1
2
3
4
5
6#ifndef __CRYPTO_DES_H
7#define __CRYPTO_DES_H
8
9#include <crypto/skcipher.h>
10#include <linux/compiler.h>
11#include <linux/fips.h>
12#include <linux/string.h>
13
14#define DES_KEY_SIZE 8
15#define DES_EXPKEY_WORDS 32
16#define DES_BLOCK_SIZE 8
17
18#define DES3_EDE_KEY_SIZE (3 * DES_KEY_SIZE)
19#define DES3_EDE_EXPKEY_WORDS (3 * DES_EXPKEY_WORDS)
20#define DES3_EDE_BLOCK_SIZE DES_BLOCK_SIZE
21
22static inline int __des3_verify_key(u32 *flags, const u8 *key)
23{
24 int err = -EINVAL;
25 u32 K[6];
26
27 memcpy(K, key, DES3_EDE_KEY_SIZE);
28
29 if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
30 !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
31 (fips_enabled ||
32 (*flags & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)))
33 goto bad;
34
35 if (unlikely(!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
36 goto bad;
37
38 err = 0;
39
40out:
41 memzero_explicit(K, DES3_EDE_KEY_SIZE);
42
43 return err;
44
45bad:
46 *flags |= CRYPTO_TFM_RES_WEAK_KEY;
47 goto out;
48}
49
50static inline int des3_verify_key(struct crypto_skcipher *tfm, const u8 *key)
51{
52 u32 flags;
53 int err;
54
55 flags = crypto_skcipher_get_flags(tfm);
56 err = __des3_verify_key(&flags, key);
57 crypto_skcipher_set_flags(tfm, flags);
58 return err;
59}
60
61extern unsigned long des_ekey(u32 *pe, const u8 *k);
62
63extern int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key,
64 unsigned int keylen);
65
66#endif
67