From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id AD2692B83 for ; Tue, 14 Aug 2018 10:45:17 +0200 (CEST) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga105.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 14 Aug 2018 01:45:16 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.53,237,1531810800"; d="scan'208";a="224482032" Received: from silpixa00399466.ir.intel.com (HELO silpixa00399466.ger.corp.intel.com) ([10.237.223.220]) by orsmga004.jf.intel.com with ESMTP; 14 Aug 2018 01:45:15 -0700 From: Pablo de Lara To: declan.doherty@intel.com Cc: dev@dpdk.org, Pablo de Lara Date: Tue, 14 Aug 2018 01:38:45 +0100 Message-Id: <20180814003848.11095-3-pablo.de.lara.guarch@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180814003848.11095-1-pablo.de.lara.guarch@intel.com> References: <20180814003848.11095-1-pablo.de.lara.guarch@intel.com> Subject: [dpdk-dev] [PATCH 2/5] crypto/aesni_mb: check for invalid digest size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Aug 2018 08:45:18 -0000 When creating a crypto session, check if ther requested digest size is supported for AES-XCBC-MAC and AES-CCM. Signed-off-by: Pablo de Lara --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 6fbfab8b8..54dcf7787 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -14,6 +14,9 @@ #include "rte_aesni_mb_pmd_private.h" +#define AES_CCM_DIGEST_MIN_LEN 4 +#define AES_CCM_DIGEST_MAX_LEN 16 + static uint8_t cryptodev_driver_id; typedef void (*hash_one_block_t)(const void *data, void *digest); @@ -122,6 +125,12 @@ aesni_mb_set_session_auth_parameters(const struct aesni_mb_op_fns *mb_ops, if (xform->auth.algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) { sess->auth.algo = AES_XCBC; + uint16_t xcbc_mac_digest_len = + get_truncated_digest_byte_length(AES_XCBC); + if (sess->auth.req_digest_len != xcbc_mac_digest_len) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } sess->auth.gen_digest_len = sess->auth.req_digest_len; (*mb_ops->aux.keyexp.aes_xcbc)(xform->auth.key.data, sess->auth.xcbc.k1_expanded, @@ -387,6 +396,13 @@ aesni_mb_set_session_aead_parameters(const struct aesni_mb_op_fns *mb_ops, sess->iv.length = xform->aead.iv.length; sess->auth.req_digest_len = xform->aead.digest_length; + /* CCM digests must be between 4 and 16 and an even number */ + if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN || + sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN || + (sess->auth.req_digest_len & 1) == 1) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } sess->auth.gen_digest_len = sess->auth.req_digest_len; /* Check key length and choose key expansion function for AES */ -- 2.17.1