Commit 42f730a4 authored by Thara Gopinath's avatar Thara Gopinath Committed by Herbert Xu

crypto: qce - Return unsupported if any three keys are same for DES3 algorithms

Return unsupported if any three keys are same for DES3 algorithms
since CE does not support this and the operation causes the engine to
hang.
Signed-off-by: default avatarThara Gopinath <thara.gopinath@linaro.org>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent f0d078dd
...@@ -221,12 +221,27 @@ static int qce_des3_setkey(struct crypto_skcipher *ablk, const u8 *key, ...@@ -221,12 +221,27 @@ static int qce_des3_setkey(struct crypto_skcipher *ablk, const u8 *key,
unsigned int keylen) unsigned int keylen)
{ {
struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(ablk); struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(ablk);
u32 _key[6];
int err; int err;
err = verify_skcipher_des3_key(ablk, key); err = verify_skcipher_des3_key(ablk, key);
if (err) if (err)
return err; return err;
/*
* The crypto engine does not support any two keys
* being the same for triple des algorithms. The
* verify_skcipher_des3_key does not check for all the
* below conditions. Return -ENOKEY in case any two keys
* are the same. Revisit to see if a fallback cipher
* is needed to handle this condition.
*/
memcpy(_key, key, DES3_EDE_KEY_SIZE);
if (!((_key[0] ^ _key[2]) | (_key[1] ^ _key[3])) ||
!((_key[2] ^ _key[4]) | (_key[3] ^ _key[5])) ||
!((_key[0] ^ _key[4]) | (_key[1] ^ _key[5])))
return -ENOKEY;
ctx->enc_keylen = keylen; ctx->enc_keylen = keylen;
memcpy(ctx->enc_key, key, keylen); memcpy(ctx->enc_key, key, keylen);
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment