Commit 1ad2267c authored by Herbert Xu's avatar Herbert Xu

crypto: rockchip - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

It also removes a couple of unnecessary key length checks that
are already performed by the crypto API.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 5feaaae1
...@@ -46,24 +46,36 @@ static int rk_aes_setkey(struct crypto_ablkcipher *cipher, ...@@ -46,24 +46,36 @@ static int rk_aes_setkey(struct crypto_ablkcipher *cipher,
return 0; return 0;
} }
static int rk_tdes_setkey(struct crypto_ablkcipher *cipher, static int rk_des_setkey(struct crypto_ablkcipher *cipher,
const u8 *key, unsigned int keylen) const u8 *key, unsigned int keylen)
{ {
struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher); struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
struct rk_cipher_ctx *ctx = crypto_tfm_ctx(tfm); struct rk_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
u32 tmp[DES_EXPKEY_WORDS]; u32 tmp[DES_EXPKEY_WORDS];
if (keylen != DES_KEY_SIZE && keylen != DES3_EDE_KEY_SIZE) {
crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
return -EINVAL;
}
if (keylen == DES_KEY_SIZE) {
if (!des_ekey(tmp, key) && if (!des_ekey(tmp, key) &&
(tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) { (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY; tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
return -EINVAL; return -EINVAL;
} }
ctx->keylen = keylen;
memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
return 0;
}
static int rk_tdes_setkey(struct crypto_ablkcipher *cipher,
const u8 *key, unsigned int keylen)
{
struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(cipher);
u32 flags;
int err;
flags = crypto_ablkcipher_get_flags(cipher);
err = __des3_verify_key(&flags, key);
if (unlikely(err)) {
crypto_ablkcipher_set_flags(cipher, flags);
return err;
} }
ctx->keylen = keylen; ctx->keylen = keylen;
...@@ -457,7 +469,7 @@ struct rk_crypto_tmp rk_ecb_des_alg = { ...@@ -457,7 +469,7 @@ struct rk_crypto_tmp rk_ecb_des_alg = {
.cra_u.ablkcipher = { .cra_u.ablkcipher = {
.min_keysize = DES_KEY_SIZE, .min_keysize = DES_KEY_SIZE,
.max_keysize = DES_KEY_SIZE, .max_keysize = DES_KEY_SIZE,
.setkey = rk_tdes_setkey, .setkey = rk_des_setkey,
.encrypt = rk_des_ecb_encrypt, .encrypt = rk_des_ecb_encrypt,
.decrypt = rk_des_ecb_decrypt, .decrypt = rk_des_ecb_decrypt,
} }
...@@ -483,7 +495,7 @@ struct rk_crypto_tmp rk_cbc_des_alg = { ...@@ -483,7 +495,7 @@ struct rk_crypto_tmp rk_cbc_des_alg = {
.min_keysize = DES_KEY_SIZE, .min_keysize = DES_KEY_SIZE,
.max_keysize = DES_KEY_SIZE, .max_keysize = DES_KEY_SIZE,
.ivsize = DES_BLOCK_SIZE, .ivsize = DES_BLOCK_SIZE,
.setkey = rk_tdes_setkey, .setkey = rk_des_setkey,
.encrypt = rk_des_cbc_encrypt, .encrypt = rk_des_cbc_encrypt,
.decrypt = rk_des_cbc_decrypt, .decrypt = rk_des_cbc_decrypt,
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment