From patchwork Thu Jun 27 10:26:34 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 167916 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp2148777ilk; Thu, 27 Jun 2019 03:28:15 -0700 (PDT) X-Google-Smtp-Source: APXvYqyQoMmKdS/lZVz/9vXlAteor7gPcfHmWBzi3Jm8rKxG5XK1EvKeZ92ihx8eQOLRb4LGi6hb X-Received: by 2002:a17:90a:384d:: with SMTP id l13mr5248160pjf.86.1561631295354; Thu, 27 Jun 2019 03:28:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561631295; cv=none; d=google.com; s=arc-20160816; b=Q2pMi+hfRTRlu/ehm5Kuvp7nHj83KZN7zbRDiQsc2VJJiDueGNmIUC5KcV1pI/pV0m EOsA4tRBLY06mfk+FS6QxclrWq71lGSLy0pLAVDX1u3lZV9GgMODdLwnuh00htwv1n1/ DPkzy10YuChXeQ6YrfwAjPHHFlYK621Zat7oF16u3RJ9ptfq9QlbHchy/ZwsKbk3IHmj 6J+QJLji6ylGXbO8dKIz3raSO/fl6nNWYiM7oUHg3EzlT4ZrgNGgzVlPzQHiGsg4SOMz gVexvP8kMCFsqMkdNQcHceCXrE6JMbCgOLiLqoipKd2bvpsznh5PRzISdiJodR+AlDaO ANvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JgRwk7rV4YDW0Cr7MyntD6TN2vlr6LPUNeCX8j451cs=; b=E4D+dDiTOIXDL0HnUfh20fAlMCsSMzJlkWYJHJpid+15rkDugrBuAckr1+5N01LMty 3YHLAjDLd15AciwRftoGgs725F0MDTfgxVwtDgPlc4kPc1Y6Y4EgjJXoWRYZRsYqQKSV zZMBEDSDA0RITr3wH11PaJfgotQyO+VzL6WjO41AFO03sYH7mlyUGWyJIu/cAVQsX/vv hnllwOpBTtGcy8u5Wz5B+QvVq7MRYeEEuqzavZ3UhmGMiuifkl1dbOKqvitSiC+FIBTl yoKqbeAn9ECrlteNKxRQfMSJ2PzULYZJymmmN1HaU0Y+evG6XRlf951eWtRprZaCDlmf dVVw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="LbL/3Rpq"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f32si4829522pjg.42.2019.06.27.03.28.15; Thu, 27 Jun 2019 03:28:15 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="LbL/3Rpq"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726382AbfF0K2O (ORCPT + 3 others); Thu, 27 Jun 2019 06:28:14 -0400 Received: from mail-wm1-f52.google.com ([209.85.128.52]:52003 "EHLO mail-wm1-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726669AbfF0K2N (ORCPT ); Thu, 27 Jun 2019 06:28:13 -0400 Received: by mail-wm1-f52.google.com with SMTP id 207so5186655wma.1 for ; Thu, 27 Jun 2019 03:28:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JgRwk7rV4YDW0Cr7MyntD6TN2vlr6LPUNeCX8j451cs=; b=LbL/3RpqaXV6IJH+KwFIsRaEzDlymHrfnWS+TLt48c+YJKKUiudhNceRorjI8YOG2V hus8CmnRWKtWW+Df7e9OUaheziY8BdwIdeau9Gqt9SXAqcsRKh7PSrwekMPEslPX4+hl d0ntvwoWTKZKIutRBwhOeSmIBH3APnZYid5Yyiv5tzM7/USKPk9fx3BJhHi9aglDKkaS 4tAh7th4amPKhUE+0xMZlaZXPhpPj6gyUOqdVVBtf7bz7fE3Y6uK9FGy7CVk7hSH77tj EXWxY6oXjibKEX6CLiPf4wqT60pE0o1VKYKgGelkdI9Mhm+rtK1+FDqOOeKiH19L158Y FA1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JgRwk7rV4YDW0Cr7MyntD6TN2vlr6LPUNeCX8j451cs=; b=SLxgPkID2LhXMfghS5gIlTnBDA6PQpAHvD2Liz34407a+RT1dpNZB5zadYpGhTvgdj ghwVoOXdZAdYfJMnSX9+zi0hfFHt6uZT/HSq/nyircnjJiwQ++8qFQuAQIxKq4mY5dTM XDO2bYuevUhxOsnINrgJVzxMdq60m5S8XDEXFnCKna9gDzswl1naSslkBgzKp6E5gpOC DA0u1b3zcnI9Rk+n3blYYkvE5b1iI6I5Bnb6dJR8kJqJQLNliLo0r8FSR/yqvLKwFU6r xezZN9cHmsWZLRKxSoyWXbRuGuZ5LoQOgpyhuXuYQ1e1ZiDU3oDK2xt6oqJz5xIrLBy8 KxIQ== X-Gm-Message-State: APjAAAU0XGl3pxJPoFRzlCsDNSxwGnBOxFrZSiE0oqQqQkUrfD8pdrw8 76pgGxEaMxFncvjNM7oZVaV+cP7Nhwk= X-Received: by 2002:a1c:7a01:: with SMTP id v1mr2846599wmc.10.1561631291353; Thu, 27 Jun 2019 03:28:11 -0700 (PDT) Received: from localhost.localdomain (aaubervilliers-681-1-8-173.w90-88.abo.wanadoo.fr. [90.88.13.173]) by smtp.gmail.com with ESMTPSA id g2sm5584533wmh.0.2019.06.27.03.28.10 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 27 Jun 2019 03:28:10 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, Ard Biesheuvel Subject: [PATCH v3 19/32] crypto: aes/arm - use native endiannes for key schedule Date: Thu, 27 Jun 2019 12:26:34 +0200 Message-Id: <20190627102647.2992-20-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190627102647.2992-1-ard.biesheuvel@linaro.org> References: <20190627102647.2992-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Align ARM's hw instruction based AES implementation with other versions that keep the key schedule in native endianness. This will allow us to merge the various implementations going forward. Signed-off-by: Ard Biesheuvel --- arch/arm/crypto/aes-ce-core.S | 20 ++++++++++---------- arch/arm/crypto/aes-ce-glue.c | 9 +++------ 2 files changed, 13 insertions(+), 16 deletions(-) -- 2.20.1 diff --git a/arch/arm/crypto/aes-ce-core.S b/arch/arm/crypto/aes-ce-core.S index bc53bcaa772e..3692b8735ef7 100644 --- a/arch/arm/crypto/aes-ce-core.S +++ b/arch/arm/crypto/aes-ce-core.S @@ -91,19 +91,19 @@ .macro do_block, dround, fround cmp r3, #12 @ which key size? - vld1.8 {q10-q11}, [ip]! + vld1.32 {q10-q11}, [ip]! \dround q8, q9 - vld1.8 {q12-q13}, [ip]! + vld1.32 {q12-q13}, [ip]! \dround q10, q11 - vld1.8 {q10-q11}, [ip]! + vld1.32 {q10-q11}, [ip]! \dround q12, q13 - vld1.8 {q12-q13}, [ip]! + vld1.32 {q12-q13}, [ip]! \dround q10, q11 blo 0f @ AES-128: 10 rounds - vld1.8 {q10-q11}, [ip]! + vld1.32 {q10-q11}, [ip]! \dround q12, q13 beq 1f @ AES-192: 12 rounds - vld1.8 {q12-q13}, [ip] + vld1.32 {q12-q13}, [ip] \dround q10, q11 0: \fround q12, q13, q14 bx lr @@ -152,8 +152,8 @@ ENDPROC(aes_decrypt_3x) .macro prepare_key, rk, rounds add ip, \rk, \rounds, lsl #4 - vld1.8 {q8-q9}, [\rk] @ load first 2 round keys - vld1.8 {q14}, [ip] @ load last round key + vld1.32 {q8-q9}, [\rk] @ load first 2 round keys + vld1.32 {q14}, [ip] @ load last round key .endm /* @@ -508,8 +508,8 @@ ENDPROC(ce_aes_sub) * operation on round key *src */ ENTRY(ce_aes_invert) - vld1.8 {q0}, [r1] + vld1.32 {q0}, [r1] aesimc.8 q0, q0 - vst1.8 {q0}, [r0] + vst1.32 {q0}, [r0] bx lr ENDPROC(ce_aes_invert) diff --git a/arch/arm/crypto/aes-ce-glue.c b/arch/arm/crypto/aes-ce-glue.c index 04ba66903674..e6da3e30018b 100644 --- a/arch/arm/crypto/aes-ce-glue.c +++ b/arch/arm/crypto/aes-ce-glue.c @@ -10,6 +10,7 @@ #include #include +#include #include #include #include @@ -80,21 +81,17 @@ static int ce_aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key, key_len != AES_KEYSIZE_256) return -EINVAL; - memcpy(ctx->key_enc, in_key, key_len); ctx->key_length = key_len; + for (i = 0; i < kwords; i++) + ctx->key_enc[i] = get_unaligned_le32(in_key + i * sizeof(u32)); kernel_neon_begin(); for (i = 0; i < sizeof(rcon); i++) { u32 *rki = ctx->key_enc + (i * kwords); u32 *rko = rki + kwords; -#ifndef CONFIG_CPU_BIG_ENDIAN rko[0] = ror32(ce_aes_sub(rki[kwords - 1]), 8); rko[0] = rko[0] ^ rki[0] ^ rcon[i]; -#else - rko[0] = rol32(ce_aes_sub(rki[kwords - 1]), 8); - rko[0] = rko[0] ^ rki[0] ^ (rcon[i] << 24); -#endif rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3];