From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ard Biesheuvel Subject: Re: [PATCH v3 0/3] crypto: time invariant AES for CCM (and CMAC/XCBC) Date: Sat, 11 Feb 2017 18:05:26 +0000 Message-ID: References: <1486133377-23290-1-git-send-email-ard.biesheuvel@linaro.org> <20170211105339.GE855@gondor.apana.org.au> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: "linux-crypto@vger.kernel.org" , Eric Biggers , "linux-arm-kernel@lists.infradead.org" To: Herbert Xu Return-path: Received: from mail-io0-f174.google.com ([209.85.223.174]:35103 "EHLO mail-io0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750972AbdBKSF1 (ORCPT ); Sat, 11 Feb 2017 13:05:27 -0500 Received: by mail-io0-f174.google.com with SMTP id j18so69504293ioe.2 for ; Sat, 11 Feb 2017 10:05:27 -0800 (PST) In-Reply-To: <20170211105339.GE855@gondor.apana.org.au> Sender: linux-crypto-owner@vger.kernel.org List-ID: On 11 February 2017 at 10:53, Herbert Xu wrote: > On Fri, Feb 03, 2017 at 02:49:34PM +0000, Ard Biesheuvel wrote: >> This series is primarily directed at improving the performance and security >> of CCM on the Rasperry Pi 3. This involves splitting the MAC handling of >> CCM into a separate driver so that we can efficiently replace it by something >> else using the ordinary algo resolution machinery. >> >> Patch #1 adds some testcases for cbcmac(aes), which will be introduced later. >> >> Patch #2 replaces the open coded CBC MAC hashing routines in the CCM driver >> with calls to a cbcmac() hash, and implements a template for producing such >> cbcmac transforms. This eliminates all the fuzzy scatterwalk code as well. >> >> Patch #3 implements cbcmac(aes) using NEON on arm64, and CMAC/XCBC at the >> same time, since it is trivially implemented reusing the same core transform > > All applied. Please send any fixups on top of these patches. Thanks Herbert. I do have a fixup for #2, which currently does not correctly take the alignmask of the MAC's subordinate cipher into account. I will send a fix for that shortly.