diff options
Diffstat (limited to 'crypto/authencesn.c')
| -rw-r--r-- | crypto/authencesn.c | 34 |
1 files changed, 8 insertions, 26 deletions
diff --git a/crypto/authencesn.c b/crypto/authencesn.c index ab53762fc309..4be0dd4373a9 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c | |||
| @@ -59,37 +59,19 @@ static void authenc_esn_request_complete(struct aead_request *req, int err) | |||
| 59 | static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 *key, | 59 | static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 *key, |
| 60 | unsigned int keylen) | 60 | unsigned int keylen) |
| 61 | { | 61 | { |
| 62 | unsigned int authkeylen; | ||
| 63 | unsigned int enckeylen; | ||
| 64 | struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn); | 62 | struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn); |
| 65 | struct crypto_ahash *auth = ctx->auth; | 63 | struct crypto_ahash *auth = ctx->auth; |
| 66 | struct crypto_ablkcipher *enc = ctx->enc; | 64 | struct crypto_ablkcipher *enc = ctx->enc; |
| 67 | struct rtattr *rta = (void *)key; | 65 | struct crypto_authenc_keys keys; |
| 68 | struct crypto_authenc_key_param *param; | ||
| 69 | int err = -EINVAL; | 66 | int err = -EINVAL; |
| 70 | 67 | ||
| 71 | if (!RTA_OK(rta, keylen)) | 68 | if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) |
| 72 | goto badkey; | 69 | goto badkey; |
| 73 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) | ||
| 74 | goto badkey; | ||
| 75 | if (RTA_PAYLOAD(rta) < sizeof(*param)) | ||
| 76 | goto badkey; | ||
| 77 | |||
| 78 | param = RTA_DATA(rta); | ||
| 79 | enckeylen = be32_to_cpu(param->enckeylen); | ||
| 80 | |||
| 81 | key += RTA_ALIGN(rta->rta_len); | ||
| 82 | keylen -= RTA_ALIGN(rta->rta_len); | ||
| 83 | |||
| 84 | if (keylen < enckeylen) | ||
| 85 | goto badkey; | ||
| 86 | |||
| 87 | authkeylen = keylen - enckeylen; | ||
| 88 | 70 | ||
| 89 | crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); | 71 | crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); |
| 90 | crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc_esn) & | 72 | crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc_esn) & |
| 91 | CRYPTO_TFM_REQ_MASK); | 73 | CRYPTO_TFM_REQ_MASK); |
| 92 | err = crypto_ahash_setkey(auth, key, authkeylen); | 74 | err = crypto_ahash_setkey(auth, keys.authkey, keys.authkeylen); |
| 93 | crypto_aead_set_flags(authenc_esn, crypto_ahash_get_flags(auth) & | 75 | crypto_aead_set_flags(authenc_esn, crypto_ahash_get_flags(auth) & |
| 94 | CRYPTO_TFM_RES_MASK); | 76 | CRYPTO_TFM_RES_MASK); |
| 95 | 77 | ||
| @@ -99,7 +81,7 @@ static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 * | |||
| 99 | crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK); | 81 | crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK); |
| 100 | crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc_esn) & | 82 | crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc_esn) & |
| 101 | CRYPTO_TFM_REQ_MASK); | 83 | CRYPTO_TFM_REQ_MASK); |
| 102 | err = crypto_ablkcipher_setkey(enc, key + authkeylen, enckeylen); | 84 | err = crypto_ablkcipher_setkey(enc, keys.enckey, keys.enckeylen); |
| 103 | crypto_aead_set_flags(authenc_esn, crypto_ablkcipher_get_flags(enc) & | 85 | crypto_aead_set_flags(authenc_esn, crypto_ablkcipher_get_flags(enc) & |
| 104 | CRYPTO_TFM_RES_MASK); | 86 | CRYPTO_TFM_RES_MASK); |
| 105 | 87 | ||
| @@ -247,7 +229,7 @@ static void authenc_esn_verify_ahash_update_done(struct crypto_async_request *ar | |||
| 247 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 229 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
| 248 | authsize, 0); | 230 | authsize, 0); |
| 249 | 231 | ||
| 250 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; | 232 | err = crypto_memneq(ihash, ahreq->result, authsize) ? -EBADMSG : 0; |
| 251 | if (err) | 233 | if (err) |
| 252 | goto out; | 234 | goto out; |
| 253 | 235 | ||
| @@ -296,7 +278,7 @@ static void authenc_esn_verify_ahash_update_done2(struct crypto_async_request *a | |||
| 296 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 278 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
| 297 | authsize, 0); | 279 | authsize, 0); |
| 298 | 280 | ||
| 299 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; | 281 | err = crypto_memneq(ihash, ahreq->result, authsize) ? -EBADMSG : 0; |
| 300 | if (err) | 282 | if (err) |
| 301 | goto out; | 283 | goto out; |
| 302 | 284 | ||
| @@ -336,7 +318,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq, | |||
| 336 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 318 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
| 337 | authsize, 0); | 319 | authsize, 0); |
| 338 | 320 | ||
| 339 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; | 321 | err = crypto_memneq(ihash, ahreq->result, authsize) ? -EBADMSG : 0; |
| 340 | if (err) | 322 | if (err) |
| 341 | goto out; | 323 | goto out; |
| 342 | 324 | ||
| @@ -568,7 +550,7 @@ static int crypto_authenc_esn_verify(struct aead_request *req) | |||
| 568 | ihash = ohash + authsize; | 550 | ihash = ohash + authsize; |
| 569 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 551 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
| 570 | authsize, 0); | 552 | authsize, 0); |
| 571 | return memcmp(ihash, ohash, authsize) ? -EBADMSG : 0; | 553 | return crypto_memneq(ihash, ohash, authsize) ? -EBADMSG : 0; |
| 572 | } | 554 | } |
| 573 | 555 | ||
| 574 | static int crypto_authenc_esn_iverify(struct aead_request *req, u8 *iv, | 556 | static int crypto_authenc_esn_iverify(struct aead_request *req, u8 *iv, |