crypto: cavium - Forbid 2-key 3DES in FIPS mode

This patch forbids the use of 2-key 3DES (K1 == K3) in FIPS mode.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/cavium/cpt/cptvf_algs.c b/drivers/crypto/cavium/cpt/cptvf_algs.c
index 600336d..8cffe60 100644 (file)
--- a/drivers/crypto/cavium/cpt/cptvf_algs.c
+++ b/drivers/crypto/cavium/cpt/cptvf_algs.c
@@ -327,12 +327,30 @@ static int cvm_cfb_aes_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
 static int cvm_cbc_des3_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
                               u32 keylen)
 {
+       u32 flags = crypto_ablkcipher_get_flags(cipher);
+       int err;
+
+       err = __des3_verify_key(&flags, key);
+       if (unlikely(err)) {
+               crypto_ablkcipher_set_flags(cipher, flags);
+               return err;
+       }
+
        return cvm_setkey(cipher, key, keylen, DES3_CBC);
 }
 
 static int cvm_ecb_des3_setkey(struct crypto_ablkcipher *cipher, const u8 *key,
                               u32 keylen)
 {
+       u32 flags = crypto_ablkcipher_get_flags(cipher);
+       int err;
+
+       err = __des3_verify_key(&flags, key);
+       if (unlikely(err)) {
+               crypto_ablkcipher_set_flags(cipher, flags);
+               return err;
+       }
+
        return cvm_setkey(cipher, key, keylen, DES3_ECB);
 }