crypto: caam/des - switch to new verification routines
Cc: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Родитель
05a7238d08
Коммит
a628c5a11d
|
@ -628,33 +628,17 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
|
|||
unsigned int keylen)
|
||||
{
|
||||
struct crypto_authenc_keys keys;
|
||||
u32 flags;
|
||||
int err;
|
||||
|
||||
err = crypto_authenc_extractkeys(&keys, key, keylen);
|
||||
if (unlikely(err))
|
||||
goto badkey;
|
||||
return err;
|
||||
|
||||
err = -EINVAL;
|
||||
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
|
||||
goto badkey;
|
||||
err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?:
|
||||
aead_setkey(aead, key, keylen);
|
||||
|
||||
flags = crypto_aead_get_flags(aead);
|
||||
err = __des3_verify_key(&flags, keys.enckey);
|
||||
if (unlikely(err)) {
|
||||
crypto_aead_set_flags(aead, flags);
|
||||
goto out;
|
||||
}
|
||||
|
||||
err = aead_setkey(aead, key, keylen);
|
||||
|
||||
out:
|
||||
memzero_explicit(&keys, sizeof(keys));
|
||||
return err;
|
||||
|
||||
badkey:
|
||||
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
goto out;
|
||||
}
|
||||
|
||||
static int gcm_setkey(struct crypto_aead *aead,
|
||||
|
@ -843,22 +827,15 @@ static int arc4_skcipher_setkey(struct crypto_skcipher *skcipher,
|
|||
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
u32 tmp[DES3_EDE_EXPKEY_WORDS];
|
||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
|
||||
return verify_skcipher_des_key(skcipher, key) ?:
|
||||
skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
if (keylen == DES3_EDE_KEY_SIZE &&
|
||||
__des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
|
||||
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
|
||||
crypto_skcipher_set_flags(skcipher,
|
||||
CRYPTO_TFM_RES_WEAK_KEY);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen, 0);
|
||||
static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
return verify_skcipher_des3_key(skcipher, key) ?:
|
||||
skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
|
@ -1954,7 +1931,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
|||
.cra_driver_name = "cbc-3des-caam",
|
||||
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
||||
},
|
||||
.setkey = des_skcipher_setkey,
|
||||
.setkey = des3_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = DES3_EDE_KEY_SIZE,
|
||||
|
@ -2073,7 +2050,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
|||
.cra_driver_name = "ecb-des3-caam",
|
||||
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
||||
},
|
||||
.setkey = des_skcipher_setkey,
|
||||
.setkey = des3_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = DES3_EDE_KEY_SIZE,
|
||||
|
|
|
@ -278,33 +278,17 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
|
|||
unsigned int keylen)
|
||||
{
|
||||
struct crypto_authenc_keys keys;
|
||||
u32 flags;
|
||||
int err;
|
||||
|
||||
err = crypto_authenc_extractkeys(&keys, key, keylen);
|
||||
if (unlikely(err))
|
||||
goto badkey;
|
||||
return err;
|
||||
|
||||
err = -EINVAL;
|
||||
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
|
||||
goto badkey;
|
||||
err = verify_aead_des3_key(aead, keys.enckey, keys.enckeylen) ?:
|
||||
aead_setkey(aead, key, keylen);
|
||||
|
||||
flags = crypto_aead_get_flags(aead);
|
||||
err = __des3_verify_key(&flags, keys.enckey);
|
||||
if (unlikely(err)) {
|
||||
crypto_aead_set_flags(aead, flags);
|
||||
goto out;
|
||||
}
|
||||
|
||||
err = aead_setkey(aead, key, keylen);
|
||||
|
||||
out:
|
||||
memzero_explicit(&keys, sizeof(keys));
|
||||
return err;
|
||||
|
||||
badkey:
|
||||
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
goto out;
|
||||
}
|
||||
|
||||
static int gcm_set_sh_desc(struct crypto_aead *aead)
|
||||
|
@ -745,23 +729,15 @@ static int ctr_skcipher_setkey(struct crypto_skcipher *skcipher,
|
|||
static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
return unlikely(des3_verify_key(skcipher, key)) ?:
|
||||
return verify_skcipher_des3_key(skcipher, key) ?:
|
||||
skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
u32 tmp[DES_EXPKEY_WORDS];
|
||||
|
||||
if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
|
||||
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
|
||||
crypto_skcipher_set_flags(skcipher,
|
||||
CRYPTO_TFM_RES_WEAK_KEY);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen, 0);
|
||||
return verify_skcipher_des_key(skcipher, key) ?:
|
||||
skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
|
|
|
@ -322,7 +322,6 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
|
|||
unsigned int keylen)
|
||||
{
|
||||
struct crypto_authenc_keys keys;
|
||||
u32 flags;
|
||||
int err;
|
||||
|
||||
err = crypto_authenc_extractkeys(&keys, key, keylen);
|
||||
|
@ -333,14 +332,8 @@ static int des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
|
|||
if (keys.enckeylen != DES3_EDE_KEY_SIZE)
|
||||
goto badkey;
|
||||
|
||||
flags = crypto_aead_get_flags(aead);
|
||||
err = __des3_verify_key(&flags, keys.enckey);
|
||||
if (unlikely(err)) {
|
||||
crypto_aead_set_flags(aead, flags);
|
||||
goto out;
|
||||
}
|
||||
|
||||
err = aead_setkey(aead, key, keylen);
|
||||
err = crypto_des3_ede_verify_key(crypto_aead_tfm(aead), keys.enckey) ?:
|
||||
aead_setkey(aead, key, keylen);
|
||||
|
||||
out:
|
||||
memzero_explicit(&keys, sizeof(keys));
|
||||
|
@ -1070,22 +1063,15 @@ static int chacha20_skcipher_setkey(struct crypto_skcipher *skcipher,
|
|||
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
u32 tmp[DES3_EDE_EXPKEY_WORDS];
|
||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
|
||||
return verify_skcipher_des_key(skcipher, key) ?:
|
||||
skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
if (keylen == DES3_EDE_KEY_SIZE &&
|
||||
__des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
|
||||
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
|
||||
crypto_skcipher_set_flags(skcipher,
|
||||
CRYPTO_TFM_RES_WEAK_KEY);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen, 0);
|
||||
static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
return verify_skcipher_des3_key(skcipher, key) ?:
|
||||
skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
|
@ -1634,7 +1620,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
|||
.cra_driver_name = "cbc-3des-caam-qi2",
|
||||
.cra_blocksize = DES3_EDE_BLOCK_SIZE,
|
||||
},
|
||||
.setkey = des_skcipher_setkey,
|
||||
.setkey = des3_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = DES3_EDE_KEY_SIZE,
|
||||
|
|
|
@ -32,7 +32,7 @@
|
|||
#include <crypto/null.h>
|
||||
#include <crypto/aes.h>
|
||||
#include <crypto/ctr.h>
|
||||
#include <crypto/des.h>
|
||||
#include <crypto/internal/des.h>
|
||||
#include <crypto/gcm.h>
|
||||
#include <crypto/sha.h>
|
||||
#include <crypto/md5.h>
|
||||
|
|
Загрузка…
Ссылка в новой задаче