Re: [PATCH v3 3/6] crypto: xts - drop redundant xts key check
From: Nicolai Stange
Date: Thu Jan 05 2023 - 06:17:18 EST
Hi Vladis,
the patch subject prefix is a bit misleading IMO, it kind of suggests
that this patch would apply to the generic crypto/xts.c. How about using
a format similar to e.g. the one from commit 7988fb2c03c8 ("crypto:
s390/aes - convert to skcipher API"), i.e.
"crypto: s390/aes - drop redundant xts key check"
?
Vladis Dronov <vdronov@xxxxxxxxxx> writes:
> xts_fallback_setkey() in xts_aes_set_key() will now enforce key size
> rule in FIPS mode when setting up the fallback algorithm keys,
I think it would be nice to make it more explicit why/how
xts_fallback_setkey() happens to enforce the key size rules now.
Perhaps amend the above sentence by something like
"xts_fallback_setkey() in xts_aes_set_key() will now implictly enforce
the key size rule in FIPS mode by means of invoking the generic xts
implementation with its key checks for setting up the fallback
algorithm,"
?
> which makes the check in xts_aes_set_key() redundant or
> unreachable. So just drop this check.
>
> xts_fallback_setkey() now makes a key size check in xts_verify_key():
>
> xts_fallback_setkey()
> crypto_skcipher_setkey() [ skcipher_setkey_unaligned() ]
> cipher->setkey() { .setkey = xts_setkey }
> xts_setkey()
> xts_verify_key()
>
> Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx>
> ---
> arch/s390/crypto/aes_s390.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/arch/s390/crypto/aes_s390.c b/arch/s390/crypto/aes_s390.c
> index 526c3f40f6a2..c773820e4af9 100644
> --- a/arch/s390/crypto/aes_s390.c
> +++ b/arch/s390/crypto/aes_s390.c
> @@ -398,10 +398,6 @@ static int xts_aes_set_key(struct crypto_skcipher *tfm, const u8 *in_key,
> if (err)
> return err;
>
> - /* In fips mode only 128 bit or 256 bit keys are valid */
> - if (fips_enabled && key_len != 32 && key_len != 64)
> - return -EINVAL;
> -
The change itself looks good, but it might be worth adding a comment
right at the invocation of xts_fallback_setkey() that this includes an
implicit xts_verify_key() check? So that if anybody ever was about to
remove the xts_fallback_setkey() for some reason in the future, it would
give a clear indication that xts_verify_key() needs to get called
directly instead?
Thanks!
Nicolai
> /* Pick the correct function code based on the key length */
> fc = (key_len == 32) ? CPACF_KM_XTS_128 :
> (key_len == 64) ? CPACF_KM_XTS_256 : 0;
--
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew Myers, Andrew McDonald, Boudien Moerman
(HRB 36809, AG Nürnberg)