Re: [PATCH v4 02/30] crypto: s390/des - switch to new verification routines

Harald Freudenberger <freude@xxxxxxxxxxxxx> · Tue, 6 Aug 2019 08:12:51 +0200

On 05.08.19 19:00, Ard Biesheuvel wrote:
> Acked-by: Harald Freudenberger <freude@xxxxxxxxxxxxx>
> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
> ---
>  arch/s390/crypto/des_s390.c | 25 +++++++++-----------
>  1 file changed, 11 insertions(+), 14 deletions(-)
>
> diff --git a/arch/s390/crypto/des_s390.c b/arch/s390/crypto/des_s390.c
> index 374b42fc7637..f56a84751fdb 100644
> --- a/arch/s390/crypto/des_s390.c
> +++ b/arch/s390/crypto/des_s390.c
> @@ -16,7 +16,7 @@
>  #include <linux/fips.h>
>  #include <linux/mutex.h>
>  #include <crypto/algapi.h>
> -#include <crypto/des.h>
> +#include <crypto/internal/des.h>
>  #include <asm/cpacf.h>
>
>  #define DES3_KEY_SIZE	(3 * DES_KEY_SIZE)
> @@ -35,27 +35,24 @@ static int des_setkey(struct crypto_tfm *tfm, const u8 *key,
>  		      unsigned int key_len)
>  {
>  	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
> -	u32 tmp[DES_EXPKEY_WORDS];
> +	int err;
>
> -	/* check for weak keys */
> -	if (!des_ekey(tmp, key) &&
> -	    (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
> -		tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
> -		return -EINVAL;
> -	}
> +	err = crypto_des_verify_key(tfm, key);
> +	if (err)
> +		return err;
>
>  	memcpy(ctx->key, key, key_len);
>  	return 0;
>  }
>
> -static void des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
> +static void crypto_des_encrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
>  {
>  	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
>
>  	cpacf_km(CPACF_KM_DEA, ctx->key, out, in, DES_BLOCK_SIZE);
>  }
>
> -static void des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
> +static void crypto_des_decrypt(struct crypto_tfm *tfm, u8 *out, const u8 *in)
>  {
>  	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
>
> @@ -76,8 +73,8 @@ static struct crypto_alg des_alg = {
>  			.cia_min_keysize	=	DES_KEY_SIZE,
>  			.cia_max_keysize	=	DES_KEY_SIZE,
>  			.cia_setkey		=	des_setkey,
> -			.cia_encrypt		=	des_encrypt,
> -			.cia_decrypt		=	des_decrypt,
> +			.cia_encrypt		=	crypto_des_encrypt,
> +			.cia_decrypt		=	crypto_des_decrypt,
>  		}
>  	}
>  };
> @@ -227,8 +224,8 @@ static int des3_setkey(struct crypto_tfm *tfm, const u8 *key,
>  	struct s390_des_ctx *ctx = crypto_tfm_ctx(tfm);
>  	int err;
>
> -	err = __des3_verify_key(&tfm->crt_flags, key);
> -	if (unlikely(err))
> +	err = crypto_des3_ede_verify_key(tfm, key);
> +	if (err)
>  		return err;
>
>  	memcpy(ctx->key, key, key_len);

add my

reviewed-by Harald Freudenberger <freude@xxxxxxxxxx>

however, could you please choose another prefix when there's a symbol
collision instead of the "crypto_" maybe "s390_" or something like "des_s390_xxx".
Thanks