On Wed, Oct 17, 2018 at 09:37:57PM -0700, Eric Biggers wrote:
> This series makes the "aes-fixed-time" and "aes-arm" implementations of
> AES more resistant to cache-timing attacks.
>
> Note that even after these changes, the implementations still aren't
> necessarily guaranteed to be constant-time; see
> https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion
> of the many difficulties involved in writing truly constant-time AES
> software. But it's valuable to make such attacks more difficult.
>
> Changed since v2:
> - In aes-arm, move the IRQ disable/enable into the assembly file.
> - Other aes-arm tweaks.
> - Add Kconfig help text.
>
> Thanks to Ard Biesheuvel for the suggestions.
>
> Eric Biggers (2):
> crypto: aes_ti - disable interrupts while accessing S-box
> crypto: arm/aes - add some hardening against cache-timing attacks
>
> arch/arm/crypto/Kconfig | 9 +
> arch/arm/crypto/aes-cipher-core.S | 62 ++-
> crypto/Kconfig| 3 +-
> crypto/aes_generic.c | 9 +++--
> crypto/aes_ti.c | 18 +
> 5 files changed, 86 insertions(+), 15 deletions(-)
All applied. Thanks.
--
Email: Herbert Xu
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt