Re: [PATCH 3/7] crypto: ccree: add ablkcipher support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Donnerstag, 11. Januar 2018, 10:17:10 CET schrieb Gilad Ben-Yossef:

Hi Gilad,

> +	// verify weak keys
> +	if (ctx_p->flow_mode == S_DIN_to_DES) {
> +		if (!des_ekey(tmp, key) &&
> +		    (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_WEAK_KEY)) {
> +			tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
> +			dev_dbg(dev, "weak DES key");
> +			return -EINVAL;
> +		}
> +	}
> +	if (ctx_p->cipher_mode == DRV_CIPHER_XTS &&
> +	    xts_check_key(tfm, key, keylen)) {
> +		dev_dbg(dev, "weak XTS key");
> +		return -EINVAL;
> +	}
> +	if (ctx_p->flow_mode == S_DIN_to_DES &&
> +	    keylen == DES3_EDE_KEY_SIZE &&
> +	    cc_verify_3des_keys(key, keylen)) {
> +		dev_dbg(dev, "weak 3DES key");
> +		return -EINVAL;
> +	}

For the DES key, wouldn't it make sense to use __des3_ede_setkey?

Note, I would plan to release a patch for review to change that function to 
disallow key1 == key2 or key1 == key3 or key2 == key3 in FIPS mode.

Ciao
Stephan
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux