crypto: hifn_795x - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/hifn_795x.c b/drivers/crypto/hifn_795x.c
index dad212c..d656be0 100644 (file)
--- a/drivers/crypto/hifn_795x.c
+++ b/drivers/crypto/hifn_795x.c
@@ -1976,6 +1976,29 @@ static int hifn_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
        return 0;
 }
 
+static int hifn_des3_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
+                           unsigned int len)
+{
+       struct hifn_context *ctx = crypto_ablkcipher_ctx(cipher);
+       struct hifn_device *dev = ctx->dev;
+       u32 flags;
+       int err;
+
+       flags = crypto_ablkcipher_get_flags(cipher);
+       err = __des3_verify_key(&flags, key);
+       if (unlikely(err)) {
+               crypto_ablkcipher_set_flags(cipher, flags);
+               return err;
+       }
+
+       dev->flags &= ~HIFN_FLAG_OLD_KEY;
+
+       memcpy(ctx->key, key, len);
+       ctx->keysize = len;
+
+       return 0;
+}
+
 static int hifn_handle_req(struct ablkcipher_request *req)
 {
        struct hifn_context *ctx = crypto_tfm_ctx(req->base.tfm);
@@ -2240,7 +2263,7 @@ static struct hifn_alg_template hifn_alg_templates[] = {
                .ablkcipher = {
                        .min_keysize    =       HIFN_3DES_KEY_LENGTH,
                        .max_keysize    =       HIFN_3DES_KEY_LENGTH,
-                       .setkey         =       hifn_setkey,
+                       .setkey         =       hifn_des3_setkey,
                        .encrypt        =       hifn_encrypt_3des_cfb,
                        .decrypt        =       hifn_decrypt_3des_cfb,
                },
@@ -2250,7 +2273,7 @@ static struct hifn_alg_template hifn_alg_templates[] = {
                .ablkcipher = {
                        .min_keysize    =       HIFN_3DES_KEY_LENGTH,
                        .max_keysize    =       HIFN_3DES_KEY_LENGTH,
-                       .setkey         =       hifn_setkey,
+                       .setkey         =       hifn_des3_setkey,
                        .encrypt        =       hifn_encrypt_3des_ofb,
                        .decrypt        =       hifn_decrypt_3des_ofb,
                },
@@ -2261,7 +2284,7 @@ static struct hifn_alg_template hifn_alg_templates[] = {
                        .ivsize         =       HIFN_IV_LENGTH,
                        .min_keysize    =       HIFN_3DES_KEY_LENGTH,
                        .max_keysize    =       HIFN_3DES_KEY_LENGTH,
-                       .setkey         =       hifn_setkey,
+                       .setkey         =       hifn_des3_setkey,
                        .encrypt        =       hifn_encrypt_3des_cbc,
                        .decrypt        =       hifn_decrypt_3des_cbc,
                },
@@ -2271,7 +2294,7 @@ static struct hifn_alg_template hifn_alg_templates[] = {
                .ablkcipher = {
                        .min_keysize    =       HIFN_3DES_KEY_LENGTH,
                        .max_keysize    =       HIFN_3DES_KEY_LENGTH,
-                       .setkey         =       hifn_setkey,
+                       .setkey         =       hifn_des3_setkey,
                        .encrypt        =       hifn_encrypt_3des_ecb,
                        .decrypt        =       hifn_decrypt_3des_ecb,
                },