From patchwork Thu Jun 27 12:02:49 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Ard Biesheuvel <ard.biesheuvel@linaro.org>
X-Patchwork-Id: 167935
Delivered-To: patch@linaro.org
Received: by 2002:a92:4782:0:0:0:0:0 with SMTP id e2csp2249398ilk;
 Thu, 27 Jun 2019 05:03:35 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwYd4PT52MJSAet2CuJhwHJu4bXw4uXs11HwoUyBqeuwZ9IeMDnoWQ/MVd/FtdD70nKFfxS
X-Received: by 2002:a17:902:b713:: with SMTP id
 d19mr4265194pls.267.1561637015715; 
 Thu, 27 Jun 2019 05:03:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561637015; cv=none;
 d=google.com; s=arc-20160816;
 b=Nf2QHkyKp9c5WkJvYe7brPwnrTBHFbxCJ2vmeCQc4+B1aahyg8NTbcFCyFxQ8qnO90
 I8T16drnQ95Y3Vrrle7YAXeJklUqmbPTkaZuVSNtbR9QjNckEk7ADjZMxC3WKN28MrVG
 +RB/H/Bull/q2Jgit6w/hAZ8qEoisa9od0IJk5WZeqgY0RuI/F0yAxL9akeOiSRcuvW3
 E2mL390Kclhxl902LfONkKg/srCgjKX+Mft5PLnSIIuSF8p6KBPZbUjIez6kpHVGJ/79
 Y0fkjbDV4+izyJMsw5DW5aAvdxptRgkj3RBlWAVU+PAsYh051eosKpKCdOh1drEHHVqV
 GxYA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=list-id:precedence:sender:content-transfer-encoding:mime-version
 :references:in-reply-to:message-id:date:subject:cc:to:from
 :dkim-signature;
 bh=j1mRQgZhEVSPh2opm7CEW9MGSpAHZzLYocHpi9vXVhA=;
 b=al0ZGyi4fEwPt/hdOWCGygTqfcS7sK1RGk0ZkL5DyvbeRTrSoDIpp9c5W+qAY24EOB
 061JOiU5bQvaXmJfbk2s6e9m5XAn8I7TEB5VX99z/GNoG4DaQsqqvWEGSPNMDsAMFQJl
 Ph5a53Yry67VxWrAH7KRAS3ISn4KOrysQz79jRb5/vb9TCsT2iVR9ZMZyj+yu5gt0oCQ
 /mqSGy6sh+1fVnIulac99NXb7XeXbuQkB+DlACHNHTAosvBTBBlSAH6kqTw45hBnAE4p
 v+w5i7v4Oid5sMjG0x+NBsW8eQqaxL0aigLZrQpdrH09J7s9/fEo+DtVt3F5jiyV4/v/
 IYBw==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=IuQR9FjV;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id
 m39si2229121plg.155.2019.06.27.05.03.35; 
 Thu, 27 Jun 2019 05:03:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 dkim=pass header.i=@linaro.org header.s=google header.b=IuQR9FjV;
 spf=pass (google.com: best guess record for domain of
 linux-crypto-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-crypto-owner@vger.kernel.org; 
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1726690AbfF0MDe (ORCPT <rfc822;sumit.garg@linaro.org>
 + 3 others); Thu, 27 Jun 2019 08:03:34 -0400
Received: from mail-wr1-f66.google.com ([209.85.221.66]:43605 "EHLO
 mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1726370AbfF0MDd (ORCPT
 <rfc822;linux-crypto@vger.kernel.org>);
 Thu, 27 Jun 2019 08:03:33 -0400
Received: by mail-wr1-f66.google.com with SMTP id p13so2235139wru.10
 for <linux-crypto@vger.kernel.org>;
 Thu, 27 Jun 2019 05:03:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=j1mRQgZhEVSPh2opm7CEW9MGSpAHZzLYocHpi9vXVhA=;
 b=IuQR9FjV28obh9kejFUuADrMW+nbQSRoh/rCQkpHUQZy4fxMUz1VIFs2yhC9ZMRbFE
 9ngofC4f201T6/zNCABrTeGibavlm53XnOm5C6cKnMUT0alBjR7JqmYN9x7BZ2fhzzJ/
 hlo8pOhkbrfo+JzcDT3cI4o6d4lCU9BJzXBcH24uHy70FFNIBw77aPKgSPd+KOxmmc7S
 QloYY8S38Fa+lD0h9fyX/fAi83M2+G1+Isf2fDocZprBkc49Vf09sWg20yLxl29DZK8k
 4w0hZbmzxl/859JniNbwGy1wAYfI57lqnq10Nse1YAeamHzeBlPTOOInTAK6hD0ii/DO
 JqlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=j1mRQgZhEVSPh2opm7CEW9MGSpAHZzLYocHpi9vXVhA=;
 b=uMi/aIBlTHiu+R+kwXJ2tIfhhKO52FxJLUVvpzkQkpK5r1C2pN2HI5sPYHkgLRRB2b
 Ta68aSG4/4bVuxx/bbLUcBBp+7uSz3GigF2QgBMqC/CAtzZZpvHO1BT+UV7v/7RsFotm
 LkDCWDeX9Smlal5LPu0puWujXZsnhLD83kY+lVM3m/XIjoNrEHtMVRX90C1AjIt5/14D
 aypylUYUfkDK7G5EFmBFk769GSM3sFVYHycpXU0DYctu1miPVzbxcdtpWaFT8YqoOlMA
 A+Dg2RMpPRbmzAhXiqBUnJ2LYsvTyIrbhJCh+mN6FdkZqnKcZScsS55ZDaoYNSsIe3+G
 XBbw==
X-Gm-Message-State: APjAAAVQVTwFIgVUen3Oe7rmuGSbDm9VEQLRxo9VsflN5yurOr/Y/tnB
 BHU2zzc7KwMP93k1SyMt1aw8qQHmkB9Eqw==
X-Received: by 2002:adf:ea92:: with SMTP id s18mr2921647wrm.257.1561637011600; 
 Thu, 27 Jun 2019 05:03:31 -0700 (PDT)
Received: from localhost.localdomain
 (laubervilliers-657-1-83-120.w92-154.abo.wanadoo.fr.
 [92.154.90.120]) by smtp.gmail.com with ESMTPSA id
 z126sm7732431wmb.32.2019.06.27.05.03.30
 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);
 Thu, 27 Jun 2019 05:03:31 -0700 (PDT)
From: Ard Biesheuvel <ard.biesheuvel@linaro.org>
To: linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org,
 horia.geanta@nxp.com, Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: [PATCH v2 05/30] crypto: bcm/des - switch to new verification routines
Date: Thu, 27 Jun 2019 14:02:49 +0200
Message-Id: <20190627120314.7197-6-ard.biesheuvel@linaro.org>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190627120314.7197-1-ard.biesheuvel@linaro.org>
References: <20190627120314.7197-1-ard.biesheuvel@linaro.org>
MIME-Version: 1.0
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
---
 drivers/crypto/bcm/cipher.c | 82 +++++---------------
 1 file changed, 20 insertions(+), 62 deletions(-)

-- 
2.20.1

diff --git a/drivers/crypto/bcm/cipher.c b/drivers/crypto/bcm/cipher.c
index d972ffac779d..02006781528a 100644
--- a/drivers/crypto/bcm/cipher.c
+++ b/drivers/crypto/bcm/cipher.c
@@ -35,7 +35,7 @@
 #include <crypto/aead.h>
 #include <crypto/internal/aead.h>
 #include <crypto/aes.h>
-#include <crypto/des.h>
+#include <crypto/internal/des.h>
 #include <crypto/hmac.h>
 #include <crypto/sha.h>
 #include <crypto/md5.h>
@@ -1813,24 +1813,13 @@ static int des_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
 		      unsigned int keylen)
 {
 	struct iproc_ctx_s *ctx = crypto_ablkcipher_ctx(cipher);
-	u32 tmp[DES_EXPKEY_WORDS];
-
-	if (keylen == DES_KEY_SIZE) {
-		if (des_ekey(tmp, key) == 0) {
-			if (crypto_ablkcipher_get_flags(cipher) &
-			    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) {
-				u32 flags = CRYPTO_TFM_RES_WEAK_KEY;
+	int err;
 
-				crypto_ablkcipher_set_flags(cipher, flags);
-				return -EINVAL;
-			}
-		}
+	err = crypto_des_verify_key(crypto_ablkcipher_tfm(cipher), key);
+	if (unlikely(err))
+		return err;
 
-		ctx->cipher_type = CIPHER_TYPE_DES;
-	} else {
-		crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
-		return -EINVAL;
-	}
+	ctx->cipher_type = CIPHER_TYPE_DES;
 	return 0;
 }
 
@@ -1838,23 +1827,13 @@ static int threedes_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
 			   unsigned int keylen)
 {
 	struct iproc_ctx_s *ctx = crypto_ablkcipher_ctx(cipher);
+	int err;
 
-	if (keylen == (DES_KEY_SIZE * 3)) {
-		u32 flags;
-		int ret;
-
-		flags = crypto_ablkcipher_get_flags(cipher);
-		ret = __des3_verify_key(&flags, key);
-		if (unlikely(ret)) {
-			crypto_ablkcipher_set_flags(cipher, flags);
-			return ret;
-		}
+	err = crypto_des3_ede_verify_key(crypto_ablkcipher_tfm(cipher), key);
+	if (unlikely(err))
+		return err;
 
-		ctx->cipher_type = CIPHER_TYPE_3DES;
-	} else {
-		crypto_ablkcipher_set_flags(cipher, CRYPTO_TFM_RES_BAD_KEY_LEN);
-		return -EINVAL;
-	}
+	ctx->cipher_type = CIPHER_TYPE_3DES;
 	return 0;
 }
 
@@ -2866,40 +2845,19 @@ static int aead_authenc_setkey(struct crypto_aead *cipher,
 
 	switch (ctx->alg->cipher_info.alg) {
 	case CIPHER_ALG_DES:
-		if (ctx->enckeylen == DES_KEY_SIZE) {
-			u32 tmp[DES_EXPKEY_WORDS];
-			u32 flags = CRYPTO_TFM_RES_WEAK_KEY;
-
-			if (des_ekey(tmp, keys.enckey) == 0) {
-				if (crypto_aead_get_flags(cipher) &
-				    CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) {
-					crypto_aead_set_flags(cipher, flags);
-					return -EINVAL;
-				}
-			}
+		if (keys.enckeylen != DES_KEY_SIZE ||
+		    crypto_des_verify_key(crypto_aead_tfm(cipher), keys.enckey))
+			return -EINVAL;
 
-			ctx->cipher_type = CIPHER_TYPE_DES;
-		} else {
-			goto badkey;
-		}
+		ctx->cipher_type = CIPHER_TYPE_DES;
 		break;
 	case CIPHER_ALG_3DES:
-		if (ctx->enckeylen == (DES_KEY_SIZE * 3)) {
-			u32 flags;
-
-			flags = crypto_aead_get_flags(cipher);
-			ret = __des3_verify_key(&flags, keys.enckey);
-			if (unlikely(ret)) {
-				crypto_aead_set_flags(cipher, flags);
-				return ret;
-			}
-
-			ctx->cipher_type = CIPHER_TYPE_3DES;
-		} else {
-			crypto_aead_set_flags(cipher,
-					      CRYPTO_TFM_RES_BAD_KEY_LEN);
+		if (keys.enckeylen != DES3_EDE_KEY_SIZE ||
+		    crypto_des3_ede_verify_key(crypto_aead_tfm(cipher),
+					       keys.enckey))
 			return -EINVAL;
-		}
+
+		ctx->cipher_type = CIPHER_TYPE_3DES;
 		break;
 	case CIPHER_ALG_AES:
 		switch (ctx->enckeylen) {