aboutsummaryrefslogtreecommitdiff
path: root/crypto/cast6_generic.c
diff options
context:
space:
mode:
authorLibravatar Linus Torvalds <torvalds@linux-foundation.org>2023-02-21 18:24:12 -0800
committerLibravatar Linus Torvalds <torvalds@linux-foundation.org>2023-02-21 18:24:12 -0800
commit5b7c4cabbb65f5c469464da6c5f614cbd7f730f2 (patch)
treecc5c2d0a898769fd59549594fedb3ee6f84e59a0 /crypto/cast6_generic.c
downloadlinux-5b7c4cabbb65f5c469464da6c5f614cbd7f730f2.tar.gz
linux-5b7c4cabbb65f5c469464da6c5f614cbd7f730f2.zip
Merge tag 'net-next-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-nextgrafted
Pull networking updates from Jakub Kicinski: "Core: - Add dedicated kmem_cache for typical/small skb->head, avoid having to access struct page at kfree time, and improve memory use. - Introduce sysctl to set default RPS configuration for new netdevs. - Define Netlink protocol specification format which can be used to describe messages used by each family and auto-generate parsers. Add tools for generating kernel data structures and uAPI headers. - Expose all net/core sysctls inside netns. - Remove 4s sleep in netpoll if carrier is instantly detected on boot. - Add configurable limit of MDB entries per port, and port-vlan. - Continue populating drop reasons throughout the stack. - Retire a handful of legacy Qdiscs and classifiers. Protocols: - Support IPv4 big TCP (TSO frames larger than 64kB). - Add IP_LOCAL_PORT_RANGE socket option, to control local port range on socket by socket basis. - Track and report in procfs number of MPTCP sockets used. - Support mixing IPv4 and IPv6 flows in the in-kernel MPTCP path manager. - IPv6: don't check net.ipv6.route.max_size and rely on garbage collection to free memory (similarly to IPv4). - Support Penultimate Segment Pop (PSP) flavor in SRv6 (RFC8986). - ICMP: add per-rate limit counters. - Add support for user scanning requests in ieee802154. - Remove static WEP support. - Support minimal Wi-Fi 7 Extremely High Throughput (EHT) rate reporting. - WiFi 7 EHT channel puncturing support (client & AP). BPF: - Add a rbtree data structure following the "next-gen data structure" precedent set by recently added linked list, that is, by using kfunc + kptr instead of adding a new BPF map type. - Expose XDP hints via kfuncs with initial support for RX hash and timestamp metadata. - Add BPF_F_NO_TUNNEL_KEY extension to bpf_skb_set_tunnel_key to better support decap on GRE tunnel devices not operating in collect metadata. - Improve x86 JIT's codegen for PROBE_MEM runtime error checks. - Remove the need for trace_printk_lock for bpf_trace_printk and bpf_trace_vprintk helpers. - Extend libbpf's bpf_tracing.h support for tracing arguments of kprobes/uprobes and syscall as a special case. - Significantly reduce the search time for module symbols by livepatch and BPF. - Enable cpumasks to be used as kptrs, which is useful for tracing programs tracking which tasks end up running on which CPUs in different time intervals. - Add support for BPF trampoline on s390x and riscv64. - Add capability to export the XDP features supported by the NIC. - Add __bpf_kfunc tag for marking kernel functions as kfuncs. - Add cgroup.memory=nobpf kernel parameter option to disable BPF memory accounting for container environments. Netfilter: - Remove the CLUSTERIP target. It has been marked as obsolete for years, and we still have WARN splats wrt races of the out-of-band /proc interface installed by this target. - Add 'destroy' commands to nf_tables. They are identical to the existing 'delete' commands, but do not return an error if the referenced object (set, chain, rule...) did not exist. Driver API: - Improve cpumask_local_spread() locality to help NICs set the right IRQ affinity on AMD platforms. - Separate C22 and C45 MDIO bus transactions more clearly. - Introduce new DCB table to control DSCP rewrite on egress. - Support configuration of Physical Layer Collision Avoidance (PLCA) Reconciliation Sublayer (RS) (802.3cg-2019). Modern version of shared medium Ethernet. - Support for MAC Merge layer (IEEE 802.3-2018 clause 99). Allowing preemption of low priority frames by high priority frames. - Add support for controlling MACSec offload using netlink SET. - Rework devlink instance refcounts to allow registration and de-registration under the instance lock. Split the code into multiple files, drop some of the unnecessarily granular locks and factor out common parts of netlink operation handling. - Add TX frame aggregation parameters (for USB drivers). - Add a new attr TCA_EXT_WARN_MSG to report TC (offload) warning messages with notifications for debug. - Allow offloading of UDP NEW connections via act_ct. - Add support for per action HW stats in TC. - Support hardware miss to TC action (continue processing in SW from a specific point in the action chain). - Warn if old Wireless Extension user space interface is used with modern cfg80211/mac80211 drivers. Do not support Wireless Extensions for Wi-Fi 7 devices at all. Everyone should switch to using nl80211 interface instead. - Improve the CAN bit timing configuration. Use extack to return error messages directly to user space, update the SJW handling, including the definition of a new default value that will benefit CAN-FD controllers, by increasing their oscillator tolerance. New hardware / drivers: - Ethernet: - nVidia BlueField-3 support (control traffic driver) - Ethernet support for imx93 SoCs - Motorcomm yt8531 gigabit Ethernet PHY - onsemi NCN26000 10BASE-T1S PHY (with support for PLCA) - Microchip LAN8841 PHY (incl. cable diagnostics and PTP) - Amlogic gxl MDIO mux - WiFi: - RealTek RTL8188EU (rtl8xxxu) - Qualcomm Wi-Fi 7 devices (ath12k) - CAN: - Renesas R-Car V4H Drivers: - Bluetooth: - Set Per Platform Antenna Gain (PPAG) for Intel controllers. - Ethernet NICs: - Intel (1G, igc): - support TSN / Qbv / packet scheduling features of i226 model - Intel (100G, ice): - use GNSS subsystem instead of TTY - multi-buffer XDP support - extend support for GPIO pins to E823 devices - nVidia/Mellanox: - update the shared buffer configuration on PFC commands - implement PTP adjphase function for HW offset control - TC support for Geneve and GRE with VF tunnel offload - more efficient crypto key management method - multi-port eswitch support - Netronome/Corigine: - add DCB IEEE support - support IPsec offloading for NFP3800 - Freescale/NXP (enetc): - support XDP_REDIRECT for XDP non-linear buffers - improve reconfig, avoid link flap and waiting for idle - support MAC Merge layer - Other NICs: - sfc/ef100: add basic devlink support for ef100 - ionic: rx_push mode operation (writing descriptors via MMIO) - bnxt: use the auxiliary bus abstraction for RDMA - r8169: disable ASPM and reset bus in case of tx timeout - cpsw: support QSGMII mode for J721e CPSW9G - cpts: support pulse-per-second output - ngbe: add an mdio bus driver - usbnet: optimize usbnet_bh() by avoiding unnecessary queuing - r8152: handle devices with FW with NCM support - amd-xgbe: support 10Mbps, 2.5GbE speeds and rx-adaptation - virtio-net: support multi buffer XDP - virtio/vsock: replace virtio_vsock_pkt with sk_buff - tsnep: XDP support - Ethernet high-speed switches: - nVidia/Mellanox (mlxsw): - add support for latency TLV (in FW control messages) - Microchip (sparx5): - separate explicit and implicit traffic forwarding rules, make the implicit rules always active - add support for egress DSCP rewrite - IS0 VCAP support (Ingress Classification) - IS2 VCAP filters (protos, L3 addrs, L4 ports, flags, ToS etc.) - ES2 VCAP support (Egress Access Control) - support for Per-Stream Filtering and Policing (802.1Q, 8.6.5.1) - Ethernet embedded switches: - Marvell (mv88e6xxx): - add MAB (port auth) offload support - enable PTP receive for mv88e6390 - NXP (ocelot): - support MAC Merge layer - support for the the vsc7512 internal copper phys - Microchip: - lan9303: convert to PHYLINK - lan966x: support TC flower filter statistics - lan937x: PTP support for KSZ9563/KSZ8563 and LAN937x - lan937x: support Credit Based Shaper configuration - ksz9477: support Energy Efficient Ethernet - other: - qca8k: convert to regmap read/write API, use bulk operations - rswitch: Improve TX timestamp accuracy - Intel WiFi (iwlwifi): - EHT (Wi-Fi 7) rate reporting - STEP equalizer support: transfer some STEP (connection to radio on platforms with integrated wifi) related parameters from the BIOS to the firmware. - Qualcomm 802.11ax WiFi (ath11k): - IPQ5018 support - Fine Timing Measurement (FTM) responder role support - channel 177 support - MediaTek WiFi (mt76): - per-PHY LED support - mt7996: EHT (Wi-Fi 7) support - Wireless Ethernet Dispatch (WED) reset support - switch to using page pool allocator - RealTek WiFi (rtw89): - support new version of Bluetooth co-existance - Mobile: - rmnet: support TX aggregation" * tag 'net-next-6.3' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next: (1872 commits) page_pool: add a comment explaining the fragment counter usage net: ethtool: fix __ethtool_dev_mm_supported() implementation ethtool: pse-pd: Fix double word in comments xsk: add linux/vmalloc.h to xsk.c sefltests: netdevsim: wait for devlink instance after netns removal selftest: fib_tests: Always cleanup before exit net/mlx5e: Align IPsec ASO result memory to be as required by hardware net/mlx5e: TC, Set CT miss to the specific ct action instance net/mlx5e: Rename CHAIN_TO_REG to MAPPED_OBJ_TO_REG net/mlx5: Refactor tc miss handling to a single function net/mlx5: Kconfig: Make tc offload depend on tc skb extension net/sched: flower: Support hardware miss to tc action net/sched: flower: Move filter handle initialization earlier net/sched: cls_api: Support hardware miss to tc action net/sched: Rename user cookie and act cookie sfc: fix builds without CONFIG_RTC_LIB sfc: clean up some inconsistent indentings net/mlx4_en: Introduce flexible array to silence overflow warning net: lan966x: Fix possible deadlock inside PTP net/ulp: Remove redundant ->clone() test in inet_clone_ulp(). ...
Diffstat (limited to 'crypto/cast6_generic.c')
-rw-r--r--crypto/cast6_generic.c280
1 files changed, 280 insertions, 0 deletions
diff --git a/crypto/cast6_generic.c b/crypto/cast6_generic.c
new file mode 100644
index 000000000..34f1ab53e
--- /dev/null
+++ b/crypto/cast6_generic.c
@@ -0,0 +1,280 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/* Kernel cryptographic api.
+ * cast6.c - Cast6 cipher algorithm [rfc2612].
+ *
+ * CAST-256 (*cast6*) is a DES like Substitution-Permutation Network (SPN)
+ * cryptosystem built upon the CAST-128 (*cast5*) [rfc2144] encryption
+ * algorithm.
+ *
+ * Copyright (C) 2003 Kartikey Mahendra Bhatt <kartik_me@hotmail.com>.
+ */
+
+
+#include <asm/unaligned.h>
+#include <crypto/algapi.h>
+#include <linux/init.h>
+#include <linux/module.h>
+#include <linux/errno.h>
+#include <linux/string.h>
+#include <linux/types.h>
+#include <crypto/cast6.h>
+
+#define s1 cast_s1
+#define s2 cast_s2
+#define s3 cast_s3
+#define s4 cast_s4
+
+#define F1(D, r, m) ((I = ((m) + (D))), (I = rol32(I, (r))), \
+ (((s1[I >> 24] ^ s2[(I>>16)&0xff]) - s3[(I>>8)&0xff]) + s4[I&0xff]))
+#define F2(D, r, m) ((I = ((m) ^ (D))), (I = rol32(I, (r))), \
+ (((s1[I >> 24] - s2[(I>>16)&0xff]) + s3[(I>>8)&0xff]) ^ s4[I&0xff]))
+#define F3(D, r, m) ((I = ((m) - (D))), (I = rol32(I, (r))), \
+ (((s1[I >> 24] + s2[(I>>16)&0xff]) ^ s3[(I>>8)&0xff]) - s4[I&0xff]))
+
+static const u32 Tm[24][8] = {
+ { 0x5a827999, 0xc95c653a, 0x383650db, 0xa7103c7c, 0x15ea281d,
+ 0x84c413be, 0xf39dff5f, 0x6277eb00 } ,
+ { 0xd151d6a1, 0x402bc242, 0xaf05ade3, 0x1ddf9984, 0x8cb98525,
+ 0xfb9370c6, 0x6a6d5c67, 0xd9474808 } ,
+ { 0x482133a9, 0xb6fb1f4a, 0x25d50aeb, 0x94aef68c, 0x0388e22d,
+ 0x7262cdce, 0xe13cb96f, 0x5016a510 } ,
+ { 0xbef090b1, 0x2dca7c52, 0x9ca467f3, 0x0b7e5394, 0x7a583f35,
+ 0xe9322ad6, 0x580c1677, 0xc6e60218 } ,
+ { 0x35bfedb9, 0xa499d95a, 0x1373c4fb, 0x824db09c, 0xf1279c3d,
+ 0x600187de, 0xcedb737f, 0x3db55f20 } ,
+ { 0xac8f4ac1, 0x1b693662, 0x8a432203, 0xf91d0da4, 0x67f6f945,
+ 0xd6d0e4e6, 0x45aad087, 0xb484bc28 } ,
+ { 0x235ea7c9, 0x9238936a, 0x01127f0b, 0x6fec6aac, 0xdec6564d,
+ 0x4da041ee, 0xbc7a2d8f, 0x2b541930 } ,
+ { 0x9a2e04d1, 0x0907f072, 0x77e1dc13, 0xe6bbc7b4, 0x5595b355,
+ 0xc46f9ef6, 0x33498a97, 0xa2237638 } ,
+ { 0x10fd61d9, 0x7fd74d7a, 0xeeb1391b, 0x5d8b24bc, 0xcc65105d,
+ 0x3b3efbfe, 0xaa18e79f, 0x18f2d340 } ,
+ { 0x87ccbee1, 0xf6a6aa82, 0x65809623, 0xd45a81c4, 0x43346d65,
+ 0xb20e5906, 0x20e844a7, 0x8fc23048 } ,
+ { 0xfe9c1be9, 0x6d76078a, 0xdc4ff32b, 0x4b29decc, 0xba03ca6d,
+ 0x28ddb60e, 0x97b7a1af, 0x06918d50 } ,
+ { 0x756b78f1, 0xe4456492, 0x531f5033, 0xc1f93bd4, 0x30d32775,
+ 0x9fad1316, 0x0e86feb7, 0x7d60ea58 } ,
+ { 0xec3ad5f9, 0x5b14c19a, 0xc9eead3b, 0x38c898dc, 0xa7a2847d,
+ 0x167c701e, 0x85565bbf, 0xf4304760 } ,
+ { 0x630a3301, 0xd1e41ea2, 0x40be0a43, 0xaf97f5e4, 0x1e71e185,
+ 0x8d4bcd26, 0xfc25b8c7, 0x6affa468 } ,
+ { 0xd9d99009, 0x48b37baa, 0xb78d674b, 0x266752ec, 0x95413e8d,
+ 0x041b2a2e, 0x72f515cf, 0xe1cf0170 } ,
+ { 0x50a8ed11, 0xbf82d8b2, 0x2e5cc453, 0x9d36aff4, 0x0c109b95,
+ 0x7aea8736, 0xe9c472d7, 0x589e5e78 } ,
+ { 0xc7784a19, 0x365235ba, 0xa52c215b, 0x14060cfc, 0x82dff89d,
+ 0xf1b9e43e, 0x6093cfdf, 0xcf6dbb80 } ,
+ { 0x3e47a721, 0xad2192c2, 0x1bfb7e63, 0x8ad56a04, 0xf9af55a5,
+ 0x68894146, 0xd7632ce7, 0x463d1888 } ,
+ { 0xb5170429, 0x23f0efca, 0x92cadb6b, 0x01a4c70c, 0x707eb2ad,
+ 0xdf589e4e, 0x4e3289ef, 0xbd0c7590 } ,
+ { 0x2be66131, 0x9ac04cd2, 0x099a3873, 0x78742414, 0xe74e0fb5,
+ 0x5627fb56, 0xc501e6f7, 0x33dbd298 } ,
+ { 0xa2b5be39, 0x118fa9da, 0x8069957b, 0xef43811c, 0x5e1d6cbd,
+ 0xccf7585e, 0x3bd143ff, 0xaaab2fa0 } ,
+ { 0x19851b41, 0x885f06e2, 0xf738f283, 0x6612de24, 0xd4ecc9c5,
+ 0x43c6b566, 0xb2a0a107, 0x217a8ca8 } ,
+ { 0x90547849, 0xff2e63ea, 0x6e084f8b, 0xdce23b2c, 0x4bbc26cd,
+ 0xba96126e, 0x296ffe0f, 0x9849e9b0 } ,
+ { 0x0723d551, 0x75fdc0f2, 0xe4d7ac93, 0x53b19834, 0xc28b83d5,
+ 0x31656f76, 0xa03f5b17, 0x0f1946b8 }
+};
+
+static const u8 Tr[4][8] = {
+ { 0x13, 0x04, 0x15, 0x06, 0x17, 0x08, 0x19, 0x0a } ,
+ { 0x1b, 0x0c, 0x1d, 0x0e, 0x1f, 0x10, 0x01, 0x12 } ,
+ { 0x03, 0x14, 0x05, 0x16, 0x07, 0x18, 0x09, 0x1a } ,
+ { 0x0b, 0x1c, 0x0d, 0x1e, 0x0f, 0x00, 0x11, 0x02 }
+};
+
+/* forward octave */
+static inline void W(u32 *key, unsigned int i)
+{
+ u32 I;
+ key[6] ^= F1(key[7], Tr[i % 4][0], Tm[i][0]);
+ key[5] ^= F2(key[6], Tr[i % 4][1], Tm[i][1]);
+ key[4] ^= F3(key[5], Tr[i % 4][2], Tm[i][2]);
+ key[3] ^= F1(key[4], Tr[i % 4][3], Tm[i][3]);
+ key[2] ^= F2(key[3], Tr[i % 4][4], Tm[i][4]);
+ key[1] ^= F3(key[2], Tr[i % 4][5], Tm[i][5]);
+ key[0] ^= F1(key[1], Tr[i % 4][6], Tm[i][6]);
+ key[7] ^= F2(key[0], Tr[i % 4][7], Tm[i][7]);
+}
+
+int __cast6_setkey(struct cast6_ctx *c, const u8 *in_key, unsigned int key_len)
+{
+ int i;
+ u32 key[8];
+ __be32 p_key[8]; /* padded key */
+
+ if (key_len % 4 != 0)
+ return -EINVAL;
+
+ memset(p_key, 0, 32);
+ memcpy(p_key, in_key, key_len);
+
+ key[0] = be32_to_cpu(p_key[0]); /* A */
+ key[1] = be32_to_cpu(p_key[1]); /* B */
+ key[2] = be32_to_cpu(p_key[2]); /* C */
+ key[3] = be32_to_cpu(p_key[3]); /* D */
+ key[4] = be32_to_cpu(p_key[4]); /* E */
+ key[5] = be32_to_cpu(p_key[5]); /* F */
+ key[6] = be32_to_cpu(p_key[6]); /* G */
+ key[7] = be32_to_cpu(p_key[7]); /* H */
+
+ for (i = 0; i < 12; i++) {
+ W(key, 2 * i);
+ W(key, 2 * i + 1);
+
+ c->Kr[i][0] = key[0] & 0x1f;
+ c->Kr[i][1] = key[2] & 0x1f;
+ c->Kr[i][2] = key[4] & 0x1f;
+ c->Kr[i][3] = key[6] & 0x1f;
+
+ c->Km[i][0] = key[7];
+ c->Km[i][1] = key[5];
+ c->Km[i][2] = key[3];
+ c->Km[i][3] = key[1];
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(__cast6_setkey);
+
+int cast6_setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen)
+{
+ return __cast6_setkey(crypto_tfm_ctx(tfm), key, keylen);
+}
+EXPORT_SYMBOL_GPL(cast6_setkey);
+
+/*forward quad round*/
+static inline void Q(u32 *block, const u8 *Kr, const u32 *Km)
+{
+ u32 I;
+ block[2] ^= F1(block[3], Kr[0], Km[0]);
+ block[1] ^= F2(block[2], Kr[1], Km[1]);
+ block[0] ^= F3(block[1], Kr[2], Km[2]);
+ block[3] ^= F1(block[0], Kr[3], Km[3]);
+}
+
+/*reverse quad round*/
+static inline void QBAR(u32 *block, const u8 *Kr, const u32 *Km)
+{
+ u32 I;
+ block[3] ^= F1(block[0], Kr[3], Km[3]);
+ block[0] ^= F3(block[1], Kr[2], Km[2]);
+ block[1] ^= F2(block[2], Kr[1], Km[1]);
+ block[2] ^= F1(block[3], Kr[0], Km[0]);
+}
+
+void __cast6_encrypt(const void *ctx, u8 *outbuf, const u8 *inbuf)
+{
+ const struct cast6_ctx *c = ctx;
+ u32 block[4];
+ const u32 *Km;
+ const u8 *Kr;
+
+ block[0] = get_unaligned_be32(inbuf);
+ block[1] = get_unaligned_be32(inbuf + 4);
+ block[2] = get_unaligned_be32(inbuf + 8);
+ block[3] = get_unaligned_be32(inbuf + 12);
+
+ Km = c->Km[0]; Kr = c->Kr[0]; Q(block, Kr, Km);
+ Km = c->Km[1]; Kr = c->Kr[1]; Q(block, Kr, Km);
+ Km = c->Km[2]; Kr = c->Kr[2]; Q(block, Kr, Km);
+ Km = c->Km[3]; Kr = c->Kr[3]; Q(block, Kr, Km);
+ Km = c->Km[4]; Kr = c->Kr[4]; Q(block, Kr, Km);
+ Km = c->Km[5]; Kr = c->Kr[5]; Q(block, Kr, Km);
+ Km = c->Km[6]; Kr = c->Kr[6]; QBAR(block, Kr, Km);
+ Km = c->Km[7]; Kr = c->Kr[7]; QBAR(block, Kr, Km);
+ Km = c->Km[8]; Kr = c->Kr[8]; QBAR(block, Kr, Km);
+ Km = c->Km[9]; Kr = c->Kr[9]; QBAR(block, Kr, Km);
+ Km = c->Km[10]; Kr = c->Kr[10]; QBAR(block, Kr, Km);
+ Km = c->Km[11]; Kr = c->Kr[11]; QBAR(block, Kr, Km);
+
+ put_unaligned_be32(block[0], outbuf);
+ put_unaligned_be32(block[1], outbuf + 4);
+ put_unaligned_be32(block[2], outbuf + 8);
+ put_unaligned_be32(block[3], outbuf + 12);
+}
+EXPORT_SYMBOL_GPL(__cast6_encrypt);
+
+static void cast6_encrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
+{
+ __cast6_encrypt(crypto_tfm_ctx(tfm), outbuf, inbuf);
+}
+
+void __cast6_decrypt(const void *ctx, u8 *outbuf, const u8 *inbuf)
+{
+ const struct cast6_ctx *c = ctx;
+ u32 block[4];
+ const u32 *Km;
+ const u8 *Kr;
+
+ block[0] = get_unaligned_be32(inbuf);
+ block[1] = get_unaligned_be32(inbuf + 4);
+ block[2] = get_unaligned_be32(inbuf + 8);
+ block[3] = get_unaligned_be32(inbuf + 12);
+
+ Km = c->Km[11]; Kr = c->Kr[11]; Q(block, Kr, Km);
+ Km = c->Km[10]; Kr = c->Kr[10]; Q(block, Kr, Km);
+ Km = c->Km[9]; Kr = c->Kr[9]; Q(block, Kr, Km);
+ Km = c->Km[8]; Kr = c->Kr[8]; Q(block, Kr, Km);
+ Km = c->Km[7]; Kr = c->Kr[7]; Q(block, Kr, Km);
+ Km = c->Km[6]; Kr = c->Kr[6]; Q(block, Kr, Km);
+ Km = c->Km[5]; Kr = c->Kr[5]; QBAR(block, Kr, Km);
+ Km = c->Km[4]; Kr = c->Kr[4]; QBAR(block, Kr, Km);
+ Km = c->Km[3]; Kr = c->Kr[3]; QBAR(block, Kr, Km);
+ Km = c->Km[2]; Kr = c->Kr[2]; QBAR(block, Kr, Km);
+ Km = c->Km[1]; Kr = c->Kr[1]; QBAR(block, Kr, Km);
+ Km = c->Km[0]; Kr = c->Kr[0]; QBAR(block, Kr, Km);
+
+ put_unaligned_be32(block[0], outbuf);
+ put_unaligned_be32(block[1], outbuf + 4);
+ put_unaligned_be32(block[2], outbuf + 8);
+ put_unaligned_be32(block[3], outbuf + 12);
+}
+EXPORT_SYMBOL_GPL(__cast6_decrypt);
+
+static void cast6_decrypt(struct crypto_tfm *tfm, u8 *outbuf, const u8 *inbuf)
+{
+ __cast6_decrypt(crypto_tfm_ctx(tfm), outbuf, inbuf);
+}
+
+static struct crypto_alg alg = {
+ .cra_name = "cast6",
+ .cra_driver_name = "cast6-generic",
+ .cra_priority = 100,
+ .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
+ .cra_blocksize = CAST6_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct cast6_ctx),
+ .cra_module = THIS_MODULE,
+ .cra_u = {
+ .cipher = {
+ .cia_min_keysize = CAST6_MIN_KEY_SIZE,
+ .cia_max_keysize = CAST6_MAX_KEY_SIZE,
+ .cia_setkey = cast6_setkey,
+ .cia_encrypt = cast6_encrypt,
+ .cia_decrypt = cast6_decrypt}
+ }
+};
+
+static int __init cast6_mod_init(void)
+{
+ return crypto_register_alg(&alg);
+}
+
+static void __exit cast6_mod_fini(void)
+{
+ crypto_unregister_alg(&alg);
+}
+
+subsys_initcall(cast6_mod_init);
+module_exit(cast6_mod_fini);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION("Cast6 Cipher Algorithm");
+MODULE_ALIAS_CRYPTO("cast6");
+MODULE_ALIAS_CRYPTO("cast6-generic");
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-03 21:59:34 +0000