linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Iuliana Prodan <iuliana.prodan@nxp.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	Horia Geanta <horia.geanta@nxp.com>,
	Aymen Sghaier <aymen.sghaier@nxp.com>
Cc: "David S. Miller" <davem@davemloft.net>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-imx <linux-imx@nxp.com>
Subject: [PATCH 06/14] crypto: caam - check assoclen
Date: Thu, 18 Jul 2019 17:45:16 +0300	[thread overview]
Message-ID: <1563461124-24641-7-git-send-email-iuliana.prodan@nxp.com> (raw)
In-Reply-To: <1563461124-24641-1-git-send-email-iuliana.prodan@nxp.com>

Check assoclen to solve the extra tests that expect -EINVAL to be
returned when the associated data size is not valid.

Validated assoclen for RFC4106 and RFC4543 which expects an assoclen
of 16 or 20.
Based on seqiv, IPsec ESP and RFC4543/RFC4106 the assoclen is sizeof IP
Header (spi, seq_no, extended seq_no) and IV len. This can be 16 or 20
bytes.

Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com>
---
 drivers/crypto/caam/caamalg.c     | 10 ++--------
 drivers/crypto/caam/caamalg_qi.c  | 10 ++--------
 drivers/crypto/caam/caamalg_qi2.c | 10 ++--------
 drivers/crypto/caam/common_if.c   | 17 +++++++++++++++++
 drivers/crypto/caam/common_if.h   |  2 ++
 5 files changed, 25 insertions(+), 24 deletions(-)

diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c
index 6682e67..6b9937c 100644
--- a/drivers/crypto/caam/caamalg.c
+++ b/drivers/crypto/caam/caamalg.c
@@ -1605,10 +1605,7 @@ static int chachapoly_decrypt(struct aead_request *req)
 
 static int ipsec_gcm_encrypt(struct aead_request *req)
 {
-	if (req->assoclen < 8)
-		return -EINVAL;
-
-	return gcm_encrypt(req);
+	return check_ipsec_assoclen(req->assoclen) ? : gcm_encrypt(req);
 }
 
 static int aead_encrypt(struct aead_request *req)
@@ -1682,10 +1679,7 @@ static int gcm_decrypt(struct aead_request *req)
 
 static int ipsec_gcm_decrypt(struct aead_request *req)
 {
-	if (req->assoclen < 8)
-		return -EINVAL;
-
-	return gcm_decrypt(req);
+	return check_ipsec_assoclen(req->assoclen) ? : gcm_decrypt(req);
 }
 
 static int aead_decrypt(struct aead_request *req)
diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c
index 5f9b14a..69cc657 100644
--- a/drivers/crypto/caam/caamalg_qi.c
+++ b/drivers/crypto/caam/caamalg_qi.c
@@ -1244,18 +1244,12 @@ static int aead_decrypt(struct aead_request *req)
 
 static int ipsec_gcm_encrypt(struct aead_request *req)
 {
-	if (req->assoclen < 8)
-		return -EINVAL;
-
-	return aead_crypt(req, true);
+	return check_ipsec_assoclen(req->assoclen) ? : aead_crypt(req, true);
 }
 
 static int ipsec_gcm_decrypt(struct aead_request *req)
 {
-	if (req->assoclen < 8)
-		return -EINVAL;
-
-	return aead_crypt(req, false);
+	return check_ipsec_assoclen(req->assoclen) ? : aead_crypt(req, false);
 }
 
 static void skcipher_done(struct caam_drv_req *drv_req, u32 status)
diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c
index 0b4de21..da3452b 100644
--- a/drivers/crypto/caam/caamalg_qi2.c
+++ b/drivers/crypto/caam/caamalg_qi2.c
@@ -1407,18 +1407,12 @@ static int aead_decrypt(struct aead_request *req)
 
 static int ipsec_gcm_encrypt(struct aead_request *req)
 {
-	if (req->assoclen < 8)
-		return -EINVAL;
-
-	return aead_encrypt(req);
+	return check_ipsec_assoclen(req->assoclen) ? : aead_encrypt(req);
 }
 
 static int ipsec_gcm_decrypt(struct aead_request *req)
 {
-	if (req->assoclen < 8)
-		return -EINVAL;
-
-	return aead_decrypt(req);
+	return check_ipsec_assoclen(req->assoclen) ? : aead_decrypt(req);
 }
 
 static void skcipher_encrypt_done(void *cbk_ctx, u32 status)
diff --git a/drivers/crypto/caam/common_if.c b/drivers/crypto/caam/common_if.c
index fcf47e6..1291d3d 100644
--- a/drivers/crypto/caam/common_if.c
+++ b/drivers/crypto/caam/common_if.c
@@ -66,6 +66,23 @@ int check_rfc4106_authsize(unsigned int authsize)
 }
 EXPORT_SYMBOL(check_rfc4106_authsize);
 
+/*
+ * validate assoclen for RFC4106/RFC4543
+ */
+int check_ipsec_assoclen(unsigned int assoclen)
+{
+	switch (assoclen) {
+	case 16:
+	case 20:
+		break;
+	default:
+		return -EINVAL;
+	}
+
+	return 0;
+}
+EXPORT_SYMBOL(check_ipsec_assoclen);
+
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("FSL CAAM drivers common location");
 MODULE_AUTHOR("NXP Semiconductors");
diff --git a/drivers/crypto/caam/common_if.h b/drivers/crypto/caam/common_if.h
index b17386a..61d5516 100644
--- a/drivers/crypto/caam/common_if.h
+++ b/drivers/crypto/caam/common_if.h
@@ -14,4 +14,6 @@ int check_gcm_authsize(unsigned int authsize);
 
 int check_rfc4106_authsize(unsigned int authsize);
 
+int check_ipsec_assoclen(unsigned int assoclen);
+
 #endif /* CAAM_COMMON_LOCATION_H */
-- 
2.1.0


  parent reply	other threads:[~2019-07-18 14:46 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-07-18 14:45 [PATCH 00/14] crypto: caam - fixes for kernel v5.3 Iuliana Prodan
2019-07-18 14:45 ` [PATCH 01/14] crypto: caam/qi - fix error handling in ERN handler Iuliana Prodan
2019-07-18 14:45 ` [PATCH 02/14] crypto: caam - fix return code in completion callbacks Iuliana Prodan
2019-07-18 14:45 ` [PATCH 03/14] crypto: caam - update IV only when crypto operation succeeds Iuliana Prodan
2019-07-18 14:59   ` Horia Geanta
2019-07-18 14:45 ` [PATCH 04/14] crypto: caam - check key length Iuliana Prodan
2019-07-18 14:45 ` [PATCH 05/14] crypto: caam - check authsize Iuliana Prodan
2019-07-18 14:45 ` Iuliana Prodan [this message]
2019-07-18 14:45 ` [PATCH 07/14] crypto: caam - check zero-length input Iuliana Prodan
2019-07-18 14:45 ` [PATCH 08/14] crypto: caam - update rfc4106 sh desc to support zero length input Iuliana Prodan
2019-07-18 14:45 ` [PATCH 09/14] crypto: caam - keep both virtual and dma key addresses Iuliana Prodan
2019-07-18 14:45 ` [PATCH 10/14] crypto: caam - fix DKP for certain key lengths Iuliana Prodan
2019-07-18 14:45 ` [PATCH 11/14] crypto: caam - free resources in case caam_rng registration failed Iuliana Prodan
2019-07-18 14:45 ` [PATCH 12/14] crypto: caam - execute module exit point only if necessary Iuliana Prodan
2019-07-18 14:45 ` [PATCH 13/14] crypto: caam - unregister algorithm only if the registration succeeded Iuliana Prodan
2019-07-18 14:45 ` [PATCH 14/14] crypto: caam - change return value in case CAAM has no MDHA Iuliana Prodan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1563461124-24641-7-git-send-email-iuliana.prodan@nxp.com \
    --to=iuliana.prodan@nxp.com \
    --cc=aymen.sghaier@nxp.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-imx@nxp.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).