This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
Signed-off-by: Herbert Xu <[email protected]>
---
drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++--
1 file changed, 35 insertions(+), 2 deletions(-)
diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
index a3527c00b29a..c5cde327cf1f 100644
--- a/drivers/crypto/ccree/cc_aead.c
+++ b/drivers/crypto/ccree/cc_aead.c
@@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key,
return rc;
}
+static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
+ unsigned int keylen)
+{
+ struct crypto_authenc_keys keys;
+ u32 flags;
+ int err;
+
+ err = crypto_authenc_extractkeys(&keys, key, keylen);
+ if (unlikely(err))
+ goto badkey;
+
+ err = -EINVAL;
+ if (keys.enckeylen != DES3_EDE_KEY_SIZE)
+ goto badkey;
+
+ flags = crypto_aead_get_flags(aead);
+ err = __des3_verify_key(&flags, keys.enckey);
+ if (unlikely(err)) {
+ crypto_aead_set_flags(aead, flags);
+ goto out;
+ }
+
+ err = cc_aead_setkey(aead, key, keylen);
+
+out:
+ memzero_explicit(&keys, sizeof(keys));
+ return err;
+
+badkey:
+ crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
+ goto out;
+}
+
static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key,
unsigned int keylen)
{
@@ -2372,7 +2405,7 @@ static struct cc_alg_template aead_algs[] = {
.driver_name = "authenc-hmac-sha1-cbc-des3-ccree",
.blocksize = DES3_EDE_BLOCK_SIZE,
.template_aead = {
- .setkey = cc_aead_setkey,
+ .setkey = cc_des3_aead_setkey,
.setauthsize = cc_aead_setauthsize,
.encrypt = cc_aead_encrypt,
.decrypt = cc_aead_decrypt,
@@ -2412,7 +2445,7 @@ static struct cc_alg_template aead_algs[] = {
.driver_name = "authenc-hmac-sha256-cbc-des3-ccree",
.blocksize = DES3_EDE_BLOCK_SIZE,
.template_aead = {
- .setkey = cc_aead_setkey,
+ .setkey = cc_des3_aead_setkey,
.setauthsize = cc_aead_setauthsize,
.encrypt = cc_aead_encrypt,
.decrypt = cc_aead_decrypt,
Am Donnerstag, 11. April 2019, 10:51:06 CEST schrieb Herbert Xu:
Hi Herbert,
> This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
>
> Signed-off-by: Herbert Xu <[email protected]>
> ---
>
> drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++--
> 1 file changed, 35 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
> index a3527c00b29a..c5cde327cf1f 100644
> --- a/drivers/crypto/ccree/cc_aead.c
> +++ b/drivers/crypto/ccree/cc_aead.c
> @@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm,
> const u8 *key, return rc;
> }
>
> +static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
> + unsigned int keylen)
This function looks very similar to des3_aead_setkey in the different caam
code changes.
Thus, wouldn't it be better to have common service function?
> +{
> + struct crypto_authenc_keys keys;
> + u32 flags;
> + int err;
> +
> + err = crypto_authenc_extractkeys(&keys, key, keylen);
> + if (unlikely(err))
> + goto badkey;
> +
> + err = -EINVAL;
> + if (keys.enckeylen != DES3_EDE_KEY_SIZE)
> + goto badkey;
> +
> + flags = crypto_aead_get_flags(aead);
> + err = __des3_verify_key(&flags, keys.enckey);
> + if (unlikely(err)) {
> + crypto_aead_set_flags(aead, flags);
> + goto out;
> + }
> +
> + err = cc_aead_setkey(aead, key, keylen);
> +
> +out:
> + memzero_explicit(&keys, sizeof(keys));
> + return err;
> +
> +badkey:
> + crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
> + goto out;
> +}
> +
> static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key,
> unsigned int keylen)
> {
> @@ -2372,7 +2405,7 @@ static struct cc_alg_template aead_algs[] = {
> .driver_name = "authenc-hmac-sha1-cbc-des3-ccree",
> .blocksize = DES3_EDE_BLOCK_SIZE,
> .template_aead = {
> - .setkey = cc_aead_setkey,
> + .setkey = cc_des3_aead_setkey,
> .setauthsize = cc_aead_setauthsize,
> .encrypt = cc_aead_encrypt,
> .decrypt = cc_aead_decrypt,
> @@ -2412,7 +2445,7 @@ static struct cc_alg_template aead_algs[] = {
> .driver_name = "authenc-hmac-sha256-cbc-des3-ccree",
> .blocksize = DES3_EDE_BLOCK_SIZE,
> .template_aead = {
> - .setkey = cc_aead_setkey,
> + .setkey = cc_des3_aead_setkey,
> .setauthsize = cc_aead_setauthsize,
> .encrypt = cc_aead_encrypt,
> .decrypt = cc_aead_decrypt,
Ciao
Stephan
On Thu, Apr 11, 2019 at 11:27:54AM +0200, Stephan Mueller wrote:
> Am Donnerstag, 11. April 2019, 10:51:06 CEST schrieb Herbert Xu:
>
> Hi Herbert,
>
> > This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
> >
> > Signed-off-by: Herbert Xu <[email protected]>
> > ---
> >
> > drivers/crypto/ccree/cc_aead.c | 37 +++++++++++++++++++++++++++++++++++--
> > 1 file changed, 35 insertions(+), 2 deletions(-)
> >
> > diff --git a/drivers/crypto/ccree/cc_aead.c b/drivers/crypto/ccree/cc_aead.c
> > index a3527c00b29a..c5cde327cf1f 100644
> > --- a/drivers/crypto/ccree/cc_aead.c
> > +++ b/drivers/crypto/ccree/cc_aead.c
> > @@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm,
> > const u8 *key, return rc;
> > }
> >
> > +static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key,
> > + unsigned int keylen)
>
> This function looks very similar to des3_aead_setkey in the different caam
> code changes.
>
> Thus, wouldn't it be better to have common service function?
Sure, we can do that on top of this patch-series.
Thanks,
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[ Resent because gmail decided suddenly to send HTML email... ]
On Thu, Apr 11, 2019 at 11:51 AM Herbert Xu <[email protected]> wrote:
>
> This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
>
> Signed-off-by: Herbert Xu <[email protected]>
Acked-by: Gilad Ben-Yossef <[email protected]>
Thank you Herbert!
Gilad