diff options
author | Nathan Huckleberry <nhuck@google.com> | 2022-05-20 21:14:53 +0300 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-06-10 11:40:16 +0300 |
commit | 17fee07a2ac577da18b44dd658a9c3c864281c49 (patch) | |
tree | 235a3d7c336a995f3f3be558aed5385c4d534de6 /crypto/tcrypt.c | |
parent | 7df7563b16aa0281cb811785e4bb3681b46e2a28 (diff) | |
download | linux-17fee07a2ac577da18b44dd658a9c3c864281c49.tar.xz |
crypto: xctr - Add XCTR support
Add a generic implementation of XCTR mode as a template. XCTR is a
blockcipher mode similar to CTR mode. XCTR uses XORs and little-endian
addition rather than big-endian arithmetic which has two advantages: It
is slightly faster on little-endian CPUs and it is less likely to be
implemented incorrect since integer overflows are not possible on
practical input sizes. XCTR is used as a component to implement HCTR2.
More information on XCTR mode can be found in the HCTR2 paper:
https://eprint.iacr.org/2021/1441.pdf
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/tcrypt.c')
-rw-r--r-- | crypto/tcrypt.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/tcrypt.c b/crypto/tcrypt.c index 2bacf8384f59..fd671d0e2012 100644 --- a/crypto/tcrypt.c +++ b/crypto/tcrypt.c @@ -1556,6 +1556,7 @@ static int do_test(const char *alg, u32 type, u32 mask, int m, u32 num_mb) ret += tcrypt_test("rfc3686(ctr(aes))"); ret += tcrypt_test("ofb(aes)"); ret += tcrypt_test("cfb(aes)"); + ret += tcrypt_test("xctr(aes)"); break; case 11: |