crypto: omap - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

It also removes a couple of unnecessary key length checks that
are already performed by the crypto API.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/omap-des.c b/drivers/crypto/omap-des.c
index 1ba2633e90d66eb927665d2364dd5484f467f856..3d82d18ff8106f14acc1e960122960323c685e59 100644 (file)
--- a/drivers/crypto/omap-des.c
+++ b/drivers/crypto/omap-des.c
@@ -656,9 +656,6 @@ static int omap_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
        struct omap_des_ctx *ctx = crypto_ablkcipher_ctx(cipher);
        struct crypto_tfm *tfm = crypto_ablkcipher_tfm(cipher);
 
-       if (keylen != DES_KEY_SIZE && keylen != (3*DES_KEY_SIZE))
-               return -EINVAL;
-
        pr_debug("enter, keylen: %d\n", keylen);
 
        /* Do we need to test against weak key? */
@@ -678,6 +675,28 @@ static int omap_des_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
        return 0;
 }
 
+static int omap_des3_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
+                          unsigned int keylen)
+{
+       struct omap_des_ctx *ctx = crypto_ablkcipher_ctx(cipher);
+       u32 flags;
+       int err;
+
+       pr_debug("enter, keylen: %d\n", keylen);
+
+       flags = crypto_ablkcipher_get_flags(cipher);
+       err = __des3_verify_key(&flags, key);
+       if (unlikely(err)) {
+               crypto_ablkcipher_set_flags(cipher, flags);
+               return err;
+       }
+
+       memcpy(ctx->key, key, keylen);
+       ctx->keylen = keylen;
+
+       return 0;
+}
+
 static int omap_des_ecb_encrypt(struct ablkcipher_request *req)
 {
        return omap_des_crypt(req, FLAGS_ENCRYPT);
@@ -788,7 +807,7 @@ static struct crypto_alg algs_ecb_cbc[] = {
        .cra_u.ablkcipher = {
                .min_keysize    = 3*DES_KEY_SIZE,
                .max_keysize    = 3*DES_KEY_SIZE,
-               .setkey         = omap_des_setkey,
+               .setkey         = omap_des3_setkey,
                .encrypt        = omap_des_ecb_encrypt,
                .decrypt        = omap_des_ecb_decrypt,
        }
@@ -811,7 +830,7 @@ static struct crypto_alg algs_ecb_cbc[] = {
                .min_keysize    = 3*DES_KEY_SIZE,
                .max_keysize    = 3*DES_KEY_SIZE,
                .ivsize         = DES_BLOCK_SIZE,
-               .setkey         = omap_des_setkey,
+               .setkey         = omap_des3_setkey,
                .encrypt        = omap_des_cbc_encrypt,
                .decrypt        = omap_des_cbc_decrypt,
        }