crypto: arm/aes-ce - fix for big endian
authorArd Biesheuvel <ard.biesheuvel@linaro.org>
Tue, 11 Oct 2016 18:15:20 +0000 (19:15 +0100)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 21 Oct 2016 03:03:46 +0000 (11:03 +0800)
The AES key schedule generation is mostly endian agnostic, with the
exception of the rotation and the incorporation of the round constant
at the start of each round. So implement a big endian specific version
of that part to make the whole routine big endian compatible.

Fixes: 86464859cc77 ("crypto: arm - AES in ECB/CBC/CTR/XTS modes using ARMv8 Crypto Extensions")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
arch/arm/crypto/aes-ce-glue.c

index aef022a87c5379bc9627b0fa8fe144b266e17e9c..04410d9f5e72e018296447f5e079d4642679ca98 100644 (file)
@@ -88,8 +88,13 @@ static int ce_aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
                u32 *rki = ctx->key_enc + (i * kwords);
                u32 *rko = rki + kwords;
 
+#ifndef CONFIG_CPU_BIG_ENDIAN
                rko[0] = ror32(ce_aes_sub(rki[kwords - 1]), 8);
                rko[0] = rko[0] ^ rki[0] ^ rcon[i];
+#else
+               rko[0] = rol32(ce_aes_sub(rki[kwords - 1]), 8);
+               rko[0] = rko[0] ^ rki[0] ^ (rcon[i] << 24);
+#endif
                rko[1] = rko[0] ^ rki[1];
                rko[2] = rko[1] ^ rki[2];
                rko[3] = rko[2] ^ rki[3];