Re: [PATCH 1/2] crypto: qce: Fix xts-aes-qce for weak keys
From: Dmitry Baryshkov
Date: Thu Jun 11 2026 - 20:43:51 EST
On Wed, Jun 10, 2026 at 11:24:04AM +0530, Kuldeep Singh wrote:
> The QCE hardware does not support AES XTS mode when key1 and key2 are
> equal. The driver was handling this by unconditionally rejecting the
> keys with -ENOKEY(-126), regardless of whether FIPS mode is active or
> the FORBID_WEAK_KEYS flag is set.
> [ 5.599170] alg: skcipher: xts-aes-qce setkey failed on test vector 0; expected_error=0, actual_error=-126, flags=0x1
> [ 5.599184] alg: self-tests for xts(aes) using xts-aes-qce failed (rc=-126)
>
> In general for weak keys,
> - If FIPS mode is active or FORBID_WEAK_KEYS is set: return -EINVAL.
> - In non-FIPS mode, Accept the key and encrypt successfully.
>
> Since QCE was returning -ENOKEY for non-FIPS mode whereas the
> expectation is to encrypt content and return success, the selftest saw a
> mismatch and failed.
>
> There are two problems in QCE behavior:
> * -ENOKEY is returned instead of -EINVAL for the FIPS/weak-key
> rejection case.
> * key1 == key2 is rejected even in non-FIPS mode
Rewrite this commit message to English text rather than multiple kinds
of the bullet lists. For example:
QCE hardware can't support the insecure setup of the AES XTS cipher
mode, where key1 and key2 are equal. Currently driver unconditionally
returns -ENOKEY, while the rest of the system expects to get -EINVAL in
FIPS mode or if FORBID_WEAK_KEYS is true. Correct the driver to return
-EINVAL instead of -ENOKEY.
Then another commit to crypto testmgr to let crypto drivers fail for
AES-XTS (and also another commit with docs update).
>
> Fix xts-aes-qce behavior by using generic helper xts_verify_key() to
> reject keys early with -EINVAL for FIPS mode active(or FORBID_WEAK_KEYS
> set). For non-FIPS mode, since QCE hardware cannot accept the keys, use
> software fallback mechanism to encrypt the data.
No, if it is a hardware driver, there should be no software fallback.
>
> Fixes: f0d078dd6c49 ("crypto: qce - Return unsupported if key1 and key 2 are same for AES XTS algorithm")
> Signed-off-by: Kuldeep Singh <kuldeep.singh@xxxxxxxxxxxxxxxx>
> ---
> drivers/crypto/qce/cipher.h | 1 +
> drivers/crypto/qce/skcipher.c | 20 +++++++++++++-------
> 2 files changed, 14 insertions(+), 7 deletions(-)
>
--
With best wishes
Dmitry