1 | #ifndef _CRYPTO_GCM_H |
2 | #define _CRYPTO_GCM_H |
3 | |
4 | #include <linux/errno.h> |
5 | |
6 | #include <crypto/aes.h> |
7 | #include <crypto/gf128mul.h> |
8 | |
9 | #define GCM_AES_IV_SIZE 12 |
10 | #define GCM_RFC4106_IV_SIZE 8 |
11 | #define GCM_RFC4543_IV_SIZE 8 |
12 | |
13 | /* |
14 | * validate authentication tag for GCM |
15 | */ |
16 | static inline int crypto_gcm_check_authsize(unsigned int authsize) |
17 | { |
18 | switch (authsize) { |
19 | case 4: |
20 | case 8: |
21 | case 12: |
22 | case 13: |
23 | case 14: |
24 | case 15: |
25 | case 16: |
26 | break; |
27 | default: |
28 | return -EINVAL; |
29 | } |
30 | |
31 | return 0; |
32 | } |
33 | |
34 | /* |
35 | * validate authentication tag for RFC4106 |
36 | */ |
37 | static inline int crypto_rfc4106_check_authsize(unsigned int authsize) |
38 | { |
39 | switch (authsize) { |
40 | case 8: |
41 | case 12: |
42 | case 16: |
43 | break; |
44 | default: |
45 | return -EINVAL; |
46 | } |
47 | |
48 | return 0; |
49 | } |
50 | |
51 | /* |
52 | * validate assoclen for RFC4106/RFC4543 |
53 | */ |
54 | static inline int crypto_ipsec_check_assoclen(unsigned int assoclen) |
55 | { |
56 | switch (assoclen) { |
57 | case 16: |
58 | case 20: |
59 | break; |
60 | default: |
61 | return -EINVAL; |
62 | } |
63 | |
64 | return 0; |
65 | } |
66 | |
67 | struct aesgcm_ctx { |
68 | be128 ghash_key; |
69 | struct crypto_aes_ctx aes_ctx; |
70 | unsigned int authsize; |
71 | }; |
72 | |
73 | int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key, |
74 | unsigned int keysize, unsigned int authsize); |
75 | |
76 | void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, |
77 | int crypt_len, const u8 *assoc, int assoc_len, |
78 | const u8 iv[GCM_AES_IV_SIZE], u8 *authtag); |
79 | |
80 | bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst, |
81 | const u8 *src, int crypt_len, const u8 *assoc, |
82 | int assoc_len, const u8 iv[GCM_AES_IV_SIZE], |
83 | const u8 *authtag); |
84 | |
85 | #endif |
86 | |