URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [crypto/] [aes.c] - Blame information for rev 1765

Details | Compare with Previous | View Log


/*
 * Cryptographic API.
 *
 * AES Cipher Algorithm.
 *
 * Based on Brian Gladman's code.
 *
 * Linux developers:
 *  Alexander Kjeldaas <astor@fast.no>
 *  Herbert Valerio Riedel <hvr@hvrlab.org>
 *  Kyle McMartin <kyle@debian.org>
 *  Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * ---------------------------------------------------------------------------
 * Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
 * All rights reserved.
 *
 * LICENSE TERMS
 *
 * The free distribution and use of this software in both source and binary
 * form is allowed (with or without changes) provided that:
 *
 *   1. distributions of this source code include the above copyright
 *      notice, this list of conditions and the following disclaimer;
 *
 *   2. distributions in binary form include the above copyright
 *      notice, this list of conditions and the following disclaimer
 *      in the documentation and/or other associated materials;
 *
 *   3. the copyright holder's name is not used to endorse products
 *      built using this software without specific written permission.
 *
 * ALTERNATIVELY, provided that this notice is retained in full, this product
 * may be distributed under the terms of the GNU General Public License (GPL),
 * in which case the provisions of the GPL apply INSTEAD OF those given above.
 *
 * DISCLAIMER
 *
 * This software is provided 'as is' with no explicit or implied warranties
 * in respect of its properties, including, but not limited to, correctness
 * and/or fitness for purpose.
 * ---------------------------------------------------------------------------
 */
 
/* Some changes from the Gladman version:
    s/RIJNDAEL(e_key)/E_KEY/g
    s/RIJNDAEL(d_key)/D_KEY/g
*/
 
#include <linux/module.h>
#include <linux/init.h>
#include <linux/types.h>
#include <linux/errno.h>
#include <linux/crypto.h>
#include <asm/byteorder.h>
 
#define AES_MIN_KEY_SIZE        16
#define AES_MAX_KEY_SIZE        32
 
#define AES_BLOCK_SIZE          16
 
static inline
u32 generic_rotr32 (const u32 x, const unsigned bits)
{
        const unsigned n = bits % 32;
        return (x >> n) | (x << (32 - n));
}
 
static inline
u32 generic_rotl32 (const u32 x, const unsigned bits)
{
        const unsigned n = bits % 32;
        return (x << n) | (x >> (32 - n));
}
 
#define rotl generic_rotl32
#define rotr generic_rotr32
 
/*
 * #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))
 */
inline static u8
byte(const u32 x, const unsigned n)
{
        return x >> (n << 3);
}
 
#define u32_in(x) le32_to_cpu(*(const u32 *)(x))
#define u32_out(to, from) (*(u32 *)(to) = cpu_to_le32(from))
 
struct aes_ctx {
        int key_length;
        u32 E[60];
        u32 D[60];
};
 
#define E_KEY ctx->E
#define D_KEY ctx->D
 
static u8 pow_tab[256];
static u8 log_tab[256];
static u8 sbx_tab[256];
static u8 isb_tab[256];
static u32 rco_tab[10];
static u32 ft_tab[4][256];
static u32 it_tab[4][256];
 
static u32 fl_tab[4][256];
static u32 il_tab[4][256];
 
static inline u8
f_mult (u8 a, u8 b)
{
        u8 aa = log_tab[a], cc = aa + log_tab[b];
 
        return pow_tab[cc + (cc < aa ? 1 : 0)];
}
 
#define ff_mult(a,b)    (a && b ? f_mult(a, b) : 0)
 
#define f_rn(bo, bi, n, k)                                      \
    bo[n] =  ft_tab[0][byte(bi[n],0)] ^                           \
             ft_tab[1][byte(bi[(n + 1) & 3],1)] ^               \
             ft_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
             ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
 
#define i_rn(bo, bi, n, k)                                      \
    bo[n] =  it_tab[0][byte(bi[n],0)] ^                           \
             it_tab[1][byte(bi[(n + 3) & 3],1)] ^               \
             it_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
             it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
 
#define ls_box(x)                               \
    ( fl_tab[0][byte(x, 0)] ^                     \
      fl_tab[1][byte(x, 1)] ^                   \
      fl_tab[2][byte(x, 2)] ^                   \
      fl_tab[3][byte(x, 3)] )
 
#define f_rl(bo, bi, n, k)                                      \
    bo[n] =  fl_tab[0][byte(bi[n],0)] ^                           \
             fl_tab[1][byte(bi[(n + 1) & 3],1)] ^               \
             fl_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
             fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)
 
#define i_rl(bo, bi, n, k)                                      \
    bo[n] =  il_tab[0][byte(bi[n],0)] ^                           \
             il_tab[1][byte(bi[(n + 3) & 3],1)] ^               \
             il_tab[2][byte(bi[(n + 2) & 3],2)] ^               \
             il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)
 
static void
gen_tabs (void)
{
        u32 i, t;
        u8 p, q;
 
        /* log and power tables for GF(2**8) finite field with
           0x011b as modular polynomial - the simplest prmitive
           root is 0x03, used here to generate the tables */
 
        for (i = 0, p = 1; i < 256; ++i) {
                pow_tab[i] = (u8) p;
                log_tab[p] = (u8) i;
 
                p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);
        }
 
        log_tab[1] = 0;
 
        for (i = 0, p = 1; i < 10; ++i) {
                rco_tab[i] = p;
 
                p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);
        }
 
        for (i = 0; i < 256; ++i) {
                p = (i ? pow_tab[255 - log_tab[i]] : 0);
                q = ((p >> 7) | (p << 1)) ^ ((p >> 6) | (p << 2));
                p ^= 0x63 ^ q ^ ((q >> 6) | (q << 2));
                sbx_tab[i] = p;
                isb_tab[p] = (u8) i;
        }
 
        for (i = 0; i < 256; ++i) {
                p = sbx_tab[i];
 
                t = p;
                fl_tab[0][i] = t;
                fl_tab[1][i] = rotl (t, 8);
                fl_tab[2][i] = rotl (t, 16);
                fl_tab[3][i] = rotl (t, 24);
 
                t = ((u32) ff_mult (2, p)) |
                    ((u32) p << 8) |
                    ((u32) p << 16) | ((u32) ff_mult (3, p) << 24);
 
                ft_tab[0][i] = t;
                ft_tab[1][i] = rotl (t, 8);
                ft_tab[2][i] = rotl (t, 16);
                ft_tab[3][i] = rotl (t, 24);
 
                p = isb_tab[i];
 
                t = p;
                il_tab[0][i] = t;
                il_tab[1][i] = rotl (t, 8);
                il_tab[2][i] = rotl (t, 16);
                il_tab[3][i] = rotl (t, 24);
 
                t = ((u32) ff_mult (14, p)) |
                    ((u32) ff_mult (9, p) << 8) |
                    ((u32) ff_mult (13, p) << 16) |
                    ((u32) ff_mult (11, p) << 24);
 
                it_tab[0][i] = t;
                it_tab[1][i] = rotl (t, 8);
                it_tab[2][i] = rotl (t, 16);
                it_tab[3][i] = rotl (t, 24);
        }
}
 
#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
 
#define imix_col(y,x)       \
    u   = star_x(x);        \
    v   = star_x(u);        \
    w   = star_x(v);        \
    t   = w ^ (x);          \
   (y)  = u ^ v ^ w;        \
   (y) ^= rotr(u ^ t,  8) ^ \
          rotr(v ^ t, 16) ^ \
          rotr(t,24)
 
/* initialise the key schedule from the user supplied key */
 
#define loop4(i)                                    \
{   t = rotr(t,  8); t = ls_box(t) ^ rco_tab[i];    \
    t ^= E_KEY[4 * i];     E_KEY[4 * i + 4] = t;    \
    t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t;    \
    t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t;    \
    t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t;    \
}
 
#define loop6(i)                                    \
{   t = rotr(t,  8); t = ls_box(t) ^ rco_tab[i];    \
    t ^= E_KEY[6 * i];     E_KEY[6 * i + 6] = t;    \
    t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t;    \
    t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t;    \
    t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t;    \
    t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t;   \
    t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t;   \
}
 
#define loop8(i)                                    \
{   t = rotr(t,  8); ; t = ls_box(t) ^ rco_tab[i];  \
    t ^= E_KEY[8 * i];     E_KEY[8 * i + 8] = t;    \
    t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t;    \
    t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t;   \
    t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t;   \
    t  = E_KEY[8 * i + 4] ^ ls_box(t);    \
    E_KEY[8 * i + 12] = t;                \
    t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t;   \
    t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t;   \
    t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t;   \
}
 
static int
aes_set_key(void *ctx_arg, const u8 *in_key, unsigned int key_len, u32 *flags)
{
        struct aes_ctx *ctx = ctx_arg;
        u32 i, t, u, v, w;
 
        if (key_len != 16 && key_len != 24 && key_len != 32) {
                *flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
                return -EINVAL;
        }
 
        ctx->key_length = key_len;
 
        E_KEY[0] = u32_in (in_key);
        E_KEY[1] = u32_in (in_key + 4);
        E_KEY[2] = u32_in (in_key + 8);
        E_KEY[3] = u32_in (in_key + 12);
 
        switch (key_len) {
        case 16:
                t = E_KEY[3];
                for (i = 0; i < 10; ++i)
                        loop4 (i);
                break;
 
        case 24:
                E_KEY[4] = u32_in (in_key + 16);
                t = E_KEY[5] = u32_in (in_key + 20);
                for (i = 0; i < 8; ++i)
                        loop6 (i);
                break;
 
        case 32:
                E_KEY[4] = u32_in (in_key + 16);
                E_KEY[5] = u32_in (in_key + 20);
                E_KEY[6] = u32_in (in_key + 24);
                t = E_KEY[7] = u32_in (in_key + 28);
                for (i = 0; i < 7; ++i)
                        loop8 (i);
                break;
        }
 
        D_KEY[0] = E_KEY[0];
        D_KEY[1] = E_KEY[1];
        D_KEY[2] = E_KEY[2];
        D_KEY[3] = E_KEY[3];
 
        for (i = 4; i < key_len + 24; ++i) {
                imix_col (D_KEY[i], E_KEY[i]);
        }
 
        return 0;
}
 
/* encrypt a block of text */
 
#define f_nround(bo, bi, k) \
    f_rn(bo, bi, 0, k);     \
    f_rn(bo, bi, 1, k);     \
    f_rn(bo, bi, 2, k);     \
    f_rn(bo, bi, 3, k);     \
    k += 4
 
#define f_lround(bo, bi, k) \
    f_rl(bo, bi, 0, k);     \
    f_rl(bo, bi, 1, k);     \
    f_rl(bo, bi, 2, k);     \
    f_rl(bo, bi, 3, k)
 
static void aes_encrypt(void *ctx_arg, u8 *out, const u8 *in)
{
        const struct aes_ctx *ctx = ctx_arg;
        u32 b0[4], b1[4];
        const u32 *kp = E_KEY + 4;
 
        b0[0] = u32_in (in) ^ E_KEY[0];
        b0[1] = u32_in (in + 4) ^ E_KEY[1];
        b0[2] = u32_in (in + 8) ^ E_KEY[2];
        b0[3] = u32_in (in + 12) ^ E_KEY[3];
 
        if (ctx->key_length > 24) {
                f_nround (b1, b0, kp);
                f_nround (b0, b1, kp);
        }
 
        if (ctx->key_length > 16) {
                f_nround (b1, b0, kp);
                f_nround (b0, b1, kp);
        }
 
        f_nround (b1, b0, kp);
        f_nround (b0, b1, kp);
        f_nround (b1, b0, kp);
        f_nround (b0, b1, kp);
        f_nround (b1, b0, kp);
        f_nround (b0, b1, kp);
        f_nround (b1, b0, kp);
        f_nround (b0, b1, kp);
        f_nround (b1, b0, kp);
        f_lround (b0, b1, kp);
 
        u32_out (out, b0[0]);
        u32_out (out + 4, b0[1]);
        u32_out (out + 8, b0[2]);
        u32_out (out + 12, b0[3]);
}
 
/* decrypt a block of text */
 
#define i_nround(bo, bi, k) \
    i_rn(bo, bi, 0, k);     \
    i_rn(bo, bi, 1, k);     \
    i_rn(bo, bi, 2, k);     \
    i_rn(bo, bi, 3, k);     \
    k -= 4
 
#define i_lround(bo, bi, k) \
    i_rl(bo, bi, 0, k);     \
    i_rl(bo, bi, 1, k);     \
    i_rl(bo, bi, 2, k);     \
    i_rl(bo, bi, 3, k)
 
static void aes_decrypt(void *ctx_arg, u8 *out, const u8 *in)
{
        const struct aes_ctx *ctx = ctx_arg;
        u32 b0[4], b1[4];
        const int key_len = ctx->key_length;
        const u32 *kp = D_KEY + key_len + 20;
 
        b0[0] = u32_in (in) ^ E_KEY[key_len + 24];
        b0[1] = u32_in (in + 4) ^ E_KEY[key_len + 25];
        b0[2] = u32_in (in + 8) ^ E_KEY[key_len + 26];
        b0[3] = u32_in (in + 12) ^ E_KEY[key_len + 27];
 
        if (key_len > 24) {
                i_nround (b1, b0, kp);
                i_nround (b0, b1, kp);
        }
 
        if (key_len > 16) {
                i_nround (b1, b0, kp);
                i_nround (b0, b1, kp);
        }
 
        i_nround (b1, b0, kp);
        i_nround (b0, b1, kp);
        i_nround (b1, b0, kp);
        i_nround (b0, b1, kp);
        i_nround (b1, b0, kp);
        i_nround (b0, b1, kp);
        i_nround (b1, b0, kp);
        i_nround (b0, b1, kp);
        i_nround (b1, b0, kp);
        i_lround (b0, b1, kp);
 
        u32_out (out, b0[0]);
        u32_out (out + 4, b0[1]);
        u32_out (out + 8, b0[2]);
        u32_out (out + 12, b0[3]);
}
 
 
static struct crypto_alg aes_alg = {
        .cra_name               =       "aes",
        .cra_flags              =       CRYPTO_ALG_TYPE_CIPHER,
        .cra_blocksize          =       AES_BLOCK_SIZE,
        .cra_ctxsize            =       sizeof(struct aes_ctx),
        .cra_module             =       THIS_MODULE,
        .cra_list               =       LIST_HEAD_INIT(aes_alg.cra_list),
        .cra_u                  =       {
                .cipher = {
                        .cia_min_keysize        =       AES_MIN_KEY_SIZE,
                        .cia_max_keysize        =       AES_MAX_KEY_SIZE,
                        .cia_setkey             =       aes_set_key,
                        .cia_encrypt            =       aes_encrypt,
                        .cia_decrypt            =       aes_decrypt
                }
        }
};
 
static int __init aes_init(void)
{
        gen_tabs();
        return crypto_register_alg(&aes_alg);
}
 
static void __exit aes_fini(void)
{
        crypto_unregister_alg(&aes_alg);
}
 
module_init(aes_init);
module_exit(aes_fini);
 
MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
MODULE_LICENSE("Dual BSD/GPL");
 

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [crypto/] [aes.c] - Blame information for rev 1765

Line No.	Rev	Author	Line
1	1275	phoenix	`/*`
2			`* Cryptographic API.`
3			`*`
4			`* AES Cipher Algorithm.`
5			`*`
6			`* Based on Brian Gladman's code.`
7			`*`
8			`* Linux developers:`
9			`* Alexander Kjeldaas <astor@fast.no>`
10			`* Herbert Valerio Riedel <hvr@hvrlab.org>`
11			`* Kyle McMartin <kyle@debian.org>`
12			`* Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).`
13			`*`
14			`* This program is free software; you can redistribute it and/or modify`
15			`* it under the terms of the GNU General Public License as published by`
16			`* the Free Software Foundation; either version 2 of the License, or`
17			`* (at your option) any later version.`
18			`*`
19			`* ---------------------------------------------------------------------------`
20			`* Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.`
21			`* All rights reserved.`
22			`*`
23			`* LICENSE TERMS`
24			`*`
25			`* The free distribution and use of this software in both source and binary`
26			`* form is allowed (with or without changes) provided that:`
27			`*`
28			`* 1. distributions of this source code include the above copyright`
29			`* notice, this list of conditions and the following disclaimer;`
30			`*`
31			`* 2. distributions in binary form include the above copyright`
32			`* notice, this list of conditions and the following disclaimer`
33			`* in the documentation and/or other associated materials;`
34			`*`
35			`* 3. the copyright holder's name is not used to endorse products`
36			`* built using this software without specific written permission.`
37			`*`
38			`* ALTERNATIVELY, provided that this notice is retained in full, this product`
39			`* may be distributed under the terms of the GNU General Public License (GPL),`
40			`* in which case the provisions of the GPL apply INSTEAD OF those given above.`
41			`*`
42			`* DISCLAIMER`
43			`*`
44			`* This software is provided 'as is' with no explicit or implied warranties`
45			`* in respect of its properties, including, but not limited to, correctness`
46			`* and/or fitness for purpose.`
47			`* ---------------------------------------------------------------------------`
48			`*/`
49
50			`/* Some changes from the Gladman version:`
51			`s/RIJNDAEL(e_key)/E_KEY/g`
52			`s/RIJNDAEL(d_key)/D_KEY/g`
53			`*/`
54
55			`#include <linux/module.h>`
56			`#include <linux/init.h>`
57			`#include <linux/types.h>`
58			`#include <linux/errno.h>`
59			`#include <linux/crypto.h>`
60			`#include <asm/byteorder.h>`
61
62			`#define AES_MIN_KEY_SIZE 16`
63			`#define AES_MAX_KEY_SIZE 32`
64
65			`#define AES_BLOCK_SIZE 16`
66
67			`static inline`
68			`u32 generic_rotr32 (const u32 x, const unsigned bits)`
69			`{`
70			`const unsigned n = bits % 32;`
71			`return (x >> n) \| (x << (32 - n));`
72			`}`
73
74			`static inline`
75			`u32 generic_rotl32 (const u32 x, const unsigned bits)`
76			`{`
77			`const unsigned n = bits % 32;`
78			`return (x << n) \| (x >> (32 - n));`
79			`}`
80
81			`#define rotl generic_rotl32`
82			`#define rotr generic_rotr32`
83
84			`/*`
85			`* #define byte(x, nr) ((unsigned char)((x) >> (nr*8)))`
86			`*/`
87			`inline static u8`
88			`byte(const u32 x, const unsigned n)`
89			`{`
90			`return x >> (n << 3);`
91			`}`
92
93			`#define u32_in(x) le32_to_cpu((const u32 )(x))`
94			`#define u32_out(to, from) ((u32 )(to) = cpu_to_le32(from))`
95
96			`struct aes_ctx {`
97			`int key_length;`
98			`u32 E[60];`
99			`u32 D[60];`
100			`};`
101
102			`#define E_KEY ctx->E`
103			`#define D_KEY ctx->D`
104
105			`static u8 pow_tab[256];`
106			`static u8 log_tab[256];`
107			`static u8 sbx_tab[256];`
108			`static u8 isb_tab[256];`
109			`static u32 rco_tab[10];`
110			`static u32 ft_tab[4][256];`
111			`static u32 it_tab[4][256];`
112
113			`static u32 fl_tab[4][256];`
114			`static u32 il_tab[4][256];`
115
116			`static inline u8`
117			`f_mult (u8 a, u8 b)`
118			`{`
119			`u8 aa = log_tab[a], cc = aa + log_tab[b];`
120
121			`return pow_tab[cc + (cc < aa ? 1 : 0)];`
122			`}`
123
124			`#define ff_mult(a,b) (a && b ? f_mult(a, b) : 0)`
125
126			`#define f_rn(bo, bi, n, k) \`
127			`bo[n] = ft_tab[0][byte(bi[n],0)] ^ \`
128			`ft_tab[1][byte(bi[(n + 1) & 3],1)] ^ \`
129			`ft_tab[2][byte(bi[(n + 2) & 3],2)] ^ \`
130			`ft_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)`
131
132			`#define i_rn(bo, bi, n, k) \`
133			`bo[n] = it_tab[0][byte(bi[n],0)] ^ \`
134			`it_tab[1][byte(bi[(n + 3) & 3],1)] ^ \`
135			`it_tab[2][byte(bi[(n + 2) & 3],2)] ^ \`
136			`it_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)`
137
138			`#define ls_box(x) \`
139			`( fl_tab[0][byte(x, 0)] ^ \`
140			`fl_tab[1][byte(x, 1)] ^ \`
141			`fl_tab[2][byte(x, 2)] ^ \`
142			`fl_tab[3][byte(x, 3)] )`
143
144			`#define f_rl(bo, bi, n, k) \`
145			`bo[n] = fl_tab[0][byte(bi[n],0)] ^ \`
146			`fl_tab[1][byte(bi[(n + 1) & 3],1)] ^ \`
147			`fl_tab[2][byte(bi[(n + 2) & 3],2)] ^ \`
148			`fl_tab[3][byte(bi[(n + 3) & 3],3)] ^ *(k + n)`
149
150			`#define i_rl(bo, bi, n, k) \`
151			`bo[n] = il_tab[0][byte(bi[n],0)] ^ \`
152			`il_tab[1][byte(bi[(n + 3) & 3],1)] ^ \`
153			`il_tab[2][byte(bi[(n + 2) & 3],2)] ^ \`
154			`il_tab[3][byte(bi[(n + 1) & 3],3)] ^ *(k + n)`
155
156			`static void`
157			`gen_tabs (void)`
158			`{`
159			`u32 i, t;`
160			`u8 p, q;`
161
162			`/* log and power tables for GF(2**8) finite field with`
163			`0x011b as modular polynomial - the simplest prmitive`
164			`root is 0x03, used here to generate the tables */`
165
166			`for (i = 0, p = 1; i < 256; ++i) {`
167			`pow_tab[i] = (u8) p;`
168			`log_tab[p] = (u8) i;`
169
170			`p ^= (p << 1) ^ (p & 0x80 ? 0x01b : 0);`
171			`}`
172
173			`log_tab[1] = 0;`
174
175			`for (i = 0, p = 1; i < 10; ++i) {`
176			`rco_tab[i] = p;`
177
178			`p = (p << 1) ^ (p & 0x80 ? 0x01b : 0);`
179			`}`
180
181			`for (i = 0; i < 256; ++i) {`
182			`p = (i ? pow_tab[255 - log_tab[i]] : 0);`
183			`q = ((p >> 7) \| (p << 1)) ^ ((p >> 6) \| (p << 2));`
184			`p ^= 0x63 ^ q ^ ((q >> 6) \| (q << 2));`
185			`sbx_tab[i] = p;`
186			`isb_tab[p] = (u8) i;`
187			`}`
188
189			`for (i = 0; i < 256; ++i) {`
190			`p = sbx_tab[i];`
191
192			`t = p;`
193			`fl_tab[0][i] = t;`
194			`fl_tab[1][i] = rotl (t, 8);`
195			`fl_tab[2][i] = rotl (t, 16);`
196			`fl_tab[3][i] = rotl (t, 24);`
197
198			`t = ((u32) ff_mult (2, p)) \|`
199			`((u32) p << 8) \|`
200			`((u32) p << 16) \| ((u32) ff_mult (3, p) << 24);`
201
202			`ft_tab[0][i] = t;`
203			`ft_tab[1][i] = rotl (t, 8);`
204			`ft_tab[2][i] = rotl (t, 16);`
205			`ft_tab[3][i] = rotl (t, 24);`
206
207			`p = isb_tab[i];`
208
209			`t = p;`
210			`il_tab[0][i] = t;`
211			`il_tab[1][i] = rotl (t, 8);`
212			`il_tab[2][i] = rotl (t, 16);`
213			`il_tab[3][i] = rotl (t, 24);`
214
215			`t = ((u32) ff_mult (14, p)) \|`
216			`((u32) ff_mult (9, p) << 8) \|`
217			`((u32) ff_mult (13, p) << 16) \|`
218			`((u32) ff_mult (11, p) << 24);`
219
220			`it_tab[0][i] = t;`
221			`it_tab[1][i] = rotl (t, 8);`
222			`it_tab[2][i] = rotl (t, 16);`
223			`it_tab[3][i] = rotl (t, 24);`
224			`}`
225			`}`
226
227			`#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)`
228
229			`#define imix_col(y,x) \`
230			`u = star_x(x); \`
231			`v = star_x(u); \`
232			`w = star_x(v); \`
233			`t = w ^ (x); \`
234			`(y) = u ^ v ^ w; \`
235			`(y) ^= rotr(u ^ t, 8) ^ \`
236			`rotr(v ^ t, 16) ^ \`
237			`rotr(t,24)`
238
239			`/* initialise the key schedule from the user supplied key */`
240
241			`#define loop4(i) \`
242			`{ t = rotr(t, 8); t = ls_box(t) ^ rco_tab[i]; \`
243			`t ^= E_KEY[4 * i]; E_KEY[4 * i + 4] = t; \`
244			`t ^= E_KEY[4 * i + 1]; E_KEY[4 * i + 5] = t; \`
245			`t ^= E_KEY[4 * i + 2]; E_KEY[4 * i + 6] = t; \`
246			`t ^= E_KEY[4 * i + 3]; E_KEY[4 * i + 7] = t; \`
247			`}`
248
249			`#define loop6(i) \`
250			`{ t = rotr(t, 8); t = ls_box(t) ^ rco_tab[i]; \`
251			`t ^= E_KEY[6 * i]; E_KEY[6 * i + 6] = t; \`
252			`t ^= E_KEY[6 * i + 1]; E_KEY[6 * i + 7] = t; \`
253			`t ^= E_KEY[6 * i + 2]; E_KEY[6 * i + 8] = t; \`
254			`t ^= E_KEY[6 * i + 3]; E_KEY[6 * i + 9] = t; \`
255			`t ^= E_KEY[6 * i + 4]; E_KEY[6 * i + 10] = t; \`
256			`t ^= E_KEY[6 * i + 5]; E_KEY[6 * i + 11] = t; \`
257			`}`
258
259			`#define loop8(i) \`
260			`{ t = rotr(t, 8); ; t = ls_box(t) ^ rco_tab[i]; \`
261			`t ^= E_KEY[8 * i]; E_KEY[8 * i + 8] = t; \`
262			`t ^= E_KEY[8 * i + 1]; E_KEY[8 * i + 9] = t; \`
263			`t ^= E_KEY[8 * i + 2]; E_KEY[8 * i + 10] = t; \`
264			`t ^= E_KEY[8 * i + 3]; E_KEY[8 * i + 11] = t; \`
265			`t = E_KEY[8 * i + 4] ^ ls_box(t); \`
266			`E_KEY[8 * i + 12] = t; \`
267			`t ^= E_KEY[8 * i + 5]; E_KEY[8 * i + 13] = t; \`
268			`t ^= E_KEY[8 * i + 6]; E_KEY[8 * i + 14] = t; \`
269			`t ^= E_KEY[8 * i + 7]; E_KEY[8 * i + 15] = t; \`
270			`}`
271
272			`static int`
273			`aes_set_key(void ctx_arg, const u8 in_key, unsigned int key_len, u32 *flags)`
274			`{`
275			`struct aes_ctx *ctx = ctx_arg;`
276			`u32 i, t, u, v, w;`
277
278			`if (key_len != 16 && key_len != 24 && key_len != 32) {`
279			`*flags \|= CRYPTO_TFM_RES_BAD_KEY_LEN;`
280			`return -EINVAL;`
281			`}`
282
283			`ctx->key_length = key_len;`
284
285			`E_KEY[0] = u32_in (in_key);`
286			`E_KEY[1] = u32_in (in_key + 4);`
287			`E_KEY[2] = u32_in (in_key + 8);`
288			`E_KEY[3] = u32_in (in_key + 12);`
289
290			`switch (key_len) {`
291			`case 16:`
292			`t = E_KEY[3];`
293			`for (i = 0; i < 10; ++i)`
294			`loop4 (i);`
295			`break;`
296
297			`case 24:`
298			`E_KEY[4] = u32_in (in_key + 16);`
299			`t = E_KEY[5] = u32_in (in_key + 20);`
300			`for (i = 0; i < 8; ++i)`
301			`loop6 (i);`
302			`break;`
303
304			`case 32:`
305			`E_KEY[4] = u32_in (in_key + 16);`
306			`E_KEY[5] = u32_in (in_key + 20);`
307			`E_KEY[6] = u32_in (in_key + 24);`
308			`t = E_KEY[7] = u32_in (in_key + 28);`
309			`for (i = 0; i < 7; ++i)`
310			`loop8 (i);`
311			`break;`
312			`}`
313
314			`D_KEY[0] = E_KEY[0];`
315			`D_KEY[1] = E_KEY[1];`
316			`D_KEY[2] = E_KEY[2];`
317			`D_KEY[3] = E_KEY[3];`
318
319			`for (i = 4; i < key_len + 24; ++i) {`
320			`imix_col (D_KEY[i], E_KEY[i]);`
321			`}`
322
323			`return 0;`
324			`}`
325
326			`/* encrypt a block of text */`
327
328			`#define f_nround(bo, bi, k) \`
329			`f_rn(bo, bi, 0, k); \`
330			`f_rn(bo, bi, 1, k); \`
331			`f_rn(bo, bi, 2, k); \`
332			`f_rn(bo, bi, 3, k); \`
333			`k += 4`
334
335			`#define f_lround(bo, bi, k) \`
336			`f_rl(bo, bi, 0, k); \`
337			`f_rl(bo, bi, 1, k); \`
338			`f_rl(bo, bi, 2, k); \`
339			`f_rl(bo, bi, 3, k)`
340
341			`static void aes_encrypt(void ctx_arg, u8 out, const u8 *in)`
342			`{`
343			`const struct aes_ctx *ctx = ctx_arg;`
344			`u32 b0[4], b1[4];`
345			`const u32 *kp = E_KEY + 4;`
346
347			`b0[0] = u32_in (in) ^ E_KEY[0];`
348			`b0[1] = u32_in (in + 4) ^ E_KEY[1];`
349			`b0[2] = u32_in (in + 8) ^ E_KEY[2];`
350			`b0[3] = u32_in (in + 12) ^ E_KEY[3];`
351
352			`if (ctx->key_length > 24) {`
353			`f_nround (b1, b0, kp);`
354			`f_nround (b0, b1, kp);`
355			`}`
356
357			`if (ctx->key_length > 16) {`
358			`f_nround (b1, b0, kp);`
359			`f_nround (b0, b1, kp);`
360			`}`
361
362			`f_nround (b1, b0, kp);`
363			`f_nround (b0, b1, kp);`
364			`f_nround (b1, b0, kp);`
365			`f_nround (b0, b1, kp);`
366			`f_nround (b1, b0, kp);`
367			`f_nround (b0, b1, kp);`
368			`f_nround (b1, b0, kp);`
369			`f_nround (b0, b1, kp);`
370			`f_nround (b1, b0, kp);`
371			`f_lround (b0, b1, kp);`
372
373			`u32_out (out, b0[0]);`
374			`u32_out (out + 4, b0[1]);`
375			`u32_out (out + 8, b0[2]);`
376			`u32_out (out + 12, b0[3]);`
377			`}`
378
379			`/* decrypt a block of text */`
380
381			`#define i_nround(bo, bi, k) \`
382			`i_rn(bo, bi, 0, k); \`
383			`i_rn(bo, bi, 1, k); \`
384			`i_rn(bo, bi, 2, k); \`
385			`i_rn(bo, bi, 3, k); \`
386			`k -= 4`
387
388			`#define i_lround(bo, bi, k) \`
389			`i_rl(bo, bi, 0, k); \`
390			`i_rl(bo, bi, 1, k); \`
391			`i_rl(bo, bi, 2, k); \`
392			`i_rl(bo, bi, 3, k)`
393
394			`static void aes_decrypt(void ctx_arg, u8 out, const u8 *in)`
395			`{`
396			`const struct aes_ctx *ctx = ctx_arg;`
397			`u32 b0[4], b1[4];`
398			`const int key_len = ctx->key_length;`
399			`const u32 *kp = D_KEY + key_len + 20;`
400
401			`b0[0] = u32_in (in) ^ E_KEY[key_len + 24];`
402			`b0[1] = u32_in (in + 4) ^ E_KEY[key_len + 25];`
403			`b0[2] = u32_in (in + 8) ^ E_KEY[key_len + 26];`
404			`b0[3] = u32_in (in + 12) ^ E_KEY[key_len + 27];`
405
406			`if (key_len > 24) {`
407			`i_nround (b1, b0, kp);`
408			`i_nround (b0, b1, kp);`
409			`}`
410
411			`if (key_len > 16) {`
412			`i_nround (b1, b0, kp);`
413			`i_nround (b0, b1, kp);`
414			`}`
415
416			`i_nround (b1, b0, kp);`
417			`i_nround (b0, b1, kp);`
418			`i_nround (b1, b0, kp);`
419			`i_nround (b0, b1, kp);`
420			`i_nround (b1, b0, kp);`
421			`i_nround (b0, b1, kp);`
422			`i_nround (b1, b0, kp);`
423			`i_nround (b0, b1, kp);`
424			`i_nround (b1, b0, kp);`
425			`i_lround (b0, b1, kp);`
426
427			`u32_out (out, b0[0]);`
428			`u32_out (out + 4, b0[1]);`
429			`u32_out (out + 8, b0[2]);`
430			`u32_out (out + 12, b0[3]);`
431			`}`
432
433
434			`static struct crypto_alg aes_alg = {`
435			`.cra_name = "aes",`
436			`.cra_flags = CRYPTO_ALG_TYPE_CIPHER,`
437			`.cra_blocksize = AES_BLOCK_SIZE,`
438			`.cra_ctxsize = sizeof(struct aes_ctx),`
439			`.cra_module = THIS_MODULE,`
440			`.cra_list = LIST_HEAD_INIT(aes_alg.cra_list),`
441			`.cra_u = {`
442			`.cipher = {`
443			`.cia_min_keysize = AES_MIN_KEY_SIZE,`
444			`.cia_max_keysize = AES_MAX_KEY_SIZE,`
445			`.cia_setkey = aes_set_key,`
446			`.cia_encrypt = aes_encrypt,`
447			`.cia_decrypt = aes_decrypt`
448			`}`
449			`}`
450			`};`
451
452			`static int __init aes_init(void)`
453			`{`
454			`gen_tabs();`
455			`return crypto_register_alg(&aes_alg);`
456			`}`
457
458			`static void __exit aes_fini(void)`
459			`{`
460			`crypto_unregister_alg(&aes_alg);`
461			`}`
462
463			`module_init(aes_init);`
464			`module_exit(aes_fini);`
465
466			`MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");`
467			`MODULE_LICENSE("Dual BSD/GPL");`
468