Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: src/sys
Module Name: src
Committed By: riastradh
Date: Mon Jun 29 23:27:52 UTC 2020
Modified Files:
src/sys/conf: files
src/sys/rump/kern/lib/libcrypto: Makefile
Added Files:
src/sys/crypto/aes: aes.h aes_bear.c aes_bear.h aes_ct.c aes_ct_dec.c
aes_ct_enc.c aes_impl.c aes_rijndael.c aes_selftest.c files.aes
Removed Files:
src/sys/crypto/rijndael: files.rijndael rijndael-alg-fst.c
rijndael-api-fst.c rijndael.c rijndael_local.h
Log Message:
Rework AES in kernel to finally address CVE-2005-1797.
1. Rip out old variable-time reference implementation.
2. Replace it by BearSSL's constant-time 32-bit logic.
=> Obtained from commit dda1f8a0c46e15b4a235163470ff700b2f13dcc5.
=> We could conditionally adopt the 64-bit logic too, which would
likely give a modest performance boost on 64-bit platforms
without AES-NI, but that's a bit more trouble.
3. Select the AES implementation at boot-time; allow an MD override.
=> Use self-tests to verify basic correctness at boot.
=> The implementation selection policy is rather rudimentary at
the moment but it is isolated to one place so it's easy to
change later on.
This (a) plugs a host of timing attacks on, e.g., cgd, and (b) paves
the way to take advantage of CPU support for AES -- both things we
should've done a decade ago. Downside: Computing AES takes 2-3x the
CPU time. But that's what hardware support will be coming for.
Rudimentary measurement of performance impact done by:
mount -t tmpfs tmpfs /tmp
dd if=/dev/zero of=/tmp/disk bs=1m count=512
vnconfig -cv vnd0 /tmp/disk
cgdconfig -s cgd0 /dev/vnd0 aes-cbc 256 < /dev/zero
dd if=/dev/rcgd0d of=/dev/null bs=64k
dd if=/dev/zero of=/dev/rcgd0d bs=64k
The AES-CBC encryption performance impact is closer to 3x because it
is inherently sequential; the AES-CBC decryption impact is closer to
2x because the bitsliced AES logic can process two blocks at once.
Discussed on tech-kern:
https://mail-index.NetBSD.org/tech-kern/2020/06/18/msg026505.html
To generate a diff of this commit:
cvs rdiff -u -r1.1268 -r1.1269 src/sys/conf/files
cvs rdiff -u -r0 -r1.1 src/sys/crypto/aes/aes.h src/sys/crypto/aes/aes_bear.c \
src/sys/crypto/aes/aes_bear.h src/sys/crypto/aes/aes_ct.c \
src/sys/crypto/aes/aes_ct_dec.c src/sys/crypto/aes/aes_ct_enc.c \
src/sys/crypto/aes/aes_impl.c src/sys/crypto/aes/aes_rijndael.c \
src/sys/crypto/aes/aes_selftest.c src/sys/crypto/aes/files.aes
cvs rdiff -u -r1.7 -r0 src/sys/crypto/rijndael/files.rijndael \
src/sys/crypto/rijndael/rijndael-alg-fst.c
cvs rdiff -u -r1.25 -r0 src/sys/crypto/rijndael/rijndael-api-fst.c
cvs rdiff -u -r1.8 -r0 src/sys/crypto/rijndael/rijndael.c
cvs rdiff -u -r1.6 -r0 src/sys/crypto/rijndael/rijndael_local.h
cvs rdiff -u -r1.6 -r1.7 src/sys/rump/kern/lib/libcrypto/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index