common/cpt: add checks for offset overflow
Checks
Commit Message
Add checks to catch overflow of any offsets. Offset control word
specifies,
1. 16 bits encryption offset
2. 8 bits IV offset
3. 8 bits auth offset
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/common/cpt/cpt_ucode.h | 59 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
Comments
10/05/2021 11:44, Anoob Joseph:
> Add checks to catch overflow of any offsets. Offset control word
> specifies,
>
> 1. 16 bits encryption offset
> 2. 8 bits IV offset
> 3. 8 bits auth offset
>
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
Hi Thomas,
> Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
Either is fine. This patch is just adding some extra parameter checks.
Thanks,
Anoob
> -----Original Message-----
> From: Thomas Monjalon <thomas@monjalon.net>
> Sent: Tuesday, May 11, 2021 6:59 PM
> To: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Anoob Joseph
> <anoobj@marvell.com>
> Cc: Akhil Goyal <gakhil@marvell.com>; dev@dpdk.org; Ankur Dwivedi
> <adwivedi@marvell.com>; Tejasree Kondoj <ktejasree@marvell.com>;
> dev@dpdk.org
> Subject: [EXT] Re: [dpdk-dev] [PATCH] common/cpt: add checks for offset
> overflow
>
> External Email
>
> ----------------------------------------------------------------------
> 10/05/2021 11:44, Anoob Joseph:
> > Add checks to catch overflow of any offsets. Offset control word
> > specifies,
> >
> > 1. 16 bits encryption offset
> > 2. 8 bits IV offset
> > 3. 8 bits auth offset
> >
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
>
> Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
>
>
> 10/05/2021 11:44, Anoob Joseph:
> > Add checks to catch overflow of any offsets. Offset control word
> > specifies,
> >
> > 1. 16 bits encryption offset
> > 2. 8 bits IV offset
> > 3. 8 bits auth offset
> >
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
>
> Should it be merged in DPDK 21.05-rc3, or wait for 21.08?
>
>
Applied to dpdk-next-crypto
Thanks
@@ -954,6 +954,16 @@ cpt_enc_hmac_prep(uint32_t flags,
req->ist.ei2 = (uint64_t)c_vaddr - 8;
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
@@ -1116,6 +1126,16 @@ cpt_dec_hmac_prep(uint32_t flags,
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
@@ -1144,6 +1164,16 @@ cpt_dec_hmac_prep(uint32_t flags,
dest[1] = src[1];
}
+ if (unlikely((encr_offset >> 16) ||
+ (iv_offset >> 8) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("iv_offset : %d", iv_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
*(uint64_t *)offset_vaddr =
rte_cpu_to_be_64(((uint64_t)encr_offset << 16) |
((uint64_t)iv_offset << 8) |
@@ -1401,6 +1431,14 @@ cpt_zuc_snow3g_enc_prep(uint32_t req_flags,
offset_ctrl = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
}
+ if (unlikely((encr_offset >> 16) ||
+ (auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
+
/* IV */
iv_s = (flags == 0x1) ? params->auth_iv_buf :
params->iv_buf;
@@ -1809,6 +1847,12 @@ cpt_zuc_snow3g_dec_prep(uint32_t req_flags,
req->ist.ei2 = (uint64_t)c_vaddr - 8;
}
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
+
/* 16 byte aligned cpt res address */
req->completion_addr = (uint64_t *)((uint8_t *)c_vaddr);
*req->completion_addr = COMPLETION_CODE_INIT;
@@ -1924,11 +1968,21 @@ cpt_kasumi_enc_prep(uint32_t req_flags,
outputlen = inputlen;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
} else {
inputlen = auth_offset + (RTE_ALIGN(auth_data_len, 8) / 8);
outputlen = mac_len;
/* iv offset is 0 */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)auth_offset);
+ if (unlikely((auth_offset >> 8))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("auth_offset: %d", auth_offset);
+ return;
+ }
}
i = fill_sg_comp(gather_comp, i, (uint64_t)offset_vaddr,
@@ -2120,6 +2174,11 @@ cpt_kasumi_dec_prep(uint64_t d_offs,
/* Offset control word followed by iv */
*offset_vaddr = rte_cpu_to_be_64((uint64_t)encr_offset << 16);
+ if (unlikely((encr_offset >> 16))) {
+ CPT_LOG_DP_ERR("Offset not supported");
+ CPT_LOG_DP_ERR("enc_offset: %d", encr_offset);
+ return;
+ }
i = fill_sg_comp(gather_comp, i, (uint64_t)offset_vaddr,
OFF_CTRL_LEN + iv_len);