This patch adds the twofish i586 assembler routine.
Changes since the last version:
- The keysetup is now handled by the twofish_common.c (see patch 1 )
Correctness was verified with the tcrypt module and automated test scripts.
Signed-off-by: Joachim Fritschi <[email protected]>
diff -uprN linux-2.6.17-rc5.twofish2/arch/i386/crypto/Makefile
linux-2.6.17-rc5.twofish3/arch/i386/crypto/Makefile
--- linux-2.6.17-rc5.twofish2/arch/i386/crypto/Makefile 2006-05-30
19:43:48.768000198 +0200
+++ linux-2.6.17-rc5.twofish3/arch/i386/crypto/Makefile 2006-05-30
20:06:10.880715217 +0200
@@ -5,5 +5,8 @@
#
obj-$(CONFIG_CRYPTO_AES_586) += aes-i586.o
+obj-$(CONFIG_CRYPTO_TWOFISH_586) += twofish-i586.o
aes-i586-y := aes-i586-asm.o aes.o
+twofish-i586-y := twofish-i586-asm.o
twofish.o ../../../crypto/twofish_common.o
+
diff -uprN linux-2.6.17-rc5.twofish2/arch/i386/crypto/twofish.c
linux-2.6.17-rc5.twofish3/arch/i386/crypto/twofish.c
--- linux-2.6.17-rc5.twofish2/arch/i386/crypto/twofish.c 1970-01-01
01:00:00.000000000 +0100
+++ linux-2.6.17-rc5.twofish3/arch/i386/crypto/twofish.c 2006-05-30
20:04:16.279682770 +0200
@@ -0,0 +1,88 @@
+/*
+ * Glue Code for optimized 586 assembler version of TWOFISH
+ *
+ * Originally Twofish for GPG
+ * By Matthew Skala <[email protected]>, July 26, 1998
+ * 256-bit key length added March 20, 1999
+ * Some modifications to reduce the text size by Werner Koch, April, 1998
+ * Ported to the kerneli patch by Marc Mutz <[email protected]>
+ * Ported to CryptoAPI by Colin Slater <[email protected]>
+ *
+ * The original author has disclaimed all copyright interest in this
+ * code and thus put it in the public domain. The subsequent authors
+ * have put this under the GNU General Public License.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+ * USA
+ *
+ * This code is a "clean room" implementation, written from the paper
+ * _Twofish: A 128-Bit Block Cipher_ by Bruce Schneier, John Kelsey,
+ * Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, available
+ * through http://www.counterpane.com/twofish.html
+ *
+ * For background information on multiplication in finite fields, used for
+ * the matrix operations in the key schedule, see the book _Contemporary
+ * Abstract Algebra_ by Joseph A. Gallian, especially chapter 22 in the
+ * Third Edition.
+ */
+
+#include <asm/byteorder.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/errno.h>
+#include <linux/crypto.h>
+#include <linux/bitops.h>
+#include <crypto/twofish.h>
+
+
+asmlinkage void twofish_enc_blk(void *ctx, u8 *dst, const u8 *src);
+
+asmlinkage void twofish_dec_blk(void *ctx, u8 *dst, const u8 *src);
+
+
+static struct crypto_alg alg = {
+ .cra_name = "twofish",
+ .cra_driver_name = "twofish-i586",
+ .cra_priority = 200,
+ .cra_flags = CRYPTO_ALG_TYPE_CIPHER,
+ .cra_blocksize = TF_BLOCK_SIZE,
+ .cra_ctxsize = sizeof(struct twofish_ctx),
+ .cra_alignmask = 3,
+ .cra_module = THIS_MODULE,
+ .cra_list = LIST_HEAD_INIT(alg.cra_list),
+ .cra_u = { .cipher = {
+ .cia_min_keysize = TF_MIN_KEY_SIZE,
+ .cia_max_keysize = TF_MAX_KEY_SIZE,
+ .cia_setkey = twofish_setkey,
+ .cia_encrypt = twofish_enc_blk,
+ .cia_decrypt = twofish_dec_blk } }
+};
+
+static int __init init(void)
+{
+ return crypto_register_alg(&alg);
+}
+
+static void __exit fini(void)
+{
+ crypto_unregister_alg(&alg);
+}
+
+module_init(init);
+module_exit(fini);
+
+MODULE_LICENSE("GPL");
+MODULE_DESCRIPTION ("Twofish Cipher Algorithm, i586 asm optimized");
diff -uprN linux-2.6.17-rc5.twofish2/arch/i386/crypto/twofish-i586-asm.S
linux-2.6.17-rc5.twofish3/arch/i386/crypto/twofish-i586-asm.S
--- linux-2.6.17-rc5.twofish2/arch/i386/crypto/twofish-i586-asm.S 1970-01-01
01:00:00.000000000 +0100
+++ linux-2.6.17-rc5.twofish3/arch/i386/crypto/twofish-i586-asm.S 2006-05-30
20:00:47.825035584 +0200
@@ -0,0 +1,377 @@
+ /***************************************************************************
+ * Copyright (C) 2006 by Joachim Fritschi, <[email protected]> *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
+.file "twofish-i586-asm.S"
+.text
+
+/* return adress at 0 */
+
+#define in_blk 12 /* input byte array address parameter*/
+#define out_blk 8 /* output byte array address parameter*/
+#define ctx 4 /* Twofish context structure */
+
+#define a_offset 0
+#define b_offset 4
+#define c_offset 8
+#define d_offset 12
+
+/* Structure of the crypto context struct*/
+
+#define s0 0 /* S0 Array 256 Words each */
+#define s1 1024 /* S1 Array */
+#define s2 2048 /* S2 Array */
+#define s3 3072 /* S3 Array */
+#define w 4096 /* 8 whitening keys (word) */
+#define k 4128 /* key 1-32 ( word ) */
+
+
+
+
+/* register aliases for better reading */
+
+#define r0 eax
+#define r1 ebx
+#define r2 ecx
+#define r3 edx
+#define r4 esi
+#define r5 edi
+
+
+
+#define eaxl al
+#define eaxh ah
+#define ebxl bl
+#define ebxh bh
+#define ecxl cl
+#define ecxh ch
+#define edxl dl
+#define edxh dh
+
+
+#define _h(reg) reg##h
+#define h(reg) _h(reg)
+
+#define _l(reg) reg##l
+#define l(reg) _l(reg)
+
+/*load input word with whitening */
+
+#define get_input(input_adress,offset,dst,context)\
+ load_input(input_adress,offset,dst);\
+ input_whitening(dst,context,offset);
+
+#define get_dec_input(input_adress,offset,dst,context)\
+ load_dec_input(input_adress,offset,dst);\
+ dec_input_whitening(dst,context,offset);
+
+/* perform output whitening and save value. Old value is saved */
+#define process_output(dst,src,tmp,context,offset)\
+ output_whitening(src,tmp,context,offset);\
+ save_output(dst,offset,tmp);
+
+/* perform output whitening and save value. The old value is destoyed */
+#define destructive_process_output(dst,src,context,offset)\
+ destructive_output_whitening(src,context,offset);\
+ save_output(dst,offset,src);
+
+/* perform output whitening and save value. Old value is saved */
+#define process_dec_output(dst,src,tmp,context,offset)\
+ dec_output_whitening(src,tmp,context,offset);\
+ save_output(dst,offset,tmp);
+
+/* perform output whitening and save value. The old value is destoyed */
+#define destructive_process_dec_output(dst,src,context,offset)\
+ destructive_dec_output_whitening(src,context,offset);\
+ save_output(dst,offset,src);
+
+/* load input */
+#define load_input(input_adress,offset,dst)\
+ mov offset(%input_adress), %dst;
+
+#define load_dec_input(input_adress,offset,dst)\
+ mov offset(%input_adress), %dst;
+
+/* performs input whitening */
+#define input_whitening(src,context,offset)\
+ xor w+offset(%context), %src;\
+
+#define dec_input_whitening(src,context,offset)\
+ xor w+16+offset(%context), %src;
+
+/* performs decryption output whitening */
+/* Result is in dst, the original value is still intact */
+#define dec_output_whitening(src,dst,context,offset)\
+ mov w+offset(%context), %dst;\
+ xor %src,%dst;
+
+/* performs encryption output whitening */
+/* Result is in dst, the original value is still intact */
+#define output_whitening(src,dst,context,offset)\
+ mov w+16+offset(%context), %dst;\
+ xor %src,%dst;
+
+/* performs encryption output whitening */
+/* Result is in dst, the original value is destroyed */
+#define destructive_output_whitening(src,context,offset)\
+ xor w+16+offset(%context), %src;\
+
+/* performs decryption output whitening */
+/* Result is in dst, the original value is destroyed */
+#define destructive_dec_output_whitening(src,context,offset)\
+ xor w+offset(%context), %src;\
+
+/* save the output values */
+#define save_output(output_adress,offset,src)\
+ mov %src,offset(%output_adress);\
+
+/* load sbox values */
+#define load_s(context,sbox,index,dst)\
+ xor sbox(%context,%index,4),%dst;\
+
+/* performs "a" sbox transfomation */
+/* input value is still intact but rotatet */
+#define g1(context,input,dst,tmp)\
+ xor %dst,%dst;\
+ movzx %l(input),%tmp;\
+ load_s(context,s0,tmp,dst);\
+ movzx %h(input),%tmp;\
+ load_s(context,s1,tmp,dst);\
+ ror $16,%input;\
+ movzx %l(input),%tmp;\
+ load_s(context,s2,tmp,dst);\
+ movzx %h(input),%tmp;\
+ load_s(context,s3,tmp,dst);\
+
+/* performs "b" sbox transfomation */
+/* input value is still intact but rotatet */
+#define g2(context,input,dst,tmp)\
+ xor %dst,%dst;\
+ movzx %l(input),%tmp;\
+ load_s(context,s1,tmp,dst);\
+ movzx %h(input),%tmp;\
+ load_s(context,s2,tmp,dst);\
+ ror $16,%input;\
+ movzx %l(input),%tmp;\
+ load_s(context,s3,tmp,dst);\
+ movzx %h(input),%tmp;\
+ load_s(context,s0,tmp,dst);\
+ ;
+
+/* Pseudo Harmann Transfomation */
+#define pht(a,b)\
+ add %b,%a;\
+ add %a,%b;
+
+/* Adds the round keys to a and b */
+#define round_key(context,a,b,round)\
+ add k+round(%context),%a;\
+ add k+4+round(%context),%b;\
+
+
+/* Input in a and b , output in fa fb */
+/* a and b a prerotate for the next round */
+#define f_function(context,a,b,fa,fb,tmp3,round)\
+ g1(context,a,fa,tmp3);\
+ g2(context,b,fb,tmp3);\
+ ror $16,%a;\
+ ror $15,%b;\
+ pht(fa,fb);\
+ round_key(context,fa,fb,round);
+
+
+/* Input in a and b , output in fa fb */
+/* a and b a prerotate for the next round */
+#define reverse_f_function(context,a,b,fa,fb,tmp3,round)\
+ g1(context,a,fa,tmp3);\
+ g2(context,b,fb,tmp3);\
+ ror $15,%a;\
+ ror $16,%b;\
+ pht(fa,fb);\
+ round_key(context,fa,fb,round);
+
+
+/* Output in a and b */
+/* olda contains the a of the round before, cuts down stack use to one push /
pop per round for the oldb */
+/* b is alread pre rotated (rol 1) in the f funtion to save one instruction
*/
+#define round(context,a,b,tmp1,tmp2,tmp3,olda,round)\
+ f_function(context,a,b,tmp1,tmp2,tmp3,round);\
+ mov %b,%tmp3;\
+ pop %b;\
+ push %tmp3;\
+ xor %tmp2,%b;\
+ xor %tmp1,%olda;\
+ ror $1,%olda;
+
+
+/* Output in a and b */
+/* olda contains the a of the round before, cuts donw stack use to one push /
pop per round for the oldb */
+/* a is alread pre rotated (rol 1) in the f funtion to save one instruction
*/
+#define dec_round(context,a,b,tmp1,tmp2,tmp3,olda,round)\
+ reverse_f_function(context,a,b,tmp1,tmp2,tmp3,round);\
+ xor %tmp1,%olda;\
+ mov %b,%tmp3;\
+ pop %b;\
+ push %tmp3;\
+ xor %tmp2,%b;\
+ ror $1,%b;
+
+
+
+.align 4
+.global twofish_enc_blk
+.global twofish_dec_blk
+
+
+
+twofish_enc_blk:
+ push %ebp /* save registers according to calling convention*/
+ push %r1
+ push %esi
+ push %edi
+
+
+ mov ctx + 16(%esp),%ebp /* abuse the base pointer: set new base bointer to
the crypto ctx */
+ mov in_blk+16(%esp),%r5 /* input adress in r5 */
+
+ get_input(r5,a_offset,r0,ebp);
+ get_input(r5,b_offset,r1,ebp);
+
+ /* To save a few instructions round 1 is unrolled */
+
+ f_function(ebp,r0,r1,r2,r3,r4,0); //ouput in r2 r3
+ push %r1;
+
+ get_input(r5,c_offset,r1,ebp);
+ get_input(r5,d_offset,r4,ebp);
+ xor %r1,%r2;\
+ ror $1,%r2;\
+ rol $1,%r4;\
+ xor %r4,%r3;
+
+
+ round(ebp,r2,r3,r4,r5,r1,r0,1*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,2*8);
+ round(ebp,r2,r3,r4,r5,r1,r0,3*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,4*8);
+ round(ebp,r2,r3,r4,r5,r1,r0,5*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,6*8);
+ round(ebp,r2,r3,r4,r5,r1,r0,7*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,8*8);
+ round(ebp,r2,r3,r4,r5,r1,r0,9*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,10*8);
+ round(ebp,r2,r3,r4,r5,r1,r0,11*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,12*8);
+ round(ebp,r2,r3,r4,r5,r1,r0,13*8);
+ round(ebp,r0,r3,r4,r5,r1,r2,14*8);
+
+ /* To save a few instructions round 15 is unrolled */
+
+ mov out_blk+20(%esp),%r1;
+ process_output(r1,r2,r4,ebp,a_offset);
+ process_output(r1,r3,r4,ebp,b_offset);
+ g1(ebp,r2,r4,r1);
+ g2(ebp,r3,r5,r1);
+ pht(r4,r5);
+ round_key(ebp,r4,r5,15*8);
+ pop %r1;
+ xor %r5,%r1;
+ xor %r4,%r0;
+ ror $1,%r0;
+
+ mov out_blk+16(%esp),%r3
+ destructive_process_output(r3,r0,ebp,c_offset);
+ destructive_process_output(r3,r1,ebp,d_offset);
+
+ pop %edi
+ pop %esi
+ pop %r1
+ pop %ebp
+ mov $1,%r0
+ ret
+
+twofish_dec_blk:
+ push %ebp /* save registers according to calling convention*/
+ push %r1
+ push %esi
+ push %edi
+
+
+ mov ctx + 16(%esp),%ebp /* abuse the base pointer: set new base bointer to
the crypto ctx */
+ mov in_blk+16(%esp),%r5 /* output adress in r5 */
+
+ /* To save a few instructions round 15 is unrolled */
+ get_dec_input(r5,a_offset,r0,ebp);
+ get_dec_input(r5,b_offset,r1,ebp);
+
+ reverse_f_function(ebp,r0,r1,r2,r3,r4,15*8);
+
+ push %r1; /* save oldb for next rount */
+
+ get_dec_input(r5,c_offset,r1,ebp);
+ get_dec_input(r5,d_offset,r4,ebp);
+ xor %r4,%r3;
+ ror $1,%r3;
+ rol $1,%r1;
+ xor %r1,%r2;
+
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,14*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,13*8);
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,12*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,11*8);
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,10*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,9*8);
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,8*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,7*8);
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,6*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,5*8);
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,4*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,3*8);
+ dec_round(ebp,r2,r3,r4,r5,r1,r0,2*8);
+ dec_round(ebp,r0,r3,r4,r5,r1,r2,8);
+
+ /* To save a few instructions round 0 is unrolled */
+ mov out_blk+20(%esp),%r1;
+ process_dec_output(r1,r2,r4,ebp,a_offset);
+ process_dec_output(r1,r3,r4,ebp,b_offset);
+ g1(ebp,r2,r4,r1);
+ g2(ebp,r3,r5,r1);
+ pht(r4,r5);
+ round_key(ebp,r4,r5,0);
+
+ pop %r1;
+ xor %r1,%r5
+ ror $1,%r5
+ xor %r0,%r4
+
+
+
+ mov out_blk+16(%esp),%r3
+ destructive_process_dec_output(r3,r4,ebp,c_offset);
+ destructive_process_dec_output(r3,r5,ebp,d_offset);
+
+ pop %edi
+ pop %esi
+ pop %r1
+ pop %ebp
+ mov $1,%r0
+ ret
+
+
+
+
diff -uprN linux-2.6.17-rc5.twofish2/crypto/Kconfig
linux-2.6.17-rc5.twofish3/crypto/Kconfig
--- linux-2.6.17-rc5.twofish2/crypto/Kconfig 2006-05-30 19:44:02.607579102
+0200
+++ linux-2.6.17-rc5.twofish3/crypto/Kconfig 2006-05-30 20:00:47.841035197
+0200
@@ -142,6 +142,20 @@ config CRYPTO_TWOFISH
See also:
<http://www.schneier.com/twofish.html>
+config CRYPTO_TWOFISH_586
+ tristate "Twofish cipher algorithms (i586)"
+ depends on CRYPTO && ((X86 || UML_X86) && !64BIT)
+ help
+ Twofish cipher algorithm.
+
+ Twofish was submitted as an AES (Advanced Encryption Standard)
+ candidate cipher by researchers at CounterPane Systems. It is a
+ 16 round block cipher supporting key sizes of 128, 192, and 256
+ bits.
+
+ See also:
+ <http://www.schneier.com/twofish.html>
+
config CRYPTO_SERPENT
tristate "Serpent cipher algorithm"
depends on CRYPTO
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]