This series makes the "aes-fixed-time" and "aes-arm" implementations of AES more resistant to cache-timing attacks. Note that even after these changes, the implementations still aren't necessarily guaranteed to be constant-time; see https://cr.yp.to/antiforgery/cachetiming-20050414.pdf for a discussion of the many difficulties involved in writing truly constant-time AES software. But it's valuable to make such attacks more difficult. Changed since v2: - In aes-arm, move the IRQ disable/enable into the assembly file. - Other aes-arm tweaks. - Add Kconfig help text. Thanks to Ard Biesheuvel for the suggestions. Eric Biggers (2): crypto: aes_ti - disable interrupts while accessing S-box crypto: arm/aes - add some hardening against cache-timing attacks arch/arm/crypto/Kconfig | 9 +++++ arch/arm/crypto/aes-cipher-core.S | 62 ++++++++++++++++++++++++++----- crypto/Kconfig | 3 +- crypto/aes_generic.c | 9 +++-- crypto/aes_ti.c | 18 +++++++++ 5 files changed, 86 insertions(+), 15 deletions(-) -- 2.19.1
