Re: [PATCH v2 06/30] crypto: caam/des - switch to new verification routines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/27/2019 3:03 PM, Ard Biesheuvel wrote:
> @@ -785,20 +781,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
>  static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
>  			       const u8 *key, unsigned int keylen)
>  {
> -	u32 tmp[DES3_EDE_EXPKEY_WORDS];
> -	struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
> +	int err;
>  
> -	if (keylen == DES3_EDE_KEY_SIZE &&
> -	    __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
> -		return -EINVAL;
> -	}
> +	err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key);
> +	if (unlikely(err))
> +		return err;
>  
> -	if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
> -	    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> -		crypto_skcipher_set_flags(skcipher,
> -					  CRYPTO_TFM_RES_WEAK_KEY);
> -		return -EINVAL;
> -	}
> +	return skcipher_setkey(skcipher, key, keylen);

This would be a bit more compact:

	return unlikely(crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key)) ?:
	       skcipher_setkey(skcipher, key, keylen);

and could be used in most places.

Actually here:

> @@ -697,8 +693,13 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
>  static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
>  				const u8 *key, unsigned int keylen)
>  {
> -	return unlikely(des3_verify_key(skcipher, key)) ?:
> -	       skcipher_setkey(skcipher, key, keylen);
> +	int err;
> +
> +	err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
> +	if (unlikely(err))
> +		return err;
> +
> +	return skcipher_setkey(skcipher, key, keylen);
>  }

this pattern is already used, only the verification function
has to be replaced.

Horia




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux