diff mbox series

[2/3] crypto/aesni_mb: fix GCM digest size check

Message ID 20201006105913.3801726-2-pablo.de.lara.guarch@intel.com (mailing list archive)
State Superseded, archived
Delegated to: akhil goyal
Headers
Series [1/3] crypto/aesni_mb: fix CCM digest size check |

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

De Lara Guarch, Pablo Oct. 6, 2020, 10:59 a.m. UTC 
  GCM digest sizes should be between 1 and 16 bytes.

Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |  4 ++--
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    | 22 +++++++++----------
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  8 +++----
 3 files changed, 16 insertions(+), 18 deletions(-)
diff mbox series

Patch

diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index e0c7b4f7c..8c5acfc51 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -80,7 +80,7 @@  static const unsigned auth_truncated_digest_byte_lengths[] = {
 		[AES_CMAC]	= 12,
 		[AES_CCM]	= 8,
 		[NULL_HASH]	= 0,
-		[AES_GMAC]	= 16,
+		[AES_GMAC]	= 12,
 		[PLAIN_SHA1]	= 20,
 		[PLAIN_SHA_224]	= 28,
 		[PLAIN_SHA_256]	= 32,
@@ -111,7 +111,7 @@  static const unsigned auth_digest_byte_lengths[] = {
 		[AES_XCBC]	= 16,
 		[AES_CMAC]	= 16,
 		[AES_CCM]	= 16,
-		[AES_GMAC]	= 12,
+		[AES_GMAC]	= 16,
 		[NULL_HASH]	= 0,
 		[PLAIN_SHA1]	= 20,
 		[PLAIN_SHA_224]	= 28,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 784278719..fa364530e 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -209,19 +209,11 @@  aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			sess->cipher.direction = DECRYPT;
 
 		sess->auth.algo = AES_GMAC;
-		/*
-		 * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
-		 * If size requested is different, generate the full digest
-		 * (16 bytes) in a temporary location and then memcpy
-		 * the requested number of bytes.
-		 */
-		if (sess->auth.req_digest_len != 16 &&
-				sess->auth.req_digest_len != 12 &&
-				sess->auth.req_digest_len != 8) {
-			sess->auth.gen_digest_len = 16;
-		} else {
-			sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
 		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
 		sess->iv.length = xform->auth.iv.length;
 		sess->iv.offset = xform->auth.iv.offset;
 
@@ -624,6 +616,12 @@  aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		/* GCM digest size must be between 1 and 16 */
+		if (sess->auth.req_digest_len == 0 ||
+				sess->auth.req_digest_len > 16) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
 		break;
 
 	default:
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 2362f0c3c..3e4282954 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -455,9 +455,9 @@  static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.aad_size = {
 					.min = 0,
@@ -485,9 +485,9 @@  static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.iv_size = {
 					.min = 12,