Re: [PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-07-18 Thread Ard Biesheuvel
On 18 July 2017 at 09:30, Herbert Xu wrote: > On Tue, Jul 18, 2017 at 08:57:28AM +0100, Ard Biesheuvel wrote: >> >> So if you care about security and/or the cache/memory footprint more >> than about speed, you can disable the table based implementations that >> exist

Re: [PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-07-18 Thread Herbert Xu
On Tue, Jul 18, 2017 at 08:57:28AM +0100, Ard Biesheuvel wrote: > > So if you care about security and/or the cache/memory footprint more > than about speed, you can disable the table based implementations that > exist for i586, x86, ARM and arm64 (all of which have faster and time > invariant

Re: [PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-07-18 Thread Ard Biesheuvel
On 18 July 2017 at 08:18, Herbert Xu wrote: > On Tue, Jul 18, 2017 at 07:32:41AM +0100, Ard Biesheuvel wrote: >> >> Because it is slower, and how much slower is architecture dependent >> (if your arch has slow multiplication, aes-ti decryption will be dog >> slow

Re: [PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-07-18 Thread Herbert Xu
On Tue, Jul 18, 2017 at 07:32:41AM +0100, Ard Biesheuvel wrote: > > Because it is slower, and how much slower is architecture dependent > (if your arch has slow multiplication, aes-ti decryption will be dog > slow compared to aes-generic) Right, but does anybody actually care? My guess is that on

Re: [PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-07-18 Thread Ard Biesheuvel
On 18 July 2017 at 06:25, Herbert Xu wrote: > On Tue, Jun 20, 2017 at 11:28:53AM +0200, Ard Biesheuvel wrote: >> The generic AES driver uses 16 lookup tables of 1 KB each, and has >> encryption and decryption routines that are fully unrolled. Given how >> the

Re: [PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-07-17 Thread Herbert Xu
On Tue, Jun 20, 2017 at 11:28:53AM +0200, Ard Biesheuvel wrote: > The generic AES driver uses 16 lookup tables of 1 KB each, and has > encryption and decryption routines that are fully unrolled. Given how > the dependencies between this code and other drivers are declared in > Kconfig files, this

[PATCH v3 0/7] crypto: aes - allow generic AES to be omitted

2017-06-20 Thread Ard Biesheuvel
The generic AES driver uses 16 lookup tables of 1 KB each, and has encryption and decryption routines that are fully unrolled. Given how the dependencies between this code and other drivers are declared in Kconfig files, this code is always pulled into the core kernel, even if it is usually