* [PATCH 21.11 1/2] common/cnxk: swap zuc-256 key
2022-06-24 7:18 [PATCH 21.11 0/2] fix zuc-256 cipher support Ankur Dwivedi
@ 2022-06-24 7:18 ` Ankur Dwivedi
2022-06-24 13:20 ` Kevin Traynor
2022-06-24 7:18 ` [PATCH 21.11 2/2] crypto/cnxk: swap zuc-256 iv Ankur Dwivedi
1 sibling, 1 reply; 4+ messages in thread
From: Ankur Dwivedi @ 2022-06-24 7:18 UTC (permalink / raw)
To: stable; +Cc: anoobj, gakhil, ktejasree, jerinj, vvelumuri, Ankur Dwivedi
[ upstream commit 5242d8dbbed7fa78c01e86777a4cbc96f5605372 ]
The microcode expects zuc-256 key to be in reverse of what is
provided by dpdk test app. This patch swaps the zuc-256 key.
Fixes: 66a8a26f311f ("common/cnxk: fix ZUC constants")
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
drivers/common/cnxk/roc_se.c | 7 +++++--
drivers/common/cnxk/roc_se.h | 22 ++++++++++++++++++++++
2 files changed, 27 insertions(+), 2 deletions(-)
diff --git a/drivers/common/cnxk/roc_se.c b/drivers/common/cnxk/roc_se.c
index ffe537af30..3f0821e400 100644
--- a/drivers/common/cnxk/roc_se.c
+++ b/drivers/common/cnxk/roc_se.c
@@ -283,6 +283,8 @@ roc_se_auth_key_set(struct roc_se_ctx *se_ctx, roc_se_auth_type type,
return ret;
se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
memcpy(ci_key, key, key_len);
+ if (key_len == 32)
+ roc_se_zuc_bytes_swap(ci_key, key_len);
cpt_pdcp_update_zuc_const(zuc_const, key_len, mac_len);
se_ctx->fc_type = ROC_SE_PDCP;
se_ctx->zsk_flags = 0x1;
@@ -459,9 +461,10 @@ roc_se_ciph_key_set(struct roc_se_ctx *se_ctx, roc_se_cipher_type type,
zs_ctx->zuc.otk_ctx.w0.s.alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
se_ctx->pdcp_alg_type = ROC_SE_PDCP_ALG_TYPE_ZUC;
memcpy(ci_key, key, key_len);
- if (key_len == 32)
+ if (key_len == 32) {
+ roc_se_zuc_bytes_swap(ci_key, key_len);
memcpy(zuc_const, zuc_key256, 16);
- else
+ } else
memcpy(zuc_const, zuc_key128, 32);
se_ctx->zsk_flags = 0;
diff --git a/drivers/common/cnxk/roc_se.h b/drivers/common/cnxk/roc_se.h
index 5be832fa75..500f94ac11 100644
--- a/drivers/common/cnxk/roc_se.h
+++ b/drivers/common/cnxk/roc_se.h
@@ -297,6 +297,27 @@ struct roc_se_ctx {
uint8_t *auth_key;
};
+static inline void
+roc_se_zuc_bytes_swap(uint8_t *arr, int len)
+{
+ int start, end;
+ uint8_t tmp;
+
+ if (len <= 0)
+ return;
+
+ start = 0;
+ end = len - 1;
+
+ while (start < end) {
+ tmp = arr[start];
+ arr[start] = arr[end];
+ arr[end] = tmp;
+ start++;
+ end--;
+ }
+}
+
int __roc_api roc_se_auth_key_set(struct roc_se_ctx *se_ctx,
roc_se_auth_type type, const uint8_t *key,
uint16_t key_len, uint16_t mac_len);
@@ -306,4 +327,5 @@ int __roc_api roc_se_ciph_key_set(struct roc_se_ctx *se_ctx,
uint16_t key_len, uint8_t *salt);
void __roc_api roc_se_ctx_swap(struct roc_se_ctx *se_ctx);
+
#endif /* __ROC_SE_H__ */
--
2.28.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 21.11 2/2] crypto/cnxk: swap zuc-256 iv
2022-06-24 7:18 [PATCH 21.11 0/2] fix zuc-256 cipher support Ankur Dwivedi
2022-06-24 7:18 ` [PATCH 21.11 1/2] common/cnxk: swap zuc-256 key Ankur Dwivedi
@ 2022-06-24 7:18 ` Ankur Dwivedi
1 sibling, 0 replies; 4+ messages in thread
From: Ankur Dwivedi @ 2022-06-24 7:18 UTC (permalink / raw)
To: stable; +Cc: anoobj, gakhil, ktejasree, jerinj, vvelumuri, Ankur Dwivedi
[ upstream commit 09ceaa636061c15e9c16a14aaa5caf7378e2c6fa ]
The microcode expects the iv to be in reverse of what is provided
by dpdk test app. Also the first 8 bytes of reversed iv is
compressed to 6 bytes.
Fixes: 89b78a2e3df9 ("crypto/cnxk: fix IV length for ZUC-256")
Signed-off-by: Ankur Dwivedi <adwivedi@marvell.com>
---
drivers/crypto/cnxk/cnxk_se.h | 24 +++++++++++++-----------
1 file changed, 13 insertions(+), 11 deletions(-)
diff --git a/drivers/crypto/cnxk/cnxk_se.h b/drivers/crypto/cnxk/cnxk_se.h
index 99a2894fa6..af86ef18d8 100644
--- a/drivers/crypto/cnxk/cnxk_se.h
+++ b/drivers/crypto/cnxk/cnxk_se.h
@@ -39,17 +39,16 @@ struct cnxk_se_sess {
static inline void
cpt_pack_iv(uint8_t *iv_src, uint8_t *iv_dst)
{
- iv_dst[16] = iv_src[16];
- /* pack the last 8 bytes of IV to 6 bytes.
+ /* pack the first 8 bytes of IV to 6 bytes.
* discard the 2 MSB bits of each byte
*/
- iv_dst[17] = (((iv_src[17] & 0x3f) << 2) | ((iv_src[18] >> 4) & 0x3));
- iv_dst[18] = (((iv_src[18] & 0xf) << 4) | ((iv_src[19] >> 2) & 0xf));
- iv_dst[19] = (((iv_src[19] & 0x3) << 6) | (iv_src[20] & 0x3f));
+ iv_dst[0] = (((iv_src[0] & 0x3f) << 2) | ((iv_src[1] >> 4) & 0x3));
+ iv_dst[1] = (((iv_src[1] & 0xf) << 4) | ((iv_src[2] >> 2) & 0xf));
+ iv_dst[2] = (((iv_src[2] & 0x3) << 6) | (iv_src[3] & 0x3f));
- iv_dst[20] = (((iv_src[21] & 0x3f) << 2) | ((iv_src[22] >> 4) & 0x3));
- iv_dst[21] = (((iv_src[22] & 0xf) << 4) | ((iv_src[23] >> 2) & 0xf));
- iv_dst[22] = (((iv_src[23] & 0x3) << 6) | (iv_src[24] & 0x3f));
+ iv_dst[3] = (((iv_src[4] & 0x3f) << 2) | ((iv_src[5] >> 4) & 0x3));
+ iv_dst[4] = (((iv_src[5] & 0xf) << 4) | ((iv_src[6] >> 2) & 0xf));
+ iv_dst[5] = (((iv_src[6] & 0x3) << 6) | (iv_src[7] & 0x3f));
}
static inline void
@@ -71,10 +70,11 @@ pdcp_iv_copy(uint8_t *iv_d, uint8_t *iv_s, const uint8_t pdcp_alg_type,
iv_temp[j] = iv_s_temp[3 - j];
memcpy(iv_d, iv_temp, 16);
} else {
- /* ZUC doesn't need a swap */
- memcpy(iv_d, iv_s, 16);
- if (pack_iv)
+ if (pack_iv) {
cpt_pack_iv(iv_s, iv_d);
+ memcpy(iv_d + 6, iv_s + 8, 17);
+ } else
+ memcpy(iv_d, iv_s, 16);
}
}
@@ -1020,6 +1020,7 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
iv_len = params->auth_iv_len;
if (iv_len == 25) {
+ roc_se_zuc_bytes_swap(iv_s, iv_len);
iv_len -= 2;
pack_iv = 1;
}
@@ -1049,6 +1050,7 @@ cpt_zuc_snow3g_prep(uint32_t req_flags, uint64_t d_offs, uint64_t d_lens,
iv_len = params->cipher_iv_len;
if (iv_len == 25) {
+ roc_se_zuc_bytes_swap(iv_s, iv_len);
iv_len -= 2;
pack_iv = 1;
}
--
2.28.0
^ permalink raw reply [flat|nested] 4+ messages in thread