPTO
+	help
+	  AES cipher algorithms (FIPS-197). AES uses the Rijndael 
+	  algorithm.
+
+	  Rijndael appears to be consistently a very good performer in
+	  both hardware and software across a wide range of computing 
+	  environments regardless of its use in feedback or non-feedback 
+	  modes. Its key setup time is excellent, and its key agility is 
+	  good. Rijndael's very low memory requirements make it very well 
+	  suited for restricted-space environments, in which it also 
+	  demonstrates excellent performance. Rijndael's operations are 
+	  among the easiest to defend against power and timing attacks.	
+
+	  The AES specifies three key sizes: 128, 192 and 256 bits	  
+
+	  See http://csrc.nist.gov/encryption/aes/ for more information.
+
 config CRYPTO_TEST
 	tristate "Testing module"
 	depends on CRYPTO

crypto/Makefile

@@ -20,5 +20,6 @@ obj-$(CONFIG_CRYPTO_DES) += des.o
 obj-$(CONFIG_CRYPTO_BLOWFISH) += blowfish.o
 obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
 obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
+obj-$(CONFIG_CRYPTO_BLOWFISH) += aes.o
 
 obj-$(CONFIG_CRYPTO_TEST) += tcrypt.o

crypto/tcrypt.c

@@ -1983,6 +1983,111 @@ test_serpent(void)
 	crypto_free_tfm(tfm);
 }
 
+void
+test_aes(void)
+{
+	unsigned int ret, i;
+	unsigned int tsize;
+	char *p, *q;
+	struct crypto_tfm *tfm;
+	char *key;
+	struct aes_tv *aes_tv;
+	struct scatterlist sg[1];
+
+	printk("\ntesting aes encryption\n");
+
+	tsize = sizeof (aes_enc_tv_template);
+	if (tsize > TVMEMSIZE) {
+		printk("template (%u) too big for tvmem (%u)\n", tsize,
+		       TVMEMSIZE);
+		return;
+	}
+
+	memcpy(tvmem, aes_enc_tv_template, tsize);
+	aes_tv = (void *) tvmem;
+
+	tfm = crypto_alloc_tfm("aes", 0);
+	if (tfm == NULL) {
+		printk("failed to load transform for aes (default ecb)\n");
+		return;
+	}
+
+	for (i = 0; i < AES_ENC_TEST_VECTORS; i++) {
+		printk("test %u (%d bit key):\n",
+			i + 1, aes_tv[i].keylen * 8);
+		key = aes_tv[i].key;
+
+		ret = crypto_cipher_setkey(tfm, key, aes_tv[i].keylen);
+		if (ret) {
+			printk("setkey() failed flags=%x\n", tfm->crt_flags);
+
+			if (!aes_tv[i].fail)
+				goto out;
+		}
+
+		p = aes_tv[i].plaintext;
+		sg[0].page = virt_to_page(p);
+		sg[0].offset = ((long) p & ~PAGE_MASK);
+		sg[0].length = aes_tv[i].plen;
+		ret = crypto_cipher_encrypt(tfm, sg, 1);
+		if (ret) {
+			printk("encrypt() failed flags=%x\n", tfm->crt_flags);
+			goto out;
+		}
+
+		q = kmap(sg[0].page) + sg[0].offset;
+		hexdump(q, aes_tv[i].rlen);
+
+		printk("%s\n", memcmp(q, aes_tv[i].result, aes_tv[i].rlen) ?
+			"fail" : "pass");
+	}
+	
+	printk("\ntesting aes decryption\n");
+
+	tsize = sizeof (aes_dec_tv_template);
+	if (tsize > TVMEMSIZE) {
+		printk("template (%u) too big for tvmem (%u)\n", tsize,
+		       TVMEMSIZE);
+		return;
+	}
+
+	memcpy(tvmem, aes_dec_tv_template, tsize);
+	aes_tv = (void *) tvmem;
+
+	for (i = 0; i < AES_DEC_TEST_VECTORS; i++) {
+		printk("test %u (%d bit key):\n",
+			i + 1, aes_tv[i].keylen * 8);
+		key = aes_tv[i].key;
+
+		ret = crypto_cipher_setkey(tfm, key, aes_tv[i].keylen);
+		if (ret) {
+			printk("setkey() failed flags=%x\n", tfm->crt_flags);
+
+			if (!aes_tv[i].fail)
+				goto out;
+		}
+
+		p = aes_tv[i].plaintext;
+		sg[0].page = virt_to_page(p);
+		sg[0].offset = ((long) p & ~PAGE_MASK);
+		sg[0].length = aes_tv[i].plen;
+		ret = crypto_cipher_decrypt(tfm, sg, 1);
+		if (ret) {
+			printk("decrypt() failed flags=%x\n", tfm->crt_flags);
+			goto out;
+		}
+
+		q = kmap(sg[0].page) + sg[0].offset;
+		hexdump(q, aes_tv[i].rlen);
+
+		printk("%s\n", memcmp(q, aes_tv[i].result, aes_tv[i].rlen) ?
+			"fail" : "pass");
+	}
+
+out:
+	crypto_free_tfm(tfm);
+}
+
 static void
 test_available(void)
 {
@@ -2011,6 +2116,7 @@ do_test(void)
 		test_blowfish();
 		test_twofish();
 		test_serpent();
+		test_aes();
 #ifdef CONFIG_CRYPTO_HMAC
 		test_hmac_md5();
 		test_hmac_sha1();
@@ -2054,6 +2160,10 @@ do_test(void)
 		test_serpent();
 		break;
 
+	case 10:
+		test_aes();
+		break;
+		
 #ifdef CONFIG_CRYPTO_HMAC
 	case 100:
 		test_hmac_md5();

crypto/tcrypt.h

@@ -1480,4 +1480,97 @@ struct serpent_tv serpent_dec_tv_template[] =
 	}
 };
 
+/*
+ * AES test vectors.
+ */
+#define AES_ENC_TEST_VECTORS 3
+#define AES_DEC_TEST_VECTORS 3
+
+struct aes_tv {
+	unsigned int keylen;
+	unsigned int plen;
+	unsigned int rlen;
+	int fail;
+	char key[32];
+	char iv[8];
+	char plaintext[16];
+	char result[16];
+};
+
+struct aes_tv aes_enc_tv_template[] = { 
+	/* From FIPS-197 */
+	{
+		16, 16, 16, 0,
+		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+		  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+		{ 0 },
+		{ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+		  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+		{ 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
+		  0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a },
+	},
+	{
+		24, 16, 16, 0,
+		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 },
+		{ 0 },
+		{ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
+		  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+		{ 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
+		  0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 },
+	},
+	{
+		32, 16, 16, 0,
+		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
+		{ 0 },
+		{ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
+		  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+		{ 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+		  0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 },
+	},
+};
+
+struct aes_tv aes_dec_tv_template[] = { 
+	/* From FIPS-197 */
+	{
+		16, 16, 16, 0,
+		
+		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+		  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+		{ 0 },
+		{ 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
+		  0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a },
+		{ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+		  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+	},
+	
+	{
+		24, 16, 16, 0,
+		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 },
+		{ 0 },
+		{ 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
+		  0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 },
+		{ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
+		  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },  
+	},
+	{
+		32, 16, 16, 0,
+		{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+		  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+		  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+		  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
+		{ 0 },
+		{ 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
+		  0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 },
+		{ 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 
+		  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+	},
+};
+
 #endif	/* _CRYPTO_TCRYPT_H */