1 #ifndef _CRYPTO_GCM_H
2 #define _CRYPTO_GCM_H
3
4 #include <linux/errno.h>
5
6 #include <crypto/aes.h>
7 #include <crypto/gf128mul.h>
8
9 #define GCM_AES_IV_SIZE 12
10 #define GCM_RFC4106_IV_SIZE 8
11 #define GCM_RFC4543_IV_SIZE 8
12
13 /*
14 * validate authentication tag for GCM
15 */
crypto_gcm_check_authsize(unsigned int authsize)16 static inline int crypto_gcm_check_authsize(unsigned int authsize)
17 {
18 switch (authsize) {
19 case 4:
20 case 8:
21 case 12:
22 case 13:
23 case 14:
24 case 15:
25 case 16:
26 break;
27 default:
28 return -EINVAL;
29 }
30
31 return 0;
32 }
33
34 /*
35 * validate authentication tag for RFC4106
36 */
crypto_rfc4106_check_authsize(unsigned int authsize)37 static inline int crypto_rfc4106_check_authsize(unsigned int authsize)
38 {
39 switch (authsize) {
40 case 8:
41 case 12:
42 case 16:
43 break;
44 default:
45 return -EINVAL;
46 }
47
48 return 0;
49 }
50
51 /*
52 * validate assoclen for RFC4106/RFC4543
53 */
crypto_ipsec_check_assoclen(unsigned int assoclen)54 static inline int crypto_ipsec_check_assoclen(unsigned int assoclen)
55 {
56 switch (assoclen) {
57 case 16:
58 case 20:
59 break;
60 default:
61 return -EINVAL;
62 }
63
64 return 0;
65 }
66
67 struct aesgcm_ctx {
68 be128 ghash_key;
69 struct crypto_aes_ctx aes_ctx;
70 unsigned int authsize;
71 };
72
73 int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key,
74 unsigned int keysize, unsigned int authsize);
75
76 void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
77 int crypt_len, const u8 *assoc, int assoc_len,
78 const u8 iv[GCM_AES_IV_SIZE], u8 *authtag);
79
80 bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst,
81 const u8 *src, int crypt_len, const u8 *assoc,
82 int assoc_len, const u8 iv[GCM_AES_IV_SIZE],
83 const u8 *authtag);
84
85 #endif
86