arm64/crypto: AES-ECB/CBC/CTR/XTS using ARMv8 NEON and Crypto Extensions

	select CRYPTO_AES

	select CRYPTO_AEAD

config CRYPTO_AES_ARM64_CE_BLK

	tristate "AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions"

	depends on ARM64 && KERNEL_MODE_NEON

	select CRYPTO_BLKCIPHER

	select CRYPTO_AES

	select CRYPTO_ABLK_HELPER

config CRYPTO_AES_ARM64_NEON_BLK

	tristate "AES in ECB/CBC/CTR/XTS modes using NEON instructions"

	depends on ARM64 && KERNEL_MODE_NEON

	select CRYPTO_BLKCIPHER

	select CRYPTO_AES

	select CRYPTO_ABLK_HELPER

endif

obj-$(CONFIG_CRYPTO_AES_ARM64_CE_CCM) += aes-ce-ccm.o

aes-ce-ccm-y := aes-ce-ccm-glue.o aes-ce-ccm-core.o

obj-$(CONFIG_CRYPTO_AES_ARM64_CE_BLK) += aes-ce-blk.o

aes-ce-blk-y := aes-glue-ce.o aes-ce.o

obj-$(CONFIG_CRYPTO_AES_ARM64_NEON_BLK) += aes-neon-blk.o

aes-neon-blk-y := aes-glue-neon.o aes-neon.o

AFLAGS_aes-ce.o		:= -DINTERLEAVE=2 -DINTERLEAVE_INLINE

AFLAGS_aes-neon.o	:= -DINTERLEAVE=4

CFLAGS_aes-glue-ce.o	:= -DUSE_V8_CRYPTO_EXTENSIONS

$(obj)/aes-glue-%.o: $(src)/aes-glue.c FORCE

	$(call if_changed_dep,cc_o_c)

/*

 * linux/arch/arm64/crypto/aes-ce.S - AES cipher for ARMv8 with

 *                                    Crypto Extensions

 *

 * Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */

#include <linux/linkage.h>

#define AES_ENTRY(func)		ENTRY(ce_ ## func)

#define AES_ENDPROC(func)	ENDPROC(ce_ ## func)

	.arch		armv8-a+crypto

	/* preload all round keys */

	.macro		load_round_keys, rounds, rk

	cmp		\rounds, #12

	blo		2222f		/* 128 bits */

	beq		1111f		/* 192 bits */

	ld1		{v17.16b-v18.16b}, [\rk], #32

1111:	ld1		{v19.16b-v20.16b}, [\rk], #32

2222:	ld1		{v21.16b-v24.16b}, [\rk], #64

	ld1		{v25.16b-v28.16b}, [\rk], #64

	ld1		{v29.16b-v31.16b}, [\rk]

	.endm

	/* prepare for encryption with key in rk[] */

	.macro		enc_prepare, rounds, rk, ignore

	load_round_keys	\rounds, \rk

	.endm

	/* prepare for encryption (again) but with new key in rk[] */

	.macro		enc_switch_key, rounds, rk, ignore

	load_round_keys	\rounds, \rk

	.endm

	/* prepare for decryption with key in rk[] */

	.macro		dec_prepare, rounds, rk, ignore

	load_round_keys	\rounds, \rk

	.endm

	.macro		do_enc_Nx, de, mc, k, i0, i1, i2, i3

	aes\de		\i0\().16b, \k\().16b

	.ifnb		\i1

	aes\de		\i1\().16b, \k\().16b

	.ifnb		\i3

	aes\de		\i2\().16b, \k\().16b

	aes\de		\i3\().16b, \k\().16b

	.endif

	.endif

	aes\mc		\i0\().16b, \i0\().16b

	.ifnb		\i1

	aes\mc		\i1\().16b, \i1\().16b

	.ifnb		\i3

	aes\mc		\i2\().16b, \i2\().16b

	aes\mc		\i3\().16b, \i3\().16b

	.endif

	.endif

	.endm

	/* up to 4 interleaved encryption rounds with the same round key */

	.macro		round_Nx, enc, k, i0, i1, i2, i3

	.ifc		\enc, e

	do_enc_Nx	e, mc, \k, \i0, \i1, \i2, \i3

	.else

	do_enc_Nx	d, imc, \k, \i0, \i1, \i2, \i3

	.endif

	.endm

	/* up to 4 interleaved final rounds */

	.macro		fin_round_Nx, de, k, k2, i0, i1, i2, i3

	aes\de		\i0\().16b, \k\().16b

	.ifnb		\i1

	aes\de		\i1\().16b, \k\().16b

	.ifnb		\i3

	aes\de		\i2\().16b, \k\().16b

	aes\de		\i3\().16b, \k\().16b

	.endif

	.endif

	eor		\i0\().16b, \i0\().16b, \k2\().16b

	.ifnb		\i1

	eor		\i1\().16b, \i1\().16b, \k2\().16b

	.ifnb		\i3

	eor		\i2\().16b, \i2\().16b, \k2\().16b

	eor		\i3\().16b, \i3\().16b, \k2\().16b

	.endif

	.endif

	.endm

	/* up to 4 interleaved blocks */

	.macro		do_block_Nx, enc, rounds, i0, i1, i2, i3

	cmp		\rounds, #12

	blo		2222f		/* 128 bits */

	beq		1111f		/* 192 bits */

	round_Nx	\enc, v17, \i0, \i1, \i2, \i3

	round_Nx	\enc, v18, \i0, \i1, \i2, \i3

1111:	round_Nx	\enc, v19, \i0, \i1, \i2, \i3

	round_Nx	\enc, v20, \i0, \i1, \i2, \i3

2222:	.irp		key, v21, v22, v23, v24, v25, v26, v27, v28, v29

	round_Nx	\enc, \key, \i0, \i1, \i2, \i3

	.endr

	fin_round_Nx	\enc, v30, v31, \i0, \i1, \i2, \i3

	.endm

	.macro		encrypt_block, in, rounds, t0, t1, t2

	do_block_Nx	e, \rounds, \in

	.endm

	.macro		encrypt_block2x, i0, i1, rounds, t0, t1, t2

	do_block_Nx	e, \rounds, \i0, \i1

	.endm

	.macro		encrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2

	do_block_Nx	e, \rounds, \i0, \i1, \i2, \i3

	.endm

	.macro		decrypt_block, in, rounds, t0, t1, t2

	do_block_Nx	d, \rounds, \in

	.endm

	.macro		decrypt_block2x, i0, i1, rounds, t0, t1, t2

	do_block_Nx	d, \rounds, \i0, \i1

	.endm

	.macro		decrypt_block4x, i0, i1, i2, i3, rounds, t0, t1, t2

	do_block_Nx	d, \rounds, \i0, \i1, \i2, \i3

	.endm

#include "aes-modes.S"

/*

 * linux/arch/arm64/crypto/aes-glue.c - wrapper code for ARMv8 AES

 *

 * Copyright (C) 2013 Linaro Ltd <ard.biesheuvel@linaro.org>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */

#include <asm/neon.h>

#include <asm/hwcap.h>

#include <crypto/aes.h>

#include <crypto/ablk_helper.h>

#include <crypto/algapi.h>

#include <linux/module.h>

#include <linux/cpufeature.h>

#ifdef USE_V8_CRYPTO_EXTENSIONS

#define MODE			"ce"

#define PRIO			300

#define aes_ecb_encrypt		ce_aes_ecb_encrypt

#define aes_ecb_decrypt		ce_aes_ecb_decrypt

#define aes_cbc_encrypt		ce_aes_cbc_encrypt

#define aes_cbc_decrypt		ce_aes_cbc_decrypt

#define aes_ctr_encrypt		ce_aes_ctr_encrypt

#define aes_xts_encrypt		ce_aes_xts_encrypt

#define aes_xts_decrypt		ce_aes_xts_decrypt

MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 Crypto Extensions");

#else

#define MODE			"neon"

#define PRIO			200

#define aes_ecb_encrypt		neon_aes_ecb_encrypt

#define aes_ecb_decrypt		neon_aes_ecb_decrypt

#define aes_cbc_encrypt		neon_aes_cbc_encrypt

#define aes_cbc_decrypt		neon_aes_cbc_decrypt

#define aes_ctr_encrypt		neon_aes_ctr_encrypt

#define aes_xts_encrypt		neon_aes_xts_encrypt

#define aes_xts_decrypt		neon_aes_xts_decrypt

MODULE_DESCRIPTION("AES-ECB/CBC/CTR/XTS using ARMv8 NEON");

MODULE_ALIAS("ecb(aes)");

MODULE_ALIAS("cbc(aes)");

MODULE_ALIAS("ctr(aes)");

MODULE_ALIAS("xts(aes)");

#endif

MODULE_AUTHOR("Ard Biesheuvel <ard.biesheuvel@linaro.org>");

MODULE_LICENSE("GPL v2");

/* defined in aes-modes.S */

asmlinkage void aes_ecb_encrypt(u8 out[], u8 const in[], u8 const rk[],

				int rounds, int blocks, int first);

asmlinkage void aes_ecb_decrypt(u8 out[], u8 const in[], u8 const rk[],

				int rounds, int blocks, int first);

asmlinkage void aes_cbc_encrypt(u8 out[], u8 const in[], u8 const rk[],

				int rounds, int blocks, u8 iv[], int first);

asmlinkage void aes_cbc_decrypt(u8 out[], u8 const in[], u8 const rk[],

				int rounds, int blocks, u8 iv[], int first);

asmlinkage void aes_ctr_encrypt(u8 out[], u8 const in[], u8 const rk[],

				int rounds, int blocks, u8 ctr[], int first);

asmlinkage void aes_xts_encrypt(u8 out[], u8 const in[], u8 const rk1[],

				int rounds, int blocks, u8 const rk2[], u8 iv[],

				int first);

asmlinkage void aes_xts_decrypt(u8 out[], u8 const in[], u8 const rk1[],

				int rounds, int blocks, u8 const rk2[], u8 iv[],

				int first);

struct crypto_aes_xts_ctx {

	struct crypto_aes_ctx key1;

	struct crypto_aes_ctx __aligned(8) key2;

};

static int xts_set_key(struct crypto_tfm *tfm, const u8 *in_key,

		       unsigned int key_len)

{

	struct crypto_aes_xts_ctx *ctx = crypto_tfm_ctx(tfm);

	int ret;

	ret = crypto_aes_expand_key(&ctx->key1, in_key, key_len / 2);

	if (!ret)

		ret = crypto_aes_expand_key(&ctx->key2, &in_key[key_len / 2],

					    key_len / 2);

	if (!ret)

		return 0;

	tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;

	return -EINVAL;

}

static int ecb_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key_length / 4;

	struct blkcipher_walk walk;

	unsigned int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt(desc, &walk);

	kernel_neon_begin();

	for (first = 1; (blocks = (walk.nbytes / AES_BLOCK_SIZE)); first = 0) {

		aes_ecb_encrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key_enc, rounds, blocks, first);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static int ecb_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key_length / 4;

	struct blkcipher_walk walk;

	unsigned int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt(desc, &walk);

	kernel_neon_begin();

	for (first = 1; (blocks = (walk.nbytes / AES_BLOCK_SIZE)); first = 0) {

		aes_ecb_decrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key_dec, rounds, blocks, first);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static int cbc_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key_length / 4;

	struct blkcipher_walk walk;

	unsigned int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt(desc, &walk);

	kernel_neon_begin();

	for (first = 1; (blocks = (walk.nbytes / AES_BLOCK_SIZE)); first = 0) {

		aes_cbc_encrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key_enc, rounds, blocks, walk.iv,

				first);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static int cbc_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key_length / 4;

	struct blkcipher_walk walk;

	unsigned int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt(desc, &walk);

	kernel_neon_begin();

	for (first = 1; (blocks = (walk.nbytes / AES_BLOCK_SIZE)); first = 0) {

		aes_cbc_decrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key_dec, rounds, blocks, walk.iv,

				first);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static int ctr_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key_length / 4;

	struct blkcipher_walk walk;

	int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt_block(desc, &walk, AES_BLOCK_SIZE);

	first = 1;

	kernel_neon_begin();

	while ((blocks = (walk.nbytes / AES_BLOCK_SIZE))) {

		aes_ctr_encrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key_enc, rounds, blocks, walk.iv,

				first);

		first = 0;

		nbytes -= blocks * AES_BLOCK_SIZE;

		if (nbytes && nbytes == walk.nbytes % AES_BLOCK_SIZE)

			break;

		err = blkcipher_walk_done(desc, &walk,

					  walk.nbytes % AES_BLOCK_SIZE);

	}

	if (nbytes) {

		u8 *tdst = walk.dst.virt.addr + blocks * AES_BLOCK_SIZE;

		u8 *tsrc = walk.src.virt.addr + blocks * AES_BLOCK_SIZE;

		u8 __aligned(8) tail[AES_BLOCK_SIZE];

		/*

		 * Minimum alignment is 8 bytes, so if nbytes is <= 8, we need

		 * to tell aes_ctr_encrypt() to only read half a block.

		 */

		blocks = (nbytes <= 8) ? -1 : 1;

		aes_ctr_encrypt(tail, tsrc, (u8 *)ctx->key_enc, rounds,

				blocks, walk.iv, first);

		memcpy(tdst, tail, nbytes);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static int xts_encrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key1.key_length / 4;

	struct blkcipher_walk walk;

	unsigned int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt(desc, &walk);

	kernel_neon_begin();

	for (first = 1; (blocks = (walk.nbytes / AES_BLOCK_SIZE)); first = 0) {

		aes_xts_encrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key1.key_enc, rounds, blocks,

				(u8 *)ctx->key2.key_enc, walk.iv, first);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static int xts_decrypt(struct blkcipher_desc *desc, struct scatterlist *dst,

		       struct scatterlist *src, unsigned int nbytes)

{

	struct crypto_aes_xts_ctx *ctx = crypto_blkcipher_ctx(desc->tfm);

	int err, first, rounds = 6 + ctx->key1.key_length / 4;

	struct blkcipher_walk walk;

	unsigned int blocks;

	desc->flags &= ~CRYPTO_TFM_REQ_MAY_SLEEP;

	blkcipher_walk_init(&walk, dst, src, nbytes);

	err = blkcipher_walk_virt(desc, &walk);

	kernel_neon_begin();

	for (first = 1; (blocks = (walk.nbytes / AES_BLOCK_SIZE)); first = 0) {

		aes_xts_decrypt(walk.dst.virt.addr, walk.src.virt.addr,

				(u8 *)ctx->key1.key_dec, rounds, blocks,

				(u8 *)ctx->key2.key_enc, walk.iv, first);

		err = blkcipher_walk_done(desc, &walk, 0);

	}

	kernel_neon_end();

	return err;

}

static struct crypto_alg aes_algs[] = { {

	.cra_name		= "__ecb-aes-" MODE,

	.cra_driver_name	= "__driver-ecb-aes-" MODE,

	.cra_priority		= 0,

	.cra_flags		= CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct crypto_aes_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_blkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_blkcipher = {

		.min_keysize	= AES_MIN_KEY_SIZE,

		.max_keysize	= AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= crypto_aes_set_key,

		.encrypt	= ecb_encrypt,

		.decrypt	= ecb_decrypt,

	},

}, {

	.cra_name		= "__cbc-aes-" MODE,

	.cra_driver_name	= "__driver-cbc-aes-" MODE,

	.cra_priority		= 0,

	.cra_flags		= CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct crypto_aes_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_blkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_blkcipher = {

		.min_keysize	= AES_MIN_KEY_SIZE,

		.max_keysize	= AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= crypto_aes_set_key,

		.encrypt	= cbc_encrypt,

		.decrypt	= cbc_decrypt,

	},

}, {

	.cra_name		= "__ctr-aes-" MODE,

	.cra_driver_name	= "__driver-ctr-aes-" MODE,

	.cra_priority		= 0,

	.cra_flags		= CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		= 1,

	.cra_ctxsize		= sizeof(struct crypto_aes_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_blkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_blkcipher = {

		.min_keysize	= AES_MIN_KEY_SIZE,

		.max_keysize	= AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= crypto_aes_set_key,

		.encrypt	= ctr_encrypt,

		.decrypt	= ctr_encrypt,

	},

}, {

	.cra_name		= "__xts-aes-" MODE,

	.cra_driver_name	= "__driver-xts-aes-" MODE,

	.cra_priority		= 0,

	.cra_flags		= CRYPTO_ALG_TYPE_BLKCIPHER,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct crypto_aes_xts_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_blkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_blkcipher = {

		.min_keysize	= 2 * AES_MIN_KEY_SIZE,

		.max_keysize	= 2 * AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= xts_set_key,

		.encrypt	= xts_encrypt,

		.decrypt	= xts_decrypt,

	},

}, {

	.cra_name		= "ecb(aes)",

	.cra_driver_name	= "ecb-aes-" MODE,

	.cra_priority		= PRIO,

	.cra_flags		= CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct async_helper_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_ablkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_init		= ablk_init,

	.cra_exit		= ablk_exit,

	.cra_ablkcipher = {

		.min_keysize	= AES_MIN_KEY_SIZE,

		.max_keysize	= AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= ablk_set_key,

		.encrypt	= ablk_encrypt,

		.decrypt	= ablk_decrypt,

	}

}, {

	.cra_name		= "cbc(aes)",

	.cra_driver_name	= "cbc-aes-" MODE,

	.cra_priority		= PRIO,

	.cra_flags		= CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct async_helper_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_ablkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_init		= ablk_init,

	.cra_exit		= ablk_exit,

	.cra_ablkcipher = {

		.min_keysize	= AES_MIN_KEY_SIZE,

		.max_keysize	= AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= ablk_set_key,

		.encrypt	= ablk_encrypt,

		.decrypt	= ablk_decrypt,

	}

}, {

	.cra_name		= "ctr(aes)",

	.cra_driver_name	= "ctr-aes-" MODE,

	.cra_priority		= PRIO,

	.cra_flags		= CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,

	.cra_blocksize		= 1,

	.cra_ctxsize		= sizeof(struct async_helper_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_ablkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_init		= ablk_init,

	.cra_exit		= ablk_exit,

	.cra_ablkcipher = {

		.min_keysize	= AES_MIN_KEY_SIZE,

		.max_keysize	= AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= ablk_set_key,

		.encrypt	= ablk_encrypt,

		.decrypt	= ablk_decrypt,

	}

}, {

	.cra_name		= "xts(aes)",

	.cra_driver_name	= "xts-aes-" MODE,

	.cra_priority		= PRIO,

	.cra_flags		= CRYPTO_ALG_TYPE_ABLKCIPHER|CRYPTO_ALG_ASYNC,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct async_helper_ctx),

	.cra_alignmask		= 7,

	.cra_type		= &crypto_ablkcipher_type,

	.cra_module		= THIS_MODULE,

	.cra_init		= ablk_init,

	.cra_exit		= ablk_exit,

	.cra_ablkcipher = {

		.min_keysize	= 2 * AES_MIN_KEY_SIZE,

		.max_keysize	= 2 * AES_MAX_KEY_SIZE,

		.ivsize		= AES_BLOCK_SIZE,

		.setkey		= ablk_set_key,

		.encrypt	= ablk_encrypt,

		.decrypt	= ablk_decrypt,

	}