Received: by 2002:ac0:da4c:0:0:0:0:0 with SMTP id a12csp567961imi; Thu, 21 Jul 2022 06:48:00 -0700 (PDT) X-Google-Smtp-Source: AGRyM1s6b18iXNmNO8td60O6iwF5rfxWRRc4vQU7E8OXqu1v8ljcFoBuuEkz+iD1XQF1kisjY6pK X-Received: by 2002:a17:906:cc0e:b0:72b:311b:8ed9 with SMTP id ml14-20020a170906cc0e00b0072b311b8ed9mr40790209ejb.186.1658411279908; Thu, 21 Jul 2022 06:47:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658411279; cv=none; d=google.com; s=arc-20160816; b=Wc5SsFreZhiNyjtM3JviBQQN6JDKzur7IpZSmrv6+0DJ5FQMIc+jwzVMbRkcjR63w9 e9DnQIDa8IQf+EFBJ+8GZHajK5s5LCZNe+yOAAvZrBERuLqLhf45noyssdYjj2C5JnbU pKv9p4lM1wXhCX5q4VlNyfZ+pl2Tds353tez2uu9abyYhLbMFZR2PRnR4NOTG16h3WBR BcM7NHo6ekXXCheznUank4R/EIblJZ5ttz8Yk6vrZDdnpkfCBpPxjo4rBZlHY6efvxU5 gsiTStqSClJ6MVP/r1Scyl24hOoBDFT/d+CTe/q6HjOwVN6e+YT4t0BeTW2W6R4sua+G KSVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=AOc/zPkA2XHUZ6IFyRtpbi3OcIyz6gdcpwJZi8hAy3o=; b=S2E1uemp8+JJHJhjloapc8y6utSkxh59JDL57wyrTo7Rt2F0IEpEjo1gPRuPWzhZbo iWcSxU6wNXzw7EsJjNmvOq1j39k8y9rGaFokbvDMua3r7VFmze//qmSNdBljwdrmT3mp Lq1F53bzOq8ot9k6xruQTy9u4k+HjGCC6fp03ZJkkGThe+etCKSZ4fmetL1G5D1Mc/EI Gme5el2/YBLmfZ0XIzEuhJQlHS2+tEBV6WwUkambZqEK1DOkHjCFYWBHpMdKsDRrGWOB 6z3u3+XqR+M5pyI/6OUcTVgfVSIJHLP+8nbk/TV2OmCFn5KCX5XmC1ifjVdtZF5vlfLr dOdQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eNS027Hc; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y21-20020a50eb95000000b0043bbbe36139si2130337edr.611.2022.07.21.06.47.30; Thu, 21 Jul 2022 06:47:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=eNS027Hc; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229669AbiGUNr1 (ORCPT + 99 others); Thu, 21 Jul 2022 09:47:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49246 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229790AbiGUNrL (ORCPT ); Thu, 21 Jul 2022 09:47:11 -0400 Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AF6E9820D7; Thu, 21 Jul 2022 06:46:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1658411168; x=1689947168; h=from:to:cc:subject:date:message-id:mime-version: content-transfer-encoding; bh=fQCPrJb9lHyi4oxZ+pNt0wwlX5RQtHlur9Kl1f9gxRE=; b=eNS027HcYP3OjWp0qunzouJvNGwaiEzkIeFLFtyifGGK5UcWIAqXAatx ABmpwPmk5xx9/Vju9lfohyiXX4BZ8asN2RoI0SjBttTx/UGoA7oO03Z6z mgzIz1hMrJe6EYim76S2GjhyQ1hyGPToShoRNLhqMMJVdG03fmTSEydRQ jEe7753UhvO95l7gHGxzHcukb9GrrcrS/uNMi7wApJnWHRi6NI5ihTmN1 weyNpD2KumcUxpgEGeFjwR/9a4Sp6CkDCl9wAFcOfIFz9RckkHKCRWtZs PeIPcQ8tndUTKr4SsVrLvrPXXMg9aPUbkhWSSPlesfvCTiK+tenB5MECW A==; X-IronPort-AV: E=McAfee;i="6400,9594,10414"; a="267445062" X-IronPort-AV: E=Sophos;i="5.93,289,1654585200"; d="scan'208";a="267445062" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Jul 2022 06:46:08 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.93,289,1654585200"; d="scan'208";a="925655444" Received: from 984fee006c34.jf.intel.com ([10.165.126.83]) by fmsmga005.fm.intel.com with ESMTP; 21 Jul 2022 06:46:08 -0700 From: Srinivas Kerekare To: herbert@gondor.apana.org.au Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org, qat-linux@intel.com, Srinivas Kerekare , Giovanni Cabiddu , Wojciech Ziemba Subject: [PATCH] crypto: qat - add check to validate firmware images Date: Wed, 22 Jun 2022 14:01:55 -0700 Message-Id: <20220622210155.69684-1-srinivas.kerekare@intel.com> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DATE_IN_PAST_96_XX, DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org The function qat_uclo_check_image() validates the MMP and AE firmware images. If the QAT device supports firmware authentication (indicated by the handle to firmware loader), the input signed binary MMP and AE images are validated by parsing the following information: - Header length - Full size of the binary - Type of binary image (MMP or AE Firmware) Firmware binaries use RSA3K for signing and verification. The header length for the RSA3k is 0x384 bytes. All the size field values in the binary are quantified as DWORDS (1 DWORD = 4bytes). On an invalid value the function prints an error message and returns with an error code "EINVAL". Signed-off-by: Srinivas Kerekare Reviewed-by: Giovanni Cabiddu Reviewed-by: Wojciech Ziemba --- drivers/crypto/qat/qat_common/icp_qat_uclo.h | 3 +- drivers/crypto/qat/qat_common/qat_uclo.c | 56 +++++++++++++++++++- 2 files changed, 57 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/qat/qat_common/icp_qat_uclo.h b/drivers/crypto/qat/qat_common/icp_qat_uclo.h index 4b36869bf460..69482abdb8b9 100644 --- a/drivers/crypto/qat/qat_common/icp_qat_uclo.h +++ b/drivers/crypto/qat/qat_common/icp_qat_uclo.h @@ -86,7 +86,8 @@ ICP_QAT_CSS_FWSK_MODULUS_LEN(handle) + \ ICP_QAT_CSS_FWSK_EXPONENT_LEN(handle) + \ ICP_QAT_CSS_SIGNATURE_LEN(handle)) -#define ICP_QAT_CSS_MAX_IMAGE_LEN 0x40000 +#define ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN 0x40000 +#define ICP_QAT_CSS_RSA3K_MAX_IMAGE_LEN 0x30000 #define ICP_QAT_CTX_MODE(ae_mode) ((ae_mode) & 0xf) #define ICP_QAT_NN_MODE(ae_mode) (((ae_mode) >> 0x4) & 0xf) diff --git a/drivers/crypto/qat/qat_common/qat_uclo.c b/drivers/crypto/qat/qat_common/qat_uclo.c index 0fe5a474aa45..b7f7869ef8b2 100644 --- a/drivers/crypto/qat/qat_common/qat_uclo.c +++ b/drivers/crypto/qat/qat_common/qat_uclo.c @@ -1367,6 +1367,48 @@ static void qat_uclo_ummap_auth_fw(struct icp_qat_fw_loader_handle *handle, } } +static int qat_uclo_check_image(struct icp_qat_fw_loader_handle *handle, + char *image, unsigned int size, + unsigned int fw_type) +{ + char *fw_type_name = fw_type ? "MMP" : "AE"; + unsigned int css_dword_size = sizeof(u32); + + if (handle->chip_info->fw_auth) { + struct icp_qat_css_hdr *css_hdr = (struct icp_qat_css_hdr *)image; + unsigned int header_len = ICP_QAT_AE_IMG_OFFSET(handle); + + if ((css_hdr->header_len * css_dword_size) != header_len) + goto err; + if ((css_hdr->size * css_dword_size) != size) + goto err; + if (fw_type != css_hdr->fw_type) + goto err; + if (size <= header_len) + goto err; + size -= header_len; + } + + if (fw_type == CSS_AE_FIRMWARE) { + if (size < sizeof(struct icp_qat_simg_ae_mode *) + + ICP_QAT_SIMG_AE_INIT_SEQ_LEN) + goto err; + if (size > ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN) + goto err; + } else if (fw_type == CSS_MMP_FIRMWARE) { + if (size > ICP_QAT_CSS_RSA3K_MAX_IMAGE_LEN) + goto err; + } else { + pr_err("QAT: Unsupported firmware type\n"); + return -EINVAL; + } + return 0; + +err: + pr_err("QAT: Invalid %s firmware image\n", fw_type_name); + return -EINVAL; +} + static int qat_uclo_map_auth_fw(struct icp_qat_fw_loader_handle *handle, char *image, unsigned int size, struct icp_qat_fw_auth_desc **desc) @@ -1379,7 +1421,7 @@ static int qat_uclo_map_auth_fw(struct icp_qat_fw_loader_handle *handle, struct icp_qat_simg_ae_mode *simg_ae_mode; struct icp_firml_dram_desc img_desc; - if (size > (ICP_QAT_AE_IMG_OFFSET(handle) + ICP_QAT_CSS_MAX_IMAGE_LEN)) { + if (size > (ICP_QAT_AE_IMG_OFFSET(handle) + ICP_QAT_CSS_RSA4K_MAX_IMAGE_LEN)) { pr_err("QAT: error, input image size overflow %d\n", size); return -EINVAL; } @@ -1547,6 +1589,11 @@ int qat_uclo_wr_mimage(struct icp_qat_fw_loader_handle *handle, { struct icp_qat_fw_auth_desc *desc = NULL; int status = 0; + int ret; + + ret = qat_uclo_check_image(handle, addr_ptr, mem_size, CSS_MMP_FIRMWARE); + if (ret) + return ret; if (handle->chip_info->fw_auth) { status = qat_uclo_map_auth_fw(handle, addr_ptr, mem_size, &desc); @@ -2018,8 +2065,15 @@ static int qat_uclo_wr_suof_img(struct icp_qat_fw_loader_handle *handle) struct icp_qat_fw_auth_desc *desc = NULL; struct icp_qat_suof_handle *sobj_handle = handle->sobj_handle; struct icp_qat_suof_img_hdr *simg_hdr = sobj_handle->img_table.simg_hdr; + int ret; for (i = 0; i < sobj_handle->img_table.num_simgs; i++) { + ret = qat_uclo_check_image(handle, simg_hdr[i].simg_buf, + simg_hdr[i].simg_len, + CSS_AE_FIRMWARE); + if (ret) + return ret; + if (qat_uclo_map_auth_fw(handle, (char *)simg_hdr[i].simg_buf, (unsigned int) -- 2.36.1 -------------------------------------------------------------- Intel Research and Development Ireland Limited Registered in Ireland Registered Office: Collinstown Industrial Park, Leixlip, County Kildare Registered Number: 308263 This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.