1#ifndef _CRYPTO_GCM_H
2#define _CRYPTO_GCM_H
3
4#include <linux/errno.h>
5
6#include <crypto/aes.h>
7#include <crypto/gf128mul.h>
8
9#define GCM_AES_IV_SIZE 12
10#define GCM_RFC4106_IV_SIZE 8
11#define GCM_RFC4543_IV_SIZE 8
12
13/*
14 * validate authentication tag for GCM
15 */
16static inline int crypto_gcm_check_authsize(unsigned int authsize)
17{
18 switch (authsize) {
19 case 4:
20 case 8:
21 case 12:
22 case 13:
23 case 14:
24 case 15:
25 case 16:
26 break;
27 default:
28 return -EINVAL;
29 }
30
31 return 0;
32}
33
34/*
35 * validate authentication tag for RFC4106
36 */
37static inline int crypto_rfc4106_check_authsize(unsigned int authsize)
38{
39 switch (authsize) {
40 case 8:
41 case 12:
42 case 16:
43 break;
44 default:
45 return -EINVAL;
46 }
47
48 return 0;
49}
50
51/*
52 * validate assoclen for RFC4106/RFC4543
53 */
54static inline int crypto_ipsec_check_assoclen(unsigned int assoclen)
55{
56 switch (assoclen) {
57 case 16:
58 case 20:
59 break;
60 default:
61 return -EINVAL;
62 }
63
64 return 0;
65}
66
67struct aesgcm_ctx {
68 be128 ghash_key;
69 struct crypto_aes_ctx aes_ctx;
70 unsigned int authsize;
71};
72
73int aesgcm_expandkey(struct aesgcm_ctx *ctx, const u8 *key,
74 unsigned int keysize, unsigned int authsize);
75
76void aesgcm_encrypt(const struct aesgcm_ctx *ctx, u8 *dst, const u8 *src,
77 int crypt_len, const u8 *assoc, int assoc_len,
78 const u8 iv[GCM_AES_IV_SIZE], u8 *authtag);
79
80bool __must_check aesgcm_decrypt(const struct aesgcm_ctx *ctx, u8 *dst,
81 const u8 *src, int crypt_len, const u8 *assoc,
82 int assoc_len, const u8 iv[GCM_AES_IV_SIZE],
83 const u8 *authtag);
84
85#endif
86