Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp2030935ybf; Mon, 2 Mar 2020 00:17:45 -0800 (PST) X-Google-Smtp-Source: ADFU+vvGkmccuIxAXfkzez8Y2nFpFkhxxwNE7ABQwBpCBXOSC+rb+N+DBeqkBghmfpArcSb12I4N X-Received: by 2002:a05:6830:1b6e:: with SMTP id d14mr3871258ote.117.1583137065200; Mon, 02 Mar 2020 00:17:45 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1583137065; cv=pass; d=google.com; s=arc-20160816; b=j1zNbDnOx9+v7C1ImDwh2H76h0Lx+SwsGuld10HSIhen8VpOv0u2xOXDxZti66Jsos sKp9qbGysmMpkXK4IdXJmQN26K2ueDpy7hG64h4NpK/1MOCV+Dk8K5Y7i8j4AsOJaE+C 4X4vcUuf2IO83Q3t5eJqYCcIMZJ3fMbiG0D8K1XEalRQkRiFGNBP/2pDMRTt4AZXE5lo YZInhp8Bn4lv5o77wGJJKaUxbue7QofjwGu0V965nR0VQwyuJyLT9Hm93I/rWgADiJ0Y BGw2//A4BHMJSZSc7TxR9KgwbTsZvPrCO4G0dpcBdPq3+eU+BW2pUh5X2rhcvqueepvT /2yQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from:dkim-signature; bh=GXpvb8NL8AR/keyslRQVJFUQhjkTvzvkAAGG/Lws8xw=; b=X2CMDplX+1AnU32ukvFydaow+LR+np6/ajtfnlN2a1aJ8h2OTZGLhN8+X8Den1lrZd 5pssUDfywq6FiU/rkT6Uz3W1IyTd6XOaHZgvjzjYne36/Hu9ZN+HJVUgBN/CMc/Z4I9z eRkAiGB0b67WQXb6ZJTeens2yzqHua1Dy8TblgcXTqElESE1J77FtDDbVNE4RkYGRqXS m/VnJa4S/5zoJxpSuNLZS7++q1+qSq5tmZjwPkC+S6JC8bE5LPT/cpsmEtf/UgyBEBwR Td8+WS3q8LeI2mA4TloVlTLyIP/9KMZtSfozzOHiEouZDEyYyhnS1aeblG1tHEc+9tHf l96g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@NXP1.onmicrosoft.com header.s=selector2-NXP1-onmicrosoft-com header.b=cnZAWY1p; arc=pass (i=1 spf=pass spfdomain=oss.nxp.com dkim=pass dkdomain=oss.nxp.com dmarc=pass fromdomain=oss.nxp.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j10si412261otr.268.2020.03.02.00.17.24; Mon, 02 Mar 2020 00:17:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@NXP1.onmicrosoft.com header.s=selector2-NXP1-onmicrosoft-com header.b=cnZAWY1p; arc=pass (i=1 spf=pass spfdomain=oss.nxp.com dkim=pass dkdomain=oss.nxp.com dmarc=pass fromdomain=oss.nxp.com); spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726780AbgCBIQz (ORCPT + 99 others); Mon, 2 Mar 2020 03:16:55 -0500 Received: from mail-eopbgr140074.outbound.protection.outlook.com ([40.107.14.74]:41195 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726674AbgCBIQz (ORCPT ); Mon, 2 Mar 2020 03:16:55 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gHf75m/hdOT+nOoY9y+mtTMDhfIIODD2VqNad+Fb8ZhpTrGPwMX9L9nVTZFjz9xQwbV5xhqu2pYEUORhZHtbusbYe5nQYCEDw2UuIeLAT5+w7JMYEYl0cW+haXDF9PRzSyDBMnuC6bi8hC0Dj61FquPv9wI9eemr0eqd33uIfb/Sh+XVSDuTyM9ROZhagPBxKaWPwuESHempO4/a5i4Xdm8A4RTCwEfXev0S43CyQTqpmf5u3dUn7bLmf5dsy6Nu3m/2ccpPyUt4f8jUDA6F7jJ4Izjd+uuY3HpSmOnQr68pafcReagaFw5kIoEu6lX4eoHR63AXYZoOxphAcxYR5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GXpvb8NL8AR/keyslRQVJFUQhjkTvzvkAAGG/Lws8xw=; b=C/muIpZkcXAe5tN9+W4dnIGbc8vY4/GGg3H6psgKmaw2eAVL/gLotDAmYpwUQiFA9O92vsEsC0OiRnqupxAAqlDGA6Znw0jdhudsenZhdcRx0q2b5+ufGNkTu/mdleEzXfWThxTagGbarLFb3n1PNUFuAAcHoCju/t6UDESBRJmtoJDB8mSuUPi+tv8rRKg10YuKCnF2xRQNSRlNb2jGsmSWxGg+tU7qTAw9UmCzUdlMJdEonzC7j+d/xiEZp3MdAqks7am8k71OpkOaPq7v/85vm205VfRv6ZAaP6NZaQPmMj1vE7BMDfldXNWfFRn3K6R4iDOsAR6Ar8dZ8NYOOA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oss.nxp.com; dmarc=pass action=none header.from=oss.nxp.com; dkim=pass header.d=oss.nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=NXP1.onmicrosoft.com; s=selector2-NXP1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GXpvb8NL8AR/keyslRQVJFUQhjkTvzvkAAGG/Lws8xw=; b=cnZAWY1pOTsUd7JVzQwMMNWTbfotrDETaUd5k9Hba6l+5QoaTZNjv6DUHrKyAjBt6cx4E2Naa88I7YqmKWXKj1IZDR30HyLnlaPBohl5Cricn/qLck6Qb36PkTdBvaOdCX7q2v/fP1wHTCyq6A6gEPsBmoJSJEMwlc9qIEYEBXg= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=andrei.botila@oss.nxp.com; Received: from AM6PR04MB5430.eurprd04.prod.outlook.com (20.178.92.210) by AM6PR04MB6328.eurprd04.prod.outlook.com (20.179.5.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.16; Mon, 2 Mar 2020 08:16:48 +0000 Received: from AM6PR04MB5430.eurprd04.prod.outlook.com ([fe80::79f3:d09c:ee2d:396e]) by AM6PR04MB5430.eurprd04.prod.outlook.com ([fe80::79f3:d09c:ee2d:396e%3]) with mapi id 15.20.2772.019; Mon, 2 Mar 2020 08:16:48 +0000 From: Andrei Botila To: Herbert Xu , "David S. Miller" Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [RFC] crypto: xts - limit accepted key length Date: Mon, 2 Mar 2020 10:16:29 +0200 Message-Id: <20200302081629.17831-1-andrei.botila@oss.nxp.com> X-Mailer: git-send-email 2.17.1 Content-Type: text/plain X-ClientProxiedBy: AM0PR02CA0066.eurprd02.prod.outlook.com (2603:10a6:208:d2::43) To AM6PR04MB5430.eurprd04.prod.outlook.com (2603:10a6:20b:94::18) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from lsv15007.swis.ro-buh01.nxp.com (212.146.100.6) by AM0PR02CA0066.eurprd02.prod.outlook.com (2603:10a6:208:d2::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2772.15 via Frontend Transport; Mon, 2 Mar 2020 08:16:48 +0000 X-Mailer: git-send-email 2.17.1 X-Originating-IP: [212.146.100.6] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-HT: Tenant X-MS-Office365-Filtering-Correlation-Id: 6e288297-fe12-49c1-fab0-08d7be820de4 X-MS-TrafficTypeDiagnostic: AM6PR04MB6328: X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:2201; X-Forefront-PRVS: 033054F29A X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4636009)(396003)(136003)(376002)(346002)(39860400002)(366004)(189003)(199004)(81166006)(8936002)(6486002)(44832011)(6506007)(52116002)(81156014)(8676002)(1076003)(16526019)(2616005)(110136005)(186003)(316002)(956004)(26005)(5660300002)(2906002)(86362001)(66476007)(66946007)(66556008)(4326008)(6666004)(478600001)(6512007);DIR:OUT;SFP:1101;SCL:1;SRVR:AM6PR04MB6328;H:AM6PR04MB5430.eurprd04.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:0; Received-SPF: None (protection.outlook.com: oss.nxp.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7TIO/NXWTOO9fA5z+i/huxAbfNlYm71F1jaMvmHCq3QzP0fqu0gybYnjq0h4YIeAvbLAqIaiqpNS3h4WNMCE5aS2puczkjtRAuaBsDOtBQWdiCVIpJ3DLfgsfdjyeSCYHLqXXuQq/0+9MrbFJP69GmhE+VqkGpzCUkCdVlQPgaBct7eLwD3x3dakynxQJQMTaEC7dFHUhgOTkOFVS+9/eP652+VzzBD8hD8DlJNoFSLc7/y0LNJFr5C9dG1xWFvSdzgklKjWKSjKOfy+VEougm2TmcSWRC8ucJqaEYejMD5a7MTfnFysAGTpviMxhUQY8+EG17ZdyGUmAQ2OkBQdlzmAL/0ebrnFTfVJf+r6ponjg1pankxxluAFvsIhuF+kQt0AMwHVQoc8fpszhzX9+JBoe5ET90Pt4R4U5XYC4ud42uWeTqUIxFcUQtcdTvFw X-MS-Exchange-AntiSpam-MessageData: 0vfrcNSixwLH3UECtre4DShik5ACP8jHc223z+dUJLNBlC2Ha6XRk/11+UD9kpNks4TP1zGktw+VjsWE45kWaXP+3UMED46YGxGvardLCyHtYAM/VtSGsZndgRmJ5SM9B3IYhv+vmMqf3jayLv+00Q== X-OriginatorOrg: oss.nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6e288297-fe12-49c1-fab0-08d7be820de4 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2020 08:16:48.6829 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: jSdSv9BwQnHFLjuUBVgT6iTie4SNmehM9GtSaGpFKUpsJ/k+yqXohAtwPKmtXH4xsixKfcrG3+L+RC3Gd2pT5w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR04MB6328 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org From: Andrei Botila Currently in XTS generic implementation the valid key length is repesented by any length which is even. This is a deviation from the XTS-AES standard (IEEE 1619-2007) which allows keys equal to {2 x 16B, 2 x 32B} that correspond to underlying XTS-AES-{128, 256} algorithm. XTS-AES-192 is not supported as mentioned in commit b66ad0b7aa92 ("crypto: tcrypt - remove AES-XTS-192 speed tests")) or any other length beside these two specified. If this modification is accepted then other ciphers that use XTS mode will have to be modified (camellia, cast6, serpent, twofish). Signed-off-by: Andrei Botila --- include/crypto/xts.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/crypto/xts.h b/include/crypto/xts.h index 0f8dba69feb4..26e764a5ae46 100644 --- a/include/crypto/xts.h +++ b/include/crypto/xts.h @@ -4,6 +4,7 @@ #include #include +#include #include #define XTS_BLOCK_SIZE 16 @@ -12,10 +13,10 @@ static inline int xts_check_key(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) { /* - * key consists of keys of equal size concatenated, therefore - * the length must be even. + * key consists of keys of equal size concatenated, possible + * values are 32 or 64 bytes. */ - if (keylen % 2) + if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) return -EINVAL; /* ensure that the AES and tweak key are not identical */ @@ -29,10 +30,10 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm, const u8 *key, unsigned int keylen) { /* - * key consists of keys of equal size concatenated, therefore - * the length must be even. + * key consists of keys of equal size concatenated, possible + * values are 32 or 64 bytes. */ - if (keylen % 2) + if (keylen != 2 * AES_MIN_KEY_SIZE && keylen != 2 * AES_MAX_KEY_SIZE) return -EINVAL; /* ensure that the AES and tweak key are not identical */ -- 2.17.1