From patchwork Wed Mar 10 07:27:26 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Biggers X-Patchwork-Id: 12127165 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A90ABC433E0 for ; Wed, 10 Mar 2021 07:31:42 +0000 (UTC) Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3D03064FF6 for ; Wed, 10 Mar 2021 07:31:42 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3D03064FF6 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=desiato.20200630; h=Sender:Content-Transfer-Encoding :Content-Type:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc:To:From: Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender :Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=aOJidziEYKvwPWrl5sOPbOSO7fQsru4bt4vxk0u8g78=; b=KVuRGwgrXjf5R06fhhOZxXwifG WHSjgJ2KAzgr2/LGnLcOUjGfZ51uw4KhpB/z0R/BZBO9udLxQBo5VNF+DqnkcVr2w1/wC/D6OLvrG LL4YzfkYzX2rWY+ATokPX/3vEyfkR+7mEtmz3gOsWXm6wwjeQxdX0NNgoM0NvKIKFzSRTEjFOkqxK 1HTCaEPqpqlEKfkeW0gAZlegzPP+HKs33zNsVJbzdooghj1/rezyv5ZNAFpBAWrtotjdiOYR6bezT N5M7Z0NpcXupKo4E6aUub8eQnH5UWCQJ8V8jYszqJ8q831g5/V51KYDAQAyh+JUk8maFTu2D68geN ST0Ijr0A==; Received: from localhost ([::1] helo=desiato.infradead.org) by desiato.infradead.org with esmtp (Exim 4.94 #2 (Red Hat Linux)) id 1lJtH6-006DpG-Lq; Wed, 10 Mar 2021 07:28:56 +0000 Received: from mail.kernel.org ([198.145.29.99]) by desiato.infradead.org with esmtps (Exim 4.94 #2 (Red Hat Linux)) id 1lJtGn-006DlU-6x for linux-arm-kernel@lists.infradead.org; Wed, 10 Mar 2021 07:28:53 +0000 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2420D64FCA; Wed, 10 Mar 2021 07:28:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1615361309; bh=R0OfRjGvzNSRJ02U22rhwrhu7SCjsKqyME6WkyEIXjY=; h=From:To:Cc:Subject:Date:From; b=cp0cg9KnQ9eV2/ICgNK/FygpPCaxovjdDiUKKcUEsCyN8tU8DsG0dATUtn+Ga/Ht4 nPW5NK40l6QFH+w6NSqZ2XlXodaRGXVQzXLzXF3pNcUN91aZzvnQwDG/bvxSwVraNf nDjpa74TOU46fL4FNEPJ+rjZokdOUbYSDpwo/lV8qcyI5AY44kmkLOcEPE1ur2vTmN C3QYQ1RTlK3YjpZr6RSIJNqKr/dG1oqFcTqsx6w/32MSnwdYoaQXjVhlJB3y8i4p8v aKrw8d9aPhxPXwAMih5bhEye58XU0I8x+31ocRLHjPWxQoBQ0QqOOggSYI4bdoOpm9 fbwsqBJ1WmslA== From: Eric Biggers To: linux-crypto@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Subject: [PATCH] crypto: arm/blake2s - fix for big endian Date: Tue, 9 Mar 2021 23:27:26 -0800 Message-Id: <20210310072726.288252-1-ebiggers@kernel.org> X-Mailer: git-send-email 2.30.1 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210310_072852_129740_4F6B342D X-CRM114-Status: UNSURE ( 8.91 ) X-CRM114-Notice: Please train this message. X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org From: Eric Biggers The new ARM BLAKE2s code doesn't work correctly (fails the self-tests) in big endian kernel builds because it doesn't swap the endianness of the message words when loading them. Fix this. Fixes: 5172d322d34c ("crypto: arm/blake2s - add ARM scalar optimized BLAKE2s") Signed-off-by: Eric Biggers Acked-by: Ard Biesheuvel --- arch/arm/crypto/blake2s-core.S | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/arch/arm/crypto/blake2s-core.S b/arch/arm/crypto/blake2s-core.S index bed897e9a181a..86345751bbf3a 100644 --- a/arch/arm/crypto/blake2s-core.S +++ b/arch/arm/crypto/blake2s-core.S @@ -8,6 +8,7 @@ */ #include +#include // Registers used to hold message words temporarily. There aren't // enough ARM registers to hold the whole message block, so we have to @@ -38,6 +39,23 @@ #endif .endm +.macro _le32_bswap a, tmp +#ifdef __ARMEB__ + rev_l \a, \tmp +#endif +.endm + +.macro _le32_bswap_8x a, b, c, d, e, f, g, h, tmp + _le32_bswap \a, \tmp + _le32_bswap \b, \tmp + _le32_bswap \c, \tmp + _le32_bswap \d, \tmp + _le32_bswap \e, \tmp + _le32_bswap \f, \tmp + _le32_bswap \g, \tmp + _le32_bswap \h, \tmp +.endm + // Execute a quarter-round of BLAKE2s by mixing two columns or two diagonals. // (a0, b0, c0, d0) and (a1, b1, c1, d1) give the registers containing the two // columns/diagonals. s0-s1 are the word offsets to the message words the first @@ -180,8 +198,10 @@ ENTRY(blake2s_compress_arch) tst r1, #3 bne .Lcopy_block_misaligned ldmia r1!, {r2-r9} + _le32_bswap_8x r2, r3, r4, r5, r6, r7, r8, r9, r14 stmia r12!, {r2-r9} ldmia r1!, {r2-r9} + _le32_bswap_8x r2, r3, r4, r5, r6, r7, r8, r9, r14 stmia r12, {r2-r9} .Lcopy_block_done: str r1, [sp, #68] // Update message pointer @@ -268,6 +288,7 @@ ENTRY(blake2s_compress_arch) 1: #ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS ldr r3, [r1], #4 + _le32_bswap r3, r4 #else ldrb r3, [r1, #0] ldrb r4, [r1, #1]