Loading...
Note: File does not exist in v3.1.
1// SPDX-License-Identifier: GPL-2.0+
2/*
3 * SSH message parser.
4 *
5 * Copyright (C) 2019-2022 Maximilian Luz <luzmaximilian@gmail.com>
6 */
7
8#include <asm/unaligned.h>
9#include <linux/compiler.h>
10#include <linux/device.h>
11#include <linux/types.h>
12
13#include <linux/surface_aggregator/serial_hub.h>
14#include "ssh_parser.h"
15
16/**
17 * sshp_validate_crc() - Validate a CRC in raw message data.
18 * @src: The span of data over which the CRC should be computed.
19 * @crc: The pointer to the expected u16 CRC value.
20 *
21 * Computes the CRC of the provided data span (@src), compares it to the CRC
22 * stored at the given address (@crc), and returns the result of this
23 * comparison, i.e. %true if equal. This function is intended to run on raw
24 * input/message data.
25 *
26 * Return: Returns %true if the computed CRC matches the stored CRC, %false
27 * otherwise.
28 */
29static bool sshp_validate_crc(const struct ssam_span *src, const u8 *crc)
30{
31 u16 actual = ssh_crc(src->ptr, src->len);
32 u16 expected = get_unaligned_le16(crc);
33
34 return actual == expected;
35}
36
37/**
38 * sshp_starts_with_syn() - Check if the given data starts with SSH SYN bytes.
39 * @src: The data span to check the start of.
40 */
41static bool sshp_starts_with_syn(const struct ssam_span *src)
42{
43 return src->len >= 2 && get_unaligned_le16(src->ptr) == SSH_MSG_SYN;
44}
45
46/**
47 * sshp_find_syn() - Find SSH SYN bytes in the given data span.
48 * @src: The data span to search in.
49 * @rem: The span (output) indicating the remaining data, starting with SSH
50 * SYN bytes, if found.
51 *
52 * Search for SSH SYN bytes in the given source span. If found, set the @rem
53 * span to the remaining data, starting with the first SYN bytes and capped by
54 * the source span length, and return %true. This function does not copy any
55 * data, but rather only sets pointers to the respective start addresses and
56 * length values.
57 *
58 * If no SSH SYN bytes could be found, set the @rem span to the zero-length
59 * span at the end of the source span and return %false.
60 *
61 * If partial SSH SYN bytes could be found at the end of the source span, set
62 * the @rem span to cover these partial SYN bytes, capped by the end of the
63 * source span, and return %false. This function should then be re-run once
64 * more data is available.
65 *
66 * Return: Returns %true if a complete SSH SYN sequence could be found,
67 * %false otherwise.
68 */
69bool sshp_find_syn(const struct ssam_span *src, struct ssam_span *rem)
70{
71 size_t i;
72
73 for (i = 0; i < src->len - 1; i++) {
74 if (likely(get_unaligned_le16(src->ptr + i) == SSH_MSG_SYN)) {
75 rem->ptr = src->ptr + i;
76 rem->len = src->len - i;
77 return true;
78 }
79 }
80
81 if (unlikely(src->ptr[src->len - 1] == (SSH_MSG_SYN & 0xff))) {
82 rem->ptr = src->ptr + src->len - 1;
83 rem->len = 1;
84 return false;
85 }
86
87 rem->ptr = src->ptr + src->len;
88 rem->len = 0;
89 return false;
90}
91
92/**
93 * sshp_parse_frame() - Parse SSH frame.
94 * @dev: The device used for logging.
95 * @source: The source to parse from.
96 * @frame: The parsed frame (output).
97 * @payload: The parsed payload (output).
98 * @maxlen: The maximum supported message length.
99 *
100 * Parses and validates a SSH frame, including its payload, from the given
101 * source. Sets the provided @frame pointer to the start of the frame and
102 * writes the limits of the frame payload to the provided @payload span
103 * pointer.
104 *
105 * This function does not copy any data, but rather only validates the message
106 * data and sets pointers (and length values) to indicate the respective parts.
107 *
108 * If no complete SSH frame could be found, the frame pointer will be set to
109 * the %NULL pointer and the payload span will be set to the null span (start
110 * pointer %NULL, size zero).
111 *
112 * Return: Returns zero on success or if the frame is incomplete, %-ENOMSG if
113 * the start of the message is invalid, %-EBADMSG if any (frame-header or
114 * payload) CRC is invalid, or %-EMSGSIZE if the SSH message is bigger than
115 * the maximum message length specified in the @maxlen parameter.
116 */
117int sshp_parse_frame(const struct device *dev, const struct ssam_span *source,
118 struct ssh_frame **frame, struct ssam_span *payload,
119 size_t maxlen)
120{
121 struct ssam_span sf;
122 struct ssam_span sp;
123
124 /* Initialize output. */
125 *frame = NULL;
126 payload->ptr = NULL;
127 payload->len = 0;
128
129 if (!sshp_starts_with_syn(source)) {
130 dev_warn(dev, "rx: parser: invalid start of frame\n");
131 return -ENOMSG;
132 }
133
134 /* Check for minimum packet length. */
135 if (unlikely(source->len < SSH_MESSAGE_LENGTH(0))) {
136 dev_dbg(dev, "rx: parser: not enough data for frame\n");
137 return 0;
138 }
139
140 /* Pin down frame. */
141 sf.ptr = source->ptr + sizeof(u16);
142 sf.len = sizeof(struct ssh_frame);
143
144 /* Validate frame CRC. */
145 if (unlikely(!sshp_validate_crc(&sf, sf.ptr + sf.len))) {
146 dev_warn(dev, "rx: parser: invalid frame CRC\n");
147 return -EBADMSG;
148 }
149
150 /* Ensure packet does not exceed maximum length. */
151 sp.len = get_unaligned_le16(&((struct ssh_frame *)sf.ptr)->len);
152 if (unlikely(SSH_MESSAGE_LENGTH(sp.len) > maxlen)) {
153 dev_warn(dev, "rx: parser: frame too large: %llu bytes\n",
154 SSH_MESSAGE_LENGTH(sp.len));
155 return -EMSGSIZE;
156 }
157
158 /* Pin down payload. */
159 sp.ptr = sf.ptr + sf.len + sizeof(u16);
160
161 /* Check for frame + payload length. */
162 if (source->len < SSH_MESSAGE_LENGTH(sp.len)) {
163 dev_dbg(dev, "rx: parser: not enough data for payload\n");
164 return 0;
165 }
166
167 /* Validate payload CRC. */
168 if (unlikely(!sshp_validate_crc(&sp, sp.ptr + sp.len))) {
169 dev_warn(dev, "rx: parser: invalid payload CRC\n");
170 return -EBADMSG;
171 }
172
173 *frame = (struct ssh_frame *)sf.ptr;
174 *payload = sp;
175
176 dev_dbg(dev, "rx: parser: valid frame found (type: %#04x, len: %u)\n",
177 (*frame)->type, (*frame)->len);
178
179 return 0;
180}
181
182/**
183 * sshp_parse_command() - Parse SSH command frame payload.
184 * @dev: The device used for logging.
185 * @source: The source to parse from.
186 * @command: The parsed command (output).
187 * @command_data: The parsed command data/payload (output).
188 *
189 * Parses and validates a SSH command frame payload. Sets the @command pointer
190 * to the command header and the @command_data span to the command data (i.e.
191 * payload of the command). This will result in a zero-length span if the
192 * command does not have any associated data/payload. This function does not
193 * check the frame-payload-type field, which should be checked by the caller
194 * before calling this function.
195 *
196 * The @source parameter should be the complete frame payload, e.g. returned
197 * by the sshp_parse_frame() command.
198 *
199 * This function does not copy any data, but rather only validates the frame
200 * payload data and sets pointers (and length values) to indicate the
201 * respective parts.
202 *
203 * Return: Returns zero on success or %-ENOMSG if @source does not represent a
204 * valid command-type frame payload, i.e. is too short.
205 */
206int sshp_parse_command(const struct device *dev, const struct ssam_span *source,
207 struct ssh_command **command,
208 struct ssam_span *command_data)
209{
210 /* Check for minimum length. */
211 if (unlikely(source->len < sizeof(struct ssh_command))) {
212 *command = NULL;
213 command_data->ptr = NULL;
214 command_data->len = 0;
215
216 dev_err(dev, "rx: parser: command payload is too short\n");
217 return -ENOMSG;
218 }
219
220 *command = (struct ssh_command *)source->ptr;
221 command_data->ptr = source->ptr + sizeof(struct ssh_command);
222 command_data->len = source->len - sizeof(struct ssh_command);
223
224 dev_dbg(dev, "rx: parser: valid command found (tc: %#04x, cid: %#04x)\n",
225 (*command)->tc, (*command)->cid);
226
227 return 0;
228}