From patchwork Sat Jun 22 19:34:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 167503 Delivered-To: patch@linaro.org Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp2256046ilk; Sat, 22 Jun 2019 12:35:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqwj88tkpqz18uXekWmrCNGDc/psioo18onak+5YQETBggP7Su1LPg3Ux7Mm1s/c7f2XbJvm X-Received: by 2002:a63:d1d:: with SMTP id c29mr14824068pgl.251.1561232103494; Sat, 22 Jun 2019 12:35:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561232103; cv=none; d=google.com; s=arc-20160816; b=LKRH7nhlQZ44XRtYWbnvigv4wPFpZiiQVL33IN0fzCXqAjT6JJgXYFL0sae1NmoUJQ KvCW4JHF7nGgm12kOHpp1DWR/ASvOdLQ8QOKBz9a3yM1+9R8RguV8WIRTD64ysvEqHoP /Uf1Y0LBq5j73TcQtiGlU0/+IcxSKlQj+Yf1zAbx+lpZhaFEDjV0GyIQFfMDxV0kPjpj ln2175PD9T672aAtrerLFcGP3UpcCYOChe64VfdgtRkyzBQcX0eT1AnwVWwsPtHTpdwk 97Dxb9RlW99nsxkPOzFt8MKitzImBo04UqPm2+M5FZz+cBF9rfTEc1Nr9NHSecw5fuJ7 UZQw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JgRwk7rV4YDW0Cr7MyntD6TN2vlr6LPUNeCX8j451cs=; b=MWRF9AzfbWD4PA4JIKM1Go71jInnYFemtsBpvI0gTBWJ5hzg9XGwVEp4imYCzmwvKr lhhAZDa9jvWtbCLzsBmdkZ8yDRgznX6CupdHYnrWPrG8vzBDNLMFN1B0bAyXaUR99Lj3 9DSMsox1gG48eu8Dv3VkF1ovsn9ZrvautRaFWlwaIhfAOa110VR4wlWkT8K5enodFuZV 6c5AV4FxRPCS/OmkuaRUBmMdDk16Hu8nfUzrm+AbH/XP5D8a/I8fZ+VXIl45x+nLIWv2 uzewUpIn985WDN1C28waOvkiHKNxhe+/DOV0T4rShcxl6d1C5yp1cb1F+jv2fpHIGG/F jHJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ge1zLkXR; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l21si5511699pgb.409.2019.06.22.12.35.03; Sat, 22 Jun 2019 12:35:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ge1zLkXR; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726386AbfFVTfC (ORCPT + 3 others); Sat, 22 Jun 2019 15:35:02 -0400 Received: from mail-wr1-f68.google.com ([209.85.221.68]:40983 "EHLO mail-wr1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726378AbfFVTfC (ORCPT ); Sat, 22 Jun 2019 15:35:02 -0400 Received: by mail-wr1-f68.google.com with SMTP id c2so9704832wrm.8 for ; Sat, 22 Jun 2019 12:35:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JgRwk7rV4YDW0Cr7MyntD6TN2vlr6LPUNeCX8j451cs=; b=ge1zLkXRgySqIvDpzQa7s1BcIusdV6uU80ACw2ZbtUmazBYKJVd93dvlO8TfcUXyaj wCOOI1uyObgEWUIGoAfEfPS11gVaK+M+Uc/7Qcg2mROc8IXhYW/krvQz+CJ2IVlnqjRr AaLb0E1Pk9GtbkUYccRy/Ijt+Dn/RCU1yGtbAYhGWCQBlSfblpUnpR4RuVKPIg1ChnJJ PCtUiKaIZ3zzNZ5Vic/p5cAxEJF3VUc8klrX69eibxSys8S2m1rtJvHsPKejdOaRJADp zZpetAlUlNByQ388Tb9Q15/+MYgqf3bBFMkYBKDSB2jCENZZSVEDJ6d3Xy6npJ03c9A7 +v1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JgRwk7rV4YDW0Cr7MyntD6TN2vlr6LPUNeCX8j451cs=; b=KQkzzlOpEMiaXAhWZDrQcx6WmppPeu63PAe6/i2IQZAGNA0tKqaxlYjp6gwi84p1zI OwAiR1fqEveIw3Tgpcrl3MoEg85SZbiCGulGJrJ2YLz6YN7fD7mN9vuMDS89NYKGRcmI NGy52gJmZHY1ZdRe4VVVNlfpLIfdecFLWQTh7T6ujW2CuJTtZCJ7urY1ERZ9Y6jWw03v w+n69DbruHsa3LeIEa5hkxr1SZoI9wU/3byBByvq4toAACvllSDM0fHqvdw61LjN7heM GGeSBRkcIB7O5IVyMjtbh25+JuLI4bg3h/gOnYVNH7hP1+4YLiTzaeXddbEo19WDRBWK ynyw== X-Gm-Message-State: APjAAAUeu2Nyag6aQb92oebFw2nyWDh83zEDQDl6XkPjzQ7zCM4oWBkh 9WtwnP0h8jxOnIrUdcMiMLTIWkuIF4+qNhx5 X-Received: by 2002:adf:ff90:: with SMTP id j16mr23616872wrr.135.1561232100290; Sat, 22 Jun 2019 12:35:00 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:4bd:3f91:4ef8:ae7e]) by smtp.gmail.com with ESMTPSA id h8sm4814494wmf.12.2019.06.22.12.34.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 22 Jun 2019 12:34:59 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@google.com, Ard Biesheuvel Subject: [PATCH v2 19/26] crypto: aes/arm - use native endiannes for key schedule Date: Sat, 22 Jun 2019 21:34:20 +0200 Message-Id: <20190622193427.20336-20-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190622193427.20336-1-ard.biesheuvel@linaro.org> References: <20190622193427.20336-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Align ARM's hw instruction based AES implementation with other versions that keep the key schedule in native endianness. This will allow us to merge the various implementations going forward. Signed-off-by: Ard Biesheuvel --- arch/arm/crypto/aes-ce-core.S | 20 ++++++++++---------- arch/arm/crypto/aes-ce-glue.c | 9 +++------ 2 files changed, 13 insertions(+), 16 deletions(-) -- 2.20.1 diff --git a/arch/arm/crypto/aes-ce-core.S b/arch/arm/crypto/aes-ce-core.S index bc53bcaa772e..3692b8735ef7 100644 --- a/arch/arm/crypto/aes-ce-core.S +++ b/arch/arm/crypto/aes-ce-core.S @@ -91,19 +91,19 @@ .macro do_block, dround, fround cmp r3, #12 @ which key size? - vld1.8 {q10-q11}, [ip]! + vld1.32 {q10-q11}, [ip]! \dround q8, q9 - vld1.8 {q12-q13}, [ip]! + vld1.32 {q12-q13}, [ip]! \dround q10, q11 - vld1.8 {q10-q11}, [ip]! + vld1.32 {q10-q11}, [ip]! \dround q12, q13 - vld1.8 {q12-q13}, [ip]! + vld1.32 {q12-q13}, [ip]! \dround q10, q11 blo 0f @ AES-128: 10 rounds - vld1.8 {q10-q11}, [ip]! + vld1.32 {q10-q11}, [ip]! \dround q12, q13 beq 1f @ AES-192: 12 rounds - vld1.8 {q12-q13}, [ip] + vld1.32 {q12-q13}, [ip] \dround q10, q11 0: \fround q12, q13, q14 bx lr @@ -152,8 +152,8 @@ ENDPROC(aes_decrypt_3x) .macro prepare_key, rk, rounds add ip, \rk, \rounds, lsl #4 - vld1.8 {q8-q9}, [\rk] @ load first 2 round keys - vld1.8 {q14}, [ip] @ load last round key + vld1.32 {q8-q9}, [\rk] @ load first 2 round keys + vld1.32 {q14}, [ip] @ load last round key .endm /* @@ -508,8 +508,8 @@ ENDPROC(ce_aes_sub) * operation on round key *src */ ENTRY(ce_aes_invert) - vld1.8 {q0}, [r1] + vld1.32 {q0}, [r1] aesimc.8 q0, q0 - vst1.8 {q0}, [r0] + vst1.32 {q0}, [r0] bx lr ENDPROC(ce_aes_invert) diff --git a/arch/arm/crypto/aes-ce-glue.c b/arch/arm/crypto/aes-ce-glue.c index 04ba66903674..e6da3e30018b 100644 --- a/arch/arm/crypto/aes-ce-glue.c +++ b/arch/arm/crypto/aes-ce-glue.c @@ -10,6 +10,7 @@ #include #include +#include #include #include #include @@ -80,21 +81,17 @@ static int ce_aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key, key_len != AES_KEYSIZE_256) return -EINVAL; - memcpy(ctx->key_enc, in_key, key_len); ctx->key_length = key_len; + for (i = 0; i < kwords; i++) + ctx->key_enc[i] = get_unaligned_le32(in_key + i * sizeof(u32)); kernel_neon_begin(); for (i = 0; i < sizeof(rcon); i++) { u32 *rki = ctx->key_enc + (i * kwords); u32 *rko = rki + kwords; -#ifndef CONFIG_CPU_BIG_ENDIAN rko[0] = ror32(ce_aes_sub(rki[kwords - 1]), 8); rko[0] = rko[0] ^ rki[0] ^ rcon[i]; -#else - rko[0] = rol32(ce_aes_sub(rki[kwords - 1]), 8); - rko[0] = rko[0] ^ rki[0] ^ (rcon[i] << 24); -#endif rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3];