From patchwork Mon Oct 8 11:16:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 10630431 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B594215E8 for ; Mon, 8 Oct 2018 11:17:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A63EB28AE3 for ; Mon, 8 Oct 2018 11:17:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 98BB828B81; Mon, 8 Oct 2018 11:17:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3A06228AE3 for ; Mon, 8 Oct 2018 11:17:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726771AbeJHS2r (ORCPT ); Mon, 8 Oct 2018 14:28:47 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:34303 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726728AbeJHS2q (ORCPT ); Mon, 8 Oct 2018 14:28:46 -0400 Received: by mail-wr1-f67.google.com with SMTP id z4-v6so20376944wrb.1 for ; Mon, 08 Oct 2018 04:17:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=FvvMCnO4yVi6bA3oAnMlkiNI/zBroN1/Pf07I7c2Ptk=; b=eHQvE3BCGEonVeYUscNwt1dWgCGNcoSZV7od6F4AQULNVLCN/zprTMWph5Xrfa9B75 N67VjX43vIBZI9Lvkg++pJBB2HM/h0ZTskP+A+Iz/lwFuNTeCYat88zKQ4PRgCHtq9Zo /Jd+O3xEpVz+EPj4n1HP0OU3CZDqoNIveAK5A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=FvvMCnO4yVi6bA3oAnMlkiNI/zBroN1/Pf07I7c2Ptk=; b=FSTX6xTSosy2wzRyO4B7GwR6eb/Txg4EeOPB9npDEpBEter3n09jXosfXqP94B3OHn z84q76oF9Z0A+6OUnMh7xSWpXYsyX8fBdLH/yBK5Pilp4zhdbAr6Vn4b9ayA2eZxt8Dq IK8711e+WyxoyU5/VsL6gnpk1AsNwNb/IcYKN8V2S15hWF9yWU3kDDU2tcN9J6BRsOVA KY2rKyBZxMfDShqQT6nhUOdPPFMr3GI7XQ8R0znvPDh12YMMXsCi+wX8NsP31REOij0L bkyMowPvfSS63lX+b/GCL0hVNNWmr7CfhuFlCrQsiho9/QB2t3GZbkJqfxpVqBvwuvnh U1rg== X-Gm-Message-State: ABuFfogWwDcZ0byAf0U/rVdWfruY9wDWiO9p3OweD1ljDIfq2QkLp7dI iBzqOOAcJmDwm2hnhgZxDC1yhQwoQ98= X-Google-Smtp-Source: ACcGV61O1bj7SS9kxFD7r//zDIdK5N5Huzhy2E/rOJdCeCxIEU6zYcj0MOghYmzB88xmYttnYv1qDA== X-Received: by 2002:adf:dd83:: with SMTP id x3-v6mr15742828wrl.212.1538997450818; Mon, 08 Oct 2018 04:17:30 -0700 (PDT) Received: from localhost.localdomain ([2a01:cb1d:112:6f00:8084:9715:d038:c67d]) by smtp.gmail.com with ESMTPSA id o3-v6sm10924460wrw.93.2018.10.08.04.17.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Oct 2018 04:17:30 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org, Ard Biesheuvel Subject: [PATCH] crypto: arm64/aes-blk - ensure XTS mask is always loaded Date: Mon, 8 Oct 2018 13:16:59 +0200 Message-Id: <20181008111659.28719-1-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.11.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Commit 2e5d2f33d1db ("crypto: arm64/aes-blk - improve XTS mask handling") optimized away some reloads of the XTS mask vector, but failed to take into account that calls into the XTS en/decrypt routines will take a slightly different code path if a single block of input is split across different buffers. So let's ensure that the first load occurs unconditionally, and move the reload to the end so it doesn't occur needlessly. Fixes: 2e5d2f33d1db ("crypto: arm64/aes-blk - improve XTS mask handling") Signed-off-by: Ard Biesheuvel --- arch/arm64/crypto/aes-modes.S | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/arm64/crypto/aes-modes.S b/arch/arm64/crypto/aes-modes.S index 039738ae23f6..67700045a0e0 100644 --- a/arch/arm64/crypto/aes-modes.S +++ b/arch/arm64/crypto/aes-modes.S @@ -359,18 +359,17 @@ AES_ENTRY(aes_xts_encrypt) mov x29, sp ld1 {v4.16b}, [x6] + xts_load_mask v8 cbz w7, .Lxtsencnotfirst enc_prepare w3, x5, x8 encrypt_block v4, w3, x5, x8, w7 /* first tweak */ enc_switch_key w3, x2, x8 - xts_load_mask v8 b .LxtsencNx .Lxtsencnotfirst: enc_prepare w3, x2, x8 .LxtsencloopNx: - xts_reload_mask v8 next_tweak v4, v4, v8 .LxtsencNx: subs w4, w4, #4 @@ -391,6 +390,7 @@ AES_ENTRY(aes_xts_encrypt) st1 {v0.16b-v3.16b}, [x0], #64 mov v4.16b, v7.16b cbz w4, .Lxtsencout + xts_reload_mask v8 b .LxtsencloopNx .Lxtsenc1x: adds w4, w4, #4 @@ -417,18 +417,17 @@ AES_ENTRY(aes_xts_decrypt) mov x29, sp ld1 {v4.16b}, [x6] + xts_load_mask v8 cbz w7, .Lxtsdecnotfirst enc_prepare w3, x5, x8 encrypt_block v4, w3, x5, x8, w7 /* first tweak */ dec_prepare w3, x2, x8 - xts_load_mask v8 b .LxtsdecNx .Lxtsdecnotfirst: dec_prepare w3, x2, x8 .LxtsdecloopNx: - xts_reload_mask v8 next_tweak v4, v4, v8 .LxtsdecNx: subs w4, w4, #4 @@ -449,6 +448,7 @@ AES_ENTRY(aes_xts_decrypt) st1 {v0.16b-v3.16b}, [x0], #64 mov v4.16b, v7.16b cbz w4, .Lxtsdecout + xts_reload_mask v8 b .LxtsdecloopNx .Lxtsdec1x: adds w4, w4, #4