From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Linux Crypto Mailing List <linux-crypto@vger.kernel.org>
Subject: Re: [PATCH 10/24] crypto: ccree - Forbid 2-key 3DES in FIPS mode
Date: Thu, 11 Apr 2019 11:27:54 +0200 [thread overview]
Message-ID: <2919231.mFyek56I8j@tauon.chronox.de> (raw)
In-Reply-To: <E1hEVQI-0006mq-Kd@gondobar>
Am Donnerstag, 11. April 2019, 10:51:06 CEST schrieb Herbert Xu:
Hi Herbert,
> This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
>
> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
> ---
>
> drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++--
> 1 file changed, 35 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
> index a3527c00b29a..c5cde327cf1f 100644
> --- a/drivers/crypto/ccree/cc_aead.c
> +++ b/drivers/crypto/ccree/cc_aead.c
> @@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm,
> const u8 *key, return rc;
> }
>
> +static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
> + unsigned int keylen)
This function looks very similar to des3_aead_setkey in the different caam
code changes.
Thus, wouldn't it be better to have common service function?
> +{
> + struct crypto_authenc_keys keys;
> + u32 flags;
> + int err;
> +
> + err = crypto_authenc_extractkeys(&keys, key, keylen);
> + if (unlikely(err))
> + goto badkey;
> +
> + err = -EINVAL;
> + if (keys.enckeylen != DES3_EDE_KEY_SIZE)
> + goto badkey;
> +
> + flags = crypto_aead_get_flags(aead);
> + err = __des3_verify_key(&flags, keys.enckey);
> + if (unlikely(err)) {
> + crypto_aead_set_flags(aead, flags);
> + goto out;
> + }
> +
> + err = cc_aead_setkey(aead, key, keylen);
> +
> +out:
> + memzero_explicit(&keys, sizeof(keys));
> + return err;
> +
> +badkey:
> + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
> + goto out;
> +}
> +
> static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key,
> unsigned int keylen)
> {
> @@ -2372,7 +2405,7 @@ static struct cc_alg_template aead_algs[] = {
> .driver_name = "authenc-hmac-sha1-cbc-des3-ccree",
> .blocksize = DES3_EDE_BLOCK_SIZE,
> .template_aead = {
> - .setkey = cc_aead_setkey,
> + .setkey = cc_des3_aead_setkey,
> .setauthsize = cc_aead_setauthsize,
> .encrypt = cc_aead_encrypt,
> .decrypt = cc_aead_decrypt,
> @@ -2412,7 +2445,7 @@ static struct cc_alg_template aead_algs[] = {
> .driver_name = "authenc-hmac-sha256-cbc-des3-ccree",
> .blocksize = DES3_EDE_BLOCK_SIZE,
> .template_aead = {
> - .setkey = cc_aead_setkey,
> + .setkey = cc_des3_aead_setkey,
> .setauthsize = cc_aead_setauthsize,
> .encrypt = cc_aead_encrypt,
> .decrypt = cc_aead_decrypt,
Ciao
Stephan
next prev parent reply other threads:[~2019-04-11 9:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-11 8:47 [PATCH 0/24] Forbid 2-key 3DES in FIPS mode Herbert Xu
2019-04-11 8:50 ` [PATCH 1/24] crypto: des_generic - Forbid 2-key in 3DES and add helpers Herbert Xu
2019-04-11 8:50 ` [PATCH 2/24] crypto: s390 - Forbid 2-key 3DES in FIPS mode Herbert Xu
2019-04-11 8:50 ` [PATCH 3/24] crypto: sparc " Herbert Xu
2019-04-11 8:51 ` [PATCH 4/24] crypto: atmel " Herbert Xu
2019-04-11 8:51 ` [PATCH 5/24] crypto: bcm " Herbert Xu
2019-04-11 8:51 ` [PATCH 6/24] crypto: caam " Herbert Xu
2019-04-16 12:52 ` Horia Geanta
2019-04-16 12:53 ` Iuliana Prodan
2019-04-11 8:51 ` [PATCH 7/24] crypto: cavium " Herbert Xu
2019-04-11 8:51 ` [PATCH 8/24] crypto: nitrox " Herbert Xu
2019-04-11 8:51 ` [PATCH 9/24] crypto: ccp " Herbert Xu
2019-04-11 8:51 ` [PATCH 10/24] crypto: ccree " Herbert Xu
2019-04-11 9:27 ` Stephan Mueller [this message]
2019-04-11 9:30 ` Herbert Xu
2019-04-11 11:07 ` Gilad Ben-Yossef
2019-04-11 8:51 ` [PATCH 11/24] crypto: hifn_795x " Herbert Xu
2019-04-11 8:51 ` [PATCH 12/24] crypto: hisilicon " Herbert Xu
2019-04-11 8:51 ` [PATCH 13/24] crypto: inside-secure " Herbert Xu
2019-04-11 8:51 ` [PATCH 14/24] crypto: ixp4xx " Herbert Xu
2019-04-11 8:51 ` [PATCH 15/24] crypto: marvell " Herbert Xu
2019-04-11 8:51 ` [PATCH 16/24] crypto: n2 " Herbert Xu
2019-04-11 8:51 ` [PATCH 17/24] crypto: omap " Herbert Xu
2019-04-11 8:51 ` [PATCH 18/24] crypto: picoxcell " Herbert Xu
2019-04-11 8:51 ` [PATCH 19/24] crypto: qce " Herbert Xu
2019-04-11 8:51 ` [PATCH 20/24] crypto: rockchip " Herbert Xu
2019-04-11 8:51 ` [PATCH 21/24] crypto: stm32 " Herbert Xu
2019-04-12 13:36 ` Lionel DEBIEVE
2019-04-13 13:50 ` Herbert Xu
2019-04-15 9:45 ` Lionel DEBIEVE
2019-04-11 8:51 ` [PATCH 22/24] crypto: sun4i-ss " Herbert Xu
2019-04-11 13:51 ` Corentin Labbe
2019-04-11 8:51 ` [PATCH 23/24] crypto: talitos " Herbert Xu
2019-04-11 8:51 ` [PATCH 24/24] crypto: ux500 " Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2919231.mFyek56I8j@tauon.chronox.de \
--to=smueller@chronox.de \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.