Remove the duplicated boilerplate help text and add a bit of explanation
about the nature of the various AES implementations that exist for ARM
and x86.
Signed-off-by: Ard Biesheuvel <ard.biesheu...@linaro.org>
---
arch/arm/crypto/Kconfig | 4 +-
arch/arm64/crypto/Kconfig | 7 ++
crypto/Kconfig | 68 +++-----------------
3 files changed, 18 insertions(+), 61 deletions(-)
diff --git a/arch/arm/crypto/Kconfig b/arch/arm/crypto/Kconfig
index 3a6994ada2d1..24d70d74ae51 100644
--- a/arch/arm/crypto/Kconfig
+++ b/arch/arm/crypto/Kconfig
@@ -66,7 +66,9 @@ config CRYPTO_AES_ARM
select CRYPTO_ALGAPI
select CRYPTO_AES_GENERIC
help
- Use optimized AES assembler routines for ARM platforms.
+ Use optimized AES assembler routines for ARM platforms. This
+ implementation is table based, and thus not time invariant.
+ It reuses the tables exposed by the generic AES driver.
config CRYPTO_AES_ARM_BS
tristate "Bit sliced AES using NEON instructions"
diff --git a/arch/arm64/crypto/Kconfig b/arch/arm64/crypto/Kconfig
index 7ffe88267943..48404ae2a11a 100644
--- a/arch/arm64/crypto/Kconfig
+++ b/arch/arm64/crypto/Kconfig
@@ -44,11 +44,18 @@ config CRYPTO_CRC32_ARM64_CE
config CRYPTO_AES_ARM64
tristate "AES core cipher using scalar instructions"
select CRYPTO_AES_GENERIC
+ help
+ Use optimized AES assembler routines for ARM platforms. This
+ implementation is table based, and thus not time invariant.
+ It reuses the tables exposed by the generic AES driver.
config CRYPTO_AES_ARM64_CE
tristate "AES core cipher using ARMv8 Crypto Extensions"
depends on ARM64 && KERNEL_MODE_NEON
select CRYPTO_ALGAPI
+ help
+ Assembler implementation for arm64 of AES using special dedicated
+ instructions. This implementation is time invariant.
config CRYPTO_AES_ARM64_CE_CCM
tristate "AES in CCM mode using ARMv8 Crypto Extensions"
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 9ae3dade4b2b..f33c0d9136cf 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -906,21 +906,10 @@ config CRYPTO_AES_GENERIC
select CRYPTO_ALGAPI
select CRYPTO_AES_CORE
help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
- algorithm.
-
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/CryptoToolkit/aes/> for more information.
+ Generic table based implementation of AES. This is the fastest
+ implementation in C, but may be susceptible to known plaintext
+ attacks on the key due to the correlation between the processing
+ time and the input of the first round.
config CRYPTO_AES_TI
tristate "Fixed time AES cipher"
@@ -946,44 +935,18 @@ config CRYPTO_AES_586
select CRYPTO_ALGAPI
select CRYPTO_AES_GENERIC
help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
+ Assembler implementation for 32-bit x86 of the table based AES
algorithm.
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
-
config CRYPTO_AES_X86_64
tristate "AES cipher algorithms (x86_64)"
depends on (X86 || UML_X86) && 64BIT
select CRYPTO_ALGAPI
select CRYPTO_AES_GENERIC
help
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
+ Assembler implementation for 64-bit x86 of the table based AES
algorithm.
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
-
config CRYPTO_AES_NI_INTEL
tristate "AES cipher algorithms (AES-NI)"
depends on X86
@@ -994,23 +957,8 @@ config CRYPTO_AES_NI_INTEL
select CRYPTO_GLUE_HELPER_X86 if 64BIT
select CRYPTO_SIMD
help
- Use Intel AES-NI instructions for AES algorithm.
-
- AES cipher algorithms (FIPS-197). AES uses the Rijndael
- algorithm.
-
- Rijndael appears to be consistently a very good performer in
- both hardware and software across a wide range of computing
- environments regardless of its use in feedback or non-feedback
- modes. Its key setup time is excellent, and its key agility is
- good. Rijndael's very low memory requirements make it very well
- suited for restricted-space environments, in which it also
- demonstrates excellent performance. Rijndael's operations are
- among the easiest to defend against power and timing attacks.
-
- The AES specifies three key sizes: 128, 192 and 256 bits
-
- See <http://csrc.nist.gov/encryption/aes/> for more information.
+ Assembler implementation for x86 of AES using special dedicated
+ instructions. This implementation is time invariant.
In addition to AES cipher algorithm support, the acceleration
for some popular block cipher mode is supported too, including
--
2.7.4
