From patchwork Sun Sep 30 08:58:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 147855 Delivered-To: patch@linaro.org Received: by 2002:a2e:8595:0:0:0:0:0 with SMTP id b21-v6csp2663995lji; Sun, 30 Sep 2018 01:59:16 -0700 (PDT) X-Google-Smtp-Source: ACcGV612NT6o4yesBevx3fd+UWexh00zr3WDvuSYTayMZhmLak4PVrIiXQu8HZua5YlU0kh5stPX X-Received: by 2002:a63:c20f:: with SMTP id b15-v6mr5817740pgd.13.1538297956040; Sun, 30 Sep 2018 01:59:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538297956; cv=none; d=google.com; s=arc-20160816; b=Pyw+ybJhZHDeOEWwZcn6bQnHw5Gv01EtYCZooY1xgucNcfVWzfkXhv1Txzr7fHXKo5 Y0YU6k5UMvIygFU1RYBJ5XwdEs+5+M8KWPKcfAhrU1qJFz5l9KsTYJfRO1RbrcH4QNzV yIbkyCRo9K5EGZiPdpY743iPPm4PmoptD0IX4SL8ip2WCT3y8w+F0VCMNYE5n6qrKAnr GMcpfPfMztw36c7Rx4SumZqABrFng4BFiXQrw24pG3XZb40DWj91sB9OFqwQqtsGH/RU YXfhzSZ+X7LIa+/gizOyLQjWCMR85AiXQWBAJK+9yhYbMzu34vEi/r9RkIizcmrKdXfw /LCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6dGEHukIH9ImrEjjwNUcetNaKAJ8KWqe4SCp5wRBmec=; b=UkPA5eXp6NJW72kD0rgWkOJxMpfFUPe3rBspQfT0AQTp9FmrhPCnlEQiWzLaaYg2pz YeyTu14jKk8wD/9EEFERAz09zyaPb6Q71pDfQhmsz+u2VG6IMAUl/kNZtteBtwgGiTAp glO35mVmthOYZiX038xI1M8GT+4OG8Ljnrs4FAQpmmiNgR4rrDjN45Q40o4TDhj8yuZW /m16q/9jnPvhAlSZEN3ualtsSdt6D2dESj/cwrbi8p17fLf+jBU3pjh/CfFx6A+HSn+B dFjNO8Y/a4j3NezB2dsjuagQUJbxmtw3EJ5kLgKs+MqkwP7yER3SJPXl5YS64yuTYshY NkuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="ZNreO/Qp"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t6-v6si9234747pgk.306.2018.09.30.01.59.15; Sun, 30 Sep 2018 01:59:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b="ZNreO/Qp"; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727852AbeI3PbU (ORCPT + 2 others); Sun, 30 Sep 2018 11:31:20 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:33973 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727818AbeI3PbU (ORCPT ); Sun, 30 Sep 2018 11:31:20 -0400 Received: by mail-wm1-f67.google.com with SMTP id z25-v6so875290wmf.1 for ; Sun, 30 Sep 2018 01:59:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=6dGEHukIH9ImrEjjwNUcetNaKAJ8KWqe4SCp5wRBmec=; b=ZNreO/QpTY6ir5uFztmyzB+1s0og6UhZ9LgUMI3CpLodjEIFmRHIe/UXOnzGA3uXdB qXo0qEZvoYPZzmN23/tXMs9OL7RlJ717BjPG6M6dI11kXkD7Fu7M+4OpEB6mlLNpFteS LZUK4LItt+iAZMf+hvefClH18sfXeVCPeIjqA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=6dGEHukIH9ImrEjjwNUcetNaKAJ8KWqe4SCp5wRBmec=; b=ipbnW7teZFLl6YWv936EEttHdLUDOCFFHqUIkvHSghszvUajP4IRZ64t1+iSKIAqH6 BIbU2opxs584eblA3z16Bc0at33Ad4zm7svx6JArrPBIAvy6ALKShfuYu68CDbqyU99H hrXnfyQHxH/ZYfA07x0X9CNcyuz6UGd6BRFfSshKDzzxPTWZUqrvq+7BehOast0YBeBF XcyiJYSo50s9nNlTUHLP/Ae9hWa3YrKJ0cA7raULlP3Vf7H+evzp/hw2LKBoQ31QQ3iV +JpmS1M39d+zcKse8SHwyt2GODjNz9i3Anhcbx1zRqcHbvsgzdvo8z2MFHQePm2kFv8q g4Qg== X-Gm-Message-State: ABuFfojHQfbovxIabPVdZnPk6tA+O7Pk+ROYl2s3o9sfan4CwE5w3n+i IcvuE5wGdboinPWdFN73b8a8ffHc0+Y= X-Received: by 2002:a1c:385:: with SMTP id 127-v6mr6296452wmd.92.1538297950188; Sun, 30 Sep 2018 01:59:10 -0700 (PDT) Received: from rev03.home ([2a01:cb1d:112:6f00:4507:1640:20db:cc08]) by smtp.gmail.com with ESMTPSA id l140-v6sm10816540wmb.24.2018.09.30.01.59.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 30 Sep 2018 01:59:09 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@google.com, omosnace@redhat.com, Ard Biesheuvel Subject: [PATCH 1/2] crypto: morus/generic - fix for big endian systems Date: Sun, 30 Sep 2018 10:58:58 +0200 Message-Id: <20180930085859.15038-2-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.19.0 In-Reply-To: <20180930085859.15038-1-ard.biesheuvel@linaro.org> References: <20180930085859.15038-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Omit the endian swabbing when folding the lengths of the assoc and crypt input buffers into the state to finalize the tag. This is not necessary given that the memory representation of the state is in machine native endianness already. This fixes an error reported by tcrypt running on a big endian system: alg: aead: Test 2 failed on encryption for morus640-generic 00000000: a8 30 ef fb e6 26 eb 23 b0 87 dd 98 57 f3 e1 4b 00000010: 21 alg: aead: Test 2 failed on encryption for morus1280-generic 00000000: 88 19 1b fb 1c 29 49 0e ee 82 2f cb 97 a6 a5 ee 00000010: 5f Fixes: 396be41f16fd ("crypto: morus - Add generic MORUS AEAD implementations") Cc: # v4.18+ Signed-off-by: Ard Biesheuvel --- crypto/morus1280.c | 7 ++----- crypto/morus640.c | 16 ++++------------ 2 files changed, 6 insertions(+), 17 deletions(-) -- 2.19.0 Reviewed-by: Ondrej Mosnacek diff --git a/crypto/morus1280.c b/crypto/morus1280.c index d057cf5ac4a8..3889c188f266 100644 --- a/crypto/morus1280.c +++ b/crypto/morus1280.c @@ -385,14 +385,11 @@ static void crypto_morus1280_final(struct morus1280_state *state, struct morus1280_block *tag_xor, u64 assoclen, u64 cryptlen) { - u64 assocbits = assoclen * 8; - u64 cryptbits = cryptlen * 8; - struct morus1280_block tmp; unsigned int i; - tmp.words[0] = cpu_to_le64(assocbits); - tmp.words[1] = cpu_to_le64(cryptbits); + tmp.words[0] = assoclen * 8; + tmp.words[1] = cryptlen * 8; tmp.words[2] = 0; tmp.words[3] = 0; diff --git a/crypto/morus640.c b/crypto/morus640.c index 1ca76e54281b..da06ec2f6a80 100644 --- a/crypto/morus640.c +++ b/crypto/morus640.c @@ -384,21 +384,13 @@ static void crypto_morus640_final(struct morus640_state *state, struct morus640_block *tag_xor, u64 assoclen, u64 cryptlen) { - u64 assocbits = assoclen * 8; - u64 cryptbits = cryptlen * 8; - - u32 assocbits_lo = (u32)assocbits; - u32 assocbits_hi = (u32)(assocbits >> 32); - u32 cryptbits_lo = (u32)cryptbits; - u32 cryptbits_hi = (u32)(cryptbits >> 32); - struct morus640_block tmp; unsigned int i; - tmp.words[0] = cpu_to_le32(assocbits_lo); - tmp.words[1] = cpu_to_le32(assocbits_hi); - tmp.words[2] = cpu_to_le32(cryptbits_lo); - tmp.words[3] = cpu_to_le32(cryptbits_hi); + tmp.words[0] = lower_32_bits(assoclen * 8); + tmp.words[1] = upper_32_bits(assoclen * 8); + tmp.words[2] = lower_32_bits(cryptlen * 8); + tmp.words[3] = upper_32_bits(cryptlen * 8); for (i = 0; i < MORUS_BLOCK_WORDS; i++) state->s[4].words[i] ^= state->s[0].words[i];