Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9fbfcefc authored by Herbert Xu's avatar Herbert Xu
Browse files

crypto: ccree - Forbid 2-key 3DES in FIPS mode 



This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Acked-by: default avatarGilad Ben-Yossef <gilad@benyossef.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 76a329cd

drivers/crypto/ccree/cc_aead.c

+35 −2
Original line number Original line Diff line number Diff line
@@ -650,6 +650,39 @@ static int cc_aead_setkey(struct crypto_aead *tfm, const u8 *key, 
	return rc;

	return rc;

}

}





static int cc_des3_aead_setkey(struct crypto_aead *aead, const u8 *key,

			       unsigned int keylen)

{

	struct crypto_authenc_keys keys;

	u32 flags;

	int err;



	err = crypto_authenc_extractkeys(&keys, key, keylen);

	if (unlikely(err))

		goto badkey;



	err = -EINVAL;

	if (keys.enckeylen != DES3_EDE_KEY_SIZE)

		goto badkey;



	flags = crypto_aead_get_flags(aead);

	err = __des3_verify_key(&flags, keys.enckey);

	if (unlikely(err)) {

		crypto_aead_set_flags(aead, flags);

		goto out;

	}



	err = cc_aead_setkey(aead, key, keylen);



out:

	memzero_explicit(&keys, sizeof(keys));

	return err;



badkey:

	crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);

	goto out;

}



static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key,

static int cc_rfc4309_ccm_setkey(struct crypto_aead *tfm, const u8 *key,

				 unsigned int keylen)

				 unsigned int keylen)

{

{
@@ -2372,7 +2405,7 @@ static struct cc_alg_template aead_algs[] = { 
		.driver_name = "authenc-hmac-sha1-cbc-des3-ccree",

		.driver_name = "authenc-hmac-sha1-cbc-des3-ccree",

		.blocksize = DES3_EDE_BLOCK_SIZE,

		.blocksize = DES3_EDE_BLOCK_SIZE,

		.template_aead = {

		.template_aead = {

			.setkey = cc_aead_setkey,

			.setkey = cc_des3_aead_setkey,

			.setauthsize = cc_aead_setauthsize,

			.setauthsize = cc_aead_setauthsize,

			.encrypt = cc_aead_encrypt,

			.encrypt = cc_aead_encrypt,

			.decrypt = cc_aead_decrypt,

			.decrypt = cc_aead_decrypt,
@@ -2412,7 +2445,7 @@ static struct cc_alg_template aead_algs[] = { 
		.driver_name = "authenc-hmac-sha256-cbc-des3-ccree",

		.driver_name = "authenc-hmac-sha256-cbc-des3-ccree",

		.blocksize = DES3_EDE_BLOCK_SIZE,

		.blocksize = DES3_EDE_BLOCK_SIZE,

		.template_aead = {

		.template_aead = {

			.setkey = cc_aead_setkey,

			.setkey = cc_des3_aead_setkey,

			.setauthsize = cc_aead_setauthsize,

			.setauthsize = cc_aead_setauthsize,

			.encrypt = cc_aead_encrypt,

			.encrypt = cc_aead_encrypt,

			.decrypt = cc_aead_decrypt,

			.decrypt = cc_aead_decrypt,