From patchwork Sun Mar 26 18:49:01 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 96021
Delivered-To: patch@linaro.org
Received: by 10.140.89.233 with SMTP id v96csp923283qgd;
 Sun, 26 Mar 2017 11:57:38 -0700 (PDT)
X-Received: by 10.99.38.196 with SMTP id m187mr19927343pgm.195.1490554658868; 
 Sun, 26 Mar 2017 11:57:38 -0700 (PDT)
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 61si10147965plq.107.2017.03.26.11.57.38; 
 Sun, 26 Mar 2017 11:57:38 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1751668AbdCZS5Q (ORCPT <rfc822;victor.chong@linaro.org>
 + 1 other); Sun, 26 Mar 2017 14:57:16 -0400
Received: from mail-wr0-f174.google.com ([209.85.128.174]:33310 "EHLO
 mail-wr0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1751595AbdCZS41 (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Sun, 26 Mar 2017 14:56:27 -0400
Received: by mail-wr0-f174.google.com with SMTP id w43so16022335wrb.0
 for <linux-crypto@vger.kernel.org>;
 Sun, 26 Mar 2017 11:56:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id;
 bh=hnF+P72pHYI6X9o+LPzyDKXQWIQ+rkjAn1VCJvLAgLk=;
 b=PVOgT0Wa2qW6ekTUF9+25aRWGUS67HEIiowSQeaaKqo/qwvEzpwG83cVR187sxyk78
 tbTZ4Rar4CN794IGr21b3YvCVDyuFmin5Bts7lMjgilVwYGfL/tWtTXBO90rPTpPirsD
 k8Kn32vWfWjqVIIabf7aPS7GfPY/iTh2bzOMM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=hnF+P72pHYI6X9o+LPzyDKXQWIQ+rkjAn1VCJvLAgLk=;
 b=PFQ/bDq0OrSjvh37po6Mz1LP/sWBCD0WtdY1ww6vC91DnYjlqYoV2lMgCV/NDhvgDA
 /vhoV1/47EbbHN+RQKkFAJVfmqxsu5RE7evARJERQjtvV43fdqI6OF4v4LsRFvGyrTN+
 IEUObN+naAyvtR/jrhZidN+pwb9Yt92aJN367NCqhT9xU7z79hVJpCZOzCEUBDu6kea2
 xQRbc+UigJxlQa+mVNlddXQvKZFRaml7/NhkI9ioEGyh7JsYPhv5fX26Ee4h1xQS9pxT
 FkbwqN0mg4MKrUa4LW3UDwYBSXR1wu4YPbq4YMsskFtn52RRrr2pSwckvWO0CIkJB+b3
 RWzQ==
X-Gm-Message-State: AFeK/H21KgaO9CjrMtylkAcGzQf1XGjcFIv4ofAEFeP0pWUyReW4/SUoPm0plvSFKlR8HnU8
X-Received: by 10.28.90.66 with SMTP id o63mr6581634wmb.97.1490554155257;
 Sun, 26 Mar 2017 11:49:15 -0700 (PDT)
Received: from localhost.localdomain ([196.81.160.3])
 by smtp.gmail.com with ESMTPSA id
 i133sm11362112wmg.26.2017.03.26.11.49.12
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Sun, 26 Mar 2017 11:49:14 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org, herbert@gondor.apana.org.au
Cc: nico@linaro.org, ebiggers3@gmail.com,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH 0/7] crypto: aes - allow generic AES to be omitted
Date: Sun, 26 Mar 2017 19:49:01 +0100
Message-Id: <1490554148-10953-1-git-send-email-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.7.4
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The generic AES driver uses 16 lookup tables of 1 KB each, and has
encryption and decryption routines that are fully unrolled. Given how
the dependencies between this code and other drivers are declared in
Kconfig files, this code is always pulled into the core kernel, even
if it is usually superseded at runtime by accelerated drivers that
exist for many architectures.

This leaves us with 25 KB of dead code in the kernel, which is negligible
in typical environments, but which is actually a big deal for the IoT
domain, where every kilobyte counts.

For this reason, this series refactors the way the various AES
implementations are wired up, to allow the generic version in
crypto/aes_generic.c to be omitted from the build entirely.

Patch #1 removes some bogus 'select CRYPTO_AES' statement.

Patch #2 introduces CRYPTO_NEED_AES which can be selected by driver that
require an AES cipher to be available, but don't care how it is implemented.

Patches #3 and #4 make some preparatory changes that allow dependencies on
crypto_aes_expand_key to be fulfilled by the new (and much smaller) fixed
time AES driver. (#5)

Patch #6 splits the generic AES driver into a core containing the precomputed
sub/shift/mix tables and the key expansion routines on the one hand, and the
encryption/decryption routines and the crypto API registration on the other.

Patch #7 introduces the CRYPTO_HAVE_AES Kconfig symbol, and adds statements to
various AES implementations that can fulfil the CRYPTO_NEED_AES dependencies
added in patch #2. The introduced Kconfig logic allows CRYPTO_AES to be
deselected even if AES dependencies exist, as long as one of these alternatives
is selected.

Ard Biesheuvel (7):
  drivers/crypto/Kconfig: drop bogus CRYPTO_AES dependencies
  crypto: aes - add new Kconfig symbol for soft dependency on AES
  crypto: aes/x86 - eliminate set_key() handling for IRQ context
  crypto: aes/arm64 - eliminate dependency on crypto_aes_set_key()
  crypto: aes - move crypto_aes_expand_key() to fixed-time AES driver
  crypto: aes - split off shared AES tables and key expansion routines
  crypto: aes - allow alternative AES drivers to fulfil AES dependency

 arch/arm/crypto/Kconfig                      |    5 +-
 arch/arm64/crypto/Kconfig                    |    5 +-
 arch/arm64/crypto/aes-glue.c                 |   12 +-
 arch/x86/crypto/aesni-intel_glue.c           |   14 +-
 crypto/Kconfig                               |   25 +-
 crypto/Makefile                              |    1 +
 crypto/aes_core.c                            | 1302 ++++++++++++++++++++
 crypto/aes_generic.c                         | 1239 -------------------
 crypto/aes_ti.c                              |    7 +-
 drivers/block/Kconfig                        |    2 +-
 drivers/crypto/Kconfig                       |   21 +-
 drivers/net/Kconfig                          |    2 +-
 drivers/net/wireless/cisco/Kconfig           |    2 +-
 drivers/net/wireless/intel/ipw2x00/Kconfig   |    2 +-
 drivers/net/wireless/intersil/hostap/Kconfig |    2 +-
 drivers/staging/rtl8192e/Kconfig             |    2 +-
 drivers/usb/wusbcore/Kconfig                 |    2 +-
 fs/ceph/Kconfig                              |    2 +-
 fs/cifs/Kconfig                              |    2 +-
 fs/crypto/Kconfig                            |    2 +-
 net/Kconfig                                  |    2 +-
 net/bluetooth/Kconfig                        |    2 +-
 net/ceph/Kconfig                             |    2 +-
 net/mac80211/Kconfig                         |    2 +-
 net/mac802154/Kconfig                        |    2 +-
 net/sunrpc/Kconfig                           |    3 +-
 security/keys/Kconfig                        |    4 +-
 27 files changed, 1377 insertions(+), 1291 deletions(-)
 create mode 100644 crypto/aes_core.c

-- 
2.7.4