Subject: [RFC] group common used functions in software AES modules

Hello Herbert,

this little patch series moves the the key generation routine and the four
tables which are used encrypt/decrypt function into a separate module.
Currently I converted the generic AES and the x86_64 variant. My 32bit asm
is rusted so the i586 assembly has to wait for a while :)

Sebastian


Subject: [RFC 2/3] [crypto] generic AES use new common module

From: Sebastian Siewior <[email protected]>

Share the tables and set_key function.

Signed-off-by: Sebastian Siewior <[email protected]>
---
crypto/Kconfig | 1 +
crypto/aes_generic.c | 281 ++++++--------------------------------------------
2 files changed, 35 insertions(+), 247 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 26130d0..17b11b8 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -308,6 +308,7 @@ config CRYPTO_SERPENT
config CRYPTO_AES
tristate "AES cipher algorithms"
select CRYPTO_ALGAPI
+ select CRYPTO_AES_COMMON
help
AES cipher algorithms (FIPS-197). AES uses the Rijndael
algorithm.
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index 6683260..fc827cd 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -47,11 +47,6 @@
* ---------------------------------------------------------------------------
*/

-/* Some changes from the Gladman version:
- s/RIJNDAEL(e_key)/E_KEY/g
- s/RIJNDAEL(d_key)/D_KEY/g
-*/
-
#include <crypto/aes.h>
#include <linux/module.h>
#include <linux/init.h>
@@ -69,236 +64,29 @@ byte(const u32 x, const unsigned n)
return x >> (n << 3);
}

-struct aes_ctx {
- int key_length;
- u32 buf[120];
-};
-
-#define E_KEY (&ctx->buf[0])
-#define D_KEY (&ctx->buf[60])
-
-static u8 pow_tab[256] __initdata;
-static u8 log_tab[256] __initdata;
-static u8 sbx_tab[256] __initdata;
-static u8 isb_tab[256] __initdata;
-static u32 rco_tab[10];
-static u32 ft_tab[4][256];
-static u32 it_tab[4][256];
-
-static u32 fl_tab[4][256];
-static u32 il_tab[4][256];
-
-static inline u8 __init
-f_mult (u8 a, u8 b)
-{
- u8 aa = log_tab[a], cc = aa + log_tab[b];
-
- return pow_tab[cc + (cc < aa ? 1 : 0)];
-}
-
-#define ff_mult(a,b) (a && b ? f_mult(a, b) : 0)
-
#define f_rn(bo, bi, n, k) \
- bo[n] = ft_tab[0][byte(bi[n],0)] ^ \
- ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
- ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+ bo[n] = crypto_ft_tab[0][byte(bi[n],0)] ^ \
+ crypto_ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ crypto_ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ crypto_ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)

#define i_rn(bo, bi, n, k) \
- bo[n] = it_tab[0][byte(bi[n],0)] ^ \
- it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
- it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
-
-#define ls_box(x) \
- ( fl_tab[0][byte(x, 0)] ^ \
- fl_tab[1][byte(x, 1)] ^ \
- fl_tab[2][byte(x, 2)] ^ \
- fl_tab[3][byte(x, 3)] )
+ bo[n] = crypto_it_tab[0][byte(bi[n],0)] ^ \
+ crypto_it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ crypto_it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ crypto_it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)

#define f_rl(bo, bi, n, k) \
- bo[n] = fl_tab[0][byte(bi[n],0)] ^ \
- fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
- fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
+ bo[n] = crypto_fl_tab[0][byte(bi[n],0)] ^ \
+ crypto_fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \
+ crypto_fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ crypto_fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)

#define i_rl(bo, bi, n, k) \
- bo[n] = il_tab[0][byte(bi[n],0)] ^ \
- il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
- il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
- il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
-
-static void __init
-gen_tabs (void)
-{
- u32 i, t;
- u8 p, q;
-
- /* log and power tables for GF(2**8) finite field with
- 0x011b as modular polynomial - the simplest primitive
- root is 0x03, used here to generate the tables */
-
- for (i = 0, p = 1; i < 256; ++i) {
- pow_tab[i] = (u8) p;
- log_tab[p] = (u8) i;
-
- p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);
- }
-
- log_tab[1] = 0;
-
- for (i = 0, p = 1; i < 10; ++i) {
- rco_tab[i] = p;
-
- p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);
- }
-
- for (i = 0; i < 256; ++i) {
- p = (i ? pow_tab[255 - log_tab[i]] : 0);
- q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2));
- p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2));
- sbx_tab[i] = p;
- isb_tab[p] = (u8) i;
- }
-
- for (i = 0; i < 256; ++i) {
- p = sbx_tab[i];
-
- t = p;
- fl_tab[0][i] = t;
- fl_tab[1][i] = rol32(t, 8);
- fl_tab[2][i] = rol32(t, 16);
- fl_tab[3][i] = rol32(t, 24);
-
- t = ((u32) ff_mult (2, p)) |
- ((u32) p << 8) |
- ((u32) p << 16) | ((u32) ff_mult (3, p) << 24);
-
- ft_tab[0][i] = t;
- ft_tab[1][i] = rol32(t, 8);
- ft_tab[2][i] = rol32(t, 16);
- ft_tab[3][i] = rol32(t, 24);
-
- p = isb_tab[i];
-
- t = p;
- il_tab[0][i] = t;
- il_tab[1][i] = rol32(t, 8);
- il_tab[2][i] = rol32(t, 16);
- il_tab[3][i] = rol32(t, 24);
-
- t = ((u32) ff_mult (14, p)) |
- ((u32) ff_mult (9, p) << 8) |
- ((u32) ff_mult (13, p) << 16) |
- ((u32) ff_mult (11, p) << 24);
-
- it_tab[0][i] = t;
- it_tab[1][i] = rol32(t, 8);
- it_tab[2][i] = rol32(t, 16);
- it_tab[3][i] = rol32(t, 24);
- }
-}
-
-#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
-
-#define imix_col(y,x) \
- u = star_x(x); \
- v = star_x(u); \
- w = star_x(v); \
- t = w ^ (x); \
- (y) = u ^ v ^ w; \
- (y) ^= ror32(u ^ t, 8) ^ \
- ror32(v ^ t, 16) ^ \
- ror32(t,24)
-
-/* initialise the key schedule from the user supplied key */
-
-#define loop4(i) \
-{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
- t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \
- t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \
- t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \
- t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \
-}
-
-#define loop6(i) \
-{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
- t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \
- t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \
- t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \
- t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \
- t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \
- t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \
-}
-
-#define loop8(i) \
-{ t = ror32(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \
- t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \
- t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \
- t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \
- t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \
- t = E_KEY[8 * i + 4] ^ ls_box(t); \
- E_KEY[8 * i + 12] = t; \
- t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \
- t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \
- t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \
-}
-
-static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
- unsigned int key_len)
-{
- struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
- const __le32 *key = (const __le32 *)in_key;
- u32 *flags = &tfm->crt_flags;
- u32 i, t, u, v, w;
-
- if (key_len % 8) {
- *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
- return -EINVAL;
- }
-
- ctx->key_length = key_len;
-
- E_KEY[0] = le32_to_cpu(key[0]);
- E_KEY[1] = le32_to_cpu(key[1]);
- E_KEY[2] = le32_to_cpu(key[2]);
- E_KEY[3] = le32_to_cpu(key[3]);
-
- switch (key_len) {
- case 16:
- t = E_KEY[3];
- for (i = 0; i < 10; ++i)
- loop4 (i);
- break;
-
- case 24:
- E_KEY[4] = le32_to_cpu(key[4]);
- t = E_KEY[5] = le32_to_cpu(key[5]);
- for (i = 0; i < 8; ++i)
- loop6 (i);
- break;
-
- case 32:
- E_KEY[4] = le32_to_cpu(key[4]);
- E_KEY[5] = le32_to_cpu(key[5]);
- E_KEY[6] = le32_to_cpu(key[6]);
- t = E_KEY[7] = le32_to_cpu(key[7]);
- for (i = 0; i < 7; ++i)
- loop8 (i);
- break;
- }
-
- D_KEY[0] = E_KEY[0];
- D_KEY[1] = E_KEY[1];
- D_KEY[2] = E_KEY[2];
- D_KEY[3] = E_KEY[3];
-
- for (i = 4; i < key_len + 24; ++i) {
- imix_col (D_KEY[i], E_KEY[i]);
- }
-
- return 0;
-}
+ bo[n] = crypto_il_tab[0][byte(bi[n],0)] ^ \
+ crypto_il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \
+ crypto_il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \
+ crypto_il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)

/* encrypt a block of text */

@@ -317,23 +105,24 @@ static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,

static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
- const struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
+ const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
const __le32 *src = (const __le32 *)in;
__le32 *dst = (__le32 *)out;
u32 b0[4], b1[4];
- const u32 *kp = E_KEY + 4;
+ const int key_len = ctx->key_length;
+ const u32 *kp = ctx->key_enc + 4;

- b0[0] = le32_to_cpu(src[0]) ^ E_KEY[0];
- b0[1] = le32_to_cpu(src[1]) ^ E_KEY[1];
- b0[2] = le32_to_cpu(src[2]) ^ E_KEY[2];
- b0[3] = le32_to_cpu(src[3]) ^ E_KEY[3];
+ b0[0] = le32_to_cpu(src[0]) ^ ctx->key_enc[0];
+ b0[1] = le32_to_cpu(src[1]) ^ ctx->key_enc[1];
+ b0[2] = le32_to_cpu(src[2]) ^ ctx->key_enc[2];
+ b0[3] = le32_to_cpu(src[3]) ^ ctx->key_enc[3];

- if (ctx->key_length > 24) {
+ if (key_len > 24) {
f_nround (b1, b0, kp);
f_nround (b0, b1, kp);
}

- if (ctx->key_length > 16) {
+ if (key_len > 16) {
f_nround (b1, b0, kp);
f_nround (b0, b1, kp);
}
@@ -362,7 +151,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
i_rn(bo, bi, 1, k); \
i_rn(bo, bi, 2, k); \
i_rn(bo, bi, 3, k); \
- k -= 4
+ k += 4

#define i_lround(bo, bi, k) \
i_rl(bo, bi, 0, k); \
@@ -372,17 +161,17 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)

static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
{
- const struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
+ const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
const __le32 *src = (const __le32 *)in;
__le32 *dst = (__le32 *)out;
u32 b0[4], b1[4];
const int key_len = ctx->key_length;
- const u32 *kp = D_KEY + key_len + 20;
+ const u32 *kp = ctx->key_dec + 4;

- b0[0] = le32_to_cpu(src[0]) ^ E_KEY[key_len + 24];
- b0[1] = le32_to_cpu(src[1]) ^ E_KEY[key_len + 25];
- b0[2] = le32_to_cpu(src[2]) ^ E_KEY[key_len + 26];
- b0[3] = le32_to_cpu(src[3]) ^ E_KEY[key_len + 27];
+ b0[0] = le32_to_cpu(src[0]) ^ ctx->key_dec[0];
+ b0[1] = le32_to_cpu(src[1]) ^ ctx->key_dec[1];
+ b0[2] = le32_to_cpu(src[2]) ^ ctx->key_dec[2];
+ b0[3] = le32_to_cpu(src[3]) ^ ctx->key_dec[3];

if (key_len > 24) {
i_nround (b1, b0, kp);
@@ -411,14 +200,13 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
dst[3] = cpu_to_le32(b0[3]);
}

-
static struct crypto_alg aes_alg = {
.cra_name = "aes",
.cra_driver_name = "aes-generic",
.cra_priority = 100,
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = AES_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct aes_ctx),
+ .cra_ctxsize = sizeof(struct crypto_aes_ctx),
.cra_alignmask = 3,
.cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT(aes_alg.cra_list),
@@ -426,7 +214,7 @@ static struct crypto_alg aes_alg = {
.cipher = {
.cia_min_keysize = AES_MIN_KEY_SIZE,
.cia_max_keysize = AES_MAX_KEY_SIZE,
- .cia_setkey = aes_set_key,
+ .cia_setkey = crypto_aes_set_key,
.cia_encrypt = aes_encrypt,
.cia_decrypt = aes_decrypt
}
@@ -435,7 +223,6 @@ static struct crypto_alg aes_alg = {

static int __init aes_init(void)
{
- gen_tabs();
return crypto_register_alg(&aes_alg);
}

--
1.5.3.4

Subject: [RFC 3/3] [crypto] x86_64 asm AES use new common module

From: Sebastian Siewior <[email protected]>

Share the tables and set_key function.

Signed-off-by: Sebastian Siewior <[email protected]>
---
arch/x86/crypto/aes-x86_64-asm_64.S | 68 ++++----
arch/x86/crypto/aes_64.c | 282 +----------------------------------
crypto/Kconfig | 1 +
3 files changed, 38 insertions(+), 313 deletions(-)

diff --git a/arch/x86/crypto/aes-x86_64-asm_64.S b/arch/x86/crypto/aes-x86_64-asm_64.S
index 26b40de..a120f52 100644
--- a/arch/x86/crypto/aes-x86_64-asm_64.S
+++ b/arch/x86/crypto/aes-x86_64-asm_64.S
@@ -8,10 +8,10 @@
* including this sentence is retained in full.
*/

-.extern aes_ft_tab
-.extern aes_it_tab
-.extern aes_fl_tab
-.extern aes_il_tab
+.extern crypto_ft_tab
+.extern crypto_it_tab
+.extern crypto_fl_tab
+.extern crypto_il_tab

.text

@@ -56,13 +56,13 @@
.align 8; \
FUNC: movq r1,r2; \
movq r3,r4; \
- leaq BASE+KEY+52(r8),r9; \
+ leaq BASE+KEY+48+4(r8),r9; \
movq r10,r11; \
movl (r7),r5 ## E; \
movl 4(r7),r1 ## E; \
movl 8(r7),r6 ## E; \
movl 12(r7),r7 ## E; \
- movl BASE(r8),r10 ## E; \
+ movl BASE+0(r8),r10 ## E; \
xorl -48(r9),r5 ## E; \
xorl -44(r9),r1 ## E; \
xorl -40(r9),r6 ## E; \
@@ -154,37 +154,37 @@ FUNC: movq r1,r2; \
/* void aes_enc_blk(stuct crypto_tfm *tfm, u8 *out, const u8 *in) */

entry(aes_enc_blk,0,enc128,enc192)
- encrypt_round(aes_ft_tab,-96)
- encrypt_round(aes_ft_tab,-80)
-enc192: encrypt_round(aes_ft_tab,-64)
- encrypt_round(aes_ft_tab,-48)
-enc128: encrypt_round(aes_ft_tab,-32)
- encrypt_round(aes_ft_tab,-16)
- encrypt_round(aes_ft_tab, 0)
- encrypt_round(aes_ft_tab, 16)
- encrypt_round(aes_ft_tab, 32)
- encrypt_round(aes_ft_tab, 48)
- encrypt_round(aes_ft_tab, 64)
- encrypt_round(aes_ft_tab, 80)
- encrypt_round(aes_ft_tab, 96)
- encrypt_final(aes_fl_tab,112)
+ encrypt_round(crypto_ft_tab,-96)
+ encrypt_round(crypto_ft_tab,-80)
+enc192: encrypt_round(crypto_ft_tab,-64)
+ encrypt_round(crypto_ft_tab,-48)
+enc128: encrypt_round(crypto_ft_tab,-32)
+ encrypt_round(crypto_ft_tab,-16)
+ encrypt_round(crypto_ft_tab, 0)
+ encrypt_round(crypto_ft_tab, 16)
+ encrypt_round(crypto_ft_tab, 32)
+ encrypt_round(crypto_ft_tab, 48)
+ encrypt_round(crypto_ft_tab, 64)
+ encrypt_round(crypto_ft_tab, 80)
+ encrypt_round(crypto_ft_tab, 96)
+ encrypt_final(crypto_fl_tab,112)
return

/* void aes_dec_blk(struct crypto_tfm *tfm, u8 *out, const u8 *in) */

entry(aes_dec_blk,240,dec128,dec192)
- decrypt_round(aes_it_tab,-96)
- decrypt_round(aes_it_tab,-80)
-dec192: decrypt_round(aes_it_tab,-64)
- decrypt_round(aes_it_tab,-48)
-dec128: decrypt_round(aes_it_tab,-32)
- decrypt_round(aes_it_tab,-16)
- decrypt_round(aes_it_tab, 0)
- decrypt_round(aes_it_tab, 16)
- decrypt_round(aes_it_tab, 32)
- decrypt_round(aes_it_tab, 48)
- decrypt_round(aes_it_tab, 64)
- decrypt_round(aes_it_tab, 80)
- decrypt_round(aes_it_tab, 96)
- decrypt_final(aes_il_tab,112)
+ decrypt_round(crypto_it_tab,-96)
+ decrypt_round(crypto_it_tab,-80)
+dec192: decrypt_round(crypto_it_tab,-64)
+ decrypt_round(crypto_it_tab,-48)
+dec128: decrypt_round(crypto_it_tab,-32)
+ decrypt_round(crypto_it_tab,-16)
+ decrypt_round(crypto_it_tab, 0)
+ decrypt_round(crypto_it_tab, 16)
+ decrypt_round(crypto_it_tab, 32)
+ decrypt_round(crypto_it_tab, 48)
+ decrypt_round(crypto_it_tab, 64)
+ decrypt_round(crypto_it_tab, 80)
+ decrypt_round(crypto_it_tab, 96)
+ decrypt_final(crypto_il_tab,112)
return
diff --git a/arch/x86/crypto/aes_64.c b/arch/x86/crypto/aes_64.c
index 0b38a4c..d7a41a9 100644
--- a/arch/x86/crypto/aes_64.c
+++ b/arch/x86/crypto/aes_64.c
@@ -1,284 +1,9 @@
/*
- * Cryptographic API.
+ * Glue Code for AES Cipher Algorithm
*
- * AES Cipher Algorithm.
- *
- * Based on Brian Gladman's code.
- *
- * Linux developers:
- * Alexander Kjeldaas <[email protected]>
- * Herbert Valerio Riedel <[email protected]>
- * Kyle McMartin <[email protected]>
- * Adam J. Richter <[email protected]> (conversion to 2.5 API).
- * Andreas Steinmetz <[email protected]> (adapted to x86_64 assembler)
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * ---------------------------------------------------------------------------
- * Copyright (c) 2002, Dr Brian Gladman <[email protected]>, Worcester, UK.
- * All rights reserved.
- *
- * LICENSE TERMS
- *
- * The free distribution and use of this software in both source and binary
- * form is allowed (with or without changes) provided that:
- *
- * 1. distributions of this source code include the above copyright
- * notice, this list of conditions and the following disclaimer;
- *
- * 2. distributions in binary form include the above copyright
- * notice, this list of conditions and the following disclaimer
- * in the documentation and/or other associated materials;
- *
- * 3. the copyright holder's name is not used to endorse products
- * built using this software without specific written permission.
- *
- * ALTERNATIVELY, provided that this notice is retained in full, this product
- * may be distributed under the terms of the GNU General Public License (GPL),
- * in which case the provisions of the GPL apply INSTEAD OF those given above.
- *
- * DISCLAIMER
- *
- * This software is provided 'as is' with no explicit or implied warranties
- * in respect of its properties, including, but not limited to, correctness
- * and/or fitness for purpose.
- * ---------------------------------------------------------------------------
*/

-/* Some changes from the Gladman version:
- s/RIJNDAEL(e_key)/E_KEY/g
- s/RIJNDAEL(d_key)/D_KEY/g
-*/
-
-#include <asm/byteorder.h>
#include <crypto/aes.h>
-#include <linux/bitops.h>
-#include <linux/crypto.h>
-#include <linux/errno.h>
-#include <linux/init.h>
-#include <linux/module.h>
-#include <linux/types.h>
-
-/*
- * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
- */
-static inline u8 byte(const u32 x, const unsigned n)
-{
- return x >> (n << 3);
-}
-
-struct aes_ctx
-{
- u32 key_length;
- u32 buf[120];
-};
-
-#define E_KEY (&ctx->buf[0])
-#define D_KEY (&ctx->buf[60])
-
-static u8 pow_tab[256] __initdata;
-static u8 log_tab[256] __initdata;
-static u8 sbx_tab[256] __initdata;
-static u8 isb_tab[256] __initdata;
-static u32 rco_tab[10];
-u32 aes_ft_tab[4][256];
-u32 aes_it_tab[4][256];
-
-u32 aes_fl_tab[4][256];
-u32 aes_il_tab[4][256];
-
-static inline u8 f_mult(u8 a, u8 b)
-{
- u8 aa = log_tab[a], cc = aa + log_tab[b];
-
- return pow_tab[cc + (cc < aa ? 1 : 0)];
-}
-
-#define ff_mult(a, b) (a && b ? f_mult(a, b) : 0)
-
-#define ls_box(x) \
- (aes_fl_tab[0][byte(x, 0)] ^ \
- aes_fl_tab[1][byte(x, 1)] ^ \
- aes_fl_tab[2][byte(x, 2)] ^ \
- aes_fl_tab[3][byte(x, 3)])
-
-static void __init gen_tabs(void)
-{
- u32 i, t;
- u8 p, q;
-
- /* log and power tables for GF(2**8) finite field with
- 0x011b as modular polynomial - the simplest primitive
- root is 0x03, used here to generate the tables */
-
- for (i = 0, p = 1; i < 256; ++i) {
- pow_tab[i] = (u8)p;
- log_tab[p] = (u8)i;
-
- p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);
- }
-
- log_tab[1] = 0;
-
- for (i = 0, p = 1; i < 10; ++i) {
- rco_tab[i] = p;
-
- p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);
- }
-
- for (i = 0; i < 256; ++i) {
- p = (i ? pow_tab[255 - log_tab[i]] : 0);
- q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2));
- p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2));
- sbx_tab[i] = p;
- isb_tab[p] = (u8)i;
- }
-
- for (i = 0; i < 256; ++i) {
- p = sbx_tab[i];
-
- t = p;
- aes_fl_tab[0][i] = t;
- aes_fl_tab[1][i] = rol32(t, 8);
- aes_fl_tab[2][i] = rol32(t, 16);
- aes_fl_tab[3][i] = rol32(t, 24);
-
- t = ((u32)ff_mult(2, p)) |
- ((u32)p << 8) |
- ((u32)p << 16) | ((u32)ff_mult(3, p) << 24);
-
- aes_ft_tab[0][i] = t;
- aes_ft_tab[1][i] = rol32(t, 8);
- aes_ft_tab[2][i] = rol32(t, 16);
- aes_ft_tab[3][i] = rol32(t, 24);
-
- p = isb_tab[i];
-
- t = p;
- aes_il_tab[0][i] = t;
- aes_il_tab[1][i] = rol32(t, 8);
- aes_il_tab[2][i] = rol32(t, 16);
- aes_il_tab[3][i] = rol32(t, 24);
-
- t = ((u32)ff_mult(14, p)) |
- ((u32)ff_mult(9, p) << 8) |
- ((u32)ff_mult(13, p) << 16) |
- ((u32)ff_mult(11, p) << 24);
-
- aes_it_tab[0][i] = t;
- aes_it_tab[1][i] = rol32(t, 8);
- aes_it_tab[2][i] = rol32(t, 16);
- aes_it_tab[3][i] = rol32(t, 24);
- }
-}
-
-#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
-
-#define imix_col(y, x) \
- u = star_x(x); \
- v = star_x(u); \
- w = star_x(v); \
- t = w ^ (x); \
- (y) = u ^ v ^ w; \
- (y) ^= ror32(u ^ t, 8) ^ \
- ror32(v ^ t, 16) ^ \
- ror32(t, 24)
-
-/* initialise the key schedule from the user supplied key */
-
-#define loop4(i) \
-{ \
- t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
- t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \
- t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \
- t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \
- t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \
-}
-
-#define loop6(i) \
-{ \
- t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
- t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \
- t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \
- t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \
- t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \
- t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \
- t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \
-}
-
-#define loop8(i) \
-{ \
- t = ror32(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \
- t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \
- t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \
- t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \
- t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \
- t = E_KEY[8 * i + 4] ^ ls_box(t); \
- E_KEY[8 * i + 12] = t; \
- t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \
- t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \
- t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \
-}
-
-static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
- unsigned int key_len)
-{
- struct aes_ctx *ctx = crypto_tfm_ctx(tfm);
- const __le32 *key = (const __le32 *)in_key;
- u32 *flags = &tfm->crt_flags;
- u32 i, j, t, u, v, w;
-
- if (key_len % 8) {
- *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
- return -EINVAL;
- }
-
- ctx->key_length = key_len;
-
- D_KEY[key_len + 24] = E_KEY[0] = le32_to_cpu(key[0]);
- D_KEY[key_len + 25] = E_KEY[1] = le32_to_cpu(key[1]);
- D_KEY[key_len + 26] = E_KEY[2] = le32_to_cpu(key[2]);
- D_KEY[key_len + 27] = E_KEY[3] = le32_to_cpu(key[3]);
-
- switch (key_len) {
- case 16:
- t = E_KEY[3];
- for (i = 0; i < 10; ++i)
- loop4(i);
- break;
-
- case 24:
- E_KEY[4] = le32_to_cpu(key[4]);
- t = E_KEY[5] = le32_to_cpu(key[5]);
- for (i = 0; i < 8; ++i)
- loop6 (i);
- break;
-
- case 32:
- E_KEY[4] = le32_to_cpu(key[4]);
- E_KEY[5] = le32_to_cpu(key[5]);
- E_KEY[6] = le32_to_cpu(key[6]);
- t = E_KEY[7] = le32_to_cpu(key[7]);
- for (i = 0; i < 7; ++i)
- loop8(i);
- break;
- }
-
- D_KEY[0] = E_KEY[key_len + 24];
- D_KEY[1] = E_KEY[key_len + 25];
- D_KEY[2] = E_KEY[key_len + 26];
- D_KEY[3] = E_KEY[key_len + 27];
-
- for (i = 4; i < key_len + 24; ++i) {
- j = key_len + 24 - (i & ~3) + (i & 3);
- imix_col(D_KEY[j], E_KEY[i]);
- }
-
- return 0;
-}

asmlinkage void aes_enc_blk(struct crypto_tfm *tfm, u8 *out, const u8 *in);
asmlinkage void aes_dec_blk(struct crypto_tfm *tfm, u8 *out, const u8 *in);
@@ -299,14 +24,14 @@ static struct crypto_alg aes_alg = {
.cra_priority = 200,
.cra_flags = CRYPTO_ALG_TYPE_CIPHER,
.cra_blocksize = AES_BLOCK_SIZE,
- .cra_ctxsize = sizeof(struct aes_ctx),
+ .cra_ctxsize = sizeof(struct crypto_aes_ctx),
.cra_module = THIS_MODULE,
.cra_list = LIST_HEAD_INIT(aes_alg.cra_list),
.cra_u = {
.cipher = {
.cia_min_keysize = AES_MIN_KEY_SIZE,
.cia_max_keysize = AES_MAX_KEY_SIZE,
- .cia_setkey = aes_set_key,
+ .cia_setkey = crypto_aes_set_key,
.cia_encrypt = aes_encrypt,
.cia_decrypt = aes_decrypt
}
@@ -315,7 +40,6 @@ static struct crypto_alg aes_alg = {

static int __init aes_init(void)
{
- gen_tabs();
return crypto_register_alg(&aes_alg);
}

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 17b11b8..0e17ddb 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -354,6 +354,7 @@ config CRYPTO_AES_X86_64
tristate "AES cipher algorithms (x86_64)"
depends on (X86 || UML_X86) && 64BIT
select CRYPTO_ALGAPI
+ select CRYPTO_AES_COMMON
help
AES cipher algorithms (FIPS-197). AES uses the Rijndael
algorithm.
--
1.5.3.4

Subject: [RFC 1/3] AES: group common functions

From: Sebastian Siewior <[email protected]>

There are three AES softwore modules in the kernel: One C version
and two arch specific assembly versions. The key expansion routine as
well as the the four lookup tables which are used during encryption
and/or decryption are the same.
This patch simply creates an independent module which shares the
data structures across the modules.

Signed-off-by: Sebastian Siewior <[email protected]>
---
crypto/Kconfig | 3 +
crypto/Makefile | 1 +
crypto/aes_common.c | 277 ++++++++++++++++++++++++++++++++++++++++++++++++++
include/crypto/aes.h | 17 +++
4 files changed, 298 insertions(+), 0 deletions(-)
create mode 100644 crypto/aes_common.c

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 1f32071..26130d0 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -325,6 +325,9 @@ config CRYPTO_AES

See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.

+config CRYPTO_AES_COMMON
+ tristate
+
config CRYPTO_AES_586
tristate "AES cipher algorithms (i586)"
depends on (X86 || UML_X86) && !64BIT
diff --git a/crypto/Makefile b/crypto/Makefile
index 1f87db2..59b6a7e 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -41,6 +41,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish.o
obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
obj-$(CONFIG_CRYPTO_SERPENT) += serpent.o
obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
+obj-$(CONFIG_CRYPTO_AES_COMMON) += aes_common.o
obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia.o
obj-$(CONFIG_CRYPTO_CAST5) += cast5.o
obj-$(CONFIG_CRYPTO_CAST6) += cast6.o
diff --git a/crypto/aes_common.c b/crypto/aes_common.c
new file mode 100644
index 0000000..6ba60cf
--- /dev/null
+++ b/crypto/aes_common.c
@@ -0,0 +1,277 @@
+/*
+ * Cryptographic API.
+ *
+ * AES Cipher Algorithm.
+ *
+ * Based on Brian Gladman's code.
+ *
+ * Linux developers:
+ * Alexander Kjeldaas <[email protected]>
+ * Herbert Valerio Riedel <[email protected]>
+ * Kyle McMartin <[email protected]>
+ * Adam J. Richter <[email protected]> (conversion to 2.5 API).
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * ---------------------------------------------------------------------------
+ * Copyright (c) 2002, Dr Brian Gladman <[email protected]>, Worcester, UK.
+ * All rights reserved.
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ * 1. distributions of this source code include the above copyright
+ * notice, this list of conditions and the following disclaimer;
+ *
+ * 2. distributions in binary form include the above copyright
+ * notice, this list of conditions and the following disclaimer
+ * in the documentation and/or other associated materials;
+ *
+ * 3. the copyright holder's name is not used to endorse products
+ * built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ * ---------------------------------------------------------------------------
+ */
+
+#include <crypto/aes.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/errno.h>
+#include <linux/crypto.h>
+#include <asm/byteorder.h>
+
+static inline u8 byte(const u32 x, const unsigned n)
+{
+ return x >> (n << 3);
+}
+
+static u8 pow_tab[256] __initdata;
+static u8 log_tab[256] __initdata;
+static u8 sbx_tab[256] __initdata;
+static u8 isb_tab[256] __initdata;
+
+static u32 rco_tab[10];
+u32 crypto_ft_tab[4][256];
+u32 crypto_it_tab[4][256];
+u32 crypto_fl_tab[4][256];
+u32 crypto_il_tab[4][256];
+
+EXPORT_SYMBOL_GPL(crypto_ft_tab);
+EXPORT_SYMBOL_GPL(crypto_it_tab);
+EXPORT_SYMBOL_GPL(crypto_fl_tab);
+EXPORT_SYMBOL_GPL(crypto_il_tab);
+
+static inline u8 __init f_mult (u8 a, u8 b)
+{
+ u8 aa = log_tab[a], cc = aa + log_tab[b];
+
+ return pow_tab[cc + (cc < aa ? 1 : 0)];
+}
+
+#define ff_mult(a,b) (a && b ? f_mult(a, b) : 0)
+
+#define ls_box(x) \
+ ( crypto_fl_tab[0][byte(x, 0)] ^ \
+ crypto_fl_tab[1][byte(x, 1)] ^ \
+ crypto_fl_tab[2][byte(x, 2)] ^ \
+ crypto_fl_tab[3][byte(x, 3)] )
+
+static int __init gen_tabs (void)
+{
+ u32 i, t;
+ u8 p, q;
+
+ /* log and power tables for GF(2**8) finite field with
+ 0x011b as modular polynomial - the simplest primitive
+ root is 0x03, used here to generate the tables */
+
+ for (i = 0, p = 1; i < 256; ++i) {
+ pow_tab[i] = (u8) p;
+ log_tab[p] = (u8) i;
+
+ p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);
+ }
+
+ log_tab[1] = 0;
+
+ for (i = 0, p = 1; i < 10; ++i) {
+ rco_tab[i] = p;
+
+ p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);
+ }
+
+ for (i = 0; i < 256; ++i) {
+ p = (i ? pow_tab[255 - log_tab[i]] : 0);
+ q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2));
+ p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2));
+ sbx_tab[i] = p;
+ isb_tab[p] = (u8) i;
+ }
+
+ for (i = 0; i < 256; ++i) {
+ p = sbx_tab[i];
+
+ t = p;
+ crypto_fl_tab[0][i] = t;
+ crypto_fl_tab[1][i] = rol32(t, 8);
+ crypto_fl_tab[2][i] = rol32(t, 16);
+ crypto_fl_tab[3][i] = rol32(t, 24);
+
+ t = ((u32) ff_mult (2, p)) |
+ ((u32) p << 8) |
+ ((u32) p << 16) | ((u32) ff_mult (3, p) << 24);
+
+ crypto_ft_tab[0][i] = t;
+ crypto_ft_tab[1][i] = rol32(t, 8);
+ crypto_ft_tab[2][i] = rol32(t, 16);
+ crypto_ft_tab[3][i] = rol32(t, 24);
+
+ p = isb_tab[i];
+
+ t = p;
+ crypto_il_tab[0][i] = t;
+ crypto_il_tab[1][i] = rol32(t, 8);
+ crypto_il_tab[2][i] = rol32(t, 16);
+ crypto_il_tab[3][i] = rol32(t, 24);
+
+ t = ((u32) ff_mult (14, p)) |
+ ((u32) ff_mult (9, p) << 8) |
+ ((u32) ff_mult (13, p) << 16) |
+ ((u32) ff_mult (11, p) << 24);
+
+ crypto_it_tab[0][i] = t;
+ crypto_it_tab[1][i] = rol32(t, 8);
+ crypto_it_tab[2][i] = rol32(t, 16);
+ crypto_it_tab[3][i] = rol32(t, 24);
+ }
+
+ return 0;
+}
+
+#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
+
+#define imix_col(y,x) \
+ u = star_x(x); \
+ v = star_x(u); \
+ w = star_x(v); \
+ t = w ^ (x); \
+ (y) = u ^ v ^ w; \
+ (y) ^= ror32(u ^ t, 8) ^ \
+ ror32(v ^ t, 16) ^ \
+ ror32(t,24)
+
+/* initialise the key schedule from the user supplied key */
+
+#define loop4(i) \
+{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
+ t ^= ctx->key_enc[4 * i]; ctx->key_enc[4 * i + 4] = t; \
+ t ^= ctx->key_enc[4 * i + 1]; ctx->key_enc[4 * i + 5] = t; \
+ t ^= ctx->key_enc[4 * i + 2]; ctx->key_enc[4 * i + 6] = t; \
+ t ^= ctx->key_enc[4 * i + 3]; ctx->key_enc[4 * i + 7] = t; \
+}
+
+#define loop6(i) \
+{ t = ror32(t, 8); t = ls_box(t) ^ rco_tab[i]; \
+ t ^= ctx->key_enc[6 * i]; ctx->key_enc[6 * i + 6] = t; \
+ t ^= ctx->key_enc[6 * i + 1]; ctx->key_enc[6 * i + 7] = t; \
+ t ^= ctx->key_enc[6 * i + 2]; ctx->key_enc[6 * i + 8] = t; \
+ t ^= ctx->key_enc[6 * i + 3]; ctx->key_enc[6 * i + 9] = t; \
+ t ^= ctx->key_enc[6 * i + 4]; ctx->key_enc[6 * i + 10] = t; \
+ t ^= ctx->key_enc[6 * i + 5]; ctx->key_enc[6 * i + 11] = t; \
+}
+
+#define loop8(i) \
+{ t = ror32(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \
+ t ^= ctx->key_enc[8 * i]; ctx->key_enc[8 * i + 8] = t; \
+ t ^= ctx->key_enc[8 * i + 1]; ctx->key_enc[8 * i + 9] = t; \
+ t ^= ctx->key_enc[8 * i + 2]; ctx->key_enc[8 * i + 10] = t; \
+ t ^= ctx->key_enc[8 * i + 3]; ctx->key_enc[8 * i + 11] = t; \
+ t = ctx->key_enc[8 * i + 4] ^ ls_box(t); \
+ ctx->key_enc[8 * i + 12] = t; \
+ t ^= ctx->key_enc[8 * i + 5]; ctx->key_enc[8 * i + 13] = t; \
+ t ^= ctx->key_enc[8 * i + 6]; ctx->key_enc[8 * i + 14] = t; \
+ t ^= ctx->key_enc[8 * i + 7]; ctx->key_enc[8 * i + 15] = t; \
+}
+
+int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+ unsigned int key_len)
+{
+ struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
+ const __le32 *key = (const __le32 *)in_key;
+ u32 *flags = &tfm->crt_flags;
+ u32 i, j, t, u, v, w;
+
+ if (key_len % 8) {
+ *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+ return -EINVAL;
+ }
+
+ ctx->key_length = key_len;
+
+ ctx->key_dec[key_len + 24] = ctx->key_enc[0] = le32_to_cpu(key[0]);
+ ctx->key_dec[key_len + 25] = ctx->key_enc[1] = le32_to_cpu(key[1]);
+ ctx->key_dec[key_len + 26] = ctx->key_enc[2] = le32_to_cpu(key[2]);
+ ctx->key_dec[key_len + 27] = ctx->key_enc[3] = le32_to_cpu(key[3]);
+
+ switch (key_len) {
+ case 16:
+ t = ctx->key_enc[3];
+ for (i = 0; i < 10; ++i)
+ loop4(i);
+ break;
+
+ case 24:
+ ctx->key_enc[4] = le32_to_cpu(key[4]);
+ t = ctx->key_enc[5] = le32_to_cpu(key[5]);
+ for (i = 0; i < 8; ++i)
+ loop6 (i);
+ break;
+
+ case 32:
+ ctx->key_enc[4] = le32_to_cpu(key[4]);
+ ctx->key_enc[5] = le32_to_cpu(key[5]);
+ ctx->key_enc[6] = le32_to_cpu(key[6]);
+ t = ctx->key_enc[7] = le32_to_cpu(key[7]);
+ for (i = 0; i < 7; ++i)
+ loop8(i);
+ break;
+ }
+
+ ctx->key_dec[0] = ctx->key_enc[key_len + 24];
+ ctx->key_dec[1] = ctx->key_enc[key_len + 25];
+ ctx->key_dec[2] = ctx->key_enc[key_len + 26];
+ ctx->key_dec[3] = ctx->key_enc[key_len + 27];
+
+ for (i = 4; i < key_len + 24; ++i) {
+ j = key_len + 24 - (i & ~3) + (i & 3);
+ imix_col(ctx->key_dec[j], ctx->key_enc[i]);
+ }
+
+ return 0;
+}
+EXPORT_SYMBOL_GPL(crypto_aes_set_key);
+
+static void damn_I_can_t_name_it_void(void)
+{
+}
+
+module_init(gen_tabs);
+module_exit(damn_I_can_t_name_it_void);
+
+MODULE_DESCRIPTION("Commom used functions for the Rijndael (AES) Cipher Algorithm");
+MODULE_LICENSE("Dual BSD/GPL");
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 9ff842f..ab7c7c8 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -5,6 +5,9 @@
#ifndef _CRYPTO_AES_H
#define _CRYPTO_AES_H

+#include <linux/types.h>
+#include <linux/crypto.h>
+
#define AES_MIN_KEY_SIZE 16
#define AES_MAX_KEY_SIZE 32
#define AES_KEYSIZE_128 16
@@ -12,4 +15,18 @@
#define AES_KEYSIZE_256 32
#define AES_BLOCK_SIZE 16

+struct crypto_aes_ctx {
+ u32 key_length;
+ u32 key_enc[60];
+ u32 key_dec[60];
+};
+
+extern u32 crypto_ft_tab[4][256];
+extern u32 crypto_it_tab[4][256];
+extern u32 crypto_fl_tab[4][256];
+extern u32 crypto_il_tab[4][256];
+
+int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+ unsigned int key_len);
+
#endif
--
1.5.3.4

2007-10-24 05:50:30

by Herbert Xu

[permalink] [raw]
Subject: Re: [RFC 1/3] AES: group common functions

On Mon, Oct 22, 2007 at 07:22:12PM +0200, Sebastian Siewior wrote:
> From: Sebastian Siewior <[email protected]>
>
> There are three AES softwore modules in the kernel: One C version
> and two arch specific assembly versions. The key expansion routine as
> well as the the four lookup tables which are used during encryption
> and/or decryption are the same.
> This patch simply creates an independent module which shares the
> data structures across the modules.
>
> Signed-off-by: Sebastian Siewior <[email protected]>

Thanks, the patch looks fine.

However, instead of creating yet another module like twofish,
how about just making the assembly versions depend on the
generic version for these functions?

In fact, that's how we should've handled twofish as well.

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt