From: Pascal van Leeuwen <pascalvanl@gmail.com> To: linux-crypto@vger.kernel.org Cc: antoine.tenart@bootlin.com, herbert@gondor.apana.org.au, davem@davemloft.net, Pascal van Leeuwen <pvanleeuwen@verimatrix.com> Subject: [PATCH 1/2] crypto: inside-secure - Use defines instead of some constants (cosmetic) Date: Tue, 30 Jul 2019 15:27:11 +0200 Message-ID: <1564493232-30733-2-git-send-email-pvanleeuwen@verimatrix.com> (raw) In-Reply-To: <1564493232-30733-1-git-send-email-pvanleeuwen@verimatrix.com> This patch replaces some hard constants regarding key, IV and nonce sizes with appropriate defines from the crypto header files. Signed-off-by: Pascal van Leeuwen <pvanleeuwen@verimatrix.com> --- drivers/crypto/inside-secure/safexcel_cipher.c | 35 ++++++++++++++------------ 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/drivers/crypto/inside-secure/safexcel_cipher.c b/drivers/crypto/inside-secure/safexcel_cipher.c index d65e5f7..a30fdd5 100644 --- a/drivers/crypto/inside-secure/safexcel_cipher.c +++ b/drivers/crypto/inside-secure/safexcel_cipher.c @@ -12,6 +12,7 @@ #include <crypto/aead.h> #include <crypto/aes.h> #include <crypto/authenc.h> +#include <crypto/ctr.h> #include <crypto/des.h> #include <crypto/sha.h> #include <crypto/skcipher.h> @@ -237,19 +238,21 @@ static int safexcel_aead_setkey(struct crypto_aead *ctfm, const u8 *key, goto badkey; if (ctx->mode == CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD) { - /* 20 is minimum AES key: 16 bytes + 4 bytes nonce */ - if (keys.enckeylen < 20) + /* Minimum keysize is minimum AES key size + nonce size */ + if (keys.enckeylen < (AES_MIN_KEY_SIZE + + CTR_RFC3686_NONCE_SIZE)) goto badkey; /* last 4 bytes of key are the nonce! */ - ctx->nonce = *(u32 *)(keys.enckey + keys.enckeylen - 4); + ctx->nonce = *(u32 *)(keys.enckey + keys.enckeylen - + CTR_RFC3686_NONCE_SIZE); /* exclude the nonce here */ - keys.enckeylen -= 4; + keys.enckeylen -= CONTEXT_CONTROL_CRYPTO_MODE_CTR_LOAD; } /* Encryption key */ switch (ctx->alg) { case SAFEXCEL_3DES: - if (keys.enckeylen != 24) + if (keys.enckeylen != DES3_EDE_KEY_SIZE) goto badkey; flags = crypto_aead_get_flags(ctfm); err = __des3_verify_key(&flags, keys.enckey); @@ -1114,9 +1117,9 @@ static int safexcel_skcipher_aesctr_setkey(struct crypto_skcipher *ctfm, unsigned int keylen; /* last 4 bytes of key are the nonce! */ - ctx->nonce = *(u32 *)(key + len - 4); + ctx->nonce = *(u32 *)(key + len - CTR_RFC3686_NONCE_SIZE); /* exclude the nonce here */ - keylen = len - 4; + keylen = len - CTR_RFC3686_NONCE_SIZE; ret = crypto_aes_expand_key(&aes, key, keylen); if (ret) { crypto_skcipher_set_flags(ctfm, CRYPTO_TFM_RES_BAD_KEY_LEN); @@ -1157,10 +1160,10 @@ struct safexcel_alg_template safexcel_alg_ctr_aes = { .setkey = safexcel_skcipher_aesctr_setkey, .encrypt = safexcel_encrypt, .decrypt = safexcel_decrypt, - /* Add 4 to include the 4 byte nonce! */ - .min_keysize = AES_MIN_KEY_SIZE + 4, - .max_keysize = AES_MAX_KEY_SIZE + 4, - .ivsize = 8, + /* Add nonce size */ + .min_keysize = AES_MIN_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, + .max_keysize = AES_MAX_KEY_SIZE + CTR_RFC3686_NONCE_SIZE, + .ivsize = CTR_RFC3686_IV_SIZE, .base = { .cra_name = "rfc3686(ctr(aes))", .cra_driver_name = "safexcel-ctr-aes", @@ -1620,7 +1623,7 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha1_ctr_aes = { .setkey = safexcel_aead_setkey, .encrypt = safexcel_aead_encrypt, .decrypt = safexcel_aead_decrypt, - .ivsize = 8, + .ivsize = CTR_RFC3686_IV_SIZE, .maxauthsize = SHA1_DIGEST_SIZE, .base = { .cra_name = "authenc(hmac(sha1),rfc3686(ctr(aes)))", @@ -1653,7 +1656,7 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha256_ctr_aes = { .setkey = safexcel_aead_setkey, .encrypt = safexcel_aead_encrypt, .decrypt = safexcel_aead_decrypt, - .ivsize = 8, + .ivsize = CTR_RFC3686_IV_SIZE, .maxauthsize = SHA256_DIGEST_SIZE, .base = { .cra_name = "authenc(hmac(sha256),rfc3686(ctr(aes)))", @@ -1686,7 +1689,7 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha224_ctr_aes = { .setkey = safexcel_aead_setkey, .encrypt = safexcel_aead_encrypt, .decrypt = safexcel_aead_decrypt, - .ivsize = 8, + .ivsize = CTR_RFC3686_IV_SIZE, .maxauthsize = SHA224_DIGEST_SIZE, .base = { .cra_name = "authenc(hmac(sha224),rfc3686(ctr(aes)))", @@ -1719,7 +1722,7 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha512_ctr_aes = { .setkey = safexcel_aead_setkey, .encrypt = safexcel_aead_encrypt, .decrypt = safexcel_aead_decrypt, - .ivsize = 8, + .ivsize = CTR_RFC3686_IV_SIZE, .maxauthsize = SHA512_DIGEST_SIZE, .base = { .cra_name = "authenc(hmac(sha512),rfc3686(ctr(aes)))", @@ -1752,7 +1755,7 @@ struct safexcel_alg_template safexcel_alg_authenc_hmac_sha384_ctr_aes = { .setkey = safexcel_aead_setkey, .encrypt = safexcel_aead_encrypt, .decrypt = safexcel_aead_decrypt, - .ivsize = 8, + .ivsize = CTR_RFC3686_IV_SIZE, .maxauthsize = SHA384_DIGEST_SIZE, .base = { .cra_name = "authenc(hmac(sha384),rfc3686(ctr(aes)))", -- 1.8.3.1
next prev parent reply index Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-07-30 13:27 [PATCH 0/2] crypto: inside-secure - Cosmetic fixes for readability Pascal van Leeuwen 2019-07-30 13:27 ` Pascal van Leeuwen [this message] 2019-07-30 14:35 ` [PATCH 1/2] crypto: inside-secure - Use defines instead of some constants (cosmetic) Antoine Tenart 2019-08-09 6:17 ` Herbert Xu 2019-07-30 13:27 ` [PATCH 2/2] crypto: inside-secure: This fixes a mistake in a comment for XTS Pascal van Leeuwen 2019-07-30 14:37 ` Antoine Tenart 2019-08-09 5:10 ` Herbert Xu 2019-08-09 9:21 ` Pascal Van Leeuwen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1564493232-30733-2-git-send-email-pvanleeuwen@verimatrix.com \ --to=pascalvanl@gmail.com \ --cc=antoine.tenart@bootlin.com \ --cc=davem@davemloft.net \ --cc=herbert@gondor.apana.org.au \ --cc=linux-crypto@vger.kernel.org \ --cc=pvanleeuwen@verimatrix.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-Crypto Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-crypto/0 linux-crypto/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-crypto linux-crypto/ https://lore.kernel.org/linux-crypto \ linux-crypto@vger.kernel.org public-inbox-index linux-crypto Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-crypto AGPL code for this site: git clone https://public-inbox.org/public-inbox.git