common/cpt: check MAC length

HMAC/HASH opcode algorithms supports fixed mac length.
Allowed session creation to fail when requested for
unsupported MAC length for HMAC/HASH-only use cases.

Signed-off-by: Archana Muniganti <marchana@marvell.com>
Acked-by: Anoob Joseph <anoobj@marvell.com>

diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h
index ee2c7f3..0a05bd5 100644 (file)
--- a/drivers/common/cpt/cpt_mcode_defines.h
+++ b/drivers/common/cpt/cpt_mcode_defines.h
@@ -427,6 +427,9 @@ typedef mc_hash_type_t auth_type_t;
 #define SESS_PRIV(__sess) \
        (void *)((uint8_t *)__sess + sizeof(struct cpt_sess_misc))
 
+#define GET_SESS_FC_TYPE(__sess) \
+       (((struct cpt_ctx *)(SESS_PRIV(__sess)))->fc_type)
+
 /*
  * Get the session size
  *

diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h
index 175dd6d..fd56f4c 100644 (file)
--- a/drivers/common/cpt/cpt_ucode.h
+++ b/drivers/common/cpt/cpt_ucode.h
@@ -35,6 +35,47 @@ gen_key_snow3g(const uint8_t *ck, uint32_t *keyx)
        }
 }
 
+static __rte_always_inline int
+cpt_mac_len_verify(struct rte_crypto_auth_xform *auth)
+{
+       uint16_t mac_len = auth->digest_length;
+       int ret;
+
+       switch (auth->algo) {
+       case RTE_CRYPTO_AUTH_MD5:
+       case RTE_CRYPTO_AUTH_MD5_HMAC:
+               ret = (mac_len == 16) ? 0 : -1;
+               break;
+       case RTE_CRYPTO_AUTH_SHA1:
+       case RTE_CRYPTO_AUTH_SHA1_HMAC:
+               ret = (mac_len == 20) ? 0 : -1;
+               break;
+       case RTE_CRYPTO_AUTH_SHA224:
+       case RTE_CRYPTO_AUTH_SHA224_HMAC:
+               ret = (mac_len == 28) ? 0 : -1;
+               break;
+       case RTE_CRYPTO_AUTH_SHA256:
+       case RTE_CRYPTO_AUTH_SHA256_HMAC:
+               ret = (mac_len == 32) ? 0 : -1;
+               break;
+       case RTE_CRYPTO_AUTH_SHA384:
+       case RTE_CRYPTO_AUTH_SHA384_HMAC:
+               ret = (mac_len == 48) ? 0 : -1;
+               break;
+       case RTE_CRYPTO_AUTH_SHA512:
+       case RTE_CRYPTO_AUTH_SHA512_HMAC:
+               ret = (mac_len == 64) ? 0 : -1;
+               break;
+       case RTE_CRYPTO_AUTH_NULL:
+               ret = 0;
+               break;
+       default:
+               ret = -1;
+       }
+
+       return ret;
+}
+
 static __rte_always_inline void
 cpt_fc_salt_update(void *ctx,
                   uint8_t *salt)

diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c
index 2cedf7d..14f22e3 100644 (file)
--- a/drivers/crypto/octeontx/otx_cryptodev_ops.c
+++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c
@@ -239,6 +239,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
                      struct rte_cryptodev_sym_session *sess,
                      struct rte_mempool *pool)
 {
+       struct rte_crypto_sym_xform *temp_xform = xform;
        struct cpt_sess_misc *misc;
        void *priv;
        int ret;
@@ -279,6 +280,13 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
                        goto priv_put;
        }
 
+       if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
+                       cpt_mac_len_verify(&temp_xform->auth)) {
+               CPT_LOG_ERR("MAC length is not supported");
+               ret = -ENOTSUP;
+               goto priv_put;
+       }
+
        set_sym_session_private_data(sess, driver_id, priv);
 
        misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +

diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
index 21ac122..7542db0 100644 (file)
--- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
+++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c
@@ -353,6 +353,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
                      struct rte_cryptodev_sym_session *sess,
                      struct rte_mempool *pool)
 {
+       struct rte_crypto_sym_xform *temp_xform = xform;
        struct cpt_sess_misc *misc;
        void *priv;
        int ret;
@@ -393,6 +394,13 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform,
                        goto priv_put;
        }
 
+       if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) &&
+                       cpt_mac_len_verify(&temp_xform->auth)) {
+               CPT_LOG_ERR("MAC length is not supported");
+               ret = -ENOTSUP;
+               goto priv_put;
+       }
+
        set_sym_session_private_data(sess, driver_id, misc);
 
        misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +