diff mbox series

[v2,06/30] crypto: caam/des - switch to new verification routines

Message ID 20190627120314.7197-7-ard.biesheuvel@linaro.org (mailing list archive)
State Superseded
Delegated to: Herbert Xu
Headers show
Series crypto: DES/3DES cleanup | expand

Commit Message

Ard Biesheuvel June 27, 2019, 12:02 p.m. UTC 
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/crypto/caam/caamalg.c     | 39 ++++++++++----------
 drivers/crypto/caam/caamalg_qi.c  | 17 +++++----
 drivers/crypto/caam/caamalg_qi2.c | 17 +++++----
 drivers/crypto/caam/compat.h      |  2 +-
 4 files changed, 38 insertions(+), 37 deletions(-)

Comments

Horia Geanta June 27, 2019, 1:26 p.m. UTC | #1 
On 6/27/2019 3:03 PM, Ard Biesheuvel wrote:
> @@ -785,20 +781,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
>  static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
>  			       const u8 *key, unsigned int keylen)
>  {
> -	u32 tmp[DES3_EDE_EXPKEY_WORDS];
> -	struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
> +	int err;
>  
> -	if (keylen == DES3_EDE_KEY_SIZE &&
> -	    __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
> -		return -EINVAL;
> -	}
> +	err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key);
> +	if (unlikely(err))
> +		return err;
>  
> -	if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
> -	    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> -		crypto_skcipher_set_flags(skcipher,
> -					  CRYPTO_TFM_RES_WEAK_KEY);
> -		return -EINVAL;
> -	}
> +	return skcipher_setkey(skcipher, key, keylen);

This would be a bit more compact:

	return unlikely(crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key)) ?:
	       skcipher_setkey(skcipher, key, keylen);

and could be used in most places.

Actually here:

> @@ -697,8 +693,13 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
>  static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
>  				const u8 *key, unsigned int keylen)
>  {
> -	return unlikely(des3_verify_key(skcipher, key)) ?:
> -	       skcipher_setkey(skcipher, key, keylen);
> +	int err;
> +
> +	err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
> +	if (unlikely(err))
> +		return err;
> +
> +	return skcipher_setkey(skcipher, key, keylen);
>  }

this pattern is already used, only the verification function
has to be replaced.

Horia
Ard Biesheuvel June 27, 2019, 1:45 p.m. UTC | #2 
On Thu, 27 Jun 2019 at 15:26, Horia Geanta <horia.geanta@nxp.com> wrote:
>
> On 6/27/2019 3:03 PM, Ard Biesheuvel wrote:
> > @@ -785,20 +781,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
> >  static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
> >                              const u8 *key, unsigned int keylen)
> >  {
> > -     u32 tmp[DES3_EDE_EXPKEY_WORDS];
> > -     struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
> > +     int err;
> >
> > -     if (keylen == DES3_EDE_KEY_SIZE &&
> > -         __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
> > -             return -EINVAL;
> > -     }
> > +     err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key);
> > +     if (unlikely(err))
> > +             return err;
> >
> > -     if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
> > -         CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> > -             crypto_skcipher_set_flags(skcipher,
> > -                                       CRYPTO_TFM_RES_WEAK_KEY);
> > -             return -EINVAL;
> > -     }
> > +     return skcipher_setkey(skcipher, key, keylen);
>
> This would be a bit more compact:
>
>         return unlikely(crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key)) ?:
>                skcipher_setkey(skcipher, key, keylen);
>
> and could be used in most places.
>
> Actually here:
>
> > @@ -697,8 +693,13 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
> >  static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
> >                               const u8 *key, unsigned int keylen)
> >  {
> > -     return unlikely(des3_verify_key(skcipher, key)) ?:
> > -            skcipher_setkey(skcipher, key, keylen);
> > +     int err;
> > +
> > +     err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
> > +     if (unlikely(err))
> > +             return err;
> > +
> > +     return skcipher_setkey(skcipher, key, keylen);
> >  }
>
> this pattern is already used, only the verification function
> has to be replaced.
>

OK, got it.
diff mbox series

Patch

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 43f18253e5b6..bc054c119cdf 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -633,7 +633,6 @@  static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
 			    unsigned int keylen)
 {
 	struct crypto_authenc_keys keys;
-	u32 flags;
 	int err;
 
 	err = crypto_authenc_extractkeys(&keys, key, keylen);
@@ -644,12 +643,9 @@  static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
 	if (keys.enckeylen != DES3_EDE_KEY_SIZE)
 		goto badkey;
 
-	flags = crypto_aead_get_flags(aead);
-	err = __des3_verify_key(&flags, keys.enckey);
-	if (unlikely(err)) {
-		crypto_aead_set_flags(aead, flags);
+	err = crypto_des3_ede_verify_key(crypto_aead_tfm(aead), keys.enckey);
+	if (unlikely(err))
 		goto out;
-	}
 
 	err = aead_setkey(aead, key, keylen);
 
@@ -785,20 +781,23 @@  static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
 static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
 			       const u8 *key, unsigned int keylen)
 {
-	u32 tmp[DES3_EDE_EXPKEY_WORDS];
-	struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
+	int err;
 
-	if (keylen == DES3_EDE_KEY_SIZE &&
-	    __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
-		return -EINVAL;
-	}
+	err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key);
+	if (unlikely(err))
+		return err;
 
-	if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
-	    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
-		crypto_skcipher_set_flags(skcipher,
-					  CRYPTO_TFM_RES_WEAK_KEY);
-		return -EINVAL;
-	}
+	return skcipher_setkey(skcipher, key, keylen);
+}
+
+static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
+				const u8 *key, unsigned int keylen)
+{
+	int err;
+
+	err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
+	if (unlikely(err))
+		return err;
 
 	return skcipher_setkey(skcipher, key, keylen);
 }
@@ -1899,7 +1898,7 @@  static struct caam_skcipher_alg driver_algs[] = {
 				.cra_driver_name = "cbc-3des-caam",
 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
 			},
-			.setkey = des_skcipher_setkey,
+			.setkey = des3_skcipher_setkey,
 			.encrypt = skcipher_encrypt,
 			.decrypt = skcipher_decrypt,
 			.min_keysize = DES3_EDE_KEY_SIZE,
@@ -2018,7 +2017,7 @@  static struct caam_skcipher_alg driver_algs[] = {
 				.cra_driver_name = "ecb-des3-caam",
 				.cra_blocksize = DES3_EDE_BLOCK_SIZE,
 			},
-			.setkey = des_skcipher_setkey,
+			.setkey = des3_skcipher_setkey,
 			.encrypt = skcipher_encrypt,
 			.decrypt = skcipher_decrypt,
 			.min_keysize = DES3_EDE_KEY_SIZE,
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 32f0f8a72067..3e29d4ba14e0 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -296,7 +296,6 @@  static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
 			    unsigned int keylen)
 {
 	struct crypto_authenc_keys keys;
-	u32 flags;
 	int err;
 
 	err = crypto_authenc_extractkeys(&keys, key, keylen);
@@ -307,12 +306,9 @@  static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
 	if (keys.enckeylen != DES3_EDE_KEY_SIZE)
 		goto badkey;
 
-	flags = crypto_aead_get_flags(aead);
-	err = __des3_verify_key(&flags, keys.enckey);
-	if (unlikely(err)) {
-		crypto_aead_set_flags(aead, flags);
+	err = crypto_des3_ede_verify_key(crypto_aead_tfm(aead), keys.enckey);
+	if (unlikely(err))
 		goto out;
-	}
 
 	err = aead_setkey(aead, key, keylen);
 
@@ -697,8 +693,13 @@  static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
 static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
 				const u8 *key, unsigned int keylen)
 {
-	return unlikely(des3_verify_key(skcipher, key)) ?:
-	       skcipher_setkey(skcipher, key, keylen);
+	int err;
+
+	err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
+	if (unlikely(err))
+		return err;
+
+	return skcipher_setkey(skcipher, key, keylen);
 }
 
 static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 06bf32c32cbd..edf619f33b44 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -329,7 +329,6 @@  static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
 			    unsigned int keylen)
 {
 	struct crypto_authenc_keys keys;
-	u32 flags;
 	int err;
 
 	err = crypto_authenc_extractkeys(&keys, key, keylen);
@@ -340,12 +339,9 @@  static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
 	if (keys.enckeylen != DES3_EDE_KEY_SIZE)
 		goto badkey;
 
-	flags = crypto_aead_get_flags(aead);
-	err = __des3_verify_key(&flags, keys.enckey);
-	if (unlikely(err)) {
-		crypto_aead_set_flags(aead, flags);
+	err = crypto_des3_ede_verify_key(crypto_aead_tfm(aead), keys.enckey);
+	if (unlikely(err))
 		goto out;
-	}
 
 	err = aead_setkey(aead, key, keylen);
 
@@ -999,8 +995,13 @@  static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
 static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
 				const u8 *key, unsigned int keylen)
 {
-	return unlikely(des3_verify_key(skcipher, key)) ?:
-	       skcipher_setkey(skcipher, key, keylen);
+	int err;
+
+	err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
+	if (unlikely(err))
+		return err;
+
+	return skcipher_setkey(skcipher, key, keylen);
 }
 
 static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
diff --git a/drivers/crypto/caam/compat.h b/drivers/crypto/caam/compat.h
index 8639b2df0371..60e2a54c19f1 100644
--- a/drivers/crypto/caam/compat.h
+++ b/drivers/crypto/caam/compat.h
@@ -32,7 +32,7 @@ 
 #include <crypto/null.h>
 #include <crypto/aes.h>
 #include <crypto/ctr.h>
-#include <crypto/des.h>
+#include <crypto/internal/des.h>
 #include <crypto/gcm.h>
 #include <crypto/sha.h>
 #include <crypto/md5.h>