|
|
@@ -22,6 +22,7 @@
|
|
|
#include <keys/user-type.h>
|
|
|
#include <keys/big_key-type.h>
|
|
|
#include <crypto/aead.h>
|
|
|
+#include <crypto/gcm.h>
|
|
|
|
|
|
struct big_key_buf {
|
|
|
unsigned int nr_pages;
|
|
|
@@ -85,6 +86,7 @@ struct key_type key_type_big_key = {
|
|
|
* Crypto names for big_key data authenticated encryption
|
|
|
*/
|
|
|
static const char big_key_alg_name[] = "gcm(aes)";
|
|
|
+#define BIG_KEY_IV_SIZE GCM_AES_IV_SIZE
|
|
|
|
|
|
/*
|
|
|
* Crypto algorithms for big_key data authenticated encryption
|
|
|
@@ -109,7 +111,7 @@ static int big_key_crypt(enum big_key_op op, struct big_key_buf *buf, size_t dat
|
|
|
* an .update function, so there's no chance we'll wind up reusing the
|
|
|
* key to encrypt updated data. Simply put: one key, one encryption.
|
|
|
*/
|
|
|
- u8 zero_nonce[crypto_aead_ivsize(big_key_aead)];
|
|
|
+ u8 zero_nonce[BIG_KEY_IV_SIZE];
|
|
|
|
|
|
aead_req = aead_request_alloc(big_key_aead, GFP_KERNEL);
|
|
|
if (!aead_req)
|
|
|
@@ -425,6 +427,13 @@ static int __init big_key_init(void)
|
|
|
pr_err("Can't alloc crypto: %d\n", ret);
|
|
|
return ret;
|
|
|
}
|
|
|
+
|
|
|
+ if (unlikely(crypto_aead_ivsize(big_key_aead) != BIG_KEY_IV_SIZE)) {
|
|
|
+ WARN(1, "big key algorithm changed?");
|
|
|
+ ret = -EINVAL;
|
|
|
+ goto free_aead;
|
|
|
+ }
|
|
|
+
|
|
|
ret = crypto_aead_setauthsize(big_key_aead, ENC_AUTHTAG_SIZE);
|
|
|
if (ret < 0) {
|
|
|
pr_err("Can't set crypto auth tag len: %d\n", ret);
|
Tycho Andersen