crypto/armv8: fix authentication session configuration

For key sizes greater than digest length, pad with zero rather than
computing hash of the key itself.

Fixes: 169ca3db550c ("crypto/armv8: add PMD optimized for ARMv8 processors")
Cc: stable@dpdk.org
Signed-off-by: Srisivasubramanian S <ssrinivasan@caviumnetworks.com>

diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index c3ba439..a5c39c9 100644 (file)
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -291,27 +291,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
                 * Generate authentication key, i_key_pad and o_key_pad.
                 */
                /* Zero memory under key */
-               memset(sess->auth.hmac.key, 0, SHA1_AUTH_KEY_LENGTH);
-
-               if (xform->auth.key.length > SHA1_AUTH_KEY_LENGTH) {
-                       /*
-                        * In case the key is longer than 160 bits
-                        * the algorithm will use SHA1(key) instead.
-                        */
-                       error = sha1_block(NULL, xform->auth.key.data,
-                               sess->auth.hmac.key, xform->auth.key.length);
-                       if (error != 0)
-                               return -1;
-               } else {
-                       /*
-                        * Now copy the given authentication key to the session
-                        * key assuming that the session key is zeroed there is
-                        * no need for additional zero padding if the key is
-                        * shorter than SHA1_AUTH_KEY_LENGTH.
-                        */
-                       rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
-                                                       xform->auth.key.length);
-               }
+               memset(sess->auth.hmac.key, 0, SHA1_BLOCK_SIZE);
+
+               /*
+                * Now copy the given authentication key to the session
+                * key.
+                */
+               rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
+                                               xform->auth.key.length);
 
                /* Prepare HMAC padding: key|pattern */
                auth_hmac_pad_prepare(sess, xform);
@@ -337,27 +324,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
                 * Generate authentication key, i_key_pad and o_key_pad.
                 */
                /* Zero memory under key */
-               memset(sess->auth.hmac.key, 0, SHA256_AUTH_KEY_LENGTH);
-
-               if (xform->auth.key.length > SHA256_AUTH_KEY_LENGTH) {
-                       /*
-                        * In case the key is longer than 256 bits
-                        * the algorithm will use SHA256(key) instead.
-                        */
-                       error = sha256_block(NULL, xform->auth.key.data,
-                               sess->auth.hmac.key, xform->auth.key.length);
-                       if (error != 0)
-                               return -1;
-               } else {
-                       /*
-                        * Now copy the given authentication key to the session
-                        * key assuming that the session key is zeroed there is
-                        * no need for additional zero padding if the key is
-                        * shorter than SHA256_AUTH_KEY_LENGTH.
-                        */
-                       rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
-                                                       xform->auth.key.length);
-               }
+               memset(sess->auth.hmac.key, 0, SHA256_BLOCK_SIZE);
+
+               /*
+                * Now copy the given authentication key to the session
+                * key.
+                */
+               rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
+                                               xform->auth.key.length);
 
                /* Prepare HMAC padding: key|pattern */
                auth_hmac_pad_prepare(sess, xform);

diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index 679a71a..d02992a 100644 (file)
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -198,8 +198,8 @@ struct armv8_crypto_session {
                                uint8_t o_key_pad[SHA_BLOCK_MAX]
                                                        __rte_cache_aligned;
                                /**< outer pad (max supported block length) */
-                               uint8_t key[SHA_AUTH_KEY_MAX];
-                               /**< HMAC key (max supported length)*/
+                               uint8_t key[SHA_BLOCK_MAX];
+                               /**< HMAC key (max supported block length)*/
                        } hmac;
                };
                uint16_t digest_length;