mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 22:02:02 +00:00
eeb0899e00
commit 9c1e8836ed upstream.
The crypto glue performed function prototype casting via macros to make
indirect calls to assembly routines. Instead of performing casts at the
call sites (which trips Control Flow Integrity prototype checking), switch
each prototype to a common standard set of arguments which allows the
removal of the existing macros. In order to keep pointer math unchanged,
internal casting between u128 pointers and u8 pointers is added.
Co-developed-by: João Moreira <joao.moreira@intel.com>
Signed-off-by: João Moreira <joao.moreira@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Ard Biesheuvel <ardb@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
58 lines
1.3 KiB
C
58 lines
1.3 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
#ifndef _CRYPTO_XTS_H
|
|
#define _CRYPTO_XTS_H
|
|
|
|
#include <crypto/b128ops.h>
|
|
#include <crypto/internal/skcipher.h>
|
|
#include <linux/fips.h>
|
|
|
|
#define XTS_BLOCK_SIZE 16
|
|
|
|
static inline int xts_check_key(struct crypto_tfm *tfm,
|
|
const u8 *key, unsigned int keylen)
|
|
{
|
|
u32 *flags = &tfm->crt_flags;
|
|
|
|
/*
|
|
* key consists of keys of equal size concatenated, therefore
|
|
* the length must be even.
|
|
*/
|
|
if (keylen % 2) {
|
|
*flags |= CRYPTO_TFM_RES_BAD_KEY_LEN;
|
|
return -EINVAL;
|
|
}
|
|
|
|
/* ensure that the AES and tweak key are not identical */
|
|
if (fips_enabled &&
|
|
!crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
|
|
*flags |= CRYPTO_TFM_RES_WEAK_KEY;
|
|
return -EINVAL;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static inline int xts_verify_key(struct crypto_skcipher *tfm,
|
|
const u8 *key, unsigned int keylen)
|
|
{
|
|
/*
|
|
* key consists of keys of equal size concatenated, therefore
|
|
* the length must be even.
|
|
*/
|
|
if (keylen % 2) {
|
|
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
|
return -EINVAL;
|
|
}
|
|
|
|
/* ensure that the AES and tweak key are not identical */
|
|
if ((fips_enabled || (crypto_skcipher_get_flags(tfm) &
|
|
CRYPTO_TFM_REQ_FORBID_WEAK_KEYS)) &&
|
|
!crypto_memneq(key, key + (keylen / 2), keylen / 2)) {
|
|
crypto_skcipher_set_flags(tfm, CRYPTO_TFM_RES_WEAK_KEY);
|
|
return -EINVAL;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
#endif /* _CRYPTO_XTS_H */
|