Commit 76a329cd authored by Herbert Xu's avatar Herbert Xu

crypto: ccp - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 19291691
...@@ -43,24 +43,11 @@ static int ccp_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key, ...@@ -43,24 +43,11 @@ static int ccp_des3_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
struct ccp_crypto_ablkcipher_alg *alg = struct ccp_crypto_ablkcipher_alg *alg =
ccp_crypto_ablkcipher_alg(crypto_ablkcipher_tfm(tfm)); ccp_crypto_ablkcipher_alg(crypto_ablkcipher_tfm(tfm));
u32 *flags = &tfm->base.crt_flags; u32 *flags = &tfm->base.crt_flags;
int err;
err = __des3_verify_key(flags, key);
/* From des_generic.c: if (unlikely(err))
* return err;
* RFC2451:
* If the first two or last two independent 64-bit keys are
* equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
* same as DES. Implementers MUST reject keys that exhibit this
* property.
*/
const u32 *K = (const u32 *)key;
if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
!((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
(*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
*flags |= CRYPTO_TFM_RES_WEAK_KEY;
return -EINVAL;
}
/* It's not clear that there is any support for a keysize of 112. /* It's not clear that there is any support for a keysize of 112.
* If needed, the caller should make K1 == K3 * If needed, the caller should make K1 == K3
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment