@@ -221,12 +221,27 @@ static int qce_des3_setkey(struct crypto_skcipher *ablk, const u8 *key,
unsigned int keylen)
{
struct qce_cipher_ctx *ctx = crypto_skcipher_ctx(ablk);
+ u32 _key[6];
int err;
err = verify_skcipher_des3_key(ablk, key);
if (err)
return err;
+ /*
+ * The crypto engine does not support any two keys
+ * being the same for triple des algorithms. The
+ * verify_skcipher_des3_key does not check for all the
+ * below conditions. Return -ENOKEY in case any two keys
+ * are the same. Revisit to see if a fallback cipher
+ * is needed to handle this condition.
+ */
+ memcpy(_key, key, DES3_EDE_KEY_SIZE);
+ if (!((_key[0] ^ _key[2]) | (_key[1] ^ _key[3])) ||
+ !((_key[2] ^ _key[4]) | (_key[3] ^ _key[5])) ||
+ !((_key[0] ^ _key[4]) | (_key[1] ^ _key[5])))
+ return -ENOKEY;
+
ctx->enc_keylen = keylen;
memcpy(ctx->enc_key, key, keylen);
return 0;
Return unsupported if any three keys are same for DES3 algorithms since CE does not support this and the operation causes the engine to hang. Signed-off-by: Thara Gopinath <thara.gopinath@linaro.org> --- v6->v7: - Fixed sparse warning in patch 4 as pointed out by Herbert Xu. This means the checking if any two keys are same for triple des algorithms has been reverted back to using conditional OR instead of using bitwise OR. drivers/crypto/qce/skcipher.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) -- 2.25.1