Commit 5feaaae1 authored by Herbert Xu's avatar Herbert Xu

crypto: qce - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent aa113da2
...@@ -198,6 +198,25 @@ static int qce_ablkcipher_setkey(struct crypto_ablkcipher *ablk, const u8 *key, ...@@ -198,6 +198,25 @@ static int qce_ablkcipher_setkey(struct crypto_ablkcipher *ablk, const u8 *key,
return -EINVAL; return -EINVAL;
} }
static int qce_des3_setkey(struct crypto_ablkcipher *ablk, const u8 *key,
unsigned int keylen)
{
struct qce_cipher_ctx *ctx = crypto_ablkcipher_ctx(ablk);
u32 flags;
int err;
flags = crypto_ablkcipher_get_flags(ablk);
err = __des3_verify_key(&flags, key);
if (unlikely(err)) {
crypto_ablkcipher_set_flags(ablk, flags);
return err;
}
ctx->enc_keylen = keylen;
memcpy(ctx->enc_key, key, keylen);
return 0;
}
static int qce_ablkcipher_crypt(struct ablkcipher_request *req, int encrypt) static int qce_ablkcipher_crypt(struct ablkcipher_request *req, int encrypt)
{ {
struct crypto_tfm *tfm = struct crypto_tfm *tfm =
...@@ -363,7 +382,8 @@ static int qce_ablkcipher_register_one(const struct qce_ablkcipher_def *def, ...@@ -363,7 +382,8 @@ static int qce_ablkcipher_register_one(const struct qce_ablkcipher_def *def,
alg->cra_ablkcipher.ivsize = def->ivsize; alg->cra_ablkcipher.ivsize = def->ivsize;
alg->cra_ablkcipher.min_keysize = def->min_keysize; alg->cra_ablkcipher.min_keysize = def->min_keysize;
alg->cra_ablkcipher.max_keysize = def->max_keysize; alg->cra_ablkcipher.max_keysize = def->max_keysize;
alg->cra_ablkcipher.setkey = qce_ablkcipher_setkey; alg->cra_ablkcipher.setkey = IS_3DES(def->flags) ?
qce_des3_setkey : qce_ablkcipher_setkey;
alg->cra_ablkcipher.encrypt = qce_ablkcipher_encrypt; alg->cra_ablkcipher.encrypt = qce_ablkcipher_encrypt;
alg->cra_ablkcipher.decrypt = qce_ablkcipher_decrypt; alg->cra_ablkcipher.decrypt = qce_ablkcipher_decrypt;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment