* [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check @ 2020-10-06 10:59 Pablo de Lara 2020-10-06 10:59 ` [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara 2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara 0 siblings, 2 replies; 4+ messages in thread From: Pablo de Lara @ 2020-10-06 10:59 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara, stable Digest size for CCM was being checked for other algorithms apart from CCM. Fixes: c4c0c312a823 ("crypto/aesni_mb: check for invalid digest size") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 29 +++++++++++----------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 1bddbcf74..784278719 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -564,6 +564,14 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* Set IV parameters */ + sess->iv.offset = xform->aead.iv.offset; + sess->iv.length = xform->aead.iv.length; + + /* Set digest sizes */ + sess->auth.req_digest_len = xform->aead.digest_length; + sess->auth.gen_digest_len = sess->auth.req_digest_len; + switch (xform->aead.algo) { case RTE_CRYPTO_AEAD_AES_CCM: sess->cipher.mode = CCM; @@ -582,6 +590,13 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* CCM digests must be between 4 and 16 and an even number */ + if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN || + sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN || + (sess->auth.req_digest_len & 1) == 1) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } break; case RTE_CRYPTO_AEAD_AES_GCM: @@ -616,20 +631,6 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -ENOTSUP; } - /* Set IV parameters */ - sess->iv.offset = xform->aead.iv.offset; - sess->iv.length = xform->aead.iv.length; - - sess->auth.req_digest_len = xform->aead.digest_length; - /* CCM digests must be between 4 and 16 and an even number */ - if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN || - sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN || - (sess->auth.req_digest_len & 1) == 1) { - AESNI_MB_LOG(ERR, "Invalid digest size\n"); - return -EINVAL; - } - sess->auth.gen_digest_len = sess->auth.req_digest_len; - return 0; } -- 2.25.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM digest size check 2020-10-06 10:59 [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check Pablo de Lara @ 2020-10-06 10:59 ` Pablo de Lara 2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara 1 sibling, 0 replies; 4+ messages in thread From: Pablo de Lara @ 2020-10-06 10:59 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara, stable GCM digest sizes should be between 1 and 16 bytes. Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- .../crypto/aesni_mb/aesni_mb_pmd_private.h | 4 ++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 22 +++++++++---------- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 8 +++---- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index e0c7b4f7c..8c5acfc51 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -80,7 +80,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [AES_CMAC] = 12, [AES_CCM] = 8, [NULL_HASH] = 0, - [AES_GMAC] = 16, + [AES_GMAC] = 12, [PLAIN_SHA1] = 20, [PLAIN_SHA_224] = 28, [PLAIN_SHA_256] = 32, @@ -111,7 +111,7 @@ static const unsigned auth_digest_byte_lengths[] = { [AES_XCBC] = 16, [AES_CMAC] = 16, [AES_CCM] = 16, - [AES_GMAC] = 12, + [AES_GMAC] = 16, [NULL_HASH] = 0, [PLAIN_SHA1] = 20, [PLAIN_SHA_224] = 28, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 784278719..fa364530e 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -209,19 +209,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, sess->cipher.direction = DECRYPT; sess->auth.algo = AES_GMAC; - /* - * Multi-buffer lib supports 8, 12 and 16 bytes of digest. - * If size requested is different, generate the full digest - * (16 bytes) in a temporary location and then memcpy - * the requested number of bytes. - */ - if (sess->auth.req_digest_len != 16 && - sess->auth.req_digest_len != 12 && - sess->auth.req_digest_len != 8) { - sess->auth.gen_digest_len = 16; - } else { - sess->auth.gen_digest_len = sess->auth.req_digest_len; + if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; } + sess->auth.gen_digest_len = sess->auth.req_digest_len; sess->iv.length = xform->auth.iv.length; sess->iv.offset = xform->auth.iv.offset; @@ -624,6 +616,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* GCM digest size must be between 1 and 16 */ + if (sess->auth.req_digest_len == 0 || + sess->auth.req_digest_len > 16) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } break; default: diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 2362f0c3c..3e4282954 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { .increment = 8 }, .digest_size = { - .min = 8, + .min = 1, .max = 16, - .increment = 4 + .increment = 1 }, .aad_size = { .min = 0, @@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { .increment = 8 }, .digest_size = { - .min = 8, + .min = 1, .max = 16, - .increment = 4 + .increment = 1 }, .iv_size = { .min = 12, -- 2.25.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM digest size check 2020-10-06 10:59 [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check Pablo de Lara 2020-10-06 10:59 ` [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara @ 2020-10-09 12:05 ` Pablo de Lara 2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara 1 sibling, 1 reply; 4+ messages in thread From: Pablo de Lara @ 2020-10-09 12:05 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara, stable Digest size for CCM was being checked for other algorithms apart from CCM. Fixes: c4c0c312a823 ("crypto/aesni_mb: check for invalid digest size") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- Changes: This patchset depends on series http://patches.dpdk.org/project/dpdk/list/?series=12820. -v2 : rebased on top of crypto subtree --- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 29 +++++++++++----------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index 34a39ca99..ba2882d27 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -661,6 +661,14 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* Set IV parameters */ + sess->iv.offset = xform->aead.iv.offset; + sess->iv.length = xform->aead.iv.length; + + /* Set digest sizes */ + sess->auth.req_digest_len = xform->aead.digest_length; + sess->auth.gen_digest_len = sess->auth.req_digest_len; + switch (xform->aead.algo) { case RTE_CRYPTO_AEAD_AES_CCM: sess->cipher.mode = CCM; @@ -679,6 +687,13 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* CCM digests must be between 4 and 16 and an even number */ + if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN || + sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN || + (sess->auth.req_digest_len & 1) == 1) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } break; case RTE_CRYPTO_AEAD_AES_GCM: @@ -713,20 +728,6 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -ENOTSUP; } - /* Set IV parameters */ - sess->iv.offset = xform->aead.iv.offset; - sess->iv.length = xform->aead.iv.length; - - sess->auth.req_digest_len = xform->aead.digest_length; - /* CCM digests must be between 4 and 16 and an even number */ - if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN || - sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN || - (sess->auth.req_digest_len & 1) == 1) { - AESNI_MB_LOG(ERR, "Invalid digest size\n"); - return -EINVAL; - } - sess->auth.gen_digest_len = sess->auth.req_digest_len; - return 0; } -- 2.25.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
* [dpdk-stable] [PATCH v2 2/3] crypto/aesni_mb: fix GCM digest size check 2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara @ 2020-10-09 12:05 ` Pablo de Lara 0 siblings, 0 replies; 4+ messages in thread From: Pablo de Lara @ 2020-10-09 12:05 UTC (permalink / raw) To: declan.doherty; +Cc: dev, Pablo de Lara, stable GCM digest sizes should be between 1 and 16 bytes. Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only") Cc: stable@dpdk.org Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> --- Changes: This patchset depends on series http://patches.dpdk.org/project/dpdk/list/?series=12820. -v2 : rebased on top of crypto subtree --- .../crypto/aesni_mb/aesni_mb_pmd_private.h | 4 ++-- drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 22 +++++++++---------- .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c | 8 +++---- 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h index 9693bf985..7481e1d5e 100644 --- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h +++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h @@ -85,7 +85,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = { [AES_CMAC] = 12, [AES_CCM] = 8, [NULL_HASH] = 0, - [AES_GMAC] = 16, + [AES_GMAC] = 12, [PLAIN_SHA1] = 20, [PLAIN_SHA_224] = 28, [PLAIN_SHA_256] = 32, @@ -121,7 +121,7 @@ static const unsigned auth_digest_byte_lengths[] = { [AES_XCBC] = 16, [AES_CMAC] = 16, [AES_CCM] = 16, - [AES_GMAC] = 12, + [AES_GMAC] = 16, [NULL_HASH] = 0, [PLAIN_SHA1] = 20, [PLAIN_SHA_224] = 28, diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c index ba2882d27..7dbe40e02 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c @@ -213,19 +213,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr, sess->cipher.direction = DECRYPT; sess->auth.algo = AES_GMAC; - /* - * Multi-buffer lib supports 8, 12 and 16 bytes of digest. - * If size requested is different, generate the full digest - * (16 bytes) in a temporary location and then memcpy - * the requested number of bytes. - */ - if (sess->auth.req_digest_len != 16 && - sess->auth.req_digest_len != 12 && - sess->auth.req_digest_len != 8) { - sess->auth.gen_digest_len = 16; - } else { - sess->auth.gen_digest_len = sess->auth.req_digest_len; + if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; } + sess->auth.gen_digest_len = sess->auth.req_digest_len; sess->iv.length = xform->auth.iv.length; sess->iv.offset = xform->auth.iv.offset; @@ -721,6 +713,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr, return -EINVAL; } + /* GCM digest size must be between 1 and 16 */ + if (sess->auth.req_digest_len == 0 || + sess->auth.req_digest_len > 16) { + AESNI_MB_LOG(ERR, "Invalid digest size\n"); + return -EINVAL; + } break; default: diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c index 0f74be126..dc2238191 100644 --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c @@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { .increment = 8 }, .digest_size = { - .min = 8, + .min = 1, .max = 16, - .increment = 4 + .increment = 1 }, .aad_size = { .min = 0, @@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = { .increment = 8 }, .digest_size = { - .min = 8, + .min = 1, .max = 16, - .increment = 4 + .increment = 1 }, .iv_size = { .min = 12, -- 2.25.1 ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-10-09 12:05 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-10-06 10:59 [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check Pablo de Lara 2020-10-06 10:59 ` [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara 2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara 2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).