crypto: cavium/nitrox - check assoclen and authsize for gcm(aes) cipher

Check if device supports assoclen to solve hung task timeout error when
extra tests are enabled. Return -EINVAL if assoclen is not supported.
Check authsize to return -EINVAL if authentication tag size is invalid.
Change blocksize to 1 to match with generic implementation.

Signed-off-by: Nagadheeraj Rottela <rnagadheeraj@marvell.com>
Reported-by: Mallesham Jatharakonda <mallesham.jatharakonda@oneconvergence.com>
Suggested-by: Mallesham Jatharakonda <mallesham.jatharakonda@oneconvergence.com>
Reviewed-by: Srikanth Jampala <jsrikanth@marvell.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/drivers/crypto/cavium/nitrox/nitrox_aead.c b/drivers/crypto/cavium/nitrox/nitrox_aead.c
index e4841eb2a09ff8bae5ffafa3ffcc66aebab4694f..6f80cc3b5c84b3726758de786ced9b2446dea2e3 100644 (file)
--- a/drivers/crypto/cavium/nitrox/nitrox_aead.c
+++ b/drivers/crypto/cavium/nitrox/nitrox_aead.c
@@ -74,6 +74,25 @@ static int nitrox_aead_setauthsize(struct crypto_aead *aead,
        return 0;
 }
 
+static int nitrox_aes_gcm_setauthsize(struct crypto_aead *aead,
+                                     unsigned int authsize)
+{
+       switch (authsize) {
+       case 4:
+       case 8:
+       case 12:
+       case 13:
+       case 14:
+       case 15:
+       case 16:
+               break;
+       default:
+               return -EINVAL;
+       }
+
+       return nitrox_aead_setauthsize(aead, authsize);
+}
+
 static int alloc_src_sglist(struct nitrox_kcrypt_request *nkreq,
                            struct scatterlist *src, char *iv, int ivsize,
                            int buflen)
@@ -186,6 +205,14 @@ static void nitrox_aead_callback(void *arg, int err)
        areq->base.complete(&areq->base, err);
 }
 
+static inline bool nitrox_aes_gcm_assoclen_supported(unsigned int assoclen)
+{
+       if (assoclen <= 512)
+               return true;
+
+       return false;
+}
+
 static int nitrox_aes_gcm_enc(struct aead_request *areq)
 {
        struct crypto_aead *aead = crypto_aead_reqtfm(areq);
@@ -195,6 +222,9 @@ static int nitrox_aes_gcm_enc(struct aead_request *areq)
        struct flexi_crypto_context *fctx = nctx->u.fctx;
        int ret;
 
+       if (!nitrox_aes_gcm_assoclen_supported(areq->assoclen))
+               return -EINVAL;
+
        memcpy(fctx->crypto.iv, areq->iv, GCM_AES_SALT_SIZE);
 
        rctx->cryptlen = areq->cryptlen;
@@ -226,6 +256,9 @@ static int nitrox_aes_gcm_dec(struct aead_request *areq)
        struct flexi_crypto_context *fctx = nctx->u.fctx;
        int ret;
 
+       if (!nitrox_aes_gcm_assoclen_supported(areq->assoclen))
+               return -EINVAL;
+
        memcpy(fctx->crypto.iv, areq->iv, GCM_AES_SALT_SIZE);
 
        rctx->cryptlen = areq->cryptlen - aead->authsize;
@@ -492,13 +525,13 @@ static struct aead_alg nitrox_aeads[] = { {
                .cra_driver_name = "n5_aes_gcm",
                .cra_priority = PRIO,
                .cra_flags = CRYPTO_ALG_ASYNC,
-               .cra_blocksize = AES_BLOCK_SIZE,
+               .cra_blocksize = 1,
                .cra_ctxsize = sizeof(struct nitrox_crypto_ctx),
                .cra_alignmask = 0,
                .cra_module = THIS_MODULE,
        },
        .setkey = nitrox_aes_gcm_setkey,
-       .setauthsize = nitrox_aead_setauthsize,
+       .setauthsize = nitrox_aes_gcm_setauthsize,
        .encrypt = nitrox_aes_gcm_enc,
        .decrypt = nitrox_aes_gcm_dec,
        .init = nitrox_aes_gcm_init,
@@ -511,7 +544,7 @@ static struct aead_alg nitrox_aeads[] = { {
                .cra_driver_name = "n5_rfc4106",
                .cra_priority = PRIO,
                .cra_flags = CRYPTO_ALG_ASYNC,
-               .cra_blocksize = AES_BLOCK_SIZE,
+               .cra_blocksize = 1,
                .cra_ctxsize = sizeof(struct nitrox_crypto_ctx),
                .cra_alignmask = 0,
                .cra_module = THIS_MODULE,