From: Andrei Botila <andrei.botila@oss.nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [RFC] crypto: xts - limit accepted key length
Date: Mon, 2 Mar 2020 10:16:29 +0200 [thread overview]
Message-ID: <20200302081629.17831-1-andrei.botila@oss.nxp.com> (raw)
From: Andrei Botila <andrei.botila@nxp.com>
Currently in XTS generic implementation the valid key length is
repesented by any length which is even. This is a deviation from
the XTS-AES standard (IEEE 1619-2007) which allows keys equal
to {2 x 16B, 2 x 32B} that correspond to underlying XTS-AES-{128, 256}
algorithm. XTS-AES-192 is not supported as mentioned in commit
b66ad0b7aa92 ("crypto: tcrypt - remove AES-XTS-192 speed tests")) or
any other length beside these two specified.
If this modification is accepted then other ciphers that use XTS mode
will have to be modified (camellia, cast6, serpent, twofish).
Signed-off-by: Andrei Botila <andrei.botila@nxp.com>
---
include/crypto/xts.h | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/include/crypto/xts.h b/include/crypto/xts.h
index 0f8dba69feb4..26e764a5ae46 100644
--- a/include/crypto/xts.h
+++ b/include/crypto/xts.h
@@ -4,6 +4,7 @@
#include <crypto/b128ops.h>
#include <crypto/internal/skcipher.h>
+#include <crypto/aes.h>
#include <linux/fips.h>
#define XTS_BLOCK_SIZE 16
@@ -12,10 +13,10 @@ static inline int xts_check_key(struct crypto_tfm *tfm,
const u8 *key, unsigned int keylen)
{
/*
- * key consists of keys of equal size concatenated, therefore
- * the length must be even.
+ * key consists of keys of equal size concatenated, possible
+ * values are 32 or 64 bytes.
*/
- if (keylen % 2)
+ if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE)
return -EINVAL;
/* ensure that the AES and tweak key are not identical */
@@ -29,10 +30,10 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm,
const u8 *key, unsigned int keylen)
{
/*
- * key consists of keys of equal size concatenated, therefore
- * the length must be even.
+ * key consists of keys of equal size concatenated, possible
+ * values are 32 or 64 bytes.
*/
- if (keylen % 2)
+ if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE)
return -EINVAL;
/* ensure that the AES and tweak key are not identical */
--
2.17.1
next reply other threads:[~2020-03-02 8:16 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-02 8:16 Andrei Botila [this message]
[not found] <b8c0cbbf0cb94e389bae5ae3da77596d@DM6PR20MB2762.namprd20.prod.outlook.com>
2020-03-02 8:33 ` [RFC] crypto: xts - limit accepted key length Van Leeuwen, Pascal
2020-03-03 12:29 ` Andrei Botila
2020-03-03 12:35 ` Milan Broz
2020-03-03 13:03 ` Van Leeuwen, Pascal
[not found] ` <c69cebf0d6cb48ff93389d73dea6ba3e@DM6PR20MB2762.namprd20.prod.outlook.com>
2020-03-03 13:09 ` Van Leeuwen, Pascal
2020-03-05 15:22 ` Horia Geantă
[not found] ` <a9b2a676329c4905be6efe088cbb7663@DM6PR20MB2762.namprd20.prod.outlook.com>
2020-03-05 16:48 ` Van Leeuwen, Pascal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200302081629.17831-1-andrei.botila@oss.nxp.com \
--to=andrei.botila@oss.nxp.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).