mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-12 21:57:43 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch/arm/crypto
History
Eric Biggers 913a3aa07d crypto: arm/aes - add some hardening against cache-timing attacks 
Make the ARM scalar AES implementation closer to constant-time by
disabling interrupts and prefetching the tables into L1 cache.  This is
feasible because due to ARM's "free" rotations, the main tables are only
1024 bytes instead of the usual 4096 used by most AES implementations.

On ARM Cortex-A7, the speed loss is only about 5%.  The resulting code
is still over twice as fast as aes_ti.c.  Responsiveness is potentially
a concern, but interrupts are only disabled for a single AES block.

Note that even after these changes, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software.  But it's valuable to make such attacks more difficult.

Much of this patch is based on patches suggested by Ard Biesheuvel.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-11-09 17:36:48 +08:00
..
.gitignore crypto: arm - ignore generated SHA2 assembly files 2015-07-06 16:32:03 +08:00
aes-ce-core.S crypto: arm/aes-ce - remove cra_alignmask 2017-02-03 18:16:16 +08:00
aes-ce-glue.c crypto: algapi - make crypto_xor() take separate dst and src arguments 2017-08-04 09:27:15 +08:00
aes-cipher-core.S crypto: arm/aes - add some hardening against cache-timing attacks 2018-11-09 17:36:48 +08:00
aes-cipher-glue.c crypto: arm/aes - replace scalar AES cipher 2017-01-13 00:26:50 +08:00
aes-neonbs-core.S crypto: arm/aes - don't use IV buffer to return final keystream block 2017-02-03 18:16:21 +08:00
aes-neonbs-glue.c crypto: arm/aes-neonbs - Use PTR_ERR_OR_ZERO() 2017-12-11 22:36:56 +11:00
chacha20-neon-core.S crypto: arm/chacha20 - faster 8-bit rotations and other optimizations 2018-09-04 11:37:05 +08:00
chacha20-neon-glue.c crypto: arm/chacha20 - remove cra_alignmask 2017-02-03 18:16:19 +08:00
crc32-ce-core.S crypto: arm/crc32 - fix build error with outdated binutils 2017-03-01 19:47:51 +08:00
crc32-ce-glue.c crypto: arm/crc32 - avoid warning when compiling with Clang 2018-09-21 13:24:52 +08:00
crct10dif-ce-core.S crypto: arm/crct10dif - port x86 SSE implementation to ARM 2016-12-07 20:01:21 +08:00
crct10dif-ce-glue.c crypto: arm/crct10dif - port x86 SSE implementation to ARM 2016-12-07 20:01:21 +08:00
ghash-ce-core.S crypto: arm/ghash-ce - implement support for 4-way aggregation 2018-09-04 11:37:04 +08:00
ghash-ce-glue.c crypto: arm/ghash-ce - implement support for 4-way aggregation 2018-09-04 11:37:04 +08:00
Kconfig crypto: arm/aes - add some hardening against cache-timing attacks 2018-11-09 17:36:48 +08:00
Makefile crypto: speck - remove Speck 2018-09-04 11:35:03 +08:00
sha1-armv4-large.S crypto: clarify licensing of OpenSSL asm code 2018-05-31 00:13:44 +08:00
sha1-armv7-neon.S crypto: arm/sha1-neon - add support for building in Thumb2 mode 2016-09-07 21:08:29 +08:00
sha1-ce-core.S crypto: arm/sha1-ce - move SHA-1 ARMv8 implementation to base layer 2015-04-10 21:39:44 +08:00
sha1-ce-glue.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha1.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sha1_glue.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha1_neon_glue.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha2-ce-core.S crypto: arm/sha2-ce - move SHA-224/256 ARMv8 implementation to base layer 2015-04-10 21:39:45 +08:00
sha2-ce-glue.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha256-armv4.pl crypto: clarify licensing of OpenSSL asm code 2018-05-31 00:13:44 +08:00
sha256-core.S_shipped crypto: clarify licensing of OpenSSL asm code 2018-05-31 00:13:44 +08:00
sha256_glue.c treewide: convert ISO_8859-1 text comments to utf-8 2018-08-23 18:48:43 -07:00
sha256_glue.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
sha256_neon_glue.c treewide: convert ISO_8859-1 text comments to utf-8 2018-08-23 18:48:43 -07:00
sha512-armv4.pl crypto: clarify licensing of OpenSSL asm code 2018-05-31 00:13:44 +08:00
sha512-core.S_shipped crypto: clarify licensing of OpenSSL asm code 2018-05-31 00:13:44 +08:00
sha512-glue.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha512-neon-glue.c crypto: shash - remove useless setting of type flags 2018-07-09 00:30:24 +08:00
sha512.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00