summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSrisivasubramanian S <ssrinivasan@caviumnetworks.com>2017-07-30 16:53:00 +0530
committerYuanhan Liu <yliu@fridaylinux.org>2017-08-29 14:50:28 +0800
commit6a15185f8e66fae8781fccb7a34b177b70ce3742 (patch)
tree500d16b6c8bfaa10a57398bb116553ecc221feca
parent453dfa41604b141f1bd22a134a3f17fcb5396a27 (diff)
downloaddpdk-stable-6a15185f8e66fae8781fccb7a34b177b70ce3742.zip
dpdk-stable-6a15185f8e66fae8781fccb7a34b177b70ce3742.tar.gz
dpdk-stable-6a15185f8e66fae8781fccb7a34b177b70ce3742.tar.xz
crypto/armv8: fix authentication session configuration
[ upstream commit 473174a7da555ec26751c89b56255192586cb0aa ] For key sizes greater than digest length, pad with zero rather than computing hash of the key itself. Fixes: 169ca3db550c ("crypto/armv8: add PMD optimized for ARMv8 processors") Signed-off-by: Srisivasubramanian S <ssrinivasan@caviumnetworks.com>
-rw-r--r--drivers/crypto/armv8/rte_armv8_pmd.c58
-rw-r--r--drivers/crypto/armv8/rte_armv8_pmd_private.h4
2 files changed, 18 insertions, 44 deletions
diff --git a/drivers/crypto/armv8/rte_armv8_pmd.c b/drivers/crypto/armv8/rte_armv8_pmd.c
index 3d603a5..8371245 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@@ -288,27 +288,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
* Generate authentication key, i_key_pad and o_key_pad.
*/
/* Zero memory under key */
- memset(sess->auth.hmac.key, 0, SHA1_AUTH_KEY_LENGTH);
-
- if (xform->auth.key.length > SHA1_AUTH_KEY_LENGTH) {
- /*
- * In case the key is longer than 160 bits
- * the algorithm will use SHA1(key) instead.
- */
- error = sha1_block(NULL, xform->auth.key.data,
- sess->auth.hmac.key, xform->auth.key.length);
- if (error != 0)
- return -1;
- } else {
- /*
- * Now copy the given authentication key to the session
- * key assuming that the session key is zeroed there is
- * no need for additional zero padding if the key is
- * shorter than SHA1_AUTH_KEY_LENGTH.
- */
- rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
- xform->auth.key.length);
- }
+ memset(sess->auth.hmac.key, 0, SHA1_BLOCK_SIZE);
+
+ /*
+ * Now copy the given authentication key to the session
+ * key.
+ */
+ rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
+ xform->auth.key.length);
/* Prepare HMAC padding: key|pattern */
auth_hmac_pad_prepare(sess, xform);
@@ -334,27 +321,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
* Generate authentication key, i_key_pad and o_key_pad.
*/
/* Zero memory under key */
- memset(sess->auth.hmac.key, 0, SHA256_AUTH_KEY_LENGTH);
-
- if (xform->auth.key.length > SHA256_AUTH_KEY_LENGTH) {
- /*
- * In case the key is longer than 256 bits
- * the algorithm will use SHA256(key) instead.
- */
- error = sha256_block(NULL, xform->auth.key.data,
- sess->auth.hmac.key, xform->auth.key.length);
- if (error != 0)
- return -1;
- } else {
- /*
- * Now copy the given authentication key to the session
- * key assuming that the session key is zeroed there is
- * no need for additional zero padding if the key is
- * shorter than SHA256_AUTH_KEY_LENGTH.
- */
- rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
- xform->auth.key.length);
- }
+ memset(sess->auth.hmac.key, 0, SHA256_BLOCK_SIZE);
+
+ /*
+ * Now copy the given authentication key to the session
+ * key.
+ */
+ rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
+ xform->auth.key.length);
/* Prepare HMAC padding: key|pattern */
auth_hmac_pad_prepare(sess, xform);
diff --git a/drivers/crypto/armv8/rte_armv8_pmd_private.h b/drivers/crypto/armv8/rte_armv8_pmd_private.h
index b75107f..34ab9de 100644
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@@ -192,8 +192,8 @@ struct armv8_crypto_session {
uint8_t o_key_pad[SHA_BLOCK_MAX]
__rte_cache_aligned;
/**< outer pad (max supported block length) */
- uint8_t key[SHA_AUTH_KEY_MAX];
- /**< HMAC key (max supported length)*/
+ uint8_t key[SHA_BLOCK_MAX];
+ /**< HMAC key (max supported block length)*/
} hmac;
};
} auth;