From: Wenkai Lin linwenkai6@hisilicon.com
First, move the algorithm check to the right level, then we modified the alignment to 4 bytes from 16 bytes according to the hardware specification.
Signed-off-by: Wenkai Lin linwenkai6@hisilicon.com --- v1/drv/hisi_sec_udrv.c | 18 ++---------------- v1/wd_aead.c | 27 ++++++++++++++++++++++++--- 2 files changed, 26 insertions(+), 19 deletions(-)
diff --git a/v1/drv/hisi_sec_udrv.c b/v1/drv/hisi_sec_udrv.c index b8ba55b4..f1be25fb 100644 --- a/v1/drv/hisi_sec_udrv.c +++ b/v1/drv/hisi_sec_udrv.c @@ -2732,26 +2732,13 @@ static int aead_comb_param_check(struct wcrypto_aead_msg *msg) }
if (msg->cmode == WCRYPTO_CIPHER_CCM) { - if (unlikely(msg->auth_bytes < WORD_BYTES || - msg->auth_bytes > AES_BLOCK_SIZE || - msg->auth_bytes % (WORD_BYTES >> 1))) { - WD_ERR("Invalid aead ccm mode auth_bytes!\n"); - return -WD_EINVAL; - } if (unlikely(msg->assoc_bytes > MAX_CCM_AAD_LEN)) { WD_ERR("aead ccm mode aasoc_bytes is too long!\n"); return -WD_EINVAL; } return WD_SUCCESS; - } - if (msg->cmode == WCRYPTO_CIPHER_GCM) { - if (unlikely(msg->auth_bytes < U64_DATA_BYTES || - msg->auth_bytes > AES_BLOCK_SIZE)) { - WD_ERR("Invalid aead gcm mode auth_bytes!\n"); - return -WD_EINVAL; - } + } else if (msg->cmode == WCRYPTO_CIPHER_GCM) return WD_SUCCESS; - }
/* CCM/GCM support 0 in_bytes, but others not support */ if (unlikely(msg->in_bytes == 0)) { @@ -2759,8 +2746,7 @@ static int aead_comb_param_check(struct wcrypto_aead_msg *msg) return -WD_EINVAL; }
- if (unlikely(msg->auth_bytes != AES_BLOCK_SIZE && - msg->auth_bytes != AES_BLOCK_SIZE << 1)) { + if (unlikely(msg->auth_bytes & WORD_ALIGNMENT_MASK)) { WD_ERR("Invalid aead auth_bytes!\n"); return -WD_EINVAL; } diff --git a/v1/wd_aead.c b/v1/wd_aead.c index 87bd6acb..2b98547f 100644 --- a/v1/wd_aead.c +++ b/v1/wd_aead.c @@ -28,6 +28,8 @@
#define MAX_AEAD_AUTH_SIZE 64 #define MAX_AEAD_RETRY_CNT 20000000 +#define AEAD_CCM_GCM_MIN 4U +#define AEAD_CCM_GCM_MAX 16
static int g_aead_mac_len[WCRYPTO_MAX_DIGEST_TYPE] = { WCRYPTO_SM3_LEN, WCRYPTO_MD5_LEN, WCRYPTO_SHA1_LEN, @@ -283,9 +285,28 @@ int wcrypto_aead_setauthsize(void *ctx, __u16 authsize) return -WD_EINVAL; }
- if (authsize > MAX_AEAD_AUTH_SIZE) { - WD_ERR("fail to check authsize!\n"); - return -WD_EINVAL; + if (ctxt->setup.cmode == WCRYPTO_CIPHER_CCM) { + if (authsize < AEAD_CCM_GCM_MIN || + authsize > AEAD_CCM_GCM_MAX || + authsize % (AEAD_CCM_GCM_MIN >> 1)) { + WD_ERR("failed to check aead CCM authsize, size = %u\n", + authsize); + return -WD_EINVAL; + } + } else if (ctxt->setup.cmode == WCRYPTO_CIPHER_GCM) { + if (authsize < AEAD_CCM_GCM_MIN << 1 || + authsize > AEAD_CCM_GCM_MAX) { + WD_ERR("failed to check aead GCM authsize, size = %u\n", + authsize); + return -WD_EINVAL; + } + } else { + if (ctxt->setup.dalg >= WCRYPTO_MAX_DIGEST_TYPE || !authsize || + authsize > g_aead_mac_len[ctxt->setup.dalg]) { + WD_ERR("failed to check aead mac authsize, size = %u\n", + authsize); + return -WD_EINVAL; + } }
ctxt->auth_size = authsize;