Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
crypto: bcm - check assoclen for rfc4543/rfc4106
Validated assoclen for RFC4543 which expects an assoclen
of 16 or 20, the same as RFC4106.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof
IP Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or
20 bytes.
Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
authored by
Iuliana Prodan
and committed by
Herbert Xu
b3553eff
b93ecf42
+13
+13
drivers/crypto/bcm/cipher.c
+13
drivers/crypto/bcm/cipher.c
···
2629
2629
return 1;
2630
2630
}
2631
2631
2632
+
/*
2633
+
* RFC4106 and RFC4543 cannot handle the case where AAD is other than
2634
+
* 16 or 20 bytes long. So use fallback in this case.
2635
+
*/
2636
+
if (ctx->cipher.mode == CIPHER_MODE_GCM &&
2637
+
ctx->cipher.alg == CIPHER_ALG_AES &&
2638
+
rctx->iv_ctr_len == GCM_RFC4106_IV_SIZE &&
2639
+
req->assoclen != 16 && req->assoclen != 20) {
2640
+
flow_log("RFC4106/RFC4543 needs fallback for assoclen"
2641
+
" other than 16 or 20 bytes\n");
2642
+
return 1;
2643
+
}
2644
+
2632
2645
payload_len = req->cryptlen;
2633
2646
if (spu->spu_type == SPU_TYPE_SPUM)
2634
2647
payload_len += req->assoclen;