From patchwork Fri Feb 3 14:49:34 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 93176 Delivered-To: patch@linaro.org Received: by 10.182.3.34 with SMTP id 2csp656568obz; Fri, 3 Feb 2017 06:49:48 -0800 (PST) X-Received: by 10.99.117.8 with SMTP id q8mr18648685pgc.9.1486133388582; Fri, 03 Feb 2017 06:49:48 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o20si15972061pgn.68.2017.02.03.06.49.48; Fri, 03 Feb 2017 06:49:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752315AbdBCOtr (ORCPT + 1 other); Fri, 3 Feb 2017 09:49:47 -0500 Received: from mail-wm0-f44.google.com ([74.125.82.44]:37986 "EHLO mail-wm0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752169AbdBCOtq (ORCPT ); Fri, 3 Feb 2017 09:49:46 -0500 Received: by mail-wm0-f44.google.com with SMTP id r141so30862133wmg.1 for ; Fri, 03 Feb 2017 06:49:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=rOKgJCNlLgATQJvFwBns+rNu/qYuRDG9yA1R/dABogk=; b=MK9xD8wsdGLHY4RuO9h17Psnnlkz5dv/Q313ZdlLVWjD/LcQhc3TGfZej9PTFk18PH 0cQrFdfy4wajoz9lzQVsIooDi4KBbsJNHynshzZy0L4F+6U9caS0MZ72zO9ea2+EEs0N O+/m8WKrPGSbYEEYVAXccee8xUiA79vPAHTsc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=rOKgJCNlLgATQJvFwBns+rNu/qYuRDG9yA1R/dABogk=; b=NJ1mi6Q/P/210J8vnr7n8cNfrgEIU2SPRGJbHb/rU8MZUSMD8+XDg1xBQX2JheotfU NypWO7PNvt3b3rL7Syk/mKiZNmLIFVqq9lekOhHX1j2kSV8nWvMbxgKcIhRo5og0+n9r lZoROAtra9W8qH05eVXCGZ0DUkjf3F0WG3hcGNZoHmWNrmJGKfuZ4h+BL25K1vtbzhKh +B66am0Fcc1cm5ZsIION+uS/rBP27BEMHIE/uajRNyv07H6ykPdeRsxpfr4Ofl3rurf0 g/emitwcbXc1xpeP5Reidz8c/QK8rU8Bu1pou3bxMg/yDsWxOsznUAv+5bRP1z5u7nqV Fqpg== X-Gm-Message-State: AMke39mJTKqQriJVRgX2uQ2CGFjFDp4EsIzBZfTfRjSsr4/oj0ofJN6JkUI/02009UYoF/XW X-Received: by 10.28.214.144 with SMTP id n138mr1679994wmg.136.1486133384482; Fri, 03 Feb 2017 06:49:44 -0800 (PST) Received: from localhost.localdomain ([105.130.17.13]) by smtp.gmail.com with ESMTPSA id v67sm45477379wrc.45.2017.02.03.06.49.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 03 Feb 2017 06:49:43 -0800 (PST) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au, ebiggers3@gmail.com Cc: linux-arm-kernel@lists.infradead.org, Ard Biesheuvel Subject: [PATCH v3 0/3] crypto: time invariant AES for CCM (and CMAC/XCBC) Date: Fri, 3 Feb 2017 14:49:34 +0000 Message-Id: <1486133377-23290-1-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org This series is primarily directed at improving the performance and security of CCM on the Rasperry Pi 3. This involves splitting the MAC handling of CCM into a separate driver so that we can efficiently replace it by something else using the ordinary algo resolution machinery. Patch #1 adds some testcases for cbcmac(aes), which will be introduced later. Patch #2 replaces the open coded CBC MAC hashing routines in the CCM driver with calls to a cbcmac() hash, and implements a template for producing such cbcmac transforms. This eliminates all the fuzzy scatterwalk code as well. Patch #3 implements cbcmac(aes) using NEON on arm64, and CMAC/XCBC at the same time, since it is trivially implemented reusing the same core transform Changes since v2: - dropped fixed time generic AES patch, this is only vaguely related, and can be discussed separately - add CMAC and XCBC code to patch #3 - fix stack corruption bug in patch #2 - move patch #2 to use crypto_xor() for the cbcmac transform (which either needs an alignmask, or the updated alignment agnostic crypto_xor() code whose v2 was sent out yesterday) Changes since v1: - remove ilen, and add missing flags assignment (#2) - deal with zero cryptlen (#2) - use correctly sized dg[] array in desc ctx (#3, #4) - fix bug in update routine (#3) - various other tweaks Ard Biesheuvel (3): crypto: testmgr - add test cases for cbcmac(aes) crypto: ccm - switch to separate cbcmac driver crypto: arm64/aes - add NEON/Crypto Extensions CBCMAC/CMAC/XCBC driver arch/arm64/crypto/aes-glue.c | 240 +++++++++++- arch/arm64/crypto/aes-modes.S | 29 +- crypto/Kconfig | 1 + crypto/ccm.c | 381 +++++++++++++------- crypto/testmgr.c | 7 + crypto/testmgr.h | 60 +++ 6 files changed, 579 insertions(+), 139 deletions(-) -- 2.7.4