Linux cryptographic layer development
 help / color / mirror / Atom feed
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@google.com,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [RFC PATCH 05/30] crypto: bcm/des - switch to new verification routines
Date: Sat, 22 Jun 2019 02:30:47 +0200	[thread overview]
Message-ID: <20190622003112.31033-6-ard.biesheuvel@linaro.org> (raw)
In-Reply-To: <20190622003112.31033-1-ard.biesheuvel@linaro.org>

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/crypto/bcm/cipher.c   | 82 +++++---------------
 drivers/crypto/caam/caamalg.c | 31 ++++----
 2 files changed, 37 insertions(+), 76 deletions(-)

diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c
index d972ffac779d..70f2d0cb1a0c 100644
--- a/drivers/crypto/bcm/cipher.c
+++ b/drivers/crypto/bcm/cipher.c
@@ -35,7 +35,7 @@
 #include <crypto/aead.h>
 #include <crypto/internal/aead.h>
 #include <crypto/aes.h>
-#include <crypto/des.h>
+#include <crypto/internal/des.h>
 #include <crypto/hmac.h>
 #include <crypto/sha.h>
 #include <crypto/md5.h>
@@ -1813,24 +1813,13 @@ static int des_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
 		      unsigned int keylen)
 {
 	struct iproc_ctx_s *ctx = crypto_ablkcipher_ctx(cipher);
-	u32 tmp[DES_EXPKEY_WORDS];
-
-	if (keylen == DES_KEY_SIZE) {
-		if (des_ekey(tmp, key) == 0) {
-			if (crypto_ablkcipher_get_flags(cipher) &
-			    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) {
-				u32 flags = CRYPTO_TFM_RES_WEAK_KEY;
+	int err;
 
-				crypto_ablkcipher_set_flags(cipher, flags);
-				return -EINVAL;
-			}
-		}
+	err = crypto_des_verify_key(crypto_ablkcipher_tfm(cipher), key, keylen);
+	if (unlikely(err))
+		return err;
 
-		ctx->cipher_type = CIPHER_TYPE_DES;
-	} else {
-		crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
-		return -EINVAL;
-	}
+	ctx->cipher_type = CIPHER_TYPE_DES;
 	return 0;
 }
 
@@ -1838,23 +1827,14 @@ static int threedes_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
 			   unsigned int keylen)
 {
 	struct iproc_ctx_s *ctx = crypto_ablkcipher_ctx(cipher);
+	int err;
 
-	if (keylen == (DES_KEY_SIZE * 3)) {
-		u32 flags;
-		int ret;
-
-		flags = crypto_ablkcipher_get_flags(cipher);
-		ret = __des3_verify_key(&flags, key);
-		if (unlikely(ret)) {
-			crypto_ablkcipher_set_flags(cipher, flags);
-			return ret;
-		}
+	err = crypto_des3_ede_verify_key(crypto_ablkcipher_tfm(cipher), key,
+					 keylen);
+	if (unlikely(err))
+		return err;
 
-		ctx->cipher_type = CIPHER_TYPE_3DES;
-	} else {
-		crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
-		return -EINVAL;
-	}
+	ctx->cipher_type = CIPHER_TYPE_3DES;
 	return 0;
 }
 
@@ -2866,40 +2846,18 @@ static int aead_authenc_setkey(struct crypto_aead *cipher,
 
 	switch (ctx->alg->cipher_info.alg) {
 	case CIPHER_ALG_DES:
-		if (ctx->enckeylen == DES_KEY_SIZE) {
-			u32 tmp[DES_EXPKEY_WORDS];
-			u32 flags = CRYPTO_TFM_RES_WEAK_KEY;
-
-			if (des_ekey(tmp, keys.enckey) == 0) {
-				if (crypto_aead_get_flags(cipher) &
-				    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) {
-					crypto_aead_set_flags(cipher, flags);
-					return -EINVAL;
-				}
-			}
+		if (crypto_des_verify_key(crypto_aead_tfm(cipher), keys.enckey,
+				   keys.enckeylen))
+			return -EINVAL;
 
-			ctx->cipher_type = CIPHER_TYPE_DES;
-		} else {
-			goto badkey;
-		}
+		ctx->cipher_type = CIPHER_TYPE_DES;
 		break;
 	case CIPHER_ALG_3DES:
-		if (ctx->enckeylen == (DES_KEY_SIZE * 3)) {
-			u32 flags;
-
-			flags = crypto_aead_get_flags(cipher);
-			ret = __des3_verify_key(&flags, keys.enckey);
-			if (unlikely(ret)) {
-				crypto_aead_set_flags(cipher, flags);
-				return ret;
-			}
-
-			ctx->cipher_type = CIPHER_TYPE_3DES;
-		} else {
-			crypto_aead_set_flags(cipher,
-					      CRYPTO_TFM_RES_BAD_KEY_LEN);
+		if (crypto_des3_ede_verify_key(crypto_aead_tfm(cipher),
+					       keys.enckey, keys.enckeylen))
 			return -EINVAL;
-		}
+
+		ctx->cipher_type = CIPHER_TYPE_3DES;
 		break;
 	case CIPHER_ALG_AES:
 		switch (ctx->enckeylen) {
diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 43f18253e5b6..5d4fa65a015f 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -785,20 +785,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
 static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
 			       const u8 *key, unsigned int keylen)
 {
-	u32 tmp[DES3_EDE_EXPKEY_WORDS];
-	struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
+	int err;
 
-	if (keylen == DES3_EDE_KEY_SIZE &&
-	    __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
-		return -EINVAL;
-	}
+	err = des_verify_key(crypto_skcipher_tfm(skcipher), key, keylen);
+	if (unlikely(err))
+		return err;
 
-	if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
-	    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
-		crypto_skcipher_set_flags(skcipher,
-					  CRYPTO_TFM_RES_WEAK_KEY);
-		return -EINVAL;
-	}
+	return skcipher_setkey(skcipher, key, keylen);
+}
+
+static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
+				const u8 *key, unsigned int keylen)
+{
+	int err;
+
+	err = des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key, keylen);
+	if (unlikely(err))
+		return err;
 
 	return skcipher_setkey(skcipher, key, keylen);
 }
@@ -1899,7 +1902,7 @@ static struct caam_skcipher_alg driver_algs[] = {
 				.cra_driver_name = "cbc-3des-caam",
 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
 			},
-			.setkey = des_skcipher_setkey,
+			.setkey = des3_skcipher_setkey,
 			.encrypt = skcipher_encrypt,
 			.decrypt = skcipher_decrypt,
 			.min_keysize = DES3_EDE_KEY_SIZE,
@@ -2018,7 +2021,7 @@ static struct caam_skcipher_alg driver_algs[] = {
 				.cra_driver_name = "ecb-des3-caam",
 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
 			},
-			.setkey = des_skcipher_setkey,
+			.setkey = des3_skcipher_setkey,
 			.encrypt = skcipher_encrypt,
 			.decrypt = skcipher_decrypt,
 			.min_keysize = DES3_EDE_KEY_SIZE,
-- 
2.20.1


  parent reply	other threads:[~2019-06-22  0:31 UTC|newest]

Thread overview: 43+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-22  0:30 [RFC PATCH 00/30] crypto: DES/3DES cleanup Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 01/30] crypto: des/3des_ede - add new helpers to verify key length Ard Biesheuvel
2019-06-22  5:06   ` Herbert Xu
2019-06-22  7:46     ` Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 02/30] crypto: s390/des - switch to new verification routines Ard Biesheuvel
2019-06-24 10:10   ` Harald Freudenberger
2019-06-22  0:30 ` [RFC PATCH 03/30] crypto: sparc/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 04/30] crypto: atmel/des " Ard Biesheuvel
2019-06-22  0:30 ` Ard Biesheuvel [this message]
2019-06-27  9:14   ` [RFC PATCH 05/30] crypto: bcm/des " Horia Geanta
2019-06-27 10:59     ` Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 06/30] crypto: caam/des " Ard Biesheuvel
2019-06-27  9:57   ` Horia Geanta
2019-06-27 11:00     ` Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 07/30] crypto: cpt/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 08/30] crypto: nitrox/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 09/30] crypto: ccp/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 10/30] crypto: ccree/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 11/30] crypto: hifn/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 12/30] crypto: hisilicon/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 13/30] crypto: safexcel/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 14/30] crypto: ixp4xx/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 15/30] crypto: cesa/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 16/30] crypto: n2/des " Ard Biesheuvel
2019-06-22  0:30 ` [RFC PATCH 17/30] crypto: omap/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 18/30] crypto: picoxcell/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 19/30] crypto: qce/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 20/30] crypto: rk3288/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 21/30] crypto: stm32/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 22/30] crypto: sun4i/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 23/30] crypto: talitos/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 24/30] crypto: ux500/des " Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 25/30] crypto: 3des - move verification out of exported routine Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 26/30] crypto: des - remove unused function Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 27/30] crypto: des - split off DES library from generic DES cipher driver Ard Biesheuvel
2019-06-27  9:10   ` [PATCH] crypto: caam - fix dependency on CRYPTO_DES Horia Geanta
2019-06-27  9:12     ` Ard Biesheuvel
2019-06-27  9:21       ` Horia Geanta
2019-06-22  0:31 ` [RFC PATCH 28/30] crypto: x86/des - switch to library interface Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 29/30] crypto: des - remove now unused __des3_ede_setkey() Ard Biesheuvel
2019-06-22  0:31 ` [RFC PATCH 30/30] fs: cifs: move from the crypto cipher API to the new DES library interface Ard Biesheuvel
2019-06-26  3:40   ` Eric Biggers
2019-06-26  3:31 ` [RFC PATCH 00/30] crypto: DES/3DES cleanup Eric Biggers

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190622003112.31033-6-ard.biesheuvel@linaro.org \
    --to=ard.biesheuvel@linaro.org \
    --cc=ebiggers@google.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox