crypto: des - split off DES library from generic DES cipher driver
Another one for the cipher museum: split off DES core processing into a separate module so other drivers (mostly for crypto accelerators) can reuse the code without pulling in the generic DES cipher itself. This will also permit the cipher interface to be made private to the crypto API itself once we move the only user in the kernel (CIFS) to this library interface. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Ard Biesheuvel
committed by
Herbert Xu
Herbert Xu
parent
6b5c481862
commit
04007b0e6c
@@ -25,18 +25,21 @@
|
||||
*/
|
||||
static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
|
||||
{
|
||||
u32 tmp[DES_EXPKEY_WORDS];
|
||||
int err = 0;
|
||||
struct des_ctx tmp;
|
||||
int err;
|
||||
|
||||
if (!(crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))
|
||||
return 0;
|
||||
|
||||
if (!des_ekey(tmp, key)) {
|
||||
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
|
||||
err = -EINVAL;
|
||||
err = des_expand_key(&tmp, key, DES_KEY_SIZE);
|
||||
if (err == -ENOKEY) {
|
||||
if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
|
||||
err = -EINVAL;
|
||||
else
|
||||
err = 0;
|
||||
}
|
||||
|
||||
memzero_explicit(tmp, sizeof(tmp));
|
||||
if (err)
|
||||
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
|
||||
|
||||
memzero_explicit(&tmp, sizeof(tmp));
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -53,6 +56,28 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
|
||||
* property.
|
||||
*
|
||||
*/
|
||||
static inline int des3_ede_verify_key(const u8 *key, unsigned int key_len,
|
||||
bool check_weak)
|
||||
{
|
||||
int ret = fips_enabled ? -EINVAL : -ENOKEY;
|
||||
u32 K[6];
|
||||
|
||||
memcpy(K, key, DES3_EDE_KEY_SIZE);
|
||||
|
||||
if ((!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
|
||||
!((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
|
||||
(fips_enabled || check_weak))
|
||||
goto bad;
|
||||
|
||||
if ((!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
|
||||
goto bad;
|
||||
|
||||
ret = 0;
|
||||
bad:
|
||||
memzero_explicit(K, DES3_EDE_KEY_SIZE);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* crypto_des3_ede_verify_key - Check whether a DES3-EDE key is weak
|
||||
@@ -70,28 +95,14 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
|
||||
static inline int crypto_des3_ede_verify_key(struct crypto_tfm *tfm,
|
||||
const u8 *key)
|
||||
{
|
||||
int err = -EINVAL;
|
||||
u32 K[6];
|
||||
int err;
|
||||
|
||||
memcpy(K, key, DES3_EDE_KEY_SIZE);
|
||||
|
||||
if ((!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
|
||||
!((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
|
||||
(fips_enabled || (crypto_tfm_get_flags(tfm) &
|
||||
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)))
|
||||
goto bad;
|
||||
|
||||
if ((!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
|
||||
goto bad;
|
||||
|
||||
err = 0;
|
||||
out:
|
||||
memzero_explicit(K, DES3_EDE_KEY_SIZE);
|
||||
err = des3_ede_verify_key(key, DES3_EDE_KEY_SIZE,
|
||||
crypto_tfm_get_flags(tfm) &
|
||||
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
|
||||
if (err)
|
||||
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
|
||||
return err;
|
||||
|
||||
bad:
|
||||
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
|
||||
goto out;
|
||||
}
|
||||
|
||||
static inline int verify_skcipher_des_key(struct crypto_skcipher *tfm,
|
||||
|
||||
Reference in New Issue
Block a user