Re: [PATCH v2 00/30] crypto: DES/3DES cleanup

Horia Geanta <horia.geanta@xxxxxxx> · Thu, 27 Jun 2019 15:42:26 +0000



On 6/27/2019 5:54 PM, Ard Biesheuvel wrote:
> On Thu, 27 Jun 2019 at 16:50, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote:
>>
>> On Thu, 27 Jun 2019 at 16:44, Horia Geanta <horia.geanta@xxxxxxx> wrote:
>>>
>>> On 6/27/2019 3:03 PM, Ard Biesheuvel wrote:
>>>> n my effort to remove crypto_alloc_cipher() invocations from non-crypto
>>>> code, i ran into a DES call in the CIFS driver. This is addressed in
>>>> patch #30.
>>>>
>>>> The other patches are cleanups for the quirky DES interface, and lots
>>>> of duplication of the weak key checks etc.
>>>>
>>>> Changes since vpub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/fixes1/RFC:
>>>> - fix build errors in various drivers that i failed to catch in my
>>>>   initial testing
>>>> - put all caam changes into the correct patch
>>>> - fix weak key handling error flagged by the self tests, as reported
>>>>   by Eric.
>>> I am seeing a similar (?) issue:
>>> alg: skcipher: ecb-des-caam setkey failed on test vector 4; expected_error=-22, actual_error=-126, flags=0x100101
>>>
>>> crypto_des_verify_key() in include/crypto/internal/des.h returns -ENOKEY,
>>> while testmgr expects -EINVAL (setkey_error = -EINVAL in the test vector).
>>>
>>> I assume crypto_des_verify_key() should return -EINVAL, not -ENOKEY.
>>>
>>
>> Yes, but I tried to keep handling of the crypto_tfm flags out of the
>> library interface.
>>
>> I will try to find a way to solve this cleanly.
> 
> Actually, it should be as simple as
> 
> diff --git a/include/crypto/internal/des.h b/include/crypto/internal/des.h
> index dfe5e8f92270..522c09c08002 100644
> --- a/include/crypto/internal/des.h
> +++ b/include/crypto/internal/des.h
> @@ -27,10 +27,12 @@ static inline int crypto_des_verify_key(struct
> crypto_tfm *tfm, const u8 *key)
>         int err;
> 
>         err = des_expand_key(&tmp, key, DES_KEY_SIZE);
> -       if (err == -ENOKEY &&
> -           !(crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))
> -               err = 0;
> -
> +       if (err == -ENOKEY) {
> +               if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
> +                       err = -EINVAL;
> +               else
> +                       err = 0;
> +       }
>         if (err)
>                 crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
> 
Confirming this works for me (on CAAM accelerator).

Thanks,
Horia