From patchwork Mon Oct 1 08:36:37 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 147875 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp3632235lji; Mon, 1 Oct 2018 01:36:45 -0700 (PDT) X-Google-Smtp-Source: ACcGV60iSBix7fu8cKlCqr7lseBvhwkNWB75cC5mBG+qvvRqjMjqSg50l69VJtc/95IZw5fbeaPR X-Received: by 2002:a63:ce14:: with SMTP id y20-v6mr9553213pgf.248.1538383005500; Mon, 01 Oct 2018 01:36:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538383005; cv=none; d=google.com; s=arc-20160816; b=wPabyei6jYkJflhvSgy5ZZLRdEOO+oxO1slaeU9X6yZN+UKA6QXm+a8ybr0+RJeRR9 RSUdfNC/BCe2+CyXebuFYX7xN2v+FHyiW7iAFH5Pz9QhwjBrwqTESbZnOr093LNfyVKs d16P4Z2hAGi6kTdDOKns5UGhCSIuJjkrBR7/GF4hNChgAsamsN1t+l4MTAfao+RcRlyQ +7yKdKkH4+t4dyx36nhAG4qty0rz9K2Y2MDomUDdYce0YHJDEHIbVLbTwlaea+CPoAtd 1ZGcxBywADsB2PR0/b5v2o/80YSDtVtRQq9aCiO6P1TPW+GqPJSRHRpHTwZ0CocnTbDZ fNLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=0LnnX+/SGqPuqom0bWMucLUWnMzIXfzTgiulZQdvP0A=; b=bm6hb5eeilgh5ozKO171RaBBtfkW+cCo3ojJ+1xfYlrizn0UALwjBJmS9P+rQEJvfN qM9KoP6mcUQUjoxzk1COcWT0L+6Sj4k6pEH6wEaSVgUSpyeRGvVXu0CF68Kw+XkY6M3Q GfGWaty3uJKE1Ikq9yPcpFkhlpblGDEfieQKjdf5t34uThRp5x9BPaf/ppGnIkUeJ9zR Cwv8a6pO+es3YwOf/tRfcPLKzrNpY45sNXpH/wcG4oQGexxL0i1hIedv7f3v8331cJHf /frVbc69IW5MFflSWgjdPj3fmvykI1TDzCeLgu823u8IQgezxTZ19rg0Tlbt0iojEYNn uZKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="L4rl/ijM"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d11-v6si11521766pgd.342.2018.10.01.01.36.45; Mon, 01 Oct 2018 01:36:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="L4rl/ijM"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728804AbeJAPNV (ORCPT + 2 others); Mon, 1 Oct 2018 11:13:21 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:40113 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728749AbeJAPNU (ORCPT ); Mon, 1 Oct 2018 11:13:20 -0400 Received: by mail-wm1-f67.google.com with SMTP id o2-v6so7774906wmh.5 for ; Mon, 01 Oct 2018 01:36:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=0LnnX+/SGqPuqom0bWMucLUWnMzIXfzTgiulZQdvP0A=; b=L4rl/ijMfSXFX4gZaonOGwea1smQzlAuwyaViQxfPHQkq9LMALI4HzA03ZsF9KHqFd WLrAnrjez7Wtpa/DJhf+9HoKud0JJJ4n+QlDa/rOBprZQDOUaDVhUuuD0uy31ZDeKt0k BGboBnmNGdCOLrfTC7G96iO13qpXNHWsZBu8c= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=0LnnX+/SGqPuqom0bWMucLUWnMzIXfzTgiulZQdvP0A=; b=JcbABsWPpwxQkIqeVwNMT7sACJD1DbYaKajoGRZw3W3Vz1lumSMGkbTkHfAGq1ZnCm FKDwem6WjJjM/SIAIDX2ebsgHlSShB5NDKZ7kHd0Zdo8MUc4hS/wN7k4BRNHxAlYhMtw q/LVTfjtCgZ3lFKSGqCCsO/rfWBlh/RQf22v6MHtV2uxqRtxz/cxGh/RZC8vr0Hgtjy0 R08BYrTFOo0c51d0QZttJqQC2Tr9Y3ErEU08Ex7r0Luo1LMfsPGwfc+JpOSAblt0toKd BFkH+bPcvxpfZVSYp39MEwjOFf9eYJrO5vTt5Bvhiw17tLWFmeN5cdUe4Xtc7PTxUD9U Hovw== X-Gm-Message-State: ABuFfogXuYutM4Vhi8MhkBbk1cwEqQW62BGrFJrhEfSOGwcYFnf40/Po DO8vwcLOytoZsjNmXOEcbQ2oLQ5sv2g= X-Received: by 2002:a1c:700a:: with SMTP id l10-v6mr7948847wmc.90.1538383002253; Mon, 01 Oct 2018 01:36:42 -0700 (PDT) Received: from dogfood.home ([2a01:cb1d:112:6f00:6d26:fb49:4a42:a358]) by smtp.gmail.com with ESMTPSA id u127-v6sm7689465wmf.48.2018.10.01.01.36.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Oct 2018 01:36:41 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@google.com, omosnace@redhat.com, Ard Biesheuvel Subject: [PATCH v2 1/2] crypto: morus/generic - fix for big endian systems Date: Mon, 1 Oct 2018 10:36:37 +0200 Message-Id: <20181001083638.28325-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181001083638.28325-1-ard.biesheuvel@linaro.org> References: <20181001083638.28325-1-ard.biesheuvel@linaro.org> Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Omit the endian swabbing when folding the lengths of the assoc and crypt input buffers into the state to finalize the tag. This is not necessary given that the memory representation of the state is in machine native endianness already. This fixes an error reported by tcrypt running on a big endian system: alg: aead: Test 2 failed on encryption for morus640-generic 00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b 00000010: 21 alg: aead: Test 2 failed on encryption for morus1280-generic 00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee 00000010: 5f Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Cc: # v4.18+ Reviewed-by: Ondrej Mosnacek Signed-off-by: Ard Biesheuvel --- crypto/morus1280.c | 7 ++----- crypto/morus640.c | 16 ++++------------ 2 files changed, 6 insertions(+), 17 deletions(-) -- 2.17.1 diff --git a/crypto/morus1280.c b/crypto/morus1280.c index d057cf5ac4a8..3889c188f266 100644 --- a/crypto/morus1280.c +++ b/crypto/morus1280.c @@ -385,14 +385,11 @@ static void crypto_morus1280_final(struct morus1280_state *state, struct morus1280_block *tag_xor, u64 assoclen, u64 cryptlen) { - u64 assocbits = assoclen * 8; - u64 cryptbits = cryptlen * 8; - struct morus1280_block tmp; unsigned int i; - tmp.words[0] = cpu_to_le64(assocbits); - tmp.words[1] = cpu_to_le64(cryptbits); + tmp.words[0] = assoclen * 8; + tmp.words[1] = cryptlen * 8; tmp.words[2] = 0; tmp.words[3] = 0; diff --git a/crypto/morus640.c b/crypto/morus640.c index 1ca76e54281b..da06ec2f6a80 100644 --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -384,21 +384,13 @@ static void crypto_morus640_final(struct morus640_state *state, struct morus640_block *tag_xor, u64 assoclen, u64 cryptlen) { - u64 assocbits = assoclen * 8; - u64 cryptbits = cryptlen * 8; - - u32 assocbits_lo = (u32)assocbits; - u32 assocbits_hi = (u32)(assocbits >> 32); - u32 cryptbits_lo = (u32)cryptbits; - u32 cryptbits_hi = (u32)(cryptbits >> 32); - struct morus640_block tmp; unsigned int i; - tmp.words[0] = cpu_to_le32(assocbits_lo); - tmp.words[1] = cpu_to_le32(assocbits_hi); - tmp.words[2] = cpu_to_le32(cryptbits_lo); - tmp.words[3] = cpu_to_le32(cryptbits_hi); + tmp.words[0] = lower_32_bits(assoclen * 8); + tmp.words[1] = upper_32_bits(assoclen * 8); + tmp.words[2] = lower_32_bits(cryptlen * 8); + tmp.words[3] = upper_32_bits(cryptlen * 8); for (i = 0; i < MORUS_BLOCK_WORDS; i++) state->s[4].words[i] ^= state->s[0].words[i];