Added inline helper functions to check authsize and assoclen for
gcm, rfc4106 and rfc4543.
Added, also, inline helper function to check key length for AES algorithms.
These are used in the generic implementation of gcm/rfc4106/rfc4543
and aes.
Changes since v1:
- rename helper functions with crypto_ prefix;
- update aes after it was moved to lib/crypto.
Iuliana Prodan (2):
crypto: gcm - helper functions for assoclen/authsize check
crypto: aes - helper function to validate key length for AES
algorithms
crypto/gcm.c | 41 ++++++++++++++-------------------------
include/crypto/aes.h | 17 ++++++++++++++++
include/crypto/gcm.h | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
lib/crypto/aes.c | 8 ++++----
4 files changed, 91 insertions(+), 30 deletions(-)
--
2.1.0
Added inline helper functions to check authsize and assoclen for
gcm, rfc4106 and rfc4543.
These are used in the generic implementation of gcm, rfc4106 and
rfc4543.
Signed-off-by: Iuliana Prodan <[email protected]>
---
crypto/gcm.c | 41 ++++++++++++++-------------------------
include/crypto/gcm.h | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 70 insertions(+), 26 deletions(-)
diff --git a/crypto/gcm.c b/crypto/gcm.c
index f254e2d..2f3b50f 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -152,20 +152,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
- switch (authsize) {
- case 4:
- case 8:
- case 12:
- case 13:
- case 14:
- case 15:
- case 16:
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
+ return crypto_gcm_check_authsize(authsize);
}
static void crypto_gcm_init_common(struct aead_request *req)
@@ -762,15 +749,11 @@ static int crypto_rfc4106_setauthsize(struct crypto_aead *parent,
unsigned int authsize)
{
struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
+ int err;
- switch (authsize) {
- case 8:
- case 12:
- case 16:
- break;
- default:
- return -EINVAL;
- }
+ err = crypto_rfc4106_check_authsize(authsize);
+ if (err)
+ return err;
return crypto_aead_setauthsize(ctx->child, authsize);
}
@@ -818,8 +801,11 @@ static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req)
static int crypto_rfc4106_encrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = crypto_ipsec_check_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -828,8 +814,11 @@ static int crypto_rfc4106_encrypt(struct aead_request *req)
static int crypto_rfc4106_decrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = crypto_ipsec_check_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h
index c50e057..0a2f21e 100644
--- a/include/crypto/gcm.h
+++ b/include/crypto/gcm.h
@@ -1,8 +1,63 @@
#ifndef _CRYPTO_GCM_H
#define _CRYPTO_GCM_H
+#include <uapi/asm-generic/errno-base.h>
+
#define GCM_AES_IV_SIZE 12
#define GCM_RFC4106_IV_SIZE 8
#define GCM_RFC4543_IV_SIZE 8
+/*
+ * validate authentication tag for GCM
+ */
+static inline int crypto_gcm_check_authsize(unsigned int authsize)
+{
+ switch (authsize) {
+ case 4:
+ case 8:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * validate authentication tag for RFC4106
+ */
+static inline int crypto_rfc4106_check_authsize(unsigned int authsize)
+{
+ switch (authsize) {
+ case 8:
+ case 12:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * validate assoclen for RFC4106/RFC4543
+ */
+static inline int crypto_ipsec_check_assoclen(unsigned int assoclen)
+{
+ switch (assoclen) {
+ case 16:
+ case 20:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
#endif
--
2.1.0
On 7/30/2019 1:33 PM, Iuliana Prodan wrote:
> Added inline helper functions to check authsize and assoclen for
> gcm, rfc4106 and rfc4543.
> These are used in the generic implementation of gcm, rfc4106 and
> rfc4543.
>
> Signed-off-by: Iuliana Prodan <[email protected]>
Reviewed-by: Horia Geant? <[email protected]>
Thanks,
Horia
On 7/30/2019 1:33 PM, Iuliana Prodan wrote:
> --- a/include/crypto/gcm.h
> +++ b/include/crypto/gcm.h
> @@ -1,8 +1,63 @@
> #ifndef _CRYPTO_GCM_H
> #define _CRYPTO_GCM_H
>
> +#include <uapi/asm-generic/errno-base.h>
> +
This is new in v2 and I missed it initially.
If needed, <linux/errno.h> should be used instead.
Horia