crypto: ccp - Add support for valid authsize values less than 16

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

AES GCM encryption allows for authsize values of 4, 8, and 12-16 bytes.
Validate the requested authsize, and retain it to save in the request
context.

Fixes: 36cf515b9bbe2 ("crypto: ccp - Enable support for AES GCM on v5 CCPs")
Cc: <stable@vger.kernel.org>
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Gary R Hook and committed by

Herbert Xu 6 years ago 9f00baf7 25e44338

+37 -5

3 changed files

expand all

drivers

crypto

ccp

ccp-crypto-aes-galois.c

ccp-ops.c

include

linux

ccp.h

+14

drivers/crypto/ccp/ccp-crypto-aes-galois.c

··· 58 58 static int ccp_aes_gcm_setauthsize(struct crypto_aead *tfm, 59 59 unsigned int authsize) 60 60 { 61 + switch (authsize) { 62 + case 16: 63 + case 15: 64 + case 14: 65 + case 13: 66 + case 12: 67 + case 8: 68 + case 4: 69 + break; 70 + default: 71 + return -EINVAL; 72 + } 73 + 61 74 return 0; 62 75 } 63 76 ··· 117 104 memset(&rctx->cmd, 0, sizeof(rctx->cmd)); 118 105 INIT_LIST_HEAD(&rctx->cmd.entry); 119 106 rctx->cmd.engine = CCP_ENGINE_AES; 107 + rctx->cmd.u.aes.authsize = crypto_aead_authsize(tfm); 120 108 rctx->cmd.u.aes.type = ctx->u.aes.type; 121 109 rctx->cmd.u.aes.mode = ctx->u.aes.mode; 122 110 rctx->cmd.u.aes.action = encrypt;

+21 -5

drivers/crypto/ccp/ccp-ops.c

··· 622 622 623 623 unsigned long long *final; 624 624 unsigned int dm_offset; 625 + unsigned int authsize; 625 626 unsigned int jobid; 626 627 unsigned int ilen; 627 628 bool in_place = true; /* Default value */ ··· 644 643 if (!aes->key) /* Gotta have a key SGL */ 645 644 return -EINVAL; 646 645 646 + /* Zero defaults to 16 bytes, the maximum size */ 647 + authsize = aes->authsize ? aes->authsize : AES_BLOCK_SIZE; 648 + switch (authsize) { 649 + case 16: 650 + case 15: 651 + case 14: 652 + case 13: 653 + case 12: 654 + case 8: 655 + case 4: 656 + break; 657 + default: 658 + return -EINVAL; 659 + } 660 + 647 661 /* First, decompose the source buffer into AAD & PT, 648 662 * and the destination buffer into AAD, CT & tag, or 649 663 * the input into CT & tag. ··· 673 657 p_tag = scatterwalk_ffwd(sg_tag, p_outp, ilen); 674 658 } else { 675 659 /* Input length for decryption includes tag */ 676 - ilen = aes->src_len - AES_BLOCK_SIZE; 660 + ilen = aes->src_len - authsize; 677 661 p_tag = scatterwalk_ffwd(sg_tag, p_inp, ilen); 678 662 } 679 663 ··· 855 839 856 840 if (aes->action == CCP_AES_ACTION_ENCRYPT) { 857 841 /* Put the ciphered tag after the ciphertext. */ 858 - ccp_get_dm_area(&final_wa, 0, p_tag, 0, AES_BLOCK_SIZE); 842 + ccp_get_dm_area(&final_wa, 0, p_tag, 0, authsize); 859 843 } else { 860 844 /* Does this ciphered tag match the input? */ 861 - ret = ccp_init_dm_workarea(&tag, cmd_q, AES_BLOCK_SIZE, 845 + ret = ccp_init_dm_workarea(&tag, cmd_q, authsize, 862 846 DMA_BIDIRECTIONAL); 863 847 if (ret) 864 848 goto e_tag; 865 - ret = ccp_set_dm_area(&tag, 0, p_tag, 0, AES_BLOCK_SIZE); 849 + ret = ccp_set_dm_area(&tag, 0, p_tag, 0, authsize); 866 850 if (ret) 867 851 goto e_tag; 868 852 869 853 ret = crypto_memneq(tag.address, final_wa.address, 870 - AES_BLOCK_SIZE) ? -EBADMSG : 0; 854 + authsize) ? -EBADMSG : 0; 871 855 ccp_dm_free(&tag); 872 856 } 873 857

include/linux/ccp.h

··· 173 173 enum ccp_aes_mode mode; 174 174 enum ccp_aes_action action; 175 175 176 + u32 authsize; 177 + 176 178 struct scatterlist *key; 177 179 u32 key_len; /* In bytes */ 178 180