On Thu, Jun 10, 2021 at 09:44:57PM +0800, Tianjia Zhang wrote: > Take the existing small footprint and mostly time invariant C code It is using an S-box without any prefetching. That doesn't look very "time invariant" to me. > diff --git a/lib/crypto/sm4.c b/lib/crypto/sm4.c > new file mode 100644 > index 000000000000..cbdd14a254d0 [..] > +/** > + * crypto_sm4_expand_key - Expands the SM4 key as described in GB/T 32907-2016 > + * @ctx: The location where the computed key will be stored. > + * @in_key: The supplied key. > + * @key_len: The length of the supplied key. > + * > + * Returns 0 on success. The function fails only if an invalid key size (or > + * pointer) is supplied. > + */ > +int crypto_sm4_expand_key(struct crypto_sm4_ctx *ctx, const u8 *in_key, > + unsigned int key_len) [...] > +/** > + * crypto_sm4_do_crypt - Encrypt or decrypt a single SM4 block > + * @rk: The rkey_enc for encrypt or rkey_dec for decrypt > + * @out: Buffer to store output data > + * @in: Buffer containing the input data > + */ > +void crypto_sm4_do_crypt(const u32 *rk, u8 *out, const u8 *in) Calling these "sm4_expandkey()" and "sm4_crypt_block()" would be more consistent with the other lib/crypto/ functions such as the AES ones. The other lib/crypto/ functions don't have a "crypto_" prefix, as that is used for functions related to the traditional crypto API rather than the library API. - Eric