crypto: caam - check key length
Check key length to solve the extra tests that expect -EINVAL to be returned when the key size is not valid. Validated AES keylen for skcipher, ahash and aead. Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geanta <horia.geanta@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Iuliana Prodan
committed by
Herbert Xu
Herbert Xu
parent
1ccb39eb5a
commit
836d8f43c5
@@ -667,6 +667,13 @@ static int gcm_setkey(struct crypto_aead *aead,
|
||||
{
|
||||
struct caam_ctx *ctx = crypto_aead_ctx(aead);
|
||||
struct device *jrdev = ctx->jrdev;
|
||||
int err;
|
||||
|
||||
err = aes_check_keylen(keylen);
|
||||
if (err) {
|
||||
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
return err;
|
||||
}
|
||||
|
||||
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
|
||||
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
|
||||
@@ -683,9 +690,13 @@ static int rfc4106_setkey(struct crypto_aead *aead,
|
||||
{
|
||||
struct caam_ctx *ctx = crypto_aead_ctx(aead);
|
||||
struct device *jrdev = ctx->jrdev;
|
||||
int err;
|
||||
|
||||
if (keylen < 4)
|
||||
return -EINVAL;
|
||||
err = aes_check_keylen(keylen - 4);
|
||||
if (err) {
|
||||
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
return err;
|
||||
}
|
||||
|
||||
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
|
||||
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
|
||||
@@ -707,9 +718,13 @@ static int rfc4543_setkey(struct crypto_aead *aead,
|
||||
{
|
||||
struct caam_ctx *ctx = crypto_aead_ctx(aead);
|
||||
struct device *jrdev = ctx->jrdev;
|
||||
int err;
|
||||
|
||||
if (keylen < 4)
|
||||
return -EINVAL;
|
||||
err = aes_check_keylen(keylen - 4);
|
||||
if (err) {
|
||||
crypto_aead_set_flags(aead, CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
return err;
|
||||
}
|
||||
|
||||
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
|
||||
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
|
||||
@@ -727,7 +742,7 @@ static int rfc4543_setkey(struct crypto_aead *aead,
|
||||
}
|
||||
|
||||
static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
unsigned int keylen)
|
||||
unsigned int keylen, const u32 ctx1_iv_off)
|
||||
{
|
||||
struct caam_ctx *ctx = crypto_skcipher_ctx(skcipher);
|
||||
struct caam_skcipher_alg *alg =
|
||||
@@ -736,30 +751,10 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
struct device *jrdev = ctx->jrdev;
|
||||
unsigned int ivsize = crypto_skcipher_ivsize(skcipher);
|
||||
u32 *desc;
|
||||
u32 ctx1_iv_off = 0;
|
||||
const bool ctr_mode = ((ctx->cdata.algtype & OP_ALG_AAI_MASK) ==
|
||||
OP_ALG_AAI_CTR_MOD128);
|
||||
const bool is_rfc3686 = alg->caam.rfc3686;
|
||||
|
||||
print_hex_dump_debug("key in @"__stringify(__LINE__)": ",
|
||||
DUMP_PREFIX_ADDRESS, 16, 4, key, keylen, 1);
|
||||
/*
|
||||
* AES-CTR needs to load IV in CONTEXT1 reg
|
||||
* at an offset of 128bits (16bytes)
|
||||
* CONTEXT1[255:128] = IV
|
||||
*/
|
||||
if (ctr_mode)
|
||||
ctx1_iv_off = 16;
|
||||
|
||||
/*
|
||||
* RFC3686 specific:
|
||||
* | CONTEXT1[255:128] = {NONCE, IV, COUNTER}
|
||||
* | *key = {KEY, NONCE}
|
||||
*/
|
||||
if (is_rfc3686) {
|
||||
ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
|
||||
keylen -= CTR_RFC3686_NONCE_SIZE;
|
||||
}
|
||||
|
||||
ctx->cdata.keylen = keylen;
|
||||
ctx->cdata.key_virt = key;
|
||||
@@ -782,6 +777,74 @@ static int skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int aes_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
int err;
|
||||
|
||||
err = aes_check_keylen(keylen);
|
||||
if (err) {
|
||||
crypto_skcipher_set_flags(skcipher,
|
||||
CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
return err;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int rfc3686_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
u32 ctx1_iv_off;
|
||||
int err;
|
||||
|
||||
/*
|
||||
* RFC3686 specific:
|
||||
* | CONTEXT1[255:128] = {NONCE, IV, COUNTER}
|
||||
* | *key = {KEY, NONCE}
|
||||
*/
|
||||
ctx1_iv_off = 16 + CTR_RFC3686_NONCE_SIZE;
|
||||
keylen -= CTR_RFC3686_NONCE_SIZE;
|
||||
|
||||
err = aes_check_keylen(keylen);
|
||||
if (err) {
|
||||
crypto_skcipher_set_flags(skcipher,
|
||||
CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
return err;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
|
||||
}
|
||||
|
||||
static int ctr_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
u32 ctx1_iv_off;
|
||||
int err;
|
||||
|
||||
/*
|
||||
* AES-CTR needs to load IV in CONTEXT1 reg
|
||||
* at an offset of 128bits (16bytes)
|
||||
* CONTEXT1[255:128] = IV
|
||||
*/
|
||||
ctx1_iv_off = 16;
|
||||
|
||||
err = aes_check_keylen(keylen);
|
||||
if (err) {
|
||||
crypto_skcipher_set_flags(skcipher,
|
||||
CRYPTO_TFM_RES_BAD_KEY_LEN);
|
||||
return err;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen, ctx1_iv_off);
|
||||
}
|
||||
|
||||
static int arc4_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
return skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
const u8 *key, unsigned int keylen)
|
||||
{
|
||||
@@ -800,7 +863,7 @@ static int des_skcipher_setkey(struct crypto_skcipher *skcipher,
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return skcipher_setkey(skcipher, key, keylen);
|
||||
return skcipher_setkey(skcipher, key, keylen, 0);
|
||||
}
|
||||
|
||||
static int xts_skcipher_setkey(struct crypto_skcipher *skcipher, const u8 *key,
|
||||
@@ -1880,7 +1943,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
||||
.cra_driver_name = "cbc-aes-caam",
|
||||
.cra_blocksize = AES_BLOCK_SIZE,
|
||||
},
|
||||
.setkey = skcipher_setkey,
|
||||
.setkey = aes_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = AES_MIN_KEY_SIZE,
|
||||
@@ -1928,7 +1991,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
||||
.cra_driver_name = "ctr-aes-caam",
|
||||
.cra_blocksize = 1,
|
||||
},
|
||||
.setkey = skcipher_setkey,
|
||||
.setkey = ctr_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = AES_MIN_KEY_SIZE,
|
||||
@@ -1946,7 +2009,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
||||
.cra_driver_name = "rfc3686-ctr-aes-caam",
|
||||
.cra_blocksize = 1,
|
||||
},
|
||||
.setkey = skcipher_setkey,
|
||||
.setkey = rfc3686_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = AES_MIN_KEY_SIZE +
|
||||
@@ -2000,7 +2063,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
||||
.cra_driver_name = "ecb-aes-caam",
|
||||
.cra_blocksize = AES_BLOCK_SIZE,
|
||||
},
|
||||
.setkey = skcipher_setkey,
|
||||
.setkey = aes_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = AES_MIN_KEY_SIZE,
|
||||
@@ -2030,7 +2093,7 @@ static struct caam_skcipher_alg driver_algs[] = {
|
||||
.cra_driver_name = "ecb-arc4-caam",
|
||||
.cra_blocksize = ARC4_BLOCK_SIZE,
|
||||
},
|
||||
.setkey = skcipher_setkey,
|
||||
.setkey = arc4_skcipher_setkey,
|
||||
.encrypt = skcipher_encrypt,
|
||||
.decrypt = skcipher_decrypt,
|
||||
.min_keysize = ARC4_MIN_KEY_SIZE,
|
||||
|
||||
Reference in New Issue
Block a user