From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au,
Ard Biesheuvel <ard.biesheuvel@linaro.org>,
Horia Geanta <horia.geanta@nxp.com>
Subject: [PATCH v5 06/30] crypto: caam/des - switch to new verification routines
Date: Thu, 15 Aug 2019 12:00:48 +0300 [thread overview]
Message-ID: <20190815090112.9377-7-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190815090112.9377-1-ard.biesheuvel@linaro.org>
Cc: Horia Geanta <horia.geanta@nxp.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
drivers/crypto/caam/caamalg.c | 49 ++++++--------------
drivers/crypto/caam/caamalg_qi.c | 36 +++-----------
drivers/crypto/caam/caamalg_qi2.c | 36 +++++---------
drivers/crypto/caam/compat.h | 2 +-
4 files changed, 31 insertions(+), 92 deletions(-)
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 947ba8ef487a..3e2662cda9fd 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -628,33 +628,17 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
unsigned int keylen)
{
struct crypto_authenc_keys keys;
- u32 flags;
int err;
err = crypto_authenc_extractkeys(&keys, key, keylen);
if (unlikely(err))
- goto badkey;
-
- err = -EINVAL;
- if (keys.enckeylen != DES3_EDE_KEY_SIZE)
- goto badkey;
-
- flags = crypto_aead_get_flags(aead);
- err = __des3_verify_key(&flags, keys.enckey);
- if (unlikely(err)) {
- crypto_aead_set_flags(aead, flags);
- goto out;
- }
+ return err;
- err = aead_setkey(aead, key, keylen);
+ err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?:
+ aead_setkey(aead, key, keylen);
-out:
memzero_explicit(&keys, sizeof(keys));
return err;
-
-badkey:
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- goto out;
}
static int gcm_setkey(struct crypto_aead *aead,
@@ -843,22 +827,15 @@ static int arc4_skcipher_setkey(struct crypto_skcipher *skcipher,
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
const u8 *key, unsigned int keylen)
{
- u32 tmp[DES3_EDE_EXPKEY_WORDS];
- struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
-
- if (keylen == DES3_EDE_KEY_SIZE &&
- __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
- return -EINVAL;
- }
-
- if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
- CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
- crypto_skcipher_set_flags(skcipher,
- CRYPTO_TFM_RES_WEAK_KEY);
- return -EINVAL;
- }
+ return verify_skcipher_des_key(skcipher, key) ?:
+ skcipher_setkey(skcipher, key, keylen, 0);
+}
- return skcipher_setkey(skcipher, key, keylen, 0);
+static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
+ const u8 *key, unsigned int keylen)
+{
+ return verify_skcipher_des3_key(skcipher, key) ?:
+ skcipher_setkey(skcipher, key, keylen, 0);
}
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
@@ -1954,7 +1931,7 @@ static struct caam_skcipher_alg driver_algs[] = {
.cra_driver_name = "cbc-3des-caam",
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
},
- .setkey = des_skcipher_setkey,
+ .setkey = des3_skcipher_setkey,
.encrypt = skcipher_encrypt,
.decrypt = skcipher_decrypt,
.min_keysize = DES3_EDE_KEY_SIZE,
@@ -2073,7 +2050,7 @@ static struct caam_skcipher_alg driver_algs[] = {
.cra_driver_name = "ecb-des3-caam",
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
},
- .setkey = des_skcipher_setkey,
+ .setkey = des3_skcipher_setkey,
.encrypt = skcipher_encrypt,
.decrypt = skcipher_decrypt,
.min_keysize = DES3_EDE_KEY_SIZE,
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 59b59f5e9550..23dfdbc1d30f 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -278,33 +278,17 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
unsigned int keylen)
{
struct crypto_authenc_keys keys;
- u32 flags;
int err;
err = crypto_authenc_extractkeys(&keys, key, keylen);
if (unlikely(err))
- goto badkey;
-
- err = -EINVAL;
- if (keys.enckeylen != DES3_EDE_KEY_SIZE)
- goto badkey;
-
- flags = crypto_aead_get_flags(aead);
- err = __des3_verify_key(&flags, keys.enckey);
- if (unlikely(err)) {
- crypto_aead_set_flags(aead, flags);
- goto out;
- }
+ return err;
- err = aead_setkey(aead, key, keylen);
+ err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?:
+ aead_setkey(aead, key, keylen);
-out:
memzero_explicit(&keys, sizeof(keys));
return err;
-
-badkey:
- crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
- goto out;
}
static int gcm_set_sh_desc(struct crypto_aead *aead)
@@ -745,23 +729,15 @@ static int ctr_skcipher_setkey(struct crypto_skcipher *skcipher,
static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
const u8 *key, unsigned int keylen)
{
- return unlikely(des3_verify_key(skcipher, key)) ?:
+ return verify_skcipher_des3_key(skcipher, key) ?:
skcipher_setkey(skcipher, key, keylen, 0);
}
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
const u8 *key, unsigned int keylen)
{
- u32 tmp[DES_EXPKEY_WORDS];
-
- if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
- CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
- crypto_skcipher_set_flags(skcipher,
- CRYPTO_TFM_RES_WEAK_KEY);
- return -EINVAL;
- }
-
- return skcipher_setkey(skcipher, key, keylen, 0);
+ return verify_skcipher_des_key(skcipher, key) ?:
+ skcipher_setkey(skcipher, key, keylen, 0);
}
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index bd01bcd799e8..3443f6d6dd83 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -322,7 +322,6 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
unsigned int keylen)
{
struct crypto_authenc_keys keys;
- u32 flags;
int err;
err = crypto_authenc_extractkeys(&keys, key, keylen);
@@ -333,14 +332,8 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
goto badkey;
- flags = crypto_aead_get_flags(aead);
- err = __des3_verify_key(&flags, keys.enckey);
- if (unlikely(err)) {
- crypto_aead_set_flags(aead, flags);
- goto out;
- }
-
- err = aead_setkey(aead, key, keylen);
+ err = crypto_des3_ede_verify_key(crypto_aead_tfm(aead), keys.enckey) ?:
+ aead_setkey(aead, key, keylen);
out:
memzero_explicit(&keys, sizeof(keys));
@@ -1070,22 +1063,15 @@ static int chacha20_skcipher_setkey(struct crypto_skcipher *skcipher,
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
const u8 *key, unsigned int keylen)
{
- u32 tmp[DES3_EDE_EXPKEY_WORDS];
- struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
-
- if (keylen == DES3_EDE_KEY_SIZE &&
- __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
- return -EINVAL;
- }
-
- if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
- CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
- crypto_skcipher_set_flags(skcipher,
- CRYPTO_TFM_RES_WEAK_KEY);
- return -EINVAL;
- }
+ return verify_skcipher_des_key(skcipher, key) ?:
+ skcipher_setkey(skcipher, key, keylen, 0);
+}
- return skcipher_setkey(skcipher, key, keylen, 0);
+static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
+ const u8 *key, unsigned int keylen)
+{
+ return verify_skcipher_des3_key(skcipher, key) ?:
+ skcipher_setkey(skcipher, key, keylen, 0);
}
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
@@ -1634,7 +1620,7 @@ static struct caam_skcipher_alg driver_algs[] = {
.cra_driver_name = "cbc-3des-caam-qi2",
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
},
- .setkey = des_skcipher_setkey,
+ .setkey = des3_skcipher_setkey,
.encrypt = skcipher_encrypt,
.decrypt = skcipher_decrypt,
.min_keysize = DES3_EDE_KEY_SIZE,
diff --git a/drivers/crypto/caam/compat.h b/drivers/crypto/caam/compat.h
index 8639b2df0371..60e2a54c19f1 100644
--- a/drivers/crypto/caam/compat.h
+++ b/drivers/crypto/caam/compat.h
@@ -32,7 +32,7 @@
#include <crypto/null.h>
#include <crypto/aes.h>
#include <crypto/ctr.h>
-#include <crypto/des.h>
+#include <crypto/internal/des.h>
#include <crypto/gcm.h>
#include <crypto/sha.h>
#include <crypto/md5.h>
--
2.17.1
next prev parent reply other threads:[~2019-08-15 9:01 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-15 9:00 [PATCH v5 00/30] crypto: DES/3DES cleanup Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 01/30] crypto: des/3des_ede - add new helpers to verify keys Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 02/30] crypto: s390/des - switch to new verification routines Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 03/30] crypto: sparc/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 04/30] crypto: atmel/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 05/30] crypto: bcm/des " Ard Biesheuvel
2019-08-15 9:00 ` Ard Biesheuvel [this message]
2019-08-15 9:00 ` [PATCH v5 07/30] crypto: cpt/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 08/30] crypto: nitrox/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 09/30] crypto: ccp/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 10/30] crypto: ccree/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 11/30] crypto: hifn/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 12/30] crypto: hisilicon/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 13/30] crypto: safexcel/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 14/30] crypto: ixp4xx/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 15/30] crypto: cesa/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 16/30] crypto: n2/des " Ard Biesheuvel
2019-08-15 9:00 ` [PATCH v5 17/30] crypto: omap/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 18/30] crypto: picoxcell/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 19/30] crypto: qce/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 20/30] crypto: rk3288/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 21/30] crypto: stm32/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 22/30] crypto: sun4i/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 23/30] crypto: talitos/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 24/30] crypto: ux500/des " Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 25/30] crypto: 3des - move verification out of exported routine Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 26/30] crypto: des - remove unused function Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 27/30] crypto: des - split off DES library from generic DES cipher driver Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 28/30] crypto: x86/des - switch to library interface Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 29/30] crypto: des - remove now unused __des3_ede_setkey() Ard Biesheuvel
2019-08-15 9:01 ` [PATCH v5 30/30] fs: cifs: move from the crypto cipher API to the new DES library interface Ard Biesheuvel
2019-08-22 5:56 ` [PATCH v5 00/30] crypto: DES/3DES cleanup Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190815090112.9377-7-ard.biesheuvel@linaro.org \
--to=ard.biesheuvel@linaro.org \
--cc=herbert@gondor.apana.org.au \
--cc=horia.geanta@nxp.com \
--cc=linux-crypto@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.