bug fix: negative test cases

Bug 5225204 Change-Id: I0b6bb5f347e037d79466abf0f88b2ff21ee22b9f Signed-off-by: Khushi <khushi@nvidia.com> Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3349831 (cherry picked from commit 3229106e7d7fb08ce58e1732e2a7ad4efabff906) Reviewed-on: https://git-master.nvidia.com/r/c/linux-nv-oot/+/3313802 Tested-by: mobile promotions <svcmobile_promotions@nvidia.com> Reviewed-by: svcacv <svcacv@nvidia.com> Reviewed-by: Sandeep Trasi <strasi@nvidia.com> Reviewed-by: Leo Chiu <lchiu@nvidia.com> GVS: buildbot_gerritrpt <buildbot_gerritrpt@nvidia.com> Reviewed-by: mobile promotions <svcmobile_promotions@nvidia.com>
2025-12-22 09:11:26 +03:00 · 2025-03-05 04:34:46 +00:00
parent 60a05995c2
commit fba609e17f
2 changed files with 85 additions and 41 deletions
--- a/drivers/crypto/tegra-hv-vse-safety.c
+++ b/drivers/crypto/tegra-hv-vse-safety.c
@@ -1593,6 +1593,14 @@ static int tegra_vse_validate_sha_params(struct tegra_virtual_se_sha_context *sh
 		goto exit;
 	}

+	if (is_last) {
+		if (sha_ctx->user_digest_buffer == NULL) {
+			VSE_ERR("%s: user digest buffer is NULL\n", __func__);
+			ret = -EINVAL;
+			goto exit;
+		}
+	}
+
 	if (sha_ctx->blk_size == 0U) {
 		VSE_ERR("SHA blk_size is invalid\n");
 		ret = -EINVAL;
@@ -2323,11 +2331,6 @@ static int tegra_hv_vse_safety_hmac_sha_finup(struct ahash_request *req)
 		return ret;
 	}

-	if (!hmac_ctx->is_key_slot_allocated) {
-		VSE_ERR("%s key is not allocated\n", __func__);
-		return -EINVAL;
-	}
-
 	se_dev = g_crypto_to_ivc_map[hmac_ctx->node_id].se_dev;

 	/* Return error if engine is in suspended state */
@@ -4472,6 +4475,12 @@ static int tegra_vse_aes_gmac_sv_check_params(struct ahash_request *req, bool is
 	int err = 0;
 	bool is_zero_copy;

+	if ((gmac_ctx->request_type != TEGRA_HV_VSE_GMAC_SIGN) &&
+		(gmac_ctx->request_type != TEGRA_HV_VSE_GMAC_VERIFY)) {
+		dev_err(se_dev->dev, "%s: Invalid request type\n", __func__);
+		err = -EINVAL;
+	}
+
 	if (gmac_ctx->node_id >= MAX_NUMBER_MISC_DEVICES) {
 		dev_err(se_dev->dev, "%s: Node id is not valid\n", __func__);
 		err = -EINVAL;
@@ -4482,7 +4491,6 @@ static int tegra_vse_aes_gmac_sv_check_params(struct ahash_request *req, bool is
 		err = -EINVAL;
 	}

-	/* Validate aad buf len */
 	if (gmac_ctx->user_aad_buf_size > TEGRA_VIRTUAL_SE_MAX_SUPPORTED_BUFLEN) {
 		dev_err(se_dev->dev, "%s: aad buf length exceeds max supported size\n", __func__);
 		err = -EINVAL;
@@ -4494,9 +4502,6 @@ static int tegra_vse_aes_gmac_sv_check_params(struct ahash_request *req, bool is
 			dev_err(se_dev->dev, "%s: aad buf is NULL\n", __func__);
 			err = -EINVAL;
 		}
-	}
-
-	if (gmac_ctx->request_type == TEGRA_HV_VSE_GMAC_VERIFY) {
 		if (is_last != 0U) {
 			if (gmac_ctx->authsize > 0 && gmac_ctx->user_tag_buf == NULL) {
 				dev_err(se_dev->dev,
@@ -4504,8 +4509,14 @@ static int tegra_vse_aes_gmac_sv_check_params(struct ahash_request *req, bool is
 				err = -EINVAL;
 			}
 		}
+	} else {
+		if (gmac_ctx->request_type == TEGRA_HV_VSE_GMAC_SIGN) {
+			if (is_last == 1U && gmac_ctx->user_tag_iova == 0) {
+				dev_err(se_dev->dev, "%s: user tag iova is invalid\n", __func__);
+				err = -EINVAL;
+			}
+		}
 	}
-
 	return err;
 }

@@ -5028,7 +5039,6 @@ static int tegra_hv_vse_aes_gmac_sv_op_hw_support(struct ahash_request *req,
 		}
 	}

-
 free_exit:
 	if (ivc_req_msg)
 		devm_kfree(se_dev->dev, ivc_req_msg);
@@ -5056,6 +5066,11 @@ static int tegra_hv_vse_aes_gmac_sv_update(struct ahash_request *req)
 	}

 	gmac_ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+	if (gmac_ctx == NULL) {
+		VSE_ERR("%s: gmac_ctx is NULL\n", __func__);
+		return -EINVAL;
+	}
+
 	if (!gmac_ctx->req_context_initialized) {
 		VSE_ERR("%s Request ctx not initialized\n", __func__);
 		ret = -EPERM;
@@ -5100,6 +5115,11 @@ static int tegra_hv_vse_aes_gmac_sv_finup(struct ahash_request *req)
 	}

 	gmac_ctx = crypto_ahash_ctx(crypto_ahash_reqtfm(req));
+	if (gmac_ctx == NULL) {
+		VSE_ERR("%s: gmac_ctx is NULL\n", __func__);
+		return -EINVAL;
+	}
+
 	if (!gmac_ctx->req_context_initialized) {
 		VSE_ERR("%s: Request ctx not initialized\n", __func__);
 		ret = -EPERM;
--- a/drivers/crypto/tegra-nvvse-cryptodev.c
+++ b/drivers/crypto/tegra-nvvse-cryptodev.c
@@ -267,6 +267,20 @@ static int tnvvse_crypto_validate_sha_update_req(struct tnvvse_crypto_ctx *ctx,
 	enum tegra_nvvse_sha_type sha_type = sha_update_ctl->sha_type;
 	int32_t ret = 0;

+	if ((sha_type < TEGRA_NVVSE_SHA_TYPE_SHA256) || (sha_type >= TEGRA_NVVSE_SHA_TYPE_MAX)) {
+		CRYPTODEV_ERR("%s(): SHA Type requested %d is not supported\n", __func__, sha_type);
+		ret = -EINVAL;
+		goto exit;
+	}
+
+	if ((sha_type == TEGRA_NVVSE_SHA_TYPE_SHAKE128 ||
+		sha_type == TEGRA_NVVSE_SHA_TYPE_SHAKE256) &&
+		sha_update_ctl->digest_size == 0) {
+		CRYPTODEV_ERR("%s: Digest Buffer Size is invalid\n", __func__);
+		ret = -EINVAL;
+		goto exit;
+	}
+
 	if (sha_update_ctl->init_only != 0U) {
 		if (sha_state->sha_init_done != 0U) {
 			CRYPTODEV_INFO("%s(): SHA init is already done\n", __func__);
@@ -295,27 +309,19 @@ static int tnvvse_crypto_validate_sha_update_req(struct tnvvse_crypto_ctx *ctx,
 		goto exit;
 	}

-	if ((sha_state->sha_init_done == 0U) && (sha_update_ctl->is_first == 0U)) {
-		CRYPTODEV_ERR("%s(): SHA First req is not yet received\n", __func__);
-		ret = -EINVAL;
-		goto exit;
-	}
-
-	if ((sha_type < TEGRA_NVVSE_SHA_TYPE_SHA256) || (sha_type >= TEGRA_NVVSE_SHA_TYPE_MAX)) {
-		CRYPTODEV_ERR("%s(): SHA Type requested %d is not supported\n", __func__, sha_type);
-		ret = -EINVAL;
-		goto exit;
-	}
-
-	if (sha_type == TEGRA_NVVSE_SHA_TYPE_SHAKE128 && sha_update_ctl->digest_size == 0) {
-		CRYPTODEV_ERR("%s: Digest Buffer Size is invalid\n", __func__);
-		ret = -EINVAL;
-		goto exit;
-	}
-
 	if (sha_update_ctl->input_buffer_size == 0U) {
 		if (sha_update_ctl->is_last == 0U) {
-			CRYPTODEV_ERR("%s(): zero length non-last request is not supported\n", __func__);
+			CRYPTODEV_ERR("%s(): zero length non-last request is not supported\n",
+			__func__);
+			ret = -EINVAL;
+			goto exit;
+		}
+	}
+
+	if (sha_update_ctl->is_last == 0U) {
+		if (sha_update_ctl->do_reset == 1U) {
+			CRYPTODEV_ERR("%s(): do_reset is not supported for non-last request\n",
+			__func__);
 			ret = -EINVAL;
 			goto exit;
 		}
@@ -361,7 +367,7 @@ exit:
 static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 				struct tegra_nvvse_sha_update_ctl *sha_update_ctl)
 {
-	struct crypto_sha_state *sha_state = &ctx->sha_state;
+	struct crypto_sha_state *sha_state;
 	struct tegra_virtual_se_sha_context *sha_ctx;
 	struct crypto_ahash *tfm = NULL;
 	struct ahash_request *req = NULL;
@@ -369,15 +375,7 @@ static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 	enum tegra_nvvse_sha_type sha_type;
 	int ret = -ENOMEM;

-	sha_type = sha_update_ctl->sha_type;
-
-	if (sha_update_ctl->do_reset != 0U) {
-		/* Force reset SHA state and return */
-		sha_state->sha_init_done = 0U;
-		sha_state->sha_total_msg_length = 0U;
-		ret = 0;
-		goto exit;
-	}
+	sha_state = &ctx->sha_state;

 	ret = tnvvse_crypto_validate_sha_update_req(ctx, sha_update_ctl);
 	if (ret != 0) {
@@ -389,6 +387,16 @@ static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 		goto exit;
 	}

+	sha_type = sha_update_ctl->sha_type;
+
+	if (sha_update_ctl->do_reset != 0U) {
+		/* Force reset SHA state and return */
+		sha_state->sha_init_done = 0U;
+		sha_state->sha_total_msg_length = 0U;
+		ret = 0;
+		goto exit;
+	}
+
 	if (sha_update_ctl->init_only != 0U) {
 		/* Only set state as SHA init done and return */
 		sha_state->sha_init_done = 1U;
@@ -445,6 +453,8 @@ static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 	ret = wait_async_op(&sha_complete, crypto_ahash_init(req));
 	if (ret) {
 		CRYPTODEV_ERR("%s(): Failed to initialize ahash: %d\n", __func__, ret);
+		sha_state->sha_init_done = 0;
+		sha_state->sha_total_msg_length = 0;
 		goto free_tfm;
 	}

@@ -452,12 +462,16 @@ static int tnvvse_crypto_sha_update(struct tnvvse_crypto_ctx *ctx,
 		ret = wait_async_op(&sha_complete, crypto_ahash_update(req));
 		if (ret) {
 			CRYPTODEV_ERR("%s(): Failed to ahash_update: %d\n", __func__, ret);
+			sha_state->sha_init_done = 0;
+			sha_state->sha_total_msg_length = 0;
 			goto free_tfm;
 		}
 	} else {
 		ret = wait_async_op(&sha_complete, crypto_ahash_finup(req));
 		if (ret) {
 			CRYPTODEV_ERR("%s(): Failed to ahash_finup: %d\n", __func__, ret);
+			sha_state->sha_init_done = 0;
+			sha_state->sha_total_msg_length = 0;
 			goto free_tfm;
 		}

@@ -550,8 +564,11 @@ static int tnvvse_crypto_hmac_sha_sign_verify(struct tnvvse_crypto_ctx *ctx,
 	int ret = -ENOMEM;

 	ret = tnvvse_crypto_hmac_sha_validate_req(ctx, hmac_sha_ctl);
-	if (ret != 0)
+	if (ret != 0) {
+		sha_state->hmac_sha_init_done = 0;
+		sha_state->hmac_sha_total_msg_length = 0;
 		goto exit;
+	}

 	tfm = crypto_alloc_ahash("hmac-sha256-vse", 0, 0);
 	if (IS_ERR(tfm)) {
@@ -1068,6 +1085,13 @@ static int tnvvse_crypto_aes_gmac_sign_verify(struct tnvvse_crypto_ctx *ctx,
 		goto free_req;
 	}

+	if ((gmac_sign_verify_ctl->gmac_type != TEGRA_NVVSE_AES_GMAC_SIGN) &&
+		(gmac_sign_verify_ctl->gmac_type != TEGRA_NVVSE_AES_GMAC_VERIFY)) {
+		CRYPTODEV_ERR("%s: Invalid request type\n", __func__);
+		ret = -EINVAL;
+		goto done;
+	}
+
 	ret = tnvvse_crypto_aes_gmac_sign_verify_init(ctx, gmac_sign_verify_ctl, req);
 	if (ret) {
 		CRYPTODEV_ERR("%s(): Failed to init: %d\n", __func__, ret);