Up to [cvs.NetBSD.org] / src / sys / crypto / aes
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Implement AES-CCM with BearSSL's bitsliced 32-bit aes_ct.
Split aes_impl declarations out into aes_impl.h. This will make it less painful to add more operations to struct aes_impl without having to recompile everything that just uses the block cipher directly or similar.
New test sys/crypto/aes/t_aes. Runs aes_selftest on all kernel AES implementations supported on the current hardware, not just the preferred one.
Rework AES in kernel to finally address CVE-2005-1797. 1. Rip out old variable-time reference implementation. 2. Replace it by BearSSL's constant-time 32-bit logic. => Obtained from commit dda1f8a0c46e15b4a235163470ff700b2f13dcc5. => We could conditionally adopt the 64-bit logic too, which would likely give a modest performance boost on 64-bit platforms without AES-NI, but that's a bit more trouble. 3. Select the AES implementation at boot-time; allow an MD override. => Use self-tests to verify basic correctness at boot. => The implementation selection policy is rather rudimentary at the moment but it is isolated to one place so it's easy to change later on. This (a) plugs a host of timing attacks on, e.g., cgd, and (b) paves the way to take advantage of CPU support for AES -- both things we should've done a decade ago. Downside: Computing AES takes 2-3x the CPU time. But that's what hardware support will be coming for. Rudimentary measurement of performance impact done by: mount -t tmpfs tmpfs /tmp dd if=/dev/zero of=/tmp/disk bs=1m count=512 vnconfig -cv vnd0 /tmp/disk cgdconfig -s cgd0 /dev/vnd0 aes-cbc 256 < /dev/zero dd if=/dev/rcgd0d of=/dev/null bs=64k dd if=/dev/zero of=/dev/rcgd0d bs=64k The AES-CBC encryption performance impact is closer to 3x because it is inherently sequential; the AES-CBC decryption impact is closer to 2x because the bitsliced AES logic can process two blocks at once. Discussed on tech-kern: https://mail-index.NetBSD.org/tech-kern/2020/06/18/msg026505.html