From: Archana Muniganti Date: Wed, 16 Sep 2020 10:37:00 +0000 (+0530) Subject: common/cpt: check MAC length X-Git-Url: http://git.droids-corp.org/?a=commitdiff_plain;h=7293bae19a30b0fb9b8d50ac5f1997c6da32e2c2;p=dpdk.git common/cpt: check MAC length HMAC/HASH opcode algorithms supports fixed mac length. Allowed session creation to fail when requested for unsupported MAC length for HMAC/HASH-only use cases. Signed-off-by: Archana Muniganti Acked-by: Anoob Joseph --- diff --git a/drivers/common/cpt/cpt_mcode_defines.h b/drivers/common/cpt/cpt_mcode_defines.h index ee2c7f32a8..0a05bd5639 100644 --- a/drivers/common/cpt/cpt_mcode_defines.h +++ b/drivers/common/cpt/cpt_mcode_defines.h @@ -427,6 +427,9 @@ typedef mc_hash_type_t auth_type_t; #define SESS_PRIV(__sess) \ (void *)((uint8_t *)__sess + sizeof(struct cpt_sess_misc)) +#define GET_SESS_FC_TYPE(__sess) \ + (((struct cpt_ctx *)(SESS_PRIV(__sess)))->fc_type) + /* * Get the session size * diff --git a/drivers/common/cpt/cpt_ucode.h b/drivers/common/cpt/cpt_ucode.h index 175dd6dd88..fd56f4c807 100644 --- a/drivers/common/cpt/cpt_ucode.h +++ b/drivers/common/cpt/cpt_ucode.h @@ -35,6 +35,47 @@ gen_key_snow3g(const uint8_t *ck, uint32_t *keyx) } } +static __rte_always_inline int +cpt_mac_len_verify(struct rte_crypto_auth_xform *auth) +{ + uint16_t mac_len = auth->digest_length; + int ret; + + switch (auth->algo) { + case RTE_CRYPTO_AUTH_MD5: + case RTE_CRYPTO_AUTH_MD5_HMAC: + ret = (mac_len == 16) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA1: + case RTE_CRYPTO_AUTH_SHA1_HMAC: + ret = (mac_len == 20) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA224: + case RTE_CRYPTO_AUTH_SHA224_HMAC: + ret = (mac_len == 28) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA256: + case RTE_CRYPTO_AUTH_SHA256_HMAC: + ret = (mac_len == 32) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA384: + case RTE_CRYPTO_AUTH_SHA384_HMAC: + ret = (mac_len == 48) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_SHA512: + case RTE_CRYPTO_AUTH_SHA512_HMAC: + ret = (mac_len == 64) ? 0 : -1; + break; + case RTE_CRYPTO_AUTH_NULL: + ret = 0; + break; + default: + ret = -1; + } + + return ret; +} + static __rte_always_inline void cpt_fc_salt_update(void *ctx, uint8_t *salt) diff --git a/drivers/crypto/octeontx/otx_cryptodev_ops.c b/drivers/crypto/octeontx/otx_cryptodev_ops.c index 2cedf7dece..14f22e3011 100644 --- a/drivers/crypto/octeontx/otx_cryptodev_ops.c +++ b/drivers/crypto/octeontx/otx_cryptodev_ops.c @@ -239,6 +239,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform, struct rte_cryptodev_sym_session *sess, struct rte_mempool *pool) { + struct rte_crypto_sym_xform *temp_xform = xform; struct cpt_sess_misc *misc; void *priv; int ret; @@ -279,6 +280,13 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform, goto priv_put; } + if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) && + cpt_mac_len_verify(&temp_xform->auth)) { + CPT_LOG_ERR("MAC length is not supported"); + ret = -ENOTSUP; + goto priv_put; + } + set_sym_session_private_data(sess, driver_id, priv); misc->ctx_dma_addr = rte_mempool_virt2iova(misc) + diff --git a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c index 21ac122a64..7542db0dd7 100644 --- a/drivers/crypto/octeontx2/otx2_cryptodev_ops.c +++ b/drivers/crypto/octeontx2/otx2_cryptodev_ops.c @@ -353,6 +353,7 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform, struct rte_cryptodev_sym_session *sess, struct rte_mempool *pool) { + struct rte_crypto_sym_xform *temp_xform = xform; struct cpt_sess_misc *misc; void *priv; int ret; @@ -393,6 +394,13 @@ sym_session_configure(int driver_id, struct rte_crypto_sym_xform *xform, goto priv_put; } + if ((GET_SESS_FC_TYPE(misc) == HASH_HMAC) && + cpt_mac_len_verify(&temp_xform->auth)) { + CPT_LOG_ERR("MAC length is not supported"); + ret = -ENOTSUP; + goto priv_put; + } + set_sym_session_private_data(sess, driver_id, misc); misc->ctx_dma_addr = rte_mempool_virt2iova(misc) +