diff mbox series

[v2,2/2] crypto: aes - helper function to validate key length for AES algorithms

Message ID 1564482824-26581-3-git-send-email-iuliana.prodan@nxp.com (mailing list archive)
State Superseded
Delegated to: Herbert Xu
Headers show
Series crypto: validate inputs for gcm and aes | expand

Commit Message

Iuliana Prodan July 30, 2019, 10:33 a.m. UTC 
Add inline helper function to check key length for AES algorithms.
The key can be 128, 192 or 256 bits size.
This function is used in the generic aes implementation.

Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
---
 include/crypto/aes.h | 17 +++++++++++++++++
 lib/crypto/aes.c     |  8 ++++----
 2 files changed, 21 insertions(+), 4 deletions(-)

Comments

Horia Geanta July 30, 2019, 11:29 a.m. UTC | #1 
On 7/30/2019 1:33 PM, Iuliana Prodan wrote:
> Add inline helper function to check key length for AES algorithms.
> The key can be 128, 192 or 256 bits size.
> This function is used in the generic aes implementation.
> 
> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
Reviewed-by: Horia Geantă <horia.geanta@nxp.com>

Thanks,
Horia
Ard Biesheuvel July 31, 2019, 5:32 a.m. UTC | #2 
On Tue, 30 Jul 2019 at 13:33, Iuliana Prodan <iuliana.prodan@nxp.com> wrote:
>
> Add inline helper function to check key length for AES algorithms.
> The key can be 128, 192 or 256 bits size.
> This function is used in the generic aes implementation.
>
> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
> ---
>  include/crypto/aes.h | 17 +++++++++++++++++
>  lib/crypto/aes.c     |  8 ++++----
>  2 files changed, 21 insertions(+), 4 deletions(-)
>
> diff --git a/include/crypto/aes.h b/include/crypto/aes.h
> index 8e0f4cf..8ee07a8 100644
> --- a/include/crypto/aes.h
> +++ b/include/crypto/aes.h
> @@ -31,6 +31,23 @@ struct crypto_aes_ctx {
>  extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
>  extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
>
> +/*
> + * validate key length for AES algorithms
> + */
> +static inline int crypto_aes_check_keylen(unsigned int keylen)

Please rename this to aes_check_keylen()

> +{
> +       switch (keylen) {
> +       case AES_KEYSIZE_128:
> +       case AES_KEYSIZE_192:
> +       case AES_KEYSIZE_256:
> +               break;
> +       default:
> +               return -EINVAL;
> +       }
> +
> +       return 0;
> +}
> +
>  int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
>                 unsigned int key_len);
>
> diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
> index 4e100af..3407b01 100644
> --- a/lib/crypto/aes.c
> +++ b/lib/crypto/aes.c
> @@ -187,11 +187,11 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
>  {
>         u32 kwords = key_len / sizeof(u32);
>         u32 rc, i, j;
> +       int err;
>
> -       if (key_len != AES_KEYSIZE_128 &&
> -           key_len != AES_KEYSIZE_192 &&
> -           key_len != AES_KEYSIZE_256)
> -               return -EINVAL;
> +       err = crypto_aes_check_keylen(key_len);
> +       if (err)
> +               return err;
>
>         ctx->key_length = key_len;
>
> --
> 2.1.0
>
Iuliana Prodan July 31, 2019, 8:35 a.m. UTC | #3 
On 7/31/2019 8:33 AM, Ard Biesheuvel wrote:
> On Tue, 30 Jul 2019 at 13:33, Iuliana Prodan <iuliana.prodan@nxp.com> wrote:
>>
>> Add inline helper function to check key length for AES algorithms.
>> The key can be 128, 192 or 256 bits size.
>> This function is used in the generic aes implementation.
>>
>> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
>> ---
>>   include/crypto/aes.h | 17 +++++++++++++++++
>>   lib/crypto/aes.c     |  8 ++++----
>>   2 files changed, 21 insertions(+), 4 deletions(-)
>>
>> diff --git a/include/crypto/aes.h b/include/crypto/aes.h
>> index 8e0f4cf..8ee07a8 100644
>> --- a/include/crypto/aes.h
>> +++ b/include/crypto/aes.h
>> @@ -31,6 +31,23 @@ struct crypto_aes_ctx {
>>   extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
>>   extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
>>
>> +/*
>> + * validate key length for AES algorithms
>> + */
>> +static inline int crypto_aes_check_keylen(unsigned int keylen)
> 
> Please rename this to aes_check_keylen()
> 
I just renamed it to crypto_, the first version was check_aes_keylen
- see https://patchwork.kernel.org/patch/11058869/.
I think is better to keep the helper functions with crypto_, as most of 
these type of functions, in crypto, have this prefix.

>> +{
>> +       switch (keylen) {
>> +       case AES_KEYSIZE_128:
>> +       case AES_KEYSIZE_192:
>> +       case AES_KEYSIZE_256:
>> +               break;
>> +       default:
>> +               return -EINVAL;
>> +       }
>> +
>> +       return 0;
>> +}
>> +
>>   int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
>>                  unsigned int key_len);
>>
>> diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
>> index 4e100af..3407b01 100644
>> --- a/lib/crypto/aes.c
>> +++ b/lib/crypto/aes.c
>> @@ -187,11 +187,11 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
>>   {
>>          u32 kwords = key_len / sizeof(u32);
>>          u32 rc, i, j;
>> +       int err;
>>
>> -       if (key_len != AES_KEYSIZE_128 &&
>> -           key_len != AES_KEYSIZE_192 &&
>> -           key_len != AES_KEYSIZE_256)
>> -               return -EINVAL;
>> +       err = crypto_aes_check_keylen(key_len);
>> +       if (err)
>> +               return err;
>>
>>          ctx->key_length = key_len;
>>
>> --
>> 2.1.0
>>
>
Ard Biesheuvel July 31, 2019, 8:50 a.m. UTC | #4 
On Wed, 31 Jul 2019 at 11:35, Iuliana Prodan <iuliana.prodan@nxp.com> wrote:
>
> On 7/31/2019 8:33 AM, Ard Biesheuvel wrote:
> > On Tue, 30 Jul 2019 at 13:33, Iuliana Prodan <iuliana.prodan@nxp.com> wrote:
> >>
> >> Add inline helper function to check key length for AES algorithms.
> >> The key can be 128, 192 or 256 bits size.
> >> This function is used in the generic aes implementation.
> >>
> >> Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
> >> ---
> >>   include/crypto/aes.h | 17 +++++++++++++++++
> >>   lib/crypto/aes.c     |  8 ++++----
> >>   2 files changed, 21 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/include/crypto/aes.h b/include/crypto/aes.h
> >> index 8e0f4cf..8ee07a8 100644
> >> --- a/include/crypto/aes.h
> >> +++ b/include/crypto/aes.h
> >> @@ -31,6 +31,23 @@ struct crypto_aes_ctx {
> >>   extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
> >>   extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
> >>
> >> +/*
> >> + * validate key length for AES algorithms
> >> + */
> >> +static inline int crypto_aes_check_keylen(unsigned int keylen)
> >
> > Please rename this to aes_check_keylen()
> >
> I just renamed it to crypto_, the first version was check_aes_keylen
> - see https://patchwork.kernel.org/patch/11058869/.
> I think is better to keep the helper functions with crypto_, as most of
> these type of functions, in crypto, have this prefix.
>

The AES library consists of

aes_encrypt
aes_decrypt
aes_expandkey

and has no dependencies on the crypto API, which is why I omitted the
crypto_ prefix from the identifiers. Please do the same for this
function.
.


> >> +{
> >> +       switch (keylen) {
> >> +       case AES_KEYSIZE_128:
> >> +       case AES_KEYSIZE_192:
> >> +       case AES_KEYSIZE_256:
> >> +               break;
> >> +       default:
> >> +               return -EINVAL;
> >> +       }
> >> +
> >> +       return 0;
> >> +}
> >> +
> >>   int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
> >>                  unsigned int key_len);
> >>
> >> diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
> >> index 4e100af..3407b01 100644
> >> --- a/lib/crypto/aes.c
> >> +++ b/lib/crypto/aes.c
> >> @@ -187,11 +187,11 @@ int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
> >>   {
> >>          u32 kwords = key_len / sizeof(u32);
> >>          u32 rc, i, j;
> >> +       int err;
> >>
> >> -       if (key_len != AES_KEYSIZE_128 &&
> >> -           key_len != AES_KEYSIZE_192 &&
> >> -           key_len != AES_KEYSIZE_256)
> >> -               return -EINVAL;
> >> +       err = crypto_aes_check_keylen(key_len);
> >> +       if (err)
> >> +               return err;
> >>
> >>          ctx->key_length = key_len;
> >>
> >> --
> >> 2.1.0
> >>
> >
>
diff mbox series

Patch

diff --git a/include/crypto/aes.h b/include/crypto/aes.h
index 8e0f4cf..8ee07a8 100644
--- a/include/crypto/aes.h
+++ b/include/crypto/aes.h
@@ -31,6 +31,23 @@  struct crypto_aes_ctx {
 extern const u32 crypto_ft_tab[4][256] ____cacheline_aligned;
 extern const u32 crypto_it_tab[4][256] ____cacheline_aligned;
 
+/*
+ * validate key length for AES algorithms
+ */
+static inline int crypto_aes_check_keylen(unsigned int keylen)
+{
+	switch (keylen) {
+	case AES_KEYSIZE_128:
+	case AES_KEYSIZE_192:
+	case AES_KEYSIZE_256:
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+
 int crypto_aes_set_key(struct crypto_tfm *tfm, const u8 *in_key,
 		unsigned int key_len);
 
diff --git a/lib/crypto/aes.c b/lib/crypto/aes.c
index 4e100af..3407b01 100644
--- a/lib/crypto/aes.c
+++ b/lib/crypto/aes.c
@@ -187,11 +187,11 @@  int aes_expandkey(struct crypto_aes_ctx *ctx, const u8 *in_key,
 {
 	u32 kwords = key_len / sizeof(u32);
 	u32 rc, i, j;
+	int err;
 
-	if (key_len != AES_KEYSIZE_128 &&
-	    key_len != AES_KEYSIZE_192 &&
-	    key_len != AES_KEYSIZE_256)
-		return -EINVAL;
+	err = crypto_aes_check_keylen(key_len);
+	if (err)
+		return err;
 
 	ctx->key_length = key_len;