| Message ID | 20190627120314.7197-1-ard.biesheuvel@linaro.org |
|---|---|
| Headers | show |
| Series | crypto: DES/3DES cleanup | expand |
On 6/27/2019 3:03 PM, Ard Biesheuvel wrote: > n my effort to remove crypto_alloc_cipher() invocations from non-crypto > code, i ran into a DES call in the CIFS driver. This is addressed in > patch #30. > > The other patches are cleanups for the quirky DES interface, and lots > of duplication of the weak key checks etc. > > Changes since v1/RFC: > - fix build errors in various drivers that i failed to catch in my > initial testing > - put all caam changes into the correct patch > - fix weak key handling error flagged by the self tests, as reported > by Eric. I am seeing a similar (?) issue: alg: skcipher: ecb-des-caam setkey failed on test vector 4; expected_error=-22, actual_error=-126, flags=0x100101 crypto_des_verify_key() in include/crypto/internal/des.h returns -ENOKEY, while testmgr expects -EINVAL (setkey_error = -EINVAL in the test vector). I assume crypto_des_verify_key() should return -EINVAL, not -ENOKEY. Horia
On Thu, 27 Jun 2019 at 16:44, Horia Geanta <horia.geanta@nxp.com> wrote: > > On 6/27/2019 3:03 PM, Ard Biesheuvel wrote: > > n my effort to remove crypto_alloc_cipher() invocations from non-crypto > > code, i ran into a DES call in the CIFS driver. This is addressed in > > patch #30. > > > > The other patches are cleanups for the quirky DES interface, and lots > > of duplication of the weak key checks etc. > > > > Changes since vpub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/fixes1/RFC: > > - fix build errors in various drivers that i failed to catch in my > > initial testing > > - put all caam changes into the correct patch > > - fix weak key handling error flagged by the self tests, as reported > > by Eric. > I am seeing a similar (?) issue: > alg: skcipher: ecb-des-caam setkey failed on test vector 4; expected_error=-22, actual_error=-126, flags=0x100101 > > crypto_des_verify_key() in include/crypto/internal/des.h returns -ENOKEY, > while testmgr expects -EINVAL (setkey_error = -EINVAL in the test vector). > > I assume crypto_des_verify_key() should return -EINVAL, not -ENOKEY. > Yes, but I tried to keep handling of the crypto_tfm flags out of the library interface. I will try to find a way to solve this cleanly.
On Thu, 27 Jun 2019 at 16:50, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote: > > On Thu, 27 Jun 2019 at 16:44, Horia Geanta <horia.geanta@nxp.com> wrote: > > > > On 6/27/2019 3:03 PM, Ard Biesheuvel wrote: > > > n my effort to remove crypto_alloc_cipher() invocations from non-crypto > > > code, i ran into a DES call in the CIFS driver. This is addressed in > > > patch #30. > > > > > > The other patches are cleanups for the quirky DES interface, and lots > > > of duplication of the weak key checks etc. > > > > > > Changes since vpub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/fixes1/RFC: > > > - fix build errors in various drivers that i failed to catch in my > > > initial testing > > > - put all caam changes into the correct patch > > > - fix weak key handling error flagged by the self tests, as reported > > > by Eric. > > I am seeing a similar (?) issue: > > alg: skcipher: ecb-des-caam setkey failed on test vector 4; expected_error=-22, actual_error=-126, flags=0x100101 > > > > crypto_des_verify_key() in include/crypto/internal/des.h returns -ENOKEY, > > while testmgr expects -EINVAL (setkey_error = -EINVAL in the test vector). > > > > I assume crypto_des_verify_key() should return -EINVAL, not -ENOKEY. > > > > Yes, but I tried to keep handling of the crypto_tfm flags out of the > library interface. > > I will try to find a way to solve this cleanly. Actually, it should be as simple as diff --git a/include/crypto/internal/des.h b/include/crypto/internal/des.h index dfe5e8f92270..522c09c08002 100644 --- a/include/crypto/internal/des.h +++ b/include/crypto/internal/des.h @@ -27,10 +27,12 @@ static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key) int err; err = des_expand_key(&tmp, key, DES_KEY_SIZE); - if (err == -ENOKEY && - !(crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) - err = 0; - + if (err == -ENOKEY) { + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) + err = -EINVAL; + else + err = 0; + } if (err) crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
On 6/27/2019 5:54 PM, Ard Biesheuvel wrote: > On Thu, 27 Jun 2019 at 16:50, Ard Biesheuvel <ard.biesheuvel@linaro.org> wrote: >> >> On Thu, 27 Jun 2019 at 16:44, Horia Geanta <horia.geanta@nxp.com> wrote: >>> >>> On 6/27/2019 3:03 PM, Ard Biesheuvel wrote: >>>> n my effort to remove crypto_alloc_cipher() invocations from non-crypto >>>> code, i ran into a DES call in the CIFS driver. This is addressed in >>>> patch #30. >>>> >>>> The other patches are cleanups for the quirky DES interface, and lots >>>> of duplication of the weak key checks etc. >>>> >>>> Changes since vpub/scm/linux/kernel/git/arm64/linux.git/log/?h=for-next/fixes1/RFC: >>>> - fix build errors in various drivers that i failed to catch in my >>>> initial testing >>>> - put all caam changes into the correct patch >>>> - fix weak key handling error flagged by the self tests, as reported >>>> by Eric. >>> I am seeing a similar (?) issue: >>> alg: skcipher: ecb-des-caam setkey failed on test vector 4; expected_error=-22, actual_error=-126, flags=0x100101 >>> >>> crypto_des_verify_key() in include/crypto/internal/des.h returns -ENOKEY, >>> while testmgr expects -EINVAL (setkey_error = -EINVAL in the test vector). >>> >>> I assume crypto_des_verify_key() should return -EINVAL, not -ENOKEY. >>> >> >> Yes, but I tried to keep handling of the crypto_tfm flags out of the >> library interface. >> >> I will try to find a way to solve this cleanly. > > Actually, it should be as simple as > > diff --git a/include/crypto/internal/des.h b/include/crypto/internal/des.h > index dfe5e8f92270..522c09c08002 100644 > --- a/include/crypto/internal/des.h > +++ b/include/crypto/internal/des.h > @@ -27,10 +27,12 @@ static inline int crypto_des_verify_key(struct > crypto_tfm *tfm, const u8 *key) > int err; > > err = des_expand_key(&tmp, key, DES_KEY_SIZE); > - if (err == -ENOKEY && > - !(crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) > - err = 0; > - > + if (err == -ENOKEY) { > + if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) > + err = -EINVAL; > + else > + err = 0; > + } > if (err) > crypto_tfm_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY); > Confirming this works for me (on CAAM accelerator). Thanks, Horia
n my effort to remove crypto_alloc_cipher() invocations from non-crypto code, i ran into a DES call in the CIFS driver. This is addressed in patch #30. The other patches are cleanups for the quirky DES interface, and lots of duplication of the weak key checks etc. Changes since v1/RFC: - fix build errors in various drivers that i failed to catch in my initial testing - put all caam changes into the correct patch - fix weak key handling error flagged by the self tests, as reported by Eric. - add ack from Harald to patch #2 The KASAN error reported by Eric failed to reproduce for me, so I didn't include a fix for that. Please check if it still reproduces for you. Patch #1 adds new helpers to verify DES keys to crypto/internal.des.h The next 23 patches move all existing users of DES routines to the new interface. Patch #25 and #26 are preparatory patches for the new DES library introduced in patch #27, which replaces the various DES related functions exported to other drivers with a sane library interface. Patch #28 switches the x86 asm code to the new librar interface. Patch #29 removes code that is no longer used at this point. Ard Biesheuvel (30): crypto: des/3des_ede - add new helpers to verify key length crypto: s390/des - switch to new verification routines crypto: sparc/des - switch to new verification routines crypto: atmel/des - switch to new verification routines crypto: bcm/des - switch to new verification routines crypto: caam/des - switch to new verification routines crypto: cpt/des - switch to new verification routines crypto: nitrox/des - switch to new verification routines crypto: ccp/des - switch to new verification routines crypto: ccree/des - switch to new verification routines crypto: hifn/des - switch to new verification routines crypto: hisilicon/des - switch to new verification routines crypto: safexcel/des - switch to new verification routines crypto: ixp4xx/des - switch to new verification routines crypto: cesa/des - switch to new verification routines crypto: n2/des - switch to new verification routines crypto: omap/des - switch to new verification routines crypto: picoxcell/des - switch to new verification routines crypto: qce/des - switch to new verification routines crypto: rk3288/des - switch to new verification routines crypto: stm32/des - switch to new verification routines crypto: sun4i/des - switch to new verification routines crypto: talitos/des - switch to new verification routines crypto: ux500/des - switch to new verification routines crypto: 3des - move verification out of exported routine crypto: des - remove unused function crypto: des - split off DES library from generic DES cipher driver crypto: x86/des - switch to library interface crypto: des - remove now unused __des3_ede_setkey() fs: cifs: move from the crypto cipher API to the new DES library interface arch/s390/crypto/des_s390.c | 23 +- arch/sparc/crypto/des_glue.c | 35 +- arch/x86/crypto/des3_ede_glue.c | 38 +- crypto/Kconfig | 8 +- crypto/des_generic.c | 945 +------------------- drivers/crypto/Kconfig | 28 +- drivers/crypto/atmel-tdes.c | 28 +- drivers/crypto/bcm/cipher.c | 82 +- drivers/crypto/caam/Kconfig | 2 +- drivers/crypto/caam/caamalg.c | 39 +- drivers/crypto/caam/caamalg_qi.c | 17 +- drivers/crypto/caam/caamalg_qi2.c | 17 +- drivers/crypto/caam/compat.h | 2 +- drivers/crypto/cavium/cpt/cptvf_algs.c | 16 +- drivers/crypto/cavium/nitrox/Kconfig | 2 +- drivers/crypto/cavium/nitrox/nitrox_skcipher.c | 11 +- drivers/crypto/ccp/ccp-crypto-des3.c | 5 +- drivers/crypto/ccree/cc_aead.c | 10 +- drivers/crypto/ccree/cc_cipher.c | 15 +- drivers/crypto/hifn_795x.c | 30 +- drivers/crypto/hisilicon/sec/sec_algs.c | 34 +- drivers/crypto/inside-secure/safexcel_cipher.c | 18 +- drivers/crypto/ixp4xx_crypto.c | 21 +- drivers/crypto/marvell/cipher.c | 20 +- drivers/crypto/n2_core.c | 26 +- drivers/crypto/omap-des.c | 25 +- drivers/crypto/picoxcell_crypto.c | 21 +- drivers/crypto/qce/ablkcipher.c | 55 +- drivers/crypto/rockchip/rk3288_crypto.h | 2 +- drivers/crypto/rockchip/rk3288_crypto_ablkcipher.c | 21 +- drivers/crypto/stm32/Kconfig | 2 +- drivers/crypto/stm32/stm32-cryp.c | 24 +- drivers/crypto/sunxi-ss/sun4i-ss-cipher.c | 22 +- drivers/crypto/sunxi-ss/sun4i-ss.h | 2 +- drivers/crypto/talitos.c | 28 +- drivers/crypto/ux500/Kconfig | 2 +- drivers/crypto/ux500/cryp/cryp_core.c | 31 +- fs/cifs/Kconfig | 2 +- fs/cifs/cifsfs.c | 1 - fs/cifs/smbencrypt.c | 18 +- include/crypto/des.h | 77 +- include/crypto/internal/des.h | 103 +++ lib/crypto/Makefile | 3 + lib/crypto/des.c | 902 +++++++++++++++++++ 44 files changed, 1390 insertions(+), 1423 deletions(-) create mode 100644 include/crypto/internal/des.h create mode 100644 lib/crypto/des.c -- 2.20.1