From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Vidya Sagar Velumuri <vvelumuri@marvell.com>, <dev@dpdk.org>
Subject: [PATCH 12/13] crypto/cnxk: verify IV length during session create
Date: Thu, 20 Oct 2022 16:44:52 +0530 [thread overview]
Message-ID: <20221020111453.1982947-6-ktejasree@marvell.com> (raw)
In-Reply-To: <20221020111453.1982947-1-ktejasree@marvell.com>
From: Anoob Joseph <anoobj@marvell.com>
For Kasumi cipher operation, IV is a must. Verify the arg provided in
session creation and remove datapath check.
Coverity issue: 381020 381019
Fixes: 7a59ccc1b502 ("crypto/cnxk: remove extra indirection for FC and Kasumi")
Signed-off-by: Anoob Joseph <anoobj@marvell.com>
---
drivers/crypto/cnxk/cnxk_se.h | 44 ++++++++++++++---------------------
1 file changed, 17 insertions(+), 27 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index ac97b864b9..4675512bbc 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -1753,35 +1753,17 @@ cpt_kasumi_enc_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
auth_data_len = ROC_SE_AUTH_DLEN(d_lens);
se_ctx = params->ctx;
+ iv_s = params->iv_buf;
flags = se_ctx->zsk_flags;
mac_len = se_ctx->mac_len;
- if (flags == 0x0)
- iv_s = params->iv_buf;
- else
- iv_s = params->auth_iv_buf;
-
dir = iv_s[8] & 0x1;
- cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_KASUMI | ROC_SE_DMA_MODE;
-
- /* indicates ECB/CBC, direction, ctx from cptr, iv from dptr */
- cpt_inst_w4.s.opcode_minor = ((1 << 6) | (se_ctx->k_ecb << 5) |
- (dir << 4) | (0 << 3) | (flags & 0x7));
-
- /*
- * GP op header, lengths are expected in bits.
- */
- cpt_inst_w4.s.param1 = encr_data_len;
- cpt_inst_w4.s.param2 = auth_data_len;
-
- /* consider iv len */
if (flags == 0x0) {
+ /* Consider IV len */
encr_offset += iv_len;
auth_offset += iv_len;
- }
- if (flags == 0x0) {
inputlen = encr_offset + (RTE_ALIGN(encr_data_len, 8) / 8);
outputlen = inputlen;
/* iv offset is 0 */
@@ -1803,6 +1785,15 @@ cpt_kasumi_enc_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
}
}
+ cpt_inst_w4.s.opcode_major = ROC_SE_MAJOR_OP_KASUMI | ROC_SE_DMA_MODE;
+
+ /* Indicate ECB/CBC, direction, CTX from CPTR, IV from DPTR */
+ cpt_inst_w4.s.opcode_minor =
+ ((1 << 6) | (se_ctx->k_ecb << 5) | (dir << 4) | (0 << 3) | (flags & 0x7));
+
+ cpt_inst_w4.s.param1 = encr_data_len;
+ cpt_inst_w4.s.param2 = auth_data_len;
+
inst->w4.u64 = cpt_inst_w4.u64;
if (is_sg_ver2)
sg2_inst_prep(params, inst, offset_ctrl, iv_s, iv_len, 0, 0, inputlen, outputlen, 0,
@@ -2017,6 +2008,8 @@ fill_sess_cipher(struct rte_crypto_sym_xform *xform, struct cnxk_se_sess *sess)
case RTE_CRYPTO_CIPHER_KASUMI_F8:
if (sess->chained_op)
return -ENOTSUP;
+ if (c_form->iv.length != 8)
+ return -EINVAL;
enc_type = ROC_SE_KASUMI_F8_ECB;
cipher_key_len = 16;
zsk_flag = ROC_SE_K_F8;
@@ -2433,15 +2426,12 @@ fill_fc_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
fc_params.mac_buf.size = 0;
fc_params.mac_buf.vaddr = 0;
- if (likely(sess->iv_length)) {
+ if (likely(is_kasumi || sess->iv_length)) {
flags |= ROC_SE_VALID_IV_BUF;
- fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *,
- sess->iv_offset);
+ fc_params.iv_buf = rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset);
if (!is_aead && sess->aes_ctr && unlikely(sess->iv_length != 16)) {
memcpy((uint8_t *)iv_buf,
- rte_crypto_op_ctod_offset(cop, uint8_t *,
- sess->iv_offset),
- 12);
+ rte_crypto_op_ctod_offset(cop, uint8_t *, sess->iv_offset), 12);
iv_buf[3] = rte_cpu_to_be_32(0x1);
fc_params.iv_buf = iv_buf;
}
@@ -3017,7 +3007,7 @@ fill_digest_params(struct rte_crypto_op *cop, struct cnxk_se_sess *sess,
/* Store it at end of auth iv */
iv_buf[8] = direction;
- params.auth_iv_buf = iv_buf;
+ params.iv_buf = iv_buf;
}
}
--
2.25.1
next prev parent reply other threads:[~2022-10-20 11:15 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-20 11:14 [PATCH 00/13] fixes and improvements to cnxk crypto PMD Tejasree Kondoj
2022-10-20 11:14 ` [PATCH 08/13] common/cnxk: add opad ipad gen for md5 Tejasree Kondoj
2022-10-20 11:14 ` [PATCH 09/13] crypto/cnxk: support PDCP AAD in CPT PMD Tejasree Kondoj
2022-10-20 11:14 ` [PATCH 10/13] crypto/cnxk: acquire lock while updating antireplay Tejasree Kondoj
2022-10-20 11:14 ` [PATCH 11/13] crypto/cnxk: switch to SG when metabuf is allocated Tejasree Kondoj
2022-10-25 7:21 ` Akhil Goyal
2022-10-20 11:14 ` Tejasree Kondoj [this message]
2022-10-20 11:14 ` [PATCH 13/13] crypto/cnxk: remove dead code Tejasree Kondoj
2022-10-21 15:00 ` [PATCH 00/13] fixes and improvements to cnxk crypto PMD Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221020111453.1982947-6-ktejasree@marvell.com \
--to=ktejasree@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=vvelumuri@marvell.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).