commit c13ea30b203e058a9e6856ea60f231bb2e1f88fa
author developer <developer@mediatek.com> Wed Dec 13 19:28:49 2023 +0800
committer developer <developer@mediatek.com> Thu Dec 14 16:39:13 2023 +0800
tree b2b5d686389bc0d7c0a2a952434fe7ff16d1766e
parent 0fc31473465554db9c7266a6550abe3eaeb8715e

[][openwrt][mt7988][crypto][Add check for algorithm used in xfrm_state]

[Description]
Add check for algorithm used in xfrm_state.
There are two types of algorithms in IPSec. One type is AEAD, which
performs encryption and authentication simultaneously using a single
algorithm such as AES-GCM. The other type combines an encryption
algorithm and an authentication algorithm to perform encryption and
authentication seperately, such as AES128-HMAC-SHA1. Currently, inline
mode only supports the latter type. If the xfrm_state contains the
former algorithm, then return -EINVAL.

[Release-log]
N/A


Change-Id: I71c8e995ac25903de651d1a2076a7cacec32fb44
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8385337

package-21.02/kernel/crypto-eip/src/ddk-wrapper.c

diff --git a/package-21.02/kernel/crypto-eip/src/ddk-wrapper.c b/package-21.02/kernel/crypto-eip/src/ddk-wrapper.c
index d923693..1fb1e3d 100644
--- a/package-21.02/kernel/crypto-eip/src/ddk-wrapper.c
+++ b/package-21.02/kernel/crypto-eip/src/ddk-wrapper.c
@@ -479,6 +479,13 @@
 		return (u32 *) sa_handle.p;
 	}
 
+	/* No support for aead now */
+	if (xs->aead) {
+		CRYPTO_ERR("AEAD not supported\n");
+		sa_handle.p = NULL;
+		return (u32 *) sa_handle.p;
+	}
+
 	/* Add crypto key and parameters */
 	params.CryptoAlgo = set_crypto_algo(xs->ealg);
 	params.CryptoMode = SAB_CRYPTO_MODE_CBC;