From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Herbert Xu <herbert@gondor.apana.org.au>
Subject: [PATCH 4.9 13/66] crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes
Date: Tue, 7 Feb 2017 13:58:47 +0100 [thread overview]
Message-ID: <20170207124528.861443980@linuxfoundation.org> (raw)
In-Reply-To: <20170207124528.281881183@linuxfoundation.org>
4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
commit 11e3b725cfc282efe9d4a354153e99d86a16af08 upstream.
Update the ARMv8 Crypto Extensions and the plain NEON AES implementations
in CBC and CTR modes to return the next IV back to the skcipher API client.
This is necessary for chaining to work correctly.
Note that for CTR, this is only done if the request is a round multiple of
the block size, since otherwise, chaining is impossible anyway.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/crypto/aes-modes.S | 88 ++++++++++++++++++++----------------------
1 file changed, 42 insertions(+), 46 deletions(-)
--- a/arch/arm64/crypto/aes-modes.S
+++ b/arch/arm64/crypto/aes-modes.S
@@ -193,15 +193,16 @@ AES_ENTRY(aes_cbc_encrypt)
cbz w6, .Lcbcencloop
ld1 {v0.16b}, [x5] /* get iv */
- enc_prepare w3, x2, x5
+ enc_prepare w3, x2, x6
.Lcbcencloop:
ld1 {v1.16b}, [x1], #16 /* get next pt block */
eor v0.16b, v0.16b, v1.16b /* ..and xor with iv */
- encrypt_block v0, w3, x2, x5, w6
+ encrypt_block v0, w3, x2, x6, w7
st1 {v0.16b}, [x0], #16
subs w4, w4, #1
bne .Lcbcencloop
+ st1 {v0.16b}, [x5] /* return iv */
ret
AES_ENDPROC(aes_cbc_encrypt)
@@ -211,7 +212,7 @@ AES_ENTRY(aes_cbc_decrypt)
cbz w6, .LcbcdecloopNx
ld1 {v7.16b}, [x5] /* get iv */
- dec_prepare w3, x2, x5
+ dec_prepare w3, x2, x6
.LcbcdecloopNx:
#if INTERLEAVE >= 2
@@ -248,7 +249,7 @@ AES_ENTRY(aes_cbc_decrypt)
.Lcbcdecloop:
ld1 {v1.16b}, [x1], #16 /* get next ct block */
mov v0.16b, v1.16b /* ...and copy to v0 */
- decrypt_block v0, w3, x2, x5, w6
+ decrypt_block v0, w3, x2, x6, w7
eor v0.16b, v0.16b, v7.16b /* xor with iv => pt */
mov v7.16b, v1.16b /* ct is next iv */
st1 {v0.16b}, [x0], #16
@@ -256,6 +257,7 @@ AES_ENTRY(aes_cbc_decrypt)
bne .Lcbcdecloop
.Lcbcdecout:
FRAME_POP
+ st1 {v7.16b}, [x5] /* return iv */
ret
AES_ENDPROC(aes_cbc_decrypt)
@@ -267,24 +269,15 @@ AES_ENDPROC(aes_cbc_decrypt)
AES_ENTRY(aes_ctr_encrypt)
FRAME_PUSH
- cbnz w6, .Lctrfirst /* 1st time around? */
- umov x5, v4.d[1] /* keep swabbed ctr in reg */
- rev x5, x5
-#if INTERLEAVE >= 2
- cmn w5, w4 /* 32 bit overflow? */
- bcs .Lctrinc
- add x5, x5, #1 /* increment BE ctr */
- b .LctrincNx
-#else
- b .Lctrinc
-#endif
-.Lctrfirst:
+ cbz w6, .Lctrnotfirst /* 1st time around? */
enc_prepare w3, x2, x6
ld1 {v4.16b}, [x5]
- umov x5, v4.d[1] /* keep swabbed ctr in reg */
- rev x5, x5
+
+.Lctrnotfirst:
+ umov x8, v4.d[1] /* keep swabbed ctr in reg */
+ rev x8, x8
#if INTERLEAVE >= 2
- cmn w5, w4 /* 32 bit overflow? */
+ cmn w8, w4 /* 32 bit overflow? */
bcs .Lctrloop
.LctrloopNx:
subs w4, w4, #INTERLEAVE
@@ -292,11 +285,11 @@ AES_ENTRY(aes_ctr_encrypt)
#if INTERLEAVE == 2
mov v0.8b, v4.8b
mov v1.8b, v4.8b
- rev x7, x5
- add x5, x5, #1
+ rev x7, x8
+ add x8, x8, #1
ins v0.d[1], x7
- rev x7, x5
- add x5, x5, #1
+ rev x7, x8
+ add x8, x8, #1
ins v1.d[1], x7
ld1 {v2.16b-v3.16b}, [x1], #32 /* get 2 input blocks */
do_encrypt_block2x
@@ -305,7 +298,7 @@ AES_ENTRY(aes_ctr_encrypt)
st1 {v0.16b-v1.16b}, [x0], #32
#else
ldr q8, =0x30000000200000001 /* addends 1,2,3[,0] */
- dup v7.4s, w5
+ dup v7.4s, w8
mov v0.16b, v4.16b
add v7.4s, v7.4s, v8.4s
mov v1.16b, v4.16b
@@ -323,18 +316,12 @@ AES_ENTRY(aes_ctr_encrypt)
eor v2.16b, v7.16b, v2.16b
eor v3.16b, v5.16b, v3.16b
st1 {v0.16b-v3.16b}, [x0], #64
- add x5, x5, #INTERLEAVE
+ add x8, x8, #INTERLEAVE
#endif
- cbz w4, .LctroutNx
-.LctrincNx:
- rev x7, x5
+ rev x7, x8
ins v4.d[1], x7
+ cbz w4, .Lctrout
b .LctrloopNx
-.LctroutNx:
- sub x5, x5, #1
- rev x7, x5
- ins v4.d[1], x7
- b .Lctrout
.Lctr1x:
adds w4, w4, #INTERLEAVE
beq .Lctrout
@@ -342,30 +329,39 @@ AES_ENTRY(aes_ctr_encrypt)
.Lctrloop:
mov v0.16b, v4.16b
encrypt_block v0, w3, x2, x6, w7
+
+ adds x8, x8, #1 /* increment BE ctr */
+ rev x7, x8
+ ins v4.d[1], x7
+ bcs .Lctrcarry /* overflow? */
+
+.Lctrcarrydone:
subs w4, w4, #1
bmi .Lctrhalfblock /* blocks < 0 means 1/2 block */
ld1 {v3.16b}, [x1], #16
eor v3.16b, v0.16b, v3.16b
st1 {v3.16b}, [x0], #16
- beq .Lctrout
-.Lctrinc:
- adds x5, x5, #1 /* increment BE ctr */
- rev x7, x5
- ins v4.d[1], x7
- bcc .Lctrloop /* no overflow? */
- umov x7, v4.d[0] /* load upper word of ctr */
- rev x7, x7 /* ... to handle the carry */
- add x7, x7, #1
- rev x7, x7
- ins v4.d[0], x7
- b .Lctrloop
+ bne .Lctrloop
+
+.Lctrout:
+ st1 {v4.16b}, [x5] /* return next CTR value */
+ FRAME_POP
+ ret
+
.Lctrhalfblock:
ld1 {v3.8b}, [x1]
eor v3.8b, v0.8b, v3.8b
st1 {v3.8b}, [x0]
-.Lctrout:
FRAME_POP
ret
+
+.Lctrcarry:
+ umov x7, v4.d[0] /* load upper word of ctr */
+ rev x7, x7 /* ... to handle the carry */
+ add x7, x7, #1
+ rev x7, x7
+ ins v4.d[0], x7
+ b .Lctrcarrydone
AES_ENDPROC(aes_ctr_encrypt)
.ltorg
next prev parent reply other threads:[~2017-02-07 13:00 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-07 12:58 [PATCH 4.9 00/66] 4.9.9-stable review Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 01/66] PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 02/66] ext4: validate s_first_meta_bg at mount time Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 03/66] x86/efi: Always map the first physical page into the EFI pagetables Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 04/66] efi/fdt: Avoid FDT manipulation after ExitBootServices() Greg Kroah-Hartman
2017-02-07 12:58 ` Greg Kroah-Hartman
2017-02-07 12:58 ` Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 05/66] xtensa: fix noMMU build on cores with MMU Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 06/66] HID: cp2112: fix sleep-while-atomic Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 07/66] HID: cp2112: fix gpio-callback error handling Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 08/66] pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 10/66] drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215 Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 11/66] drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 12/66] crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg Greg Kroah-Hartman
2017-02-07 12:58 ` Greg Kroah-Hartman [this message]
2017-02-07 12:58 ` [PATCH 4.9 14/66] perf/core: Fix use-after-free bug Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 15/66] perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 16/66] ata: sata_mv:- Handle return value of devm_ioremap Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 18/66] libata: Fix ATA request sense Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 19/66] powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe() Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 20/66] powerpc: Add missing error check to prom_find_boot_cpu() Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 21/66] powerpc: Fix build failure with clang due to BUILD_BUG_ON() Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 22/66] powerpc/mm: Use the correct pointer when setting a 2MB pte Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 23/66] NFSD: Fix a null reference case in find_or_create_lock_stateid() Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 24/66] svcrpc: fix oops in absence of krb5 module Greg Kroah-Hartman
2017-02-07 12:58 ` [PATCH 4.9 25/66] zswap: disable changing params if init fails Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 26/66] cifs: initialize file_info_lock Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 27/66] mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 28/66] base/memory, hotplug: fix a kernel oops in show_valid_zones() Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 29/66] mm, fs: check for fatal signals in do_generic_file_read() Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 30/66] tracing: Fix hwlat kthread migration Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 31/66] can: bcm: fix hrtimer/tasklet termination in bcm op removal Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 32/66] cgroup: dont online subsystems before cgroup_name/path() are operational Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 33/66] mmc: sdhci: Ignore unexpected CARD_INT interrupts Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 34/66] vhost: fix initialization for vq->is_le Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 35/66] regulator: axp20x: AXP806: Fix dcdcb being set instead of dcdce Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 36/66] percpu-refcount: fix reference leak during percpu-atomic transition Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 38/66] Revert "vring: Force use of DMA API for ARM-based systems with legacy devices" Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 39/66] pinctrl: baytrail: Debounce register is one per community Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 40/66] pinctrl: intel: merrifield: Add missed check in mrfld_config_set() Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 42/66] iwlwifi: mvm: avoid crash on restart w/o reserved queues Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 43/66] HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 44/66] HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2 Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 45/66] HID: wacom: Fix poor prox handling in wacom_pl_irq Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 46/66] perf/x86/intel/uncore: Clean up hotplug conversion fallout Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 47/66] dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 48/66] dmaengine: cppi41: Fix oops in cppi41_runtime_resume Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 50/66] USB: serial: qcserial: add Dell DW5570 QDL Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 51/66] USB: serial: pl2303: add ATEN device ID Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 53/66] usb: musb: Fix host mode error -71 regression Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 54/66] usb: gadget: f_fs: Assorted buffer overflow checks Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 56/66] staging: greybus: timesync: validate platform state callback Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 57/66] iio: adc: palmas_gpadc: retrieve a valid iio_dev in suspend/resume Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 58/66] iio: health: afe4404: " Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 59/66] iio: health: afe4403: " Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 60/66] iio: dht11: Use usleep_range instead of msleep for start signal Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 61/66] iio: health: max30100: fixed parenthesis around FIFO count check Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 62/66] irqdomain: Avoid activating interrupts more than once Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 63/66] x86/irq: Make irq activate operations symmetric Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 64/66] iw_cxgb4: set correct FetchBurstMax for QPs Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 65/66] fs: break out of iomap_file_buffered_write on fatal signals Greg Kroah-Hartman
2017-02-07 12:59 ` [PATCH 4.9 66/66] drm/i915/execlists: Reset RING registers upon resume Greg Kroah-Hartman
2017-02-07 15:59 ` [PATCH 4.9 00/66] 4.9.9-stable review Shuah Khan
2017-02-07 16:15 ` Greg Kroah-Hartman
2017-02-07 21:44 ` Guenter Roeck
2017-02-08 6:35 ` Greg Kroah-Hartman
[not found] ` <589a65f4.0e821c0a.790cc.18db@mx.google.com>
2017-02-08 6:35 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170207124528.861443980@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ard.biesheuvel@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.