On Wed, Dec 20, 2023 at 08:43:43PM +0530, Nikunj A Dadhania wrote:
> @@ -307,11 +197,16 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
> * If the message size is greater than our buffer length then return
> * an error.
> */
> - if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz))
> + if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz))
> return -EBADMSG;
>
> /* Decrypt the payload */
> - return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len);
> + memcpy(iv, &resp_hdr->msg_seqno, sizeof(resp_hdr->msg_seqno));
sizeof(iv) != sizeof(resp_hdr->msg_seqno) and it fits now.
However, for protection against future bugs, this should be:
memcpy(iv, &resp_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_hdr->msg_seqno)));
> + if (!aesgcm_decrypt(ctx, payload, resp->payload, resp_hdr->msg_sz,
> + &resp_hdr->algo, AAD_LEN, iv, resp_hdr->authtag))
> + return -EBADMSG;
> +
> + return 0;
> }
>
> static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
> @@ -319,6 +214,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8
> {
> struct snp_guest_msg *req = &snp_dev->secret_request;
> struct snp_guest_msg_hdr *hdr = &req->hdr;
> + struct aesgcm_ctx *ctx = snp_dev->ctx;
> + u8 iv[GCM_AES_IV_SIZE] = {};
>
> memset(req, 0, sizeof(*req));
>
> @@ -338,7 +235,14 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8
> dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
> hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
>
> - return __enc_payload(snp_dev, req, payload, sz);
> + if (WARN_ON((sz + ctx->authsize) > sizeof(req->payload)))
> + return -EBADMSG;
> +
> + memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno));
Ditto.
> + aesgcm_encrypt(ctx, req->payload, payload, sz, &hdr->algo, AAD_LEN,
> + iv, hdr->authtag);
> +
> + return 0;
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
