crypto/dpaax_sec: warn on truncated SHA-256

This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 173ec80..3b46cf2 100644 (file)
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2635,6 +2635,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
                memcpy(session->auth_key.data, auth_xform->key.data,
                                auth_xform->key.length);
                session->auth_alg = auth_xform->algo;
+               session->digest_length = auth_xform->digest_length;
        } else {
                session->auth_key.data = NULL;
                session->auth_key.length = 0;
@@ -2657,6 +2658,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
        case RTE_CRYPTO_AUTH_SHA256_HMAC:
                authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_256_128;
                authdata->algmode = OP_ALG_AAI_HMAC;
+               if (session->digest_length != 16)
+                       DPAA2_SEC_WARN(
+                       "+++Using sha256-hmac truncated len is non-standard,"
+                       "it will not work with lookaside proto");
                break;
        case RTE_CRYPTO_AUTH_SHA384_HMAC:
                authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_384_192;

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 7c7caf4..5bbeaf9 100644 (file)
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2616,6 +2616,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
                memcpy(session->auth_key.data, auth_xform->key.data,
                                auth_xform->key.length);
                session->auth_alg = auth_xform->algo;
+               session->digest_length = auth_xform->digest_length;
        } else {
                session->auth_key.data = NULL;
                session->auth_key.length = 0;
@@ -2634,6 +2635,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
        case RTE_CRYPTO_AUTH_SHA256_HMAC:
                session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
                session->auth_key.algmode = OP_ALG_AAI_HMAC;
+               if (session->digest_length != 16)
+                       DPAA_SEC_WARN(
+                       "+++Using sha256-hmac truncated len is non-standard,"
+                       "it will not work with lookaside proto");
                break;
        case RTE_CRYPTO_AUTH_SHA384_HMAC:
                session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;