1
2
3
4
5
6#ifndef __CRYPTO_INTERNAL_DES_H
7#define __CRYPTO_INTERNAL_DES_H
8
9#include <linux/crypto.h>
10#include <linux/fips.h>
11#include <crypto/des.h>
12#include <crypto/aead.h>
13#include <crypto/skcipher.h>
14
15
16
17
18
19
20
21
22
23
24
25
26static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
27{
28 struct des_ctx tmp;
29 int err;
30
31 err = des_expand_key(&tmp, key, DES_KEY_SIZE);
32 if (err == -ENOKEY) {
33 if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
34 err = -EINVAL;
35 else
36 err = 0;
37 }
38 memzero_explicit(&tmp, sizeof(tmp));
39 return err;
40}
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55static inline int des3_ede_verify_key(const u8 *key, unsigned int key_len,
56 bool check_weak)
57{
58 int ret = fips_enabled ? -EINVAL : -ENOKEY;
59 u32 K[6];
60
61 memcpy(K, key, DES3_EDE_KEY_SIZE);
62
63 if ((!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
64 !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
65 (fips_enabled || check_weak))
66 goto bad;
67
68 if ((!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
69 goto bad;
70
71 ret = 0;
72bad:
73 memzero_explicit(K, DES3_EDE_KEY_SIZE);
74
75 return ret;
76}
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91static inline int crypto_des3_ede_verify_key(struct crypto_tfm *tfm,
92 const u8 *key)
93{
94 return des3_ede_verify_key(key, DES3_EDE_KEY_SIZE,
95 crypto_tfm_get_flags(tfm) &
96 CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
97}
98
99static inline int verify_skcipher_des_key(struct crypto_skcipher *tfm,
100 const u8 *key)
101{
102 return crypto_des_verify_key(crypto_skcipher_tfm(tfm), key);
103}
104
105static inline int verify_skcipher_des3_key(struct crypto_skcipher *tfm,
106 const u8 *key)
107{
108 return crypto_des3_ede_verify_key(crypto_skcipher_tfm(tfm), key);
109}
110
111static inline int verify_aead_des_key(struct crypto_aead *tfm, const u8 *key,
112 int keylen)
113{
114 if (keylen != DES_KEY_SIZE)
115 return -EINVAL;
116 return crypto_des_verify_key(crypto_aead_tfm(tfm), key);
117}
118
119static inline int verify_aead_des3_key(struct crypto_aead *tfm, const u8 *key,
120 int keylen)
121{
122 if (keylen != DES3_EDE_KEY_SIZE)
123 return -EINVAL;
124 return crypto_des3_ede_verify_key(crypto_aead_tfm(tfm), key);
125}
126
127#endif
128