Re: [PATCH 0/7] crypto: aes - allow generic AES to be omitted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 26 Mar 2017, Ard Biesheuvel wrote:

> The generic AES driver uses 16 lookup tables of 1 KB each, and has
> encryption and decryption routines that are fully unrolled. Given how
> the dependencies between this code and other drivers are declared in
> Kconfig files, this code is always pulled into the core kernel, even
> if it is usually superseded at runtime by accelerated drivers that
> exist for many architectures.
> 
> This leaves us with 25 KB of dead code in the kernel, which is negligible
> in typical environments, but which is actually a big deal for the IoT
> domain, where every kilobyte counts.
> 
> For this reason, this series refactors the way the various AES
> implementations are wired up, to allow the generic version in
> crypto/aes_generic.c to be omitted from the build entirely.

I'm not a cryptographer but I do agree with the above goal.

Acked_by: Nicolas Pitre <nico@xxxxxxxxxx>

> 
> Patch #1 removes some bogus 'select CRYPTO_AES' statement.
> 
> Patch #2 introduces CRYPTO_NEED_AES which can be selected by driver that
> require an AES cipher to be available, but don't care how it is implemented.
> 
> Patches #3 and #4 make some preparatory changes that allow dependencies on
> crypto_aes_expand_key to be fulfilled by the new (and much smaller) fixed
> time AES driver. (#5)
> 
> Patch #6 splits the generic AES driver into a core containing the precomputed
> sub/shift/mix tables and the key expansion routines on the one hand, and the
> encryption/decryption routines and the crypto API registration on the other.
> 
> Patch #7 introduces the CRYPTO_HAVE_AES Kconfig symbol, and adds statements to
> various AES implementations that can fulfil the CRYPTO_NEED_AES dependencies
> added in patch #2. The introduced Kconfig logic allows CRYPTO_AES to be
> deselected even if AES dependencies exist, as long as one of these alternatives
> is selected.
> 
> Ard Biesheuvel (7):
>   drivers/crypto/Kconfig: drop bogus CRYPTO_AES dependencies
>   crypto: aes - add new Kconfig symbol for soft dependency on AES
>   crypto: aes/x86 - eliminate set_key() handling for IRQ context
>   crypto: aes/arm64 - eliminate dependency on crypto_aes_set_key()
>   crypto: aes - move crypto_aes_expand_key() to fixed-time AES driver
>   crypto: aes - split off shared AES tables and key expansion routines
>   crypto: aes - allow alternative AES drivers to fulfil AES dependency
> 
>  arch/arm/crypto/Kconfig                      |    5 +-
>  arch/arm64/crypto/Kconfig                    |    5 +-
>  arch/arm64/crypto/aes-glue.c                 |   12 +-
>  arch/x86/crypto/aesni-intel_glue.c           |   14 +-
>  crypto/Kconfig                               |   25 +-
>  crypto/Makefile                              |    1 +
>  crypto/aes_core.c                            | 1302 ++++++++++++++++++++
>  crypto/aes_generic.c                         | 1239 -------------------
>  crypto/aes_ti.c                              |    7 +-
>  drivers/block/Kconfig                        |    2 +-
>  drivers/crypto/Kconfig                       |   21 +-
>  drivers/net/Kconfig                          |    2 +-
>  drivers/net/wireless/cisco/Kconfig           |    2 +-
>  drivers/net/wireless/intel/ipw2x00/Kconfig   |    2 +-
>  drivers/net/wireless/intersil/hostap/Kconfig |    2 +-
>  drivers/staging/rtl8192e/Kconfig             |    2 +-
>  drivers/usb/wusbcore/Kconfig                 |    2 +-
>  fs/ceph/Kconfig                              |    2 +-
>  fs/cifs/Kconfig                              |    2 +-
>  fs/crypto/Kconfig                            |    2 +-
>  net/Kconfig                                  |    2 +-
>  net/bluetooth/Kconfig                        |    2 +-
>  net/ceph/Kconfig                             |    2 +-
>  net/mac80211/Kconfig                         |    2 +-
>  net/mac802154/Kconfig                        |    2 +-
>  net/sunrpc/Kconfig                           |    3 +-
>  security/keys/Kconfig                        |    4 +-
>  27 files changed, 1377 insertions(+), 1291 deletions(-)
>  create mode 100644 crypto/aes_core.c
> 
> -- 
> 2.7.4
> 
> 



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux