iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/crypto
History
Eric Biggers 913a3aa07d crypto: arm/aes - add some hardening against cache-timing attacks 
Make the ARM scalar AES implementation closer to constant-time by
disabling interrupts and prefetching the tables into L1 cache.  This is
feasible because due to ARM's "free" rotations, the main tables are only
1024 bytes instead of the usual 4096 used by most AES implementations.

On ARM Cortex-A7, the speed loss is only about 5%.  The resulting code
is still over twice as fast as aes_ti.c.  Responsiveness is potentially
a concern, but interrupts are only disabled for a single AES block.

Note that even after these changes, the implementation still isn't
necessarily guaranteed to be constant-time; see
https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
of the many difficulties involved in writing truly constant-time AES
software.  But it's valuable to make such attacks more difficult.

Much of this patch is based on patches suggested by Ard Biesheuvel.

Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-11-09 17:36:48 +08:00
..
asymmetric_keys
KEYS: asym_tpm: Add support for the sign operation [ver #2]
2018-10-26 09:30:47 +01:00
async_tx
async_pq: Remove VLA usage
2018-06-18 20:17:38 +05:30
842.c
crypto: acomp - add support for 842 via scomp
2016-10-25 11:08:33 +08:00
ablkcipher.c
crypto: ablkcipher - fix crash flushing dcache in error path
2018-08-03 18:06:04 +08:00
acompress.c
crypto: acomp - allow registration of multiple acomps
2017-04-21 20:30:50 +08:00
aead.c
crypto: aead - prevent using AEADs without setting key
2018-01-12 23:03:39 +11:00
aegis128.c
crypto: aead - remove useless setting of type flags
2018-07-09 00:30:26 +08:00
aegis128l.c
crypto: aead - remove useless setting of type flags
2018-07-09 00:30:26 +08:00
aegis256.c
crypto: aead - remove useless setting of type flags
2018-07-09 00:30:26 +08:00
aegis.h
crypto: aegis/generic - fix for big endian systems
2018-10-08 13:44:53 +08:00
aes_generic.c
crypto: arm/aes - add some hardening against cache-timing attacks
2018-11-09 17:36:48 +08:00
aes_ti.c
crypto: aes_ti - disable interrupts while accessing S-box
2018-11-09 17:36:48 +08:00
af_alg.c
Revert "net: simplify sock_poll_wait"
2018-10-23 10:57:06 -07:00
ahash.c
crypto: user - Implement a generic crypto statistics
2018-09-28 12:46:25 +08:00
akcipher.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
algapi.c
crypto: user - Implement a generic crypto statistics
2018-09-28 12:46:25 +08:00
algboss.c
crypto: api - Introduce notifier for new crypto algorithms
2018-09-04 11:37:04 +08:00
algif_aead.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
algif_hash.c
crypto: hash - Remove VLA usage
2018-09-04 11:35:03 +08:00
algif_rng.c
net: remove sock_no_poll
2018-05-26 09:16:44 +02:00
algif_skcipher.c
Revert changes to convert to ->poll_mask() and aio IOCB_CMD_POLL
2018-06-28 10:40:47 -07:00
ansi_cprng.c
crypto: ansi_cprng - Convert to new rng interface
2015-04-22 09:30:18 +08:00
anubis.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
api.c
evm: Don't deadlock if a crypto algorithm is unavailable
2018-07-18 07:27:22 -04:00
arc4.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
authenc.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
authencesn.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
blkcipher.c
crypto: blkcipher - fix crash flushing dcache in error path
2018-08-03 18:06:04 +08:00
blowfish_common.c
blowfish_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
camellia_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
cast5_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
cast6_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
cast_common.c
crypto: make tables used from assembler __visible
2013-08-14 20:42:03 +10:00
cbc.c
crypto: cbc - Propagate NEED_FALLBACK bit
2017-03-09 18:34:39 +08:00
ccm.c
crypto: ccm - Remove VLA usage
2018-09-04 11:35:03 +08:00
cfb.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
chacha20_generic.c
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
2018-09-21 13:24:50 +08:00
chacha20poly1305.c
crypto: chacha20poly1305 - validate the digest size
2017-12-22 19:02:33 +11:00
cipher.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
cmac.c
crypto: algapi - make crypto_xor() and crypto_inc() alignment agnostic
2017-02-11 17:52:28 +08:00
compress.c
crypto: api - Remove no-op exit_ops code
2016-10-21 11:03:42 +08:00
crc32_generic.c
crypto: crc32-generic - remove __crc32_le()
2018-05-27 00:12:09 +08:00
crc32c_generic.c
crypto: crc32c-generic - remove cra_alignmask
2018-05-27 00:12:08 +08:00
crct10dif_common.c
crypto: crct10dif - Add fallback for broken initrds
2013-09-12 15:31:34 +10:00
crct10dif_generic.c
crypto: squash lines for simple wrapper functions
2016-09-13 20:27:26 +08:00
cryptd.c
crypto: cryptd - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
crypto_engine.c
crypto: engine - Permit to enqueue all async requests
2018-02-15 23:26:50 +08:00
crypto_null.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
crypto_user_base.c
crypto: user - fix leaking uninitialized memory to userspace
2018-11-09 17:35:43 +08:00
crypto_user_stat.c
crypto: user - Zeroize whole structure given to user space
2018-11-09 17:35:43 +08:00
crypto_wq.c
crypto: crypto_wq - Fix late crypto work queue initialization
2014-03-21 21:54:28 +08:00
ctr.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
cts.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
deflate.c
crypto: scomp - add support for deflate rfc1950 (zlib)
2017-04-24 18:11:08 +08:00
des_generic.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
dh_helper.c
crypto: dh - make crypto_dh_encode_key() make robust
2018-08-03 18:06:06 +08:00
dh.c
crypto: dh - fix memory leak
2018-07-20 13:51:21 +08:00
drbg.c
crypto: drbg - in-place cipher operation for CTR
2018-08-03 18:05:48 +08:00
ecb.c
crypto: include crypto- module prefix in template
2014-11-26 20:06:30 +08:00
ecc_curve_defs.h
crypto: ecdh - fix typo of P-192 b value
2018-07-20 13:51:22 +08:00
ecc.c
crypto: ecdh - add public key verification test
2018-07-09 00:26:19 +08:00
ecc.h
crypto: ecc - Actually remove stack VLA usage
2018-04-21 00:58:29 +08:00
ecdh_helper.c
crypto: ecdh - return unsigned value for crypto_ecdh_key_len()
2017-10-12 22:55:00 +08:00
ecdh.c
crypto: ecc - Actually remove stack VLA usage
2018-04-21 00:58:29 +08:00
echainiv.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
fcrypt.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
fips.c
crypto: fips - Move fips_enabled sysctl into fips.c
2015-04-23 14:18:09 +08:00
gcm.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
gf128mul.c
crypto: gf128mul - remove incorrect comment
2017-12-22 19:52:40 +11:00
ghash-generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
hash_info.c
keys, trusted: select hash algorithm for TPM2 chips
2015-12-20 15:27:12 +02:00
hmac.c
crypto: hmac - require that the underlying hash algorithm is unkeyed
2017-11-29 13:39:15 +11:00
internal.h
crypto: api - Introduce notifier for new crypto algorithms
2018-09-04 11:37:04 +08:00
jitterentropy-kcapi.c
crypto: jitterentropy - drop duplicate header module.h
2016-11-17 23:34:52 +08:00
jitterentropy.c
crypto: jitterentropy - Delete unnecessary checks before the function call "kzfree"
2015-06-25 23:18:33 +08:00
Kconfig
crypto: aes_ti - disable interrupts while accessing S-box
2018-11-09 17:36:48 +08:00
keywrap.c
crypto: keywrap - Add missing ULL suffixes for 64-bit constants
2017-11-29 17:33:26 +11:00
khazad.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
kpp.c
crypto: Replaced gcc specific attributes with macros from compiler.h
2017-01-13 00:24:39 +08:00
lrw.c
crypto: lrw - fix rebase error after out of bounds fix
2018-10-05 10:22:48 +08:00
lz4.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lz4hc.c
crypto: lz4 - fixed decompress function to return error code
2017-04-10 19:17:27 +08:00
lzo.c
treewide: use kv[mz]alloc* rather than opencoded variants
2017-05-08 17:15:13 -07:00
Makefile
crypto: ofb - add output feedback mode
2018-09-28 12:46:26 +08:00
md4.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
md5.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
memneq.c
crypto: memneq - fix for archs without efficient unaligned access
2013-12-09 20:09:12 +08:00
michael_mic.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
morus640.c
crypto: morus/generic - fix for big endian systems
2018-10-08 13:44:53 +08:00
morus1280.c
crypto: morus/generic - fix for big endian systems
2018-10-08 13:44:53 +08:00
ofb.c
crypto: ofb - add output feedback mode
2018-09-28 12:46:26 +08:00
pcbc.c
crypto: remove several VLAs
2018-04-21 00:58:34 +08:00
pcrypt.c
crypto: pcrypt - fix freeing pcrypt instances
2017-12-22 19:02:47 +11:00
poly1305_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
proc.c
proc: introduce proc_create_seq{,_data}
2018-05-16 07:23:35 +02:00
ripemd.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
rmd128.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
rmd160.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
rmd256.c
crypto: rmd256 - use swap macro in rmd256_transform
2018-07-27 19:28:36 +08:00
rmd320.c
crypto: rmd320 - use swap macro in rmd320_transform
2018-07-27 19:28:36 +08:00
rng.c
crypto: user - Implement a generic crypto statistics
2018-09-28 12:46:25 +08:00
rsa_helper.c
kbuild: rename *-asn1.[ch] to *.asn1.[ch]
2018-04-07 19:04:02 +09:00
rsa-pkcs1pad.c
crypto: rsa-pkcs1pad: Allow hash to be optional [ver #2]
2018-10-26 09:30:46 +01:00
rsa.c
crypto: rsa - Remove unneeded error assignment
2018-04-21 00:58:37 +08:00
rsaprivkey.asn1
crypto: rsa - Store rest of the private key components
2016-07-05 23:05:26 +08:00
rsapubkey.asn1
crypto: akcipher - Changes to asymmetric key API
2015-10-14 22:23:16 +08:00
salsa20_generic.c
crypto: salsa20 - Revert "crypto: salsa20 - export generic helpers"
2018-05-31 00:13:57 +08:00
scatterwalk.c
crypto: scatterwalk - remove 'chain' argument from scatterwalk_crypto_chain()
2018-08-03 18:06:03 +08:00
scompress.c
crypto: scompress - use sgl_alloc() and sgl_free()
2018-01-06 09:18:00 -07:00
seed.c
crypto: prefix module autoloading with "crypto-"
2014-11-24 22:43:57 +08:00
seqiv.c
crypto: null - Remove VLA usage of skcipher
2018-09-28 12:46:08 +08:00
serpent_generic.c
crypto: serpent - improve __serpent_setkey with UBSAN
2017-08-09 20:17:54 +08:00
sha1_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
sha3_generic.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux
2018-08-03 17:55:12 +08:00
sha256_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
sha512_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
shash.c
crypto: shash - Remove VLA usage in unaligned hashing
2018-09-04 11:37:03 +08:00
simd.c
crypto: simd - correctly take reqsize of wrapped skcipher into account
2018-11-09 17:35:43 +08:00
skcipher.c
crypto: skcipher - Introduce crypto_sync_skcipher
2018-09-28 12:46:06 +08:00
sm3_generic.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
sm4_generic.c
crypto: sm4 - export encrypt/decrypt routines to other drivers
2018-05-05 14:52:51 +08:00
tcrypt.c
crypto: tcrypt - add OFB functional tests
2018-09-28 12:46:26 +08:00
tcrypt.h
crypto: testmgr - update sm4 test vectors
2018-09-28 12:46:26 +08:00
tea.c
crypto: add missing crypto module aliases
2015-01-13 22:29:11 +11:00
testmgr.c
crypto: testmgr - fix sizeof() on COMP_BUF_SIZE
2018-10-12 14:20:45 +08:00
testmgr.h
crypto: testmgr - update sm4 test vectors
2018-09-28 12:46:26 +08:00
tgr192.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
twofish_common.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
twofish_generic.c
crypto: replace FSF address with web source in license notices
2017-11-29 17:33:25 +11:00
vmac.c
crypto: vmac - remove insecure version with hardcoded nonce
2018-07-01 21:00:44 +08:00
wp512.c
crypto: shash - remove useless setting of type flags
2018-07-09 00:30:24 +08:00
xcbc.c
crypto: xcbc - Remove VLA usage
2018-09-04 11:35:03 +08:00
xor.c
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
2017-11-15 18:21:04 -08:00
xts.c
crypto: xts - Drop use of auxiliary buffer
2018-09-21 13:24:50 +08:00
zstd.c
crypto: zstd - Add zstd support
2018-04-21 00:58:30 +08:00