mbox series

[v2,0/4] crypto: aegis128 enhancements

Message ID 20201110190444.10634-1-ardb@kernel.org
Headers show
Series crypto: aegis128 enhancements | expand

Message

Ard Biesheuvel Nov. 10, 2020, 7:04 p.m. UTC 
This series supersedes [0] '[PATCH] crypto: aegis128/neon - optimize tail
block handling', which is included as patch #3 here, but hasn't been
modified substantially.

Patch #1 should probably go to -stable, even though aegis128 does not appear
to be widely used.

Patches #2 and #3 improve the SIMD code paths.

Patch #4 enables fuzz testing for the SIMD code by registering the generic
code as a separate driver if the SIMD code path is enabled.

Cc: Ondrej Mosnacek <omosnacek@gmail.com>
Cc: Eric Biggers <ebiggers@kernel.org>

[0] https://lore.kernel.org/linux-crypto/20201107195516.13952-1-ardb@kernel.org/

Ard Biesheuvel (4):
  crypto: aegis128 - wipe plaintext and tag if decryption fails
  crypto: aegis128/neon - optimize tail block handling
  crypto: aegis128/neon - move final tag check to SIMD domain
  crypto: aegis128 - expose SIMD code path as separate driver

 crypto/aegis128-core.c       | 201 ++++++++++++++------
 crypto/aegis128-neon-inner.c | 122 ++++++++++--
 crypto/aegis128-neon.c       |  21 +-
 3 files changed, 263 insertions(+), 81 deletions(-)

Comments

Ondrej Mosnáček Nov. 11, 2020, 5:36 p.m. UTC | #1 
ut 10. 11. 2020 o 20:04 Ard Biesheuvel <ardb@kernel.org> napísal(a):
> The AEGIS spec mentions explicitly that the security guarantees hold

> only if the resulting plaintext and tag of a failed decryption are

> not disclosed. So ensure that we abide by this.

>

> While at it, drop the unused struct aead_request *req parameter from

> crypto_aegis128_process_crypt().

>

> Signed-off-by: Ard Biesheuvel <ardb@kernel.org>

> ---

>  crypto/aegis128-core.c | 32 ++++++++++++++++----

>  1 file changed, 26 insertions(+), 6 deletions(-)


Reviewed-by: Ondrej Mosnacek <omosnacek@gmail.com>