libwd/0041-cipher-add-semi-weak-keys-checking.patch

From e191549317c08e340b9406bf2958868b1f119df2 Mon Sep 17 00:00:00 2001
From: Kai Ye <yekai13@huawei.com>
Date: Thu, 13 Jan 2022 16:33:37 +0800
Subject: [PATCH 44/53] cipher: add semi-weak keys checking

Add semi-weak keys checking based on OpenSSL. it will improve the
security of the system.

Signed-off-by: Kai Ye <yekai13@huawei.com>
---
 wd_cipher.c | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/wd_cipher.c b/wd_cipher.c
index 9c1f98c..85f7e65 100644
--- a/wd_cipher.c
+++ b/wd_cipher.c
@@ -19,15 +19,31 @@
 #define DES3_3KEY_SIZE		(3 * DES_KEY_SIZE)
 
 #define WD_POOL_MAX_ENTRIES	1024
-#define DES_WEAK_KEY_NUM	4
+#define DES_WEAK_KEY_NUM	16
 #define MAX_RETRY_COUNTS	200000000
 
 #define POLL_SIZE		100000
 #define POLL_TIME		1000
 
-static __u64 des_weak_key[DES_WEAK_KEY_NUM] = {
-	0x0101010101010101, 0xFEFEFEFEFEFEFEFE,
-	0xE0E0E0E0F1F1F1F1, 0x1F1F1F1F0E0E0E0E
+static const unsigned char des_weak_keys[DES_WEAK_KEY_NUM][DES_KEY_SIZE] = {
+	/* weak keys */
+	{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+	{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+	{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+	{0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+	/* semi-weak keys */
+	{0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+	{0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+	{0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+	{0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+	{0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+	{0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+	{0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+	{0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+	{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+	{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+	{0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+	{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
 };
 
 struct wd_cipher_setting {
@@ -81,12 +97,12 @@ void wd_cipher_set_driver(struct wd_cipher_driver *drv)
 	wd_cipher_setting.driver = drv;
 }
 
-static bool is_des_weak_key(const __u64 *key)
+static bool is_des_weak_key(const __u8 *key)
 {
 	int i;
 
 	for (i = 0; i < DES_WEAK_KEY_NUM; i++) {
-		if (*key == des_weak_key[i])
+		if (memcmp(des_weak_keys[i], key, DES_KEY_SIZE) == 0)
 			return true;
 	}
 
@@ -173,7 +189,7 @@ int wd_cipher_set_key(handle_t h_sess, const __u8 *key, __u32 key_len)
 		WD_ERR("cipher set key input key length err!\n");
 		return -WD_EINVAL;
 	}
-	if (sess->alg == WD_CIPHER_DES && is_des_weak_key((__u64 *)key)) {
+	if (sess->alg == WD_CIPHER_DES && is_des_weak_key(key)) {
 		WD_ERR("input des key is weak key!\n");
 		return -WD_EINVAL;
 	}
-- 
2.25.1
libwd: backport for uadk from 2.3.24 to 2.3.27 Update some patch for uadk from mainline. To get more infomation, please visit the homepage: https://github.com/Linaro/uadk Signed-off-by: Yang Shen <shenyang39@huawei.com> 2022-02-21 03:30:18 +00:00			`From e191549317c08e340b9406bf2958868b1f119df2 Mon Sep 17 00:00:00 2001`
			`From: Kai Ye <yekai13@huawei.com>`
			`Date: Thu, 13 Jan 2022 16:33:37 +0800`
			`Subject: [PATCH 44/53] cipher: add semi-weak keys checking`

			`Add semi-weak keys checking based on OpenSSL. it will improve the`
			`security of the system.`

			`Signed-off-by: Kai Ye <yekai13@huawei.com>`
			`---`
			`wd_cipher.c \| 30 +++++++++++++++++++++++-------`
			`1 file changed, 23 insertions(+), 7 deletions(-)`

			`diff --git a/wd_cipher.c b/wd_cipher.c`
			`index 9c1f98c..85f7e65 100644`
			`--- a/wd_cipher.c`
			`+++ b/wd_cipher.c`
			`@@ -19,15 +19,31 @@`
			`#define DES3_3KEY_SIZE (3 * DES_KEY_SIZE)`

			`#define WD_POOL_MAX_ENTRIES 1024`
			`-#define DES_WEAK_KEY_NUM 4`
			`+#define DES_WEAK_KEY_NUM 16`
			`#define MAX_RETRY_COUNTS 200000000`

			`#define POLL_SIZE 100000`
			`#define POLL_TIME 1000`

			`-static __u64 des_weak_key[DES_WEAK_KEY_NUM] = {`
			`- 0x0101010101010101, 0xFEFEFEFEFEFEFEFE,`
			`- 0xE0E0E0E0F1F1F1F1, 0x1F1F1F1F0E0E0E0E`
			`+static const unsigned char des_weak_keys[DES_WEAK_KEY_NUM][DES_KEY_SIZE] = {`
			`+ /* weak keys */`
			`+ {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},`
			`+ {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},`
			`+ {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},`
			`+ {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},`
			`+ /* semi-weak keys */`
			`+ {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},`
			`+ {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},`
			`+ {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},`
			`+ {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},`
			`+ {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},`
			`+ {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},`
			`+ {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},`
			`+ {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},`
			`+ {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},`
			`+ {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},`
			`+ {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},`
			`+ {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}`
			`};`

			`struct wd_cipher_setting {`
			`@@ -81,12 +97,12 @@ void wd_cipher_set_driver(struct wd_cipher_driver *drv)`
			`wd_cipher_setting.driver = drv;`
			`}`

			`-static bool is_des_weak_key(const __u64 *key)`
			`+static bool is_des_weak_key(const __u8 *key)`
			`{`
			`int i;`

			`for (i = 0; i < DES_WEAK_KEY_NUM; i++) {`
			`- if (*key == des_weak_key[i])`
			`+ if (memcmp(des_weak_keys[i], key, DES_KEY_SIZE) == 0)`
			`return true;`
			`}`

			`@@ -173,7 +189,7 @@ int wd_cipher_set_key(handle_t h_sess, const __u8 *key, __u32 key_len)`
			`WD_ERR("cipher set key input key length err!\n");`
			`return -WD_EINVAL;`
			`}`
			`- if (sess->alg == WD_CIPHER_DES && is_des_weak_key((__u64 *)key)) {`
			`+ if (sess->alg == WD_CIPHER_DES && is_des_weak_key(key)) {`
			`WD_ERR("input des key is weak key!\n");`
			`return -WD_EINVAL;`
			`}`
			`--`
			`2.25.1`