From patchwork Wed Jan 10 12:11:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 124071 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp5198714qgn; Wed, 10 Jan 2018 04:13:41 -0800 (PST) X-Google-Smtp-Source: ACJfBouMzbrvShvRwCXpLxj+p46nA3ip4++ZrX2Fh7URHlZnkKOd2CzKx/Y5CIYjMSfAG4x7u0+L X-Received: by 10.99.44.14 with SMTP id s14mr14867000pgs.452.1515586421266; Wed, 10 Jan 2018 04:13:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1515586421; cv=none; d=google.com; s=arc-20160816; b=ykdvjdLzG+LeKVuXxtIXSQhmavZJhxmoFmlNVPPqEQoOw9Lj698dwC3mD1Sfl4wZ7g z/8CmPpN5YaFKF/CX5D9R66VlfIb+xnlIpDOl+rmSVRu6FnWURv8fpMKf351tOPWWmdv qJTAhD2KBTGa6nJL8ASfcIyT8wkR3kRYYRMT81I/AcHluRlZ2+ecmJsPfVfO1sJfvHgu YaVxcPYsuU0ad2xAbN5qeO3+6TlgJwY6bTekc2GxCf5lS/Xp3RX5E/dV+qUyah90Vm5K zOqMRS7RAo0AKA+YkeuZ6/eYgztZEuR5b6yufG7Y+gDKfkFt41o/OgpgPaxhyZpOC4SD PPgA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=0C70jfDnO7Qwg7n7NrLX2VZ2fdoAIUgQDZncGnjpWZ8=; b=Rd0si03cU9e5Wu9uXlrgeIlIuqe4OiBRHZ5+UPx32H8U2GcqDHyuDqM4U+VgeYVFSV ARxN3CcTPJS8RfeVm47Y+wy+xxdkGVH66dqmDbLVOMdOOAaA2s8dKf0Go+TZoPr4Recf lTwuo54daFXb0RW1Pcmtz1Cm1IRvr/1IMnJM87brMaqPGNfK25MK6VjfBYhR+FVc7GZr 56SS5IFSwgX0yiz8Yc6E9k234RGU4gOsg9c+zflq3DRFHgYtY9D27S7/fppBylGZ6ykO ejAujphsWtN08hOfFPVV9nOy6TBas2V90eZywNN+lv0jrxd/ZjV8mcNCWESnG+87zCNn g69A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GWihTtR/; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v15si5570618plk.832.2018.01.10.04.13.41; Wed, 10 Jan 2018 04:13:41 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=GWihTtR/; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754986AbeAJMNi (ORCPT + 1 other); Wed, 10 Jan 2018 07:13:38 -0500 Received: from mail-wm0-f68.google.com ([74.125.82.68]:42434 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754968AbeAJMNg (ORCPT ); Wed, 10 Jan 2018 07:13:36 -0500 Received: by mail-wm0-f68.google.com with SMTP id b141so26552357wme.1 for ; Wed, 10 Jan 2018 04:13:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0C70jfDnO7Qwg7n7NrLX2VZ2fdoAIUgQDZncGnjpWZ8=; b=GWihTtR/e6GcvyqB7EgBuRPyyJZg2w/b9f3mYMlJXBeMBad5AEPIMNq7i35hSuce6d Ah9zfDtwaKl7rTypPlSeLrpSvlzZ8aoFcbhDRRJO8dtnQzagLUTUkjHA+MqG+cJOtb2N tRJtz4Mpu/keRWeDHKNxJpjcX38GkO9plJpbA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0C70jfDnO7Qwg7n7NrLX2VZ2fdoAIUgQDZncGnjpWZ8=; b=mFUk+RjlgSF9ntfLmtsUqGopz3KizhgQxUymPzbnyjMsJzOtrlCyDn2ELY6tC7g7V9 UuLfG3ITF/8Iq0hOLPQcF33j8fLWE0qkXMpDnYU3bPlnL5SAU4J+1bmCVIFvhkXNgz7+ 2bDNzgAEW5w625oDSTObH2/97TqjuuBY2uW+yEgUSTwGF6zFnG+5CBhagLinLJ9UPEyv anQPPH8bqirQAwu6mW3wzH6QtLAthKXKPQfu0BxSeXBzyZ5E7SES0N5a/tWNLhN+Pcao OBlG2kkCtR8rpeN7ne1N+5Nw+l9DUmxKTtxgETcLtgv+G1A+SM5AVzjToaBY5UXwOE4r 06+g== X-Gm-Message-State: AKGB3mJ3oqvqJ3KhQ1fS3GjobYoKu5rU+rXrVpkG4GhPuE54zgKlJDUc GUloBLwrJVW4WFE34yPIz86Sfg== X-Received: by 10.28.206.142 with SMTP id e136mr14228051wmg.45.1515586415658; Wed, 10 Jan 2018 04:13:35 -0800 (PST) Received: from localhost.localdomain ([154.144.231.40]) by smtp.gmail.com with ESMTPSA id l72sm1261615wmi.4.2018.01.10.04.11.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jan 2018 04:13:34 -0800 (PST) From: Ard Biesheuvel To: linux-arm-kernel@lists.infradead.org, linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, will.deacon@arm.com, catalin.marinas@arm.com, marc.zyngier@arm.com, mark.rutland@arm.com, dann.frazier@canonical.com, steve.capper@linaro.org, Ard Biesheuvel Subject: [PATCH 2/7] arm64/crypto: aes-cipher: move S-box to .rodata section Date: Wed, 10 Jan 2018 12:11:37 +0000 Message-Id: <20180110121142.18291-3-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180110121142.18291-1-ard.biesheuvel@linaro.org> References: <20180110121142.18291-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Move the AES inverse S-box to the .rodata section where it is safe from abuse by speculation. Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-cipher-core.S | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) -- 2.11.0 diff --git a/arch/arm64/crypto/aes-cipher-core.S b/arch/arm64/crypto/aes-cipher-core.S index 6d2445d603cc..3a44eada2347 100644 --- a/arch/arm64/crypto/aes-cipher-core.S +++ b/arch/arm64/crypto/aes-cipher-core.S @@ -125,6 +125,16 @@ CPU_BE( rev w7, w7 ) ret .endm +ENTRY(__aes_arm64_encrypt) + do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2 +ENDPROC(__aes_arm64_encrypt) + + .align 5 +ENTRY(__aes_arm64_decrypt) + do_crypt iround, crypto_it_tab, __aes_arm64_inverse_sbox, 0 +ENDPROC(__aes_arm64_decrypt) + + .section ".rodata", "a" .align L1_CACHE_SHIFT .type __aes_arm64_inverse_sbox, %object __aes_arm64_inverse_sbox: @@ -161,12 +171,3 @@ __aes_arm64_inverse_sbox: .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d .size __aes_arm64_inverse_sbox, . - __aes_arm64_inverse_sbox - -ENTRY(__aes_arm64_encrypt) - do_crypt fround, crypto_ft_tab, crypto_ft_tab + 1, 2 -ENDPROC(__aes_arm64_encrypt) - - .align 5 -ENTRY(__aes_arm64_decrypt) - do_crypt iround, crypto_it_tab, __aes_arm64_inverse_sbox, 0 -ENDPROC(__aes_arm64_decrypt)