s390/crypto: Extend key length check for AES-XTS in fips mode. (c31f5651) · Commits · e / devices / android_kernel_fairphone_FP3

[ Upstream commit a4f2779ecf2f42b0997fedef6fd20a931c40a3e3 ] In fips mode only xts keys with 128 bit or 125 bit are allowed. This fix extends the xts_aes_set_key function to check for these valid key lengths in fips mode. Signed-off-by:

Harald Freudenberger <freude@linux.vnet.ibm.com> Signed-off-by:

Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by:

Sasha Levin <alexander.levin@verizon.com> Signed-off-by:

Greg Kroah-Hartman <gregkh@linuxfoundation.org>

arch/s390/crypto/aes_s390.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -28,6 +28,7 @@
		#include <linux/cpufeature.h>
		#include <linux/init.h>
		#include <linux/spinlock.h>
		#include <linux/fips.h>
		#include <crypto/xts.h>
		#include <asm/cpacf.h>

		@@ -501,6 +502,12 @@ static int xts_aes_set_key(struct crypto_tfm tfm, const u8 in_key,
		if (err)
		return err;

		/* In fips mode only 128 bit or 256 bit keys are valid */
		if (fips_enabled && key_len != 32 && key_len != 64) {
		tfm->crt_flags \|= CRYPTO_TFM_RES_BAD_KEY_LEN;
		return -EINVAL;
		}

		/* Pick the correct function code based on the key length */
		fc = (key_len == 32) ? CPACF_KM_XTS_128 :
		(key_len == 64) ? CPACF_KM_XTS_256 : 0;