crypto: vmx - Fixing AES-CTR counter bug
AES-CTR is using a counter 8bytes-8bytes what miss match with kernel specs. In the previous code a vadduwm was done to increment counter. Replacing this for a vadduqm now considering both cases counter 8-8 bytes and full 16bytes. Cc: stable@vger.kernel.org Signed-off-by: Leonidas S Barbosa <leosilva@linux.vnet.ibm.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
dd43c4e92f
commit
1d4aa0b4c1
@ -115,6 +115,7 @@ static int p8_aes_ctr_crypt(struct blkcipher_desc *desc,
|
|||||||
struct scatterlist *src, unsigned int nbytes)
|
struct scatterlist *src, unsigned int nbytes)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
u64 inc;
|
||||||
struct blkcipher_walk walk;
|
struct blkcipher_walk walk;
|
||||||
struct p8_aes_ctr_ctx *ctx =
|
struct p8_aes_ctr_ctx *ctx =
|
||||||
crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
|
crypto_tfm_ctx(crypto_blkcipher_tfm(desc->tfm));
|
||||||
@ -143,7 +144,12 @@ static int p8_aes_ctr_crypt(struct blkcipher_desc *desc,
|
|||||||
walk.iv);
|
walk.iv);
|
||||||
pagefault_enable();
|
pagefault_enable();
|
||||||
|
|
||||||
crypto_inc(walk.iv, AES_BLOCK_SIZE);
|
/* We need to update IV mostly for last bytes/round */
|
||||||
|
inc = (nbytes & AES_BLOCK_MASK) / AES_BLOCK_SIZE;
|
||||||
|
if (inc > 0)
|
||||||
|
while (inc--)
|
||||||
|
crypto_inc(walk.iv, AES_BLOCK_SIZE);
|
||||||
|
|
||||||
nbytes &= AES_BLOCK_SIZE - 1;
|
nbytes &= AES_BLOCK_SIZE - 1;
|
||||||
ret = blkcipher_walk_done(desc, &walk, nbytes);
|
ret = blkcipher_walk_done(desc, &walk, nbytes);
|
||||||
}
|
}
|
||||||
|
@ -1437,28 +1437,28 @@ Load_ctr32_enc_key:
|
|||||||
?vperm v31,v31,$out0,$keyperm
|
?vperm v31,v31,$out0,$keyperm
|
||||||
lvx v25,$x10,$key_ # pre-load round[2]
|
lvx v25,$x10,$key_ # pre-load round[2]
|
||||||
|
|
||||||
vadduwm $two,$one,$one
|
vadduqm $two,$one,$one
|
||||||
subi $inp,$inp,15 # undo "caller"
|
subi $inp,$inp,15 # undo "caller"
|
||||||
$SHL $len,$len,4
|
$SHL $len,$len,4
|
||||||
|
|
||||||
vadduwm $out1,$ivec,$one # counter values ...
|
vadduqm $out1,$ivec,$one # counter values ...
|
||||||
vadduwm $out2,$ivec,$two
|
vadduqm $out2,$ivec,$two
|
||||||
vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0]
|
vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0]
|
||||||
le?li $idx,8
|
le?li $idx,8
|
||||||
vadduwm $out3,$out1,$two
|
vadduqm $out3,$out1,$two
|
||||||
vxor $out1,$out1,$rndkey0
|
vxor $out1,$out1,$rndkey0
|
||||||
le?lvsl $inpperm,0,$idx
|
le?lvsl $inpperm,0,$idx
|
||||||
vadduwm $out4,$out2,$two
|
vadduqm $out4,$out2,$two
|
||||||
vxor $out2,$out2,$rndkey0
|
vxor $out2,$out2,$rndkey0
|
||||||
le?vspltisb $tmp,0x0f
|
le?vspltisb $tmp,0x0f
|
||||||
vadduwm $out5,$out3,$two
|
vadduqm $out5,$out3,$two
|
||||||
vxor $out3,$out3,$rndkey0
|
vxor $out3,$out3,$rndkey0
|
||||||
le?vxor $inpperm,$inpperm,$tmp # transform for lvx_u/stvx_u
|
le?vxor $inpperm,$inpperm,$tmp # transform for lvx_u/stvx_u
|
||||||
vadduwm $out6,$out4,$two
|
vadduqm $out6,$out4,$two
|
||||||
vxor $out4,$out4,$rndkey0
|
vxor $out4,$out4,$rndkey0
|
||||||
vadduwm $out7,$out5,$two
|
vadduqm $out7,$out5,$two
|
||||||
vxor $out5,$out5,$rndkey0
|
vxor $out5,$out5,$rndkey0
|
||||||
vadduwm $ivec,$out6,$two # next counter value
|
vadduqm $ivec,$out6,$two # next counter value
|
||||||
vxor $out6,$out6,$rndkey0
|
vxor $out6,$out6,$rndkey0
|
||||||
vxor $out7,$out7,$rndkey0
|
vxor $out7,$out7,$rndkey0
|
||||||
|
|
||||||
@ -1594,27 +1594,27 @@ Loop_ctr32_enc8x_middle:
|
|||||||
|
|
||||||
vcipherlast $in0,$out0,$in0
|
vcipherlast $in0,$out0,$in0
|
||||||
vcipherlast $in1,$out1,$in1
|
vcipherlast $in1,$out1,$in1
|
||||||
vadduwm $out1,$ivec,$one # counter values ...
|
vadduqm $out1,$ivec,$one # counter values ...
|
||||||
vcipherlast $in2,$out2,$in2
|
vcipherlast $in2,$out2,$in2
|
||||||
vadduwm $out2,$ivec,$two
|
vadduqm $out2,$ivec,$two
|
||||||
vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0]
|
vxor $out0,$ivec,$rndkey0 # ... xored with rndkey[0]
|
||||||
vcipherlast $in3,$out3,$in3
|
vcipherlast $in3,$out3,$in3
|
||||||
vadduwm $out3,$out1,$two
|
vadduqm $out3,$out1,$two
|
||||||
vxor $out1,$out1,$rndkey0
|
vxor $out1,$out1,$rndkey0
|
||||||
vcipherlast $in4,$out4,$in4
|
vcipherlast $in4,$out4,$in4
|
||||||
vadduwm $out4,$out2,$two
|
vadduqm $out4,$out2,$two
|
||||||
vxor $out2,$out2,$rndkey0
|
vxor $out2,$out2,$rndkey0
|
||||||
vcipherlast $in5,$out5,$in5
|
vcipherlast $in5,$out5,$in5
|
||||||
vadduwm $out5,$out3,$two
|
vadduqm $out5,$out3,$two
|
||||||
vxor $out3,$out3,$rndkey0
|
vxor $out3,$out3,$rndkey0
|
||||||
vcipherlast $in6,$out6,$in6
|
vcipherlast $in6,$out6,$in6
|
||||||
vadduwm $out6,$out4,$two
|
vadduqm $out6,$out4,$two
|
||||||
vxor $out4,$out4,$rndkey0
|
vxor $out4,$out4,$rndkey0
|
||||||
vcipherlast $in7,$out7,$in7
|
vcipherlast $in7,$out7,$in7
|
||||||
vadduwm $out7,$out5,$two
|
vadduqm $out7,$out5,$two
|
||||||
vxor $out5,$out5,$rndkey0
|
vxor $out5,$out5,$rndkey0
|
||||||
le?vperm $in0,$in0,$in0,$inpperm
|
le?vperm $in0,$in0,$in0,$inpperm
|
||||||
vadduwm $ivec,$out6,$two # next counter value
|
vadduqm $ivec,$out6,$two # next counter value
|
||||||
vxor $out6,$out6,$rndkey0
|
vxor $out6,$out6,$rndkey0
|
||||||
le?vperm $in1,$in1,$in1,$inpperm
|
le?vperm $in1,$in1,$in1,$inpperm
|
||||||
vxor $out7,$out7,$rndkey0
|
vxor $out7,$out7,$rndkey0
|
||||||
|
Loading…
Reference in New Issue
Block a user