diff options
| author | Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org> | 2018-03-23 18:55:54 +0300 |
|---|---|---|
| committer | Maxim Uvarov <maxim.uvarov@linaro.org> | 2018-03-29 17:24:26 +0300 |
| commit | fc0a57306aa68a782e8611a9bd08ae10aaa5274a (patch) | |
| tree | 450ab63a3d7ceed22f2840ccb7ada93c78bce7bb | |
| parent | 2eaf47b69ea5f2095e26e0ea597d3e8702b0da06 (diff) | |
linux-gen: crypto: add IV length checks
Check IV length on crypto session creation, fixing possible issues
later, during en/decryption.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry.ereminsolenikov@linaro.org>
Reviewed-by: Bill Fischofer <bill.fischofer@linaro.org>
Signed-off-by: Maxim Uvarov <maxim.uvarov@linaro.org>
| -rw-r--r-- | platform/linux-generic/odp_crypto.c | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/platform/linux-generic/odp_crypto.c b/platform/linux-generic/odp_crypto.c index a7fddb5b4..21449cfea 100644 --- a/platform/linux-generic/odp_crypto.c +++ b/platform/linux-generic/odp_crypto.c @@ -661,9 +661,8 @@ static int process_cipher_param(odp_crypto_generic_session_t *session, return -1; /* Verify IV len is correct */ - if (!((0 == session->p.cipher_iv.length) || - ((uint32_t)EVP_CIPHER_iv_length(cipher) == - session->p.cipher_iv.length))) + if ((uint32_t)EVP_CIPHER_iv_length(cipher) != + session->p.cipher_iv.length) return -1; session->cipher.evp_cipher = cipher; @@ -791,6 +790,10 @@ static int process_aes_gcm_param(odp_crypto_generic_session_t *session, session->p.cipher_key.length) return -1; + /* Verify IV len is correct */ + if (12 != session->p.cipher_iv.length) + return -1; + memcpy(session->cipher.key_data, session->p.cipher_key.data, session->p.cipher_key.length); @@ -902,6 +905,10 @@ static int process_aes_gmac_param(odp_crypto_generic_session_t *session, session->p.auth_key.length) return -1; + /* Verify IV len is correct */ + if (12 != session->p.auth_iv.length) + return -1; + memcpy(session->auth.key, session->p.auth_key.data, session->p.auth_key.length); @@ -1058,6 +1065,11 @@ static int process_aes_ccm_param(odp_crypto_generic_session_t *session, session->p.cipher_key.length) return -1; + /* Verify IV len is correct */ + if (11 != session->p.cipher_iv.length && + 13 != session->p.cipher_iv.length) + return -1; + memcpy(session->cipher.key_data, session->p.cipher_key.data, session->p.cipher_key.length); @@ -1078,6 +1090,10 @@ static int process_aes_ccm_param(odp_crypto_generic_session_t *session, static int process_auth_hmac_param(odp_crypto_generic_session_t *session, const EVP_MD *evp_md) { + /* Verify IV len is correct */ + if (0 != session->p.auth_iv.length) + return -1; + /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->auth.func = auth_hmac_gen; @@ -1106,6 +1122,9 @@ static int process_auth_cmac_param(odp_crypto_generic_session_t *session, session->p.auth_key.length) return -1; + if (0 != session->p.auth_iv.length) + return -1; + /* Set function */ if (ODP_CRYPTO_OP_ENCODE == session->p.op) session->auth.func = auth_cmac_gen; |