summaryrefslogtreecommitdiffstats
path: root/include/crypto/internal/des.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/crypto/internal/des.h')
-rw-r--r--include/crypto/internal/des.h69
1 files changed, 40 insertions, 29 deletions
diff --git a/include/crypto/internal/des.h b/include/crypto/internal/des.h
index f5d2e696522e..81ea1a425e9c 100644
--- a/include/crypto/internal/des.h
+++ b/include/crypto/internal/des.h
@@ -25,18 +25,21 @@
*/
static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
{
- u32 tmp[DES_EXPKEY_WORDS];
- int err = 0;
-
- if (!(crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS))
- return 0;
+ struct des_ctx tmp;
+ int err;
+
+ err = des_expand_key(&tmp, key, DES_KEY_SIZE);
+ if (err == -ENOKEY) {
+ if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
+ err = -EINVAL;
+ else
+ err = 0;
+ }
- if (!des_ekey(tmp, key)) {
+ if (err)
crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
- err = -EINVAL;
- }
- memzero_explicit(tmp, sizeof(tmp));
+ memzero_explicit(&tmp, sizeof(tmp));
return err;
}
@@ -53,6 +56,28 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
* property.
*
*/
+static inline int des3_ede_verify_key(const u8 *key, unsigned int key_len,
+ bool check_weak)
+{
+ int ret = fips_enabled ? -EINVAL : -ENOKEY;
+ u32 K[6];
+
+ memcpy(K, key, DES3_EDE_KEY_SIZE);
+
+ if ((!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
+ !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+ (fips_enabled || check_weak))
+ goto bad;
+
+ if ((!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
+ goto bad;
+
+ ret = 0;
+bad:
+ memzero_explicit(K, DES3_EDE_KEY_SIZE);
+
+ return ret;
+}
/**
* crypto_des3_ede_verify_key - Check whether a DES3-EDE key is weak
@@ -70,28 +95,14 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
static inline int crypto_des3_ede_verify_key(struct crypto_tfm *tfm,
const u8 *key)
{
- int err = -EINVAL;
- u32 K[6];
-
- memcpy(K, key, DES3_EDE_KEY_SIZE);
-
- if ((!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
- !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
- (fips_enabled || (crypto_tfm_get_flags(tfm) &
- CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)))
- goto bad;
-
- if ((!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
- goto bad;
+ int err;
- err = 0;
-out:
- memzero_explicit(K, DES3_EDE_KEY_SIZE);
+ err = des3_ede_verify_key(key, DES3_EDE_KEY_SIZE,
+ crypto_tfm_get_flags(tfm) &
+ CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
+ if (err)
+ crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
return err;
-
-bad:
- crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
- goto out;
}
static inline int verify_skcipher_des_key(struct crypto_skcipher *tfm,
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-26 10:42:05 +0100