1#ifndef _CRYPTO_GCM_H 2#define _CRYPTO_GCM_H 3 4#include <linux/errno.h> 5 6#include <crypto/aes.h> 7#include <crypto/gf128mul.h> 8 9#define GCM_AES_IV_SIZE 12 10#define GCM_RFC4106_IV_SIZE 8 11#define GCM_RFC4543_IV_SIZE 8 12 13/* 14 * validate authentication tag for GCM 15 */ 16static inline int crypto_gcm_check_authsize(unsigned int authsize) 17{ 18 switch (authsize) { 19 case 4: 20 case 8: 21 case 12: 22 case 13: 23 case 14: 24 case 15: 25 case 16: 26 break; 27 default: 28 return -EINVAL; 29 } 30 31 return 0; 32} 33 34/* 35 * validate authentication tag for RFC4106 36 */ 37static inline int crypto_rfc4106_check_authsize(unsigned int authsize) 38{ 39 switch (authsize) { 40 case 8: 41 case 12: 42 case 16: 43 break; 44 default: 45 return -EINVAL; 46 } 47 48 return 0; 49} 50 51/* 52 * validate assoclen for RFC4106/RFC4543 53 */ 54static inline int crypto_ipsec_check_assoclen(unsigned int assoclen) 55{ 56 switch (assoclen) { 57 case 16: 58 case 20: 59 break; 60 default: 61 return -EINVAL; 62 } 63 64 return 0; 65} 66 67struct aesgcm_ctx { 68 be128 ghash_key; 69 struct crypto_aes_ctx aes_ctx; 70 unsigned int authsize; 71}; 72 73int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key, 74 unsigned int keysize, unsigned int authsize); 75 76void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src, 77 int crypt_len, const u8 *assoc, int assoc_len, 78 const u8 iv[GCM_AES_IV_SIZE], u8 *authtag); 79 80bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst, 81 const u8 *src, int crypt_len, const u8 *assoc, 82 int assoc_len, const u8 iv[GCM_AES_IV_SIZE], 83 const u8 *authtag); 84 85#endif 86