Re: [PATCH v2 06/30] crypto: caam/des - switch to new verification routines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 27 Jun 2019 at 15:26, Horia Geanta <horia.geanta@xxxxxxx> wrote:
>
> On 6/27/2019 3:03 PM, Ard Biesheuvel wrote:
> > @@ -785,20 +781,23 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
> >  static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
> >                              const u8 *key, unsigned int keylen)
> >  {
> > -     u32 tmp[DES3_EDE_EXPKEY_WORDS];
> > -     struct crypto_tfm *tfm = crypto_skcipher_tfm(skcipher);
> > +     int err;
> >
> > -     if (keylen == DES3_EDE_KEY_SIZE &&
> > -         __des3_ede_setkey(tmp, &tfm->crt_flags, key, DES3_EDE_KEY_SIZE)) {
> > -             return -EINVAL;
> > -     }
> > +     err = crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key);
> > +     if (unlikely(err))
> > +             return err;
> >
> > -     if (!des_ekey(tmp, key) && (crypto_skcipher_get_flags(skcipher) &
> > -         CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> > -             crypto_skcipher_set_flags(skcipher,
> > -                                       CRYPTO_TFM_RES_WEAK_KEY);
> > -             return -EINVAL;
> > -     }
> > +     return skcipher_setkey(skcipher, key, keylen);
>
> This would be a bit more compact:
>
>         return unlikely(crypto_des_verify_key(crypto_skcipher_tfm(skcipher), key)) ?:
>                skcipher_setkey(skcipher, key, keylen);
>
> and could be used in most places.
>
> Actually here:
>
> > @@ -697,8 +693,13 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
> >  static int des3_skcipher_setkey(struct crypto_skcipher *skcipher,
> >                               const u8 *key, unsigned int keylen)
> >  {
> > -     return unlikely(des3_verify_key(skcipher, key)) ?:
> > -            skcipher_setkey(skcipher, key, keylen);
> > +     int err;
> > +
> > +     err = crypto_des3_ede_verify_key(crypto_skcipher_tfm(skcipher), key);
> > +     if (unlikely(err))
> > +             return err;
> > +
> > +     return skcipher_setkey(skcipher, key, keylen);
> >  }
>
> this pattern is already used, only the verification function
> has to be replaced.
>

OK, got it.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux