From bc879b1765afacd8a2b7673236037181011cabea Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Mon, 16 Apr 2018 09:34:25 +0200
Subject: ltc: detect GCM counter re-use

Upstream commit 7d418b34b3fe ("Fix GCM counter reuse"):

GCM should error out after processing (2^32)-1 blocks / (2^39)-256 bits

[Note: LibTomCrypt GCM is used when CFG_CRYPTO_AES_GCM_FROM_CRYPTOLIB=y
which is not the default]

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (QEMU)
Tested-by: Jerome Forissier <jerome.forissier@linaro.org> (HiKey960)
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
---
 core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'core/lib')

diff --git a/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c b/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c
index 8ce4a388..4098687f 100644
--- a/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c
+++ b/core/lib/libtomcrypt/src/encauth/gcm/gcm_process.c
@@ -77,6 +77,11 @@ int gcm_process(gcm_state *gcm,
       return err;
    }
 
+   /* 0xFFFFFFFE0 = ((2^39)-256)/8 */
+   if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* in AAD mode? */
    if (gcm->mode == LTC_GCM_MODE_AAD) {
       /* let's process the AAD */
-- 
cgit v1.2.3