Check authsize to solve the extra tests that expect -EINVAL to be returned when the authentication tag size is not valid. Validated authsize for GCM, RFC4106 and RFC4543. Signed-off-by: Iuliana Prodan <iuliana.prodan@xxxxxxx> --- drivers/crypto/caam/caamalg.c | 13 +++++++++++++ drivers/crypto/caam/caamalg_qi.c | 14 ++++++++++++++ drivers/crypto/caam/caamalg_qi2.c | 14 ++++++++++++++ drivers/crypto/caam/common_if.c | 40 +++++++++++++++++++++++++++++++++++++++ drivers/crypto/caam/common_if.h | 4 ++++ 5 files changed, 85 insertions(+) diff --git a/drivers/crypto/caam/caamalg.c b/drivers/crypto/caam/caamalg.c index 6ac59b1..6682e67 100644 --- a/drivers/crypto/caam/caamalg.c +++ b/drivers/crypto/caam/caamalg.c @@ -377,6 +377,11 @@ static int gcm_set_sh_desc(struct crypto_aead *aead) static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize) { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + int err; + + err = check_gcm_authsize(authsize); + if (err) + return err; ctx->authsize = authsize; gcm_set_sh_desc(authenc); @@ -440,6 +445,11 @@ static int rfc4106_setauthsize(struct crypto_aead *authenc, unsigned int authsize) { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + int err; + + err = check_rfc4106_authsize(authsize); + if (err) + return err; ctx->authsize = authsize; rfc4106_set_sh_desc(authenc); @@ -504,6 +514,9 @@ static int rfc4543_setauthsize(struct crypto_aead *authenc, { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + if (authsize != 16) + return -EINVAL; + ctx->authsize = authsize; rfc4543_set_sh_desc(authenc); diff --git a/drivers/crypto/caam/caamalg_qi.c b/drivers/crypto/caam/caamalg_qi.c index 46097e3..5f9b14a 100644 --- a/drivers/crypto/caam/caamalg_qi.c +++ b/drivers/crypto/caam/caamalg_qi.c @@ -18,6 +18,7 @@ #include "qi.h" #include "jr.h" #include "caamalg_desc.h" +#include "common_if.h" /* * crypto alg @@ -371,6 +372,11 @@ static int gcm_set_sh_desc(struct crypto_aead *aead) static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize) { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + int err; + + err = check_gcm_authsize(authsize); + if (err) + return err; ctx->authsize = authsize; gcm_set_sh_desc(authenc); @@ -472,6 +478,11 @@ static int rfc4106_setauthsize(struct crypto_aead *authenc, unsigned int authsize) { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + int err; + + err = check_rfc4106_authsize(authsize); + if (err) + return err; ctx->authsize = authsize; rfc4106_set_sh_desc(authenc); @@ -581,6 +592,9 @@ static int rfc4543_setauthsize(struct crypto_aead *authenc, { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + if (authsize != 16) + return -EINVAL; + ctx->authsize = authsize; rfc4543_set_sh_desc(authenc); diff --git a/drivers/crypto/caam/caamalg_qi2.c b/drivers/crypto/caam/caamalg_qi2.c index da4abf1..0b4de21 100644 --- a/drivers/crypto/caam/caamalg_qi2.c +++ b/drivers/crypto/caam/caamalg_qi2.c @@ -10,6 +10,7 @@ #include "dpseci_cmd.h" #include "desc_constr.h" #include "error.h" +#include "common_if.h" #include "sg_sw_sec4.h" #include "sg_sw_qm2.h" #include "key_gen.h" @@ -719,6 +720,11 @@ static int gcm_set_sh_desc(struct crypto_aead *aead) static int gcm_setauthsize(struct crypto_aead *authenc, unsigned int authsize) { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + int err; + + err = check_gcm_authsize(authsize); + if (err) + return err; ctx->authsize = authsize; gcm_set_sh_desc(authenc); @@ -811,6 +817,11 @@ static int rfc4106_setauthsize(struct crypto_aead *authenc, unsigned int authsize) { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + int err; + + err = check_rfc4106_authsize(authsize); + if (err) + return err; ctx->authsize = authsize; rfc4106_set_sh_desc(authenc); @@ -913,6 +924,9 @@ static int rfc4543_setauthsize(struct crypto_aead *authenc, { struct caam_ctx *ctx = crypto_aead_ctx(authenc); + if (authsize != 16) + return -EINVAL; + ctx->authsize = authsize; rfc4543_set_sh_desc(authenc); diff --git a/drivers/crypto/caam/common_if.c b/drivers/crypto/caam/common_if.c index 859d4b4..fcf47e6 100644 --- a/drivers/crypto/caam/common_if.c +++ b/drivers/crypto/caam/common_if.c @@ -26,6 +26,46 @@ int check_aes_keylen(unsigned int keylen) } EXPORT_SYMBOL(check_aes_keylen); +/* + * validate authentication tag for GCM + */ +int check_gcm_authsize(unsigned int authsize) +{ + switch (authsize) { + case 4: + case 8: + case 12: + case 13: + case 14: + case 15: + case 16: + break; + default: + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(check_gcm_authsize); + +/* + * validate authentication tag for RFC4106 + */ +int check_rfc4106_authsize(unsigned int authsize) +{ + switch (authsize) { + case 8: + case 12: + case 16: + break; + default: + return -EINVAL; + } + + return 0; +} +EXPORT_SYMBOL(check_rfc4106_authsize); + MODULE_LICENSE("GPL"); MODULE_DESCRIPTION("FSL CAAM drivers common location"); MODULE_AUTHOR("NXP Semiconductors"); diff --git a/drivers/crypto/caam/common_if.h b/drivers/crypto/caam/common_if.h index 6964ba3..b17386a 100644 --- a/drivers/crypto/caam/common_if.h +++ b/drivers/crypto/caam/common_if.h @@ -10,4 +10,8 @@ int check_aes_keylen(unsigned int keylen); +int check_gcm_authsize(unsigned int authsize); + +int check_rfc4106_authsize(unsigned int authsize); + #endif /* CAAM_COMMON_LOCATION_H */ -- 2.1.0