Re: [PATCH 3/7] crypto: ccree: add ablkcipher support

Stephan Mueller Thu, 11 Jan 2018 02:04:17 -0800

Am Donnerstag, 11. Januar 2018, 10:17:10 CET schrieb Gilad Ben-Yossef:

Hi Gilad,


> +     // verify weak keys
> +     if (ctx_p->flow_mode == S_DIN_to_DES) {
> +             if (!des_ekey(tmp, key) &&
> +                 (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_WEAK_KEY)) {
> +                     tfm->crt_flags |= CRYPTO_TFM_RES_WEAK_KEY;
> +                     dev_dbg(dev, "weak DES key");
> +                     return -EINVAL;
> +             }
> +     }
> +     if (ctx_p->cipher_mode == DRV_CIPHER_XTS &&
> +         xts_check_key(tfm, key, keylen)) {
> +             dev_dbg(dev, "weak XTS key");
> +             return -EINVAL;
> +     }
> +     if (ctx_p->flow_mode == S_DIN_to_DES &&
> +         keylen == DES3_EDE_KEY_SIZE &&
> +         cc_verify_3des_keys(key, keylen)) {
> +             dev_dbg(dev, "weak 3DES key");
> +             return -EINVAL;
> +     }

For the DES key, wouldn't it make sense to use __des3_ede_setkey?

Note, I would plan to release a patch for review to change that function to 
disallow key1 == key2 or key1 == key3 or key2 == key3 in FIPS mode.

Ciao
Stephan

Re: [PATCH 3/7] crypto: ccree: add ablkcipher support

Reply via email to