crypto: vmx - Fixing GHASH Key issue on little endian
authorLeonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>
Fri, 14 Aug 2015 13:14:16 +0000 (10:14 -0300)
committerHerbert Xu <herbert@gondor.apana.org.au>
Tue, 18 Aug 2015 02:30:36 +0000 (10:30 +0800)
GHASH table algorithm is using a big endian key.
In little endian machines key will be LE ordered.
After a lxvd2x instruction key is loaded as it is,
LE/BE order, in first case it'll generate a wrong
table resulting in wrong hashes from the algorithm.

Bug affects only LE machines.
In order to fix it we do a swap for loaded key.

Cc: stable@vger.kernel.org
Signed-off-by: Leonidas S Barbosa <leosilva@linux.vnet.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/vmx/ghashp8-ppc.pl

index 0a6f899..d8429cb 100644 (file)
@@ -61,6 +61,12 @@ $code=<<___;
        mtspr           256,r0
        li              r10,0x30
        lvx_u           $H,0,r4                 # load H
+       le?xor          r7,r7,r7
+       le?addi         r7,r7,0x8               # need a vperm start with 08
+       le?lvsr         5,0,r7
+       le?vspltisb     6,0x0f
+       le?vxor         5,5,6                   # set a b-endian mask
+       le?vperm        $H,$H,$H,5
 
        vspltisb        $xC2,-16                # 0xf0
        vspltisb        $t0,1                   # one