[v3,3/6] crypto: xts - drop redundant xts key check

Message ID	20221229211710.14912-4-vdronov@redhat.com
State	Superseded
Headers	show Return-Path: <linux-crypto-owner@vger.kernel.org> From: Vladis Dronov <vdronov@redhat.com> To: Herbert Xu <herbert@gondor.apana.org.au>, "David S . Miller" <davem@davemloft.net> Cc: Nicolai Stange <nstange@suse.de>, Elliott Robert <elliott@hpe.com>, Stephan Mueller <smueller@chronox.de>, Eric Biggers <ebiggers@google.com>, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, Vladis Dronov <vdronov@redhat.com> Subject: [PATCH v3 3/6] crypto: xts - drop redundant xts key check Date: Thu, 29 Dec 2022 22:17:07 +0100 Message-Id: <20221229211710.14912-4-vdronov@redhat.com> In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com> References: <20221229211710.14912-1-vdronov@redhat.com> MIME-Version: 1.0 Content-type: text/plain Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Trivial set of FIPS 140-3 related changes \| expand [v3,0/6] Trivial set of FIPS 140-3 related changes [v3,1/6] crypto: xts - restrict key lengths to approved values in FIPS mode [v3,2/6] crypto: xts - drop xts_check_key() [v3,3/6] crypto: xts - drop redundant xts key check [v3,4/6] crypto: testmgr - disallow plain cbcmac(aes) in FIPS mode [v3,5/6] crypto: testmgr - disallow plain ghash in FIPS mode [v3,6/6] crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode

Message ID

20221229211710.14912-4-vdronov@redhat.com

State

Superseded

Headers

From: Vladis Dronov <vdronov@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
        "David S . Miller" <davem@davemloft.net>
Cc: Nicolai Stange <nstange@suse.de>, Elliott Robert <elliott@hpe.com>,
        Stephan Mueller <smueller@chronox.de>,
        Eric Biggers <ebiggers@google.com>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        Vladis Dronov <vdronov@redhat.com>
Subject: [PATCH v3 3/6] crypto: xts - drop redundant xts key check
Date: Thu, 29 Dec 2022 22:17:07 +0100
Message-Id: <20221229211710.14912-4-vdronov@redhat.com>
In-Reply-To: <20221229211710.14912-1-vdronov@redhat.com>
References: <20221229211710.14912-1-vdronov@redhat.com>
MIME-Version: 1.0
Content-type: text/plain
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Trivial set of FIPS 140-3 related changes | expand

Commit Message

Vladis Dronov Dec. 29, 2022, 9:17 p.m. UTC

xts_fallback_setkey() in xts_aes_set_key() will now enforce key size
rule in FIPS mode when setting up the fallback algorithm keys, which
makes the check in xts_aes_set_key() redundant or unreachable. So just
drop this check.

xts_fallback_setkey() now makes a key size check in xts_verify_key():

xts_fallback_setkey()
  crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ]
    cipher->setkey() { .setkey = xts_setkey }
      xts_setkey()
        xts_verify_key()

Signed-off-by: Vladis Dronov <vdronov@redhat.com>
---
 arch/s390/crypto/aes_s390.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
index 526c3f40f6a2..c773820e4af9 100644
--- a/arch/s390/crypto/aes_s390.c
+++ b/arch/s390/crypto/aes_s390.c
@@ -398,10 +398,6 @@  static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
 	if (err)
 		return err;
 
-	/* In fips mode only 128 bit or 256 bit keys are valid */
-	if (fips_enabled && key_len != 32 && key_len != 64)
-		return -EINVAL;
-
 	/* Pick the correct function code based on the key length */
 	fc = (key_len == 32) ? CPACF_KM_XTS_128 :
 	     (key_len == 64) ? CPACF_KM_XTS_256 : 0;

[v3,3/6] crypto: xts - drop redundant xts key check

Commit Message

Patch