From: Srisivasubramanian S Date: Sun, 30 Jul 2017 11:23:00 +0000 (+0530) Subject: crypto/armv8: fix authentication session configuration X-Git-Tag: spdx-start~2348 X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=473174a7da555ec26751c89b56255192586cb0aa;p=dpdk.git crypto/armv8: fix authentication session configuration For key sizes greater than digest length, pad with zero rather than computing hash of the key itself. Fixes: 169ca3db550c ("crypto/armv8: add PMD optimized for ARMv8 processors") Cc: stable@dpdk.org Signed-off-by: Srisivasubramanian S --- diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c index c3ba439fce..a5c39c9b7f 100644 --- a/drivers/crypto/armv8/rte_armv8_pmd.c +++ b/drivers/crypto/armv8/rte_armv8_pmd.c @@ -291,27 +291,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess, * Generate authentication key, i_key_pad and o_key_pad. */ /* Zero memory under key */ - memset(sess->auth.hmac.key, 0, SHA1_AUTH_KEY_LENGTH); - - if (xform->auth.key.length > SHA1_AUTH_KEY_LENGTH) { - /* - * In case the key is longer than 160 bits - * the algorithm will use SHA1(key) instead. - */ - error = sha1_block(NULL, xform->auth.key.data, - sess->auth.hmac.key, xform->auth.key.length); - if (error != 0) - return -1; - } else { - /* - * Now copy the given authentication key to the session - * key assuming that the session key is zeroed there is - * no need for additional zero padding if the key is - * shorter than SHA1_AUTH_KEY_LENGTH. - */ - rte_memcpy(sess->auth.hmac.key, xform->auth.key.data, - xform->auth.key.length); - } + memset(sess->auth.hmac.key, 0, SHA1_BLOCK_SIZE); + + /* + * Now copy the given authentication key to the session + * key. + */ + rte_memcpy(sess->auth.hmac.key, xform->auth.key.data, + xform->auth.key.length); /* Prepare HMAC padding: key|pattern */ auth_hmac_pad_prepare(sess, xform); @@ -337,27 +324,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess, * Generate authentication key, i_key_pad and o_key_pad. */ /* Zero memory under key */ - memset(sess->auth.hmac.key, 0, SHA256_AUTH_KEY_LENGTH); - - if (xform->auth.key.length > SHA256_AUTH_KEY_LENGTH) { - /* - * In case the key is longer than 256 bits - * the algorithm will use SHA256(key) instead. - */ - error = sha256_block(NULL, xform->auth.key.data, - sess->auth.hmac.key, xform->auth.key.length); - if (error != 0) - return -1; - } else { - /* - * Now copy the given authentication key to the session - * key assuming that the session key is zeroed there is - * no need for additional zero padding if the key is - * shorter than SHA256_AUTH_KEY_LENGTH. - */ - rte_memcpy(sess->auth.hmac.key, xform->auth.key.data, - xform->auth.key.length); - } + memset(sess->auth.hmac.key, 0, SHA256_BLOCK_SIZE); + + /* + * Now copy the given authentication key to the session + * key. + */ + rte_memcpy(sess->auth.hmac.key, xform->auth.key.data, + xform->auth.key.length); /* Prepare HMAC padding: key|pattern */ auth_hmac_pad_prepare(sess, xform); diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h index 679a71af30..d02992a648 100644 --- a/drivers/crypto/armv8/rte_armv8_pmd_private.h +++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h @@ -198,8 +198,8 @@ struct armv8_crypto_session { uint8_t o_key_pad[SHA_BLOCK_MAX] __rte_cache_aligned; /**< outer pad (max supported block length) */ - uint8_t key[SHA_AUTH_KEY_MAX]; - /**< HMAC key (max supported length)*/ + uint8_t key[SHA_BLOCK_MAX]; + /**< HMAC key (max supported block length)*/ } hmac; }; uint16_t digest_length;