MLK-24496 crypto: caam - add tag object header to blob

Tagged object header was added to have red key (plaintext) length available for blob decapsulation. Fixes: 60baeafa83 ("MLK-24420-3 crypto: caam - add ioctl calls for black keys and blobs generation") Signed-off-by: Iuliana Prodan <iuliana.prodan@nxp.com> Reviewed-by: Horia Geantă <horia.geanta@nxp.com>
2020-08-20 12:33:24 +03:00 · 2020-08-20 12:33:24 +03:00 · 1a6588c4a4
parent 8ab16bdb78
commit 1a6588c4a4
1 changed files with 80 additions and 22 deletions
--- a/drivers/crypto/caam/caamkeygen.c
+++ b/drivers/crypto/caam/caamkeygen.c
@ -22,42 +22,54 @@ static long caam_keygen_ioctl(struct file *file, unsigned int cmd,
 			      unsigned long arg);

 /**
- * tag_black_key      - Tag a black key with a tag object header.
+ * tag_black_obj      - Tag a black object (key/blob) with a tag object header.
 *
 * @info              : keyblob_info structure, which contains
- *                      the black key, obtained from CAAM,
+ *                      the black key/blob, obtained from CAAM,
 *                      that needs to be tagged
- * @black_key_max_len : The maximum size of a black key
+ * @black_max_len     : The maximum size of the black object (blob/key)
+ * @blob              : Used to determine if it's a blob or key object
 *
 * Return             : '0' on success, error code otherwise
 */
-static int tag_black_key(struct keyblob_info *info, size_t black_key_max_len)
+static int tag_black_obj(struct keyblob_info *info, size_t black_max_len,
+			 bool blob)
 {
 	struct header_conf tag;
 	u32 type;
 	int ret;
-	u32 size_tagged = black_key_max_len;
+	u32 size_tagged = black_max_len;

 	if (!info)
 		return -EINVAL;

 	type = info->type;

-	/* Prepare the tag */
-	init_tag_object_header(&tag, 0, type, info->black_key_len);
-
-	/* Set the tag */
-	ret = set_tag_object_header_conf(&tag, info->black_key,
-					 info->black_key_len, &size_tagged);
+	/* Prepare and set the tag */
+	if (blob) {
+		init_tag_object_header(&tag, 0, type, info->key_len,
+				       info->blob_len);
+		ret = set_tag_object_header_conf(&tag, info->blob,
+						 info->blob_len,
+						 &size_tagged);
+	} else {
+		init_tag_object_header(&tag, 0, type, info->key_len,
+				       info->black_key_len);
+		ret = set_tag_object_header_conf(&tag, info->black_key,
+						 info->black_key_len,
+						 &size_tagged);
+	}
 	if (ret)
 		return ret;

 	/* Update the size of the black key tagged */
-	info->black_key_len = size_tagged;
+	if (blob)
+		info->blob_len = size_tagged;
+	else
+		info->black_key_len = size_tagged;

 	return ret;
 }
-
 /**
 * send_err_msg      - Send the error message from kernel to user-space
 *
@ -326,16 +338,18 @@ static int keygen_create_keyblob(struct keyblob_info *info)
 	}

 	/* Tag the black key so it can be passed to CAAM Crypto API */
-	ret = tag_black_key(info, sizeof(info->black_key));
+	ret = tag_black_obj(info, sizeof(info->black_key), false);
 	if (ret) {
 		dev_err(jrdev, "Black key tagging failed: %d\n", ret);
 		goto free_jr;
 	}

-	/* Add the object type as a header to the blob */
-	memcpy(info->blob, &info->type, BLOB_HEADER_SIZE);
-	/* Update blob length with the new added header */
-	info->blob_len += BLOB_HEADER_SIZE;
+	/* Tag the black blob so it can be passed to CAAM Crypto API */
+	ret = tag_black_obj(info, sizeof(info->blob), true);
+	if (ret) {
+		dev_err(jrdev, "Black blob tagging failed: %d\n", ret);
+		goto free_jr;
+	}

 free_jr:
 	caam_jr_free(jrdev);
@ -355,6 +369,8 @@ static int keygen_import_key(struct keyblob_info *info)
 {
 	int ret = 0;
 	struct device *jrdev;
+	struct header_conf *header;
+	struct tagged_object *tag_obj;

 	/* Allocate CAAM Job Ring for operation to be performed from CAAM */
 	jrdev = caam_jr_alloc();
@ -371,11 +387,53 @@ static int keygen_import_key(struct keyblob_info *info)
 			     DUMP_PREFIX_ADDRESS, 16, 4, info->blob,
 			     info->blob_len, 1);

-	/* Get object type from blob header */
-	memcpy(&info->type, info->blob, BLOB_HEADER_SIZE);
+	/* Check if one can retrieve the tag object header configuration */
+	if (info->blob_len <= TAG_OVERHEAD_SIZE) {
+		dev_err(jrdev, "Invalid blob length\n");
+		ret = -EINVAL;
+		goto free_jr;
+	}
+
+	/* Retrieve the tag object */
+	tag_obj = (struct tagged_object *)info->blob;
+
+	/*
+	 * Check tag object header configuration
+	 * and retrieve the tag object header configuration
+	 */
+	if (is_valid_header_conf(&tag_obj->header)) {
+		header = &tag_obj->header;
+	} else {
+		dev_err(jrdev,
+			"Unable to get tag object header configuration for blob\n");
+		ret = -EINVAL;
+		goto free_jr;
+	}
+
+	info->key_len = header->red_key_len;
+
+	/* Validate the red key size extracted from blob */
+	if (info->key_len < MIN_KEY_SIZE || info->key_len > MAX_KEY_SIZE) {
+		dev_err(jrdev,
+			"Invalid red key length extracted from blob, expected values are between 16 and 64 bytes\n");
+		ret = -EINVAL;
+		goto free_jr;
+	}
+
+	info->type = header->type;

 	/* Update blob length by removing the header size */
-	info->blob_len -= BLOB_HEADER_SIZE;
+	info->blob_len -= TAG_OVERHEAD_SIZE;
+
+	/*
+	 * Check the received, from user, blob length
+	 * with the one from tag header
+	 */
+	if (info->blob_len != header->obj_len) {
+		dev_err(jrdev, "Mismatch between received blob length and the one from tag header\n");
+		ret = -EINVAL;
+		goto free_jr;
+	}

 	/*
 	 * Decapsulate the blob into a black key,
@ -388,7 +446,7 @@ static int keygen_import_key(struct keyblob_info *info)
 	}

 	/* Tag the black key so it can be passed to CAAM Crypto API */
-	ret = tag_black_key(info, sizeof(info->black_key));
+	ret = tag_black_obj(info, sizeof(info->black_key), false);
 	if (ret)
 		dev_err(jrdev, "Black key tagging failed: %d\n", ret);