[PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check
From: Iuliana Prodan
Date: Thu Jul 25 2019 - 14:06:46 EST
Added inline helper functions to check authsize and assoclen for
gcm and rfc4106.
These are used in the generic implementation of gcm and rfc4106.
Signed-off-by: Iuliana Prodan <iuliana.prodan@xxxxxxx>
---
crypto/gcm.c | 41 +++++++++++++++-------------------------
include/crypto/gcm.h | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 68 insertions(+), 26 deletions(-)
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 33f45a9..f69c251 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -155,20 +155,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
- switch (authsize) {
- case 4:
- case 8:
- case 12:
- case 13:
- case 14:
- case 15:
- case 16:
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
+ return check_gcm_authsize(authsize);
}
static void crypto_gcm_init_common(struct aead_request *req)
@@ -765,15 +752,11 @@ static int crypto_rfc4106_setauthsize(struct crypto_aead *parent,
unsigned int authsize)
{
struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
+ int err;
- switch (authsize) {
- case 8:
- case 12:
- case 16:
- break;
- default:
- return -EINVAL;
- }
+ err = check_rfc4106_authsize(authsize);
+ if (err)
+ return err;
return crypto_aead_setauthsize(ctx->child, authsize);
}
@@ -821,8 +804,11 @@ static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req)
static int crypto_rfc4106_encrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = check_ipsec_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -831,8 +817,11 @@ static int crypto_rfc4106_encrypt(struct aead_request *req)
static int crypto_rfc4106_decrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = check_ipsec_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h
index c50e057..9834b97 100644
--- a/include/crypto/gcm.h
+++ b/include/crypto/gcm.h
@@ -5,4 +5,57 @@
#define GCM_RFC4106_IV_SIZE 8
#define GCM_RFC4543_IV_SIZE 8
+/*
+ * validate authentication tag for GCM
+ */
+static inline int check_gcm_authsize(unsigned int authsize)
+{
+ switch (authsize) {
+ case 4:
+ case 8:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * validate authentication tag for RFC4106
+ */
+static inline int check_rfc4106_authsize(unsigned int authsize)
+{
+ switch (authsize) {
+ case 8:
+ case 12:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * validate assoclen for RFC4106/RFC4543
+ */
+static inline int check_ipsec_assoclen(unsigned int assoclen)
+{
+ switch (assoclen) {
+ case 16:
+ case 20:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
#endif
--
2.1.0