arm/crypto: Add optimized AES and SHA1 routines

# If we have a machine-specific directory, then include it in the build.

core-y				+= arch/arm/kernel/ arch/arm/mm/ arch/arm/common/

core-y				+= arch/arm/net/

core-y				+= arch/arm/crypto/

core-y				+= $(machdirs) $(platdirs)

drivers-$(CONFIG_OPROFILE)      += arch/arm/oprofile/

#

# Arch-specific CryptoAPI modules.

#

obj-$(CONFIG_CRYPTO_AES_ARM) += aes-arm.o

obj-$(CONFIG_CRYPTO_SHA1_ARM) += sha1-arm.o

aes-arm-y  := aes-armv4.o aes_glue.o

sha1-arm-y := sha1-armv4-large.o sha1_glue.o

/*

 * Glue Code for the asm optimized version of the AES Cipher Algorithm

 */

#include <linux/module.h>

#include <linux/crypto.h>

#include <crypto/aes.h>

#define AES_MAXNR 14

typedef struct {

	unsigned int rd_key[4 *(AES_MAXNR + 1)];

	int rounds;

} AES_KEY;

struct AES_CTX {

	AES_KEY enc_key;

	AES_KEY dec_key;

};

asmlinkage void AES_encrypt(const u8 *in, u8 *out, AES_KEY *ctx);

asmlinkage void AES_decrypt(const u8 *in, u8 *out, AES_KEY *ctx);

asmlinkage int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);

asmlinkage int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key);

static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)

{

	struct AES_CTX *ctx = crypto_tfm_ctx(tfm);

	AES_encrypt(src, dst, &ctx->enc_key);

}

static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)

{

	struct AES_CTX *ctx = crypto_tfm_ctx(tfm);

	AES_decrypt(src, dst, &ctx->dec_key);

}

static int aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,

		unsigned int key_len)

{

	struct AES_CTX *ctx = crypto_tfm_ctx(tfm);

	switch (key_len) {

	case AES_KEYSIZE_128:

		key_len = 128;

		break;

	case AES_KEYSIZE_192:

		key_len = 192;

		break;

	case AES_KEYSIZE_256:

		key_len = 256;

		break;

	default:

		tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;

		return -EINVAL;

	}

	if (private_AES_set_encrypt_key(in_key, key_len, &ctx->enc_key) == -1) {

		tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;

		return -EINVAL;

	}

	/* private_AES_set_decrypt_key expects an encryption key as input */

	ctx->dec_key = ctx->enc_key;

	if (private_AES_set_decrypt_key(in_key, key_len, &ctx->dec_key) == -1) {

		tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;

		return -EINVAL;

	}

	return 0;

}

static struct crypto_alg aes_alg = {

	.cra_name		= "aes",

	.cra_driver_name	= "aes-asm",

	.cra_priority		= 200,

	.cra_flags		= CRYPTO_ALG_TYPE_CIPHER,

	.cra_blocksize		= AES_BLOCK_SIZE,

	.cra_ctxsize		= sizeof(struct AES_CTX),

	.cra_module		= THIS_MODULE,

	.cra_list		= LIST_HEAD_INIT(aes_alg.cra_list),

	.cra_u	= {

		.cipher	= {

			.cia_min_keysize	= AES_MIN_KEY_SIZE,

			.cia_max_keysize	= AES_MAX_KEY_SIZE,

			.cia_setkey			= aes_set_key,

			.cia_encrypt		= aes_encrypt,

			.cia_decrypt		= aes_decrypt

		}

	}

};

static int __init aes_init(void)

{

	return crypto_register_alg(&aes_alg);

}

static void __exit aes_fini(void)

{

	crypto_unregister_alg(&aes_alg);

}

module_init(aes_init);

module_exit(aes_fini);

MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm (ASM)");

MODULE_LICENSE("GPL");

MODULE_ALIAS("aes");

MODULE_ALIAS("aes-asm");

MODULE_AUTHOR("David McCullough <ucdevel@gmail.com>");

#define __ARM_ARCH__ __LINUX_ARM_ARCH__

@ ====================================================================

@ Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL

@ project. The module is, however, dual licensed under OpenSSL and

@ CRYPTOGAMS licenses depending on where you obtain it. For further

@ details see http://www.openssl.org/~appro/cryptogams/.

@ ====================================================================

@ sha1_block procedure for ARMv4.

@

@ January 2007.

@ Size/performance trade-off

@ ====================================================================

@ impl		size in bytes	comp cycles[*]	measured performance

@ ====================================================================

@ thumb		304		3212		4420

@ armv4-small	392/+29%	1958/+64%	2250/+96%

@ armv4-compact	740/+89%	1552/+26%	1840/+22%

@ armv4-large	1420/+92%	1307/+19%	1370/+34%[***]

@ full unroll	~5100/+260%	~1260/+4%	~1300/+5%

@ ====================================================================

@ thumb		= same as 'small' but in Thumb instructions[**] and

@		  with recurring code in two private functions;

@ small		= detached Xload/update, loops are folded;

@ compact	= detached Xload/update, 5x unroll;

@ large		= interleaved Xload/update, 5x unroll;

@ full unroll	= interleaved Xload/update, full unroll, estimated[!];

@

@ [*]	Manually counted instructions in "grand" loop body. Measured

@	performance is affected by prologue and epilogue overhead,

@	i-cache availability, branch penalties, etc.

@ [**]	While each Thumb instruction is twice smaller, they are not as

@	diverse as ARM ones: e.g., there are only two arithmetic

@	instructions with 3 arguments, no [fixed] rotate, addressing

@	modes are limited. As result it takes more instructions to do

@	the same job in Thumb, therefore the code is never twice as

@	small and always slower.

@ [***]	which is also ~35% better than compiler generated code. Dual-

@	issue Cortex A8 core was measured to process input block in

@	~990 cycles.

@ August 2010.

@

@ Rescheduling for dual-issue pipeline resulted in 13% improvement on

@ Cortex A8 core and in absolute terms ~870 cycles per input block

@ [or 13.6 cycles per byte].

@ February 2011.

@

@ Profiler-assisted and platform-specific optimization resulted in 10%

@ improvement on Cortex A8 core and 12.2 cycles per byte.

.text

.global	sha1_block_data_order

.type	sha1_block_data_order,%function

.align	2

sha1_block_data_order:

	stmdb	sp!,{r4-r12,lr}

	add	r2,r1,r2,lsl#6	@ r2 to point at the end of r1

	ldmia	r0,{r3,r4,r5,r6,r7}

.Lloop:

	ldr	r8,.LK_00_19

	mov	r14,sp

	sub	sp,sp,#15*4

	mov	r5,r5,ror#30

	mov	r6,r6,ror#30

	mov	r7,r7,ror#30		@ [6]

.L_00_15:

#if __ARM_ARCH__<7

	ldrb	r10,[r1,#2]

	ldrb	r9,[r1,#3]

	ldrb	r11,[r1,#1]

	add	r7,r8,r7,ror#2			@ E+=K_00_19

	ldrb	r12,[r1],#4

	orr	r9,r9,r10,lsl#8

	eor	r10,r5,r6			@ F_xx_xx

	orr	r9,r9,r11,lsl#16

	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)

	orr	r9,r9,r12,lsl#24

#else

	ldr	r9,[r1],#4			@ handles unaligned

	add	r7,r8,r7,ror#2			@ E+=K_00_19

	eor	r10,r5,r6			@ F_xx_xx

	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)

#ifdef __ARMEL__

	rev	r9,r9				@ byte swap

#endif

#endif

	and	r10,r4,r10,ror#2

	add	r7,r7,r9			@ E+=X[i]

	eor	r10,r10,r6,ror#2		@ F_00_19(B,C,D)

	str	r9,[r14,#-4]!

	add	r7,r7,r10			@ E+=F_00_19(B,C,D)

#if __ARM_ARCH__<7

	ldrb	r10,[r1,#2]

	ldrb	r9,[r1,#3]

	ldrb	r11,[r1,#1]

	add	r6,r8,r6,ror#2			@ E+=K_00_19

	ldrb	r12,[r1],#4

	orr	r9,r9,r10,lsl#8

	eor	r10,r4,r5			@ F_xx_xx

	orr	r9,r9,r11,lsl#16

	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)

	orr	r9,r9,r12,lsl#24

#else

	ldr	r9,[r1],#4			@ handles unaligned

	add	r6,r8,r6,ror#2			@ E+=K_00_19

	eor	r10,r4,r5			@ F_xx_xx

	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)

#ifdef __ARMEL__

	rev	r9,r9				@ byte swap

#endif

#endif

	and	r10,r3,r10,ror#2

	add	r6,r6,r9			@ E+=X[i]

	eor	r10,r10,r5,ror#2		@ F_00_19(B,C,D)

	str	r9,[r14,#-4]!

	add	r6,r6,r10			@ E+=F_00_19(B,C,D)

#if __ARM_ARCH__<7

	ldrb	r10,[r1,#2]

	ldrb	r9,[r1,#3]

	ldrb	r11,[r1,#1]

	add	r5,r8,r5,ror#2			@ E+=K_00_19

	ldrb	r12,[r1],#4

	orr	r9,r9,r10,lsl#8

	eor	r10,r3,r4			@ F_xx_xx

	orr	r9,r9,r11,lsl#16

	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)

	orr	r9,r9,r12,lsl#24

#else

	ldr	r9,[r1],#4			@ handles unaligned

	add	r5,r8,r5,ror#2			@ E+=K_00_19

	eor	r10,r3,r4			@ F_xx_xx

	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)

#ifdef __ARMEL__

	rev	r9,r9				@ byte swap

#endif

#endif

	and	r10,r7,r10,ror#2

	add	r5,r5,r9			@ E+=X[i]

	eor	r10,r10,r4,ror#2		@ F_00_19(B,C,D)

	str	r9,[r14,#-4]!

	add	r5,r5,r10			@ E+=F_00_19(B,C,D)

#if __ARM_ARCH__<7

	ldrb	r10,[r1,#2]

	ldrb	r9,[r1,#3]

	ldrb	r11,[r1,#1]

	add	r4,r8,r4,ror#2			@ E+=K_00_19

	ldrb	r12,[r1],#4

	orr	r9,r9,r10,lsl#8

	eor	r10,r7,r3			@ F_xx_xx

	orr	r9,r9,r11,lsl#16

	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)

	orr	r9,r9,r12,lsl#24

#else

	ldr	r9,[r1],#4			@ handles unaligned

	add	r4,r8,r4,ror#2			@ E+=K_00_19

	eor	r10,r7,r3			@ F_xx_xx

	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)

#ifdef __ARMEL__

	rev	r9,r9				@ byte swap

#endif

#endif

	and	r10,r6,r10,ror#2

	add	r4,r4,r9			@ E+=X[i]

	eor	r10,r10,r3,ror#2		@ F_00_19(B,C,D)

	str	r9,[r14,#-4]!

	add	r4,r4,r10			@ E+=F_00_19(B,C,D)

#if __ARM_ARCH__<7

	ldrb	r10,[r1,#2]

	ldrb	r9,[r1,#3]

	ldrb	r11,[r1,#1]

	add	r3,r8,r3,ror#2			@ E+=K_00_19

	ldrb	r12,[r1],#4

	orr	r9,r9,r10,lsl#8

	eor	r10,r6,r7			@ F_xx_xx

	orr	r9,r9,r11,lsl#16

	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)

	orr	r9,r9,r12,lsl#24

#else

	ldr	r9,[r1],#4			@ handles unaligned

	add	r3,r8,r3,ror#2			@ E+=K_00_19

	eor	r10,r6,r7			@ F_xx_xx

	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)

#ifdef __ARMEL__

	rev	r9,r9				@ byte swap

#endif

#endif

	and	r10,r5,r10,ror#2

	add	r3,r3,r9			@ E+=X[i]

	eor	r10,r10,r7,ror#2		@ F_00_19(B,C,D)

	str	r9,[r14,#-4]!

	add	r3,r3,r10			@ E+=F_00_19(B,C,D)

	teq	r14,sp

	bne	.L_00_15		@ [((11+4)*5+2)*3]

#if __ARM_ARCH__<7

	ldrb	r10,[r1,#2]

	ldrb	r9,[r1,#3]

	ldrb	r11,[r1,#1]

	add	r7,r8,r7,ror#2			@ E+=K_00_19

	ldrb	r12,[r1],#4

	orr	r9,r9,r10,lsl#8

	eor	r10,r5,r6			@ F_xx_xx

	orr	r9,r9,r11,lsl#16

	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)

	orr	r9,r9,r12,lsl#24

#else

	ldr	r9,[r1],#4			@ handles unaligned

	add	r7,r8,r7,ror#2			@ E+=K_00_19

	eor	r10,r5,r6			@ F_xx_xx

	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)

#ifdef __ARMEL__

	rev	r9,r9				@ byte swap

#endif

#endif

	and	r10,r4,r10,ror#2

	add	r7,r7,r9			@ E+=X[i]

	eor	r10,r10,r6,ror#2		@ F_00_19(B,C,D)

	str	r9,[r14,#-4]!

	add	r7,r7,r10			@ E+=F_00_19(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r6,r8,r6,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r4,r5			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	and r10,r3,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r6,r6,r9			@ E+=X[i]

	eor	r10,r10,r5,ror#2		@ F_00_19(B,C,D)

	add	r6,r6,r10			@ E+=F_00_19(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r5,r8,r5,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r3,r4			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	and r10,r7,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r5,r5,r9			@ E+=X[i]

	eor	r10,r10,r4,ror#2		@ F_00_19(B,C,D)

	add	r5,r5,r10			@ E+=F_00_19(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r4,r8,r4,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r7,r3			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	and r10,r6,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r4,r4,r9			@ E+=X[i]

	eor	r10,r10,r3,ror#2		@ F_00_19(B,C,D)

	add	r4,r4,r10			@ E+=F_00_19(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r3,r8,r3,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r6,r7			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	and r10,r5,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r3,r3,r9			@ E+=X[i]

	eor	r10,r10,r7,ror#2		@ F_00_19(B,C,D)

	add	r3,r3,r10			@ E+=F_00_19(B,C,D)

	ldr	r8,.LK_20_39		@ [+15+16*4]

	sub	sp,sp,#25*4

	cmn	sp,#0			@ [+3], clear carry to denote 20_39

.L_20_39_or_60_79:

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r7,r8,r7,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r5,r6			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r7,r7,r3,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	eor r10,r4,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r7,r7,r9			@ E+=X[i]

	add	r7,r7,r10			@ E+=F_20_39(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r6,r8,r6,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r4,r5			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r6,r6,r7,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	eor r10,r3,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r6,r6,r9			@ E+=X[i]

	add	r6,r6,r10			@ E+=F_20_39(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r5,r8,r5,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r3,r4			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r5,r5,r6,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	eor r10,r7,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r5,r5,r9			@ E+=X[i]

	add	r5,r5,r10			@ E+=F_20_39(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r4,r8,r4,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r7,r3			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r4,r4,r5,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	eor r10,r6,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r4,r4,r9			@ E+=X[i]

	add	r4,r4,r10			@ E+=F_20_39(B,C,D)

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]

	ldr	r11,[r14,#7*4]

	add	r3,r8,r3,ror#2			@ E+=K_xx_xx

	ldr	r12,[r14,#2*4]

	eor	r9,r9,r10

	eor	r11,r11,r12			@ 1 cycle stall

	eor	r10,r6,r7			@ F_xx_xx

	mov	r9,r9,ror#31

	add	r3,r3,r4,ror#27			@ E+=ROR(A,27)

	eor	r9,r9,r11,ror#31

	str	r9,[r14,#-4]!

	eor r10,r5,r10,ror#2					@ F_xx_xx

						@ F_xx_xx

	add	r3,r3,r9			@ E+=X[i]

	add	r3,r3,r10			@ E+=F_20_39(B,C,D)

	teq	r14,sp			@ preserve carry

	bne	.L_20_39_or_60_79	@ [+((12+3)*5+2)*4]

	bcs	.L_done			@ [+((12+3)*5+2)*4], spare 300 bytes

	ldr	r8,.LK_40_59

	sub	sp,sp,#20*4		@ [+2]

.L_40_59:

	ldr	r9,[r14,#15*4]

	ldr	r10,[r14,#13*4]