The NetBSD Project

CVS log for src/sys/crypto/aes/aes_bear.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / crypto / aes

Request diff between arbitrary revisions


Keyword substitution: kv
Default branch: MAIN


Revision 1.4: download - view: text, markup, annotated - select for diffs
Sat Jul 25 22:28:27 2020 UTC (4 years, 5 months ago) by riastradh
Branches: MAIN
CVS tags: thorpej-ifq-base, thorpej-ifq, thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-futex, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, thorpej-altq-separation-base, thorpej-altq-separation, perseant-exfatfs-base-20240630, perseant-exfatfs-base, perseant-exfatfs, netbsd-10-base, netbsd-10-1-RELEASE, netbsd-10-0-RELEASE, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, bouyer-sunxi-drm-base, bouyer-sunxi-drm, HEAD
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +219 -2 lines
Implement AES-CCM with BearSSL's bitsliced 32-bit aes_ct.

Revision 1.3: download - view: text, markup, annotated - select for diffs
Sat Jul 25 22:12:57 2020 UTC (4 years, 5 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +3 -2 lines
Split aes_impl declarations out into aes_impl.h.

This will make it less painful to add more operations to struct
aes_impl without having to recompile everything that just uses the
block cipher directly or similar.

Revision 1.2: download - view: text, markup, annotated - select for diffs
Tue Jun 30 20:32:11 2020 UTC (4 years, 6 months ago) by riastradh
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +11 -2 lines
New test sys/crypto/aes/t_aes.

Runs aes_selftest on all kernel AES implementations supported on the
current hardware, not just the preferred one.

Revision 1.1: download - view: text, markup, annotated - select for diffs
Mon Jun 29 23:27:52 2020 UTC (4 years, 6 months ago) by riastradh
Branches: MAIN
Rework AES in kernel to finally address CVE-2005-1797.

1. Rip out old variable-time reference implementation.
2. Replace it by BearSSL's constant-time 32-bit logic.
   => Obtained from commit dda1f8a0c46e15b4a235163470ff700b2f13dcc5.
   => We could conditionally adopt the 64-bit logic too, which would
      likely give a modest performance boost on 64-bit platforms
      without AES-NI, but that's a bit more trouble.
3. Select the AES implementation at boot-time; allow an MD override.
   => Use self-tests to verify basic correctness at boot.
   => The implementation selection policy is rather rudimentary at
      the moment but it is isolated to one place so it's easy to
      change later on.

This (a) plugs a host of timing attacks on, e.g., cgd, and (b) paves
the way to take advantage of CPU support for AES -- both things we
should've done a decade ago.  Downside: Computing AES takes 2-3x the
CPU time.  But that's what hardware support will be coming for.

Rudimentary measurement of performance impact done by:

mount -t tmpfs tmpfs /tmp
dd if=/dev/zero of=/tmp/disk bs=1m count=512
vnconfig -cv vnd0 /tmp/disk
cgdconfig -s cgd0 /dev/vnd0 aes-cbc 256 < /dev/zero
dd if=/dev/rcgd0d of=/dev/null bs=64k
dd if=/dev/zero of=/dev/rcgd0d bs=64k

The AES-CBC encryption performance impact is closer to 3x because it
is inherently sequential; the AES-CBC decryption impact is closer to
2x because the bitsliced AES logic can process two blocks at once.

Discussed on tech-kern:

https://mail-index.NetBSD.org/tech-kern/2020/06/18/msg026505.html

Diff request

This form allows you to request diffs between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.

Log view options

CVSweb <webmaster@jp.NetBSD.org>