This submission contains a generic C implementation of the LEA block cipher and its optimized implementation within ECB, CBC, CTR, and XTR cipher modes of operation for the x86_64 environment. The LEA algorithm is a symmetric key cipher that processes data blocks of 128bits and has three different key lengths, each with a different number of rounds: - LEA-128: 128-bit key, 24 rounds, - LEA-192: 192-bit key, 28 rounds, and - LEA-256: 256-bit key, 32 rounds. The round function of LEA consists of 32-bit ARX(modular Addition, bitwise Rotation, and bitwise XOR) operations. See [1, 2] for details. The LEA is a Korean national standard block cipher, described in "KS X 3246" and is also included in the international standard, "ISO/IEC 29192-2:2019 standard (Information security - Lightweight cryptography - Part 2: Block ciphers)". It is one of the approved block ciphers for the current Korean Cryptographic Module Validation Program (KCMVP). The Korean e-government framework contains various cryptographic applications, and KCMVP-validated cryptographic module should be used according to the government requirements. The ARIA block cipher, which is already included in Linux kernel, has been widely used as a symmetric key cipher. However, the adoption of LEA increase rapidly for new applications. By adding LEA to the Linux kernel, Dedicated device drivers that require LEA encryption can be provided without additional crypto implementation. An example of an immediately applicable use case is disk encryption using cryptsetup. The submitted implementation includes a generic C implementation that uses 32-bit ARX operations, and an optimized implementation for the x86_64 environment. The implementation same as submitted generic C implementation is distributed through the Korea Internet & Security Agency (KISA), could be found [3]. For the x86_64 environment, we use SSE2/MOVBE/AVX2 instructions. Since LEA use four 32-bit unsigned integers for 128-bit block, the SSE2 and AVX2 implementations encrypts four and eight blocks at a time for optimization, repectively. Our submission provides a optimized implementation of 4/8 block ECB, CBC decryption, CTR, and XTS cipher operation modes on x86_64 CPUs supporting AVX2. The MOVBE instruction is used for optimizing the CTR mode. The implementation has been tested with kernel module tcrypt.ko and has passed the selftest using test vectors for KCMVP[4]. The path also test with CONFIG_CRYPTO_MANAGER_EXTRA_TESTS enabled. - [1] https://en.wikipedia.org/wiki/LEA_(cipher) - [2] https://seed.kisa.or.kr/kisa/algorithm/EgovLeaInfo.do - [3] https://seed.kisa.or.kr/kisa/Board/20/detailView.do - [4] https://seed.kisa.or.kr/kisa/kcmvp/EgovVerification.do Dongsoo Lee (3): crypto: LEA block cipher implementation crypto: add LEA testmgr tests crypto: LEA block cipher AVX2 optimization arch/x86/crypto/Kconfig | 22 + arch/x86/crypto/Makefile | 3 + arch/x86/crypto/lea_avx2_glue.c | 1112 +++++++++++++++++++++++++ arch/x86/crypto/lea_avx2_x86_64-asm.S | 778 ++++++++++++++++++ crypto/Kconfig | 12 + crypto/Makefile | 1 + crypto/lea_generic.c | 915 +++++++++++++++++++++ crypto/tcrypt.c | 73 ++ crypto/testmgr.c | 32 + crypto/testmgr.h | 1211 ++++++++++++++++++++++++++++ include/crypto/lea.h | 39 + 11 files changed, 4198 insertions(+)