166 lines
5.4 KiB
Diff
166 lines
5.4 KiB
Diff
From ff170d66d338d4131fd105704427a77d719659c0 Mon Sep 17 00:00:00 2001
|
|
From: Zhiqi Song <songzhiqi1@huawei.com>
|
|
Date: Thu, 7 Dec 2023 19:19:02 +0800
|
|
Subject: [PATCH 116/123] uadk/v1: fix security view issues of hpre
|
|
|
|
1. Add parameter check when fill rsa pubkey.
|
|
2. Modify addr seqence in DMA_ADDR().
|
|
3. Modify redundant code.
|
|
|
|
Signed-off-by: Zhiqi Song <songzhiqi1@huawei.com>
|
|
---
|
|
v1/drv/hisi_hpre_udrv.c | 22 +++++++++++++---------
|
|
v1/wd_ecc.c | 11 ++++++++---
|
|
v1/wd_rsa.c | 3 +++
|
|
3 files changed, 24 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/v1/drv/hisi_hpre_udrv.c b/v1/drv/hisi_hpre_udrv.c
|
|
index 0d0c3b4..3f8029b 100644
|
|
--- a/v1/drv/hisi_hpre_udrv.c
|
|
+++ b/v1/drv/hisi_hpre_udrv.c
|
|
@@ -40,7 +40,7 @@
|
|
#define HPRE_SM2_ENC 0xE
|
|
#define HPRE_SM2_DEC 0xF
|
|
|
|
-#define SM2_SQE_NUM 2
|
|
+#define SM2_SQE_NUM 2
|
|
|
|
static bool is_hpre_bin_fmt(const char *data, int dsz, int bsz)
|
|
{
|
|
@@ -203,6 +203,11 @@ static int qm_fill_rsa_pubkey(struct wcrypto_rsa_pubkey *pubkey, void **data)
|
|
int ret;
|
|
|
|
wcrypto_get_rsa_pubkey_params(pubkey, &wd_e, &wd_n);
|
|
+ if (unlikely(!wd_e || !wd_n)) {
|
|
+ WD_ERR("failed to get rsa pubkey params!\n");
|
|
+ return -WD_EINVAL;
|
|
+ }
|
|
+
|
|
ret = qm_crypto_bin_to_hpre_bin(wd_e->data, (const char *)wd_e->data,
|
|
wd_e->bsize, wd_e->dsize, "rsa pubkey e");
|
|
if (unlikely(ret))
|
|
@@ -330,7 +335,7 @@ static void rsa_key_unmap(struct wcrypto_rsa_msg *msg, struct wd_queue *q,
|
|
struct wcrypto_rsa_kg_out *key = (void *)msg->key;
|
|
uintptr_t phy;
|
|
|
|
- phy = DMA_ADDR(hw_msg->low_key, hw_msg->hi_key);
|
|
+ phy = DMA_ADDR(hw_msg->hi_key, hw_msg->low_key);
|
|
phy -= (uintptr_t)va - (uintptr_t)key;
|
|
|
|
drv_iova_unmap(q, msg->key, (void *)phy, size);
|
|
@@ -597,7 +602,7 @@ static int fill_dh_g_param(struct wd_queue *q, struct wcrypto_dh_msg *msg,
|
|
static void dh_g_unmap(struct wcrypto_dh_msg *msg, struct wd_queue *q,
|
|
struct hisi_hpre_sqe *hw_msg)
|
|
{
|
|
- uintptr_t phy = DMA_ADDR(hw_msg->low_in, hw_msg->hi_in);
|
|
+ uintptr_t phy = DMA_ADDR(hw_msg->hi_in, hw_msg->low_in);
|
|
if (phy)
|
|
drv_iova_unmap(q, msg->g, (void *)phy, msg->key_bytes);
|
|
}
|
|
@@ -605,7 +610,7 @@ static void dh_g_unmap(struct wcrypto_dh_msg *msg, struct wd_queue *q,
|
|
static void dh_xp_unmap(struct wcrypto_dh_msg *msg, struct wd_queue *q,
|
|
struct hisi_hpre_sqe *hw_msg)
|
|
{
|
|
- uintptr_t phy = DMA_ADDR(hw_msg->low_key, hw_msg->hi_key);
|
|
+ uintptr_t phy = DMA_ADDR(hw_msg->hi_key, hw_msg->low_key);
|
|
|
|
drv_iova_unmap(q, msg->x_p, (void *)phy, GEN_PARAMS_SZ_UL(msg->key_bytes));
|
|
}
|
|
@@ -1008,7 +1013,7 @@ static void ecc_key_unmap(struct wcrypto_ecc_msg *msg, struct wd_queue *q,
|
|
{
|
|
uintptr_t phy;
|
|
|
|
- phy = DMA_ADDR(hw_msg->low_key, hw_msg->hi_key);
|
|
+ phy = DMA_ADDR(hw_msg->hi_key, hw_msg->low_key);
|
|
drv_iova_unmap(q, va, (void *)phy, size);
|
|
}
|
|
|
|
@@ -1586,8 +1591,7 @@ static int ecc_verf_out_transfer(struct wcrypto_ecc_msg *msg,
|
|
{
|
|
__u32 result = hw_msg->low_out;
|
|
|
|
- result >>= 1;
|
|
- result &= 1;
|
|
+ result = (result >> 1) & 1;
|
|
if (!result)
|
|
msg->result = WD_VERIFY_ERR;
|
|
|
|
@@ -1667,7 +1671,7 @@ static int qm_fill_ecc_sqe_general(void *message, struct qm_queue_info *info,
|
|
hw_msg = (struct hisi_hpre_sqe *)sqe;
|
|
|
|
memset(hw_msg, 0, sizeof(struct hisi_hpre_sqe));
|
|
- hw_msg->task_len1 = msg->key_bytes / BYTE_BITS - 0x1;
|
|
+ hw_msg->task_len1 = ((msg->key_bytes) >> BYTE_BITS_SHIFT) - 0x1;
|
|
|
|
/* prepare algorithm */
|
|
ret = qm_ecc_prepare_alg(hw_msg, msg);
|
|
@@ -2327,7 +2331,7 @@ static int sm2_convert_enc_out(struct wcrypto_ecc_msg *src,
|
|
/* enc origin out data fmt:
|
|
* | x1y1(2*256bit) | x2y2(2*256bit) | other |
|
|
* final out data fmt:
|
|
- * | c1(2*256bit) | c2(plaintext size) | c3(256bit) |
|
|
+ * | c1(2*256bit) | c3(256bit) | c2(plaintext size) |
|
|
*/
|
|
x2y2.x.data = (void *)second->out;
|
|
x2y2.x.dsize = ksz;
|
|
diff --git a/v1/wd_ecc.c b/v1/wd_ecc.c
|
|
index 7650b2b..597926d 100644
|
|
--- a/v1/wd_ecc.c
|
|
+++ b/v1/wd_ecc.c
|
|
@@ -428,7 +428,7 @@ static struct wcrypto_ecc_in *create_sm2_sign_in(struct wcrypto_ecc_ctx *ctx,
|
|
|
|
hsz = get_hw_keysize(ctx->key_size);
|
|
len = sizeof(struct wcrypto_ecc_in)
|
|
- + ECC_SIGN_IN_PARAM_NUM * hsz + (__u64)m_len;
|
|
+ + ECC_SIGN_IN_PARAM_NUM * hsz + m_len;
|
|
in = br_alloc(br, len);
|
|
if (unlikely(!in)) {
|
|
WD_ERR("failed to br alloc, sz = %llu!\n", len);
|
|
@@ -1802,6 +1802,11 @@ static int generate_random(struct wcrypto_ecc_ctx *ctx, struct wd_dtb *k)
|
|
struct wcrypto_rand_mt *rand_mt = &ctx->setup.rand;
|
|
int ret;
|
|
|
|
+ if (!rand_mt->cb) {
|
|
+ WD_ERR("failed to get rand cb!\n");
|
|
+ return -WD_EINVAL;
|
|
+ }
|
|
+
|
|
ret = rand_mt->cb(k->data, k->dsize, rand_mt->usr);
|
|
if (unlikely(ret))
|
|
WD_ERR("failed to rand cb: ret = %d!\n", ret);
|
|
@@ -1932,7 +1937,7 @@ static struct wcrypto_ecc_in *new_sign_in(struct wcrypto_ecc_ctx *ctx,
|
|
return NULL;
|
|
|
|
sin = &ecc_in->param.sin;
|
|
- if (!k && cx->setup.rand.cb) {
|
|
+ if (!k) {
|
|
ret = generate_random(cx, &sin->k);
|
|
if (unlikely(ret))
|
|
goto release_in;
|
|
@@ -2018,7 +2023,7 @@ static struct wcrypto_ecc_in *create_sm2_verf_in(struct wcrypto_ecc_ctx *ctx,
|
|
|
|
hsz = get_hw_keysize(ctx->key_size);
|
|
len = sizeof(struct wcrypto_ecc_in) + ECC_VERF_IN_PARAM_NUM * hsz +
|
|
- (__u64)m_len;
|
|
+ m_len;
|
|
in = br_alloc(br, len);
|
|
if (unlikely(!in)) {
|
|
WD_ERR("failed to br alloc, sz = %llu!\n", len);
|
|
diff --git a/v1/wd_rsa.c b/v1/wd_rsa.c
|
|
index 9e467d0..90c8f84 100644
|
|
--- a/v1/wd_rsa.c
|
|
+++ b/v1/wd_rsa.c
|
|
@@ -798,6 +798,9 @@ static int rsa_prikey2_param_set(struct wcrypto_rsa_prikey2 *pkey2,
|
|
case WD_CRT_PRIKEY_Q:
|
|
ret = rsa_set_param(&pkey2->q, param);
|
|
break;
|
|
+ default:
|
|
+ ret = -WD_EINVAL;
|
|
+ break;
|
|
}
|
|
|
|
return ret;
|
|
--
|
|
2.31.1.windows.1
|
|
|