kern/57426: kernel aes(9) API should have optimized standard AES key schedule

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/57426: kernel aes(9) API should have optimized standard AES key schedule
From: campbell+netbsd%mumble.net@localhost
Date: Mon, 22 May 2023 14:20:01 +0000 (UTC)

>Number:         57426
>Category:       kern
>Synopsis:       kernel aes(9) API should have optimized standard AES key schedule
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 22 14:20:00 +0000 2023
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The NetAES Foundation
>Environment:
>Description:
Optimized AES implementations have callbacks for computing custom AES key schedules that can be used for custom AES encryption and decryption routines.

For example, the portable C AES code from BearSSL uses a variant key schedule that is optimized for bitslicing.

However, some drivers like mvxpsec(4) require software to compute the standard AES key schedule.

These drivers can call br_aes_ct_keysched_stdenc/dec, but if the CPU has AES-NI, for instance, they should be able to take advantage of that to compute the standard AES key schedule.
>How-To-Repeat:
think about removing the last abuse of tables for AES in mvxpsec(4) 
>Fix:
Yes, please!

Prev by Date: Re: misc/55757 (Builds fail to clean up temporary files)
Next by Date: kern/57427: mvxpsec(4) is vulnerable to cache-timing attacks on table-based AES key schedule
Previous by Thread: Re: toolchain/35964 (Setting SHAREDSTRINGS=yes causes build to fail)
Next by Thread: kern/57427: mvxpsec(4) is vulnerable to cache-timing attacks on table-based AES key schedule
Indexes:

Home | Main Index | Thread Index | Old Index