[PATCH 4.9 152/206] crypto: arm64/aes-ce - fix for big endian

2017-01-10 Thread Greg Kroah-Hartman 
4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Ard Biesheuvel 

commit 1803b9a52c4e5a5dbb8a27126f6bc06939359753 upstream.

The core AES cipher implementation that uses ARMv8 Crypto Extensions
instructions erroneously loads the round keys as 64-bit quantities,
which causes the algorithm to fail when built for big endian. In
addition, the key schedule generation routine fails to take endianness
into account as well, when loading the combining the input key with
the round constants. So fix both issues.

Fixes: 12ac3efe74f8 ("arm64/crypto: use crypto instructions to generate AES key 
schedule")
Signed-off-by: Ard Biesheuvel 
Signed-off-by: Herbert Xu 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/arm64/crypto/aes-ce-cipher.c |   25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

--- a/arch/arm64/crypto/aes-ce-cipher.c
+++ b/arch/arm64/crypto/aes-ce-cipher.c
@@ -47,24 +47,24 @@ static void aes_cipher_encrypt(struct cr
kernel_neon_begin_partial(4);
 
__asm__("   ld1 {v0.16b}, %[in] ;"
-   "   ld1 {v1.2d}, [%[key]], #16  ;"
+   "   ld1 {v1.16b}, [%[key]], #16 ;"
"   cmp %w[rounds], #10 ;"
"   bmi 0f  ;"
"   bne 3f  ;"
"   mov v3.16b, v1.16b  ;"
"   b   2f  ;"
"0: mov v2.16b, v1.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"1: aesev0.16b, v2.16b  ;"
"   aesmc   v0.16b, v0.16b  ;"
-   "2: ld1 {v1.2d}, [%[key]], #16  ;"
+   "2: ld1 {v1.16b}, [%[key]], #16 ;"
"   aesev0.16b, v3.16b  ;"
"   aesmc   v0.16b, v0.16b  ;"
-   "3: ld1 {v2.2d}, [%[key]], #16  ;"
+   "3: ld1 {v2.16b}, [%[key]], #16 ;"
"   subs%w[rounds], %w[rounds], #3  ;"
"   aesev0.16b, v1.16b  ;"
"   aesmc   v0.16b, v0.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"   bpl 1b  ;"
"   aesev0.16b, v2.16b  ;"
"   eor v0.16b, v0.16b, v3.16b  ;"
@@ -92,24 +92,24 @@ static void aes_cipher_decrypt(struct cr
kernel_neon_begin_partial(4);
 
__asm__("   ld1 {v0.16b}, %[in] ;"
-   "   ld1 {v1.2d}, [%[key]], #16  ;"
+   "   ld1 {v1.16b}, [%[key]], #16 ;"
"   cmp %w[rounds], #10 ;"
"   bmi 0f  ;"
"   bne 3f  ;"
"   mov v3.16b, v1.16b  ;"
"   b   2f  ;"
"0: mov v2.16b, v1.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"1: aesdv0.16b, v2.16b  ;"
"   aesimc  v0.16b, v0.16b  ;"
-   "2: ld1 {v1.2d}, [%[key]], #16  ;"
+   "2: ld1 {v1.16b}, [%[key]], #16 ;"
"   aesdv0.16b, v3.16b  ;"
"   aesimc  v0.16b, v0.16b  ;"
-   "3: ld1 {v2.2d}, [%[key]], #16  ;"
+   "3: ld1 {v2.16b}, [%[key]], #16 ;"
"   subs%w[rounds], %w[rounds], #3  ;"
"   aesdv0.16b, v1.16b  ;"
"   aesimc  v0.16b, v0.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"   bpl 1b  ;"
"   aesdv0.16b, v2.16b  ;"
"   eor v0.16b, v0.16b, v3.16b  ;"
@@ -173,7 +173,12 @@ int ce_aes_expandkey(struct crypto_aes_c
u32 *rki = ctx->key_enc + (i *

[PATCH 4.9 152/206] crypto: arm64/aes-ce - fix for big endian

2017-01-10 Thread Greg Kroah-Hartman 
4.9-stable review patch.  If anyone has any objections, please let me know.

--

From: Ard Biesheuvel 

commit 1803b9a52c4e5a5dbb8a27126f6bc06939359753 upstream.

The core AES cipher implementation that uses ARMv8 Crypto Extensions
instructions erroneously loads the round keys as 64-bit quantities,
which causes the algorithm to fail when built for big endian. In
addition, the key schedule generation routine fails to take endianness
into account as well, when loading the combining the input key with
the round constants. So fix both issues.

Fixes: 12ac3efe74f8 ("arm64/crypto: use crypto instructions to generate AES key 
schedule")
Signed-off-by: Ard Biesheuvel 
Signed-off-by: Herbert Xu 
Signed-off-by: Greg Kroah-Hartman 

---
 arch/arm64/crypto/aes-ce-cipher.c |   25 +++--
 1 file changed, 15 insertions(+), 10 deletions(-)

--- a/arch/arm64/crypto/aes-ce-cipher.c
+++ b/arch/arm64/crypto/aes-ce-cipher.c
@@ -47,24 +47,24 @@ static void aes_cipher_encrypt(struct cr
kernel_neon_begin_partial(4);
 
__asm__("   ld1 {v0.16b}, %[in] ;"
-   "   ld1 {v1.2d}, [%[key]], #16  ;"
+   "   ld1 {v1.16b}, [%[key]], #16 ;"
"   cmp %w[rounds], #10 ;"
"   bmi 0f  ;"
"   bne 3f  ;"
"   mov v3.16b, v1.16b  ;"
"   b   2f  ;"
"0: mov v2.16b, v1.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"1: aesev0.16b, v2.16b  ;"
"   aesmc   v0.16b, v0.16b  ;"
-   "2: ld1 {v1.2d}, [%[key]], #16  ;"
+   "2: ld1 {v1.16b}, [%[key]], #16 ;"
"   aesev0.16b, v3.16b  ;"
"   aesmc   v0.16b, v0.16b  ;"
-   "3: ld1 {v2.2d}, [%[key]], #16  ;"
+   "3: ld1 {v2.16b}, [%[key]], #16 ;"
"   subs%w[rounds], %w[rounds], #3  ;"
"   aesev0.16b, v1.16b  ;"
"   aesmc   v0.16b, v0.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"   bpl 1b  ;"
"   aesev0.16b, v2.16b  ;"
"   eor v0.16b, v0.16b, v3.16b  ;"
@@ -92,24 +92,24 @@ static void aes_cipher_decrypt(struct cr
kernel_neon_begin_partial(4);
 
__asm__("   ld1 {v0.16b}, %[in] ;"
-   "   ld1 {v1.2d}, [%[key]], #16  ;"
+   "   ld1 {v1.16b}, [%[key]], #16 ;"
"   cmp %w[rounds], #10 ;"
"   bmi 0f  ;"
"   bne 3f  ;"
"   mov v3.16b, v1.16b  ;"
"   b   2f  ;"
"0: mov v2.16b, v1.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"1: aesdv0.16b, v2.16b  ;"
"   aesimc  v0.16b, v0.16b  ;"
-   "2: ld1 {v1.2d}, [%[key]], #16  ;"
+   "2: ld1 {v1.16b}, [%[key]], #16 ;"
"   aesdv0.16b, v3.16b  ;"
"   aesimc  v0.16b, v0.16b  ;"
-   "3: ld1 {v2.2d}, [%[key]], #16  ;"
+   "3: ld1 {v2.16b}, [%[key]], #16 ;"
"   subs%w[rounds], %w[rounds], #3  ;"
"   aesdv0.16b, v1.16b  ;"
"   aesimc  v0.16b, v0.16b  ;"
-   "   ld1 {v3.2d}, [%[key]], #16  ;"
+   "   ld1 {v3.16b}, [%[key]], #16 ;"
"   bpl 1b  ;"
"   aesdv0.16b, v2.16b  ;"
"   eor v0.16b, v0.16b, v3.16b  ;"
@@ -173,7 +173,12 @@ int ce_aes_expandkey(struct crypto_aes_c
u32 *rki = ctx->key_enc + (i * kwords);
u32 *rko = rki + kwords;
 
+#ifndef CONFIG_CPU_BIG_ENDIAN
rko[0] =