ltc: detect GCM counter re-use

Upstream commit 7d418b34b3fe ("Fix GCM counter reuse"): GCM should error out after processing (2^32)-1 blocks / (2^39)-256 bits [Note: LibTomCrypt GCM is used when CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB=y which is not the default] Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU) Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960) Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
author: Jerome Forissier <jerome.forissier@linaro.org> 2018-04-16 09:34:25 +0200
committer: Jérôme Forissier <jerome.forissier@linaro.org> 2018-04-17 14:23:09 +0200
commit: bc879b1765afacd8a2b7673236037181011cabea (patch)
tree: b50cfda1af3091aefe9dc582202b078dfcfd9c77 /core/lib
parent: 2733280a19c40fb1555b01b983d6eedb47642afd (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c b/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c
index 8ce4a388..4098687f 100644
--- a/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c
+++ b/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c
@@ -77,6 +77,11 @@ int gcm_process(gcm_state *gcm,
       return err;
    }
 
+   /* 0xFFFFFFFE0 = ((2^39)-256)/8 */
+   if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* in AAD mode? */
    if (gcm->mode == LTC_GCM_MODE_AAD) {
       /* let's process the AAD */
author	Jerome Forissier <jerome.forissier@linaro.org>	2018-04-16 09:34:25 +0200
committer	Jérôme Forissier <jerome.forissier@linaro.org>	2018-04-17 14:23:09 +0200
commit	bc879b1765afacd8a2b7673236037181011cabea (patch)
tree	b50cfda1af3091aefe9dc582202b078dfcfd9c77 /core/lib
parent	2733280a19c40fb1555b01b983d6eedb47642afd (diff)