Hi,
> The partial-block tail code in chacha-armv4.pl also seems to have problems.
> My colleague Steven and I made an attempt to debug it, but we're not
> familiar enough with ARM to fix it.
>
> From playing with it in a debugger, it doesn't look like @t[3] contains the
> length. We suspect something is going wrong with the condition flags on
> loading or updating length.
> https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/chacha/asm/chacha-armv4.pl;h=55ebc9e586475a35e313b74483eb4b8d5b6f2b03;hb=HEAD#l585
Attached is patch for chacha-armv4.pl (please verify) and a test snippet
I've put together.
> It may be worth going back and testing these cases on all of the
> implementations as well.
Besides armv4 only s390x module was failing.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4323
Please log in as guest with password guest if prompted
diff --git a/crypto/chacha/asm/chacha-armv4.pl
b/crypto/chacha/asm/chacha-armv4.pl
index 55ebc9e..6c20755 100755
--- a/crypto/chacha/asm/chacha-armv4.pl
+++ b/crypto/chacha/asm/chacha-armv4.pl
@@ -440,9 +440,9 @@ $code.=<<___;
eorhs @x[4],@x[4],@t[0]
eorhs @x[5],@x[5],@t[1]
# ifdef __thumb2__
- it hi
+ it ne
# endif
- ldrhi @t[0],[sp,#4*(32+2)] @ re-load len
+ ldrne @t[0],[sp,#4*(32+2)] @ re-load len
# ifdef __thumb2__
itt hs
# endif
@@ -584,9 +584,9 @@ ___
}
$code.=<<___;
# ifdef __thumb2__
- it hi
+ it ne
# endif
- ldrhi @t[0],[sp,#4*(32+2)] @ re-load len
+ ldrne @t[0],[sp,#4*(32+2)] @ re-load len
# ifdef __thumb2__
it hs
# endif
@@ -598,15 +598,15 @@ $code.=<<___;
.Ltail:
ldr r12,[sp,#4*(32+1)] @ load inp
- add @t[2],sp,#4*(0)
+ add @t[1],sp,#4*(0)
ldr r14,[sp,#4*(32+0)] @ load out
.Loop_tail:
- ldrb @t[0],[@t[2]],#1 @ read buffer on stack
- ldrb @t[1],[r12],#1 @ read input
- subs @t[3],@t[3],#1
- eor @t[0],@t[0],@t[1]
- strb @t[0],[r14],#1 @ store output
+ ldrb @t[2],[@t[1]],#1 @ read buffer on stack
+ ldrb @t[3],[r12],#1 @ read input
+ subs @t[0],@t[0],#1
+ eor @t[3],@t[3],@t[2]
+ strb @t[3],[r14],#1 @ store output
bne .Loop_tail
.Ldone:
@@ -1120,7 +1120,7 @@ $code.=<<___;
# endif
stmia @t[0],{@x[0]-@x[7]}
add @t[2],sp,#4*(0)
- sub @t[3],@t[0],#64*3 @ len-=64*3
+ sub @t[3],@t[3],#64*3 @ len-=64*3
.Loop_tail_neon:
ldrb @t[0],[@t[2]],#1 @ read buffer on stack
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "internal/chacha.h"
const unsigned int key[] = {0x03020100,0x07060504,0x0b0a0908,0x0f0e0d0c,
0x13121110,0x17161514,0x1b1a1918,0x1f1e1d1c};
const unsigned int ivp[] = {0x00000000,0x00000000,0x03020100,0x07060504};
const unsigned char out[] = "f798a189f195e66982105ffb640bb775"
"7f579da31602fc93ec01ac56f85ac3c1"
"34a4547b733b46413042c94400491769"
"05d3be59ea1c53f15916155c2be8241a"
"38008b9a26bc35941e2444177c8ade66"
"89de95264986d95889fb60e84629c9bd"
"9a5acb1cc118be563eb9b3a4a472f82e"
"09a7e778492b562ef7130e88dfe031c7"
"9db9d4f7c7a899151b9a475032b63fc3"
"85245fe054e3dd5a97a5f576fe064025"
"d3ce042c566ab2c507b138db853e3d69"
"59660996546cc9c4a6eafdc777c040d7"
"0eaf46f76dad3979e5c5360c3317166a"
"1c894c94a371876a94df7628fe4eaaf2"
"ccb27d5aaae0ad7ad0f9d4b6ad3b5409"
"8746d4524d38407a6deb3ab78fab78c9"
"4213668bbbd394c5de93b853178addd6"
"b97f9fa1ec3e56c00c9ddff0a44a2042"
"41175a4cab0f961ba53ede9bdf960b94"
"f9829b1f3414726429b362c5b538e391"
"520f489b7ed8d20ae3fd49e9e259e443"
"97514d618c96c4846be3c680bdc11c71"
"dcbbe29ccf80d62a0938fa549391e6ea"
"57ecbe2606790ec15d2224ae307c1442"
"26b7c4e8c2f97d2a1d67852d29beba11"
"0edd445197012062a393a9c92803ad3b"
"4f31d7bc6033ccf7932cfed3f019044d"
"25905916777286f82f9a4cc1ffe430ff"
"d1dcfc27deed327b9f9630d2fa969fb6"
"f0603cd19dd9a9519e673bcfcd901412"
"5291a44669ef7285e74ed3729b677f80"
"1c3cdf058c50963168b496043716c730"
"7cd9e0cdd137fccb0f05b47cdbb95c5f"
"54831622c3652a32b2531fe326bcd6e2"
"bbf56a194fa196fbd1a54952110f51c7"
"3433865f7664b836685e3664b3d8444a"
"f89a242805e18c975f1146324996fde1"
"7007cf3e6e8f4e764022533edbfe07d4"
"733e48bb372d75b0ef48ec983eb78532"
"161cc529e5abb89837dfcca6261dbb37"
"c7c5e6a87478bf41ee85a518c0f4efa9"
"bde828c5a71b8e46597b634afd204d3c"
"501334239c3414285ed72d3a9169eabb"
"d4dc25d52bb7516d3ba712d75ad8c0ae"
"5d493c19e38a77939e7a058d713e9ccc"
"ca58045f436b434b1c80d365472406e3"
"92951987db6905c80d431da18451135b"
"e7e82bcab358cb3971e61405b2ff1798"
"0d6e7e67e861e28201c1ee30b441040f"
"d06878d65042c95582a4318207bfc700"
"be0ce32889aec2ffe5085e8967910d87"
"9fa0e8c0ff85fdc510b9ff2fbf87cfcb"
"29577d68099e04ffa05f752a73d377c7"
"0d3a8bc2da80e6e780ec057182c33ad1"
"de387252258a1e18e6fad910327ce7f4"
"2fd1e1e0515f9586e2f2efcb9f472b1d"
"bdbac354a4162151e9d92c79fb08bb4d"
"dc56f19448c0175a46e2e6c491fec714"
"19aa43a349bea768a92c75de68fd9591"
"e68067f3197094d3fb87ed81785ea075"
"e4b65e3e4c78f81da9b751c5efe02415"
"2301c48e63245b556c4c67aff857e5ea"
"15a908d83a1d9704f8e55e7352b20b69"
"4bf9970298e6b5aad33ea2155d105d4e";
static unsigned char hex_digit(char h)
{
if (h >= '0' && h <= '9')
return h - '0';
else if (h >= 'a' && h <= 'f')
return h - 'a' + 10;
else if (h >= 'A' && h <= 'F')
return h - 'A' + 10;
else
return 0;
}
static void hex_decode(unsigned char *out, const char *hex)
{
size_t j = 0;
while (*hex != 0) {
unsigned char v = hex_digit(*hex++);
v <<= 4;
v |= hex_digit(*hex++);
out[j++] = v;
}
}
static void hexdump(unsigned char *a, size_t len)
{
size_t i;
for (i = 0; i < len; i++) {
if (i && i%16 == 0) printf("\n");
printf("%02x", a[i]);
}
}
int main(void) {
unsigned char ref[sizeof(out)/2];
union { double d; unsigned char c[sizeof(ref)+1]; } buf;
int i,j;
hex_decode(ref,out);
for (i=0;i<=sizeof(ref);i++) {
memset(buf.c,0,i);
ChaCha20_ctr32(buf.c,buf.c,i,key,ivp);
if (memcmp(buf.c,ref,i)) {
printf("%d failed: ",i);
hexdump(buf.c,i);
printf("\n");
for(j=0;j<i;j++)
if (buf.c[j]!=ref[j]) break;
printf("at %d\n",j);
break;
}
memset(buf.c+1,0,i);
ChaCha20_ctr32(buf.c+1,buf.c+1,i,key,ivp);
if (memcmp(buf.c+1,ref,i)) {
printf("unaligned %d failed: ",i);
hexdump(buf.c+1,i);
printf("\n");
for(j=0;j<i;j++)
if (buf.c[j+1]!=ref[j]) break;
printf("at %d\n",j);
break;
}
}
}
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
