From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6291C4555B for ; Wed, 3 Jul 2024 12:14:10 +0200 (CEST) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5E1AE427AD; Wed, 3 Jul 2024 12:14:10 +0200 (CEST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2086.outbound.protection.outlook.com [40.107.20.86]) by mails.dpdk.org (Postfix) with ESMTP id C354140E7C for ; Wed, 3 Jul 2024 12:14:08 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Nitk7I+0lH6xtQ3b9OtUBgfvZr1dzMOLYLJ2CeAj9MSBi74a7XiFneYWHv7qaiQstoCtQABJkn1rr122dTFwjXAta7hh/ZAVfGN/zHaQU7AGcR0mswdPQ14qU2oOwpGbWoDcjvOplyK3Dm3WscCw31UTVuFxq2zNwqGYJZfeez82HHBSMsHy2PK4+FzwxBZ52gUuzxvOO2zCTa4fS0FbCvoDuIs9jxiewWscd6c36jG31J8l/QWqcfza+Wspc26RNXDeU24p5XJTBSJWrHnFkNrrCsGub+ZC0blRox0lAV9Dd1Y1fnbySm6xsiCkYaaRp3kR+jLGJ/3/u7dZ3+YhjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FzrsO6RDG5lT0mk3EgYOzwYnRpuW5jdY6LQva8aFqNk=; b=DfZrzpygvg9oVVV9Chv4SRLl+T6pDFEbX0YsB0sdTqiD+x2tcbnFEZeCCwvlcoq1F/RDq3nXbMtHYKUPR65tElDp5uIEaX44nbay86O5yO35u00ontgDALbkldUsSODoKQkKbtXboEvELgqFcZPzwOYSbA71ZpTrS8L4VoghyARgiB9ZiUCCyeuvtOaY384irjTBdU+zeBAwhWC8DP3UwoqcnWvvW7lb3Hjwa9mxDQnPHmpYkaddTrAt3DzCOK+ra7a/8DagwiUXz7S/OT5FLrARoKRFnb+13jSC25iqwVbDKxxPkvA414hohRQ5nV8Ir8Bptg5pneIQWW6VH0vJEw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FzrsO6RDG5lT0mk3EgYOzwYnRpuW5jdY6LQva8aFqNk=; b=nhJwEJ+ntIaj/hP7mA0lTA2FNLL/ROKo/ZAeRYrZxHLmVGmPD0GNl2q9WrQa1QrH17UMkkZ007ciOx50uVGNQURWFY6FKvd/AXvkkpUe8R7KViRcxL2LxoKpju60QBQugbbmAlcMEWc6Tf96SmUVoy8NFree+RNfc/aiKfz7Otw= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nxp.com; Received: from AS8SPR01MB0024.eurprd04.prod.outlook.com (2603:10a6:20b:3d0::24) by PAXPR04MB9707.eurprd04.prod.outlook.com (2603:10a6:102:24d::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.23; Wed, 3 Jul 2024 10:14:07 +0000 Received: from AS8SPR01MB0024.eurprd04.prod.outlook.com ([fe80::c634:479e:8f8a:a325]) by AS8SPR01MB0024.eurprd04.prod.outlook.com ([fe80::c634:479e:8f8a:a325%4]) with mapi id 15.20.7741.017; Wed, 3 Jul 2024 10:14:07 +0000 From: Gagandeep Singh To: hemant.agrawal@nxp.com Cc: Gagandeep Singh , stable@dpdk.org Subject: [PATCH 03/11] crypto/dpaa: fix SEC err due to an wrong desc Date: Wed, 3 Jul 2024 15:43:39 +0530 Message-Id: <20240703101347.3091547-4-g.singh@nxp.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240703101347.3091547-1-g.singh@nxp.com> References: <20240703101347.3091547-1-g.singh@nxp.com> Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SI2PR02CA0030.apcprd02.prod.outlook.com (2603:1096:4:195::17) To AS8SPR01MB0024.eurprd04.prod.outlook.com (2603:10a6:20b:3d0::24) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8SPR01MB0024:EE_|PAXPR04MB9707:EE_ X-MS-Office365-Filtering-Correlation-Id: 65969e9c-5690-4830-7e65-08dc9b48dfa0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|366016|52116014|376014|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?3AqRQIQjTnREjKnfAMXnYpoGVN28ojSZZHlERwZiwcfRkmCqOmRxr2QCxKbE?= =?us-ascii?Q?Om/AcefNFOQFNVcfpcscFyN7irHY8oZi9Sn8kMO4u4ytDpYocGwR4F3Ts9pa?= =?us-ascii?Q?lio/i3uSDGsmomTMqInJiTnP2UsFvDHXR5SExgpux9Sa0ZegxMJmzmlYtdSM?= =?us-ascii?Q?xuT/zfJghWxvM3d8AsR4dLSwaUdqfDaFED2qmC409Jd+hyKT4ry8kvRlyrWn?= =?us-ascii?Q?l0VFCPywx/Brt7tKBSodYLtjjOfYEFVm3IYFmtcE869XlOsBFEWf+RreXpBP?= =?us-ascii?Q?xt5wqFNud27awzIDa8gC3Gxz90aEk7mjcAKzL4C+wYOeShRHZF1afdT+fy1k?= =?us-ascii?Q?/bgt7xQ5PFOlmVTrYISVEQM4NomjBPH0NESN7opUfL/ezxKBYBMGAGskqmjL?= =?us-ascii?Q?3DFQTV2MDrjazcVgGKn/N1Rqzwb3RJyRos00LqTwksRrKKgQcIy7F62FjiRN?= =?us-ascii?Q?At+ygJVdHeZnaUApZD6lYS3Uv0/+Fy1SP9kdJas9RwifW/U6YpgLQ+5sv7mb?= =?us-ascii?Q?/FmqBL4ltQ/DOF3S1iCY/iyw9AMVLRyvsM17s9Rg7eZdM1Wbmte9I/tI6XsB?= =?us-ascii?Q?uZFZAvnwFOtATGk6cln9QecdTs62fvcRx9TIiHGz7qaIL7hKichfKYYF9oO8?= =?us-ascii?Q?H5ytBEoyGRI8WcjjQOuAhR3q/nuBKCC6IPjI3cKSX9RkLEN9JvcDiesoZmBm?= =?us-ascii?Q?oS0mUGNYQGvWwql9nBGA8kJODH9qT/LU3E9LKNVC+YW2JmoDv06bDeKYwJ+a?= =?us-ascii?Q?FPIZv1IxjIL/EXLiQPLZ9XFuk8wobnBMLupy1B9p/yX/c+YRZb7nIUH0neyN?= =?us-ascii?Q?bb88OPI69htaoNLLc9vbWrASklsqTiKLq/g9Il6/tkEnouQaKYoBQYizruwy?= =?us-ascii?Q?apk0X0B/qt+dqg8ojAepKKFcWkFPTJqzRPQB/06UJtS8o0OfKBGZk0dyWVV/?= =?us-ascii?Q?TCu5ma3Da3iQL7dgRPCRSDKMs5YfgiyvQYmSqUfnW6FsgDzkgfksgeOR15hq?= =?us-ascii?Q?VhcP10+G29QKya4GL+WduE2w+VVc57VipO2tvqt29qhqKZk+AJ5pN9VQZe9K?= =?us-ascii?Q?SeW29bIZBurVTU+GGODuxqVWvKSSfqyorwogY56z7lMGyBg+wTltMYdHPx/y?= =?us-ascii?Q?R8UxsKqtJDV0+KfMJ4GJf0StGn9AAbROLWMLtPW4BX05OqqIoB1jqIwDkS1D?= =?us-ascii?Q?LOsDiOhfpq68XZmEPCDpOfszrHJDujmcArytmzH0KWe8OIBxO6mGAuU1wqEQ?= =?us-ascii?Q?cb+peP+jNPx19M2jGHECdcMe/3b0ei9UJOBRAAvp2Q/Lf9ML//ygr3vP1R7c?= =?us-ascii?Q?soZLN0wg2qtAoNHB9uTf3QcuO29VvhApUdsbGHPaQgXjl6QEyJMjvg93foXA?= =?us-ascii?Q?j+8sFWhzQPQ15lSfOcpbJwrICtWYj78B0NoLidwPfEU2DVzSnQ=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AS8SPR01MB0024.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230040)(366016)(52116014)(376014)(1800799024)(38350700014); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?JWPraHndjwX8wSTWTKbf3Uh9qdeXs5/RhtLDLf7+4Wpi1hKhgNlHDXA2ZaJZ?= =?us-ascii?Q?7tpSATbzztaNH2xK33MSXPF+PCVGOWtvjf6dcyOSzy2ZqGO0HVT+Mpq5RgM8?= =?us-ascii?Q?QEHgZD0zb2nvYe3VFE2kIQi6Tp5Lbyq/1OR3tm/2doXLLYk384nrLtCUx/BJ?= =?us-ascii?Q?s7W5mAY5cnSkWcUHPOGkD7G8iUF/CTYm6vXJk1MMVyrm+X3d68qiUaTKAE9q?= =?us-ascii?Q?7JWr9VjRSGamql0ZDWiP8cI4M4xoGUzvILzRGh7cQEq217v7lWsuOMI8liRk?= =?us-ascii?Q?/AqfEhew3QUzUInvvoZLtVBMd+ABqt4islJWtIU5KMEQqmcjce6KGgX7Spul?= =?us-ascii?Q?sst7MjOX94kJBihRSlEs2ocA3maEVPrZaBnoJZjFSbq+uJWoNlCCXCZR/fSG?= =?us-ascii?Q?z436h1PwZZG41h6o14GimyP+Tqsmi2vyY0Z4ScfeV4ELZ27LL6zxZKd3wvAN?= =?us-ascii?Q?vqzAAoUZxfYEzdeMOB7Nc4nvJKMD13aVRgI9TpGkKY+pV/XFsjrmvcXyZMWA?= =?us-ascii?Q?Q/noitYHxe4IpOUmtHhaQgSDYEoGVITzVSkNJfOTSp/3w5V6aZuOVJAhJX5t?= =?us-ascii?Q?srTfUESDFM0L8wFDlcXuFtXtMz0QlRM1wFxdZVr77nUnCsuqX/H8sCcggluT?= =?us-ascii?Q?dSekdX+XGf8q9K+dQLRe0Vt3bZxVIf1KJrL1vESd76tTNGfx7i9xCP3pWY1z?= =?us-ascii?Q?UMQbGWAv76Fbk8w58mRUiAfD83bhCpcOvrH9DIHsUQmNA0K+nQ3eoynP6bQQ?= =?us-ascii?Q?qPlnulFn+En2DyJczArESMQQRiPpSAG9DePM7tZJ3avo0Ov1VjfDOfF66Pul?= =?us-ascii?Q?Tnb1x5Jf+dDdV0ca/Mz5w68HLznLZL4IOoXte5ciTtJX6c9xPyvZle3PmsHE?= =?us-ascii?Q?y6BlGrqNvT5uvUKg0l2i+5ysGA5T//LPImgGIoR1Igr6dl1SBcq2wh+USPdw?= =?us-ascii?Q?nEsJ1cHbVmkxu5Lsv6DSuJ9stGdZ/eJDWD5TX6qh+WEQqtxwp1P7UL9+fV+l?= =?us-ascii?Q?MDw4rCDlvdfdlOppZLO/6w1xFf3nPO7xCWoZDqTgCx5Ooq9O54GCw4fIwDND?= =?us-ascii?Q?xblfoREyiMbfjrVQkqUo56iSbE0RQi1jx2fVcdRtU1A4zQIVuVvG/EmlmU6V?= =?us-ascii?Q?q87w1knhEMhJCPto1mEtN033FKuWNWEyDaZ7WdJEhikKKQvuK1stoeFaT0yW?= =?us-ascii?Q?PiFjoIShcEh5op+nrcNybOT35CVOkdJ1kuu2bpFJabCF0e38mhjwQjMdWRV7?= =?us-ascii?Q?d2tOq3GsF4XCKcNcffoheOn/sOrP7B4VP1HlwbK0aGIl0buXEwQh8jLWXX1f?= =?us-ascii?Q?T3/esn+/nszZjZoOJWOg/zfM26ZTfuPt+GRT7ffcGOhQ0zmr4Wb9HgwFIhJ4?= =?us-ascii?Q?qxetIu3+GIozmEiHSzhrFU5Ld1m50W6Fqvq2kUMyYc+o6BxZs//kVYLD7VT5?= =?us-ascii?Q?Jct6HblcBI97k/NtUTMNZyvMX1cH87+KrQFMBcJwCLWqmvma/C+nIP1ZSCJY?= =?us-ascii?Q?66BCSVTHyjcrrDb5JLzGXlw0gO1bxrIwgquEJcEK6V/UV7RaJvJiEwf8cbVf?= =?us-ascii?Q?np303ENCd3Ncf/6PJqfGzAn/iM8yVkMYZXG8gQ8m?= X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 65969e9c-5690-4830-7e65-08dc9b48dfa0 X-MS-Exchange-CrossTenant-AuthSource: AS8SPR01MB0024.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Jul 2024 10:14:07.2897 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: q/Q7ErIVnDHyqn8StnAjtxIsY9JIzD+j8Q11bOmpnATIwwnFzjhqGr5VXRTXXUEF X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR04MB9707 X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org During IPsec operations, driver code pre-check whether KEYS can be inlined to limited size descriptor or not and based on that it decides to copy the complete KEY in descriptor or just give the memory pointer of KEY in descriptor. This pre-check code does not take care of padding required for security engine to make the KEYs inline which results in incorrect length descriptor for some algorithms. This patch fixes this issue by updating the pre-check code with proper padding size included for each supported algorithm. Fixes: 453b9593a3cf ("crypto/dpaax_sec: fix inline query for descriptors") Cc: stable@dpdk.org Signed-off-by: Gagandeep Singh --- drivers/common/dpaax/caamflib/desc/ipsec.h | 73 ++++++++++++++++++++++ drivers/crypto/dpaa_sec/dpaa_sec.c | 4 +- 2 files changed, 75 insertions(+), 2 deletions(-) diff --git a/drivers/common/dpaax/caamflib/desc/ipsec.h b/drivers/common/dpaax/caamflib/desc/ipsec.h index eff26f6f8b..b902873970 100644 --- a/drivers/common/dpaax/caamflib/desc/ipsec.h +++ b/drivers/common/dpaax/caamflib/desc/ipsec.h @@ -728,6 +728,79 @@ static inline void __gen_auth_key(struct program *program, authdata->key, authdata->key_type); } +/** + * rta_inline_ipsec_query() - Provide indications on which data items can be inlined + * and which shall be referenced in IPsec shared descriptor. + * @sd_base_len: Shared descriptor base length - bytes consumed by the commands, + * excluding the data items to be inlined (or corresponding + * pointer if an item is not inlined). Each cnstr_* function that + * generates descriptors should have a define mentioning + * corresponding length. + * @jd_len: Maximum length of the job descriptor(s) that will be used + * together with the shared descriptor. + * @data_len: Array of lengths of the data items trying to be inlined + * @inl_mask: 32bit mask with bit x = 1 if data item x can be inlined, 0 + * otherwise. + * @count: Number of data items (size of @data_len array); must be <= 32 + * @auth_algtype: Authentication algorithm type. + * @auth_index: Index value of data_len for authentication key length. + * -1 if authentication key length is not present in data_len. + * + * Return: 0 if data can be inlined / referenced, negative value if not. If 0, + * check @inl_mask for details. + */ +static inline int +rta_inline_ipsec_query(unsigned int sd_base_len, + unsigned int jd_len, + unsigned int *data_len, + uint32_t *inl_mask, + unsigned int count, + uint32_t auth_algtype, + int32_t auth_index) +{ + uint32_t dkp_protid; + + switch (auth_algtype & OP_PCL_IPSEC_AUTH_MASK) { + case OP_PCL_IPSEC_HMAC_MD5_96: + case OP_PCL_IPSEC_HMAC_MD5_128: + dkp_protid = OP_PCLID_DKP_MD5; + break; + case OP_PCL_IPSEC_HMAC_SHA1_96: + case OP_PCL_IPSEC_HMAC_SHA1_160: + dkp_protid = OP_PCLID_DKP_SHA1; + break; + case OP_PCL_IPSEC_HMAC_SHA2_256_128: + dkp_protid = OP_PCLID_DKP_SHA256; + break; + case OP_PCL_IPSEC_HMAC_SHA2_384_192: + dkp_protid = OP_PCLID_DKP_SHA384; + break; + case OP_PCL_IPSEC_HMAC_SHA2_512_256: + dkp_protid = OP_PCLID_DKP_SHA512; + break; + case OP_PCL_IPSEC_HMAC_SHA2_224_96: + case OP_PCL_IPSEC_HMAC_SHA2_224_112: + case OP_PCL_IPSEC_HMAC_SHA2_224_224: + dkp_protid = OP_PCLID_DKP_SHA224; + break; + default: + return rta_inline_query(sd_base_len, + jd_len, + data_len, + inl_mask, count); + } + + /* Updating the maximum supported inline key length */ + if (auth_index != -1) { + if (split_key_len(dkp_protid) > data_len[auth_index]) + data_len[auth_index] = split_key_len(dkp_protid); + } + return rta_inline_query(sd_base_len, + jd_len, + data_len, + inl_mask, count); +} + /** * cnstr_shdsc_ipsec_encap - IPSec ESP encapsulation protocol-level shared * descriptor. diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c index 44528eaf7f..679f78c4b9 100644 --- a/drivers/crypto/dpaa_sec/dpaa_sec.c +++ b/drivers/crypto/dpaa_sec/dpaa_sec.c @@ -395,10 +395,10 @@ dpaa_sec_prep_ipsec_cdb(dpaa_sec_session *ses) cdb->sh_desc[0] = cipherdata.keylen; cdb->sh_desc[1] = authdata.keylen; - err = rta_inline_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, + err = rta_inline_ipsec_query(IPSEC_AUTH_VAR_AES_DEC_BASE_DESC_LEN, DESC_JOB_IO_LEN, (unsigned int *)cdb->sh_desc, - &cdb->sh_desc[2], 2); + &cdb->sh_desc[2], 2, authdata.algtype, 1); if (err < 0) { DPAA_SEC_ERR("Crypto: Incorrect key lengths"); -- 2.25.1