crypto: arm/aes-ce - fix for big endian
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Tue, 11 Oct 2016 18:15:20 +0000 (19:15 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 12 Jan 2017 10:22:50 +0000 (11:22 +0100)
commit 58010fa6f71c9577922b22e46014b95a4ec80fa0 upstream.

The AES key schedule generation is mostly endian agnostic, with the
exception of the rotation and the incorporation of the round constant
at the start of each round. So implement a big endian specific version
of that part to make the whole routine big endian compatible.

Fixes: 86464859cc77 ("crypto: arm - AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/arm/crypto/aes-ce-glue.c

index 593da7ffb449de02acf399a922ea1105225b7afc..679c589c48285b0f0cefbc2db1fbdea34493162e 100644 (file)
@@ -87,8 +87,13 @@ static int ce_aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
                u32 *rki = ctx->key_enc + (i * kwords);
                u32 *rko = rki + kwords;
 
+#ifndef CONFIG_CPU_BIG_ENDIAN
                rko[0] = ror32(ce_aes_sub(rki[kwords - 1]), 8);
                rko[0] = rko[0] ^ rki[0] ^ rcon[i];
+#else
+               rko[0] = rol32(ce_aes_sub(rki[kwords - 1]), 8);
+               rko[0] = rko[0] ^ rki[0] ^ (rcon[i] << 24);
+#endif
                rko[1] = rko[0] ^ rki[1];
                rko[2] = rko[1] ^ rki[2];
                rko[3] = rko[2] ^ rki[3];