From 247b69083e1f531ffb7f22dbbbc9c4febbbbc8e7 Mon Sep 17 00:00:00 2001
From: Hemant Agrawal <hemant.agrawal@nxp.com>
Date: Wed, 6 Nov 2019 10:47:27 +0530
Subject: [PATCH] crypto/dpaax_sec: warn on truncated SHA-256

This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 5 +++++
 drivers/crypto/dpaa_sec/dpaa_sec.c          | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 173ec80953..3b46cf2eb5 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -2635,6 +2635,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		memcpy(session->auth_key.data, auth_xform->key.data,
 				auth_xform->key.length);
 		session->auth_alg = auth_xform->algo;
+		session->digest_length = auth_xform->digest_length;
 	} else {
 		session->auth_key.data = NULL;
 		session->auth_key.length = 0;
@@ -2657,6 +2658,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_256_128;
 		authdata->algmode = OP_ALG_AAI_HMAC;
+		if (session->digest_length != 16)
+			DPAA2_SEC_WARN(
+			"+++Using sha256-hmac truncated len is non-standard,"
+			"it will not work with lookaside proto");
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 		authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_384_192;
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 7c7caf46a5..5bbeaf971b 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -2616,6 +2616,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 		memcpy(session->auth_key.data, auth_xform->key.data,
 				auth_xform->key.length);
 		session->auth_alg = auth_xform->algo;
+		session->digest_length = auth_xform->digest_length;
 	} else {
 		session->auth_key.data = NULL;
 		session->auth_key.length = 0;
@@ -2634,6 +2635,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
 	case RTE_CRYPTO_AUTH_SHA256_HMAC:
 		session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
 		session->auth_key.algmode = OP_ALG_AAI_HMAC;
+		if (session->digest_length != 16)
+			DPAA_SEC_WARN(
+			"+++Using sha256-hmac truncated len is non-standard,"
+			"it will not work with lookaside proto");
 		break;
 	case RTE_CRYPTO_AUTH_SHA384_HMAC:
 		session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;
-- 
2.20.1