1ea5d8cfaSThomas Gleixner /* SPDX-License-Identifier: GPL-2.0-or-later */ 2f606a88eSOndrej Mosnacek /* 3f606a88eSOndrej Mosnacek * AEGIS common definitions 4f606a88eSOndrej Mosnacek * 5f606a88eSOndrej Mosnacek * Copyright (c) 2018 Ondrej Mosnacek <omosnacek@gmail.com> 6f606a88eSOndrej Mosnacek * Copyright (c) 2018 Red Hat, Inc. All rights reserved. 7f606a88eSOndrej Mosnacek */ 8f606a88eSOndrej Mosnacek 9f606a88eSOndrej Mosnacek #ifndef _CRYPTO_AEGIS_H 10f606a88eSOndrej Mosnacek #define _CRYPTO_AEGIS_H 11f606a88eSOndrej Mosnacek 12f606a88eSOndrej Mosnacek #include <crypto/aes.h> 13*521cdde7SArd Biesheuvel #include <linux/bitops.h> 14f606a88eSOndrej Mosnacek #include <linux/types.h> 15f606a88eSOndrej Mosnacek 16f606a88eSOndrej Mosnacek #define AEGIS_BLOCK_SIZE 16 17f606a88eSOndrej Mosnacek 18f606a88eSOndrej Mosnacek union aegis_block { 19f606a88eSOndrej Mosnacek __le64 words64[AEGIS_BLOCK_SIZE / sizeof(__le64)]; 204a34e3c2SArd Biesheuvel __le32 words32[AEGIS_BLOCK_SIZE / sizeof(__le32)]; 21f606a88eSOndrej Mosnacek u8 bytes[AEGIS_BLOCK_SIZE]; 22f606a88eSOndrej Mosnacek }; 23f606a88eSOndrej Mosnacek 24f606a88eSOndrej Mosnacek #define AEGIS_BLOCK_ALIGN (__alignof__(union aegis_block)) 25f606a88eSOndrej Mosnacek #define AEGIS_ALIGNED(p) IS_ALIGNED((uintptr_t)p, AEGIS_BLOCK_ALIGN) 26f606a88eSOndrej Mosnacek 27f606a88eSOndrej Mosnacek static const union aegis_block crypto_aegis_const[2] = { 28f606a88eSOndrej Mosnacek { .words64 = { 29f606a88eSOndrej Mosnacek cpu_to_le64(U64_C(0x0d08050302010100)), 30f606a88eSOndrej Mosnacek cpu_to_le64(U64_C(0x6279e99059372215)), 31f606a88eSOndrej Mosnacek } }, 32f606a88eSOndrej Mosnacek { .words64 = { 33f606a88eSOndrej Mosnacek cpu_to_le64(U64_C(0xf12fc26d55183ddb)), 34f606a88eSOndrej Mosnacek cpu_to_le64(U64_C(0xdd28b57342311120)), 35f606a88eSOndrej Mosnacek } }, 36f606a88eSOndrej Mosnacek }; 37f606a88eSOndrej Mosnacek 38f606a88eSOndrej Mosnacek static void crypto_aegis_block_xor(union aegis_block *dst, 39f606a88eSOndrej Mosnacek const union aegis_block *src) 40f606a88eSOndrej Mosnacek { 41f606a88eSOndrej Mosnacek dst->words64[0] ^= src->words64[0]; 42f606a88eSOndrej Mosnacek dst->words64[1] ^= src->words64[1]; 43f606a88eSOndrej Mosnacek } 44f606a88eSOndrej Mosnacek 45f606a88eSOndrej Mosnacek static void crypto_aegis_block_and(union aegis_block *dst, 46f606a88eSOndrej Mosnacek const union aegis_block *src) 47f606a88eSOndrej Mosnacek { 48f606a88eSOndrej Mosnacek dst->words64[0] &= src->words64[0]; 49f606a88eSOndrej Mosnacek dst->words64[1] &= src->words64[1]; 50f606a88eSOndrej Mosnacek } 51f606a88eSOndrej Mosnacek 52f606a88eSOndrej Mosnacek static void crypto_aegis_aesenc(union aegis_block *dst, 53f606a88eSOndrej Mosnacek const union aegis_block *src, 54f606a88eSOndrej Mosnacek const union aegis_block *key) 55f606a88eSOndrej Mosnacek { 56f606a88eSOndrej Mosnacek const u8 *s = src->bytes; 57*521cdde7SArd Biesheuvel const u32 *t = crypto_ft_tab[0]; 58f606a88eSOndrej Mosnacek u32 d0, d1, d2, d3; 59f606a88eSOndrej Mosnacek 60*521cdde7SArd Biesheuvel d0 = t[s[ 0]] ^ rol32(t[s[ 5]], 8) ^ rol32(t[s[10]], 16) ^ rol32(t[s[15]], 24); 61*521cdde7SArd Biesheuvel d1 = t[s[ 4]] ^ rol32(t[s[ 9]], 8) ^ rol32(t[s[14]], 16) ^ rol32(t[s[ 3]], 24); 62*521cdde7SArd Biesheuvel d2 = t[s[ 8]] ^ rol32(t[s[13]], 8) ^ rol32(t[s[ 2]], 16) ^ rol32(t[s[ 7]], 24); 63*521cdde7SArd Biesheuvel d3 = t[s[12]] ^ rol32(t[s[ 1]], 8) ^ rol32(t[s[ 6]], 16) ^ rol32(t[s[11]], 24); 64f606a88eSOndrej Mosnacek 654a34e3c2SArd Biesheuvel dst->words32[0] = cpu_to_le32(d0) ^ key->words32[0]; 664a34e3c2SArd Biesheuvel dst->words32[1] = cpu_to_le32(d1) ^ key->words32[1]; 674a34e3c2SArd Biesheuvel dst->words32[2] = cpu_to_le32(d2) ^ key->words32[2]; 684a34e3c2SArd Biesheuvel dst->words32[3] = cpu_to_le32(d3) ^ key->words32[3]; 69f606a88eSOndrej Mosnacek } 70f606a88eSOndrej Mosnacek 71f606a88eSOndrej Mosnacek #endif /* _CRYPTO_AEGIS_H */ 72