[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20230428110058.1516119-1-letrhee@nsr.re.kr>
Date: Fri, 28 Apr 2023 20:00:55 +0900
From: Dongsoo Lee <letrhee@....re.kr>
To: linux-crypto@...r.kernel.org
Cc: Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
"David S. Miller" <abc@...t.nsr.re.kr>,
Dongsoo Lee <letrhee@...il.com>,
Dongsoo Lee <letrhee@....re.kr>
Subject: [PATCH 0/3] crypto: LEA block cipher implementation
This submission contains a generic C implementation of the LEA block
cipher and its optimized implementation within ECB, CBC, CTR, and XTR
cipher modes of operation for the x86_64 environment.
The LEA algorithm is a symmetric key cipher that processes data blocks
of 128bits and has three different key lengths, each with a different
number of rounds:
- LEA-128: 128-bit key, 24 rounds,
- LEA-192: 192-bit key, 28 rounds, and
- LEA-256: 256-bit key, 32 rounds.
The round function of LEA consists of 32-bit ARX(modular Addition,
bitwise Rotation, and bitwise XOR) operations. See [1, 2] for details.
The LEA is a Korean national standard block cipher, described in
"KS X 3246" and is also included in the international standard,
"ISO/IEC 29192-2:2019 standard (Information security - Lightweight
cryptography - Part 2: Block ciphers)".
It is one of the approved block ciphers for the current Korean
Cryptographic Module Validation Program (KCMVP).
The Korean e-government framework contains various cryptographic
applications, and KCMVP-validated cryptographic module should be used
according to the government requirements. The ARIA block cipher, which
is already included in Linux kernel, has been widely used as a symmetric
key cipher. However, the adoption of LEA increase rapidly for new
applications.
By adding LEA to the Linux kernel, Dedicated device drivers that require
LEA encryption can be provided without additional crypto implementation.
An example of an immediately applicable use case is disk encryption
using cryptsetup.
The submitted implementation includes a generic C implementation that
uses 32-bit ARX operations, and an optimized implementation for the
x86_64 environment.
The implementation same as submitted generic C implementation is
distributed through the Korea Internet & Security Agency (KISA),
could be found [3].
For the x86_64 environment, we use SSE2/MOVBE/AVX2 instructions. Since
LEA use four 32-bit unsigned integers for 128-bit block, the SSE2 and
AVX2 implementations encrypts four and eight blocks at a time for
optimization, repectively.
Our submission provides a optimized implementation of 4/8 block ECB, CBC
decryption, CTR, and XTS cipher operation modes on x86_64 CPUs
supporting AVX2. The MOVBE instruction is used for optimizing the CTR
mode.
The implementation has been tested with kernel module tcrypt.ko and has
passed the selftest using test vectors for KCMVP[4]. The path also test
with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled.
- [1] https://en.wikipedia.org/wiki/LEA_(cipher)
- [2] https://seed.kisa.or.kr/kisa/algorithm/EgovLeaInfo.do
- [3] https://seed.kisa.or.kr/kisa/Board/20/detailView.do
- [4] https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do
Dongsoo Lee (3):
crypto: LEA block cipher implementation
crypto: add LEA testmgr tests
crypto: LEA block cipher AVX2 optimization
arch/x86/crypto/Kconfig | 22 +
arch/x86/crypto/Makefile | 3 +
arch/x86/crypto/lea_avx2_glue.c | 1112 +++++++++++++++++++++++++
arch/x86/crypto/lea_avx2_x86_64-asm.S | 778 ++++++++++++++++++
crypto/Kconfig | 12 +
crypto/Makefile | 1 +
crypto/lea_generic.c | 915 +++++++++++++++++++++
crypto/tcrypt.c | 73 ++
crypto/testmgr.c | 32 +
crypto/testmgr.h | 1211 ++++++++++++++++++++++++++++
include/crypto/lea.h | 39 +
11 files changed, 4198 insertions(+)
Powered by blists - more mailing lists