From patchwork Tue Jun 20 09:28:56 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 105936 Delivered-To: patch@linaro.org Received: by 10.140.91.2 with SMTP id y2csp1274244qgd; Tue, 20 Jun 2017 02:36:11 -0700 (PDT) X-Received: by 10.99.36.129 with SMTP id k123mr30492131pgk.230.1497951371013; Tue, 20 Jun 2017 02:36:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1497951371; cv=none; d=google.com; s=arc-20160816; b=0ROAi+ehF6eG73J394uazffAjngEeJIpgH1C+n1FSx/C5D+XiSxfq1Slo7bElu996u 74I4xDGlr8uQeNh70lAG9++rwGCX6EAYGgbvEM+8f1j3OyT3UT1doMxdi23E3gRR9pvy YbajUXqyQi+wBgaVXgqlbqC1sWLAk066PAEG6V8qNclSOKSFt6wEIFaOqGfQb95n1sz7 x4XeyhsNhTuBqlzb0ZdtJ7/XVXiUOEeUQydDhFkzhiWbrM7URrzVhyjsgYsfI54vVY9h C6WvpIO1MIwB+3COxPeFdA3/GuPOQA0WijfPLTgF/5RjutadmKmIzauCU0qbhD9s0iOY LgPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=XlqOt1u/aDAvFOBRk9AbXKDyhDm97PZd8P8XndtMgqU=; b=zWrQ5+s13lD0XoZjpR9zN3Z4csi4wQhuZdcKDTM0wIOQS0f8hb8pKyiOaBpdb2kz7a CWLtbU43OfpZimeJObkM4tBX4TgDuSF/TJQWolSJ9f/JH+CT2+UeHf2W17ZytqYZzyC7 5aNYzYXx+iYENxaCpDqC0XtvGvx0UBPKcFBmTT0+csGkreud0fDWhyleUb6oa4LqiMUo BzJyt0HAiXrjJgI4uYv0QjcC4F31mH5iUW6lYvYgmlYKt10EQ1OejCZjNcNGiXBiNtX0 +bwiS0djUfyexuTWTNMgrSDm/oeSUEojxtvVf3fA4nlT6T6zJtLP5drKeNmG0qZzkqgs skxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=J7HPbXIQ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p1si10461961pge.322.2017.06.20.02.36.10; Tue, 20 Jun 2017 02:36:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=J7HPbXIQ; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750979AbdFTJan (ORCPT + 1 other); Tue, 20 Jun 2017 05:30:43 -0400 Received: from mail-wm0-f53.google.com ([74.125.82.53]:38744 "EHLO mail-wm0-f53.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752017AbdFTJ3I (ORCPT ); Tue, 20 Jun 2017 05:29:08 -0400 Received: by mail-wm0-f53.google.com with SMTP id u195so14357473wmd.1 for ; Tue, 20 Jun 2017 02:29:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=XlqOt1u/aDAvFOBRk9AbXKDyhDm97PZd8P8XndtMgqU=; b=J7HPbXIQiwmteZ6I1KKw1VkfG5AGkrLC+sw81NFPLFnIOO0KUzKLvNh+HtRfA6GrOn pLSpz9ZNefgF5NdiL0+hhdddjk78ARMRCCE05Ige5wJHR8qB1ztpafJY6V7PQdduol7w wQPUE+o0x/4IKMn2YbuQn5S/WKgRvxyx3XszE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=XlqOt1u/aDAvFOBRk9AbXKDyhDm97PZd8P8XndtMgqU=; b=MfbIkkkNBLD3FIJplG+JRdwUYkf67s3oIF4UZP+iSIJFxX2rXbZ8g4+Fs4HMEc31v2 Q/o8/9JWFY/qV90gRKx1WdOah9x7QpM4R0B6H85yUk68IhXUSPEcYNrXcN2J5N38nMB8 XEfl9xkKJ+uB/6XStIqIcqBayMVRMYfbgDsw3PJB/kf2hiwZXO2vslZFkiG4pVwJQzoh XmuT1EwLsn+rAVzHgbJve73tK/lFhUZVd8BhSk7ZMNHDjsiQo8TwXO5ZNFolj80e6NUZ V0Mp+rwnHoGvE41/j/c9O3cfulQGOezju47cC/eeaAh6ac2YuMpgLuLZtxdmRj1f/q4C wosw== X-Gm-Message-State: AKS2vOxLFebLRNmDIdK8O92Cm9EjsxuoGOR+VzfJq+b0nfSmecTOjrCV xJcpav/EfXUZS5XhAz4Ruw== X-Received: by 10.80.167.228 with SMTP id i91mr20237129edc.145.1497950946830; Tue, 20 Jun 2017 02:29:06 -0700 (PDT) Received: from localhost.localdomain (101-126-045-062.dynamic.caiway.nl. [62.45.126.101]) by smtp.gmail.com with ESMTPSA id a52sm6033452eda.44.2017.06.20.02.29.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 20 Jun 2017 02:29:05 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, nico@linaro.org, ebiggers3@gmail.com, Ard Biesheuvel Subject: [PATCH v3 3/7] crypto: x86/aes-ni - switch to generic fallback Date: Tue, 20 Jun 2017 11:28:56 +0200 Message-Id: <1497950940-24243-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1497950940-24243-1-git-send-email-ard.biesheuvel@linaro.org> References: <1497950940-24243-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The time invariant AES-NI implementation is SIMD based, and so it needs a fallback in case the code is called from a context where SIMD is not allowed. On x86, this is really only when executing in the context of an interrupt taken while in kernel mode, since SIMD is allowed in all other cases. There is very little code in the kernel that actually performs AES in interrupt context, and the code that does (mac80211) only does so when running on 802.11 devices that have no support for AES in hardware, and those are rare these days. So switch to the new AES core code as a fallback. It is much smaller, as well as more resistant to cache timing attacks, and removing the dependency allows us to disable the time variant drivers altogether if desired. Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/aesni-intel_glue.c | 4 ++-- crypto/Kconfig | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) -- 2.7.4 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index 4a55cdcdc008..1734e6185800 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -334,7 +334,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm)); if (!irq_fpu_usable()) - crypto_aes_encrypt_x86(ctx, dst, src); + crypto_aes_encrypt(ctx, dst, src); else { kernel_fpu_begin(); aesni_enc(ctx, dst, src); @@ -347,7 +347,7 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm)); if (!irq_fpu_usable()) - crypto_aes_decrypt_x86(ctx, dst, src); + crypto_aes_decrypt(ctx, dst, src); else { kernel_fpu_begin(); aesni_dec(ctx, dst, src); diff --git a/crypto/Kconfig b/crypto/Kconfig index b4edea2aed22..1e6e021fda10 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -984,8 +984,7 @@ config CRYPTO_AES_NI_INTEL tristate "AES cipher algorithms (AES-NI)" depends on X86 select CRYPTO_AEAD - select CRYPTO_AES_X86_64 if 64BIT - select CRYPTO_AES_586 if !64BIT + select CRYPTO_AES_CORE select CRYPTO_ALGAPI select CRYPTO_BLKCIPHER select CRYPTO_GLUE_HELPER_X86 if 64BIT