From: Ondrej Mosnacek <omosnacek@xxxxxxxxx> This patchset adds the AEGIS AEAD algorithm implementation to the Linux Crypto API. AEGIS [1] is a dedicated AEAD algorithm based on the AES round function and designed for high throughput both on modern processors and in hardware. It is designed by Hongjun Wu and Bart Preneel and has been submitted to the CAESAR competiton [2], where it is currently one of the finalists [3]. AEGIS uses the AES round function and logical bitwise operations as primitives. It achieves extremely good performance in software (on platforms with HW-accelerated AES round function) and in hardware. AEGIS has three variants: * AEGIS-128 operating on 128-bit blocks and accepting a 128-bit IV and key. * AEGIS-128L operating on pairs of 128-bit blocks and accepting a 128-bit IV and key. * AEGIS-256 operating on 128-bit blocks and accepting a 256-bit IV and key. All three variants produce an up to 128-bit tag. The patchset contains three patches, adding: * generic implementations * test vectors to testmgr * x86_64 AES-NI+SSE2 optimized implementations Since there are no official test vectors currently available, the test vectors in patch 2 were generated using a reference implementation from public CAESAR benchmarks [4]. They should be replaced/complemented with official test vectors if/when they become available. The implementations have been developed in cooperation with Milan Broz (the maintainer of dm-crypt and cryptsetup) and there is a plan to use them for authenticated disk encryption in cryptsetup. They are a result of my Master's thesis at the Faculty of Informatics, Masaryk University, Brno [5]. [1] https://competitions.cr.yp.to/round3/aegisv11.pdf [2] https://competitions.cr.yp.to/caesar-call.html [3] https://competitions.cr.yp.to/caesar-submissions.html [4] https://bench.cr.yp.to/ebaead.html [5] https://is.muni.cz/th/409879/fi_m/?lang=en Ondrej Mosnacek (3): crypto: Add generic AEGIS AEAD implementations crypto: testmgr - Add test vectors for AEGIS crypto: x86 - Add optimized AEGIS implementations arch/x86/crypto/Makefile | 8 + arch/x86/crypto/aegis128-aesni-asm.S | 749 +++++++ arch/x86/crypto/aegis128-aesni-glue.c | 407 ++++ arch/x86/crypto/aegis128l-aesni-asm.S | 825 +++++++ arch/x86/crypto/aegis128l-aesni-glue.c | 407 ++++ arch/x86/crypto/aegis256-aesni-asm.S | 702 ++++++ arch/x86/crypto/aegis256-aesni-glue.c | 407 ++++ crypto/Kconfig | 45 + crypto/Makefile | 3 + crypto/aegis.h | 80 + crypto/aegis128.c | 463 ++++ crypto/aegis128l.c | 527 +++++ crypto/aegis256.c | 478 ++++ crypto/testmgr.c | 27 + crypto/testmgr.h | 2835 ++++++++++++++++++++++++ 15 files changed, 7963 insertions(+) create mode 100644 arch/x86/crypto/aegis128-aesni-asm.S create mode 100644 arch/x86/crypto/aegis128-aesni-glue.c create mode 100644 arch/x86/crypto/aegis128l-aesni-asm.S create mode 100644 arch/x86/crypto/aegis128l-aesni-glue.c create mode 100644 arch/x86/crypto/aegis256-aesni-asm.S create mode 100644 arch/x86/crypto/aegis256-aesni-glue.c create mode 100644 crypto/aegis.h create mode 100644 crypto/aegis128.c create mode 100644 crypto/aegis128l.c create mode 100644 crypto/aegis256.c -- 2.17.0
