| Message ID | E1hEVQI-0006mq-Kd@gondobar (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | Forbid 2-key 3DES in FIPS mode | expand |
Am Donnerstag, 11. April 2019, 10:51:06 CEST schrieb Herbert Xu: Hi Herbert, > This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > --- > > drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++-- > 1 file changed, 35 insertions(+), 2 deletions(-) > > diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c > index a3527c00b29a..c5cde327cf1f 100644 > --- a/drivers/crypto/ccree/cc_aead.c > +++ b/drivers/crypto/ccree/cc_aead.c > @@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm, > const u8 *key, return rc; > } > > +static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key, > + unsigned int keylen) This function looks very similar to des3_aead_setkey in the different caam code changes. Thus, wouldn't it be better to have common service function? > +{ > + struct crypto_authenc_keys keys; > + u32 flags; > + int err; > + > + err = crypto_authenc_extractkeys(&keys, key, keylen); > + if (unlikely(err)) > + goto badkey; > + > + err = -EINVAL; > + if (keys.enckeylen != DES3_EDE_KEY_SIZE) > + goto badkey; > + > + flags = crypto_aead_get_flags(aead); > + err = __des3_verify_key(&flags, keys.enckey); > + if (unlikely(err)) { > + crypto_aead_set_flags(aead, flags); > + goto out; > + } > + > + err = cc_aead_setkey(aead, key, keylen); > + > +out: > + memzero_explicit(&keys, sizeof(keys)); > + return err; > + > +badkey: > + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); > + goto out; > +} > + > static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key, > unsigned int keylen) > { > @@ -2372,7 +2405,7 @@ static struct cc_alg_template aead_algs[] = { > .driver_name = "authenc-hmac-sha1-cbc-des3-ccree", > .blocksize = DES3_EDE_BLOCK_SIZE, > .template_aead = { > - .setkey = cc_aead_setkey, > + .setkey = cc_des3_aead_setkey, > .setauthsize = cc_aead_setauthsize, > .encrypt = cc_aead_encrypt, > .decrypt = cc_aead_decrypt, > @@ -2412,7 +2445,7 @@ static struct cc_alg_template aead_algs[] = { > .driver_name = "authenc-hmac-sha256-cbc-des3-ccree", > .blocksize = DES3_EDE_BLOCK_SIZE, > .template_aead = { > - .setkey = cc_aead_setkey, > + .setkey = cc_des3_aead_setkey, > .setauthsize = cc_aead_setauthsize, > .encrypt = cc_aead_encrypt, > .decrypt = cc_aead_decrypt, Ciao Stephan
On Thu, Apr 11, 2019 at 11:27:54AM +0200, Stephan Mueller wrote: > Am Donnerstag, 11. April 2019, 10:51:06 CEST schrieb Herbert Xu: > > Hi Herbert, > > > This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. > > > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> > > --- > > > > drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++-- > > 1 file changed, 35 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c > > index a3527c00b29a..c5cde327cf1f 100644 > > --- a/drivers/crypto/ccree/cc_aead.c > > +++ b/drivers/crypto/ccree/cc_aead.c > > @@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm, > > const u8 *key, return rc; > > } > > > > +static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key, > > + unsigned int keylen) > > This function looks very similar to des3_aead_setkey in the different caam > code changes. > > Thus, wouldn't it be better to have common service function? Sure, we can do that on top of this patch-series. Thanks,
[ Resent because gmail decided suddenly to send HTML email... ] On Thu, Apr 11, 2019 at 11:51 AM Herbert Xu <herbert@gondor.apana.org.au> wrote: > > This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. > > Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: Gilad Ben-Yossef <gilad@benyossef.com> Thank you Herbert! Gilad
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c index a3527c00b29a..c5cde327cf1f 100644 --- a/drivers/crypto/ccree/cc_aead.c +++ b/drivers/crypto/ccree/cc_aead.c @@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, return rc; } +static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key, + unsigned int keylen) +{ + struct crypto_authenc_keys keys; + u32 flags; + int err; + + err = crypto_authenc_extractkeys(&keys, key, keylen); + if (unlikely(err)) + goto badkey; + + err = -EINVAL; + if (keys.enckeylen != DES3_EDE_KEY_SIZE) + goto badkey; + + flags = crypto_aead_get_flags(aead); + err = __des3_verify_key(&flags, keys.enckey); + if (unlikely(err)) { + crypto_aead_set_flags(aead, flags); + goto out; + } + + err = cc_aead_setkey(aead, key, keylen); + +out: + memzero_explicit(&keys, sizeof(keys)); + return err; + +badkey: + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN); + goto out; +} + static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) { @@ -2372,7 +2405,7 @@ static struct cc_alg_template aead_algs[] = { .driver_name = "authenc-hmac-sha1-cbc-des3-ccree", .blocksize = DES3_EDE_BLOCK_SIZE, .template_aead = { - .setkey = cc_aead_setkey, + .setkey = cc_des3_aead_setkey, .setauthsize = cc_aead_setauthsize, .encrypt = cc_aead_encrypt, .decrypt = cc_aead_decrypt, @@ -2412,7 +2445,7 @@ static struct cc_alg_template aead_algs[] = { .driver_name = "authenc-hmac-sha256-cbc-des3-ccree", .blocksize = DES3_EDE_BLOCK_SIZE, .template_aead = { - .setkey = cc_aead_setkey, + .setkey = cc_des3_aead_setkey, .setauthsize = cc_aead_setauthsize, .encrypt = cc_aead_encrypt, .decrypt = cc_aead_decrypt,
This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> --- drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-)