Commit 17fee07a authored by Nathan Huckleberry's avatar Nathan Huckleberry Committed by Herbert Xu
Browse files

crypto: xctr - Add XCTR support 

Add a generic implementation of XCTR mode as a template.  XCTR is a
blockcipher mode similar to CTR mode.  XCTR uses XORs and little-endian
addition rather than big-endian arithmetic which has two advantages:  It
is slightly faster on little-endian CPUs and it is less likely to be
implemented incorrect since integer overflows are not possible on
practical input sizes.  XCTR is used as a component to implement HCTR2.

More information on XCTR mode can be found in the HCTR2 paper:
https://eprint.iacr.org/2021/1441.pdf



Signed-off-by: default avatarNathan Huckleberry <nhuck@google.com>
Reviewed-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarArd Biesheuvel <ardb@kernel.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 7df7563b

crypto/Kconfig

+9 −0
Original line number Diff line number Diff line
@@ -460,6 +460,15 @@ config CRYPTO_PCBC 
	  PCBC: Propagating Cipher Block Chaining mode

	  This block cipher algorithm is required for RxRPC.



config CRYPTO_XCTR

	tristate

	select CRYPTO_SKCIPHER

	select CRYPTO_MANAGER

	help

	  XCTR: XOR Counter mode. This blockcipher mode is a variant of CTR mode

	  using XORs and little-endian addition rather than big-endian arithmetic.

	  XCTR mode is used to implement HCTR2.



config CRYPTO_XTS

	tristate "XTS support"

	select CRYPTO_SKCIPHER

crypto/Makefile

+1 −0
Original line number Diff line number Diff line
@@ -94,6 +94,7 @@ obj-$(CONFIG_CRYPTO_CTS) += cts.o 
obj-$(CONFIG_CRYPTO_LRW) += lrw.o

obj-$(CONFIG_CRYPTO_XTS) += xts.o

obj-$(CONFIG_CRYPTO_CTR) += ctr.o

obj-$(CONFIG_CRYPTO_XCTR) += xctr.o

obj-$(CONFIG_CRYPTO_KEYWRAP) += keywrap.o

obj-$(CONFIG_CRYPTO_ADIANTUM) += adiantum.o

obj-$(CONFIG_CRYPTO_NHPOLY1305) += nhpoly1305.o

crypto/tcrypt.c

+1 −0
Original line number Diff line number Diff line
@@ -1556,6 +1556,7 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb) 
		ret += tcrypt_test("rfc3686(ctr(aes))");

		ret += tcrypt_test("ofb(aes)");

		ret += tcrypt_test("cfb(aes)");

		ret += tcrypt_test("xctr(aes)");

		break;



	case 11:

crypto/testmgr.c

+6 −0
Original line number Diff line number Diff line
@@ -5548,6 +5548,12 @@ static const struct alg_test_desc alg_test_descs[] = { 
		.suite = {

			.cipher = __VECS(xchacha20_tv_template)

		},

	}, {

		.alg = "xctr(aes)",

		.test = alg_test_skcipher,

		.suite = {

			.cipher = __VECS(aes_xctr_tv_template)

		}

	}, {

		.alg = "xts(aes)",

		.generic_driver = "xts(ecb(aes-generic))",

crypto/testmgr.h

+693 −0

File changed.

Preview size limit exceeded, changes collapsed.