| Server IP : 13.213.54.232 / Your IP : 216.73.216.72 Web Server : Apache/2.4.52 (Ubuntu) System : Linux ip-172-31-17-110 6.8.0-1029-aws #31~22.04.1-Ubuntu SMP Thu Apr 24 21:16:18 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 7.1.33-67+ubuntu22.04.1+deb.sury.org+1 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /lib/modules/6.8.0-1029-aws/build/include/crypto/internal/ |
Upload File : |
/* SPDX-License-Identifier: GPL-2.0 */
/*
* DES & Triple DES EDE key verification helpers
*/
#ifndef __CRYPTO_INTERNAL_DES_H
#define __CRYPTO_INTERNAL_DES_H
#include <linux/crypto.h>
#include <linux/fips.h>
#include <crypto/des.h>
#include <crypto/aead.h>
#include <crypto/skcipher.h>
/**
* crypto_des_verify_key - Check whether a DES key is weak
* @tfm: the crypto algo
* @key: the key buffer
*
* Returns -EINVAL if the key is weak and the crypto TFM does not permit weak
* keys. Otherwise, 0 is returned.
*
* It is the job of the caller to ensure that the size of the key equals
* DES_KEY_SIZE.
*/
static inline int crypto_des_verify_key(struct crypto_tfm *tfm, const u8 *key)
{
struct des_ctx tmp;
int err;
err = des_expand_key(&tmp, key, DES_KEY_SIZE);
if (err == -ENOKEY) {
if (crypto_tfm_get_flags(tfm) & CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)
err = -EINVAL;
else
err = 0;
}
memzero_explicit(&tmp, sizeof(tmp));
return err;
}
/*
* RFC2451:
*
* For DES-EDE3, there is no known need to reject weak or
* complementation keys. Any weakness is obviated by the use of
* multiple keys.
*
* However, if the first two or last two independent 64-bit keys are
* equal (k1 == k2 or k2 == k3), then the DES3 operation is simply the
* same as DES. Implementers MUST reject keys that exhibit this
* property.
*
*/
static inline int des3_ede_verify_key(const u8 *key, unsigned int key_len,
bool check_weak)
{
int ret = fips_enabled ? -EINVAL : -ENOKEY;
u32 K[6];
memcpy(K, key, DES3_EDE_KEY_SIZE);
if ((!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
!((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
(fips_enabled || check_weak))
goto bad;
if ((!((K[0] ^ K[4]) | (K[1] ^ K[5]))) && fips_enabled)
goto bad;
ret = 0;
bad:
memzero_explicit(K, DES3_EDE_KEY_SIZE);
return ret;
}
/**
* crypto_des3_ede_verify_key - Check whether a DES3-EDE key is weak
* @tfm: the crypto algo
* @key: the key buffer
*
* Returns -EINVAL if the key is weak and the crypto TFM does not permit weak
* keys or when running in FIPS mode. Otherwise, 0 is returned. Note that some
* keys are rejected in FIPS mode even if weak keys are permitted by the TFM
* flags.
*
* It is the job of the caller to ensure that the size of the key equals
* DES3_EDE_KEY_SIZE.
*/
static inline int crypto_des3_ede_verify_key(struct crypto_tfm *tfm,
const u8 *key)
{
return des3_ede_verify_key(key, DES3_EDE_KEY_SIZE,
crypto_tfm_get_flags(tfm) &
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS);
}
static inline int verify_skcipher_des_key(struct crypto_skcipher *tfm,
const u8 *key)
{
return crypto_des_verify_key(crypto_skcipher_tfm(tfm), key);
}
static inline int verify_skcipher_des3_key(struct crypto_skcipher *tfm,
const u8 *key)
{
return crypto_des3_ede_verify_key(crypto_skcipher_tfm(tfm), key);
}
static inline int verify_aead_des_key(struct crypto_aead *tfm, const u8 *key,
int keylen)
{
if (keylen != DES_KEY_SIZE)
return -EINVAL;
return crypto_des_verify_key(crypto_aead_tfm(tfm), key);
}
static inline int verify_aead_des3_key(struct crypto_aead *tfm, const u8 *key,
int keylen)
{
if (keylen != DES3_EDE_KEY_SIZE)
return -EINVAL;
return crypto_des3_ede_verify_key(crypto_aead_tfm(tfm), key);
}
#endif /* __CRYPTO_INTERNAL_DES_H */