From patchwork Fri Jun 16 11:17:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 105708 Delivered-To: patch@linaro.org Received: by 10.140.91.77 with SMTP id y71csp1249349qgd; Fri, 16 Jun 2017 04:18:08 -0700 (PDT) X-Received: by 10.84.253.2 with SMTP id z2mr12397407pll.114.1497611888716; Fri, 16 Jun 2017 04:18:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1497611888; cv=none; d=google.com; s=arc-20160816; b=Pql3cHuiOLWwD9kdoAU+OOiPUQ9MnQD6SVJ/GG1+fmO+1+P+r4qmeXgvenNLVWkcFu NEavuMol54gUBQoO8lFRP2UHlJgVfaUGGxi9Da1MJoJ6d0clKmH6N7BqY6d17z7U0BD/ pQThp3R7sNg7W9g9ZmFTqlOgEvAsMMIm1WXYATTAPOSty/QEJUDm+GVvsGnYrdi5pZtj fD3ZK3W26coDI+sTLUmmisIdpca3Xc39osyPmEK5FkRw3UeHeFKywyjfncUZOTq0psZA 4VNGUU0sVSknToPQdZEV8OMd/onxJ0Tj9JMGRZfrI5847o9Y7+VfkvzE4WwcsJ2gYvT9 WwLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=+Zuq77plwWIPlUHRQ/J+JQyl+T7szoRsbBbEujPWN0k=; b=VfeCElC8iQBTJRVYLmwr9BjZHAg7qLm827yt06Tuc/d5nY0fB1Dd6r023qALCeW7rw Wu325tRJIgkiQ6r8D+sHxBwJJkcxpzBuCjcMamT4IkDO0b47kJq49C+mXlXR768TOGqj BqPDh5nsR+ihnPOSd68Hm3R0jjGN/j/FBgFOhVhys8PJADWRc+5X4iu0nl15VYX6XoEb ZtoVSkRAyLsztAdjfytCf4ln+mQj4LjIiZLYsBnFwglX3EFuvAHuF2j8zxAFJoO4P+Bm q+D5mLmpa6NXcALuX0TP4R06IUUc3LdBq1SGM9tH4OffK9hU/6LPAT87B+7mkBNyeMTa kCvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=dv22exHF; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a7si1740382pgn.206.2017.06.16.04.18.08; Fri, 16 Jun 2017 04:18:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=dv22exHF; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752619AbdFPLSF (ORCPT + 1 other); Fri, 16 Jun 2017 07:18:05 -0400 Received: from mail-wm0-f54.google.com ([74.125.82.54]:35138 "EHLO mail-wm0-f54.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752603AbdFPLSD (ORCPT ); Fri, 16 Jun 2017 07:18:03 -0400 Received: by mail-wm0-f54.google.com with SMTP id x70so23061407wme.0 for ; Fri, 16 Jun 2017 04:18:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+Zuq77plwWIPlUHRQ/J+JQyl+T7szoRsbBbEujPWN0k=; b=dv22exHFlkeNrHSxkzI6YY/LRQAsYhPwKCayr7rP4a0VU+mx9oegmnDKWqFEm2P+Ri 1bL6K0wve3cQIbuNPjo+TnEcI2sIQ2xng4AClJ5GZBUW8zyjIsEthA1FH/Q6VJqCRoHZ Vz4L6b3ZLaEgKcIx52ePV4jesUOMIrSv4wAxM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+Zuq77plwWIPlUHRQ/J+JQyl+T7szoRsbBbEujPWN0k=; b=SnjSaRvsX7XJKmnF1nrnMJXGmcjsSrDHvLYtUyhwFTrkFJyxOItJOt9eDjJPjDbcFx 1xTJtScpBz25bJEDi6rz0PS+d9oxsfBpGKu7nhwjCqaYicB+UbWG6toR32Nd6MKCi5wI U0okZRSpwDqIDqpWsRiW+HsBDXRDwUHDAymPUyUQ4FSmLK+02eba9JT8dgJklBKeC0m0 BBTv87YcY8Z1Hk6BMNG9dM0dlGh7/W97dZYScMn2bF2sE9z5VueWunEY6l+Dm+3dwJZc 3Ir/Jruvg3GLIL2ldfZxSUaVmTLo+ZXD0Ibjqx/RYMgBSJId8zC9EIb4S30TG5Ayw9XL HDuw== X-Gm-Message-State: AKS2vOxBgvQvt1fXpnBMf5Qx5z7D7VO+nyxDPSILz7x3EelHt5jNG7w9 QtMpgak4OIH0dOGm/1Wmrg== X-Received: by 10.80.158.99 with SMTP id z90mr6861127ede.144.1497611882092; Fri, 16 Jun 2017 04:18:02 -0700 (PDT) Received: from ards-macbook-pro.arnhem.chello.nl (dhcp-077-251-017-237.chello.nl. [77.251.17.237]) by smtp.gmail.com with ESMTPSA id k17sm984880edb.37.2017.06.16.04.18.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 16 Jun 2017 04:18:01 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, nico@linaro.org, ebiggers3@gmail.com, Ard Biesheuvel , Johannes Berg Subject: [PATCH v2 3/6] crypto: x86/aes-ni - switch to generic fallback Date: Fri, 16 Jun 2017 13:17:46 +0200 Message-Id: <1497611869-6126-4-git-send-email-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1497611869-6126-1-git-send-email-ard.biesheuvel@linaro.org> References: <1497611869-6126-1-git-send-email-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The time invariant AES-NI implementation is SIMD based, and so it needs a fallback in case the code is called from a context where SIMD is not allowed. On x86, this is really only when executing in the context of an interrupt taken while in kernel mode, since SIMD is allowed in all other cases. There is very little code in the kernel that actually performs AES in interrupt context, and the code that does (mac80211) only does so when using 802.11 devices that have no support for AES in hardware, and those are rare these days. So switch to the new AES core code as a fallback. It is much smaller, as well as more resistant to cache timing attacks, and removing the dependency allows us to disable the time variant drivers altogether if desired. Cc: Johannes Berg Signed-off-by: Ard Biesheuvel --- arch/x86/crypto/aesni-intel_glue.c | 4 ++-- crypto/Kconfig | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) -- 2.7.4 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c index 4a55cdcdc008..1734e6185800 100644 --- a/arch/x86/crypto/aesni-intel_glue.c +++ b/arch/x86/crypto/aesni-intel_glue.c @@ -334,7 +334,7 @@ static void aes_encrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm)); if (!irq_fpu_usable()) - crypto_aes_encrypt_x86(ctx, dst, src); + crypto_aes_encrypt(ctx, dst, src); else { kernel_fpu_begin(); aesni_enc(ctx, dst, src); @@ -347,7 +347,7 @@ static void aes_decrypt(struct crypto_tfm *tfm, u8 *dst, const u8 *src) struct crypto_aes_ctx *ctx = aes_ctx(crypto_tfm_ctx(tfm)); if (!irq_fpu_usable()) - crypto_aes_decrypt_x86(ctx, dst, src); + crypto_aes_decrypt(ctx, dst, src); else { kernel_fpu_begin(); aesni_dec(ctx, dst, src); diff --git a/crypto/Kconfig b/crypto/Kconfig index b4edea2aed22..1e6e021fda10 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -984,8 +984,7 @@ config CRYPTO_AES_NI_INTEL tristate "AES cipher algorithms (AES-NI)" depends on X86 select CRYPTO_AEAD - select CRYPTO_AES_X86_64 if 64BIT - select CRYPTO_AES_586 if !64BIT + select CRYPTO_AES_CORE select CRYPTO_ALGAPI select CRYPTO_BLKCIPHER select CRYPTO_GLUE_HELPER_X86 if 64BIT