[PATCH v4 0/8] crypto: aes - retire table based generic AES

[PATCH v4 0/8] crypto: aes - retire table based generic AES

[Ard Biesheuvel]

The generic AES driver uses 16 lookup tables of 1 KB each, and has
encryption and decryption routines that are fully unrolled. Given how
the dependencies between this code and other drivers are declared in
Kconfig files, this code is always pulled into the core kernel, even
if it is usually superseded at runtime by accelerated drivers that
exist for many architectures.

This leaves us with 25 KB of dead code in the kernel, which is negligible
in typical environments, but which is actually a big deal for the IoT
domain, where every kilobyte counts.

Also, the scalar, table based AES routines that exist for ARM, arm64, i586
and x86_64 share the lookup tables with AES generic, and may be invoked
occasionally when the time-invariant AES-NI or other special instruction
drivers are called in interrupt context, at which time the SIMD register
file cannot be used. Pulling 16 KB of code and 9 KB of instructions into
the L1s (and evicting what was already there) when a softirq happens to
be handled in the context of an interrupt taken from kernel mode (which
means no SIMD on x86) is also something that we may like to avoid, by
falling back to a much smaller and moderately less performant driver.
(Note that arm64 will be updated shortly to supply fallbacks for all
SIMD based AES implementations, which will be based on the core routines)

For the reasons above, this series refactors the way the various AES
implementations are wired up, to allow the generic version in
crypto/aes_generic.c to be omitted from the build entirely.

Patch #1 removes some bogus 'select CRYPTO_AES' statement.

Patch #2 factors out aes-generic's lookup tables, which are shared with
arch-specific implementations in arch/x86, arch/arm and arch/arm64.

Patch #3 replaces the table based aes-generic.o with a new aes.o based on
the fixed time cipher, and uses it to fulfil dependencies on CRYPTO_AES.

Patch #4 switches the fallback in the AES-NI code to the new, generic encrypt
and decrypt routines so it no longer depends on the x86 scalar code or
[transitively] on AES-generic.

Patch #5 tweaks the ARM table based code to only use 2 KB + 256 bytes worth
of lookup tables instead of 4 KB.

Patch #6 does the same for arm64

Patch #7 removes the local copy of the AES sboxes from the arm64 NEON driver,
and switches to the ones exposed by the new AES core module instead.

Patch #8 updates the Kconfig help text to be more descriptive of what they
actually control, rather than duplicating AES's wikipedia entry a number of
times.

v4: - remove aes-generic altogether instead of allow a preference to be set
    - factor out shared lookup tables (#2)
    - reduce dependency of ARM's table based code on shared lookup tables
      (#5, #6)

v3: - fix big-endian issue in refactored fixed-time AES driver
    - improve Kconfig help texts
    - add patch #4

v2: - repurpose CRYPTO_AES and avoid HAVE_AES/NEED_AES Kconfig symbols
    - don't factor out tables from AES generic to be reused by per arch drivers,
      since the space saving is moderate (the generic code only), and the
      drivers weren't made to be small anyway

Ard Biesheuvel (8):
  drivers/crypto/Kconfig: drop bogus CRYPTO_AES dependencies
  crypto - aes: use dedicated lookup tables for table based asm routines
  crypto: aes - retire table based generic AES in favor of fixed time
    driver
  crypto: x86/aes-ni - switch to generic fallback
  crypto: arm/aes - avoid expanded lookup tables in the final round
  crypto: arm64/aes - avoid expanded lookup tables in the final round
  crypto: arm64/aes-neon - reuse Sboxes from AES core module
  crypto: aes - add meaningful help text to the various AES drivers

 arch/arm/crypto/Kconfig             |   16 +-
 arch/arm/crypto/aes-cipher-core.S   |   54 +-
 arch/arm64/crypto/Kconfig           |   30 +-
 arch/arm64/crypto/aes-cipher-core.S |  159 ++-
 arch/arm64/crypto/aes-neon.S        |   74 +-
 arch/x86/crypto/aes-i586-asm_32.S   |   13 +-
 arch/x86/crypto/aes-x86_64-asm_64.S |   12 +-
 arch/x86/crypto/aesni-intel_glue.c  |    4 +-
 crypto/Kconfig                      |  138 +-
 crypto/Makefile                     |    3 +-
 crypto/{aes_ti.c => aes.c}          |  169 ++-
 crypto/aes_generic.c                | 1478 --------------------
 drivers/crypto/Kconfig              |    5 -
 drivers/crypto/chelsio/chcr_algo.c  |    4 +-
 include/crypto/aes-tables.S         | 1104 +++++++++++++++
 include/crypto/aes.h                |   11 +-
 16 files changed, 1464 insertions(+), 1810 deletions(-)
 rename crypto/{aes_ti.c => aes.c} (76%)
 delete mode 100644 crypto/aes_generic.c
 create mode 100644 include/crypto/aes-tables.S

-- 
2.9.3

[PATCH v4 1/8] drivers/crypto/Kconfig: drop bogus CRYPTO_AES dependencies

[Ard Biesheuvel]

In preparation of fine tuning the dependency relations between the
accelerated AES drivers and the core support code, let's remove the
dependency declarations that are false. None of these modules have
link time dependencies on the generic AES code, nor do they declare
any AES algos with CRYPTO_ALG_NEED_FALLBACK, so they can function
perfectly fine without crypto/aes_generic.o loaded.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/crypto/Kconfig | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 5b5393f1b87a..46a48ea99fb9 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -432,7 +432,6 @@ config CRYPTO_DEV_S5P
 	tristate "Support for Samsung S5PV210/Exynos crypto accelerator"
 	depends on ARCH_S5PV210 || ARCH_EXYNOS || COMPILE_TEST
 	depends on HAS_IOMEM && HAS_DMA
-	select CRYPTO_AES
 	select CRYPTO_BLKCIPHER
 	help
 	  This option allows you to have support for S5P crypto acceleration.
@@ -486,7 +485,6 @@ config CRYPTO_DEV_ATMEL_AES
 	tristate "Support for Atmel AES hw accelerator"
 	depends on HAS_DMA
 	depends on ARCH_AT91 || COMPILE_TEST
-	select CRYPTO_AES
 	select CRYPTO_AEAD
 	select CRYPTO_BLKCIPHER
 	help
@@ -618,7 +616,6 @@ config CRYPTO_DEV_SUN4I_SS
 	depends on ARCH_SUNXI && !64BIT
 	select CRYPTO_MD5
 	select CRYPTO_SHA1
-	select CRYPTO_AES
 	select CRYPTO_DES
 	select CRYPTO_BLKCIPHER
 	help
@@ -641,7 +638,6 @@ config CRYPTO_DEV_SUN4I_SS_PRNG
 config CRYPTO_DEV_ROCKCHIP
 	tristate "Rockchip's Cryptographic Engine driver"
 	depends on OF && ARCH_ROCKCHIP
-	select CRYPTO_AES
 	select CRYPTO_DES
 	select CRYPTO_MD5
 	select CRYPTO_SHA1
@@ -657,7 +653,6 @@ config CRYPTO_DEV_MEDIATEK
 	tristate "MediaTek's EIP97 Cryptographic Engine driver"
 	depends on HAS_DMA
 	depends on (ARM && ARCH_MEDIATEK) || COMPILE_TEST
-	select CRYPTO_AES
 	select CRYPTO_AEAD
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_CTR
-- 
2.9.3

[PATCH v4 2/8] crypto - aes: use dedicated lookup tables for table based asm routines

[Ard Biesheuvel]

Instead of linking against the table based AES generic C code to reuse
the lookup tables, add an assembler file that defines a couple of macros
that instantiate the tables in-place. This allows us to replace AES in
a subsequent patch.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/crypto/aes-cipher-core.S   |    7 +
 arch/arm64/crypto/aes-cipher-core.S |    8 +-
 arch/x86/crypto/aes-i586-asm_32.S   |   13 +-
 arch/x86/crypto/aes-x86_64-asm_64.S |   12 +-
 include/crypto/aes-tables.S         | 1104 ++++++++++++++++++++
 include/crypto/aes.h                |    5 -
 6 files changed, 1132 insertions(+), 17 deletions(-)

diff --git a/arch/arm/crypto/aes-cipher-core.S b/arch/arm/crypto/aes-cipher-core.S
index c817a86c4ca8..a727692cd9c1 100644
--- a/arch/arm/crypto/aes-cipher-core.S
+++ b/arch/arm/crypto/aes-cipher-core.S
@@ -9,6 +9,7 @@
  * published by the Free Software Foundation.
  */
 
+#include <crypto/aes-tables.S>
 #include <linux/linkage.h>
 
 	.text
@@ -170,6 +171,12 @@
 	.ltorg
 	.endm
 
+	.align			6
+	aes_table_reduced	crypto_ft_tab
+	aes_table_reduced	crypto_fl_tab
+	aes_table_reduced	crypto_it_tab
+	aes_table_reduced	crypto_il_tab
+
 ENTRY(__aes_arm_encrypt)
 	do_crypt	fround, crypto_ft_tab, crypto_fl_tab
 ENDPROC(__aes_arm_encrypt)
diff --git a/arch/arm64/crypto/aes-cipher-core.S b/arch/arm64/crypto/aes-cipher-core.S
index f2f9cc519309..bbe5dd96135c 100644
--- a/arch/arm64/crypto/aes-cipher-core.S
+++ b/arch/arm64/crypto/aes-cipher-core.S
@@ -8,6 +8,7 @@
  * published by the Free Software Foundation.
  */
 
+#include <crypto/aes-tables.S>
 #include <linux/linkage.h>
 #include <asm/assembler.h>
 
@@ -99,7 +100,12 @@ CPU_BE(	rev		w8, w8		)
 	ret
 	.endm
 
-	.align		5
+	.align			7
+	aes_table_reduced	crypto_ft_tab
+	aes_table_reduced	crypto_fl_tab
+	aes_table_reduced	crypto_it_tab
+	aes_table_reduced	crypto_il_tab
+
 ENTRY(__aes_arm64_encrypt)
 	do_crypt	fround, crypto_ft_tab, crypto_fl_tab
 ENDPROC(__aes_arm64_encrypt)
diff --git a/arch/x86/crypto/aes-i586-asm_32.S b/arch/x86/crypto/aes-i586-asm_32.S
index 2849dbc59e11..d68c57ca2ace 100644
--- a/arch/x86/crypto/aes-i586-asm_32.S
+++ b/arch/x86/crypto/aes-i586-asm_32.S
@@ -38,6 +38,13 @@
 
 #include <linux/linkage.h>
 #include <asm/asm-offsets.h>
+#include <crypto/aes-tables.S>
+
+.align 4
+aes_table_prerotated crypto_ft_tab
+aes_table_prerotated crypto_fl_tab
+aes_table_prerotated crypto_it_tab
+aes_table_prerotated crypto_il_tab
 
 #define tlen 1024   // length of each of 4 'xor' arrays (256 32-bit words)
 
@@ -220,9 +227,6 @@
 // AES (Rijndael) Encryption Subroutine
 /* void aes_enc_blk(struct crypto_aes_ctx *ctx, u8 *out_blk, const u8 *in_blk) */
 
-.extern  crypto_ft_tab
-.extern  crypto_fl_tab
-
 ENTRY(aes_enc_blk)
 	push    %ebp
 	mov     ctx(%esp),%ebp
@@ -292,9 +296,6 @@ ENDPROC(aes_enc_blk)
 // AES (Rijndael) Decryption Subroutine
 /* void aes_dec_blk(struct crypto_aes_ctx *ctx, u8 *out_blk, const u8 *in_blk) */
 
-.extern  crypto_it_tab
-.extern  crypto_il_tab
-
 ENTRY(aes_dec_blk)
 	push    %ebp
 	mov     ctx(%esp),%ebp
diff --git a/arch/x86/crypto/aes-x86_64-asm_64.S b/arch/x86/crypto/aes-x86_64-asm_64.S
index 8739cf7795de..7b5a9ef3e51d 100644
--- a/arch/x86/crypto/aes-x86_64-asm_64.S
+++ b/arch/x86/crypto/aes-x86_64-asm_64.S
@@ -8,15 +8,17 @@
  * including this sentence is retained in full.
  */
 
-.extern crypto_ft_tab
-.extern crypto_it_tab
-.extern crypto_fl_tab
-.extern crypto_il_tab
-
 .text
 
 #include <linux/linkage.h>
 #include <asm/asm-offsets.h>
+#include <crypto/aes-tables.S>
+
+.align 4
+aes_table_prerotated crypto_ft_tab
+aes_table_prerotated crypto_fl_tab
+aes_table_prerotated crypto_it_tab
+aes_table_prerotated crypto_il_tab
 
 #define R1	%rax
 #define R1E	%eax
diff --git a/include/crypto/aes-tables.S b/include/crypto/aes-tables.S
new file mode 100644
index 000000000000..9625c38a76fb
--- /dev/null
+++ b/include/crypto/aes-tables.S
@@ -0,0 +1,1104 @@
+/*
+ * ---------------------------------------------------------------------------
+ * Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
+ * All rights reserved.
+ *
+ * LICENSE TERMS
+ *
+ * The free distribution and use of this software in both source and binary
+ * form is allowed (with or without changes) provided that:
+ *
+ *   1. distributions of this source code include the above copyright
+ *      notice, this list of conditions and the following disclaimer;
+ *
+ *   2. distributions in binary form include the above copyright
+ *      notice, this list of conditions and the following disclaimer
+ *      in the documentation and/or other associated materials;
+ *
+ *   3. the copyright holder's name is not used to endorse products
+ *      built using this software without specific written permission.
+ *
+ * ALTERNATIVELY, provided that this notice is retained in full, this product
+ * may be distributed under the terms of the GNU General Public License (GPL),
+ * in which case the provisions of the GPL apply INSTEAD OF those given above.
+ *
+ * DISCLAIMER
+ *
+ * This software is provided 'as is' with no explicit or implied warranties
+ * in respect of its properties, including, but not limited to, correctness
+ * and/or fitness for purpose.
+ * ---------------------------------------------------------------------------
+ */
+
+#include <linux/linkage.h>
+
+	.macro		aes_table_reduced, name
+	__aes_tab	\name, 0
+	.endm
+
+	.macro		aes_table_prerotated, name
+	__aes_tab	\name, 1
+	.endm
+
+	.macro		__aes_tab, name, full
+\name\():
+	__\name		\full
+	.size		\name, . - \name
+	.endm
+
+	.macro		__crypto_ft_tab, full=1
+	.long		0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6
+	.long		0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591
+	.long		0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56
+	.long		0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec
+	.long		0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa
+	.long		0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb
+	.long		0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45
+	.long		0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b
+	.long		0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c
+	.long		0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83
+	.long		0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9
+	.long		0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a
+	.long		0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d
+	.long		0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f
+	.long		0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df
+	.long		0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea
+	.long		0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34
+	.long		0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b
+	.long		0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d
+	.long		0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413
+	.long		0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1
+	.long		0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6
+	.long		0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972
+	.long		0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85
+	.long		0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed
+	.long		0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511
+	.long		0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe
+	.long		0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b
+	.long		0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05
+	.long		0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1
+	.long		0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142
+	.long		0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf
+	.long		0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3
+	.long		0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e
+	.long		0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a
+	.long		0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6
+	.long		0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3
+	.long		0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b
+	.long		0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428
+	.long		0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad
+	.long		0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14
+	.long		0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8
+	.long		0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4
+	.long		0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2
+	.long		0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda
+	.long		0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949
+	.long		0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf
+	.long		0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810
+	.long		0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c
+	.long		0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697
+	.long		0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e
+	.long		0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f
+	.long		0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc
+	.long		0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c
+	.long		0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969
+	.long		0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27
+	.long		0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122
+	.long		0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433
+	.long		0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9
+	.long		0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5
+	.long		0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a
+	.long		0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0
+	.long		0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e
+	.long		0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c
+
+	.if \full == 1
+	.long		0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d
+	.long		0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154
+	.long		0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d
+	.long		0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a
+	.long		0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87
+	.long		0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b
+	.long		0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea
+	.long		0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b
+	.long		0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a
+	.long		0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f
+	.long		0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908
+	.long		0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f
+	.long		0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e
+	.long		0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5
+	.long		0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d
+	.long		0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f
+	.long		0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e
+	.long		0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb
+	.long		0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce
+	.long		0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397
+	.long		0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c
+	.long		0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed
+	.long		0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b
+	.long		0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a
+	.long		0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16
+	.long		0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194
+	.long		0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81
+	.long		0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3
+	.long		0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a
+	.long		0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104
+	.long		0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263
+	.long		0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d
+	.long		0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f
+	.long		0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39
+	.long		0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47
+	.long		0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695
+	.long		0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f
+	.long		0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83
+	.long		0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c
+	.long		0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76
+	.long		0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e
+	.long		0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4
+	.long		0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6
+	.long		0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b
+	.long		0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7
+	.long		0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0
+	.long		0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25
+	.long		0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018
+	.long		0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72
+	.long		0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751
+	.long		0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21
+	.long		0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85
+	.long		0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa
+	.long		0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12
+	.long		0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0
+	.long		0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9
+	.long		0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233
+	.long		0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7
+	.long		0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920
+	.long		0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a
+	.long		0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17
+	.long		0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8
+	.long		0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11
+	.long		0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a
+
+	.long		0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b
+	.long		0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5
+	.long		0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b
+	.long		0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76
+	.long		0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d
+	.long		0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0
+	.long		0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf
+	.long		0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0
+	.long		0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26
+	.long		0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc
+	.long		0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1
+	.long		0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15
+	.long		0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3
+	.long		0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a
+	.long		0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2
+	.long		0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75
+	.long		0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a
+	.long		0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0
+	.long		0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3
+	.long		0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784
+	.long		0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced
+	.long		0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b
+	.long		0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39
+	.long		0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf
+	.long		0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb
+	.long		0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485
+	.long		0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f
+	.long		0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8
+	.long		0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f
+	.long		0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5
+	.long		0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321
+	.long		0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2
+	.long		0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec
+	.long		0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917
+	.long		0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d
+	.long		0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573
+	.long		0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc
+	.long		0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388
+	.long		0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14
+	.long		0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db
+	.long		0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a
+	.long		0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c
+	.long		0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662
+	.long		0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79
+	.long		0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d
+	.long		0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9
+	.long		0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea
+	.long		0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808
+	.long		0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e
+	.long		0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6
+	.long		0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f
+	.long		0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a
+	.long		0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66
+	.long		0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e
+	.long		0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9
+	.long		0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e
+	.long		0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311
+	.long		0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794
+	.long		0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9
+	.long		0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf
+	.long		0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d
+	.long		0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868
+	.long		0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f
+	.long		0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16
+
+	.long		0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b
+	.long		0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5
+	.long		0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b
+	.long		0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676
+	.long		0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d
+	.long		0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0
+	.long		0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf
+	.long		0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0
+	.long		0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626
+	.long		0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc
+	.long		0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1
+	.long		0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515
+	.long		0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3
+	.long		0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a
+	.long		0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2
+	.long		0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575
+	.long		0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a
+	.long		0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0
+	.long		0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3
+	.long		0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484
+	.long		0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded
+	.long		0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b
+	.long		0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939
+	.long		0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf
+	.long		0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb
+	.long		0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585
+	.long		0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f
+	.long		0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8
+	.long		0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f
+	.long		0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5
+	.long		0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121
+	.long		0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2
+	.long		0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec
+	.long		0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717
+	.long		0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d
+	.long		0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373
+	.long		0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc
+	.long		0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888
+	.long		0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414
+	.long		0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb
+	.long		0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a
+	.long		0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c
+	.long		0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262
+	.long		0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979
+	.long		0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d
+	.long		0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9
+	.long		0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea
+	.long		0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808
+	.long		0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e
+	.long		0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6
+	.long		0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f
+	.long		0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a
+	.long		0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666
+	.long		0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e
+	.long		0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9
+	.long		0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e
+	.long		0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111
+	.long		0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494
+	.long		0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9
+	.long		0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf
+	.long		0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d
+	.long		0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868
+	.long		0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f
+	.long		0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616
+	.endif
+	.endm
+
+	.macro		__crypto_fl_tab, full=1
+	.long		0x00000063, 0x0000007c, 0x00000077, 0x0000007b
+	.long		0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5
+	.long		0x00000030, 0x00000001, 0x00000067, 0x0000002b
+	.long		0x000000fe, 0x000000d7, 0x000000ab, 0x00000076
+	.long		0x000000ca, 0x00000082, 0x000000c9, 0x0000007d
+	.long		0x000000fa, 0x00000059, 0x00000047, 0x000000f0
+	.long		0x000000ad, 0x000000d4, 0x000000a2, 0x000000af
+	.long		0x0000009c, 0x000000a4, 0x00000072, 0x000000c0
+	.long		0x000000b7, 0x000000fd, 0x00000093, 0x00000026
+	.long		0x00000036, 0x0000003f, 0x000000f7, 0x000000cc
+	.long		0x00000034, 0x000000a5, 0x000000e5, 0x000000f1
+	.long		0x00000071, 0x000000d8, 0x00000031, 0x00000015
+	.long		0x00000004, 0x000000c7, 0x00000023, 0x000000c3
+	.long		0x00000018, 0x00000096, 0x00000005, 0x0000009a
+	.long		0x00000007, 0x00000012, 0x00000080, 0x000000e2
+	.long		0x000000eb, 0x00000027, 0x000000b2, 0x00000075
+	.long		0x00000009, 0x00000083, 0x0000002c, 0x0000001a
+	.long		0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0
+	.long		0x00000052, 0x0000003b, 0x000000d6, 0x000000b3
+	.long		0x00000029, 0x000000e3, 0x0000002f, 0x00000084
+	.long		0x00000053, 0x000000d1, 0x00000000, 0x000000ed
+	.long		0x00000020, 0x000000fc, 0x000000b1, 0x0000005b
+	.long		0x0000006a, 0x000000cb, 0x000000be, 0x00000039
+	.long		0x0000004a, 0x0000004c, 0x00000058, 0x000000cf
+	.long		0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb
+	.long		0x00000043, 0x0000004d, 0x00000033, 0x00000085
+	.long		0x00000045, 0x000000f9, 0x00000002, 0x0000007f
+	.long		0x00000050, 0x0000003c, 0x0000009f, 0x000000a8
+	.long		0x00000051, 0x000000a3, 0x00000040, 0x0000008f
+	.long		0x00000092, 0x0000009d, 0x00000038, 0x000000f5
+	.long		0x000000bc, 0x000000b6, 0x000000da, 0x00000021
+	.long		0x00000010, 0x000000ff, 0x000000f3, 0x000000d2
+	.long		0x000000cd, 0x0000000c, 0x00000013, 0x000000ec
+	.long		0x0000005f, 0x00000097, 0x00000044, 0x00000017
+	.long		0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d
+	.long		0x00000064, 0x0000005d, 0x00000019, 0x00000073
+	.long		0x00000060, 0x00000081, 0x0000004f, 0x000000dc
+	.long		0x00000022, 0x0000002a, 0x00000090, 0x00000088
+	.long		0x00000046, 0x000000ee, 0x000000b8, 0x00000014
+	.long		0x000000de, 0x0000005e, 0x0000000b, 0x000000db
+	.long		0x000000e0, 0x00000032, 0x0000003a, 0x0000000a
+	.long		0x00000049, 0x00000006, 0x00000024, 0x0000005c
+	.long		0x000000c2, 0x000000d3, 0x000000ac, 0x00000062
+	.long		0x00000091, 0x00000095, 0x000000e4, 0x00000079
+	.long		0x000000e7, 0x000000c8, 0x00000037, 0x0000006d
+	.long		0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9
+	.long		0x0000006c, 0x00000056, 0x000000f4, 0x000000ea
+	.long		0x00000065, 0x0000007a, 0x000000ae, 0x00000008
+	.long		0x000000ba, 0x00000078, 0x00000025, 0x0000002e
+	.long		0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6
+	.long		0x000000e8, 0x000000dd, 0x00000074, 0x0000001f
+	.long		0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a
+	.long		0x00000070, 0x0000003e, 0x000000b5, 0x00000066
+	.long		0x00000048, 0x00000003, 0x000000f6, 0x0000000e
+	.long		0x00000061, 0x00000035, 0x00000057, 0x000000b9
+	.long		0x00000086, 0x000000c1, 0x0000001d, 0x0000009e
+	.long		0x000000e1, 0x000000f8, 0x00000098, 0x00000011
+	.long		0x00000069, 0x000000d9, 0x0000008e, 0x00000094
+	.long		0x0000009b, 0x0000001e, 0x00000087, 0x000000e9
+	.long		0x000000ce, 0x00000055, 0x00000028, 0x000000df
+	.long		0x0000008c, 0x000000a1, 0x00000089, 0x0000000d
+	.long		0x000000bf, 0x000000e6, 0x00000042, 0x00000068
+	.long		0x00000041, 0x00000099, 0x0000002d, 0x0000000f
+	.long		0x000000b0, 0x00000054, 0x000000bb, 0x00000016
+
+	.if		\full == 1
+	.long		0x00006300, 0x00007c00, 0x00007700, 0x00007b00
+	.long		0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500
+	.long		0x00003000, 0x00000100, 0x00006700, 0x00002b00
+	.long		0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600
+	.long		0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00
+	.long		0x0000fa00, 0x00005900, 0x00004700, 0x0000f000
+	.long		0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00
+	.long		0x00009c00, 0x0000a400, 0x00007200, 0x0000c000
+	.long		0x0000b700, 0x0000fd00, 0x00009300, 0x00002600
+	.long		0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00
+	.long		0x00003400, 0x0000a500, 0x0000e500, 0x0000f100
+	.long		0x00007100, 0x0000d800, 0x00003100, 0x00001500
+	.long		0x00000400, 0x0000c700, 0x00002300, 0x0000c300
+	.long		0x00001800, 0x00009600, 0x00000500, 0x00009a00
+	.long		0x00000700, 0x00001200, 0x00008000, 0x0000e200
+	.long		0x0000eb00, 0x00002700, 0x0000b200, 0x00007500
+	.long		0x00000900, 0x00008300, 0x00002c00, 0x00001a00
+	.long		0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000
+	.long		0x00005200, 0x00003b00, 0x0000d600, 0x0000b300
+	.long		0x00002900, 0x0000e300, 0x00002f00, 0x00008400
+	.long		0x00005300, 0x0000d100, 0x00000000, 0x0000ed00
+	.long		0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00
+	.long		0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900
+	.long		0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00
+	.long		0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00
+	.long		0x00004300, 0x00004d00, 0x00003300, 0x00008500
+	.long		0x00004500, 0x0000f900, 0x00000200, 0x00007f00
+	.long		0x00005000, 0x00003c00, 0x00009f00, 0x0000a800
+	.long		0x00005100, 0x0000a300, 0x00004000, 0x00008f00
+	.long		0x00009200, 0x00009d00, 0x00003800, 0x0000f500
+	.long		0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100
+	.long		0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200
+	.long		0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00
+	.long		0x00005f00, 0x00009700, 0x00004400, 0x00001700
+	.long		0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00
+	.long		0x00006400, 0x00005d00, 0x00001900, 0x00007300
+	.long		0x00006000, 0x00008100, 0x00004f00, 0x0000dc00
+	.long		0x00002200, 0x00002a00, 0x00009000, 0x00008800
+	.long		0x00004600, 0x0000ee00, 0x0000b800, 0x00001400
+	.long		0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00
+	.long		0x0000e000, 0x00003200, 0x00003a00, 0x00000a00
+	.long		0x00004900, 0x00000600, 0x00002400, 0x00005c00
+	.long		0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200
+	.long		0x00009100, 0x00009500, 0x0000e400, 0x00007900
+	.long		0x0000e700, 0x0000c800, 0x00003700, 0x00006d00
+	.long		0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900
+	.long		0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00
+	.long		0x00006500, 0x00007a00, 0x0000ae00, 0x00000800
+	.long		0x0000ba00, 0x00007800, 0x00002500, 0x00002e00
+	.long		0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600
+	.long		0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00
+	.long		0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00
+	.long		0x00007000, 0x00003e00, 0x0000b500, 0x00006600
+	.long		0x00004800, 0x00000300, 0x0000f600, 0x00000e00
+	.long		0x00006100, 0x00003500, 0x00005700, 0x0000b900
+	.long		0x00008600, 0x0000c100, 0x00001d00, 0x00009e00
+	.long		0x0000e100, 0x0000f800, 0x00009800, 0x00001100
+	.long		0x00006900, 0x0000d900, 0x00008e00, 0x00009400
+	.long		0x00009b00, 0x00001e00, 0x00008700, 0x0000e900
+	.long		0x0000ce00, 0x00005500, 0x00002800, 0x0000df00
+	.long		0x00008c00, 0x0000a100, 0x00008900, 0x00000d00
+	.long		0x0000bf00, 0x0000e600, 0x00004200, 0x00006800
+	.long		0x00004100, 0x00009900, 0x00002d00, 0x00000f00
+	.long		0x0000b000, 0x00005400, 0x0000bb00, 0x00001600
+
+	.long		0x00630000, 0x007c0000, 0x00770000, 0x007b0000
+	.long		0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000
+	.long		0x00300000, 0x00010000, 0x00670000, 0x002b0000
+	.long		0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000
+	.long		0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000
+	.long		0x00fa0000, 0x00590000, 0x00470000, 0x00f00000
+	.long		0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000
+	.long		0x009c0000, 0x00a40000, 0x00720000, 0x00c00000
+	.long		0x00b70000, 0x00fd0000, 0x00930000, 0x00260000
+	.long		0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000
+	.long		0x00340000, 0x00a50000, 0x00e50000, 0x00f10000
+	.long		0x00710000, 0x00d80000, 0x00310000, 0x00150000
+	.long		0x00040000, 0x00c70000, 0x00230000, 0x00c30000
+	.long		0x00180000, 0x00960000, 0x00050000, 0x009a0000
+	.long		0x00070000, 0x00120000, 0x00800000, 0x00e20000
+	.long		0x00eb0000, 0x00270000, 0x00b20000, 0x00750000
+	.long		0x00090000, 0x00830000, 0x002c0000, 0x001a0000
+	.long		0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000
+	.long		0x00520000, 0x003b0000, 0x00d60000, 0x00b30000
+	.long		0x00290000, 0x00e30000, 0x002f0000, 0x00840000
+	.long		0x00530000, 0x00d10000, 0x00000000, 0x00ed0000
+	.long		0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000
+	.long		0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000
+	.long		0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000
+	.long		0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000
+	.long		0x00430000, 0x004d0000, 0x00330000, 0x00850000
+	.long		0x00450000, 0x00f90000, 0x00020000, 0x007f0000
+	.long		0x00500000, 0x003c0000, 0x009f0000, 0x00a80000
+	.long		0x00510000, 0x00a30000, 0x00400000, 0x008f0000
+	.long		0x00920000, 0x009d0000, 0x00380000, 0x00f50000
+	.long		0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000
+	.long		0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000
+	.long		0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000
+	.long		0x005f0000, 0x00970000, 0x00440000, 0x00170000
+	.long		0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000
+	.long		0x00640000, 0x005d0000, 0x00190000, 0x00730000
+	.long		0x00600000, 0x00810000, 0x004f0000, 0x00dc0000
+	.long		0x00220000, 0x002a0000, 0x00900000, 0x00880000
+	.long		0x00460000, 0x00ee0000, 0x00b80000, 0x00140000
+	.long		0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000
+	.long		0x00e00000, 0x00320000, 0x003a0000, 0x000a0000
+	.long		0x00490000, 0x00060000, 0x00240000, 0x005c0000
+	.long		0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000
+	.long		0x00910000, 0x00950000, 0x00e40000, 0x00790000
+	.long		0x00e70000, 0x00c80000, 0x00370000, 0x006d0000
+	.long		0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000
+	.long		0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000
+	.long		0x00650000, 0x007a0000, 0x00ae0000, 0x00080000
+	.long		0x00ba0000, 0x00780000, 0x00250000, 0x002e0000
+	.long		0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000
+	.long		0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000
+	.long		0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000
+	.long		0x00700000, 0x003e0000, 0x00b50000, 0x00660000
+	.long		0x00480000, 0x00030000, 0x00f60000, 0x000e0000
+	.long		0x00610000, 0x00350000, 0x00570000, 0x00b90000
+	.long		0x00860000, 0x00c10000, 0x001d0000, 0x009e0000
+	.long		0x00e10000, 0x00f80000, 0x00980000, 0x00110000
+	.long		0x00690000, 0x00d90000, 0x008e0000, 0x00940000
+	.long		0x009b0000, 0x001e0000, 0x00870000, 0x00e90000
+	.long		0x00ce0000, 0x00550000, 0x00280000, 0x00df0000
+	.long		0x008c0000, 0x00a10000, 0x00890000, 0x000d0000
+	.long		0x00bf0000, 0x00e60000, 0x00420000, 0x00680000
+	.long		0x00410000, 0x00990000, 0x002d0000, 0x000f0000
+	.long		0x00b00000, 0x00540000, 0x00bb0000, 0x00160000
+
+	.long		0x63000000, 0x7c000000, 0x77000000, 0x7b000000
+	.long		0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000
+	.long		0x30000000, 0x01000000, 0x67000000, 0x2b000000
+	.long		0xfe000000, 0xd7000000, 0xab000000, 0x76000000
+	.long		0xca000000, 0x82000000, 0xc9000000, 0x7d000000
+	.long		0xfa000000, 0x59000000, 0x47000000, 0xf0000000
+	.long		0xad000000, 0xd4000000, 0xa2000000, 0xaf000000
+	.long		0x9c000000, 0xa4000000, 0x72000000, 0xc0000000
+	.long		0xb7000000, 0xfd000000, 0x93000000, 0x26000000
+	.long		0x36000000, 0x3f000000, 0xf7000000, 0xcc000000
+	.long		0x34000000, 0xa5000000, 0xe5000000, 0xf1000000
+	.long		0x71000000, 0xd8000000, 0x31000000, 0x15000000
+	.long		0x04000000, 0xc7000000, 0x23000000, 0xc3000000
+	.long		0x18000000, 0x96000000, 0x05000000, 0x9a000000
+	.long		0x07000000, 0x12000000, 0x80000000, 0xe2000000
+	.long		0xeb000000, 0x27000000, 0xb2000000, 0x75000000
+	.long		0x09000000, 0x83000000, 0x2c000000, 0x1a000000
+	.long		0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000
+	.long		0x52000000, 0x3b000000, 0xd6000000, 0xb3000000
+	.long		0x29000000, 0xe3000000, 0x2f000000, 0x84000000
+	.long		0x53000000, 0xd1000000, 0x00000000, 0xed000000
+	.long		0x20000000, 0xfc000000, 0xb1000000, 0x5b000000
+	.long		0x6a000000, 0xcb000000, 0xbe000000, 0x39000000
+	.long		0x4a000000, 0x4c000000, 0x58000000, 0xcf000000
+	.long		0xd0000000, 0xef000000, 0xaa000000, 0xfb000000
+	.long		0x43000000, 0x4d000000, 0x33000000, 0x85000000
+	.long		0x45000000, 0xf9000000, 0x02000000, 0x7f000000
+	.long		0x50000000, 0x3c000000, 0x9f000000, 0xa8000000
+	.long		0x51000000, 0xa3000000, 0x40000000, 0x8f000000
+	.long		0x92000000, 0x9d000000, 0x38000000, 0xf5000000
+	.long		0xbc000000, 0xb6000000, 0xda000000, 0x21000000
+	.long		0x10000000, 0xff000000, 0xf3000000, 0xd2000000
+	.long		0xcd000000, 0x0c000000, 0x13000000, 0xec000000
+	.long		0x5f000000, 0x97000000, 0x44000000, 0x17000000
+	.long		0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000
+	.long		0x64000000, 0x5d000000, 0x19000000, 0x73000000
+	.long		0x60000000, 0x81000000, 0x4f000000, 0xdc000000
+	.long		0x22000000, 0x2a000000, 0x90000000, 0x88000000
+	.long		0x46000000, 0xee000000, 0xb8000000, 0x14000000
+	.long		0xde000000, 0x5e000000, 0x0b000000, 0xdb000000
+	.long		0xe0000000, 0x32000000, 0x3a000000, 0x0a000000
+	.long		0x49000000, 0x06000000, 0x24000000, 0x5c000000
+	.long		0xc2000000, 0xd3000000, 0xac000000, 0x62000000
+	.long		0x91000000, 0x95000000, 0xe4000000, 0x79000000
+	.long		0xe7000000, 0xc8000000, 0x37000000, 0x6d000000
+	.long		0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000
+	.long		0x6c000000, 0x56000000, 0xf4000000, 0xea000000
+	.long		0x65000000, 0x7a000000, 0xae000000, 0x08000000
+	.long		0xba000000, 0x78000000, 0x25000000, 0x2e000000
+	.long		0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000
+	.long		0xe8000000, 0xdd000000, 0x74000000, 0x1f000000
+	.long		0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000
+	.long		0x70000000, 0x3e000000, 0xb5000000, 0x66000000
+	.long		0x48000000, 0x03000000, 0xf6000000, 0x0e000000
+	.long		0x61000000, 0x35000000, 0x57000000, 0xb9000000
+	.long		0x86000000, 0xc1000000, 0x1d000000, 0x9e000000
+	.long		0xe1000000, 0xf8000000, 0x98000000, 0x11000000
+	.long		0x69000000, 0xd9000000, 0x8e000000, 0x94000000
+	.long		0x9b000000, 0x1e000000, 0x87000000, 0xe9000000
+	.long		0xce000000, 0x55000000, 0x28000000, 0xdf000000
+	.long		0x8c000000, 0xa1000000, 0x89000000, 0x0d000000
+	.long		0xbf000000, 0xe6000000, 0x42000000, 0x68000000
+	.long		0x41000000, 0x99000000, 0x2d000000, 0x0f000000
+	.long		0xb0000000, 0x54000000, 0xbb000000, 0x16000000
+	.endif
+	.endm
+
+	.macro		__crypto_it_tab, full=1
+	.long		0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a
+	.long		0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b
+	.long		0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5
+	.long		0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5
+	.long		0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d
+	.long		0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b
+	.long		0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295
+	.long		0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e
+	.long		0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927
+	.long		0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d
+	.long		0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362
+	.long		0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9
+	.long		0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52
+	.long		0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566
+	.long		0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3
+	.long		0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed
+	.long		0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e
+	.long		0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4
+	.long		0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4
+	.long		0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd
+	.long		0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d
+	.long		0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060
+	.long		0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967
+	.long		0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879
+	.long		0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000
+	.long		0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c
+	.long		0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36
+	.long		0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624
+	.long		0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b
+	.long		0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c
+	.long		0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12
+	.long		0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14
+	.long		0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3
+	.long		0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b
+	.long		0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8
+	.long		0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684
+	.long		0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7
+	.long		0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177
+	.long		0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947
+	.long		0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322
+	.long		0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498
+	.long		0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f
+	.long		0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54
+	.long		0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382
+	.long		0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf
+	.long		0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb
+	.long		0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83
+	.long		0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef
+	.long		0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029
+	.long		0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235
+	.long		0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733
+	.long		0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117
+	.long		0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4
+	.long		0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546
+	.long		0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb
+	.long		0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d
+	.long		0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb
+	.long		0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a
+	.long		0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773
+	.long		0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478
+	.long		0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2
+	.long		0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff
+	.long		0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664
+	.long		0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0
+
+	.if		\full == 1
+	.long		0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96
+	.long		0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93
+	.long		0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525
+	.long		0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f
+	.long		0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1
+	.long		0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6
+	.long		0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da
+	.long		0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44
+	.long		0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd
+	.long		0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4
+	.long		0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245
+	.long		0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994
+	.long		0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7
+	.long		0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a
+	.long		0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5
+	.long		0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c
+	.long		0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1
+	.long		0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a
+	.long		0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475
+	.long		0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51
+	.long		0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46
+	.long		0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff
+	.long		0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777
+	.long		0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db
+	.long		0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000
+	.long		0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e
+	.long		0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627
+	.long		0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a
+	.long		0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e
+	.long		0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16
+	.long		0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d
+	.long		0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8
+	.long		0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd
+	.long		0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34
+	.long		0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863
+	.long		0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420
+	.long		0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d
+	.long		0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0
+	.long		0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722
+	.long		0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef
+	.long		0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836
+	.long		0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4
+	.long		0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462
+	.long		0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5
+	.long		0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3
+	.long		0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b
+	.long		0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8
+	.long		0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6
+	.long		0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6
+	.long		0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0
+	.long		0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315
+	.long		0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f
+	.long		0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df
+	.long		0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f
+	.long		0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e
+	.long		0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13
+	.long		0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89
+	.long		0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c
+	.long		0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf
+	.long		0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886
+	.long		0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f
+	.long		0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41
+	.long		0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490
+	.long		0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042
+
+	.long		0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e
+	.long		0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303
+	.long		0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c
+	.long		0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3
+	.long		0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0
+	.long		0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9
+	.long		0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59
+	.long		0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8
+	.long		0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71
+	.long		0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a
+	.long		0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f
+	.long		0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b
+	.long		0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8
+	.long		0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab
+	.long		0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508
+	.long		0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82
+	.long		0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2
+	.long		0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe
+	.long		0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb
+	.long		0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110
+	.long		0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd
+	.long		0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15
+	.long		0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e
+	.long		0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee
+	.long		0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000
+	.long		0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72
+	.long		0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739
+	.long		0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e
+	.long		0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91
+	.long		0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a
+	.long		0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17
+	.long		0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9
+	.long		0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60
+	.long		0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e
+	.long		0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1
+	.long		0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011
+	.long		0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1
+	.long		0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3
+	.long		0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264
+	.long		0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90
+	.long		0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b
+	.long		0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf
+	.long		0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246
+	.long		0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af
+	.long		0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312
+	.long		0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb
+	.long		0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a
+	.long		0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8
+	.long		0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c
+	.long		0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066
+	.long		0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8
+	.long		0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6
+	.long		0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04
+	.long		0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51
+	.long		0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41
+	.long		0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347
+	.long		0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c
+	.long		0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1
+	.long		0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37
+	.long		0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db
+	.long		0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40
+	.long		0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195
+	.long		0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1
+	.long		0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257
+
+	.long		0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27
+	.long		0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3
+	.long		0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02
+	.long		0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362
+	.long		0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe
+	.long		0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3
+	.long		0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952
+	.long		0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9
+	.long		0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9
+	.long		0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace
+	.long		0x63184adf, 0xe582311a, 0x97603351, 0x62457f53
+	.long		0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08
+	.long		0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b
+	.long		0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55
+	.long		0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837
+	.long		0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216
+	.long		0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269
+	.long		0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6
+	.long		0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6
+	.long		0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e
+	.long		0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6
+	.long		0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550
+	.long		0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9
+	.long		0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8
+	.long		0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000
+	.long		0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a
+	.long		0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d
+	.long		0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36
+	.long		0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b
+	.long		0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12
+	.long		0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b
+	.long		0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e
+	.long		0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f
+	.long		0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb
+	.long		0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4
+	.long		0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6
+	.long		0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129
+	.long		0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1
+	.long		0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9
+	.long		0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033
+	.long		0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4
+	.long		0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad
+	.long		0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e
+	.long		0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3
+	.long		0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225
+	.long		0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b
+	.long		0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f
+	.long		0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815
+	.long		0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0
+	.long		0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2
+	.long		0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7
+	.long		0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691
+	.long		0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496
+	.long		0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165
+	.long		0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b
+	.long		0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6
+	.long		0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13
+	.long		0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147
+	.long		0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7
+	.long		0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44
+	.long		0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3
+	.long		0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d
+	.long		0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156
+	.long		0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8
+	.endif
+	.endm
+
+	.macro		__crypto_il_tab, full=1
+	.long		0x00000052, 0x00000009, 0x0000006a, 0x000000d5
+	.long		0x00000030, 0x00000036, 0x000000a5, 0x00000038
+	.long		0x000000bf, 0x00000040, 0x000000a3, 0x0000009e
+	.long		0x00000081, 0x000000f3, 0x000000d7, 0x000000fb
+	.long		0x0000007c, 0x000000e3, 0x00000039, 0x00000082
+	.long		0x0000009b, 0x0000002f, 0x000000ff, 0x00000087
+	.long		0x00000034, 0x0000008e, 0x00000043, 0x00000044
+	.long		0x000000c4, 0x000000de, 0x000000e9, 0x000000cb
+	.long		0x00000054, 0x0000007b, 0x00000094, 0x00000032
+	.long		0x000000a6, 0x000000c2, 0x00000023, 0x0000003d
+	.long		0x000000ee, 0x0000004c, 0x00000095, 0x0000000b
+	.long		0x00000042, 0x000000fa, 0x000000c3, 0x0000004e
+	.long		0x00000008, 0x0000002e, 0x000000a1, 0x00000066
+	.long		0x00000028, 0x000000d9, 0x00000024, 0x000000b2
+	.long		0x00000076, 0x0000005b, 0x000000a2, 0x00000049
+	.long		0x0000006d, 0x0000008b, 0x000000d1, 0x00000025
+	.long		0x00000072, 0x000000f8, 0x000000f6, 0x00000064
+	.long		0x00000086, 0x00000068, 0x00000098, 0x00000016
+	.long		0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc
+	.long		0x0000005d, 0x00000065, 0x000000b6, 0x00000092
+	.long		0x0000006c, 0x00000070, 0x00000048, 0x00000050
+	.long		0x000000fd, 0x000000ed, 0x000000b9, 0x000000da
+	.long		0x0000005e, 0x00000015, 0x00000046, 0x00000057
+	.long		0x000000a7, 0x0000008d, 0x0000009d, 0x00000084
+	.long		0x00000090, 0x000000d8, 0x000000ab, 0x00000000
+	.long		0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a
+	.long		0x000000f7, 0x000000e4, 0x00000058, 0x00000005
+	.long		0x000000b8, 0x000000b3, 0x00000045, 0x00000006
+	.long		0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f
+	.long		0x000000ca, 0x0000003f, 0x0000000f, 0x00000002
+	.long		0x000000c1, 0x000000af, 0x000000bd, 0x00000003
+	.long		0x00000001, 0x00000013, 0x0000008a, 0x0000006b
+	.long		0x0000003a, 0x00000091, 0x00000011, 0x00000041
+	.long		0x0000004f, 0x00000067, 0x000000dc, 0x000000ea
+	.long		0x00000097, 0x000000f2, 0x000000cf, 0x000000ce
+	.long		0x000000f0, 0x000000b4, 0x000000e6, 0x00000073
+	.long		0x00000096, 0x000000ac, 0x00000074, 0x00000022
+	.long		0x000000e7, 0x000000ad, 0x00000035, 0x00000085
+	.long		0x000000e2, 0x000000f9, 0x00000037, 0x000000e8
+	.long		0x0000001c, 0x00000075, 0x000000df, 0x0000006e
+	.long		0x00000047, 0x000000f1, 0x0000001a, 0x00000071
+	.long		0x0000001d, 0x00000029, 0x000000c5, 0x00000089
+	.long		0x0000006f, 0x000000b7, 0x00000062, 0x0000000e
+	.long		0x000000aa, 0x00000018, 0x000000be, 0x0000001b
+	.long		0x000000fc, 0x00000056, 0x0000003e, 0x0000004b
+	.long		0x000000c6, 0x000000d2, 0x00000079, 0x00000020
+	.long		0x0000009a, 0x000000db, 0x000000c0, 0x000000fe
+	.long		0x00000078, 0x000000cd, 0x0000005a, 0x000000f4
+	.long		0x0000001f, 0x000000dd, 0x000000a8, 0x00000033
+	.long		0x00000088, 0x00000007, 0x000000c7, 0x00000031
+	.long		0x000000b1, 0x00000012, 0x00000010, 0x00000059
+	.long		0x00000027, 0x00000080, 0x000000ec, 0x0000005f
+	.long		0x00000060, 0x00000051, 0x0000007f, 0x000000a9
+	.long		0x00000019, 0x000000b5, 0x0000004a, 0x0000000d
+	.long		0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f
+	.long		0x00000093, 0x000000c9, 0x0000009c, 0x000000ef
+	.long		0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d
+	.long		0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0
+	.long		0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c
+	.long		0x00000083, 0x00000053, 0x00000099, 0x00000061
+	.long		0x00000017, 0x0000002b, 0x00000004, 0x0000007e
+	.long		0x000000ba, 0x00000077, 0x000000d6, 0x00000026
+	.long		0x000000e1, 0x00000069, 0x00000014, 0x00000063
+	.long		0x00000055, 0x00000021, 0x0000000c, 0x0000007d
+
+	.if		\full == 1
+	.long		0x00005200, 0x00000900, 0x00006a00, 0x0000d500
+	.long		0x00003000, 0x00003600, 0x0000a500, 0x00003800
+	.long		0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00
+	.long		0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00
+	.long		0x00007c00, 0x0000e300, 0x00003900, 0x00008200
+	.long		0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700
+	.long		0x00003400, 0x00008e00, 0x00004300, 0x00004400
+	.long		0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00
+	.long		0x00005400, 0x00007b00, 0x00009400, 0x00003200
+	.long		0x0000a600, 0x0000c200, 0x00002300, 0x00003d00
+	.long		0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00
+	.long		0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00
+	.long		0x00000800, 0x00002e00, 0x0000a100, 0x00006600
+	.long		0x00002800, 0x0000d900, 0x00002400, 0x0000b200
+	.long		0x00007600, 0x00005b00, 0x0000a200, 0x00004900
+	.long		0x00006d00, 0x00008b00, 0x0000d100, 0x00002500
+	.long		0x00007200, 0x0000f800, 0x0000f600, 0x00006400
+	.long		0x00008600, 0x00006800, 0x00009800, 0x00001600
+	.long		0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00
+	.long		0x00005d00, 0x00006500, 0x0000b600, 0x00009200
+	.long		0x00006c00, 0x00007000, 0x00004800, 0x00005000
+	.long		0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00
+	.long		0x00005e00, 0x00001500, 0x00004600, 0x00005700
+	.long		0x0000a700, 0x00008d00, 0x00009d00, 0x00008400
+	.long		0x00009000, 0x0000d800, 0x0000ab00, 0x00000000
+	.long		0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00
+	.long		0x0000f700, 0x0000e400, 0x00005800, 0x00000500
+	.long		0x0000b800, 0x0000b300, 0x00004500, 0x00000600
+	.long		0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00
+	.long		0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200
+	.long		0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300
+	.long		0x00000100, 0x00001300, 0x00008a00, 0x00006b00
+	.long		0x00003a00, 0x00009100, 0x00001100, 0x00004100
+	.long		0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00
+	.long		0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00
+	.long		0x0000f000, 0x0000b400, 0x0000e600, 0x00007300
+	.long		0x00009600, 0x0000ac00, 0x00007400, 0x00002200
+	.long		0x0000e700, 0x0000ad00, 0x00003500, 0x00008500
+	.long		0x0000e200, 0x0000f900, 0x00003700, 0x0000e800
+	.long		0x00001c00, 0x00007500, 0x0000df00, 0x00006e00
+	.long		0x00004700, 0x0000f100, 0x00001a00, 0x00007100
+	.long		0x00001d00, 0x00002900, 0x0000c500, 0x00008900
+	.long		0x00006f00, 0x0000b700, 0x00006200, 0x00000e00
+	.long		0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00
+	.long		0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00
+	.long		0x0000c600, 0x0000d200, 0x00007900, 0x00002000
+	.long		0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00
+	.long		0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400
+	.long		0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300
+	.long		0x00008800, 0x00000700, 0x0000c700, 0x00003100
+	.long		0x0000b100, 0x00001200, 0x00001000, 0x00005900
+	.long		0x00002700, 0x00008000, 0x0000ec00, 0x00005f00
+	.long		0x00006000, 0x00005100, 0x00007f00, 0x0000a900
+	.long		0x00001900, 0x0000b500, 0x00004a00, 0x00000d00
+	.long		0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00
+	.long		0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00
+	.long		0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00
+	.long		0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000
+	.long		0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00
+	.long		0x00008300, 0x00005300, 0x00009900, 0x00006100
+	.long		0x00001700, 0x00002b00, 0x00000400, 0x00007e00
+	.long		0x0000ba00, 0x00007700, 0x0000d600, 0x00002600
+	.long		0x0000e100, 0x00006900, 0x00001400, 0x00006300
+	.long		0x00005500, 0x00002100, 0x00000c00, 0x00007d00
+
+	.long		0x00520000, 0x00090000, 0x006a0000, 0x00d50000
+	.long		0x00300000, 0x00360000, 0x00a50000, 0x00380000
+	.long		0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000
+	.long		0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000
+	.long		0x007c0000, 0x00e30000, 0x00390000, 0x00820000
+	.long		0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000
+	.long		0x00340000, 0x008e0000, 0x00430000, 0x00440000
+	.long		0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000
+	.long		0x00540000, 0x007b0000, 0x00940000, 0x00320000
+	.long		0x00a60000, 0x00c20000, 0x00230000, 0x003d0000
+	.long		0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000
+	.long		0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000
+	.long		0x00080000, 0x002e0000, 0x00a10000, 0x00660000
+	.long		0x00280000, 0x00d90000, 0x00240000, 0x00b20000
+	.long		0x00760000, 0x005b0000, 0x00a20000, 0x00490000
+	.long		0x006d0000, 0x008b0000, 0x00d10000, 0x00250000
+	.long		0x00720000, 0x00f80000, 0x00f60000, 0x00640000
+	.long		0x00860000, 0x00680000, 0x00980000, 0x00160000
+	.long		0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000
+	.long		0x005d0000, 0x00650000, 0x00b60000, 0x00920000
+	.long		0x006c0000, 0x00700000, 0x00480000, 0x00500000
+	.long		0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000
+	.long		0x005e0000, 0x00150000, 0x00460000, 0x00570000
+	.long		0x00a70000, 0x008d0000, 0x009d0000, 0x00840000
+	.long		0x00900000, 0x00d80000, 0x00ab0000, 0x00000000
+	.long		0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000
+	.long		0x00f70000, 0x00e40000, 0x00580000, 0x00050000
+	.long		0x00b80000, 0x00b30000, 0x00450000, 0x00060000
+	.long		0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000
+	.long		0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000
+	.long		0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000
+	.long		0x00010000, 0x00130000, 0x008a0000, 0x006b0000
+	.long		0x003a0000, 0x00910000, 0x00110000, 0x00410000
+	.long		0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000
+	.long		0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000
+	.long		0x00f00000, 0x00b40000, 0x00e60000, 0x00730000
+	.long		0x00960000, 0x00ac0000, 0x00740000, 0x00220000
+	.long		0x00e70000, 0x00ad0000, 0x00350000, 0x00850000
+	.long		0x00e20000, 0x00f90000, 0x00370000, 0x00e80000
+	.long		0x001c0000, 0x00750000, 0x00df0000, 0x006e0000
+	.long		0x00470000, 0x00f10000, 0x001a0000, 0x00710000
+	.long		0x001d0000, 0x00290000, 0x00c50000, 0x00890000
+	.long		0x006f0000, 0x00b70000, 0x00620000, 0x000e0000
+	.long		0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000
+	.long		0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000
+	.long		0x00c60000, 0x00d20000, 0x00790000, 0x00200000
+	.long		0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000
+	.long		0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000
+	.long		0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000
+	.long		0x00880000, 0x00070000, 0x00c70000, 0x00310000
+	.long		0x00b10000, 0x00120000, 0x00100000, 0x00590000
+	.long		0x00270000, 0x00800000, 0x00ec0000, 0x005f0000
+	.long		0x00600000, 0x00510000, 0x007f0000, 0x00a90000
+	.long		0x00190000, 0x00b50000, 0x004a0000, 0x000d0000
+	.long		0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000
+	.long		0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000
+	.long		0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000
+	.long		0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000
+	.long		0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000
+	.long		0x00830000, 0x00530000, 0x00990000, 0x00610000
+	.long		0x00170000, 0x002b0000, 0x00040000, 0x007e0000
+	.long		0x00ba0000, 0x00770000, 0x00d60000, 0x00260000
+	.long		0x00e10000, 0x00690000, 0x00140000, 0x00630000
+	.long		0x00550000, 0x00210000, 0x000c0000, 0x007d0000
+
+	.long		0x52000000, 0x09000000, 0x6a000000, 0xd5000000
+	.long		0x30000000, 0x36000000, 0xa5000000, 0x38000000
+	.long		0xbf000000, 0x40000000, 0xa3000000, 0x9e000000
+	.long		0x81000000, 0xf3000000, 0xd7000000, 0xfb000000
+	.long		0x7c000000, 0xe3000000, 0x39000000, 0x82000000
+	.long		0x9b000000, 0x2f000000, 0xff000000, 0x87000000
+	.long		0x34000000, 0x8e000000, 0x43000000, 0x44000000
+	.long		0xc4000000, 0xde000000, 0xe9000000, 0xcb000000
+	.long		0x54000000, 0x7b000000, 0x94000000, 0x32000000
+	.long		0xa6000000, 0xc2000000, 0x23000000, 0x3d000000
+	.long		0xee000000, 0x4c000000, 0x95000000, 0x0b000000
+	.long		0x42000000, 0xfa000000, 0xc3000000, 0x4e000000
+	.long		0x08000000, 0x2e000000, 0xa1000000, 0x66000000
+	.long		0x28000000, 0xd9000000, 0x24000000, 0xb2000000
+	.long		0x76000000, 0x5b000000, 0xa2000000, 0x49000000
+	.long		0x6d000000, 0x8b000000, 0xd1000000, 0x25000000
+	.long		0x72000000, 0xf8000000, 0xf6000000, 0x64000000
+	.long		0x86000000, 0x68000000, 0x98000000, 0x16000000
+	.long		0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000
+	.long		0x5d000000, 0x65000000, 0xb6000000, 0x92000000
+	.long		0x6c000000, 0x70000000, 0x48000000, 0x50000000
+	.long		0xfd000000, 0xed000000, 0xb9000000, 0xda000000
+	.long		0x5e000000, 0x15000000, 0x46000000, 0x57000000
+	.long		0xa7000000, 0x8d000000, 0x9d000000, 0x84000000
+	.long		0x90000000, 0xd8000000, 0xab000000, 0x00000000
+	.long		0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000
+	.long		0xf7000000, 0xe4000000, 0x58000000, 0x05000000
+	.long		0xb8000000, 0xb3000000, 0x45000000, 0x06000000
+	.long		0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000
+	.long		0xca000000, 0x3f000000, 0x0f000000, 0x02000000
+	.long		0xc1000000, 0xaf000000, 0xbd000000, 0x03000000
+	.long		0x01000000, 0x13000000, 0x8a000000, 0x6b000000
+	.long		0x3a000000, 0x91000000, 0x11000000, 0x41000000
+	.long		0x4f000000, 0x67000000, 0xdc000000, 0xea000000
+	.long		0x97000000, 0xf2000000, 0xcf000000, 0xce000000
+	.long		0xf0000000, 0xb4000000, 0xe6000000, 0x73000000
+	.long		0x96000000, 0xac000000, 0x74000000, 0x22000000
+	.long		0xe7000000, 0xad000000, 0x35000000, 0x85000000
+	.long		0xe2000000, 0xf9000000, 0x37000000, 0xe8000000
+	.long		0x1c000000, 0x75000000, 0xdf000000, 0x6e000000
+	.long		0x47000000, 0xf1000000, 0x1a000000, 0x71000000
+	.long		0x1d000000, 0x29000000, 0xc5000000, 0x89000000
+	.long		0x6f000000, 0xb7000000, 0x62000000, 0x0e000000
+	.long		0xaa000000, 0x18000000, 0xbe000000, 0x1b000000
+	.long		0xfc000000, 0x56000000, 0x3e000000, 0x4b000000
+	.long		0xc6000000, 0xd2000000, 0x79000000, 0x20000000
+	.long		0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000
+	.long		0x78000000, 0xcd000000, 0x5a000000, 0xf4000000
+	.long		0x1f000000, 0xdd000000, 0xa8000000, 0x33000000
+	.long		0x88000000, 0x07000000, 0xc7000000, 0x31000000
+	.long		0xb1000000, 0x12000000, 0x10000000, 0x59000000
+	.long		0x27000000, 0x80000000, 0xec000000, 0x5f000000
+	.long		0x60000000, 0x51000000, 0x7f000000, 0xa9000000
+	.long		0x19000000, 0xb5000000, 0x4a000000, 0x0d000000
+	.long		0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000
+	.long		0x93000000, 0xc9000000, 0x9c000000, 0xef000000
+	.long		0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000
+	.long		0xae000000, 0x2a000000, 0xf5000000, 0xb0000000
+	.long		0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000
+	.long		0x83000000, 0x53000000, 0x99000000, 0x61000000
+	.long		0x17000000, 0x2b000000, 0x04000000, 0x7e000000
+	.long		0xba000000, 0x77000000, 0xd6000000, 0x26000000
+	.long		0xe1000000, 0x69000000, 0x14000000, 0x63000000
+	.long		0x55000000, 0x21000000, 0x0c000000, 0x7d000000
+	.endif
+	.endm
+
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 7524ba3b6f3c..8a4afdca611e 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -27,11 +27,6 @@ struct crypto_aes_ctx {
 	u32 key_length;
 };
 
-extern const u32 crypto_ft_tab[4][256];
-extern const u32 crypto_fl_tab[4][256];
-extern const u32 crypto_it_tab[4][256];
-extern const u32 crypto_il_tab[4][256];
-
 int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 		unsigned int key_len);
 int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
-- 
2.9.3

[PATCH v4 3/8] crypto: aes - retire table based generic AES in favor of fixed time driver

[Ard Biesheuvel]

Rework the fixed time AES code so that it can fulfil dependencies of other
drivers on the shared AES key expansion routines. This way, we can remove
the table based generic AES code altogether, and use the much smaller and
time invariant fixed time driver as the global default for systems that
don't have an architecture specific accelerated implementation of the
cipher.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 crypto/Kconfig                     |   31 +-
 crypto/Makefile                    |    3 +-
 crypto/{aes_ti.c => aes.c}         |  169 ++-
 crypto/aes_generic.c               | 1478 --------------------
 drivers/crypto/chelsio/chcr_algo.c |    4 +-
 include/crypto/aes.h               |    6 +
 6 files changed, 121 insertions(+), 1570 deletions(-)

diff --git a/crypto/Kconfig b/crypto/Kconfig
index caa770e535a2..7766fea9c18e 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -895,35 +895,12 @@ config CRYPTO_GHASH_CLMUL_NI_INTEL
 comment "Ciphers"
 
 config CRYPTO_AES
-	tristate "AES cipher algorithms"
+	tristate "Generic AES cipher (fixed time)"
 	select CRYPTO_ALGAPI
 	help
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
-	  algorithm.
-
-	  Rijndael appears to be consistently a very good performer in
-	  both hardware and software across a wide range of computing
-	  environments regardless of its use in feedback or non-feedback
-	  modes. Its key setup time is excellent, and its key agility is
-	  good. Rijndael's very low memory requirements make it very well
-	  suited for restricted-space environments, in which it also
-	  demonstrates excellent performance. Rijndael's operations are
-	  among the easiest to defend against power and timing attacks.
-
-	  The AES specifies three key sizes: 128, 192 and 256 bits
-
-	  See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
-
-config CRYPTO_AES_TI
-	tristate "Fixed time AES cipher"
-	select CRYPTO_ALGAPI
-	help
-	  This is a generic implementation of AES that attempts to eliminate
-	  data dependent latencies as much as possible without affecting
-	  performance too much. It is intended for use by the generic CCM
-	  and GCM drivers, and other CTR or CMAC/XCBC based modes that rely
-	  solely on encryption (although decryption is supported as well, but
-	  with a more dramatic performance hit)
+	  This is a generic implementation of AES that was designed to be
+	  small (in terms of code size and D-cache footprint) and time
+	  invariant, with reasonable performance.
 
 	  Instead of using 16 lookup tables of 1 KB each, (8 for encryption and
 	  8 for decryption), this implementation only uses just two S-boxes of
diff --git a/crypto/Makefile b/crypto/Makefile
index d41f0331b085..6163d47b3e12 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile
@@ -96,8 +96,7 @@ obj-$(CONFIG_CRYPTO_TWOFISH) += twofish_generic.o
 obj-$(CONFIG_CRYPTO_TWOFISH_COMMON) += twofish_common.o
 obj-$(CONFIG_CRYPTO_SERPENT) += serpent_generic.o
 CFLAGS_serpent_generic.o := $(call cc-option,-fsched-pressure)  # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79149
-obj-$(CONFIG_CRYPTO_AES) += aes_generic.o
-obj-$(CONFIG_CRYPTO_AES_TI) += aes_ti.o
+obj-$(CONFIG_CRYPTO_AES) += aes.o
 obj-$(CONFIG_CRYPTO_CAMELLIA) += camellia_generic.o
 obj-$(CONFIG_CRYPTO_CAST_COMMON) += cast_common.o
 obj-$(CONFIG_CRYPTO_CAST5) += cast5_generic.o
diff --git a/crypto/aes_ti.c b/crypto/aes.c
similarity index 76%
rename from crypto/aes_ti.c
rename to crypto/aes.c
index 03023b2290e8..1c246274bfa3 100644
--- a/crypto/aes_ti.c
+++ b/crypto/aes.c
@@ -13,11 +13,7 @@
 #include <linux/module.h>
 #include <asm/unaligned.h>
 
-/*
- * Emit the sbox as volatile const to prevent the compiler from doing
- * constant folding on sbox references involving fixed indexes.
- */
-static volatile const u8 __cacheline_aligned __aesti_sbox[] = {
+static volatile const u8 __cacheline_aligned aes_sbox[] = {
 	0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
 	0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
 	0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
@@ -52,7 +48,7 @@ static volatile const u8 __cacheline_aligned __aesti_sbox[] = {
 	0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16,
 };
 
-static volatile const u8 __cacheline_aligned __aesti_inv_sbox[] = {
+static volatile const u8 __cacheline_aligned aes_inv_sbox[] = {
 	0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
 	0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
 	0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
@@ -145,30 +141,30 @@ static u32 inv_mix_columns(u32 x)
 
 static __always_inline u32 subshift(u32 in[], int pos)
 {
-	return (__aesti_sbox[in[pos] & 0xff]) ^
-	       (__aesti_sbox[(in[(pos + 1) % 4] >>  8) & 0xff] <<  8) ^
-	       (__aesti_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
-	       (__aesti_sbox[(in[(pos + 3) % 4] >> 24) & 0xff] << 24);
+	return (aes_sbox[in[pos] & 0xff]) ^
+	       (aes_sbox[(in[(pos + 1) % 4] >>  8) & 0xff] <<  8) ^
+	       (aes_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
+	       (aes_sbox[(in[(pos + 3) % 4] >> 24) & 0xff] << 24);
 }
 
 static __always_inline u32 inv_subshift(u32 in[], int pos)
 {
-	return (__aesti_inv_sbox[in[pos] & 0xff]) ^
-	       (__aesti_inv_sbox[(in[(pos + 3) % 4] >>  8) & 0xff] <<  8) ^
-	       (__aesti_inv_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
-	       (__aesti_inv_sbox[(in[(pos + 1) % 4] >> 24) & 0xff] << 24);
+	return (aes_inv_sbox[in[pos] & 0xff]) ^
+	       (aes_inv_sbox[(in[(pos + 3) % 4] >>  8) & 0xff] <<  8) ^
+	       (aes_inv_sbox[(in[(pos + 2) % 4] >> 16) & 0xff] << 16) ^
+	       (aes_inv_sbox[(in[(pos + 1) % 4] >> 24) & 0xff] << 24);
 }
 
 static u32 subw(u32 in)
 {
-	return (__aesti_sbox[in & 0xff]) ^
-	       (__aesti_sbox[(in >>  8) & 0xff] <<  8) ^
-	       (__aesti_sbox[(in >> 16) & 0xff] << 16) ^
-	       (__aesti_sbox[(in >> 24) & 0xff] << 24);
+	return (aes_sbox[in & 0xff]) ^
+	       (aes_sbox[(in >>  8) & 0xff] <<  8) ^
+	       (aes_sbox[(in >> 16) & 0xff] << 16) ^
+	       (aes_sbox[(in >> 24) & 0xff] << 24);
 }
 
-static int aesti_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
-			    unsigned int key_len)
+int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
+			  unsigned int key_len)
 {
 	u32 kwords = key_len / sizeof(u32);
 	u32 rc, i, j;
@@ -192,12 +188,12 @@ static int aesti_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
 		rko[2] = rko[1] ^ rki[2];
 		rko[3] = rko[2] ^ rki[3];
 
-		if (key_len == 24) {
+		if (key_len == AES_KEYSIZE_192) {
 			if (i >= 7)
 				break;
 			rko[4] = rko[3] ^ rki[4];
 			rko[5] = rko[4] ^ rki[5];
-		} else if (key_len == 32) {
+		} else if (key_len == AES_KEYSIZE_256) {
 			if (i >= 6)
 				break;
 			rko[4] = subw(rko[3]) ^ rki[4];
@@ -232,40 +228,34 @@ static int aesti_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
 
 	return 0;
 }
+EXPORT_SYMBOL_GPL(crypto_aes_expand_key);
 
-static int aesti_set_key(struct crypto_tfm *tfm, const u8 *in_key,
-			 unsigned int key_len)
+/**
+ * crypto_aes_set_key - Set the AES key.
+ * @tfm:	The %crypto_tfm that is used in the context.
+ * @in_key:	The input key.
+ * @key_len:	The size of the key.
+ *
+ * Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
+ * is set. The function uses crypto_aes_expand_key() to expand the key.
+ * &crypto_aes_ctx _must_ be the private data embedded in @tfm which is
+ * retrieved with crypto_tfm_ctx().
+ */
+int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+		unsigned int key_len)
 {
 	struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
-	int err;
-
-	err = aesti_expand_key(ctx, in_key, key_len);
-	if (err)
-		return err;
-
-	/*
-	 * In order to force the compiler to emit data independent Sbox lookups
-	 * at the start of each block, xor the first round key with values at
-	 * fixed indexes in the Sbox. This will need to be repeated each time
-	 * the key is used, which will pull the entire Sbox into the D-cache
-	 * before any data dependent Sbox lookups are performed.
-	 */
-	ctx->key_enc[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
-	ctx->key_enc[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
-	ctx->key_enc[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
-	ctx->key_enc[3] ^= __aesti_sbox[96] ^ __aesti_sbox[224];
-
-	ctx->key_dec[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
-	ctx->key_dec[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
-	ctx->key_dec[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
-	ctx->key_dec[3] ^= __aesti_inv_sbox[96] ^ __aesti_inv_sbox[224];
 
+	if (crypto_aes_expand_key(ctx, in_key, key_len)) {
+		tfm->crt_flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
+		return -EINVAL;
+	}
 	return 0;
 }
+EXPORT_SYMBOL_GPL(crypto_aes_set_key);
 
-static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+void crypto_aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
 {
-	const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
 	const u32 *rkp = ctx->key_enc + 4;
 	int rounds = 6 + ctx->key_length / 4;
 	u32 st0[4], st1[4];
@@ -276,11 +266,6 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	st0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8);
 	st0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12);
 
-	st0[0] ^= __aesti_sbox[ 0] ^ __aesti_sbox[128];
-	st0[1] ^= __aesti_sbox[32] ^ __aesti_sbox[160];
-	st0[2] ^= __aesti_sbox[64] ^ __aesti_sbox[192];
-	st0[3] ^= __aesti_sbox[96] ^ __aesti_sbox[224];
-
 	for (round = 0;; round += 2, rkp += 8) {
 		st1[0] = mix_columns(subshift(st0, 0)) ^ rkp[0];
 		st1[1] = mix_columns(subshift(st0, 1)) ^ rkp[1];
@@ -301,10 +286,10 @@ static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	put_unaligned_le32(subshift(st1, 2) ^ rkp[6], out + 8);
 	put_unaligned_le32(subshift(st1, 3) ^ rkp[7], out + 12);
 }
+EXPORT_SYMBOL_GPL(crypto_aes_encrypt);
 
-static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+void crypto_aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out, const u8 *in)
 {
-	const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
 	const u32 *rkp = ctx->key_dec + 4;
 	int rounds = 6 + ctx->key_length / 4;
 	u32 st0[4], st1[4];
@@ -315,11 +300,6 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	st0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8);
 	st0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12);
 
-	st0[0] ^= __aesti_inv_sbox[ 0] ^ __aesti_inv_sbox[128];
-	st0[1] ^= __aesti_inv_sbox[32] ^ __aesti_inv_sbox[160];
-	st0[2] ^= __aesti_inv_sbox[64] ^ __aesti_inv_sbox[192];
-	st0[3] ^= __aesti_inv_sbox[96] ^ __aesti_inv_sbox[224];
-
 	for (round = 0;; round += 2, rkp += 8) {
 		st1[0] = inv_mix_columns(inv_subshift(st0, 0)) ^ rkp[0];
 		st1[1] = inv_mix_columns(inv_subshift(st0, 1)) ^ rkp[1];
@@ -340,11 +320,72 @@ static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
 	put_unaligned_le32(inv_subshift(st1, 2) ^ rkp[6], out + 8);
 	put_unaligned_le32(inv_subshift(st1, 3) ^ rkp[7], out + 12);
 }
+EXPORT_SYMBOL_GPL(crypto_aes_decrypt);
+
+static int aesti_set_key(struct crypto_tfm *tfm, const u8 *in_key,
+			 unsigned int key_len)
+{
+	struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
+	int err;
+
+	err = crypto_aes_expand_key(ctx, in_key, key_len);
+	if (err)
+		return err;
+
+	/*
+	 * In order to force the compiler to emit data independent Sbox lookups
+	 * at the start of each block, xor the first round key with values at
+	 * fixed indexes in the Sbox. This will need to be repeated each time
+	 * the key is used, which will pull the entire Sbox into the D-cache
+	 * before any data dependent Sbox lookups are performed.
+	 */
+	ctx->key_enc[0] ^= aes_sbox[ 0] ^ aes_sbox[128];
+	ctx->key_enc[1] ^= aes_sbox[32] ^ aes_sbox[160];
+	ctx->key_enc[2] ^= aes_sbox[64] ^ aes_sbox[192];
+	ctx->key_enc[3] ^= aes_sbox[96] ^ aes_sbox[224];
+
+	ctx->key_dec[0] ^= aes_inv_sbox[ 0] ^ aes_inv_sbox[128];
+	ctx->key_dec[1] ^= aes_inv_sbox[32] ^ aes_inv_sbox[160];
+	ctx->key_dec[2] ^= aes_inv_sbox[64] ^ aes_inv_sbox[192];
+	ctx->key_dec[3] ^= aes_inv_sbox[96] ^ aes_inv_sbox[224];
+
+	return 0;
+}
+
+static void aesti_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+{
+	const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
+	u8 src[AES_BLOCK_SIZE];
+
+	memcpy(src, in, AES_BLOCK_SIZE);
+
+	src[ 0] ^= aes_sbox[ 0] ^ aes_sbox[128];
+	src[ 4] ^= aes_sbox[32] ^ aes_sbox[160];
+	src[ 8] ^= aes_sbox[64] ^ aes_sbox[192];
+	src[12] ^= aes_sbox[96] ^ aes_sbox[224];
+
+	crypto_aes_encrypt(ctx, out, src);
+}
+
+static void aesti_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
+{
+	const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
+	u8 src[AES_BLOCK_SIZE];
+
+	memcpy(src, in, AES_BLOCK_SIZE);
+
+	src[ 0] ^= aes_inv_sbox[ 0] ^ aes_inv_sbox[128];
+	src[ 4] ^= aes_inv_sbox[32] ^ aes_inv_sbox[160];
+	src[ 8] ^= aes_inv_sbox[64] ^ aes_inv_sbox[192];
+	src[12] ^= aes_inv_sbox[96] ^ aes_inv_sbox[224];
+
+	crypto_aes_decrypt(ctx, out, src);
+}
 
 static struct crypto_alg aes_alg = {
 	.cra_name			= "aes",
 	.cra_driver_name		= "aes-fixed-time",
-	.cra_priority			= 100 + 1,
+	.cra_priority			= 100,
 	.cra_flags			= CRYPTO_ALG_TYPE_CIPHER,
 	.cra_blocksize			= AES_BLOCK_SIZE,
 	.cra_ctxsize			= sizeof(struct crypto_aes_ctx),
@@ -367,6 +408,12 @@ static void __exit aes_fini(void)
 	crypto_unregister_alg(&aes_alg);
 }
 
+extern const u8 crypto_aes_sbox[256] __alias(aes_sbox);
+EXPORT_SYMBOL_GPL(crypto_aes_sbox);
+
+extern const u8 crypto_aes_inv_sbox[256] __alias(aes_inv_sbox);
+EXPORT_SYMBOL_GPL(crypto_aes_inv_sbox);
+
 module_init(aes_init);
 module_exit(aes_fini);
 
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
deleted file mode 100644
index ca554d57d01e..000000000000
--- a/crypto/aes_generic.c
+++ /dev/null
@@ -1,1478 +0,0 @@
-/*
- * Cryptographic API.
- *
- * AES Cipher Algorithm.
- *
- * Based on Brian Gladman's code.
- *
- * Linux developers:
- *  Alexander Kjeldaas <astor@fast.no>
- *  Herbert Valerio Riedel <hvr@hvrlab.org>
- *  Kyle McMartin <kyle@debian.org>
- *  Adam J. Richter <adam@yggdrasil.com> (conversion to 2.5 API).
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * ---------------------------------------------------------------------------
- * Copyright (c) 2002, Dr Brian Gladman <brg@gladman.me.uk>, Worcester, UK.
- * All rights reserved.
- *
- * LICENSE TERMS
- *
- * The free distribution and use of this software in both source and binary
- * form is allowed (with or without changes) provided that:
- *
- *   1. distributions of this source code include the above copyright
- *      notice, this list of conditions and the following disclaimer;
- *
- *   2. distributions in binary form include the above copyright
- *      notice, this list of conditions and the following disclaimer
- *      in the documentation and/or other associated materials;
- *
- *   3. the copyright holder's name is not used to endorse products
- *      built using this software without specific written permission.
- *
- * ALTERNATIVELY, provided that this notice is retained in full, this product
- * may be distributed under the terms of the GNU General Public License (GPL),
- * in which case the provisions of the GPL apply INSTEAD OF those given above.
- *
- * DISCLAIMER
- *
- * This software is provided 'as is' with no explicit or implied warranties
- * in respect of its properties, including, but not limited to, correctness
- * and/or fitness for purpose.
- * ---------------------------------------------------------------------------
- */
-
-#include <crypto/aes.h>
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/types.h>
-#include <linux/errno.h>
-#include <linux/crypto.h>
-#include <asm/byteorder.h>
-#include <asm/unaligned.h>
-
-static inline u8 byte(const u32 x, const unsigned n)
-{
-	return x >> (n << 3);
-}
-
-static const u32 rco_tab[10] = { 1, 2, 4, 8, 16, 32, 64, 128, 27, 54 };
-
-__visible const u32 crypto_ft_tab[4][256] = {
-	{
-		0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
-		0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
-		0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
-		0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
-		0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
-		0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
-		0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
-		0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
-		0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
-		0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
-		0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
-		0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
-		0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
-		0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
-		0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
-		0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
-		0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
-		0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
-		0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
-		0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
-		0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
-		0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
-		0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
-		0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
-		0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
-		0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
-		0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
-		0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
-		0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
-		0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
-		0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
-		0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
-		0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
-		0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
-		0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
-		0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
-		0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
-		0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
-		0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
-		0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
-		0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
-		0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
-		0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
-		0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
-		0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
-		0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
-		0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
-		0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
-		0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
-		0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
-		0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
-		0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
-		0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
-		0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
-		0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
-		0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
-		0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
-		0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
-		0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
-		0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
-		0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
-		0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
-		0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
-		0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
-	}, {
-		0x6363c6a5, 0x7c7cf884, 0x7777ee99, 0x7b7bf68d,
-		0xf2f2ff0d, 0x6b6bd6bd, 0x6f6fdeb1, 0xc5c59154,
-		0x30306050, 0x01010203, 0x6767cea9, 0x2b2b567d,
-		0xfefee719, 0xd7d7b562, 0xabab4de6, 0x7676ec9a,
-		0xcaca8f45, 0x82821f9d, 0xc9c98940, 0x7d7dfa87,
-		0xfafaef15, 0x5959b2eb, 0x47478ec9, 0xf0f0fb0b,
-		0xadad41ec, 0xd4d4b367, 0xa2a25ffd, 0xafaf45ea,
-		0x9c9c23bf, 0xa4a453f7, 0x7272e496, 0xc0c09b5b,
-		0xb7b775c2, 0xfdfde11c, 0x93933dae, 0x26264c6a,
-		0x36366c5a, 0x3f3f7e41, 0xf7f7f502, 0xcccc834f,
-		0x3434685c, 0xa5a551f4, 0xe5e5d134, 0xf1f1f908,
-		0x7171e293, 0xd8d8ab73, 0x31316253, 0x15152a3f,
-		0x0404080c, 0xc7c79552, 0x23234665, 0xc3c39d5e,
-		0x18183028, 0x969637a1, 0x05050a0f, 0x9a9a2fb5,
-		0x07070e09, 0x12122436, 0x80801b9b, 0xe2e2df3d,
-		0xebebcd26, 0x27274e69, 0xb2b27fcd, 0x7575ea9f,
-		0x0909121b, 0x83831d9e, 0x2c2c5874, 0x1a1a342e,
-		0x1b1b362d, 0x6e6edcb2, 0x5a5ab4ee, 0xa0a05bfb,
-		0x5252a4f6, 0x3b3b764d, 0xd6d6b761, 0xb3b37dce,
-		0x2929527b, 0xe3e3dd3e, 0x2f2f5e71, 0x84841397,
-		0x5353a6f5, 0xd1d1b968, 0x00000000, 0xededc12c,
-		0x20204060, 0xfcfce31f, 0xb1b179c8, 0x5b5bb6ed,
-		0x6a6ad4be, 0xcbcb8d46, 0xbebe67d9, 0x3939724b,
-		0x4a4a94de, 0x4c4c98d4, 0x5858b0e8, 0xcfcf854a,
-		0xd0d0bb6b, 0xefefc52a, 0xaaaa4fe5, 0xfbfbed16,
-		0x434386c5, 0x4d4d9ad7, 0x33336655, 0x85851194,
-		0x45458acf, 0xf9f9e910, 0x02020406, 0x7f7ffe81,
-		0x5050a0f0, 0x3c3c7844, 0x9f9f25ba, 0xa8a84be3,
-		0x5151a2f3, 0xa3a35dfe, 0x404080c0, 0x8f8f058a,
-		0x92923fad, 0x9d9d21bc, 0x38387048, 0xf5f5f104,
-		0xbcbc63df, 0xb6b677c1, 0xdadaaf75, 0x21214263,
-		0x10102030, 0xffffe51a, 0xf3f3fd0e, 0xd2d2bf6d,
-		0xcdcd814c, 0x0c0c1814, 0x13132635, 0xececc32f,
-		0x5f5fbee1, 0x979735a2, 0x444488cc, 0x17172e39,
-		0xc4c49357, 0xa7a755f2, 0x7e7efc82, 0x3d3d7a47,
-		0x6464c8ac, 0x5d5dbae7, 0x1919322b, 0x7373e695,
-		0x6060c0a0, 0x81811998, 0x4f4f9ed1, 0xdcdca37f,
-		0x22224466, 0x2a2a547e, 0x90903bab, 0x88880b83,
-		0x46468cca, 0xeeeec729, 0xb8b86bd3, 0x1414283c,
-		0xdedea779, 0x5e5ebce2, 0x0b0b161d, 0xdbdbad76,
-		0xe0e0db3b, 0x32326456, 0x3a3a744e, 0x0a0a141e,
-		0x494992db, 0x06060c0a, 0x2424486c, 0x5c5cb8e4,
-		0xc2c29f5d, 0xd3d3bd6e, 0xacac43ef, 0x6262c4a6,
-		0x919139a8, 0x959531a4, 0xe4e4d337, 0x7979f28b,
-		0xe7e7d532, 0xc8c88b43, 0x37376e59, 0x6d6ddab7,
-		0x8d8d018c, 0xd5d5b164, 0x4e4e9cd2, 0xa9a949e0,
-		0x6c6cd8b4, 0x5656acfa, 0xf4f4f307, 0xeaeacf25,
-		0x6565caaf, 0x7a7af48e, 0xaeae47e9, 0x08081018,
-		0xbaba6fd5, 0x7878f088, 0x25254a6f, 0x2e2e5c72,
-		0x1c1c3824, 0xa6a657f1, 0xb4b473c7, 0xc6c69751,
-		0xe8e8cb23, 0xdddda17c, 0x7474e89c, 0x1f1f3e21,
-		0x4b4b96dd, 0xbdbd61dc, 0x8b8b0d86, 0x8a8a0f85,
-		0x7070e090, 0x3e3e7c42, 0xb5b571c4, 0x6666ccaa,
-		0x484890d8, 0x03030605, 0xf6f6f701, 0x0e0e1c12,
-		0x6161c2a3, 0x35356a5f, 0x5757aef9, 0xb9b969d0,
-		0x86861791, 0xc1c19958, 0x1d1d3a27, 0x9e9e27b9,
-		0xe1e1d938, 0xf8f8eb13, 0x98982bb3, 0x11112233,
-		0x6969d2bb, 0xd9d9a970, 0x8e8e0789, 0x949433a7,
-		0x9b9b2db6, 0x1e1e3c22, 0x87871592, 0xe9e9c920,
-		0xcece8749, 0x5555aaff, 0x28285078, 0xdfdfa57a,
-		0x8c8c038f, 0xa1a159f8, 0x89890980, 0x0d0d1a17,
-		0xbfbf65da, 0xe6e6d731, 0x424284c6, 0x6868d0b8,
-		0x414182c3, 0x999929b0, 0x2d2d5a77, 0x0f0f1e11,
-		0xb0b07bcb, 0x5454a8fc, 0xbbbb6dd6, 0x16162c3a,
-	}, {
-		0x63c6a563, 0x7cf8847c, 0x77ee9977, 0x7bf68d7b,
-		0xf2ff0df2, 0x6bd6bd6b, 0x6fdeb16f, 0xc59154c5,
-		0x30605030, 0x01020301, 0x67cea967, 0x2b567d2b,
-		0xfee719fe, 0xd7b562d7, 0xab4de6ab, 0x76ec9a76,
-		0xca8f45ca, 0x821f9d82, 0xc98940c9, 0x7dfa877d,
-		0xfaef15fa, 0x59b2eb59, 0x478ec947, 0xf0fb0bf0,
-		0xad41ecad, 0xd4b367d4, 0xa25ffda2, 0xaf45eaaf,
-		0x9c23bf9c, 0xa453f7a4, 0x72e49672, 0xc09b5bc0,
-		0xb775c2b7, 0xfde11cfd, 0x933dae93, 0x264c6a26,
-		0x366c5a36, 0x3f7e413f, 0xf7f502f7, 0xcc834fcc,
-		0x34685c34, 0xa551f4a5, 0xe5d134e5, 0xf1f908f1,
-		0x71e29371, 0xd8ab73d8, 0x31625331, 0x152a3f15,
-		0x04080c04, 0xc79552c7, 0x23466523, 0xc39d5ec3,
-		0x18302818, 0x9637a196, 0x050a0f05, 0x9a2fb59a,
-		0x070e0907, 0x12243612, 0x801b9b80, 0xe2df3de2,
-		0xebcd26eb, 0x274e6927, 0xb27fcdb2, 0x75ea9f75,
-		0x09121b09, 0x831d9e83, 0x2c58742c, 0x1a342e1a,
-		0x1b362d1b, 0x6edcb26e, 0x5ab4ee5a, 0xa05bfba0,
-		0x52a4f652, 0x3b764d3b, 0xd6b761d6, 0xb37dceb3,
-		0x29527b29, 0xe3dd3ee3, 0x2f5e712f, 0x84139784,
-		0x53a6f553, 0xd1b968d1, 0x00000000, 0xedc12ced,
-		0x20406020, 0xfce31ffc, 0xb179c8b1, 0x5bb6ed5b,
-		0x6ad4be6a, 0xcb8d46cb, 0xbe67d9be, 0x39724b39,
-		0x4a94de4a, 0x4c98d44c, 0x58b0e858, 0xcf854acf,
-		0xd0bb6bd0, 0xefc52aef, 0xaa4fe5aa, 0xfbed16fb,
-		0x4386c543, 0x4d9ad74d, 0x33665533, 0x85119485,
-		0x458acf45, 0xf9e910f9, 0x02040602, 0x7ffe817f,
-		0x50a0f050, 0x3c78443c, 0x9f25ba9f, 0xa84be3a8,
-		0x51a2f351, 0xa35dfea3, 0x4080c040, 0x8f058a8f,
-		0x923fad92, 0x9d21bc9d, 0x38704838, 0xf5f104f5,
-		0xbc63dfbc, 0xb677c1b6, 0xdaaf75da, 0x21426321,
-		0x10203010, 0xffe51aff, 0xf3fd0ef3, 0xd2bf6dd2,
-		0xcd814ccd, 0x0c18140c, 0x13263513, 0xecc32fec,
-		0x5fbee15f, 0x9735a297, 0x4488cc44, 0x172e3917,
-		0xc49357c4, 0xa755f2a7, 0x7efc827e, 0x3d7a473d,
-		0x64c8ac64, 0x5dbae75d, 0x19322b19, 0x73e69573,
-		0x60c0a060, 0x81199881, 0x4f9ed14f, 0xdca37fdc,
-		0x22446622, 0x2a547e2a, 0x903bab90, 0x880b8388,
-		0x468cca46, 0xeec729ee, 0xb86bd3b8, 0x14283c14,
-		0xdea779de, 0x5ebce25e, 0x0b161d0b, 0xdbad76db,
-		0xe0db3be0, 0x32645632, 0x3a744e3a, 0x0a141e0a,
-		0x4992db49, 0x060c0a06, 0x24486c24, 0x5cb8e45c,
-		0xc29f5dc2, 0xd3bd6ed3, 0xac43efac, 0x62c4a662,
-		0x9139a891, 0x9531a495, 0xe4d337e4, 0x79f28b79,
-		0xe7d532e7, 0xc88b43c8, 0x376e5937, 0x6ddab76d,
-		0x8d018c8d, 0xd5b164d5, 0x4e9cd24e, 0xa949e0a9,
-		0x6cd8b46c, 0x56acfa56, 0xf4f307f4, 0xeacf25ea,
-		0x65caaf65, 0x7af48e7a, 0xae47e9ae, 0x08101808,
-		0xba6fd5ba, 0x78f08878, 0x254a6f25, 0x2e5c722e,
-		0x1c38241c, 0xa657f1a6, 0xb473c7b4, 0xc69751c6,
-		0xe8cb23e8, 0xdda17cdd, 0x74e89c74, 0x1f3e211f,
-		0x4b96dd4b, 0xbd61dcbd, 0x8b0d868b, 0x8a0f858a,
-		0x70e09070, 0x3e7c423e, 0xb571c4b5, 0x66ccaa66,
-		0x4890d848, 0x03060503, 0xf6f701f6, 0x0e1c120e,
-		0x61c2a361, 0x356a5f35, 0x57aef957, 0xb969d0b9,
-		0x86179186, 0xc19958c1, 0x1d3a271d, 0x9e27b99e,
-		0xe1d938e1, 0xf8eb13f8, 0x982bb398, 0x11223311,
-		0x69d2bb69, 0xd9a970d9, 0x8e07898e, 0x9433a794,
-		0x9b2db69b, 0x1e3c221e, 0x87159287, 0xe9c920e9,
-		0xce8749ce, 0x55aaff55, 0x28507828, 0xdfa57adf,
-		0x8c038f8c, 0xa159f8a1, 0x89098089, 0x0d1a170d,
-		0xbf65dabf, 0xe6d731e6, 0x4284c642, 0x68d0b868,
-		0x4182c341, 0x9929b099, 0x2d5a772d, 0x0f1e110f,
-		0xb07bcbb0, 0x54a8fc54, 0xbb6dd6bb, 0x162c3a16,
-	}, {
-		0xc6a56363, 0xf8847c7c, 0xee997777, 0xf68d7b7b,
-		0xff0df2f2, 0xd6bd6b6b, 0xdeb16f6f, 0x9154c5c5,
-		0x60503030, 0x02030101, 0xcea96767, 0x567d2b2b,
-		0xe719fefe, 0xb562d7d7, 0x4de6abab, 0xec9a7676,
-		0x8f45caca, 0x1f9d8282, 0x8940c9c9, 0xfa877d7d,
-		0xef15fafa, 0xb2eb5959, 0x8ec94747, 0xfb0bf0f0,
-		0x41ecadad, 0xb367d4d4, 0x5ffda2a2, 0x45eaafaf,
-		0x23bf9c9c, 0x53f7a4a4, 0xe4967272, 0x9b5bc0c0,
-		0x75c2b7b7, 0xe11cfdfd, 0x3dae9393, 0x4c6a2626,
-		0x6c5a3636, 0x7e413f3f, 0xf502f7f7, 0x834fcccc,
-		0x685c3434, 0x51f4a5a5, 0xd134e5e5, 0xf908f1f1,
-		0xe2937171, 0xab73d8d8, 0x62533131, 0x2a3f1515,
-		0x080c0404, 0x9552c7c7, 0x46652323, 0x9d5ec3c3,
-		0x30281818, 0x37a19696, 0x0a0f0505, 0x2fb59a9a,
-		0x0e090707, 0x24361212, 0x1b9b8080, 0xdf3de2e2,
-		0xcd26ebeb, 0x4e692727, 0x7fcdb2b2, 0xea9f7575,
-		0x121b0909, 0x1d9e8383, 0x58742c2c, 0x342e1a1a,
-		0x362d1b1b, 0xdcb26e6e, 0xb4ee5a5a, 0x5bfba0a0,
-		0xa4f65252, 0x764d3b3b, 0xb761d6d6, 0x7dceb3b3,
-		0x527b2929, 0xdd3ee3e3, 0x5e712f2f, 0x13978484,
-		0xa6f55353, 0xb968d1d1, 0x00000000, 0xc12ceded,
-		0x40602020, 0xe31ffcfc, 0x79c8b1b1, 0xb6ed5b5b,
-		0xd4be6a6a, 0x8d46cbcb, 0x67d9bebe, 0x724b3939,
-		0x94de4a4a, 0x98d44c4c, 0xb0e85858, 0x854acfcf,
-		0xbb6bd0d0, 0xc52aefef, 0x4fe5aaaa, 0xed16fbfb,
-		0x86c54343, 0x9ad74d4d, 0x66553333, 0x11948585,
-		0x8acf4545, 0xe910f9f9, 0x04060202, 0xfe817f7f,
-		0xa0f05050, 0x78443c3c, 0x25ba9f9f, 0x4be3a8a8,
-		0xa2f35151, 0x5dfea3a3, 0x80c04040, 0x058a8f8f,
-		0x3fad9292, 0x21bc9d9d, 0x70483838, 0xf104f5f5,
-		0x63dfbcbc, 0x77c1b6b6, 0xaf75dada, 0x42632121,
-		0x20301010, 0xe51affff, 0xfd0ef3f3, 0xbf6dd2d2,
-		0x814ccdcd, 0x18140c0c, 0x26351313, 0xc32fecec,
-		0xbee15f5f, 0x35a29797, 0x88cc4444, 0x2e391717,
-		0x9357c4c4, 0x55f2a7a7, 0xfc827e7e, 0x7a473d3d,
-		0xc8ac6464, 0xbae75d5d, 0x322b1919, 0xe6957373,
-		0xc0a06060, 0x19988181, 0x9ed14f4f, 0xa37fdcdc,
-		0x44662222, 0x547e2a2a, 0x3bab9090, 0x0b838888,
-		0x8cca4646, 0xc729eeee, 0x6bd3b8b8, 0x283c1414,
-		0xa779dede, 0xbce25e5e, 0x161d0b0b, 0xad76dbdb,
-		0xdb3be0e0, 0x64563232, 0x744e3a3a, 0x141e0a0a,
-		0x92db4949, 0x0c0a0606, 0x486c2424, 0xb8e45c5c,
-		0x9f5dc2c2, 0xbd6ed3d3, 0x43efacac, 0xc4a66262,
-		0x39a89191, 0x31a49595, 0xd337e4e4, 0xf28b7979,
-		0xd532e7e7, 0x8b43c8c8, 0x6e593737, 0xdab76d6d,
-		0x018c8d8d, 0xb164d5d5, 0x9cd24e4e, 0x49e0a9a9,
-		0xd8b46c6c, 0xacfa5656, 0xf307f4f4, 0xcf25eaea,
-		0xcaaf6565, 0xf48e7a7a, 0x47e9aeae, 0x10180808,
-		0x6fd5baba, 0xf0887878, 0x4a6f2525, 0x5c722e2e,
-		0x38241c1c, 0x57f1a6a6, 0x73c7b4b4, 0x9751c6c6,
-		0xcb23e8e8, 0xa17cdddd, 0xe89c7474, 0x3e211f1f,
-		0x96dd4b4b, 0x61dcbdbd, 0x0d868b8b, 0x0f858a8a,
-		0xe0907070, 0x7c423e3e, 0x71c4b5b5, 0xccaa6666,
-		0x90d84848, 0x06050303, 0xf701f6f6, 0x1c120e0e,
-		0xc2a36161, 0x6a5f3535, 0xaef95757, 0x69d0b9b9,
-		0x17918686, 0x9958c1c1, 0x3a271d1d, 0x27b99e9e,
-		0xd938e1e1, 0xeb13f8f8, 0x2bb39898, 0x22331111,
-		0xd2bb6969, 0xa970d9d9, 0x07898e8e, 0x33a79494,
-		0x2db69b9b, 0x3c221e1e, 0x15928787, 0xc920e9e9,
-		0x8749cece, 0xaaff5555, 0x50782828, 0xa57adfdf,
-		0x038f8c8c, 0x59f8a1a1, 0x09808989, 0x1a170d0d,
-		0x65dabfbf, 0xd731e6e6, 0x84c64242, 0xd0b86868,
-		0x82c34141, 0x29b09999, 0x5a772d2d, 0x1e110f0f,
-		0x7bcbb0b0, 0xa8fc5454, 0x6dd6bbbb, 0x2c3a1616,
-	}
-};
-
-__visible const u32 crypto_fl_tab[4][256] = {
-	{
-		0x00000063, 0x0000007c, 0x00000077, 0x0000007b,
-		0x000000f2, 0x0000006b, 0x0000006f, 0x000000c5,
-		0x00000030, 0x00000001, 0x00000067, 0x0000002b,
-		0x000000fe, 0x000000d7, 0x000000ab, 0x00000076,
-		0x000000ca, 0x00000082, 0x000000c9, 0x0000007d,
-		0x000000fa, 0x00000059, 0x00000047, 0x000000f0,
-		0x000000ad, 0x000000d4, 0x000000a2, 0x000000af,
-		0x0000009c, 0x000000a4, 0x00000072, 0x000000c0,
-		0x000000b7, 0x000000fd, 0x00000093, 0x00000026,
-		0x00000036, 0x0000003f, 0x000000f7, 0x000000cc,
-		0x00000034, 0x000000a5, 0x000000e5, 0x000000f1,
-		0x00000071, 0x000000d8, 0x00000031, 0x00000015,
-		0x00000004, 0x000000c7, 0x00000023, 0x000000c3,
-		0x00000018, 0x00000096, 0x00000005, 0x0000009a,
-		0x00000007, 0x00000012, 0x00000080, 0x000000e2,
-		0x000000eb, 0x00000027, 0x000000b2, 0x00000075,
-		0x00000009, 0x00000083, 0x0000002c, 0x0000001a,
-		0x0000001b, 0x0000006e, 0x0000005a, 0x000000a0,
-		0x00000052, 0x0000003b, 0x000000d6, 0x000000b3,
-		0x00000029, 0x000000e3, 0x0000002f, 0x00000084,
-		0x00000053, 0x000000d1, 0x00000000, 0x000000ed,
-		0x00000020, 0x000000fc, 0x000000b1, 0x0000005b,
-		0x0000006a, 0x000000cb, 0x000000be, 0x00000039,
-		0x0000004a, 0x0000004c, 0x00000058, 0x000000cf,
-		0x000000d0, 0x000000ef, 0x000000aa, 0x000000fb,
-		0x00000043, 0x0000004d, 0x00000033, 0x00000085,
-		0x00000045, 0x000000f9, 0x00000002, 0x0000007f,
-		0x00000050, 0x0000003c, 0x0000009f, 0x000000a8,
-		0x00000051, 0x000000a3, 0x00000040, 0x0000008f,
-		0x00000092, 0x0000009d, 0x00000038, 0x000000f5,
-		0x000000bc, 0x000000b6, 0x000000da, 0x00000021,
-		0x00000010, 0x000000ff, 0x000000f3, 0x000000d2,
-		0x000000cd, 0x0000000c, 0x00000013, 0x000000ec,
-		0x0000005f, 0x00000097, 0x00000044, 0x00000017,
-		0x000000c4, 0x000000a7, 0x0000007e, 0x0000003d,
-		0x00000064, 0x0000005d, 0x00000019, 0x00000073,
-		0x00000060, 0x00000081, 0x0000004f, 0x000000dc,
-		0x00000022, 0x0000002a, 0x00000090, 0x00000088,
-		0x00000046, 0x000000ee, 0x000000b8, 0x00000014,
-		0x000000de, 0x0000005e, 0x0000000b, 0x000000db,
-		0x000000e0, 0x00000032, 0x0000003a, 0x0000000a,
-		0x00000049, 0x00000006, 0x00000024, 0x0000005c,
-		0x000000c2, 0x000000d3, 0x000000ac, 0x00000062,
-		0x00000091, 0x00000095, 0x000000e4, 0x00000079,
-		0x000000e7, 0x000000c8, 0x00000037, 0x0000006d,
-		0x0000008d, 0x000000d5, 0x0000004e, 0x000000a9,
-		0x0000006c, 0x00000056, 0x000000f4, 0x000000ea,
-		0x00000065, 0x0000007a, 0x000000ae, 0x00000008,
-		0x000000ba, 0x00000078, 0x00000025, 0x0000002e,
-		0x0000001c, 0x000000a6, 0x000000b4, 0x000000c6,
-		0x000000e8, 0x000000dd, 0x00000074, 0x0000001f,
-		0x0000004b, 0x000000bd, 0x0000008b, 0x0000008a,
-		0x00000070, 0x0000003e, 0x000000b5, 0x00000066,
-		0x00000048, 0x00000003, 0x000000f6, 0x0000000e,
-		0x00000061, 0x00000035, 0x00000057, 0x000000b9,
-		0x00000086, 0x000000c1, 0x0000001d, 0x0000009e,
-		0x000000e1, 0x000000f8, 0x00000098, 0x00000011,
-		0x00000069, 0x000000d9, 0x0000008e, 0x00000094,
-		0x0000009b, 0x0000001e, 0x00000087, 0x000000e9,
-		0x000000ce, 0x00000055, 0x00000028, 0x000000df,
-		0x0000008c, 0x000000a1, 0x00000089, 0x0000000d,
-		0x000000bf, 0x000000e6, 0x00000042, 0x00000068,
-		0x00000041, 0x00000099, 0x0000002d, 0x0000000f,
-		0x000000b0, 0x00000054, 0x000000bb, 0x00000016,
-	}, {
-		0x00006300, 0x00007c00, 0x00007700, 0x00007b00,
-		0x0000f200, 0x00006b00, 0x00006f00, 0x0000c500,
-		0x00003000, 0x00000100, 0x00006700, 0x00002b00,
-		0x0000fe00, 0x0000d700, 0x0000ab00, 0x00007600,
-		0x0000ca00, 0x00008200, 0x0000c900, 0x00007d00,
-		0x0000fa00, 0x00005900, 0x00004700, 0x0000f000,
-		0x0000ad00, 0x0000d400, 0x0000a200, 0x0000af00,
-		0x00009c00, 0x0000a400, 0x00007200, 0x0000c000,
-		0x0000b700, 0x0000fd00, 0x00009300, 0x00002600,
-		0x00003600, 0x00003f00, 0x0000f700, 0x0000cc00,
-		0x00003400, 0x0000a500, 0x0000e500, 0x0000f100,
-		0x00007100, 0x0000d800, 0x00003100, 0x00001500,
-		0x00000400, 0x0000c700, 0x00002300, 0x0000c300,
-		0x00001800, 0x00009600, 0x00000500, 0x00009a00,
-		0x00000700, 0x00001200, 0x00008000, 0x0000e200,
-		0x0000eb00, 0x00002700, 0x0000b200, 0x00007500,
-		0x00000900, 0x00008300, 0x00002c00, 0x00001a00,
-		0x00001b00, 0x00006e00, 0x00005a00, 0x0000a000,
-		0x00005200, 0x00003b00, 0x0000d600, 0x0000b300,
-		0x00002900, 0x0000e300, 0x00002f00, 0x00008400,
-		0x00005300, 0x0000d100, 0x00000000, 0x0000ed00,
-		0x00002000, 0x0000fc00, 0x0000b100, 0x00005b00,
-		0x00006a00, 0x0000cb00, 0x0000be00, 0x00003900,
-		0x00004a00, 0x00004c00, 0x00005800, 0x0000cf00,
-		0x0000d000, 0x0000ef00, 0x0000aa00, 0x0000fb00,
-		0x00004300, 0x00004d00, 0x00003300, 0x00008500,
-		0x00004500, 0x0000f900, 0x00000200, 0x00007f00,
-		0x00005000, 0x00003c00, 0x00009f00, 0x0000a800,
-		0x00005100, 0x0000a300, 0x00004000, 0x00008f00,
-		0x00009200, 0x00009d00, 0x00003800, 0x0000f500,
-		0x0000bc00, 0x0000b600, 0x0000da00, 0x00002100,
-		0x00001000, 0x0000ff00, 0x0000f300, 0x0000d200,
-		0x0000cd00, 0x00000c00, 0x00001300, 0x0000ec00,
-		0x00005f00, 0x00009700, 0x00004400, 0x00001700,
-		0x0000c400, 0x0000a700, 0x00007e00, 0x00003d00,
-		0x00006400, 0x00005d00, 0x00001900, 0x00007300,
-		0x00006000, 0x00008100, 0x00004f00, 0x0000dc00,
-		0x00002200, 0x00002a00, 0x00009000, 0x00008800,
-		0x00004600, 0x0000ee00, 0x0000b800, 0x00001400,
-		0x0000de00, 0x00005e00, 0x00000b00, 0x0000db00,
-		0x0000e000, 0x00003200, 0x00003a00, 0x00000a00,
-		0x00004900, 0x00000600, 0x00002400, 0x00005c00,
-		0x0000c200, 0x0000d300, 0x0000ac00, 0x00006200,
-		0x00009100, 0x00009500, 0x0000e400, 0x00007900,
-		0x0000e700, 0x0000c800, 0x00003700, 0x00006d00,
-		0x00008d00, 0x0000d500, 0x00004e00, 0x0000a900,
-		0x00006c00, 0x00005600, 0x0000f400, 0x0000ea00,
-		0x00006500, 0x00007a00, 0x0000ae00, 0x00000800,
-		0x0000ba00, 0x00007800, 0x00002500, 0x00002e00,
-		0x00001c00, 0x0000a600, 0x0000b400, 0x0000c600,
-		0x0000e800, 0x0000dd00, 0x00007400, 0x00001f00,
-		0x00004b00, 0x0000bd00, 0x00008b00, 0x00008a00,
-		0x00007000, 0x00003e00, 0x0000b500, 0x00006600,
-		0x00004800, 0x00000300, 0x0000f600, 0x00000e00,
-		0x00006100, 0x00003500, 0x00005700, 0x0000b900,
-		0x00008600, 0x0000c100, 0x00001d00, 0x00009e00,
-		0x0000e100, 0x0000f800, 0x00009800, 0x00001100,
-		0x00006900, 0x0000d900, 0x00008e00, 0x00009400,
-		0x00009b00, 0x00001e00, 0x00008700, 0x0000e900,
-		0x0000ce00, 0x00005500, 0x00002800, 0x0000df00,
-		0x00008c00, 0x0000a100, 0x00008900, 0x00000d00,
-		0x0000bf00, 0x0000e600, 0x00004200, 0x00006800,
-		0x00004100, 0x00009900, 0x00002d00, 0x00000f00,
-		0x0000b000, 0x00005400, 0x0000bb00, 0x00001600,
-	}, {
-		0x00630000, 0x007c0000, 0x00770000, 0x007b0000,
-		0x00f20000, 0x006b0000, 0x006f0000, 0x00c50000,
-		0x00300000, 0x00010000, 0x00670000, 0x002b0000,
-		0x00fe0000, 0x00d70000, 0x00ab0000, 0x00760000,
-		0x00ca0000, 0x00820000, 0x00c90000, 0x007d0000,
-		0x00fa0000, 0x00590000, 0x00470000, 0x00f00000,
-		0x00ad0000, 0x00d40000, 0x00a20000, 0x00af0000,
-		0x009c0000, 0x00a40000, 0x00720000, 0x00c00000,
-		0x00b70000, 0x00fd0000, 0x00930000, 0x00260000,
-		0x00360000, 0x003f0000, 0x00f70000, 0x00cc0000,
-		0x00340000, 0x00a50000, 0x00e50000, 0x00f10000,
-		0x00710000, 0x00d80000, 0x00310000, 0x00150000,
-		0x00040000, 0x00c70000, 0x00230000, 0x00c30000,
-		0x00180000, 0x00960000, 0x00050000, 0x009a0000,
-		0x00070000, 0x00120000, 0x00800000, 0x00e20000,
-		0x00eb0000, 0x00270000, 0x00b20000, 0x00750000,
-		0x00090000, 0x00830000, 0x002c0000, 0x001a0000,
-		0x001b0000, 0x006e0000, 0x005a0000, 0x00a00000,
-		0x00520000, 0x003b0000, 0x00d60000, 0x00b30000,
-		0x00290000, 0x00e30000, 0x002f0000, 0x00840000,
-		0x00530000, 0x00d10000, 0x00000000, 0x00ed0000,
-		0x00200000, 0x00fc0000, 0x00b10000, 0x005b0000,
-		0x006a0000, 0x00cb0000, 0x00be0000, 0x00390000,
-		0x004a0000, 0x004c0000, 0x00580000, 0x00cf0000,
-		0x00d00000, 0x00ef0000, 0x00aa0000, 0x00fb0000,
-		0x00430000, 0x004d0000, 0x00330000, 0x00850000,
-		0x00450000, 0x00f90000, 0x00020000, 0x007f0000,
-		0x00500000, 0x003c0000, 0x009f0000, 0x00a80000,
-		0x00510000, 0x00a30000, 0x00400000, 0x008f0000,
-		0x00920000, 0x009d0000, 0x00380000, 0x00f50000,
-		0x00bc0000, 0x00b60000, 0x00da0000, 0x00210000,
-		0x00100000, 0x00ff0000, 0x00f30000, 0x00d20000,
-		0x00cd0000, 0x000c0000, 0x00130000, 0x00ec0000,
-		0x005f0000, 0x00970000, 0x00440000, 0x00170000,
-		0x00c40000, 0x00a70000, 0x007e0000, 0x003d0000,
-		0x00640000, 0x005d0000, 0x00190000, 0x00730000,
-		0x00600000, 0x00810000, 0x004f0000, 0x00dc0000,
-		0x00220000, 0x002a0000, 0x00900000, 0x00880000,
-		0x00460000, 0x00ee0000, 0x00b80000, 0x00140000,
-		0x00de0000, 0x005e0000, 0x000b0000, 0x00db0000,
-		0x00e00000, 0x00320000, 0x003a0000, 0x000a0000,
-		0x00490000, 0x00060000, 0x00240000, 0x005c0000,
-		0x00c20000, 0x00d30000, 0x00ac0000, 0x00620000,
-		0x00910000, 0x00950000, 0x00e40000, 0x00790000,
-		0x00e70000, 0x00c80000, 0x00370000, 0x006d0000,
-		0x008d0000, 0x00d50000, 0x004e0000, 0x00a90000,
-		0x006c0000, 0x00560000, 0x00f40000, 0x00ea0000,
-		0x00650000, 0x007a0000, 0x00ae0000, 0x00080000,
-		0x00ba0000, 0x00780000, 0x00250000, 0x002e0000,
-		0x001c0000, 0x00a60000, 0x00b40000, 0x00c60000,
-		0x00e80000, 0x00dd0000, 0x00740000, 0x001f0000,
-		0x004b0000, 0x00bd0000, 0x008b0000, 0x008a0000,
-		0x00700000, 0x003e0000, 0x00b50000, 0x00660000,
-		0x00480000, 0x00030000, 0x00f60000, 0x000e0000,
-		0x00610000, 0x00350000, 0x00570000, 0x00b90000,
-		0x00860000, 0x00c10000, 0x001d0000, 0x009e0000,
-		0x00e10000, 0x00f80000, 0x00980000, 0x00110000,
-		0x00690000, 0x00d90000, 0x008e0000, 0x00940000,
-		0x009b0000, 0x001e0000, 0x00870000, 0x00e90000,
-		0x00ce0000, 0x00550000, 0x00280000, 0x00df0000,
-		0x008c0000, 0x00a10000, 0x00890000, 0x000d0000,
-		0x00bf0000, 0x00e60000, 0x00420000, 0x00680000,
-		0x00410000, 0x00990000, 0x002d0000, 0x000f0000,
-		0x00b00000, 0x00540000, 0x00bb0000, 0x00160000,
-	}, {
-		0x63000000, 0x7c000000, 0x77000000, 0x7b000000,
-		0xf2000000, 0x6b000000, 0x6f000000, 0xc5000000,
-		0x30000000, 0x01000000, 0x67000000, 0x2b000000,
-		0xfe000000, 0xd7000000, 0xab000000, 0x76000000,
-		0xca000000, 0x82000000, 0xc9000000, 0x7d000000,
-		0xfa000000, 0x59000000, 0x47000000, 0xf0000000,
-		0xad000000, 0xd4000000, 0xa2000000, 0xaf000000,
-		0x9c000000, 0xa4000000, 0x72000000, 0xc0000000,
-		0xb7000000, 0xfd000000, 0x93000000, 0x26000000,
-		0x36000000, 0x3f000000, 0xf7000000, 0xcc000000,
-		0x34000000, 0xa5000000, 0xe5000000, 0xf1000000,
-		0x71000000, 0xd8000000, 0x31000000, 0x15000000,
-		0x04000000, 0xc7000000, 0x23000000, 0xc3000000,
-		0x18000000, 0x96000000, 0x05000000, 0x9a000000,
-		0x07000000, 0x12000000, 0x80000000, 0xe2000000,
-		0xeb000000, 0x27000000, 0xb2000000, 0x75000000,
-		0x09000000, 0x83000000, 0x2c000000, 0x1a000000,
-		0x1b000000, 0x6e000000, 0x5a000000, 0xa0000000,
-		0x52000000, 0x3b000000, 0xd6000000, 0xb3000000,
-		0x29000000, 0xe3000000, 0x2f000000, 0x84000000,
-		0x53000000, 0xd1000000, 0x00000000, 0xed000000,
-		0x20000000, 0xfc000000, 0xb1000000, 0x5b000000,
-		0x6a000000, 0xcb000000, 0xbe000000, 0x39000000,
-		0x4a000000, 0x4c000000, 0x58000000, 0xcf000000,
-		0xd0000000, 0xef000000, 0xaa000000, 0xfb000000,
-		0x43000000, 0x4d000000, 0x33000000, 0x85000000,
-		0x45000000, 0xf9000000, 0x02000000, 0x7f000000,
-		0x50000000, 0x3c000000, 0x9f000000, 0xa8000000,
-		0x51000000, 0xa3000000, 0x40000000, 0x8f000000,
-		0x92000000, 0x9d000000, 0x38000000, 0xf5000000,
-		0xbc000000, 0xb6000000, 0xda000000, 0x21000000,
-		0x10000000, 0xff000000, 0xf3000000, 0xd2000000,
-		0xcd000000, 0x0c000000, 0x13000000, 0xec000000,
-		0x5f000000, 0x97000000, 0x44000000, 0x17000000,
-		0xc4000000, 0xa7000000, 0x7e000000, 0x3d000000,
-		0x64000000, 0x5d000000, 0x19000000, 0x73000000,
-		0x60000000, 0x81000000, 0x4f000000, 0xdc000000,
-		0x22000000, 0x2a000000, 0x90000000, 0x88000000,
-		0x46000000, 0xee000000, 0xb8000000, 0x14000000,
-		0xde000000, 0x5e000000, 0x0b000000, 0xdb000000,
-		0xe0000000, 0x32000000, 0x3a000000, 0x0a000000,
-		0x49000000, 0x06000000, 0x24000000, 0x5c000000,
-		0xc2000000, 0xd3000000, 0xac000000, 0x62000000,
-		0x91000000, 0x95000000, 0xe4000000, 0x79000000,
-		0xe7000000, 0xc8000000, 0x37000000, 0x6d000000,
-		0x8d000000, 0xd5000000, 0x4e000000, 0xa9000000,
-		0x6c000000, 0x56000000, 0xf4000000, 0xea000000,
-		0x65000000, 0x7a000000, 0xae000000, 0x08000000,
-		0xba000000, 0x78000000, 0x25000000, 0x2e000000,
-		0x1c000000, 0xa6000000, 0xb4000000, 0xc6000000,
-		0xe8000000, 0xdd000000, 0x74000000, 0x1f000000,
-		0x4b000000, 0xbd000000, 0x8b000000, 0x8a000000,
-		0x70000000, 0x3e000000, 0xb5000000, 0x66000000,
-		0x48000000, 0x03000000, 0xf6000000, 0x0e000000,
-		0x61000000, 0x35000000, 0x57000000, 0xb9000000,
-		0x86000000, 0xc1000000, 0x1d000000, 0x9e000000,
-		0xe1000000, 0xf8000000, 0x98000000, 0x11000000,
-		0x69000000, 0xd9000000, 0x8e000000, 0x94000000,
-		0x9b000000, 0x1e000000, 0x87000000, 0xe9000000,
-		0xce000000, 0x55000000, 0x28000000, 0xdf000000,
-		0x8c000000, 0xa1000000, 0x89000000, 0x0d000000,
-		0xbf000000, 0xe6000000, 0x42000000, 0x68000000,
-		0x41000000, 0x99000000, 0x2d000000, 0x0f000000,
-		0xb0000000, 0x54000000, 0xbb000000, 0x16000000,
-	}
-};
-
-__visible const u32 crypto_it_tab[4][256] = {
-	{
-		0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
-		0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
-		0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
-		0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
-		0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
-		0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
-		0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
-		0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
-		0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
-		0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
-		0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
-		0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
-		0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
-		0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
-		0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
-		0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
-		0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
-		0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
-		0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
-		0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd,
-		0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
-		0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060,
-		0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
-		0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
-		0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000,
-		0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
-		0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
-		0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
-		0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b,
-		0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
-		0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
-		0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
-		0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
-		0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
-		0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
-		0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
-		0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
-		0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
-		0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
-		0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
-		0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
-		0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
-		0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54,
-		0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
-		0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
-		0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
-		0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83,
-		0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef,
-		0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
-		0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
-		0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
-		0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117,
-		0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
-		0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
-		0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
-		0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
-		0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
-		0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
-		0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
-		0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
-		0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
-		0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff,
-		0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
-		0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
-	}, {
-		0xa7f45150, 0x65417e53, 0xa4171ac3, 0x5e273a96,
-		0x6bab3bcb, 0x459d1ff1, 0x58faacab, 0x03e34b93,
-		0xfa302055, 0x6d76adf6, 0x76cc8891, 0x4c02f525,
-		0xd7e54ffc, 0xcb2ac5d7, 0x44352680, 0xa362b58f,
-		0x5ab1de49, 0x1bba2567, 0x0eea4598, 0xc0fe5de1,
-		0x752fc302, 0xf04c8112, 0x97468da3, 0xf9d36bc6,
-		0x5f8f03e7, 0x9c921595, 0x7a6dbfeb, 0x595295da,
-		0x83bed42d, 0x217458d3, 0x69e04929, 0xc8c98e44,
-		0x89c2756a, 0x798ef478, 0x3e58996b, 0x71b927dd,
-		0x4fe1beb6, 0xad88f017, 0xac20c966, 0x3ace7db4,
-		0x4adf6318, 0x311ae582, 0x33519760, 0x7f536245,
-		0x7764b1e0, 0xae6bbb84, 0xa081fe1c, 0x2b08f994,
-		0x68487058, 0xfd458f19, 0x6cde9487, 0xf87b52b7,
-		0xd373ab23, 0x024b72e2, 0x8f1fe357, 0xab55662a,
-		0x28ebb207, 0xc2b52f03, 0x7bc5869a, 0x0837d3a5,
-		0x872830f2, 0xa5bf23b2, 0x6a0302ba, 0x8216ed5c,
-		0x1ccf8a2b, 0xb479a792, 0xf207f3f0, 0xe2694ea1,
-		0xf4da65cd, 0xbe0506d5, 0x6234d11f, 0xfea6c48a,
-		0x532e349d, 0x55f3a2a0, 0xe18a0532, 0xebf6a475,
-		0xec830b39, 0xef6040aa, 0x9f715e06, 0x106ebd51,
-		0x8a213ef9, 0x06dd963d, 0x053eddae, 0xbde64d46,
-		0x8d5491b5, 0x5dc47105, 0xd406046f, 0x155060ff,
-		0xfb981924, 0xe9bdd697, 0x434089cc, 0x9ed96777,
-		0x42e8b0bd, 0x8b890788, 0x5b19e738, 0xeec879db,
-		0x0a7ca147, 0x0f427ce9, 0x1e84f8c9, 0x00000000,
-		0x86800983, 0xed2b3248, 0x70111eac, 0x725a6c4e,
-		0xff0efdfb, 0x38850f56, 0xd5ae3d1e, 0x392d3627,
-		0xd90f0a64, 0xa65c6821, 0x545b9bd1, 0x2e36243a,
-		0x670a0cb1, 0xe757930f, 0x96eeb4d2, 0x919b1b9e,
-		0xc5c0804f, 0x20dc61a2, 0x4b775a69, 0x1a121c16,
-		0xba93e20a, 0x2aa0c0e5, 0xe0223c43, 0x171b121d,
-		0x0d090e0b, 0xc78bf2ad, 0xa8b62db9, 0xa91e14c8,
-		0x19f15785, 0x0775af4c, 0xdd99eebb, 0x607fa3fd,
-		0x2601f79f, 0xf5725cbc, 0x3b6644c5, 0x7efb5b34,
-		0x29438b76, 0xc623cbdc, 0xfcedb668, 0xf1e4b863,
-		0xdc31d7ca, 0x85634210, 0x22971340, 0x11c68420,
-		0x244a857d, 0x3dbbd2f8, 0x32f9ae11, 0xa129c76d,
-		0x2f9e1d4b, 0x30b2dcf3, 0x52860dec, 0xe3c177d0,
-		0x16b32b6c, 0xb970a999, 0x489411fa, 0x64e94722,
-		0x8cfca8c4, 0x3ff0a01a, 0x2c7d56d8, 0x903322ef,
-		0x4e4987c7, 0xd138d9c1, 0xa2ca8cfe, 0x0bd49836,
-		0x81f5a6cf, 0xde7aa528, 0x8eb7da26, 0xbfad3fa4,
-		0x9d3a2ce4, 0x9278500d, 0xcc5f6a9b, 0x467e5462,
-		0x138df6c2, 0xb8d890e8, 0xf7392e5e, 0xafc382f5,
-		0x805d9fbe, 0x93d0697c, 0x2dd56fa9, 0x1225cfb3,
-		0x99acc83b, 0x7d1810a7, 0x639ce86e, 0xbb3bdb7b,
-		0x7826cd09, 0x18596ef4, 0xb79aec01, 0x9a4f83a8,
-		0x6e95e665, 0xe6ffaa7e, 0xcfbc2108, 0xe815efe6,
-		0x9be7bad9, 0x366f4ace, 0x099fead4, 0x7cb029d6,
-		0xb2a431af, 0x233f2a31, 0x94a5c630, 0x66a235c0,
-		0xbc4e7437, 0xca82fca6, 0xd090e0b0, 0xd8a73315,
-		0x9804f14a, 0xdaec41f7, 0x50cd7f0e, 0xf691172f,
-		0xd64d768d, 0xb0ef434d, 0x4daacc54, 0x0496e4df,
-		0xb5d19ee3, 0x886a4c1b, 0x1f2cc1b8, 0x5165467f,
-		0xea5e9d04, 0x358c015d, 0x7487fa73, 0x410bfb2e,
-		0x1d67b35a, 0xd2db9252, 0x5610e933, 0x47d66d13,
-		0x61d79a8c, 0x0ca1377a, 0x14f8598e, 0x3c13eb89,
-		0x27a9ceee, 0xc961b735, 0xe51ce1ed, 0xb1477a3c,
-		0xdfd29c59, 0x73f2553f, 0xce141879, 0x37c773bf,
-		0xcdf753ea, 0xaafd5f5b, 0x6f3ddf14, 0xdb447886,
-		0xf3afca81, 0xc468b93e, 0x3424382c, 0x40a3c25f,
-		0xc31d1672, 0x25e2bc0c, 0x493c288b, 0x950dff41,
-		0x01a83971, 0xb30c08de, 0xe4b4d89c, 0xc1566490,
-		0x84cb7b61, 0xb632d570, 0x5c6c4874, 0x57b8d042,
-	}, {
-		0xf45150a7, 0x417e5365, 0x171ac3a4, 0x273a965e,
-		0xab3bcb6b, 0x9d1ff145, 0xfaacab58, 0xe34b9303,
-		0x302055fa, 0x76adf66d, 0xcc889176, 0x02f5254c,
-		0xe54ffcd7, 0x2ac5d7cb, 0x35268044, 0x62b58fa3,
-		0xb1de495a, 0xba25671b, 0xea45980e, 0xfe5de1c0,
-		0x2fc30275, 0x4c8112f0, 0x468da397, 0xd36bc6f9,
-		0x8f03e75f, 0x9215959c, 0x6dbfeb7a, 0x5295da59,
-		0xbed42d83, 0x7458d321, 0xe0492969, 0xc98e44c8,
-		0xc2756a89, 0x8ef47879, 0x58996b3e, 0xb927dd71,
-		0xe1beb64f, 0x88f017ad, 0x20c966ac, 0xce7db43a,
-		0xdf63184a, 0x1ae58231, 0x51976033, 0x5362457f,
-		0x64b1e077, 0x6bbb84ae, 0x81fe1ca0, 0x08f9942b,
-		0x48705868, 0x458f19fd, 0xde94876c, 0x7b52b7f8,
-		0x73ab23d3, 0x4b72e202, 0x1fe3578f, 0x55662aab,
-		0xebb20728, 0xb52f03c2, 0xc5869a7b, 0x37d3a508,
-		0x2830f287, 0xbf23b2a5, 0x0302ba6a, 0x16ed5c82,
-		0xcf8a2b1c, 0x79a792b4, 0x07f3f0f2, 0x694ea1e2,
-		0xda65cdf4, 0x0506d5be, 0x34d11f62, 0xa6c48afe,
-		0x2e349d53, 0xf3a2a055, 0x8a0532e1, 0xf6a475eb,
-		0x830b39ec, 0x6040aaef, 0x715e069f, 0x6ebd5110,
-		0x213ef98a, 0xdd963d06, 0x3eddae05, 0xe64d46bd,
-		0x5491b58d, 0xc471055d, 0x06046fd4, 0x5060ff15,
-		0x981924fb, 0xbdd697e9, 0x4089cc43, 0xd967779e,
-		0xe8b0bd42, 0x8907888b, 0x19e7385b, 0xc879dbee,
-		0x7ca1470a, 0x427ce90f, 0x84f8c91e, 0x00000000,
-		0x80098386, 0x2b3248ed, 0x111eac70, 0x5a6c4e72,
-		0x0efdfbff, 0x850f5638, 0xae3d1ed5, 0x2d362739,
-		0x0f0a64d9, 0x5c6821a6, 0x5b9bd154, 0x36243a2e,
-		0x0a0cb167, 0x57930fe7, 0xeeb4d296, 0x9b1b9e91,
-		0xc0804fc5, 0xdc61a220, 0x775a694b, 0x121c161a,
-		0x93e20aba, 0xa0c0e52a, 0x223c43e0, 0x1b121d17,
-		0x090e0b0d, 0x8bf2adc7, 0xb62db9a8, 0x1e14c8a9,
-		0xf1578519, 0x75af4c07, 0x99eebbdd, 0x7fa3fd60,
-		0x01f79f26, 0x725cbcf5, 0x6644c53b, 0xfb5b347e,
-		0x438b7629, 0x23cbdcc6, 0xedb668fc, 0xe4b863f1,
-		0x31d7cadc, 0x63421085, 0x97134022, 0xc6842011,
-		0x4a857d24, 0xbbd2f83d, 0xf9ae1132, 0x29c76da1,
-		0x9e1d4b2f, 0xb2dcf330, 0x860dec52, 0xc177d0e3,
-		0xb32b6c16, 0x70a999b9, 0x9411fa48, 0xe9472264,
-		0xfca8c48c, 0xf0a01a3f, 0x7d56d82c, 0x3322ef90,
-		0x4987c74e, 0x38d9c1d1, 0xca8cfea2, 0xd498360b,
-		0xf5a6cf81, 0x7aa528de, 0xb7da268e, 0xad3fa4bf,
-		0x3a2ce49d, 0x78500d92, 0x5f6a9bcc, 0x7e546246,
-		0x8df6c213, 0xd890e8b8, 0x392e5ef7, 0xc382f5af,
-		0x5d9fbe80, 0xd0697c93, 0xd56fa92d, 0x25cfb312,
-		0xacc83b99, 0x1810a77d, 0x9ce86e63, 0x3bdb7bbb,
-		0x26cd0978, 0x596ef418, 0x9aec01b7, 0x4f83a89a,
-		0x95e6656e, 0xffaa7ee6, 0xbc2108cf, 0x15efe6e8,
-		0xe7bad99b, 0x6f4ace36, 0x9fead409, 0xb029d67c,
-		0xa431afb2, 0x3f2a3123, 0xa5c63094, 0xa235c066,
-		0x4e7437bc, 0x82fca6ca, 0x90e0b0d0, 0xa73315d8,
-		0x04f14a98, 0xec41f7da, 0xcd7f0e50, 0x91172ff6,
-		0x4d768dd6, 0xef434db0, 0xaacc544d, 0x96e4df04,
-		0xd19ee3b5, 0x6a4c1b88, 0x2cc1b81f, 0x65467f51,
-		0x5e9d04ea, 0x8c015d35, 0x87fa7374, 0x0bfb2e41,
-		0x67b35a1d, 0xdb9252d2, 0x10e93356, 0xd66d1347,
-		0xd79a8c61, 0xa1377a0c, 0xf8598e14, 0x13eb893c,
-		0xa9ceee27, 0x61b735c9, 0x1ce1ede5, 0x477a3cb1,
-		0xd29c59df, 0xf2553f73, 0x141879ce, 0xc773bf37,
-		0xf753eacd, 0xfd5f5baa, 0x3ddf146f, 0x447886db,
-		0xafca81f3, 0x68b93ec4, 0x24382c34, 0xa3c25f40,
-		0x1d1672c3, 0xe2bc0c25, 0x3c288b49, 0x0dff4195,
-		0xa8397101, 0x0c08deb3, 0xb4d89ce4, 0x566490c1,
-		0xcb7b6184, 0x32d570b6, 0x6c48745c, 0xb8d04257,
-	}, {
-		0x5150a7f4, 0x7e536541, 0x1ac3a417, 0x3a965e27,
-		0x3bcb6bab, 0x1ff1459d, 0xacab58fa, 0x4b9303e3,
-		0x2055fa30, 0xadf66d76, 0x889176cc, 0xf5254c02,
-		0x4ffcd7e5, 0xc5d7cb2a, 0x26804435, 0xb58fa362,
-		0xde495ab1, 0x25671bba, 0x45980eea, 0x5de1c0fe,
-		0xc302752f, 0x8112f04c, 0x8da39746, 0x6bc6f9d3,
-		0x03e75f8f, 0x15959c92, 0xbfeb7a6d, 0x95da5952,
-		0xd42d83be, 0x58d32174, 0x492969e0, 0x8e44c8c9,
-		0x756a89c2, 0xf478798e, 0x996b3e58, 0x27dd71b9,
-		0xbeb64fe1, 0xf017ad88, 0xc966ac20, 0x7db43ace,
-		0x63184adf, 0xe582311a, 0x97603351, 0x62457f53,
-		0xb1e07764, 0xbb84ae6b, 0xfe1ca081, 0xf9942b08,
-		0x70586848, 0x8f19fd45, 0x94876cde, 0x52b7f87b,
-		0xab23d373, 0x72e2024b, 0xe3578f1f, 0x662aab55,
-		0xb20728eb, 0x2f03c2b5, 0x869a7bc5, 0xd3a50837,
-		0x30f28728, 0x23b2a5bf, 0x02ba6a03, 0xed5c8216,
-		0x8a2b1ccf, 0xa792b479, 0xf3f0f207, 0x4ea1e269,
-		0x65cdf4da, 0x06d5be05, 0xd11f6234, 0xc48afea6,
-		0x349d532e, 0xa2a055f3, 0x0532e18a, 0xa475ebf6,
-		0x0b39ec83, 0x40aaef60, 0x5e069f71, 0xbd51106e,
-		0x3ef98a21, 0x963d06dd, 0xddae053e, 0x4d46bde6,
-		0x91b58d54, 0x71055dc4, 0x046fd406, 0x60ff1550,
-		0x1924fb98, 0xd697e9bd, 0x89cc4340, 0x67779ed9,
-		0xb0bd42e8, 0x07888b89, 0xe7385b19, 0x79dbeec8,
-		0xa1470a7c, 0x7ce90f42, 0xf8c91e84, 0x00000000,
-		0x09838680, 0x3248ed2b, 0x1eac7011, 0x6c4e725a,
-		0xfdfbff0e, 0x0f563885, 0x3d1ed5ae, 0x3627392d,
-		0x0a64d90f, 0x6821a65c, 0x9bd1545b, 0x243a2e36,
-		0x0cb1670a, 0x930fe757, 0xb4d296ee, 0x1b9e919b,
-		0x804fc5c0, 0x61a220dc, 0x5a694b77, 0x1c161a12,
-		0xe20aba93, 0xc0e52aa0, 0x3c43e022, 0x121d171b,
-		0x0e0b0d09, 0xf2adc78b, 0x2db9a8b6, 0x14c8a91e,
-		0x578519f1, 0xaf4c0775, 0xeebbdd99, 0xa3fd607f,
-		0xf79f2601, 0x5cbcf572, 0x44c53b66, 0x5b347efb,
-		0x8b762943, 0xcbdcc623, 0xb668fced, 0xb863f1e4,
-		0xd7cadc31, 0x42108563, 0x13402297, 0x842011c6,
-		0x857d244a, 0xd2f83dbb, 0xae1132f9, 0xc76da129,
-		0x1d4b2f9e, 0xdcf330b2, 0x0dec5286, 0x77d0e3c1,
-		0x2b6c16b3, 0xa999b970, 0x11fa4894, 0x472264e9,
-		0xa8c48cfc, 0xa01a3ff0, 0x56d82c7d, 0x22ef9033,
-		0x87c74e49, 0xd9c1d138, 0x8cfea2ca, 0x98360bd4,
-		0xa6cf81f5, 0xa528de7a, 0xda268eb7, 0x3fa4bfad,
-		0x2ce49d3a, 0x500d9278, 0x6a9bcc5f, 0x5462467e,
-		0xf6c2138d, 0x90e8b8d8, 0x2e5ef739, 0x82f5afc3,
-		0x9fbe805d, 0x697c93d0, 0x6fa92dd5, 0xcfb31225,
-		0xc83b99ac, 0x10a77d18, 0xe86e639c, 0xdb7bbb3b,
-		0xcd097826, 0x6ef41859, 0xec01b79a, 0x83a89a4f,
-		0xe6656e95, 0xaa7ee6ff, 0x2108cfbc, 0xefe6e815,
-		0xbad99be7, 0x4ace366f, 0xead4099f, 0x29d67cb0,
-		0x31afb2a4, 0x2a31233f, 0xc63094a5, 0x35c066a2,
-		0x7437bc4e, 0xfca6ca82, 0xe0b0d090, 0x3315d8a7,
-		0xf14a9804, 0x41f7daec, 0x7f0e50cd, 0x172ff691,
-		0x768dd64d, 0x434db0ef, 0xcc544daa, 0xe4df0496,
-		0x9ee3b5d1, 0x4c1b886a, 0xc1b81f2c, 0x467f5165,
-		0x9d04ea5e, 0x015d358c, 0xfa737487, 0xfb2e410b,
-		0xb35a1d67, 0x9252d2db, 0xe9335610, 0x6d1347d6,
-		0x9a8c61d7, 0x377a0ca1, 0x598e14f8, 0xeb893c13,
-		0xceee27a9, 0xb735c961, 0xe1ede51c, 0x7a3cb147,
-		0x9c59dfd2, 0x553f73f2, 0x1879ce14, 0x73bf37c7,
-		0x53eacdf7, 0x5f5baafd, 0xdf146f3d, 0x7886db44,
-		0xca81f3af, 0xb93ec468, 0x382c3424, 0xc25f40a3,
-		0x1672c31d, 0xbc0c25e2, 0x288b493c, 0xff41950d,
-		0x397101a8, 0x08deb30c, 0xd89ce4b4, 0x6490c156,
-		0x7b6184cb, 0xd570b632, 0x48745c6c, 0xd04257b8,
-	}
-};
-
-__visible const u32 crypto_il_tab[4][256] = {
-	{
-		0x00000052, 0x00000009, 0x0000006a, 0x000000d5,
-		0x00000030, 0x00000036, 0x000000a5, 0x00000038,
-		0x000000bf, 0x00000040, 0x000000a3, 0x0000009e,
-		0x00000081, 0x000000f3, 0x000000d7, 0x000000fb,
-		0x0000007c, 0x000000e3, 0x00000039, 0x00000082,
-		0x0000009b, 0x0000002f, 0x000000ff, 0x00000087,
-		0x00000034, 0x0000008e, 0x00000043, 0x00000044,
-		0x000000c4, 0x000000de, 0x000000e9, 0x000000cb,
-		0x00000054, 0x0000007b, 0x00000094, 0x00000032,
-		0x000000a6, 0x000000c2, 0x00000023, 0x0000003d,
-		0x000000ee, 0x0000004c, 0x00000095, 0x0000000b,
-		0x00000042, 0x000000fa, 0x000000c3, 0x0000004e,
-		0x00000008, 0x0000002e, 0x000000a1, 0x00000066,
-		0x00000028, 0x000000d9, 0x00000024, 0x000000b2,
-		0x00000076, 0x0000005b, 0x000000a2, 0x00000049,
-		0x0000006d, 0x0000008b, 0x000000d1, 0x00000025,
-		0x00000072, 0x000000f8, 0x000000f6, 0x00000064,
-		0x00000086, 0x00000068, 0x00000098, 0x00000016,
-		0x000000d4, 0x000000a4, 0x0000005c, 0x000000cc,
-		0x0000005d, 0x00000065, 0x000000b6, 0x00000092,
-		0x0000006c, 0x00000070, 0x00000048, 0x00000050,
-		0x000000fd, 0x000000ed, 0x000000b9, 0x000000da,
-		0x0000005e, 0x00000015, 0x00000046, 0x00000057,
-		0x000000a7, 0x0000008d, 0x0000009d, 0x00000084,
-		0x00000090, 0x000000d8, 0x000000ab, 0x00000000,
-		0x0000008c, 0x000000bc, 0x000000d3, 0x0000000a,
-		0x000000f7, 0x000000e4, 0x00000058, 0x00000005,
-		0x000000b8, 0x000000b3, 0x00000045, 0x00000006,
-		0x000000d0, 0x0000002c, 0x0000001e, 0x0000008f,
-		0x000000ca, 0x0000003f, 0x0000000f, 0x00000002,
-		0x000000c1, 0x000000af, 0x000000bd, 0x00000003,
-		0x00000001, 0x00000013, 0x0000008a, 0x0000006b,
-		0x0000003a, 0x00000091, 0x00000011, 0x00000041,
-		0x0000004f, 0x00000067, 0x000000dc, 0x000000ea,
-		0x00000097, 0x000000f2, 0x000000cf, 0x000000ce,
-		0x000000f0, 0x000000b4, 0x000000e6, 0x00000073,
-		0x00000096, 0x000000ac, 0x00000074, 0x00000022,
-		0x000000e7, 0x000000ad, 0x00000035, 0x00000085,
-		0x000000e2, 0x000000f9, 0x00000037, 0x000000e8,
-		0x0000001c, 0x00000075, 0x000000df, 0x0000006e,
-		0x00000047, 0x000000f1, 0x0000001a, 0x00000071,
-		0x0000001d, 0x00000029, 0x000000c5, 0x00000089,
-		0x0000006f, 0x000000b7, 0x00000062, 0x0000000e,
-		0x000000aa, 0x00000018, 0x000000be, 0x0000001b,
-		0x000000fc, 0x00000056, 0x0000003e, 0x0000004b,
-		0x000000c6, 0x000000d2, 0x00000079, 0x00000020,
-		0x0000009a, 0x000000db, 0x000000c0, 0x000000fe,
-		0x00000078, 0x000000cd, 0x0000005a, 0x000000f4,
-		0x0000001f, 0x000000dd, 0x000000a8, 0x00000033,
-		0x00000088, 0x00000007, 0x000000c7, 0x00000031,
-		0x000000b1, 0x00000012, 0x00000010, 0x00000059,
-		0x00000027, 0x00000080, 0x000000ec, 0x0000005f,
-		0x00000060, 0x00000051, 0x0000007f, 0x000000a9,
-		0x00000019, 0x000000b5, 0x0000004a, 0x0000000d,
-		0x0000002d, 0x000000e5, 0x0000007a, 0x0000009f,
-		0x00000093, 0x000000c9, 0x0000009c, 0x000000ef,
-		0x000000a0, 0x000000e0, 0x0000003b, 0x0000004d,
-		0x000000ae, 0x0000002a, 0x000000f5, 0x000000b0,
-		0x000000c8, 0x000000eb, 0x000000bb, 0x0000003c,
-		0x00000083, 0x00000053, 0x00000099, 0x00000061,
-		0x00000017, 0x0000002b, 0x00000004, 0x0000007e,
-		0x000000ba, 0x00000077, 0x000000d6, 0x00000026,
-		0x000000e1, 0x00000069, 0x00000014, 0x00000063,
-		0x00000055, 0x00000021, 0x0000000c, 0x0000007d,
-	}, {
-		0x00005200, 0x00000900, 0x00006a00, 0x0000d500,
-		0x00003000, 0x00003600, 0x0000a500, 0x00003800,
-		0x0000bf00, 0x00004000, 0x0000a300, 0x00009e00,
-		0x00008100, 0x0000f300, 0x0000d700, 0x0000fb00,
-		0x00007c00, 0x0000e300, 0x00003900, 0x00008200,
-		0x00009b00, 0x00002f00, 0x0000ff00, 0x00008700,
-		0x00003400, 0x00008e00, 0x00004300, 0x00004400,
-		0x0000c400, 0x0000de00, 0x0000e900, 0x0000cb00,
-		0x00005400, 0x00007b00, 0x00009400, 0x00003200,
-		0x0000a600, 0x0000c200, 0x00002300, 0x00003d00,
-		0x0000ee00, 0x00004c00, 0x00009500, 0x00000b00,
-		0x00004200, 0x0000fa00, 0x0000c300, 0x00004e00,
-		0x00000800, 0x00002e00, 0x0000a100, 0x00006600,
-		0x00002800, 0x0000d900, 0x00002400, 0x0000b200,
-		0x00007600, 0x00005b00, 0x0000a200, 0x00004900,
-		0x00006d00, 0x00008b00, 0x0000d100, 0x00002500,
-		0x00007200, 0x0000f800, 0x0000f600, 0x00006400,
-		0x00008600, 0x00006800, 0x00009800, 0x00001600,
-		0x0000d400, 0x0000a400, 0x00005c00, 0x0000cc00,
-		0x00005d00, 0x00006500, 0x0000b600, 0x00009200,
-		0x00006c00, 0x00007000, 0x00004800, 0x00005000,
-		0x0000fd00, 0x0000ed00, 0x0000b900, 0x0000da00,
-		0x00005e00, 0x00001500, 0x00004600, 0x00005700,
-		0x0000a700, 0x00008d00, 0x00009d00, 0x00008400,
-		0x00009000, 0x0000d800, 0x0000ab00, 0x00000000,
-		0x00008c00, 0x0000bc00, 0x0000d300, 0x00000a00,
-		0x0000f700, 0x0000e400, 0x00005800, 0x00000500,
-		0x0000b800, 0x0000b300, 0x00004500, 0x00000600,
-		0x0000d000, 0x00002c00, 0x00001e00, 0x00008f00,
-		0x0000ca00, 0x00003f00, 0x00000f00, 0x00000200,
-		0x0000c100, 0x0000af00, 0x0000bd00, 0x00000300,
-		0x00000100, 0x00001300, 0x00008a00, 0x00006b00,
-		0x00003a00, 0x00009100, 0x00001100, 0x00004100,
-		0x00004f00, 0x00006700, 0x0000dc00, 0x0000ea00,
-		0x00009700, 0x0000f200, 0x0000cf00, 0x0000ce00,
-		0x0000f000, 0x0000b400, 0x0000e600, 0x00007300,
-		0x00009600, 0x0000ac00, 0x00007400, 0x00002200,
-		0x0000e700, 0x0000ad00, 0x00003500, 0x00008500,
-		0x0000e200, 0x0000f900, 0x00003700, 0x0000e800,
-		0x00001c00, 0x00007500, 0x0000df00, 0x00006e00,
-		0x00004700, 0x0000f100, 0x00001a00, 0x00007100,
-		0x00001d00, 0x00002900, 0x0000c500, 0x00008900,
-		0x00006f00, 0x0000b700, 0x00006200, 0x00000e00,
-		0x0000aa00, 0x00001800, 0x0000be00, 0x00001b00,
-		0x0000fc00, 0x00005600, 0x00003e00, 0x00004b00,
-		0x0000c600, 0x0000d200, 0x00007900, 0x00002000,
-		0x00009a00, 0x0000db00, 0x0000c000, 0x0000fe00,
-		0x00007800, 0x0000cd00, 0x00005a00, 0x0000f400,
-		0x00001f00, 0x0000dd00, 0x0000a800, 0x00003300,
-		0x00008800, 0x00000700, 0x0000c700, 0x00003100,
-		0x0000b100, 0x00001200, 0x00001000, 0x00005900,
-		0x00002700, 0x00008000, 0x0000ec00, 0x00005f00,
-		0x00006000, 0x00005100, 0x00007f00, 0x0000a900,
-		0x00001900, 0x0000b500, 0x00004a00, 0x00000d00,
-		0x00002d00, 0x0000e500, 0x00007a00, 0x00009f00,
-		0x00009300, 0x0000c900, 0x00009c00, 0x0000ef00,
-		0x0000a000, 0x0000e000, 0x00003b00, 0x00004d00,
-		0x0000ae00, 0x00002a00, 0x0000f500, 0x0000b000,
-		0x0000c800, 0x0000eb00, 0x0000bb00, 0x00003c00,
-		0x00008300, 0x00005300, 0x00009900, 0x00006100,
-		0x00001700, 0x00002b00, 0x00000400, 0x00007e00,
-		0x0000ba00, 0x00007700, 0x0000d600, 0x00002600,
-		0x0000e100, 0x00006900, 0x00001400, 0x00006300,
-		0x00005500, 0x00002100, 0x00000c00, 0x00007d00,
-	}, {
-		0x00520000, 0x00090000, 0x006a0000, 0x00d50000,
-		0x00300000, 0x00360000, 0x00a50000, 0x00380000,
-		0x00bf0000, 0x00400000, 0x00a30000, 0x009e0000,
-		0x00810000, 0x00f30000, 0x00d70000, 0x00fb0000,
-		0x007c0000, 0x00e30000, 0x00390000, 0x00820000,
-		0x009b0000, 0x002f0000, 0x00ff0000, 0x00870000,
-		0x00340000, 0x008e0000, 0x00430000, 0x00440000,
-		0x00c40000, 0x00de0000, 0x00e90000, 0x00cb0000,
-		0x00540000, 0x007b0000, 0x00940000, 0x00320000,
-		0x00a60000, 0x00c20000, 0x00230000, 0x003d0000,
-		0x00ee0000, 0x004c0000, 0x00950000, 0x000b0000,
-		0x00420000, 0x00fa0000, 0x00c30000, 0x004e0000,
-		0x00080000, 0x002e0000, 0x00a10000, 0x00660000,
-		0x00280000, 0x00d90000, 0x00240000, 0x00b20000,
-		0x00760000, 0x005b0000, 0x00a20000, 0x00490000,
-		0x006d0000, 0x008b0000, 0x00d10000, 0x00250000,
-		0x00720000, 0x00f80000, 0x00f60000, 0x00640000,
-		0x00860000, 0x00680000, 0x00980000, 0x00160000,
-		0x00d40000, 0x00a40000, 0x005c0000, 0x00cc0000,
-		0x005d0000, 0x00650000, 0x00b60000, 0x00920000,
-		0x006c0000, 0x00700000, 0x00480000, 0x00500000,
-		0x00fd0000, 0x00ed0000, 0x00b90000, 0x00da0000,
-		0x005e0000, 0x00150000, 0x00460000, 0x00570000,
-		0x00a70000, 0x008d0000, 0x009d0000, 0x00840000,
-		0x00900000, 0x00d80000, 0x00ab0000, 0x00000000,
-		0x008c0000, 0x00bc0000, 0x00d30000, 0x000a0000,
-		0x00f70000, 0x00e40000, 0x00580000, 0x00050000,
-		0x00b80000, 0x00b30000, 0x00450000, 0x00060000,
-		0x00d00000, 0x002c0000, 0x001e0000, 0x008f0000,
-		0x00ca0000, 0x003f0000, 0x000f0000, 0x00020000,
-		0x00c10000, 0x00af0000, 0x00bd0000, 0x00030000,
-		0x00010000, 0x00130000, 0x008a0000, 0x006b0000,
-		0x003a0000, 0x00910000, 0x00110000, 0x00410000,
-		0x004f0000, 0x00670000, 0x00dc0000, 0x00ea0000,
-		0x00970000, 0x00f20000, 0x00cf0000, 0x00ce0000,
-		0x00f00000, 0x00b40000, 0x00e60000, 0x00730000,
-		0x00960000, 0x00ac0000, 0x00740000, 0x00220000,
-		0x00e70000, 0x00ad0000, 0x00350000, 0x00850000,
-		0x00e20000, 0x00f90000, 0x00370000, 0x00e80000,
-		0x001c0000, 0x00750000, 0x00df0000, 0x006e0000,
-		0x00470000, 0x00f10000, 0x001a0000, 0x00710000,
-		0x001d0000, 0x00290000, 0x00c50000, 0x00890000,
-		0x006f0000, 0x00b70000, 0x00620000, 0x000e0000,
-		0x00aa0000, 0x00180000, 0x00be0000, 0x001b0000,
-		0x00fc0000, 0x00560000, 0x003e0000, 0x004b0000,
-		0x00c60000, 0x00d20000, 0x00790000, 0x00200000,
-		0x009a0000, 0x00db0000, 0x00c00000, 0x00fe0000,
-		0x00780000, 0x00cd0000, 0x005a0000, 0x00f40000,
-		0x001f0000, 0x00dd0000, 0x00a80000, 0x00330000,
-		0x00880000, 0x00070000, 0x00c70000, 0x00310000,
-		0x00b10000, 0x00120000, 0x00100000, 0x00590000,
-		0x00270000, 0x00800000, 0x00ec0000, 0x005f0000,
-		0x00600000, 0x00510000, 0x007f0000, 0x00a90000,
-		0x00190000, 0x00b50000, 0x004a0000, 0x000d0000,
-		0x002d0000, 0x00e50000, 0x007a0000, 0x009f0000,
-		0x00930000, 0x00c90000, 0x009c0000, 0x00ef0000,
-		0x00a00000, 0x00e00000, 0x003b0000, 0x004d0000,
-		0x00ae0000, 0x002a0000, 0x00f50000, 0x00b00000,
-		0x00c80000, 0x00eb0000, 0x00bb0000, 0x003c0000,
-		0x00830000, 0x00530000, 0x00990000, 0x00610000,
-		0x00170000, 0x002b0000, 0x00040000, 0x007e0000,
-		0x00ba0000, 0x00770000, 0x00d60000, 0x00260000,
-		0x00e10000, 0x00690000, 0x00140000, 0x00630000,
-		0x00550000, 0x00210000, 0x000c0000, 0x007d0000,
-	}, {
-		0x52000000, 0x09000000, 0x6a000000, 0xd5000000,
-		0x30000000, 0x36000000, 0xa5000000, 0x38000000,
-		0xbf000000, 0x40000000, 0xa3000000, 0x9e000000,
-		0x81000000, 0xf3000000, 0xd7000000, 0xfb000000,
-		0x7c000000, 0xe3000000, 0x39000000, 0x82000000,
-		0x9b000000, 0x2f000000, 0xff000000, 0x87000000,
-		0x34000000, 0x8e000000, 0x43000000, 0x44000000,
-		0xc4000000, 0xde000000, 0xe9000000, 0xcb000000,
-		0x54000000, 0x7b000000, 0x94000000, 0x32000000,
-		0xa6000000, 0xc2000000, 0x23000000, 0x3d000000,
-		0xee000000, 0x4c000000, 0x95000000, 0x0b000000,
-		0x42000000, 0xfa000000, 0xc3000000, 0x4e000000,
-		0x08000000, 0x2e000000, 0xa1000000, 0x66000000,
-		0x28000000, 0xd9000000, 0x24000000, 0xb2000000,
-		0x76000000, 0x5b000000, 0xa2000000, 0x49000000,
-		0x6d000000, 0x8b000000, 0xd1000000, 0x25000000,
-		0x72000000, 0xf8000000, 0xf6000000, 0x64000000,
-		0x86000000, 0x68000000, 0x98000000, 0x16000000,
-		0xd4000000, 0xa4000000, 0x5c000000, 0xcc000000,
-		0x5d000000, 0x65000000, 0xb6000000, 0x92000000,
-		0x6c000000, 0x70000000, 0x48000000, 0x50000000,
-		0xfd000000, 0xed000000, 0xb9000000, 0xda000000,
-		0x5e000000, 0x15000000, 0x46000000, 0x57000000,
-		0xa7000000, 0x8d000000, 0x9d000000, 0x84000000,
-		0x90000000, 0xd8000000, 0xab000000, 0x00000000,
-		0x8c000000, 0xbc000000, 0xd3000000, 0x0a000000,
-		0xf7000000, 0xe4000000, 0x58000000, 0x05000000,
-		0xb8000000, 0xb3000000, 0x45000000, 0x06000000,
-		0xd0000000, 0x2c000000, 0x1e000000, 0x8f000000,
-		0xca000000, 0x3f000000, 0x0f000000, 0x02000000,
-		0xc1000000, 0xaf000000, 0xbd000000, 0x03000000,
-		0x01000000, 0x13000000, 0x8a000000, 0x6b000000,
-		0x3a000000, 0x91000000, 0x11000000, 0x41000000,
-		0x4f000000, 0x67000000, 0xdc000000, 0xea000000,
-		0x97000000, 0xf2000000, 0xcf000000, 0xce000000,
-		0xf0000000, 0xb4000000, 0xe6000000, 0x73000000,
-		0x96000000, 0xac000000, 0x74000000, 0x22000000,
-		0xe7000000, 0xad000000, 0x35000000, 0x85000000,
-		0xe2000000, 0xf9000000, 0x37000000, 0xe8000000,
-		0x1c000000, 0x75000000, 0xdf000000, 0x6e000000,
-		0x47000000, 0xf1000000, 0x1a000000, 0x71000000,
-		0x1d000000, 0x29000000, 0xc5000000, 0x89000000,
-		0x6f000000, 0xb7000000, 0x62000000, 0x0e000000,
-		0xaa000000, 0x18000000, 0xbe000000, 0x1b000000,
-		0xfc000000, 0x56000000, 0x3e000000, 0x4b000000,
-		0xc6000000, 0xd2000000, 0x79000000, 0x20000000,
-		0x9a000000, 0xdb000000, 0xc0000000, 0xfe000000,
-		0x78000000, 0xcd000000, 0x5a000000, 0xf4000000,
-		0x1f000000, 0xdd000000, 0xa8000000, 0x33000000,
-		0x88000000, 0x07000000, 0xc7000000, 0x31000000,
-		0xb1000000, 0x12000000, 0x10000000, 0x59000000,
-		0x27000000, 0x80000000, 0xec000000, 0x5f000000,
-		0x60000000, 0x51000000, 0x7f000000, 0xa9000000,
-		0x19000000, 0xb5000000, 0x4a000000, 0x0d000000,
-		0x2d000000, 0xe5000000, 0x7a000000, 0x9f000000,
-		0x93000000, 0xc9000000, 0x9c000000, 0xef000000,
-		0xa0000000, 0xe0000000, 0x3b000000, 0x4d000000,
-		0xae000000, 0x2a000000, 0xf5000000, 0xb0000000,
-		0xc8000000, 0xeb000000, 0xbb000000, 0x3c000000,
-		0x83000000, 0x53000000, 0x99000000, 0x61000000,
-		0x17000000, 0x2b000000, 0x04000000, 0x7e000000,
-		0xba000000, 0x77000000, 0xd6000000, 0x26000000,
-		0xe1000000, 0x69000000, 0x14000000, 0x63000000,
-		0x55000000, 0x21000000, 0x0c000000, 0x7d000000,
-	}
-};
-
-EXPORT_SYMBOL_GPL(crypto_ft_tab);
-EXPORT_SYMBOL_GPL(crypto_fl_tab);
-EXPORT_SYMBOL_GPL(crypto_it_tab);
-EXPORT_SYMBOL_GPL(crypto_il_tab);
-
-/* initialise the key schedule from the user supplied key */
-
-#define star_x(x) (((x) & 0x7f7f7f7f) << 1) ^ ((((x) & 0x80808080) >> 7) * 0x1b)
-
-#define imix_col(y, x)	do {		\
-	u	= star_x(x);		\
-	v	= star_x(u);		\
-	w	= star_x(v);		\
-	t	= w ^ (x);		\
-	(y)	= u ^ v ^ w;		\
-	(y)	^= ror32(u ^ t, 8) ^	\
-		ror32(v ^ t, 16) ^	\
-		ror32(t, 24);		\
-} while (0)
-
-#define ls_box(x)		\
-	crypto_fl_tab[0][byte(x, 0)] ^	\
-	crypto_fl_tab[1][byte(x, 1)] ^	\
-	crypto_fl_tab[2][byte(x, 2)] ^	\
-	crypto_fl_tab[3][byte(x, 3)]
-
-#define loop4(i)	do {		\
-	t = ror32(t, 8);		\
-	t = ls_box(t) ^ rco_tab[i];	\
-	t ^= ctx->key_enc[4 * i];		\
-	ctx->key_enc[4 * i + 4] = t;		\
-	t ^= ctx->key_enc[4 * i + 1];		\
-	ctx->key_enc[4 * i + 5] = t;		\
-	t ^= ctx->key_enc[4 * i + 2];		\
-	ctx->key_enc[4 * i + 6] = t;		\
-	t ^= ctx->key_enc[4 * i + 3];		\
-	ctx->key_enc[4 * i + 7] = t;		\
-} while (0)
-
-#define loop6(i)	do {		\
-	t = ror32(t, 8);		\
-	t = ls_box(t) ^ rco_tab[i];	\
-	t ^= ctx->key_enc[6 * i];		\
-	ctx->key_enc[6 * i + 6] = t;		\
-	t ^= ctx->key_enc[6 * i + 1];		\
-	ctx->key_enc[6 * i + 7] = t;		\
-	t ^= ctx->key_enc[6 * i + 2];		\
-	ctx->key_enc[6 * i + 8] = t;		\
-	t ^= ctx->key_enc[6 * i + 3];		\
-	ctx->key_enc[6 * i + 9] = t;		\
-	t ^= ctx->key_enc[6 * i + 4];		\
-	ctx->key_enc[6 * i + 10] = t;		\
-	t ^= ctx->key_enc[6 * i + 5];		\
-	ctx->key_enc[6 * i + 11] = t;		\
-} while (0)
-
-#define loop8tophalf(i)	do {			\
-	t = ror32(t, 8);			\
-	t = ls_box(t) ^ rco_tab[i];		\
-	t ^= ctx->key_enc[8 * i];			\
-	ctx->key_enc[8 * i + 8] = t;			\
-	t ^= ctx->key_enc[8 * i + 1];			\
-	ctx->key_enc[8 * i + 9] = t;			\
-	t ^= ctx->key_enc[8 * i + 2];			\
-	ctx->key_enc[8 * i + 10] = t;			\
-	t ^= ctx->key_enc[8 * i + 3];			\
-	ctx->key_enc[8 * i + 11] = t;			\
-} while (0)
-
-#define loop8(i)	do {				\
-	loop8tophalf(i);				\
-	t  = ctx->key_enc[8 * i + 4] ^ ls_box(t);	\
-	ctx->key_enc[8 * i + 12] = t;			\
-	t ^= ctx->key_enc[8 * i + 5];			\
-	ctx->key_enc[8 * i + 13] = t;			\
-	t ^= ctx->key_enc[8 * i + 6];			\
-	ctx->key_enc[8 * i + 14] = t;			\
-	t ^= ctx->key_enc[8 * i + 7];			\
-	ctx->key_enc[8 * i + 15] = t;			\
-} while (0)
-
-/**
- * crypto_aes_expand_key - Expands the AES key as described in FIPS-197
- * @ctx:	The location where the computed key will be stored.
- * @in_key:	The supplied key.
- * @key_len:	The length of the supplied key.
- *
- * Returns 0 on success. The function fails only if an invalid key size (or
- * pointer) is supplied.
- * The expanded key size is 240 bytes (max of 14 rounds with a unique 16 bytes
- * key schedule plus a 16 bytes key which is used before the first round).
- * The decryption key is prepared for the "Equivalent Inverse Cipher" as
- * described in FIPS-197. The first slot (16 bytes) of each key (enc or dec) is
- * for the initial combination, the second slot for the first round and so on.
- */
-int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
-		unsigned int key_len)
-{
-	u32 i, t, u, v, w, j;
-
-	if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
-			key_len != AES_KEYSIZE_256)
-		return -EINVAL;
-
-	ctx->key_length = key_len;
-
-	ctx->key_enc[0] = get_unaligned_le32(in_key);
-	ctx->key_enc[1] = get_unaligned_le32(in_key + 4);
-	ctx->key_enc[2] = get_unaligned_le32(in_key + 8);
-	ctx->key_enc[3] = get_unaligned_le32(in_key + 12);
-
-	ctx->key_dec[key_len + 24] = ctx->key_enc[0];
-	ctx->key_dec[key_len + 25] = ctx->key_enc[1];
-	ctx->key_dec[key_len + 26] = ctx->key_enc[2];
-	ctx->key_dec[key_len + 27] = ctx->key_enc[3];
-
-	switch (key_len) {
-	case AES_KEYSIZE_128:
-		t = ctx->key_enc[3];
-		for (i = 0; i < 10; ++i)
-			loop4(i);
-		break;
-
-	case AES_KEYSIZE_192:
-		ctx->key_enc[4] = get_unaligned_le32(in_key + 16);
-		t = ctx->key_enc[5] = get_unaligned_le32(in_key + 20);
-		for (i = 0; i < 8; ++i)
-			loop6(i);
-		break;
-
-	case AES_KEYSIZE_256:
-		ctx->key_enc[4] = get_unaligned_le32(in_key + 16);
-		ctx->key_enc[5] = get_unaligned_le32(in_key + 20);
-		ctx->key_enc[6] = get_unaligned_le32(in_key + 24);
-		t = ctx->key_enc[7] = get_unaligned_le32(in_key + 28);
-		for (i = 0; i < 6; ++i)
-			loop8(i);
-		loop8tophalf(i);
-		break;
-	}
-
-	ctx->key_dec[0] = ctx->key_enc[key_len + 24];
-	ctx->key_dec[1] = ctx->key_enc[key_len + 25];
-	ctx->key_dec[2] = ctx->key_enc[key_len + 26];
-	ctx->key_dec[3] = ctx->key_enc[key_len + 27];
-
-	for (i = 4; i < key_len + 24; ++i) {
-		j = key_len + 24 - (i & ~3) + (i & 3);
-		imix_col(ctx->key_dec[j], ctx->key_enc[i]);
-	}
-	return 0;
-}
-EXPORT_SYMBOL_GPL(crypto_aes_expand_key);
-
-/**
- * crypto_aes_set_key - Set the AES key.
- * @tfm:	The %crypto_tfm that is used in the context.
- * @in_key:	The input key.
- * @key_len:	The size of the key.
- *
- * Returns 0 on success, on failure the %CRYPTO_TFM_RES_BAD_KEY_LEN flag in tfm
- * is set. The function uses crypto_aes_expand_key() to expand the key.
- * &crypto_aes_ctx _must_ be the private data embedded in @tfm which is
- * retrieved with crypto_tfm_ctx().
- */
-int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
-		unsigned int key_len)
-{
-	struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
-	u32 *flags = &tfm->crt_flags;
-	int ret;
-
-	ret = crypto_aes_expand_key(ctx, in_key, key_len);
-	if (!ret)
-		return 0;
-
-	*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
-	return -EINVAL;
-}
-EXPORT_SYMBOL_GPL(crypto_aes_set_key);
-
-/* encrypt a block of text */
-
-#define f_rn(bo, bi, n, k)	do {				\
-	bo[n] = crypto_ft_tab[0][byte(bi[n], 0)] ^			\
-		crypto_ft_tab[1][byte(bi[(n + 1) & 3], 1)] ^		\
-		crypto_ft_tab[2][byte(bi[(n + 2) & 3], 2)] ^		\
-		crypto_ft_tab[3][byte(bi[(n + 3) & 3], 3)] ^ *(k + n);	\
-} while (0)
-
-#define f_nround(bo, bi, k)	do {\
-	f_rn(bo, bi, 0, k);	\
-	f_rn(bo, bi, 1, k);	\
-	f_rn(bo, bi, 2, k);	\
-	f_rn(bo, bi, 3, k);	\
-	k += 4;			\
-} while (0)
-
-#define f_rl(bo, bi, n, k)	do {				\
-	bo[n] = crypto_fl_tab[0][byte(bi[n], 0)] ^			\
-		crypto_fl_tab[1][byte(bi[(n + 1) & 3], 1)] ^		\
-		crypto_fl_tab[2][byte(bi[(n + 2) & 3], 2)] ^		\
-		crypto_fl_tab[3][byte(bi[(n + 3) & 3], 3)] ^ *(k + n);	\
-} while (0)
-
-#define f_lround(bo, bi, k)	do {\
-	f_rl(bo, bi, 0, k);	\
-	f_rl(bo, bi, 1, k);	\
-	f_rl(bo, bi, 2, k);	\
-	f_rl(bo, bi, 3, k);	\
-} while (0)
-
-static void aes_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
-	const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
-	u32 b0[4], b1[4];
-	const u32 *kp = ctx->key_enc + 4;
-	const int key_len = ctx->key_length;
-
-	b0[0] = ctx->key_enc[0] ^ get_unaligned_le32(in);
-	b0[1] = ctx->key_enc[1] ^ get_unaligned_le32(in + 4);
-	b0[2] = ctx->key_enc[2] ^ get_unaligned_le32(in + 8);
-	b0[3] = ctx->key_enc[3] ^ get_unaligned_le32(in + 12);
-
-	if (key_len > 24) {
-		f_nround(b1, b0, kp);
-		f_nround(b0, b1, kp);
-	}
-
-	if (key_len > 16) {
-		f_nround(b1, b0, kp);
-		f_nround(b0, b1, kp);
-	}
-
-	f_nround(b1, b0, kp);
-	f_nround(b0, b1, kp);
-	f_nround(b1, b0, kp);
-	f_nround(b0, b1, kp);
-	f_nround(b1, b0, kp);
-	f_nround(b0, b1, kp);
-	f_nround(b1, b0, kp);
-	f_nround(b0, b1, kp);
-	f_nround(b1, b0, kp);
-	f_lround(b0, b1, kp);
-
-	put_unaligned_le32(b0[0], out);
-	put_unaligned_le32(b0[1], out + 4);
-	put_unaligned_le32(b0[2], out + 8);
-	put_unaligned_le32(b0[3], out + 12);
-}
-
-/* decrypt a block of text */
-
-#define i_rn(bo, bi, n, k)	do {				\
-	bo[n] = crypto_it_tab[0][byte(bi[n], 0)] ^			\
-		crypto_it_tab[1][byte(bi[(n + 3) & 3], 1)] ^		\
-		crypto_it_tab[2][byte(bi[(n + 2) & 3], 2)] ^		\
-		crypto_it_tab[3][byte(bi[(n + 1) & 3], 3)] ^ *(k + n);	\
-} while (0)
-
-#define i_nround(bo, bi, k)	do {\
-	i_rn(bo, bi, 0, k);	\
-	i_rn(bo, bi, 1, k);	\
-	i_rn(bo, bi, 2, k);	\
-	i_rn(bo, bi, 3, k);	\
-	k += 4;			\
-} while (0)
-
-#define i_rl(bo, bi, n, k)	do {			\
-	bo[n] = crypto_il_tab[0][byte(bi[n], 0)] ^		\
-	crypto_il_tab[1][byte(bi[(n + 3) & 3], 1)] ^		\
-	crypto_il_tab[2][byte(bi[(n + 2) & 3], 2)] ^		\
-	crypto_il_tab[3][byte(bi[(n + 1) & 3], 3)] ^ *(k + n);	\
-} while (0)
-
-#define i_lround(bo, bi, k)	do {\
-	i_rl(bo, bi, 0, k);	\
-	i_rl(bo, bi, 1, k);	\
-	i_rl(bo, bi, 2, k);	\
-	i_rl(bo, bi, 3, k);	\
-} while (0)
-
-static void aes_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
-{
-	const struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm);
-	u32 b0[4], b1[4];
-	const int key_len = ctx->key_length;
-	const u32 *kp = ctx->key_dec + 4;
-
-	b0[0] = ctx->key_dec[0] ^ get_unaligned_le32(in);
-	b0[1] = ctx->key_dec[1] ^ get_unaligned_le32(in + 4);
-	b0[2] = ctx->key_dec[2] ^ get_unaligned_le32(in + 8);
-	b0[3] = ctx->key_dec[3] ^ get_unaligned_le32(in + 12);
-
-	if (key_len > 24) {
-		i_nround(b1, b0, kp);
-		i_nround(b0, b1, kp);
-	}
-
-	if (key_len > 16) {
-		i_nround(b1, b0, kp);
-		i_nround(b0, b1, kp);
-	}
-
-	i_nround(b1, b0, kp);
-	i_nround(b0, b1, kp);
-	i_nround(b1, b0, kp);
-	i_nround(b0, b1, kp);
-	i_nround(b1, b0, kp);
-	i_nround(b0, b1, kp);
-	i_nround(b1, b0, kp);
-	i_nround(b0, b1, kp);
-	i_nround(b1, b0, kp);
-	i_lround(b0, b1, kp);
-
-	put_unaligned_le32(b0[0], out);
-	put_unaligned_le32(b0[1], out + 4);
-	put_unaligned_le32(b0[2], out + 8);
-	put_unaligned_le32(b0[3], out + 12);
-}
-
-static struct crypto_alg aes_alg = {
-	.cra_name		=	"aes",
-	.cra_driver_name	=	"aes-generic",
-	.cra_priority		=	100,
-	.cra_flags		=	CRYPTO_ALG_TYPE_CIPHER,
-	.cra_blocksize		=	AES_BLOCK_SIZE,
-	.cra_ctxsize		=	sizeof(struct crypto_aes_ctx),
-	.cra_module		=	THIS_MODULE,
-	.cra_u			=	{
-		.cipher = {
-			.cia_min_keysize	=	AES_MIN_KEY_SIZE,
-			.cia_max_keysize	=	AES_MAX_KEY_SIZE,
-			.cia_setkey		=	crypto_aes_set_key,
-			.cia_encrypt		=	aes_encrypt,
-			.cia_decrypt		=	aes_decrypt
-		}
-	}
-};
-
-static int __init aes_init(void)
-{
-	return crypto_register_alg(&aes_alg);
-}
-
-static void __exit aes_fini(void)
-{
-	crypto_unregister_alg(&aes_alg);
-}
-
-module_init(aes_init);
-module_exit(aes_fini);
-
-MODULE_DESCRIPTION("Rijndael (AES) Cipher Algorithm");
-MODULE_LICENSE("Dual BSD/GPL");
-MODULE_ALIAS_CRYPTO("aes");
-MODULE_ALIAS_CRYPTO("aes-generic");
diff --git a/drivers/crypto/chelsio/chcr_algo.c b/drivers/crypto/chelsio/chcr_algo.c
index 0e8160701833..11f4f1d232ff 100644
--- a/drivers/crypto/chelsio/chcr_algo.c
+++ b/drivers/crypto/chelsio/chcr_algo.c
@@ -1258,7 +1258,7 @@ static int chcr_cra_init(struct crypto_tfm *tfm)
 
 	if (get_cryptoalg_subtype(tfm) == CRYPTO_ALG_SUB_TYPE_XTS) {
 		/* To update tweak*/
-		ablkctx->aes_generic = crypto_alloc_cipher("aes-generic", 0, 0);
+		ablkctx->aes_generic = crypto_alloc_cipher("aes", 0, 0);
 		if (IS_ERR(ablkctx->aes_generic)) {
 			pr_err("failed to allocate aes cipher for tweak\n");
 			return PTR_ERR(ablkctx->aes_generic);
@@ -2889,7 +2889,7 @@ static int chcr_gcm_setkey(struct crypto_aead *aead, const u8 *key,
 	/* Calculate the H = CIPH(K, 0 repeated 16 times).
 	 * It will go in key context
 	 */
-	cipher = crypto_alloc_cipher("aes-generic", 0, 0);
+	cipher = crypto_alloc_cipher("aes", 0, 0);
 	if (IS_ERR(cipher)) {
 		aeadctx->enckey_len = 0;
 		ret = -ENOMEM;
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 8a4afdca611e..f0cbe4aacba2 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -31,4 +31,10 @@ int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 		unsigned int key_len);
 int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
 		unsigned int key_len);
+
+void crypto_aes_encrypt(const struct crypto_aes_ctx *ctx, u8 *out,
+			const u8 *in);
+void crypto_aes_decrypt(const struct crypto_aes_ctx *ctx, u8 *out,
+			const u8 *in);
+
 #endif
-- 
2.9.3

[PATCH v4 4/8] crypto: x86/aes-ni - switch to generic fallback

[Ard Biesheuvel]

The time invariant AES-NI implementation is SIMD based, and so it needs
a fallback in case the code is called from a context where SIMD is not
allowed. On x86, this is really only when executing in the context of an
interrupt taken while in kernel mode, since SIMD is allowed in all other
cases.

There is very little code in the kernel that actually performs AES in
interrupt context, and the code that does (mac80211) only does so when
running on 802.11 devices that have no support for AES in hardware, and
those are rare these days.

So switch to the new AES core code as a fallback. It is much smaller, as
well as more resistant to cache timing attacks, and removing the
dependency allows us to disable the time variant drivers altogether if
desired.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/x86/crypto/aesni-intel_glue.c | 4 ++--
 crypto/Kconfig                     | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 4a55cdcdc008..1734e6185800 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -334,7 +334,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
 	struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
 
 	if (!irq_fpu_usable())
-		crypto_aes_encrypt_x86(ctx, dst, src);
+		crypto_aes_encrypt(ctx, dst, src);
 	else {
 		kernel_fpu_begin();
 		aesni_enc(ctx, dst, src);
@@ -347,7 +347,7 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
 	struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
 
 	if (!irq_fpu_usable())
-		crypto_aes_decrypt_x86(ctx, dst, src);
+		crypto_aes_decrypt(ctx, dst, src);
 	else {
 		kernel_fpu_begin();
 		aesni_dec(ctx, dst, src);
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 7766fea9c18e..8f4b9f3381e2 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -956,8 +956,7 @@ config CRYPTO_AES_NI_INTEL
 	tristate "AES cipher algorithms (AES-NI)"
 	depends on X86
 	select CRYPTO_AEAD
-	select CRYPTO_AES_X86_64 if 64BIT
-	select CRYPTO_AES_586 if !64BIT
+	select CRYPTO_AES
 	select CRYPTO_ALGAPI
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_GLUE_HELPER_X86 if 64BIT
-- 
2.9.3

[PATCH v4 5/8] crypto: arm/aes - avoid expanded lookup tables in the final round

[Ard Biesheuvel]

For the final round, avoid the expanded and padded lookup tables
exported by the generic AES driver. Instead, for encryption, we can
perform byte loads from the same table we used for the inner rounds,
which will still be hot in the caches. For decryption, use the inverse
AES Sbox exported by the generic AES driver, which is 4x smaller than
the inverse table exported by the generic driver.

This significantly reduces the Dcache footprint of our code, and does
not introduce any additional module dependencies, given that we already
rely on the core AES module for the shared key expansion routines.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/crypto/aes-cipher-core.S | 51 ++++++++++----------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/arch/arm/crypto/aes-cipher-core.S b/arch/arm/crypto/aes-cipher-core.S
index a727692cd9c1..5e9ddc576ec1 100644
--- a/arch/arm/crypto/aes-cipher-core.S
+++ b/arch/arm/crypto/aes-cipher-core.S
@@ -33,19 +33,19 @@
 	.endif
 	.endm
 
-	.macro		__load, out, in, idx
+	.macro		__load, out, in, idx, sz, op
 	.if		__LINUX_ARM_ARCH__ < 7 && \idx > 0
-	ldr		\out, [ttab, \in, lsr #(8 * \idx) - 2]
+	ldr\op		\out, [ttab, \in, lsr #(8 * \idx) - \sz]
 	.else
-	ldr		\out, [ttab, \in, lsl #2]
+	ldr\op		\out, [ttab, \in, lsl #\sz]
 	.endif
 	.endm
 
-	.macro		__hround, out0, out1, in0, in1, in2, in3, t3, t4, enc
+	.macro		__hround, out0, out1, in0, in1, in2, in3, t3, t4, enc, sz, op
 	__select	\out0, \in0, 0
 	__select	t0, \in1, 1
-	__load		\out0, \out0, 0
-	__load		t0, t0, 1
+	__load		\out0, \out0, 0, \sz, \op
+	__load		t0, t0, 1, \sz, \op
 
 	.if		\enc
 	__select	\out1, \in1, 0
@@ -54,10 +54,10 @@
 	__select	\out1, \in3, 0
 	__select	t1, \in0, 1
 	.endif
-	__load		\out1, \out1, 0
+	__load		\out1, \out1, 0, \sz, \op
 	__select	t2, \in2, 2
-	__load		t1, t1, 1
-	__load		t2, t2, 2
+	__load		t1, t1, 1, \sz, \op
+	__load		t2, t2, 2, \sz, \op
 
 	eor		\out0, \out0, t0, ror #24
 
@@ -69,9 +69,9 @@
 	__select	\t3, \in1, 2
 	__select	\t4, \in2, 3
 	.endif
-	__load		\t3, \t3, 2
-	__load		t0, t0, 3
-	__load		\t4, \t4, 3
+	__load		\t3, \t3, 2, \sz, \op
+	__load		t0, t0, 3, \sz, \op
+	__load		\t4, \t4, 3, \sz, \op
 
 	eor		\out1, \out1, t1, ror #24
 	eor		\out0, \out0, t2, ror #16
@@ -83,14 +83,14 @@
 	eor		\out1, \out1, t2
 	.endm
 
-	.macro		fround, out0, out1, out2, out3, in0, in1, in2, in3
-	__hround	\out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1
-	__hround	\out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1
+	.macro		fround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
+	__hround	\out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1, \sz, \op
+	__hround	\out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1, \sz, \op
 	.endm
 
-	.macro		iround, out0, out1, out2, out3, in0, in1, in2, in3
-	__hround	\out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0
-	__hround	\out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0
+	.macro		iround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
+	__hround	\out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0, \sz, \op
+	__hround	\out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0, \sz, \op
 	.endm
 
 	.macro		__rev, out, in
@@ -115,7 +115,7 @@
 	.endif
 	.endm
 
-	.macro		do_crypt, round, ttab, ltab
+	.macro		do_crypt, round, ttab, ltab, bsz
 	push		{r3-r11, lr}
 
 	ldr		r4, [in]
@@ -147,9 +147,12 @@
 
 1:	subs		rounds, rounds, #4
 	\round		r8, r9, r10, r11, r4, r5, r6, r7
-	__adrl		ttab, \ltab, ls
+	bls		2f
 	\round		r4, r5, r6, r7, r8, r9, r10, r11
-	bhi		0b
+	b		0b
+
+2:	__adrl		ttab, \ltab
+	\round		r4, r5, r6, r7, r8, r9, r10, r11, \bsz, b
 
 #ifdef CONFIG_CPU_BIG_ENDIAN
 	__rev		r4, r4
@@ -173,14 +176,12 @@
 
 	.align			6
 	aes_table_reduced	crypto_ft_tab
-	aes_table_reduced	crypto_fl_tab
 	aes_table_reduced	crypto_it_tab
-	aes_table_reduced	crypto_il_tab
 
 ENTRY(__aes_arm_encrypt)
-	do_crypt	fround, crypto_ft_tab, crypto_fl_tab
+	do_crypt	fround, crypto_ft_tab, crypto_ft_tab + 1, 2
 ENDPROC(__aes_arm_encrypt)
 
 ENTRY(__aes_arm_decrypt)
-	do_crypt	iround, crypto_it_tab, crypto_il_tab
+	do_crypt	iround, crypto_it_tab, crypto_aes_inv_sbox, 0
 ENDPROC(__aes_arm_decrypt)
-- 
2.9.3

[PATCH v4 6/8] crypto: arm64/aes - avoid expanded lookup tables in the final round

[Ard Biesheuvel]

For the final round, avoid the expanded and padded lookup tables
exported by the generic AES driver. Instead, for encryption, we can
perform byte loads from the same table we used for the inner rounds,
which will still be hot in the caches. For decryption, use the inverse
AES Sbox exported by the generic AES driver, which is 4x smaller than
the inverse table exported by the generic driver.

This significantly reduces the Dcache footprint of our code, and does
not introduce any additional module dependencies, given that we already
rely on the core AES module for the shared key expansion routines. It
also frees up register x18, which is not available as a scratch register
on all platforms, which and so avoiding it improves shareability of this
code.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/crypto/aes-cipher-core.S | 155 ++++++++++++++------
 1 file changed, 108 insertions(+), 47 deletions(-)

diff --git a/arch/arm64/crypto/aes-cipher-core.S b/arch/arm64/crypto/aes-cipher-core.S
index bbe5dd96135c..fe807f164d83 100644
--- a/arch/arm64/crypto/aes-cipher-core.S
+++ b/arch/arm64/crypto/aes-cipher-core.S
@@ -18,99 +18,160 @@
 	out		.req	x1
 	in		.req	x2
 	rounds		.req	x3
-	tt		.req	x4
-	lt		.req	x2
+	tt		.req	x2
 
-	.macro		__pair, enc, reg0, reg1, in0, in1e, in1d, shift
+	.macro		__ubf1, reg0, reg1, in0, in1e, in1d, sz, shift
 	ubfx		\reg0, \in0, #\shift, #8
-	.if		\enc
 	ubfx		\reg1, \in1e, #\shift, #8
-	.else
+	.endm
+
+	.macro		__ubf0, reg0, reg1, in0, in1e, in1d, sz, shift
+	ubfx		\reg0, \in0, #\shift, #8
 	ubfx		\reg1, \in1d, #\shift, #8
+	.endm
+
+	.macro		__ubf1b, reg0, reg1, in0, in1e, in1d, sz, shift
+	.if		\shift == 0 && \sz > 0
+	ubfiz		\reg0, \in0, #\sz, #8
+	ubfiz		\reg1, \in1e, #\sz, #8
+	.else
+	__ubf1		\reg0, \reg1, \in0, \in1e, \in1d, \sz, \shift
+	.endif
+	.endm
+
+	.macro		__ubf0b, reg0, reg1, in0, in1e, in1d, sz, shift
+	.if		\shift == 0 && \sz > 0
+	ubfiz		\reg0, \in0, #\sz, #8
+	ubfiz		\reg1, \in1d, #\sz, #8
+	.else
+	__ubf0		\reg0, \reg1, \in0, \in1e, \in1d, \sz, \shift
 	.endif
+	.endm
+
+	/*
+	 * AArch64 cannot do byte size indexed loads from a table containing
+	 * 32-bit quantities, i.e., 'ldrb w12, [tt, w12, uxtw #2]' is not a
+	 * valid instruction.
+	 *
+	 * For shift == 0, we can simply fold the size shift of the index
+	 * into the ubfx instruction, by switcing to ubfiz and using \sz as
+	 * the destination offset.
+	 * For shift > 0, we perform a 32-byte wide load instead, which does
+	 * allow an index shift of 2, and discard the high bytes later using
+	 * uxtb or lsl #24.
+	 */
+	.macro		__pair, enc, sz, op, reg0, reg1, in0, in1e, in1d, shift
+	__ubf\enc\op	\reg0, \reg1, \in0, \in1e, \in1d, \sz, \shift
+	.ifnc		\op\sz, b2
+	ldr\op		\reg0, [tt, \reg0, uxtw #\sz]
+	ldr\op		\reg1, [tt, \reg1, uxtw #\sz]
+	.elseif		\shift == 0
+	ldrb		\reg0, [tt, \reg0, uxtw]
+	ldrb		\reg1, [tt, \reg1, uxtw]
+	.else
 	ldr		\reg0, [tt, \reg0, uxtw #2]
 	ldr		\reg1, [tt, \reg1, uxtw #2]
+	.endif
 	.endm
 
-	.macro		__hround, out0, out1, in0, in1, in2, in3, t0, t1, enc
+	.macro		__hround, out0, out1, in0, in1, in2, in3, t0, t1, enc, sz, op
 	ldp		\out0, \out1, [rk], #8
 
-	__pair		\enc, w13, w14, \in0, \in1, \in3, 0
-	__pair		\enc, w15, w16, \in1, \in2, \in0, 8
-	__pair		\enc, w17, w18, \in2, \in3, \in1, 16
-	__pair		\enc, \t0, \t1, \in3, \in0, \in2, 24
-
-	eor		\out0, \out0, w13
-	eor		\out1, \out1, w14
-	eor		\out0, \out0, w15, ror #24
-	eor		\out1, \out1, w16, ror #24
-	eor		\out0, \out0, w17, ror #16
-	eor		\out1, \out1, w18, ror #16
-	eor		\out0, \out0, \t0, ror #8
-	eor		\out1, \out1, \t1, ror #8
+	__pair		\enc, \sz, \op, w12, w13, \in0, \in1, \in3, 0
+	__pair		\enc, \sz, \op, w14, w15, \in3, \in0, \in2, 24
+	__pair		\enc, \sz, \op, w16, w17, \in2, \in3, \in1, 16
+	__pair		\enc, \sz, \op, \t0, \t1, \in1, \in2, \in0, 8
+
+	eor		\out0, \out0, w12
+	eor		\out1, \out1, w13
+
+	.ifnc		\op\sz, b2
+	eor		\out0, \out0, w14, ror #8
+	eor		\out1, \out1, w15, ror #8
+	.else
+CPU_BE(	lsr		w14, w14, #24		)
+CPU_BE(	lsr		w15, w15, #24		)
+
+	eor		\out0, \out0, w14, lsl #24
+	eor		\out1, \out1, w15, lsl #24
+
+CPU_LE(	uxtb		w16, w16		)
+CPU_LE(	uxtb		w17, w17		)
+CPU_LE(	uxtb		\t0, \t0		)
+CPU_LE(	uxtb		\t1, \t1		)
+
+CPU_BE(	lsr		w16, w16, #24		)
+CPU_BE(	lsr		w17, w17, #24		)
+CPU_BE(	lsr		\t0, \t0, #24		)
+CPU_BE(	lsr		\t1, \t1, #24		)
+	.endif
+
+	eor		\out0, \out0, w16, ror #16
+	eor		\out1, \out1, w17, ror #16
+	eor		\out0, \out0, \t0, ror #24
+	eor		\out1, \out1, \t1, ror #24
 	.endm
 
-	.macro		fround, out0, out1, out2, out3, in0, in1, in2, in3
-	__hround	\out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1
-	__hround	\out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1
+	.macro		fround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
+	__hround	\out0, \out1, \in0, \in1, \in2, \in3, \out2, \out3, 1, \sz, \op
+	__hround	\out2, \out3, \in2, \in3, \in0, \in1, \in1, \in2, 1, \sz, \op
 	.endm
 
-	.macro		iround, out0, out1, out2, out3, in0, in1, in2, in3
-	__hround	\out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0
-	__hround	\out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0
+	.macro		iround, out0, out1, out2, out3, in0, in1, in2, in3, sz=2, op
+	__hround	\out0, \out1, \in0, \in3, \in2, \in1, \out2, \out3, 0, \sz, \op
+	__hround	\out2, \out3, \in2, \in1, \in0, \in3, \in1, \in0, 0, \sz, \op
 	.endm
 
-	.macro		do_crypt, round, ttab, ltab
-	ldp		w5, w6, [in]
-	ldp		w7, w8, [in, #8]
-	ldp		w9, w10, [rk], #16
-	ldp		w11, w12, [rk, #-8]
+	.macro		do_crypt, round, ttab, ltab, bsz
+	ldp		w4, w5, [in]
+	ldp		w6, w7, [in, #8]
+	ldp		w8, w9, [rk], #16
+	ldp		w10, w11, [rk, #-8]
 
+CPU_BE(	rev		w4, w4		)
 CPU_BE(	rev		w5, w5		)
 CPU_BE(	rev		w6, w6		)
 CPU_BE(	rev		w7, w7		)
-CPU_BE(	rev		w8, w8		)
 
+	eor		w4, w4, w8
 	eor		w5, w5, w9
 	eor		w6, w6, w10
 	eor		w7, w7, w11
-	eor		w8, w8, w12
 
 	adr_l		tt, \ttab
-	adr_l		lt, \ltab
 
 	tbnz		rounds, #1, 1f
 
-0:	\round		w9, w10, w11, w12, w5, w6, w7, w8
-	\round		w5, w6, w7, w8, w9, w10, w11, w12
+0:	\round		w8, w9, w10, w11, w4, w5, w6, w7
+	\round		w4, w5, w6, w7, w8, w9, w10, w11
 
 1:	subs		rounds, rounds, #4
-	\round		w9, w10, w11, w12, w5, w6, w7, w8
-	csel		tt, tt, lt, hi
-	\round		w5, w6, w7, w8, w9, w10, w11, w12
-	b.hi		0b
-
+	\round		w8, w9, w10, w11, w4, w5, w6, w7
+	b.ls		3f
+2:	\round		w4, w5, w6, w7, w8, w9, w10, w11
+	b		0b
+3:	adr_l		tt, \ltab
+	\round		w4, w5, w6, w7, w8, w9, w10, w11, \bsz, b
+
+CPU_BE(	rev		w4, w4		)
 CPU_BE(	rev		w5, w5		)
 CPU_BE(	rev		w6, w6		)
 CPU_BE(	rev		w7, w7		)
-CPU_BE(	rev		w8, w8		)
 
-	stp		w5, w6, [out]
-	stp		w7, w8, [out, #8]
+	stp		w4, w5, [out]
+	stp		w6, w7, [out, #8]
 	ret
 	.endm
 
 	.align			7
 	aes_table_reduced	crypto_ft_tab
-	aes_table_reduced	crypto_fl_tab
 	aes_table_reduced	crypto_it_tab
-	aes_table_reduced	crypto_il_tab
 
 ENTRY(__aes_arm64_encrypt)
-	do_crypt	fround, crypto_ft_tab, crypto_fl_tab
+	do_crypt	fround, crypto_ft_tab, crypto_ft_tab + 1, 2
 ENDPROC(__aes_arm64_encrypt)
 
 	.align		5
 ENTRY(__aes_arm64_decrypt)
-	do_crypt	iround, crypto_it_tab, crypto_il_tab
+	do_crypt	iround, crypto_it_tab, crypto_aes_inv_sbox, 0
 ENDPROC(__aes_arm64_decrypt)
-- 
2.9.3

[PATCH v4 7/8] crypto: arm64/aes-neon - reuse Sboxes from AES core module

[Ard Biesheuvel]

The newly introduced AES core module exposes its Sboxes for the benefit
of the fixed time AES driver. Since the arm64 NEON based implementation
already depends on the same core module for its key expansion routines,
let's use its Sboxes as well, and remove the local copy.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm64/crypto/aes-neon.S | 74 +-------------------
 1 file changed, 3 insertions(+), 71 deletions(-)

diff --git a/arch/arm64/crypto/aes-neon.S b/arch/arm64/crypto/aes-neon.S
index f1e3aa2732f9..2acb5f81dcdb 100644
--- a/arch/arm64/crypto/aes-neon.S
+++ b/arch/arm64/crypto/aes-neon.S
@@ -32,7 +32,7 @@
 
 	/* preload the entire Sbox */
 	.macro		prepare, sbox, shiftrows, temp
-	adr		\temp, \sbox
+	adr_l		\temp, \sbox
 	movi		v12.16b, #0x1b
 	ldr		q13, \shiftrows
 	ldr		q14, .Lror32by8
@@ -44,7 +44,7 @@
 
 	/* do preload for encryption */
 	.macro		enc_prepare, ignore0, ignore1, temp
-	prepare		.LForward_Sbox, .LForward_ShiftRows, \temp
+	prepare		crypto_aes_sbox, .LForward_ShiftRows, \temp
 	.endm
 
 	.macro		enc_switch_key, ignore0, ignore1, temp
@@ -53,7 +53,7 @@
 
 	/* do preload for decryption */
 	.macro		dec_prepare, ignore0, ignore1, temp
-	prepare		.LReverse_Sbox, .LReverse_ShiftRows, \temp
+	prepare		crypto_aes_inv_sbox, .LReverse_ShiftRows, \temp
 	.endm
 
 	/* apply SubBytes transformation using the the preloaded Sbox */
@@ -274,74 +274,6 @@
 
 	.text
 	.align		6
-.LForward_Sbox:
-	.byte		0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5
-	.byte		0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
-	.byte		0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0
-	.byte		0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
-	.byte		0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc
-	.byte		0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
-	.byte		0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a
-	.byte		0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
-	.byte		0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0
-	.byte		0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
-	.byte		0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b
-	.byte		0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
-	.byte		0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85
-	.byte		0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
-	.byte		0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5
-	.byte		0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
-	.byte		0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17
-	.byte		0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
-	.byte		0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88
-	.byte		0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
-	.byte		0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c
-	.byte		0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
-	.byte		0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9
-	.byte		0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
-	.byte		0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6
-	.byte		0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
-	.byte		0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e
-	.byte		0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
-	.byte		0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94
-	.byte		0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
-	.byte		0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68
-	.byte		0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
-
-.LReverse_Sbox:
-	.byte		0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38
-	.byte		0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
-	.byte		0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87
-	.byte		0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
-	.byte		0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d
-	.byte		0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
-	.byte		0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2
-	.byte		0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
-	.byte		0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16
-	.byte		0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
-	.byte		0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda
-	.byte		0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
-	.byte		0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a
-	.byte		0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
-	.byte		0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02
-	.byte		0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
-	.byte		0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea
-	.byte		0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
-	.byte		0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85
-	.byte		0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
-	.byte		0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89
-	.byte		0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
-	.byte		0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20
-	.byte		0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
-	.byte		0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31
-	.byte		0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
-	.byte		0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d
-	.byte		0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
-	.byte		0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0
-	.byte		0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
-	.byte		0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26
-	.byte		0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
-
 .LForward_ShiftRows:
 	.octa		0x0b06010c07020d08030e09040f0a0500
 
-- 
2.9.3

[PATCH v4 8/8] crypto: aes - add meaningful help text to the various AES drivers

[Ard Biesheuvel]

Remove the duplicated boilerplate help text and add a bit of
explanation about the nature of the various AES implementations that
exist for various architectures. In particular, highlight the time
variant nature of some implementations, and the fact that they can be
omitted if required.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/arm/crypto/Kconfig   |  16 ++-
 arch/arm64/crypto/Kconfig |  30 +++++-
 crypto/Kconfig            | 104 +++++++-------------
 3 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index b9adedcc5b2e..f611127c5ef9 100644
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -62,11 +62,23 @@ config CRYPTO_SHA512_ARM
 	  using optimized ARM assembler and NEON, when available.
 
 config CRYPTO_AES_ARM
-	tristate "Scalar AES cipher for ARM"
+	tristate "Table based AES cipher for 32-bit ARM"
 	select CRYPTO_ALGAPI
 	select CRYPTO_AES
 	help
-	  Use optimized AES assembler routines for ARM platforms.
+	  Table based implementation in 32-bit ARM assembler of the FIPS-197
+	  Advanced Encryption Standard (AES) symmetric cipher algorithm. This
+	  driver reuses the tables exposed by the generic AES driver.
+
+	  For CPUs that lack the special ARMv8-CE instructions, this is the
+	  fastest implementation available of the core cipher, but it may be
+	  susceptible to known-plaintext attacks on the key due to the
+	  correlation between the processing time and the input of the first
+	  round. Therefore, it is recommended to also enable the time invariant
+	  NEON based driver below (CRYPTO_AES_ARM_BS), which will supersede
+	  this driver on NEON capable CPUs when using AES in CBC, CTR and XTS
+	  modes. If time invariance is a requirement, this driver should not
+	  be enabled.
 
 config CRYPTO_AES_ARM_BS
 	tristate "Bit sliced AES using NEON instructions"
diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig
index d92293747d63..bf38680a2dbb 100644
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -42,13 +42,37 @@ config CRYPTO_CRC32_ARM64_CE
 	select CRYPTO_HASH
 
 config CRYPTO_AES_ARM64
-	tristate "AES core cipher using scalar instructions"
+	tristate "Table based AES cipher for 64-bit ARM"
 	select CRYPTO_AES
+	help
+	  Table based implementation in 64-bit ARM assembler of the FIPS-197
+	  Advanced Encryption Standard (AES) symmetric cipher algorithm. This
+	  driver reuses the tables exposed by the generic AES driver.
+
+	  For CPUs that lack the special ARMv8-CE instructions, this is the
+	  fastest implementation available of the core cipher, but it may be
+	  susceptible to known-plaintext attacks on the key due to the
+	  correlation between the processing time and the input of the first
+	  round. Therefore, it is recommended to also enable the time invariant
+	  drivers below (CRYPTO_AES_ARM64_NEON_BLK and CRYPTO_AES_ARM64_BS),
+	  which will supersede this driver when using AES in the specific modes
+	  that they implement. If time invariance is a requirement, this driver
+	  should not be enabled.
 
 config CRYPTO_AES_ARM64_CE
-	tristate "AES core cipher using ARMv8 Crypto Extensions"
-	depends on ARM64 && KERNEL_MODE_NEON
+	tristate "AES cipher using ARMv8 Crypto Extensions"
+	depends on KERNEL_MODE_NEON
 	select CRYPTO_ALGAPI
+	help
+	  Implementation in assembler of the FIPS-197 Advanced Encryption
+	  Standard (AES) symmetric cipher algorithm, using instructions from
+	  ARM's optional ARMv8 Crypto Extensions. This implementation is time
+	  invariant, and is by far the preferred option for CPUs that support
+	  this extension.
+
+	  If in doubt, enable as a module: it will be loaded automatically on
+	  CPUs that support it, and supersede other implementations of the AES
+	  cipher.
 
 config CRYPTO_AES_ARM64_CE_CCM
 	tristate "AES in CCM mode using ARMv8 Crypto Extensions"
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 8f4b9f3381e2..9bec9f7a81d9 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -909,51 +909,37 @@ config CRYPTO_AES
 	  block.
 
 config CRYPTO_AES_586
-	tristate "AES cipher algorithms (i586)"
+	tristate "Table based AES cipher for 32-bit x86"
 	depends on (X86 || UML_X86) && !64BIT
 	select CRYPTO_ALGAPI
 	select CRYPTO_AES
 	help
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
-	  algorithm.
-
-	  Rijndael appears to be consistently a very good performer in
-	  both hardware and software across a wide range of computing
-	  environments regardless of its use in feedback or non-feedback
-	  modes. Its key setup time is excellent, and its key agility is
-	  good. Rijndael's very low memory requirements make it very well
-	  suited for restricted-space environments, in which it also
-	  demonstrates excellent performance. Rijndael's operations are
-	  among the easiest to defend against power and timing attacks.
-
-	  The AES specifies three key sizes: 128, 192 and 256 bits
-
-	  See <http://csrc.nist.gov/encryption/aes/> for more information.
+	  Table based implementation in 32-bit x86 assembler of the FIPS-197
+	  Advanced Encryption Standard (AES) symmetric cipher algorithm. For
+	  older 32-bit x86 CPUs that lack the special AES-NI instructions, it
+	  is the fastest implementation available, but it may be susceptible to
+	  known-plaintext attacks on the key due to the correlation between the
+	  processing time and the input of the first round. It reuses the
+	  tables exposed by the generic AES driver. If time invariance is a
+	  requirement, this driver should not be enabled.
 
 config CRYPTO_AES_X86_64
-	tristate "AES cipher algorithms (x86_64)"
+	tristate "Table based AES cipher for 64-bit x86"
 	depends on (X86 || UML_X86) && 64BIT
 	select CRYPTO_ALGAPI
 	select CRYPTO_AES
 	help
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
-	  algorithm.
-
-	  Rijndael appears to be consistently a very good performer in
-	  both hardware and software across a wide range of computing
-	  environments regardless of its use in feedback or non-feedback
-	  modes. Its key setup time is excellent, and its key agility is
-	  good. Rijndael's very low memory requirements make it very well
-	  suited for restricted-space environments, in which it also
-	  demonstrates excellent performance. Rijndael's operations are
-	  among the easiest to defend against power and timing attacks.
-
-	  The AES specifies three key sizes: 128, 192 and 256 bits
-
-	  See <http://csrc.nist.gov/encryption/aes/> for more information.
+	  Table based implementation in 64-bit x86 assembler of the FIPS-197
+	  Advanced Encryption Standard (AES) symmetric cipher algorithm. For
+	  older 64-bit x86 CPUs that lack the special AES-NI instructions, it
+	  is the fastest implementation available, but it may be susceptible to
+	  known-plaintext attacks on the key due to the correlation between the
+	  processing time and the input of the first round. It reuses the
+	  tables exposed by the generic AES driver. If time invariance is a
+	  requirement, this driver should not be enabled.
 
 config CRYPTO_AES_NI_INTEL
-	tristate "AES cipher algorithms (AES-NI)"
+	tristate "AES cipher for x86 using AES-NI instructions"
 	depends on X86
 	select CRYPTO_AEAD
 	select CRYPTO_AES_CORE
@@ -962,52 +948,29 @@ config CRYPTO_AES_NI_INTEL
 	select CRYPTO_GLUE_HELPER_X86 if 64BIT
 	select CRYPTO_SIMD
 	help
-	  Use Intel AES-NI instructions for AES algorithm.
-
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
-	  algorithm.
-
-	  Rijndael appears to be consistently a very good performer in
-	  both hardware and software across a wide range of computing
-	  environments regardless of its use in feedback or non-feedback
-	  modes. Its key setup time is excellent, and its key agility is
-	  good. Rijndael's very low memory requirements make it very well
-	  suited for restricted-space environments, in which it also
-	  demonstrates excellent performance. Rijndael's operations are
-	  among the easiest to defend against power and timing attacks.
-
-	  The AES specifies three key sizes: 128, 192 and 256 bits
-
-	  See <http://csrc.nist.gov/encryption/aes/> for more information.
+	  Implementation in x86 assembler of the FIPS-197 Advanced Encryption
+	  Standard (AES) symmetric cipher algorithm, using instructions from
+	  Intel's optional AES-NI ISA extension. This implementation is time
+	  invariant, and is by far the preferred option for CPUs that support
+	  this extension.
 
 	  In addition to AES cipher algorithm support, the acceleration
 	  for some popular block cipher mode is supported too, including
 	  ECB, CBC, LRW, PCBC, XTS. The 64 bit version has additional
 	  acceleration for CTR.
 
+	  If in doubt, enable as a module: it will be loaded automatically on
+	  CPUs that support it, and supersede other implementations of the AES
+	  cipher.
+
 config CRYPTO_AES_SPARC64
-	tristate "AES cipher algorithms (SPARC64)"
+	tristate "AES cipher for SPARC64 using crypto opcodes"
 	depends on SPARC64
 	select CRYPTO_CRYPTD
 	select CRYPTO_ALGAPI
 	help
-	  Use SPARC64 crypto opcodes for AES algorithm.
-
-	  AES cipher algorithms (FIPS-197). AES uses the Rijndael
-	  algorithm.
-
-	  Rijndael appears to be consistently a very good performer in
-	  both hardware and software across a wide range of computing
-	  environments regardless of its use in feedback or non-feedback
-	  modes. Its key setup time is excellent, and its key agility is
-	  good. Rijndael's very low memory requirements make it very well
-	  suited for restricted-space environments, in which it also
-	  demonstrates excellent performance. Rijndael's operations are
-	  among the easiest to defend against power and timing attacks.
-
-	  The AES specifies three key sizes: 128, 192 and 256 bits
-
-	  See <http://csrc.nist.gov/encryption/aes/> for more information.
+	  Implementation of the FIPS-197 Advanced Encryption Standard (AES)
+	  symmetric cipher algorithm, using SPARC64 crypto opcodes.
 
 	  In addition to AES cipher algorithm support, the acceleration
 	  for some popular block cipher mode is supported too, including
@@ -1017,8 +980,9 @@ config CRYPTO_AES_PPC_SPE
 	tristate "AES cipher algorithms (PPC SPE)"
 	depends on PPC && SPE
 	help
-	  AES cipher algorithms (FIPS-197). Additionally the acceleration
-	  for popular block cipher modes ECB, CBC, CTR and XTS is supported.
+	  Implementation of the FIPS-197 Advanced Encryption Standard (AES)
+	  symmetric cipher algorithm. Additionally, the acceleration for
+	  popular block cipher modes ECB, CBC, CTR and XTS is supported.
 	  This module should only be used for low power (router) devices
 	  without hardware AES acceleration (e.g. caam crypto). It reduces the
 	  size of the AES tables from 16KB to 8KB + 256 bytes and mitigates
-- 
2.9.3

Re: [PATCH v4 0/8] crypto: aes - retire table based generic AES

[Ard Biesheuvel]

On 18 July 2017 at 13:06, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> The generic AES driver uses 16 lookup tables of 1 KB each, and has
> encryption and decryption routines that are fully unrolled. Given how
> the dependencies between this code and other drivers are declared in
> Kconfig files, this code is always pulled into the core kernel, even
> if it is usually superseded at runtime by accelerated drivers that
> exist for many architectures.
>
> This leaves us with 25 KB of dead code in the kernel, which is negligible
> in typical environments, but which is actually a big deal for the IoT
> domain, where every kilobyte counts.
>
> Also, the scalar, table based AES routines that exist for ARM, arm64, i586
> and x86_64 share the lookup tables with AES generic, and may be invoked
> occasionally when the time-invariant AES-NI or other special instruction
> drivers are called in interrupt context, at which time the SIMD register
> file cannot be used. Pulling 16 KB of code and 9 KB of instructions into
> the L1s (and evicting what was already there) when a softirq happens to
> be handled in the context of an interrupt taken from kernel mode (which
> means no SIMD on x86) is also something that we may like to avoid, by
> falling back to a much smaller and moderately less performant driver.
> (Note that arm64 will be updated shortly to supply fallbacks for all
> SIMD based AES implementations, which will be based on the core routines)
>
> For the reasons above, this series refactors the way the various AES
> implementations are wired up, to allow the generic version in
> crypto/aes_generic.c to be omitted from the build entirely.
>
> Patch #1 removes some bogus 'select CRYPTO_AES' statement.
>
> Patch #2 factors out aes-generic's lookup tables, which are shared with
> arch-specific implementations in arch/x86, arch/arm and arch/arm64.
>
> Patch #3 replaces the table based aes-generic.o with a new aes.o based on
> the fixed time cipher, and uses it to fulfil dependencies on CRYPTO_AES.
>
> Patch #4 switches the fallback in the AES-NI code to the new, generic encrypt
> and decrypt routines so it no longer depends on the x86 scalar code or
> [transitively] on AES-generic.
>
> Patch #5 tweaks the ARM table based code to only use 2 KB + 256 bytes worth
> of lookup tables instead of 4 KB.
>
> Patch #6 does the same for arm64
>
> Patch #7 removes the local copy of the AES sboxes from the arm64 NEON driver,
> and switches to the ones exposed by the new AES core module instead.
>
> Patch #8 updates the Kconfig help text to be more descriptive of what they
> actually control, rather than duplicating AES's wikipedia entry a number of
> times.
>
> v4: - remove aes-generic altogether instead of allow a preference to be set

Actually, after benchmarking the x86_64 asm AES code, I am not so sure
we should remove AES_GENERIC at all, since it turns out to be faster.
Interestingly, I found a remark by Eric in the git log stating the
same, so if we want to cut down on AES variants, we should probably
start by deleting the x86 code instead.

So please disregard this for now: I will rework the other stuff I have
so it no longer depends on this, and repost, because it is much more
important for me that that makes it into v4.14. This can wait for
v4.15, as far as I am concerned, and I will benchmark a bit more to
see if we can get rid of the i586 code as well.

-- 
Ard.

Re: [PATCH v4 0/8] crypto: aes - retire table based generic AES

[Eric Biggers]

On Mon, Jul 24, 2017 at 07:59:43AM +0100, Ard Biesheuvel wrote:
> On 18 July 2017 at 13:06, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
> > The generic AES driver uses 16 lookup tables of 1 KB each, and has
> > encryption and decryption routines that are fully unrolled. Given how
> > the dependencies between this code and other drivers are declared in
> > Kconfig files, this code is always pulled into the core kernel, even
> > if it is usually superseded at runtime by accelerated drivers that
> > exist for many architectures.
> >
> > This leaves us with 25 KB of dead code in the kernel, which is negligible
> > in typical environments, but which is actually a big deal for the IoT
> > domain, where every kilobyte counts.
> >
> > Also, the scalar, table based AES routines that exist for ARM, arm64, i586
> > and x86_64 share the lookup tables with AES generic, and may be invoked
> > occasionally when the time-invariant AES-NI or other special instruction
> > drivers are called in interrupt context, at which time the SIMD register
> > file cannot be used. Pulling 16 KB of code and 9 KB of instructions into
> > the L1s (and evicting what was already there) when a softirq happens to
> > be handled in the context of an interrupt taken from kernel mode (which
> > means no SIMD on x86) is also something that we may like to avoid, by
> > falling back to a much smaller and moderately less performant driver.
> > (Note that arm64 will be updated shortly to supply fallbacks for all
> > SIMD based AES implementations, which will be based on the core routines)
> >
> > For the reasons above, this series refactors the way the various AES
> > implementations are wired up, to allow the generic version in
> > crypto/aes_generic.c to be omitted from the build entirely.
> >
> > Patch #1 removes some bogus 'select CRYPTO_AES' statement.
> >
> > Patch #2 factors out aes-generic's lookup tables, which are shared with
> > arch-specific implementations in arch/x86, arch/arm and arch/arm64.
> >
> > Patch #3 replaces the table based aes-generic.o with a new aes.o based on
> > the fixed time cipher, and uses it to fulfil dependencies on CRYPTO_AES.
> >
> > Patch #4 switches the fallback in the AES-NI code to the new, generic encrypt
> > and decrypt routines so it no longer depends on the x86 scalar code or
> > [transitively] on AES-generic.
> >
> > Patch #5 tweaks the ARM table based code to only use 2 KB + 256 bytes worth
> > of lookup tables instead of 4 KB.
> >
> > Patch #6 does the same for arm64
> >
> > Patch #7 removes the local copy of the AES sboxes from the arm64 NEON driver,
> > and switches to the ones exposed by the new AES core module instead.
> >
> > Patch #8 updates the Kconfig help text to be more descriptive of what they
> > actually control, rather than duplicating AES's wikipedia entry a number of
> > times.
> >
> > v4: - remove aes-generic altogether instead of allow a preference to be set
> 
> Actually, after benchmarking the x86_64 asm AES code, I am not so sure
> we should remove AES_GENERIC at all, since it turns out to be faster.
> Interestingly, I found a remark by Eric in the git log stating the
> same, so if we want to cut down on AES variants, we should probably
> start by deleting the x86 code instead.
> 
> So please disregard this for now: I will rework the other stuff I have
> so it no longer depends on this, and repost, because it is much more
> important for me that that makes it into v4.14. This can wait for
> v4.15, as far as I am concerned, and I will benchmark a bit more to
> see if we can get rid of the i586 code as well.
> 

Yes I did notice that aes-generic was actually faster.  Probably the x86_64-asm
implementation should be removed, but it may be worthwhile to try a few
different gcc versions to see how well they compile aes-generic.  I expect that
x86_64-asm used to be faster but gcc has gotten smarter.  Also x86_64-asm is
only really useful on older CPUs, so ideally it should be benchmarked on an
older CPU.

Eric

Re: [PATCH v4 0/8] crypto: aes - retire table based generic AES

[Ard Biesheuvel]

On 24 July 2017 at 17:57, Eric Biggers <ebiggers3@gmail.com> wrote:
> On Mon, Jul 24, 2017 at 07:59:43AM +0100, Ard Biesheuvel wrote:
>> On 18 July 2017 at 13:06, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote:
>> > The generic AES driver uses 16 lookup tables of 1 KB each, and has
>> > encryption and decryption routines that are fully unrolled. Given how
>> > the dependencies between this code and other drivers are declared in
>> > Kconfig files, this code is always pulled into the core kernel, even
>> > if it is usually superseded at runtime by accelerated drivers that
>> > exist for many architectures.
>> >
>> > This leaves us with 25 KB of dead code in the kernel, which is negligible
>> > in typical environments, but which is actually a big deal for the IoT
>> > domain, where every kilobyte counts.
>> >
>> > Also, the scalar, table based AES routines that exist for ARM, arm64, i586
>> > and x86_64 share the lookup tables with AES generic, and may be invoked
>> > occasionally when the time-invariant AES-NI or other special instruction
>> > drivers are called in interrupt context, at which time the SIMD register
>> > file cannot be used. Pulling 16 KB of code and 9 KB of instructions into
>> > the L1s (and evicting what was already there) when a softirq happens to
>> > be handled in the context of an interrupt taken from kernel mode (which
>> > means no SIMD on x86) is also something that we may like to avoid, by
>> > falling back to a much smaller and moderately less performant driver.
>> > (Note that arm64 will be updated shortly to supply fallbacks for all
>> > SIMD based AES implementations, which will be based on the core routines)
>> >
>> > For the reasons above, this series refactors the way the various AES
>> > implementations are wired up, to allow the generic version in
>> > crypto/aes_generic.c to be omitted from the build entirely.
>> >
>> > Patch #1 removes some bogus 'select CRYPTO_AES' statement.
>> >
>> > Patch #2 factors out aes-generic's lookup tables, which are shared with
>> > arch-specific implementations in arch/x86, arch/arm and arch/arm64.
>> >
>> > Patch #3 replaces the table based aes-generic.o with a new aes.o based on
>> > the fixed time cipher, and uses it to fulfil dependencies on CRYPTO_AES.
>> >
>> > Patch #4 switches the fallback in the AES-NI code to the new, generic encrypt
>> > and decrypt routines so it no longer depends on the x86 scalar code or
>> > [transitively] on AES-generic.
>> >
>> > Patch #5 tweaks the ARM table based code to only use 2 KB + 256 bytes worth
>> > of lookup tables instead of 4 KB.
>> >
>> > Patch #6 does the same for arm64
>> >
>> > Patch #7 removes the local copy of the AES sboxes from the arm64 NEON driver,
>> > and switches to the ones exposed by the new AES core module instead.
>> >
>> > Patch #8 updates the Kconfig help text to be more descriptive of what they
>> > actually control, rather than duplicating AES's wikipedia entry a number of
>> > times.
>> >
>> > v4: - remove aes-generic altogether instead of allow a preference to be set
>>
>> Actually, after benchmarking the x86_64 asm AES code, I am not so sure
>> we should remove AES_GENERIC at all, since it turns out to be faster.
>> Interestingly, I found a remark by Eric in the git log stating the
>> same, so if we want to cut down on AES variants, we should probably
>> start by deleting the x86 code instead.
>>
>> So please disregard this for now: I will rework the other stuff I have
>> so it no longer depends on this, and repost, because it is much more
>> important for me that that makes it into v4.14. This can wait for
>> v4.15, as far as I am concerned, and I will benchmark a bit more to
>> see if we can get rid of the i586 code as well.
>>
>
> Yes I did notice that aes-generic was actually faster.  Probably the x86_64-asm
> implementation should be removed, but it may be worthwhile to try a few
> different gcc versions to see how well they compile aes-generic.  I expect that
> x86_64-asm used to be faster but gcc has gotten smarter.  Also x86_64-asm is
> only really useful on older CPUs, so ideally it should be benchmarked on an
> older CPU.
>

I tried it on a ~10 year old E2200 chip, and aes-generic was slightly
faster, i.e., 5 - 10 % as you noticed as well.

If current GCC creates faster code, we should just remove the asm code
IMO. No point in keeping it around for the sake of people who insist
on building current linux with an outdated compiler.