diff options
| author |   Benoît Ganne <bganne@cisco.com> | 2019-04-29 16:05:46 +0200 |
|---|---|---|
| committer |   Damjan Marion <dmarion@me.com> | 2019-04-30 15:33:53 +0000 |
| commit | be95444fbb31b875c2ab98cd330fdcb36027ced8 (patch) | |
| tree | cdd489306a290cff918b954be950eca0fb4b61bd /src/vnet/crypto/crypto.h | |
| parent | d577e1f578182d7f663e0f8519dadc81f21cb7a6 (diff) | |
crypto: enforce per-alg crypto key length
Crypto algorithms have different requirements on key length. As we do
not support key stretching (eg. PBKDF2), user must provide the exact
key length used by the algorithm.
Failing that means low-level crypto functions might read garbage (eg.
aes128_key_expand() will read 16-bytes, regardless of the key provided
by the user).
Change-Id: I347a1ea7a59720a1ed07ceaad8b00a31f78458c9
Signed-off-by: Benoît Ganne <bganne@cisco.com>
Diffstat (limited to 'src/vnet/crypto/crypto.h')
| -rw-r--r-- | src/vnet/crypto/crypto.h | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/vnet/crypto/crypto.h b/src/vnet/crypto/crypto.h index 95bc72b2dc0..5af0822812f 100644 --- a/src/vnet/crypto/crypto.h +++ b/src/vnet/crypto/crypto.h @@ -20,20 +20,22 @@ #include <vlib/vlib.h> +/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */ #define foreach_crypto_cipher_alg \ - _(DES_CBC, "des-cbc") \ - _(3DES_CBC, "3des-cbc") \ - _(AES_128_CBC, "aes-128-cbc") \ - _(AES_192_CBC, "aes-192-cbc") \ - _(AES_256_CBC, "aes-256-cbc") \ - _(AES_128_CTR, "aes-128-ctr") \ - _(AES_192_CTR, "aes-192-ctr") \ - _(AES_256_CTR, "aes-256-ctr") - + _(DES_CBC, "des-cbc", 7) \ + _(3DES_CBC, "3des-cbc", 14) \ + _(AES_128_CBC, "aes-128-cbc", 16) \ + _(AES_192_CBC, "aes-192-cbc", 24) \ + _(AES_256_CBC, "aes-256-cbc", 32) \ + _(AES_128_CTR, "aes-128-ctr", 16) \ + _(AES_192_CTR, "aes-192-ctr", 24) \ + _(AES_256_CTR, "aes-256-ctr", 32) + +/* CRYPTO_ID, PRETTY_NAME, KEY_LENGTH_IN_BYTES */ #define foreach_crypto_aead_alg \ - _(AES_128_GCM, "aes-128-gcm") \ - _(AES_192_GCM, "aes-192-gcm") \ - _(AES_256_GCM, "aes-256-gcm") + _(AES_128_GCM, "aes-128-gcm", 16) \ + _(AES_192_GCM, "aes-192-gcm", 24) \ + _(AES_256_GCM, "aes-256-gcm", 32) #define foreach_crypto_hmac_alg \ _(MD5, "md5") \ @@ -85,7 +87,7 @@ typedef enum typedef enum { VNET_CRYPTO_ALG_NONE = 0, -#define _(n, s) VNET_CRYPTO_ALG_##n, +#define _(n, s, l) VNET_CRYPTO_ALG_##n, foreach_crypto_cipher_alg foreach_crypto_aead_alg #undef _ @@ -104,7 +106,7 @@ typedef struct typedef enum { VNET_CRYPTO_OP_NONE = 0, -#define _(n, s) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC, +#define _(n, s, l) VNET_CRYPTO_OP_##n##_ENC, VNET_CRYPTO_OP_##n##_DEC, foreach_crypto_cipher_alg foreach_crypto_aead_alg #undef _ |