* [PATCH 0/2] crypto: validate inputs for gcm and aes
@ 2019-07-25 13:47 Iuliana Prodan
2019-07-25 13:47 ` [PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check Iuliana Prodan
2019-07-25 13:47 ` [PATCH 2/2] crypto: aes - helper function to validate key length for AES algorithms Iuliana Prodan
0 siblings, 2 replies; 5+ messages in thread
From: Iuliana Prodan @ 2019-07-25 13:47 UTC (permalink / raw)
To: Herbert Xu, David S. Miller; +Cc: linux-crypto, linux-kernel, linux-imx
Added inline helper functions to check authsize and assoclen for
gcm and rfc4106.
Added, also, inline helper function to check key length for AES algorithms.
These are used in the generic implementation of gcm/rfc4106 and aes/aes_ti.
Iuliana Prodan (2):
crypto: gcm - helper functions for assoclen/authsize check
crypto: aes - helper function to validate key length for AES
algorithms
crypto/aes_generic.c | 7 ++++---
crypto/aes_ti.c | 8 ++++----
crypto/gcm.c | 41 +++++++++++++++-------------------------
include/crypto/aes.h | 17 +++++++++++++++++
include/crypto/gcm.h | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 93 insertions(+), 33 deletions(-)
--
2.1.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check
2019-07-25 13:47 [PATCH 0/2] crypto: validate inputs for gcm and aes Iuliana Prodan
@ 2019-07-25 13:47 ` Iuliana Prodan
2019-07-26 14:12 ` Horia Geanta
2019-07-25 13:47 ` [PATCH 2/2] crypto: aes - helper function to validate key length for AES algorithms Iuliana Prodan
1 sibling, 1 reply; 5+ messages in thread
From: Iuliana Prodan @ 2019-07-25 13:47 UTC (permalink / raw)
To: Herbert Xu, David S. Miller; +Cc: linux-crypto, linux-kernel, linux-imx
Added inline helper functions to check authsize and assoclen for
gcm and rfc4106.
These are used in the generic implementation of gcm and rfc4106.
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
---
crypto/gcm.c | 41 +++++++++++++++-------------------------
include/crypto/gcm.h | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 68 insertions(+), 26 deletions(-)
diff --git a/crypto/gcm.c b/crypto/gcm.c
index 33f45a9..f69c251 100644
--- a/crypto/gcm.c
+++ b/crypto/gcm.c
@@ -155,20 +155,7 @@ static int crypto_gcm_setkey(struct crypto_aead *aead, const u8 *key,
static int crypto_gcm_setauthsize(struct crypto_aead *tfm,
unsigned int authsize)
{
- switch (authsize) {
- case 4:
- case 8:
- case 12:
- case 13:
- case 14:
- case 15:
- case 16:
- break;
- default:
- return -EINVAL;
- }
-
- return 0;
+ return check_gcm_authsize(authsize);
}
static void crypto_gcm_init_common(struct aead_request *req)
@@ -765,15 +752,11 @@ static int crypto_rfc4106_setauthsize(struct crypto_aead *parent,
unsigned int authsize)
{
struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent);
+ int err;
- switch (authsize) {
- case 8:
- case 12:
- case 16:
- break;
- default:
- return -EINVAL;
- }
+ err = check_rfc4106_authsize(authsize);
+ if (err)
+ return err;
return crypto_aead_setauthsize(ctx->child, authsize);
}
@@ -821,8 +804,11 @@ static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req)
static int crypto_rfc4106_encrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = check_ipsec_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
@@ -831,8 +817,11 @@ static int crypto_rfc4106_encrypt(struct aead_request *req)
static int crypto_rfc4106_decrypt(struct aead_request *req)
{
- if (req->assoclen != 16 && req->assoclen != 20)
- return -EINVAL;
+ int err;
+
+ err = check_ipsec_assoclen(req->assoclen);
+ if (err)
+ return err;
req = crypto_rfc4106_crypt(req);
diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h
index c50e057..9834b97 100644
--- a/include/crypto/gcm.h
+++ b/include/crypto/gcm.h
@@ -5,4 +5,57 @@
#define GCM_RFC4106_IV_SIZE 8
#define GCM_RFC4543_IV_SIZE 8
+/*
+ * validate authentication tag for GCM
+ */
+static inline int check_gcm_authsize(unsigned int authsize)
+{
+ switch (authsize) {
+ case 4:
+ case 8:
+ case 12:
+ case 13:
+ case 14:
+ case 15:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * validate authentication tag for RFC4106
+ */
+static inline int check_rfc4106_authsize(unsigned int authsize)
+{
+ switch (authsize) {
+ case 8:
+ case 12:
+ case 16:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
+/*
+ * validate assoclen for RFC4106/RFC4543
+ */
+static inline int check_ipsec_assoclen(unsigned int assoclen)
+{
+ switch (assoclen) {
+ case 16:
+ case 20:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
#endif
--
2.1.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH 2/2] crypto: aes - helper function to validate key length for AES algorithms
2019-07-25 13:47 [PATCH 0/2] crypto: validate inputs for gcm and aes Iuliana Prodan
2019-07-25 13:47 ` [PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check Iuliana Prodan
@ 2019-07-25 13:47 ` Iuliana Prodan
2019-07-26 13:49 ` Horia Geanta
1 sibling, 1 reply; 5+ messages in thread
From: Iuliana Prodan @ 2019-07-25 13:47 UTC (permalink / raw)
To: Herbert Xu, David S. Miller; +Cc: linux-crypto, linux-kernel, linux-imx
Add inline helper function to check key length for AES algorithms.
The key can be 128, 192 or 256 bits size.
This function is used in the generic aes and aes_ti implementations.
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
---
crypto/aes_generic.c | 7 ++++---
crypto/aes_ti.c | 8 ++++----
include/crypto/aes.h | 17 +++++++++++++++++
3 files changed, 25 insertions(+), 7 deletions(-)
diff --git a/crypto/aes_generic.c b/crypto/aes_generic.c
index f217568..f5b7cf6 100644
--- a/crypto/aes_generic.c
+++ b/crypto/aes_generic.c
@@ -1219,10 +1219,11 @@ int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
unsigned int key_len)
{
u32 i, t, u, v, w, j;
+ int err;
- if (key_len != AES_KEYSIZE_128 && key_len != AES_KEYSIZE_192 &&
- key_len != AES_KEYSIZE_256)
- return -EINVAL;
+ err = check_aes_keylen(key_len);
+ if (err)
+ return err;
ctx->key_length = key_len;
diff --git a/crypto/aes_ti.c b/crypto/aes_ti.c
index 1ff9785b..786311c 100644
--- a/crypto/aes_ti.c
+++ b/crypto/aes_ti.c
@@ -172,11 +172,11 @@ static int aesti_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
{
u32 kwords = key_len / sizeof(u32);
u32 rc, i, j;
+ int err;
- if (key_len != AES_KEYSIZE_128 &&
- key_len != AES_KEYSIZE_192 &&
- key_len != AES_KEYSIZE_256)
- return -EINVAL;
+ err = check_aes_keylen(key_len);
+ if (err)
+ return err;
ctx->key_length = key_len;
diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 0fdb542..c3a92ca 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -33,6 +33,23 @@ extern const u32 crypto_fl_tab[4][256] ____cacheline_aligned;
extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
extern const u32 crypto_il_tab[4][256] ____cacheline_aligned;
+/*
+ * validate key length for AES algorithms
+ */
+static inline int check_aes_keylen(unsigned int keylen)
+{
+ switch (keylen) {
+ case AES_KEYSIZE_128:
+ case AES_KEYSIZE_192:
+ case AES_KEYSIZE_256:
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
unsigned int key_len);
int crypto_aes_expand_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
--
2.1.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 2/2] crypto: aes - helper function to validate key length for AES algorithms
2019-07-25 13:47 ` [PATCH 2/2] crypto: aes - helper function to validate key length for AES algorithms Iuliana Prodan
@ 2019-07-26 13:49 ` Horia Geanta
0 siblings, 0 replies; 5+ messages in thread
From: Horia Geanta @ 2019-07-26 13:49 UTC (permalink / raw)
To: Iuliana Prodan, Herbert Xu, David S. Miller
Cc: linux-crypto, linux-kernel, dl-linux-imx
On 7/25/2019 4:47 PM, Iuliana Prodan wrote:
> Add inline helper function to check key length for AES algorithms.
> The key can be 128, 192 or 256 bits size.
> This function is used in the generic aes and aes_ti implementations.
>
Looks good.
Will need to respin it, since aes has just been refactored and moved in lib/crypto/.
Horia
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check
2019-07-25 13:47 ` [PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check Iuliana Prodan
@ 2019-07-26 14:12 ` Horia Geanta
0 siblings, 0 replies; 5+ messages in thread
From: Horia Geanta @ 2019-07-26 14:12 UTC (permalink / raw)
To: Iuliana Prodan, Herbert Xu, David S. Miller
Cc: linux-crypto, linux-kernel, dl-linux-imx
On 7/25/2019 4:47 PM, Iuliana Prodan wrote:
> Added inline helper functions to check authsize and assoclen for
> gcm and rfc4106.
Also rfc4543.
> diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h
> index c50e057..9834b97 100644
> --- a/include/crypto/gcm.h
> +++ b/include/crypto/gcm.h
> @@ -5,4 +5,57 @@
> #define GCM_RFC4106_IV_SIZE 8
> #define GCM_RFC4543_IV_SIZE 8
>
> +/*
> + * validate authentication tag for GCM
> + */
> +static inline int check_gcm_authsize(unsigned int authsize)
I'd prefix the helper names with crypto_
Horia
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-07-26 14:12 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-25 13:47 [PATCH 0/2] crypto: validate inputs for gcm and aes Iuliana Prodan
2019-07-25 13:47 ` [PATCH 1/2] crypto: gcm - helper functions for assoclen/authsize check Iuliana Prodan
2019-07-26 14:12 ` Horia Geanta
2019-07-25 13:47 ` [PATCH 2/2] crypto: aes - helper function to validate key length for AES algorithms Iuliana Prodan
2019-07-26 13:49 ` Horia Geanta
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).