From patchwork Tue Jul 18 12:06:41 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 108123
Delivered-To: patch@linaro.org
Received: by 10.182.45.195 with SMTP id p3csp5810759obm;
 Tue, 18 Jul 2017 05:07:12 -0700 (PDT)
X-Received: by 10.98.77.6 with SMTP id a6mr1233139pfb.221.1500379632374;
 Tue, 18 Jul 2017 05:07:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1500379632; cv=none;
 d=google.com; s=arc-20160816;
 b=YEShsuMJfXvV3dGPHSFgMudYQaLdjLTxkcvR1wUpaKz67G22lGtJbvvSUtDskQpuM/
 5QaGgEjhUY+cBPVNM3NRNLB9V6nE0tUa/3DFF1WRDv+2op9J4XMrpJZcHbotxdfg2KvF
 kbR93//UUBQS4U9aX+84lxypRgR4vKVIBJ4qsdd3hwXO5BC5PZR3HE3mjYl/JE50LP8H
 yrxJqb66ngNO9nhZEzICO9gBvypB/fOqkENX9C0Zb5KCI2+ISvY1dW9JA2Gk1GpNDvXE
 rtauyxemslLulnm3mogkxIfySqDbYgChtkqLkcLisvuakE8Zcq1hlIu/hC2VCcdcsd3o
 nDtw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:references:in-reply-to:message-id:date
 :subject:cc:to:from:dkim-signature:arc-authentication-results;
 bh=0oXux7sI0DpY5wekEt2X0luZZZtdvUw8ITLTM2lIirs=;
 b=KKPFEs/EH8EL5saynHfylEyuEh2ypd1jKpo6cwHjG4JjOtKvq9TIw41UBM2yZq04EH
 vI0aJpJDrr8RRJFS4X0gF/gGlkiO4ocjrqLYpxWngyzyCOTL5R12ZOeT8NB73YvTOP+G
 8k6N8s14igyQ7Gaz/USFIemSqh52dhTME7of6nVOhlh+DuPux3X5qocqUl1Qp+TXc/24
 ir7bDEgdXjcpjhvRNXnt0UHJ6R/185eQ2mRFZysibEyN8vT2QKe07pgEbGjZoqPonASa
 jFKMuntinY6i8RmvYlBCYOHfDn7Sv8RiQJE7juuv/bSta/t0M0TMToFweKI/kB41HPLz
 GDfw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.b=gArvTsIr;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 o131si1563241pfg.413.2017.07.18.05.07.12; 
 Tue, 18 Jul 2017 05:07:12 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.b=gArvTsIr;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1751322AbdGRMHK (ORCPT <rfc822;victor.chong@linaro.org>
 + 1 other); Tue, 18 Jul 2017 08:07:10 -0400
Received: from mail-wr0-f171.google.com ([209.85.128.171]:34400 "EHLO
 mail-wr0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1751371AbdGRMHG (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Tue, 18 Jul 2017 08:07:06 -0400
Received: by mail-wr0-f171.google.com with SMTP id 12so26322894wrb.1
 for <linux-crypto@vger.kernel.org>;
 Tue, 18 Jul 2017 05:07:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=0oXux7sI0DpY5wekEt2X0luZZZtdvUw8ITLTM2lIirs=;
 b=gArvTsIrhw3s0jaaPy+moXJ/Xb7TNF4brBGzwumYZCZSqrs7oYBxVuyaHQHH2Pl9WK
 YobLV8ey7ObodPwyH1OXVh3A0ZKLWgxr7feMccY7RerR6XylXbP9mHzTT+GkPPnPHe1S
 e/HH0pX4DDojv8BipYDXs7DPZOfm80/NKvVvI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=0oXux7sI0DpY5wekEt2X0luZZZtdvUw8ITLTM2lIirs=;
 b=c5s8WA0M9sp9da35EUyqZmDt7dYsa0oJXJqHrziI0uIYBizy1515g87KrneNWbCqmZ
 jANq76xwk5XXWdEXOuYo+ZcLPXyBJFAR1Q6626XK4DK6MtrA86F2aumuwzBc4ZwvX+Uq
 lhsyXGA4lDIZ0z+MuDpbG+3jmZ6r7nkN62UNuXf5xn0ocgB9BH6jkzK0Uc4tXyRtDrss
 LYY5uI+5gQvKDdA8V1KMIhHQvsybFPV6zoabH62jRSnu2ZgV4XwpgUIxo/+4HQJXRbvl
 70vlcXAp3CAb/VgEj2V0LLlJmZGDGbaT9IsD5cyDH3wAnqnAubH3+0mlbrRton4yUhs6
 e8Kw==
X-Gm-Message-State: AIVw113SJiTZR5BQPGHSLVtY5gx7NBANDKsc+UFbUgC5ZuxiZYMtcuxK
 gw4GMH/FX7SHghdA/neIZQ==
X-Received: by 10.223.139.152 with SMTP id o24mr1010639wra.178.1500379624763; 
 Tue, 18 Jul 2017 05:07:04 -0700 (PDT)
Received: from localhost.localdomain ([154.145.198.181])
 by smtp.gmail.com with ESMTPSA id
 l46sm2174532wrl.15.2017.07.18.05.07.02
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 18 Jul 2017 05:07:04 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au,
 nico@linaro.org, ebiggers@google.com
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH v4 4/8] crypto: x86/aes-ni - switch to generic fallback
Date: Tue, 18 Jul 2017 13:06:41 +0100
Message-Id: <20170718120645.15880-5-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <20170718120645.15880-1-ard.biesheuvel@linaro.org>
References: <20170718120645.15880-1-ard.biesheuvel@linaro.org>
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The time invariant AES-NI implementation is SIMD based, and so it needs
a fallback in case the code is called from a context where SIMD is not
allowed. On x86, this is really only when executing in the context of an
interrupt taken while in kernel mode, since SIMD is allowed in all other
cases.

There is very little code in the kernel that actually performs AES in
interrupt context, and the code that does (mac80211) only does so when
running on 802.11 devices that have no support for AES in hardware, and
those are rare these days.

So switch to the new AES core code as a fallback. It is much smaller, as
well as more resistant to cache timing attacks, and removing the
dependency allows us to disable the time variant drivers altogether if
desired.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 arch/x86/crypto/aesni-intel_glue.c | 4 ++--
 crypto/Kconfig                     | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

-- 
2.9.3

diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
index 4a55cdcdc008..1734e6185800 100644
--- a/arch/x86/crypto/aesni-intel_glue.c
+++ b/arch/x86/crypto/aesni-intel_glue.c
@@ -334,7 +334,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
 	struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
 
 	if (!irq_fpu_usable())
-		crypto_aes_encrypt_x86(ctx, dst, src);
+		crypto_aes_encrypt(ctx, dst, src);
 	else {
 		kernel_fpu_begin();
 		aesni_enc(ctx, dst, src);
@@ -347,7 +347,7 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src)
 	struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm));
 
 	if (!irq_fpu_usable())
-		crypto_aes_decrypt_x86(ctx, dst, src);
+		crypto_aes_decrypt(ctx, dst, src);
 	else {
 		kernel_fpu_begin();
 		aesni_dec(ctx, dst, src);
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 7766fea9c18e..8f4b9f3381e2 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -956,8 +956,7 @@ config CRYPTO_AES_NI_INTEL
 	tristate "AES cipher algorithms (AES-NI)"
 	depends on X86
 	select CRYPTO_AEAD
-	select CRYPTO_AES_X86_64 if 64BIT
-	select CRYPTO_AES_586 if !64BIT
+	select CRYPTO_AES
 	select CRYPTO_ALGAPI
 	select CRYPTO_BLKCIPHER
 	select CRYPTO_GLUE_HELPER_X86 if 64BIT