From patchwork Fri Jun 16 11:17:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 105711 Delivered-To: patch@linaro.org Received: by 10.140.91.77 with SMTP id y71csp1249369qgd; Fri, 16 Jun 2017 04:18:11 -0700 (PDT) X-Received: by 10.84.241.11 with SMTP id a11mr12268130pll.160.1497611891374; Fri, 16 Jun 2017 04:18:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1497611891; cv=none; d=google.com; s=arc-20160816; b=VIhIY7B8s3BEz+WBgi1cDn6kRbo/jXfbZFGf/gQFCCC8QxYK/wgPJJ0EHBXT9xgVFA dvuyWOj5/7zOuktGOalcWJU1N8HcSHBgYZZSUa5BXKEWyLAoNM7BQQzRrI3M+3hU+ENt Vn54VqcEAUSkz+vR4CI5jnjxOPXlZkMZOCM6JDTIxsvha5GI6vgIGdw5/+xEbT/34f4U 7a6857L5R/sVHVu7NENkLnJy9f6m9Y4goMONxdcWs+ReWPQS4uM5J6t+hoYrfdUD+USW l+GDoBckCGlb9xd656hwiMpv1pCMfuEHUj0A+w4RRJ7xH8VKnhtIeI/B2wfHvsW3L+a9 6QoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=spIG13+VB/xq5hDPg34dx0R6DLYg6K7qiApAwPHidgY=; b=ieyLH4tIgo1qyMYUlFE6bRxY/YwkvW1jeNdaaPNoMGs7ZAZxJtdfSQ2uLkystTBx5K rpARcIj36DP9JlmMuuPqqK/WqF333G6nRNzwnRcR5bqSNKzFAgg2gJIkKUawuxMYdQL/ 1w14RRnQh7gYwOzaRo+nbZemfwz39ht4mvZA47YhOSXjHjL3M7xxiLUPZ3qNmVREpBq9 sgQ1KXdJfFxAhrdjittf12rATm6FHEM5af4tyJYeUcEZoRz13tHzDzHM0vsMLaLT5l3r iOgcNNN0GBDJjrF3/Qzuky3JtikF7RojXtJuOnqYfFtLfbKIAkQU8ZfwgGV+nvAy7KI/ 2msA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=SNCMA9j9; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a7si1740382pgn.206.2017.06.16.04.18.11; Fri, 16 Jun 2017 04:18:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=SNCMA9j9; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752636AbdFPLSJ (ORCPT + 1 other); Fri, 16 Jun 2017 07:18:09 -0400 Received: from mail-wm0-f50.google.com ([74.125.82.50]:38513 "EHLO mail-wm0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752603AbdFPLSG (ORCPT ); Fri, 16 Jun 2017 07:18:06 -0400 Received: by mail-wm0-f50.google.com with SMTP id u195so9197585wmd.1 for ; Fri, 16 Jun 2017 04:18:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=spIG13+VB/xq5hDPg34dx0R6DLYg6K7qiApAwPHidgY=; b=SNCMA9j9XdZ+VpRchp5oNLKlmDMZ66woJn9Z40sc1WAsO9XN4/vU5gRbH+wR0N9XF1 hOuEQ9pzc60Gr9Iup3QhTXxj+d8e3IGP94lN+DMujAMHq0c+aPYX9ScfaxpfcxkI18rD ooWAJeSGoJUs9F18Xbd8cxjqA9qTiRezt3qpg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=spIG13+VB/xq5hDPg34dx0R6DLYg6K7qiApAwPHidgY=; b=hYeTuRWL9JG0yQox7WdlhuLy5HFc8IIyz+1Apmp9a6T3zRggC19FRdCqXFQr109h+d 2by0aOywrKJO0FcvV1Rz5F49dbelpaEmfBj7G360BguD4JUUby946oLYzcv6IRXRIZ5V QbEDz9E3MNeaiFq7qlvVfdOnCWufoslQtumVq6jus1E08VpwG9ue5dwr+I2YFZU0y+uJ wBS7/FteXHAlGsCny2VY/peSK+bjItekn9zXnZwRTH4+o8zkwuK/7KuElhY93WacU5fU KNpRCOCJp8HZpFgKPikoC6kxh1TuLcDWYeva2T6eRfzIbBdMuvNGgt6dU3i0z9jkba9K PwqQ== X-Gm-Message-State: AKS2vOymWKrvf2yQ3Cd+rL2G6y+q8pH3R39SZeNm5CPOWHX9DJHwl1H0 3OAQJiVQx9Kbw/LKDKdHkw== X-Received: by 10.80.186.47 with SMTP id g44mr7057087edc.15.1497611884902; Fri, 16 Jun 2017 04:18:04 -0700 (PDT) Received: from ards-macbook-pro.arnhem.chello.nl (dhcp-077-251-017-237.chello.nl. [77.251.17.237]) by smtp.gmail.com with ESMTPSA id k17sm984880edb.37.2017.06.16.04.18.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 16 Jun 2017 04:18:04 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, nico@linaro.org, ebiggers3@gmail.com, Ard Biesheuvel Subject: [PATCH v2 5/6] crypto: aes - add meaningful help text to the various AES drivers Date: Fri, 16 Jun 2017 13:17:48 +0200 Message-Id: <1497611869-6126-6-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1497611869-6126-1-git-send-email-ard.biesheuvel@linaro.org> References: <1497611869-6126-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Remove the duplicated boilerplate help text and add a bit of explanation about the nature of the various AES implementations that exist for ARM and x86. Signed-off-by: Ard Biesheuvel --- arch/arm/crypto/Kconfig | 4 +- arch/arm64/crypto/Kconfig | 7 ++ crypto/Kconfig | 68 +++----------------- 3 files changed, 18 insertions(+), 61 deletions(-) -- 2.7.4 diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig index 3a6994ada2d1..24d70d74ae51 100644 --- a/arch/arm/crypto/Kconfig +++ b/arch/arm/crypto/Kconfig @@ -66,7 +66,9 @@ config CRYPTO_AES_ARM select CRYPTO_ALGAPI select CRYPTO_AES_GENERIC help - Use optimized AES assembler routines for ARM platforms. + Use optimized AES assembler routines for ARM platforms. This + implementation is table based, and thus not time invariant. + It reuses the tables exposed by the generic AES driver. config CRYPTO_AES_ARM_BS tristate "Bit sliced AES using NEON instructions" diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index 7ffe88267943..48404ae2a11a 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -44,11 +44,18 @@ config CRYPTO_CRC32_ARM64_CE config CRYPTO_AES_ARM64 tristate "AES core cipher using scalar instructions" select CRYPTO_AES_GENERIC + help + Use optimized AES assembler routines for ARM platforms. This + implementation is table based, and thus not time invariant. + It reuses the tables exposed by the generic AES driver. config CRYPTO_AES_ARM64_CE tristate "AES core cipher using ARMv8 Crypto Extensions" depends on ARM64 && KERNEL_MODE_NEON select CRYPTO_ALGAPI + help + Assembler implementation for arm64 of AES using special dedicated + instructions. This implementation is time invariant. config CRYPTO_AES_ARM64_CE_CCM tristate "AES in CCM mode using ARMv8 Crypto Extensions" diff --git a/crypto/Kconfig b/crypto/Kconfig index 9ae3dade4b2b..f33c0d9136cf 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -906,21 +906,10 @@ config CRYPTO_AES_GENERIC select CRYPTO_ALGAPI select CRYPTO_AES_CORE help - AES cipher algorithms (FIPS-197). AES uses the Rijndael - algorithm. - - Rijndael appears to be consistently a very good performer in - both hardware and software across a wide range of computing - environments regardless of its use in feedback or non-feedback - modes. Its key setup time is excellent, and its key agility is - good. Rijndael's very low memory requirements make it very well - suited for restricted-space environments, in which it also - demonstrates excellent performance. Rijndael's operations are - among the easiest to defend against power and timing attacks. - - The AES specifies three key sizes: 128, 192 and 256 bits - - See for more information. + Generic table based implementation of AES. This is the fastest + implementation in C, but may be susceptible to known plaintext + attacks on the key due to the correlation between the processing + time and the input of the first round. config CRYPTO_AES_TI tristate "Fixed time AES cipher" @@ -946,44 +935,18 @@ config CRYPTO_AES_586 select CRYPTO_ALGAPI select CRYPTO_AES_GENERIC help - AES cipher algorithms (FIPS-197). AES uses the Rijndael + Assembler implementation for 32-bit x86 of the table based AES algorithm. - Rijndael appears to be consistently a very good performer in - both hardware and software across a wide range of computing - environments regardless of its use in feedback or non-feedback - modes. Its key setup time is excellent, and its key agility is - good. Rijndael's very low memory requirements make it very well - suited for restricted-space environments, in which it also - demonstrates excellent performance. Rijndael's operations are - among the easiest to defend against power and timing attacks. - - The AES specifies three key sizes: 128, 192 and 256 bits - - See for more information. - config CRYPTO_AES_X86_64 tristate "AES cipher algorithms (x86_64)" depends on (X86 || UML_X86) && 64BIT select CRYPTO_ALGAPI select CRYPTO_AES_GENERIC help - AES cipher algorithms (FIPS-197). AES uses the Rijndael + Assembler implementation for 64-bit x86 of the table based AES algorithm. - Rijndael appears to be consistently a very good performer in - both hardware and software across a wide range of computing - environments regardless of its use in feedback or non-feedback - modes. Its key setup time is excellent, and its key agility is - good. Rijndael's very low memory requirements make it very well - suited for restricted-space environments, in which it also - demonstrates excellent performance. Rijndael's operations are - among the easiest to defend against power and timing attacks. - - The AES specifies three key sizes: 128, 192 and 256 bits - - See for more information. - config CRYPTO_AES_NI_INTEL tristate "AES cipher algorithms (AES-NI)" depends on X86 @@ -994,23 +957,8 @@ config CRYPTO_AES_NI_INTEL select CRYPTO_GLUE_HELPER_X86 if 64BIT select CRYPTO_SIMD help - Use Intel AES-NI instructions for AES algorithm. - - AES cipher algorithms (FIPS-197). AES uses the Rijndael - algorithm. - - Rijndael appears to be consistently a very good performer in - both hardware and software across a wide range of computing - environments regardless of its use in feedback or non-feedback - modes. Its key setup time is excellent, and its key agility is - good. Rijndael's very low memory requirements make it very well - suited for restricted-space environments, in which it also - demonstrates excellent performance. Rijndael's operations are - among the easiest to defend against power and timing attacks. - - The AES specifies three key sizes: 128, 192 and 256 bits - - See for more information. + Assembler implementation for x86 of AES using special dedicated + instructions. This implementation is time invariant. In addition to AES cipher algorithm support, the acceleration for some popular block cipher mode is supported too, including