From patchwork Thu Jun 27 10:26:33 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 167915 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp2148749ilk; Thu, 27 Jun 2019 03:28:13 -0700 (PDT) X-Google-Smtp-Source: APXvYqzIUMjnhDHdHX+Zb2Y4XmHMaCyQioOy3rFUw+TW+whK9E4FGgl1a4/Uw7Fno1EzB22cyA5+ X-Received: by 2002:a17:90a:cb97:: with SMTP id a23mr5061261pju.67.1561631293570; Thu, 27 Jun 2019 03:28:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561631293; cv=none; d=google.com; s=arc-20160816; b=LffjJhsmncX7z4aDrjLthV2gnXNMRRnhMDXskuKMapIrvGC5bUkLu2lfasheS2A8ML VKNdvD/iezd8e5x/n0S35Q2BcrBHblm4JjgF4PWDKGvvfYVuegiam2iu6CJxMdmf73tb Q2nFviY3qnCcniMerqbQwJ/TlTqc/3KkvFd9ktBNBBlXcESEV6MweGARqoung7//twrh VD7ytszG6DIO63lRfYL38B7bWngScXyYl0jFZY4Av+DF1Qwrzjaug/GsAqlABgQl38yI sbvmSZfyVA6bULuzl7fvOiZR7HWt7SgzC7EbOfUex1oP/XUjFQNCk/6kaRXzOwcKiV9f uCAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Lm7oGps4teOEwcLPMuq0r39VG4DYBydnuDjdvE8qRsQ=; b=ABCE9199eVwTGTBmCw1DxKF8KiBP1+xgKKSBdDYqsZ1OpK144ztZc+b6feRJ4+thlC RfxvttyyeCD/+uIz7Zs3iE/EEGaGbIr9c7kjdCZGOU7mDy6QMkk+mYNYj2syqvtUuYfO qpkworrF/a8SrLVRXMeOdCTrgDphwVw5s5KhupHd0hOitzML9eZ1HAzKPSJ93SpLSxB4 lCD7VlbWYOrIAxV3vxuOPs72e1YFFlRb6Q99lrnomknV1WU7nGZIjXSJSFjRNuYZnb3m 9ddkYmI7aQgXl2w8UN7igBiv4e7w02T0v38EcHg13p7N7mMtXaIdyIWdXrZvIUl6DdX3 zQRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=TtoZmtib; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f32si4829522pjg.42.2019.06.27.03.28.13; Thu, 27 Jun 2019 03:28:13 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=TtoZmtib; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726681AbfF0K2M (ORCPT + 3 others); Thu, 27 Jun 2019 06:28:12 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:37188 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726678AbfF0K2M (ORCPT ); Thu, 27 Jun 2019 06:28:12 -0400 Received: by mail-wm1-f67.google.com with SMTP id f17so5110878wme.2 for ; Thu, 27 Jun 2019 03:28:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Lm7oGps4teOEwcLPMuq0r39VG4DYBydnuDjdvE8qRsQ=; b=TtoZmtibts70TH1a3wjS/gKu5pk5IvIOaZcpHpJay0/wt1KzHU/5mkmjSDI7esgDVf TkqpbMLLzVhD7G2+9q2D8ZeapC8IvfQW5XJgrp0QcCr3qxJrEoOHLek3aaFBywbstMPV oEkOe7BJM/UhqPDkm2coXdE288VWc9tr4UvSnMY3KCkaLtHCIakOUGuMP5BZdcijs1st vy/KVQVpwx2KmvjG+cGxf4DlQ7YuAllVxREc8oQCFPpzNTMdzcdLpmxn2ydd1r2Nnj7h ZHTmpMKGTcm2KWsi+iJmYMpQ2DDGh58+KWR33/sVAoggG3aD89wAYFJ659zuHdFdUm9O H5HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Lm7oGps4teOEwcLPMuq0r39VG4DYBydnuDjdvE8qRsQ=; b=pRGSe1KQ8lROgLKIidumtfHfneAciTIs4YXFCd7uphsNY3sfRmt1mgDHpnJHvznYNz yC52DmYNLawJoxVR68sAZ8d4a1hvsc6OrQQdxlAkzShHLdHKb3NJvk0NGRVYqIWO4B9Q My/Kb+Ls/hA59S0kxsH5TKIhSdvD8/NwhpSIRT7KSzjIKDXuCMszJsgMH/cpZsHETx3g iOhN3gJwyvB/ayRpd0ZlpVNeIeZOOcE8nFbyGbKlj49Px+NHhkPKkga37h1hOJfMQnzd ia5u0AdGyA+cFjDu4CWJpOlX04mfP59eEUgVnghKakEDFsAe/P32weQSezDO/qS4HQl2 fGHA== X-Gm-Message-State: APjAAAWwiC+hy1tUnaW5/DCJUs93xZaNX3bWcZDo1G2qBLUnpha/CAy3 y8ZRqWdBdbChCf1ZpL34344engnViTs= X-Received: by 2002:a1c:9ecd:: with SMTP id h196mr2822857wme.98.1561631290333; Thu, 27 Jun 2019 03:28:10 -0700 (PDT) Received: from localhost.localdomain (aaubervilliers-681-1-8-173.w90-88.abo.wanadoo.fr. [90.88.13.173]) by smtp.gmail.com with ESMTPSA id g2sm5584533wmh.0.2019.06.27.03.28.09 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 03:28:09 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, Ard Biesheuvel Subject: [PATCH v3 18/32] crypto: arm64/aes-ce-cipher - use AES library as fallback Date: Thu, 27 Jun 2019 12:26:33 +0200 Message-Id: <20190627102647.2992-19-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190627102647.2992-1-ard.biesheuvel@linaro.org> References: <20190627102647.2992-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Instead of calling into the table based scalar AES code in situations where the SIMD unit may not be used, use the generic AES code, which is more appropriate since it is less likely to be susceptible to timing attacks. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/Kconfig | 2 +- arch/arm64/crypto/aes-ce-glue.c | 7 ++----- arch/arm64/crypto/aes-cipher-glue.c | 3 --- 3 files changed, 3 insertions(+), 9 deletions(-) -- 2.20.1 diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig index 66dea518221c..4922c4451e7c 100644 --- a/arch/arm64/crypto/Kconfig +++ b/arch/arm64/crypto/Kconfig @@ -73,7 +73,7 @@ config CRYPTO_AES_ARM64_CE tristate "AES core cipher using ARMv8 Crypto Extensions" depends on ARM64 && KERNEL_MODE_NEON select CRYPTO_ALGAPI - select CRYPTO_AES_ARM64 + select CRYPTO_LIB_AES config CRYPTO_AES_ARM64_CE_CCM tristate "AES in CCM mode using ARMv8 Crypto Extensions" diff --git a/arch/arm64/crypto/aes-ce-glue.c b/arch/arm64/crypto/aes-ce-glue.c index 3213843fcb46..6890e003b8f1 100644 --- a/arch/arm64/crypto/aes-ce-glue.c +++ b/arch/arm64/crypto/aes-ce-glue.c @@ -23,9 +23,6 @@ MODULE_DESCRIPTION("Synchronous AES cipher using ARMv8 Crypto Extensions"); MODULE_AUTHOR("Ard Biesheuvel "); MODULE_LICENSE("GPL v2"); -asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds); -asmlinkage void __aes_arm64_decrypt(u32 *rk, u8 *out, const u8 *in, int rounds); - struct aes_block { u8 b[AES_BLOCK_SIZE]; }; @@ -54,7 +51,7 @@ static void aes_cipher_encrypt(struct crypto_tfm *tfm, u8 dst[], u8 const src[]) struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm); if (!crypto_simd_usable()) { - __aes_arm64_encrypt(ctx->key_enc, dst, src, num_rounds(ctx)); + aes_encrypt(ctx, dst, src); return; } @@ -68,7 +65,7 @@ static void aes_cipher_decrypt(struct crypto_tfm *tfm, u8 dst[], u8 const src[]) struct crypto_aes_ctx *ctx = crypto_tfm_ctx(tfm); if (!crypto_simd_usable()) { - __aes_arm64_decrypt(ctx->key_dec, dst, src, num_rounds(ctx)); + aes_decrypt(ctx, dst, src); return; } diff --git a/arch/arm64/crypto/aes-cipher-glue.c b/arch/arm64/crypto/aes-cipher-glue.c index 0e90b06ebcec..bf32cc6489e1 100644 --- a/arch/arm64/crypto/aes-cipher-glue.c +++ b/arch/arm64/crypto/aes-cipher-glue.c @@ -13,10 +13,7 @@ #include asmlinkage void __aes_arm64_encrypt(u32 *rk, u8 *out, const u8 *in, int rounds); -EXPORT_SYMBOL(__aes_arm64_encrypt); - asmlinkage void __aes_arm64_decrypt(u32 *rk, u8 *out, const u8 *in, int rounds); -EXPORT_SYMBOL(__aes_arm64_decrypt); static void aes_arm64_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in) {