diff mbox series

[12/24] crypto: hisilicon - Forbid 2-key 3DES in FIPS mode

Message ID	E1hEVQK-0006nA-SH@gondobar (mailing list archive)
State	Accepted
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@kernel.org> Subject: [PATCH 12/24] crypto: hisilicon - Forbid 2-key 3DES in FIPS mode References: <20190411084707.h56mz2z7jxusnr7u@gondor.apana.org.au> To: Linux Crypto Mailing List <linux-crypto@vger.kernel.org> Message-Id: <E1hEVQK-0006nA-SH@gondobar> From: Herbert Xu <herbert@gondor.apana.org.au> Date: Thu, 11 Apr 2019 16:51:08 +0800 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk
Series	Forbid 2-key 3DES in FIPS mode \| expand [0/24] Forbid 2-key 3DES in FIPS mode [1/24] crypto: des_generic - Forbid 2-key in 3DES and add helpers [2/24] crypto: s390 - Forbid 2-key 3DES in FIPS mode [3/24] crypto: sparc - Forbid 2-key 3DES in FIPS mode [4/24] crypto: atmel - Forbid 2-key 3DES in FIPS mode [5/24] crypto: bcm - Forbid 2-key 3DES in FIPS mode [6/24] crypto: caam - Forbid 2-key 3DES in FIPS mode [7/24] crypto: cavium - Forbid 2-key 3DES in FIPS mode [8/24] crypto: nitrox - Forbid 2-key 3DES in FIPS mode [9/24] crypto: ccp - Forbid 2-key 3DES in FIPS mode [10/24] crypto: ccree - Forbid 2-key 3DES in FIPS mode [11/24] crypto: hifn_795x - Forbid 2-key 3DES in FIPS mode [12/24] crypto: hisilicon - Forbid 2-key 3DES in FIPS mode [13/24] crypto: inside-secure - Forbid 2-key 3DES in FIPS mode [14/24] crypto: ixp4xx - Forbid 2-key 3DES in FIPS mode [15/24] crypto: marvell - Forbid 2-key 3DES in FIPS mode [16/24] crypto: n2 - Forbid 2-key 3DES in FIPS mode [17/24] crypto: omap - Forbid 2-key 3DES in FIPS mode [18/24] crypto: picoxcell - Forbid 2-key 3DES in FIPS mode [19/24] crypto: qce - Forbid 2-key 3DES in FIPS mode [20/24] crypto: rockchip - Forbid 2-key 3DES in FIPS mode [21/24] crypto: stm32 - Forbid 2-key 3DES in FIPS mode [22/24] crypto: sun4i-ss - Forbid 2-key 3DES in FIPS mode [23/24] crypto: talitos - Forbid 2-key 3DES in FIPS mode [24/24] crypto: ux500 - Forbid 2-key 3DES in FIPS mode

Commit Message

Herbert Xu April 11, 2019, 8:51 a.m. UTC

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

It also removes a couple of unnecessary key length checks that
are already performed by the crypto API.
   
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 drivers/crypto/hisilicon/sec/sec_algs.c |   12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff mbox series

Patch

diff --git a/drivers/crypto/hisilicon/sec/sec_algs.c b/drivers/crypto/hisilicon/sec/sec_algs.c
index adc0cd8ae97b..02768af0dccd 100644
--- a/drivers/crypto/hisilicon/sec/sec_algs.c
+++ b/drivers/crypto/hisilicon/sec/sec_algs.c
@@ -365,20 +365,16 @@  static int sec_alg_skcipher_setkey_des_cbc(struct crypto_skcipher *tfm,
 static int sec_alg_skcipher_setkey_3des_ecb(struct crypto_skcipher *tfm,
 					    const u8 *key, unsigned int keylen)
 {
-	if (keylen != DES_KEY_SIZE * 3)
-		return -EINVAL;
-
-	return sec_alg_skcipher_setkey(tfm, key, keylen,
+	return unlikely(des3_verify_key(tfm, key)) ?:
+	       sec_alg_skcipher_setkey(tfm, key, keylen,
 				       SEC_C_3DES_ECB_192_3KEY);
 }
 
 static int sec_alg_skcipher_setkey_3des_cbc(struct crypto_skcipher *tfm,
 					    const u8 *key, unsigned int keylen)
 {
-	if (keylen != DES3_EDE_KEY_SIZE)
-		return -EINVAL;
-
-	return sec_alg_skcipher_setkey(tfm, key, keylen,
+	return unlikely(des3_verify_key(tfm, key)) ?:
+	       sec_alg_skcipher_setkey(tfm, key, keylen,
 				       SEC_C_3DES_CBC_192_3KEY);
 }