diff options
Diffstat (limited to 'crypto/authencesn.c')
-rw-r--r-- | crypto/authencesn.c | 34 |
1 files changed, 8 insertions, 26 deletions
diff --git a/crypto/authencesn.c b/crypto/authencesn.c index ab53762fc309..4be0dd4373a9 100644 --- a/crypto/authencesn.c +++ b/crypto/authencesn.c | |||
@@ -59,37 +59,19 @@ static void authenc_esn_request_complete(struct aead_request *req, int err) | |||
59 | static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 *key, | 59 | static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 *key, |
60 | unsigned int keylen) | 60 | unsigned int keylen) |
61 | { | 61 | { |
62 | unsigned int authkeylen; | ||
63 | unsigned int enckeylen; | ||
64 | struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn); | 62 | struct crypto_authenc_esn_ctx *ctx = crypto_aead_ctx(authenc_esn); |
65 | struct crypto_ahash *auth = ctx->auth; | 63 | struct crypto_ahash *auth = ctx->auth; |
66 | struct crypto_ablkcipher *enc = ctx->enc; | 64 | struct crypto_ablkcipher *enc = ctx->enc; |
67 | struct rtattr *rta = (void *)key; | 65 | struct crypto_authenc_keys keys; |
68 | struct crypto_authenc_key_param *param; | ||
69 | int err = -EINVAL; | 66 | int err = -EINVAL; |
70 | 67 | ||
71 | if (!RTA_OK(rta, keylen)) | 68 | if (crypto_authenc_extractkeys(&keys, key, keylen) != 0) |
72 | goto badkey; | 69 | goto badkey; |
73 | if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) | ||
74 | goto badkey; | ||
75 | if (RTA_PAYLOAD(rta) < sizeof(*param)) | ||
76 | goto badkey; | ||
77 | |||
78 | param = RTA_DATA(rta); | ||
79 | enckeylen = be32_to_cpu(param->enckeylen); | ||
80 | |||
81 | key += RTA_ALIGN(rta->rta_len); | ||
82 | keylen -= RTA_ALIGN(rta->rta_len); | ||
83 | |||
84 | if (keylen < enckeylen) | ||
85 | goto badkey; | ||
86 | |||
87 | authkeylen = keylen - enckeylen; | ||
88 | 70 | ||
89 | crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); | 71 | crypto_ahash_clear_flags(auth, CRYPTO_TFM_REQ_MASK); |
90 | crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc_esn) & | 72 | crypto_ahash_set_flags(auth, crypto_aead_get_flags(authenc_esn) & |
91 | CRYPTO_TFM_REQ_MASK); | 73 | CRYPTO_TFM_REQ_MASK); |
92 | err = crypto_ahash_setkey(auth, key, authkeylen); | 74 | err = crypto_ahash_setkey(auth, keys.authkey, keys.authkeylen); |
93 | crypto_aead_set_flags(authenc_esn, crypto_ahash_get_flags(auth) & | 75 | crypto_aead_set_flags(authenc_esn, crypto_ahash_get_flags(auth) & |
94 | CRYPTO_TFM_RES_MASK); | 76 | CRYPTO_TFM_RES_MASK); |
95 | 77 | ||
@@ -99,7 +81,7 @@ static int crypto_authenc_esn_setkey(struct crypto_aead *authenc_esn, const u8 * | |||
99 | crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK); | 81 | crypto_ablkcipher_clear_flags(enc, CRYPTO_TFM_REQ_MASK); |
100 | crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc_esn) & | 82 | crypto_ablkcipher_set_flags(enc, crypto_aead_get_flags(authenc_esn) & |
101 | CRYPTO_TFM_REQ_MASK); | 83 | CRYPTO_TFM_REQ_MASK); |
102 | err = crypto_ablkcipher_setkey(enc, key + authkeylen, enckeylen); | 84 | err = crypto_ablkcipher_setkey(enc, keys.enckey, keys.enckeylen); |
103 | crypto_aead_set_flags(authenc_esn, crypto_ablkcipher_get_flags(enc) & | 85 | crypto_aead_set_flags(authenc_esn, crypto_ablkcipher_get_flags(enc) & |
104 | CRYPTO_TFM_RES_MASK); | 86 | CRYPTO_TFM_RES_MASK); |
105 | 87 | ||
@@ -247,7 +229,7 @@ static void authenc_esn_verify_ahash_update_done(struct crypto_async_request *ar | |||
247 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 229 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
248 | authsize, 0); | 230 | authsize, 0); |
249 | 231 | ||
250 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; | 232 | err = crypto_memneq(ihash, ahreq->result, authsize) ? -EBADMSG : 0; |
251 | if (err) | 233 | if (err) |
252 | goto out; | 234 | goto out; |
253 | 235 | ||
@@ -296,7 +278,7 @@ static void authenc_esn_verify_ahash_update_done2(struct crypto_async_request *a | |||
296 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 278 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
297 | authsize, 0); | 279 | authsize, 0); |
298 | 280 | ||
299 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; | 281 | err = crypto_memneq(ihash, ahreq->result, authsize) ? -EBADMSG : 0; |
300 | if (err) | 282 | if (err) |
301 | goto out; | 283 | goto out; |
302 | 284 | ||
@@ -336,7 +318,7 @@ static void authenc_esn_verify_ahash_done(struct crypto_async_request *areq, | |||
336 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 318 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
337 | authsize, 0); | 319 | authsize, 0); |
338 | 320 | ||
339 | err = memcmp(ihash, ahreq->result, authsize) ? -EBADMSG : 0; | 321 | err = crypto_memneq(ihash, ahreq->result, authsize) ? -EBADMSG : 0; |
340 | if (err) | 322 | if (err) |
341 | goto out; | 323 | goto out; |
342 | 324 | ||
@@ -568,7 +550,7 @@ static int crypto_authenc_esn_verify(struct aead_request *req) | |||
568 | ihash = ohash + authsize; | 550 | ihash = ohash + authsize; |
569 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, | 551 | scatterwalk_map_and_copy(ihash, areq_ctx->sg, areq_ctx->cryptlen, |
570 | authsize, 0); | 552 | authsize, 0); |
571 | return memcmp(ihash, ohash, authsize) ? -EBADMSG : 0; | 553 | return crypto_memneq(ihash, ohash, authsize) ? -EBADMSG : 0; |
572 | } | 554 | } |
573 | 555 | ||
574 | static int crypto_authenc_esn_iverify(struct aead_request *req, u8 *iv, | 556 | static int crypto_authenc_esn_iverify(struct aead_request *req, u8 *iv, |