From: Archana Muniganti <marchana@marvell.com>
To: <akhil.goyal@nxp.com>, <anoobj@marvell.com>, <adwivedi@marvell.com>
Cc: Archana Muniganti <marchana@marvell.com>, <dev@dpdk.org>,
<stable@dpdk.org>
Subject: [dpdk-stable] [PATCH 2/2] common/cpt: add check for mac_len
Date: Wed, 16 Sep 2020 16:07:00 +0530 [thread overview]
Message-ID: <1600252620-18201-2-git-send-email-marchana@marvell.com> (raw)
In-Reply-To: <1600252620-18201-1-git-send-email-marchana@marvell.com>
HMAC/HASH opcode algorithms supports fixed mac length.
Allowed session creation to fail when requested for
unsupported MAC length for HMAC/HASH-only use cases.
Signed-off-by: Archana Muniganti <marchana@marvell.com>
---
drivers/common/cpt/cpt_mcode_defines.h | 3 ++
drivers/common/cpt/cpt_ucode.h | 41 +++++++++++++++++++++++++++
drivers/crypto/octeontx/otx_cryptodev_ops.c | 8 ++++++
drivers/crypto/octeontx2/otx2_cryptodev_ops.c | 8 ++++++
4 files changed, 60 insertions(+)
diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index ee2c7f3..0a05bd5 100644
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -427,6 +427,9 @@ struct asym_op_params {
#define SESS_PRIV(__sess) \
(void *)((uint8_t *)__sess + sizeof(struct cpt_sess_misc))
+#define GET_SESS_FC_TYPE(__sess) \
+ (((struct cpt_ctx *)(SESS_PRIV(__sess)))->fc_type)
+
/*
* Get the session size
*
diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 0cfba0b..5f28bd7 100644
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -35,6 +35,47 @@
}
}
+static __rte_always_inline int
+cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
+{
+ uint16_t mac_len = auth->digest_length;
+ int ret;
+
+ switch (auth->algo) {
+ case RTE_CRYPTO_AUTH_MD5:
+ case RTE_CRYPTO_AUTH_MD5_HMAC:
+ ret = (mac_len == 16) ? 0 : -1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA1:
+ case RTE_CRYPTO_AUTH_SHA1_HMAC:
+ ret = (mac_len == 20) ? 0 : -1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA224:
+ case RTE_CRYPTO_AUTH_SHA224_HMAC:
+ ret = (mac_len == 28) ? 0 : -1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA256:
+ case RTE_CRYPTO_AUTH_SHA256_HMAC:
+ ret = (mac_len == 32) ? 0 : -1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA384:
+ case RTE_CRYPTO_AUTH_SHA384_HMAC:
+ ret = (mac_len == 48) ? 0 : -1;
+ break;
+ case RTE_CRYPTO_AUTH_SHA512:
+ case RTE_CRYPTO_AUTH_SHA512_HMAC:
+ ret = (mac_len == 64) ? 0 : -1;
+ break;
+ case RTE_CRYPTO_AUTH_NULL:
+ ret = 0;
+ break;
+ default:
+ ret = -1;
+ }
+
+ return ret;
+}
+
static __rte_always_inline void
cpt_fc_salt_update(void *ctx,
uint8_t *salt)
diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 2cedf7d..14f22e3 100644
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -239,6 +239,7 @@
struct rte_cryptodev_sym_session *sess,
struct rte_mempool *pool)
{
+ struct rte_crypto_sym_xform *temp_xform = xform;
struct cpt_sess_misc *misc;
void *priv;
int ret;
@@ -279,6 +280,13 @@
goto priv_put;
}
+ if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
+ cpt_mac_len_verify(&temp_xform->auth)) {
+ CPT_LOG_ERR("MAC length is not supported");
+ ret = -ENOTSUP;
+ goto priv_put;
+ }
+
set_sym_session_private_data(sess, driver_id, priv);
misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 9d51b17..793c2a5 100644
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -353,6 +353,7 @@
struct rte_cryptodev_sym_session *sess,
struct rte_mempool *pool)
{
+ struct rte_crypto_sym_xform *temp_xform = xform;
struct cpt_sess_misc *misc;
void *priv;
int ret;
@@ -393,6 +394,13 @@
goto priv_put;
}
+ if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
+ cpt_mac_len_verify(&temp_xform->auth)) {
+ CPT_LOG_ERR("MAC length is not supported");
+ ret = -ENOTSUP;
+ goto priv_put;
+ }
+
set_sym_session_private_data(sess, driver_id, misc);
misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +
--
1.8.3.1
next prev parent reply other threads:[~2020-09-16 10:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-16 10:36 [dpdk-stable] [PATCH 1/2] common/cpt: remove redundant CPT_BYTE_* macros Archana Muniganti
2020-09-16 10:37 ` Archana Muniganti [this message]
2020-09-16 15:56 ` [dpdk-stable] [PATCH 2/2] common/cpt: add check for mac_len Anoob Joseph
2020-10-09 12:26 ` [dpdk-stable] [PATCH 1/2] common/cpt: remove redundant CPT_BYTE_* macros Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1600252620-18201-2-git-send-email-marchana@marvell.com \
--to=marchana@marvell.com \
--cc=adwivedi@marvell.com \
--cc=akhil.goyal@nxp.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=stable@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).