crypto: stm32/cryp - add weak key check for DES
authorLionel Debieve <lionel.debieve@st.com>
Wed, 24 Apr 2019 13:34:51 +0000 (15:34 +0200)
committerHerbert Xu <herbert@gondor.apana.org.au>
Fri, 3 May 2019 06:03:29 +0000 (14:03 +0800)
Add weak key test for des functions calling the generic
des_ekey.

Signed-off-by: Lionel Debieve <lionel.debieve@st.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
drivers/crypto/stm32/Kconfig
drivers/crypto/stm32/stm32-cryp.c

index 63aa78c0b12bdcf6a87ab85254d97b00dda07bc8..4491e2197d9fee0403d3b51b8dcae1e9938dd94d 100644 (file)
@@ -24,6 +24,7 @@ config CRYPTO_DEV_STM32_CRYP
        depends on ARCH_STM32
        select CRYPTO_HASH
        select CRYPTO_ENGINE
+       select CRYPTO_DES
        help
           This enables support for the CRYP (AES/DES/TDES) hw accelerator which
          can be found on STMicroelectronics STM32 SOC.
index 5785f3e235ce08502b56748860faed939065610d..cfcb640c20d00a98f33ec486f01a692e4e443dbe 100644 (file)
@@ -753,10 +753,19 @@ static int stm32_cryp_aes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
 static int stm32_cryp_des_setkey(struct crypto_ablkcipher *tfm, const u8 *key,
                                 unsigned int keylen)
 {
+       u32 tmp[DES_EXPKEY_WORDS];
+
        if (keylen != DES_KEY_SIZE)
                return -EINVAL;
-       else
-               return stm32_cryp_setkey(tfm, key, keylen);
+
+       if ((crypto_ablkcipher_get_flags(tfm) &
+            CRYPTO_TFM_REQ_FORBID_WEAK_KEYS) &&
+           unlikely(!des_ekey(tmp, key))) {
+               crypto_ablkcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
+               return -EINVAL;
+       }
+
+       return stm32_cryp_setkey(tfm, key, keylen);
 }
 
 static int stm32_cryp_tdes_setkey(struct crypto_ablkcipher *tfm, const u8 *key,