diff --git a/crypto/gcm.c b/crypto/gcm.c index f254e2d4c206..2f3b50f8f3e0 100644 --- a/crypto/gcm.c +++ b/crypto/gcm.c @@ -152,20 +152,7 @@ out: static int crypto_gcm_setauthsize(struct crypto_aead *tfm, unsigned int authsize) { - switch (authsize) { - case 4: - case 8: - case 12: - case 13: - case 14: - case 15: - case 16: - break; - default: - return -EINVAL; - } - - return 0; + return crypto_gcm_check_authsize(authsize); } static void crypto_gcm_init_common(struct aead_request *req) @@ -762,15 +749,11 @@ static int crypto_rfc4106_setauthsize(struct crypto_aead *parent, unsigned int authsize) { struct crypto_rfc4106_ctx *ctx = crypto_aead_ctx(parent); + int err; - switch (authsize) { - case 8: - case 12: - case 16: - break; - default: - return -EINVAL; - } + err = crypto_rfc4106_check_authsize(authsize); + if (err) + return err; return crypto_aead_setauthsize(ctx->child, authsize); } @@ -818,8 +801,11 @@ static struct aead_request *crypto_rfc4106_crypt(struct aead_request *req) static int crypto_rfc4106_encrypt(struct aead_request *req) { - if (req->assoclen != 16 && req->assoclen != 20) - return -EINVAL; + int err; + + err = crypto_ipsec_check_assoclen(req->assoclen); + if (err) + return err; req = crypto_rfc4106_crypt(req); @@ -828,8 +814,11 @@ static int crypto_rfc4106_encrypt(struct aead_request *req) static int crypto_rfc4106_decrypt(struct aead_request *req) { - if (req->assoclen != 16 && req->assoclen != 20) - return -EINVAL; + int err; + + err = crypto_ipsec_check_assoclen(req->assoclen); + if (err) + return err; req = crypto_rfc4106_crypt(req); diff --git a/include/crypto/gcm.h b/include/crypto/gcm.h index c50e057ea17e..9d7eff04f224 100644 --- a/include/crypto/gcm.h +++ b/include/crypto/gcm.h @@ -1,8 +1,63 @@ #ifndef _CRYPTO_GCM_H #define _CRYPTO_GCM_H +#include + #define GCM_AES_IV_SIZE 12 #define GCM_RFC4106_IV_SIZE 8 #define GCM_RFC4543_IV_SIZE 8 +/* + * validate authentication tag for GCM + */ +static inline int crypto_gcm_check_authsize(unsigned int authsize) +{ + switch (authsize) { + case 4: + case 8: + case 12: + case 13: + case 14: + case 15: + case 16: + break; + default: + return -EINVAL; + } + + return 0; +} + +/* + * validate authentication tag for RFC4106 + */ +static inline int crypto_rfc4106_check_authsize(unsigned int authsize) +{ + switch (authsize) { + case 8: + case 12: + case 16: + break; + default: + return -EINVAL; + } + + return 0; +} + +/* + * validate assoclen for RFC4106/RFC4543 + */ +static inline int crypto_ipsec_check_assoclen(unsigned int assoclen) +{ + switch (assoclen) { + case 16: + case 20: + break; + default: + return -EINVAL; + } + + return 0; +} #endif