Hi Herbert,
On 4/11/19 10:51 AM, Herbert Xu wrote:
> This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> ---
>
> drivers/crypto/stm32/stm32-cryp.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/crypto/stm32/stm32-cryp.c b/drivers/crypto/stm32/stm32-cryp.c
> index 23b0b7bd64c7..5785f3e235ce 100644
> --- a/drivers/crypto/stm32/stm32-cryp.c
> +++ b/drivers/crypto/stm32/stm32-cryp.c
> @@ -762,10 +762,17 @@ static int stm32_cryp_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
> static int stm32_cryp_tdes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
> unsigned int keylen)
> {
> - if (keylen != (3 * DES_KEY_SIZE))
> - return -EINVAL;
> - else
> - return stm32_cryp_setkey(tfm, key, keylen);
> + u32 flags;
> + int err;
> +
> + flags = crypto_ablkcipher_get_flags(tfm);
> + err = __des3_verify_key(&flags, key);
> + if (unlikely(err)) {
> + crypto_ablkcipher_set_flags(tfm, flags);
> + return err;
> + }
> +
> + return stm32_cryp_setkey(tfm, key, keylen);
> }
>
> static int stm32_cryp_aes_aead_setkey(struct crypto_aead *tfm, const u8 *key,
>
I was currently going to send patches around des and tdes key verification. Is there any plan
to do the same factorization on des key check?
Regarding this patch, ok for me.
- Lionel
Acked-by: Lionel Debieve<lionel.debieve@xxxxxx>
Tested-by: Lionel Debieve<lionel.debieve@xxxxxx>
