crypto: rockchip - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

It also removes a couple of unnecessary key length checks that
are already performed by the crypto API.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c
index 02dac6a..7d02c97 100644 (file)
--- a/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c
+++ b/drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c
@@ -46,24 +46,36 @@ static int rk_aes_setkey(struct crypto_ablkcipher *cipher,
        return 0;
 }
 
-static int rk_tdes_setkey(struct crypto_ablkcipher *cipher,
-                         const u8 *key, unsigned int keylen)
+static int rk_des_setkey(struct crypto_ablkcipher *cipher,
+                        const u8 *key, unsigned int keylen)
 {
        struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
        struct rk_cipher_ctx *ctx = crypto_tfm_ctx(tfm);
        u32 tmp[DES_EXPKEY_WORDS];
 
-       if (keylen != DES_KEY_SIZE && keylen != DES3_EDE_KEY_SIZE) {
-               crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
+       if (!des_ekey(tmp, key) &&
+           (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
+               tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
                return -EINVAL;
        }
 
-       if (keylen == DES_KEY_SIZE) {
-               if (!des_ekey(tmp, key) &&
-                   (tfm->crt_flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) {
-                       tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
-                       return -EINVAL;
-               }
+       ctx->keylen = keylen;
+       memcpy_toio(ctx->dev->reg + RK_CRYPTO_TDES_KEY1_0, key, keylen);
+       return 0;
+}
+
+static int rk_tdes_setkey(struct crypto_ablkcipher *cipher,
+                         const u8 *key, unsigned int keylen)
+{
+       struct rk_cipher_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+       u32 flags;
+       int err;
+
+       flags = crypto_ablkcipher_get_flags(cipher);
+       err = __des3_verify_key(&flags, key);
+       if (unlikely(err)) {
+               crypto_ablkcipher_set_flags(cipher, flags);
+               return err;
        }
 
        ctx->keylen = keylen;
@@ -457,7 +469,7 @@ struct rk_crypto_tmp rk_ecb_des_alg = {
                .cra_u.ablkcipher       = {
                        .min_keysize    = DES_KEY_SIZE,
                        .max_keysize    = DES_KEY_SIZE,
-                       .setkey         = rk_tdes_setkey,
+                       .setkey         = rk_des_setkey,
                        .encrypt        = rk_des_ecb_encrypt,
                        .decrypt        = rk_des_ecb_decrypt,
                }
@@ -483,7 +495,7 @@ struct rk_crypto_tmp rk_cbc_des_alg = {
                        .min_keysize    = DES_KEY_SIZE,
                        .max_keysize    = DES_KEY_SIZE,
                        .ivsize         = DES_BLOCK_SIZE,
-                       .setkey         = rk_tdes_setkey,
+                       .setkey         = rk_des_setkey,
                        .encrypt        = rk_des_cbc_encrypt,
                        .decrypt        = rk_des_cbc_decrypt,
                }