mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 17:25:38 +00:00
crypto: xts - drop xts_check_key()
xts_check_key() is obsoleted by xts_verify_key(). Over time XTS crypto drivers adopted the newer xts_verify_key() variant, but xts_check_key() is still used by a number of drivers. Switch drivers to use the newer xts_verify_key() and make a couple of cleanups. This allows us to drop xts_check_key() completely and avoid redundancy. Signed-off-by: Vladis Dronov <vdronov@redhat.com> Reviewed-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
1c4428b295
commit
0ee433676e
@ -474,7 +474,7 @@ static int xts_paes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
|
|||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* xts_check_key verifies the key length is not odd and makes
|
* xts_verify_key verifies the key length is not odd and makes
|
||||||
* sure that the two keys are not the same. This can be done
|
* sure that the two keys are not the same. This can be done
|
||||||
* on the two protected keys as well
|
* on the two protected keys as well
|
||||||
*/
|
*/
|
||||||
|
@ -1879,7 +1879,7 @@ static int atmel_aes_xts_setkey(struct crypto_skcipher *tfm, const u8 *key,
|
|||||||
struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
|
struct atmel_aes_xts_ctx *ctx = crypto_skcipher_ctx(tfm);
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
err = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen);
|
err = xts_verify_key(tfm, key, keylen);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
|
@ -1621,7 +1621,7 @@ artpec6_crypto_xts_set_key(struct crypto_skcipher *cipher, const u8 *key,
|
|||||||
crypto_skcipher_ctx(cipher);
|
crypto_skcipher_ctx(cipher);
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = xts_check_key(&cipher->base, key, keylen);
|
ret = xts_verify_key(cipher, key, keylen);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
@ -232,13 +232,12 @@ static int cvm_decrypt(struct skcipher_request *req)
|
|||||||
static int cvm_xts_setkey(struct crypto_skcipher *cipher, const u8 *key,
|
static int cvm_xts_setkey(struct crypto_skcipher *cipher, const u8 *key,
|
||||||
u32 keylen)
|
u32 keylen)
|
||||||
{
|
{
|
||||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
|
struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher);
|
||||||
struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
||||||
int err;
|
int err;
|
||||||
const u8 *key1 = key;
|
const u8 *key1 = key;
|
||||||
const u8 *key2 = key + (keylen / 2);
|
const u8 *key2 = key + (keylen / 2);
|
||||||
|
|
||||||
err = xts_check_key(tfm, key, keylen);
|
err = xts_verify_key(cipher, key, keylen);
|
||||||
if (err)
|
if (err)
|
||||||
return err;
|
return err;
|
||||||
ctx->key_len = keylen;
|
ctx->key_len = keylen;
|
||||||
@ -289,8 +288,7 @@ static int cvm_validate_keylen(struct cvm_enc_ctx *ctx, u32 keylen)
|
|||||||
static int cvm_setkey(struct crypto_skcipher *cipher, const u8 *key,
|
static int cvm_setkey(struct crypto_skcipher *cipher, const u8 *key,
|
||||||
u32 keylen, u8 cipher_type)
|
u32 keylen, u8 cipher_type)
|
||||||
{
|
{
|
||||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
|
struct cvm_enc_ctx *ctx = crypto_skcipher_ctx(cipher);
|
||||||
struct cvm_enc_ctx *ctx = crypto_tfm_ctx(tfm);
|
|
||||||
|
|
||||||
ctx->cipher_type = cipher_type;
|
ctx->cipher_type = cipher_type;
|
||||||
if (!cvm_validate_keylen(ctx, keylen)) {
|
if (!cvm_validate_keylen(ctx, keylen)) {
|
||||||
|
@ -337,12 +337,11 @@ static int nitrox_3des_decrypt(struct skcipher_request *skreq)
|
|||||||
static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher,
|
static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher,
|
||||||
const u8 *key, unsigned int keylen)
|
const u8 *key, unsigned int keylen)
|
||||||
{
|
{
|
||||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
|
struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher);
|
||||||
struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm);
|
|
||||||
struct flexi_crypto_context *fctx;
|
struct flexi_crypto_context *fctx;
|
||||||
int aes_keylen, ret;
|
int aes_keylen, ret;
|
||||||
|
|
||||||
ret = xts_check_key(tfm, key, keylen);
|
ret = xts_verify_key(cipher, key, keylen);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
@ -362,8 +361,7 @@ static int nitrox_aes_xts_setkey(struct crypto_skcipher *cipher,
|
|||||||
static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher,
|
static int nitrox_aes_ctr_rfc3686_setkey(struct crypto_skcipher *cipher,
|
||||||
const u8 *key, unsigned int keylen)
|
const u8 *key, unsigned int keylen)
|
||||||
{
|
{
|
||||||
struct crypto_tfm *tfm = crypto_skcipher_tfm(cipher);
|
struct nitrox_crypto_ctx *nctx = crypto_skcipher_ctx(cipher);
|
||||||
struct nitrox_crypto_ctx *nctx = crypto_tfm_ctx(tfm);
|
|
||||||
struct flexi_crypto_context *fctx;
|
struct flexi_crypto_context *fctx;
|
||||||
int aes_keylen;
|
int aes_keylen;
|
||||||
|
|
||||||
|
@ -460,7 +460,7 @@ static int cc_cipher_setkey(struct crypto_skcipher *sktfm, const u8 *key,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (ctx_p->cipher_mode == DRV_CIPHER_XTS &&
|
if (ctx_p->cipher_mode == DRV_CIPHER_XTS &&
|
||||||
xts_check_key(tfm, key, keylen)) {
|
xts_verify_key(sktfm, key, keylen)) {
|
||||||
dev_dbg(dev, "weak XTS key");
|
dev_dbg(dev, "weak XTS key");
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
@ -398,7 +398,7 @@ static int otx_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm,
|
|||||||
const u8 *key1 = key;
|
const u8 *key1 = key;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen);
|
ret = xts_verify_key(tfm, key, keylen);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
ctx->key_len = keylen;
|
ctx->key_len = keylen;
|
||||||
|
@ -412,7 +412,7 @@ static int otx2_cpt_skcipher_xts_setkey(struct crypto_skcipher *tfm,
|
|||||||
const u8 *key1 = key;
|
const u8 *key1 = key;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
ret = xts_check_key(crypto_skcipher_tfm(tfm), key, keylen);
|
ret = xts_verify_key(tfm, key, keylen);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
ctx->key_len = keylen;
|
ctx->key_len = keylen;
|
||||||
|
@ -8,23 +8,6 @@
|
|||||||
|
|
||||||
#define XTS_BLOCK_SIZE 16
|
#define XTS_BLOCK_SIZE 16
|
||||||
|
|
||||||
static inline int xts_check_key(struct crypto_tfm *tfm,
|
|
||||||
const u8 *key, unsigned int keylen)
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* key consists of keys of equal size concatenated, therefore
|
|
||||||
* the length must be even.
|
|
||||||
*/
|
|
||||||
if (keylen % 2)
|
|
||||||
return -EINVAL;
|
|
||||||
|
|
||||||
/* ensure that the AES and tweak key are not identical */
|
|
||||||
if (fips_enabled && !crypto_memneq(key, key + (keylen / 2), keylen / 2))
|
|
||||||
return -EINVAL;
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline int xts_verify_key(struct crypto_skcipher *tfm,
|
static inline int xts_verify_key(struct crypto_skcipher *tfm,
|
||||||
const u8 *key, unsigned int keylen)
|
const u8 *key, unsigned int keylen)
|
||||||
{
|
{
|
||||||
@ -42,7 +25,10 @@ static inline int xts_verify_key(struct crypto_skcipher *tfm,
|
|||||||
if (fips_enabled && keylen != 32 && keylen != 64)
|
if (fips_enabled && keylen != 32 && keylen != 64)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
/* ensure that the AES and tweak key are not identical */
|
/*
|
||||||
|
* Ensure that the AES and tweak key are not identical when
|
||||||
|
* in FIPS mode or the FORBID_WEAK_KEYS flag is set.
|
||||||
|
*/
|
||||||
if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
|
if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
|
||||||
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
|
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
|
||||||
!crypto_memneq(key, key + (keylen / 2), keylen / 2))
|
!crypto_memneq(key, key + (keylen / 2), keylen / 2))
|
||||||
|
Loading…
Reference in New Issue
Block a user