AW: [PATCH v1 2/7] AES for PPC/SPE - aes tables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Von: linux-crypto-owner@xxxxxxxxxxxxxxx [linux-crypto-owner@xxxxxxxxxxxxxxx]" im Auftrag von "Segher Boessenkool [segher@xxxxxxxxxxxxxxxxxxx]
> Gesendet: Montag, 16. Februar 2015 15:37
> An: David Laight
> Cc: Markus Stockhausen; linux-crypto@xxxxxxxxxxxxxxx; linuxppc-dev@xxxxxxxxxxxxxxxx
> Betreff: Re: [PATCH v1 2/7] AES for PPC/SPE - aes tables
> 
> On Mon, Feb 16, 2015 at 02:19:50PM +0000, David Laight wrote:
> > From:  Markus Stockhausen
> > > 4K AES tables for big endian
> >
> > I can't help feeling that you could give more information about how the
> > values are generated.
> 
> ... and an explanation of why this does not open you up to a timing attack?

Good points,

the tables are only big endian reversed ones of those found in crypto/aes_generic.c.

Regarding timing attacks: I understand, that reducing AES table sizes for a constant 
AES processing time is important to avoid cache timing attacks. Hopefully the 
following points will mitigate the concern.

Target architecture are low performance e500 cores without available caam 
features. These can currently use only aes-generic module. That one depends 
on 16K T-tables. 2*4K for encryption and 2*4K for decryption. The new module
reduces the T-table sizes to 8K+256 bytes. Far away from a minimal 256 byte
S-BOX but at least an improvement.

To narrow it down further. Intended use is for cheap routers. So no multiuser 
environments where a malicous process could drive complex flush+reload 
attacks. In case someone gains unallowed access there will be a lot of other 
and simpler ways to compromise the system.

In case that is sufficient for you I will add respective notes into a patch v2.

Markus
****************************************************************************
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.

�ber das Internet versandte E-Mails können unter fremden Namen erstellt oder
manipuliert werden. Deshalb ist diese als E-Mail verschickte Nachricht keine
rechtsverbindliche Willenserklärung.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

Vorstand:
Kadir Akin
Dr. Michael Höhnerbach

Vorsitzender des Aufsichtsrates:
Hans Kristian Langva

Registergericht: Amtsgericht Köln
Registernummer: HRB 52 497

This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.

e-mails sent over the internet may have been written under a wrong name or
been manipulated. That is why this message sent as an e-mail is not a
legally binding declaration of intention.

Collogia
Unternehmensberatung AG
Ubierring 11
D-50678 Köln

executive board:
Kadir Akin
Dr. Michael Höhnerbach

President of the supervisory board:
Hans Kristian Langva

Registry office: district court Cologne
Register number: HRB 52 497

****************************************************************************

[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux