78 lines
2.7 KiB
Diff
78 lines
2.7 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Iulian Mocanu <iulian.mocanu@intel.com>
|
|
Date: Fri, 22 Feb 2019 15:44:55 +0100
|
|
Subject: [PATCH] keystore: add iv_size restriction for dal-keystore
|
|
|
|
Dal-keystore support only 12-byte IV for AES-GCM algorithms
|
|
to promote interoperability, efficiency, and simplicity of design.
|
|
Restriction is related to GCM recommandation for situations in
|
|
which efficiency is critical.
|
|
|
|
Change-Id: I3829684ee322eefeffc6b3620061f2a8ac97b205
|
|
Signed-off-by: Iulian Mocanu <iulian.mocanu@intel.com>
|
|
Tracked-On: PKT-1776
|
|
Signed-off-by: Zhou Furong <furong.zhou@intel.com>
|
|
---
|
|
security/keystore/api_dal.c | 11 +++--------
|
|
security/keystore/dal_client.h | 6 ++++++
|
|
2 files changed, 9 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/security/keystore/api_dal.c b/security/keystore/api_dal.c
|
|
index 3a6b1c24de26..8dbba4da7223 100644
|
|
--- a/security/keystore/api_dal.c
|
|
+++ b/security/keystore/api_dal.c
|
|
@@ -798,15 +798,12 @@ int dal_keystore_encrypt(const uint8_t *client_ticket, int slot_id,
|
|
": keystore_encrypt slot_id=%d algo_spec=%d iv_size=%u isize=%u\n",
|
|
slot_id, (int)algo_spec, iv_size, input_size);
|
|
|
|
- if (!iv || iv_size < DAL_KEYSTORE_GCM_IV_SIZE ||
|
|
- iv_size > KEYSTORE_MAX_IV_SIZE) {
|
|
- ks_err(KBUILD_MODNAME ": Incorrect input values to %s\n",
|
|
+ if (!iv || iv_size != DAL_KEYSTORE_GCM_IV_SIZE) {
|
|
+ ks_err(KBUILD_MODNAME ": Incorrect input values to %s\n",
|
|
__func__);
|
|
return -EINVAL;
|
|
}
|
|
|
|
- iv_size = DAL_KEYSTORE_GCM_IV_SIZE;
|
|
-
|
|
res = dal_calc_clientid(client_id, sizeof(client_id));
|
|
|
|
if (res) {
|
|
@@ -952,14 +949,12 @@ int dal_keystore_decrypt(const uint8_t *client_ticket, int slot_id,
|
|
": keystore_decrypt slot_id=%d algo_spec=%d iv_size=%u isize=%u\n",
|
|
slot_id, (int)algo_spec, iv_size, input_size);
|
|
|
|
- if (!iv || iv_size < DAL_KEYSTORE_GCM_IV_SIZE || iv_size > KEYSTORE_MAX_IV_SIZE) {
|
|
+ if (!iv || iv_size != DAL_KEYSTORE_GCM_IV_SIZE) {
|
|
ks_err(KBUILD_MODNAME ": Incorrect input values to %s\n",
|
|
__func__);
|
|
return -EINVAL;
|
|
}
|
|
|
|
- iv_size = DAL_KEYSTORE_GCM_IV_SIZE;
|
|
-
|
|
res = dal_calc_clientid(client_id, sizeof(client_id));
|
|
|
|
if (res) {
|
|
diff --git a/security/keystore/dal_client.h b/security/keystore/dal_client.h
|
|
index 059c919cfabe..cce8ab560231 100644
|
|
--- a/security/keystore/dal_client.h
|
|
+++ b/security/keystore/dal_client.h
|
|
@@ -22,6 +22,12 @@
|
|
#include <linux/errno.h>
|
|
#include <security/keystore_api_common.h>
|
|
|
|
+/**
|
|
+ * DAL_KEYSTORE_GCM_IV_SIZE - size of the Initialization Vector
|
|
+ *
|
|
+ * Dal-keystore supports only 12-byte IV for AES-GCM algorithms
|
|
+ * to promote interoperability, efficiency, and simplicity of design.
|
|
+ */
|
|
#define DAL_KEYSTORE_GCM_IV_SIZE 12
|
|
#define DAL_KEYSTORE_GCM_AUTH_SIZE 16
|
|
#define DAL_KEYSTORE_MAX_WRAP_KEY_LEN 49
|
|
--
|
|
https://clearlinux.org
|
|
|