d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

crypto/dpaax_sec: warn on truncated SHA-256

Browse Source 
This patch throw the warning when using truncated digest
len for SHA256 case.
As per RFC4868, SHA-256 should use 128 bits of ICV.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
Hemant Agrawal 2019-11-06 10:47:27 +05:30 committed by Akhil Goyal
parent cd60a8680f
commit 247b69083e
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
View File

@ -2635,6 +2635,7 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
memcpy(session->auth_key.data, auth_xform->key.data,
auth_xform->key.length);
session->auth_alg = auth_xform->algo;
session->digest_length = auth_xform->digest_length;
} else {
session->auth_key.data = NULL;
session->auth_key.length = 0;
@ -2657,6 +2658,10 @@ dpaa2_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_SHA256_HMAC:
authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_256_128;
authdata->algmode = OP_ALG_AAI_HMAC;
if (session->digest_length != 16)
DPAA2_SEC_WARN(
"+++Using sha256-hmac truncated len is non-standard,"
"it will not work with lookaside proto");
break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
authdata->algtype = OP_PCL_IPSEC_HMAC_SHA2_384_192;

5
drivers/crypto/dpaa_sec/dpaa_sec.c
View File

@ -2616,6 +2616,7 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
memcpy(session->auth_key.data, auth_xform->key.data,
auth_xform->key.length);
session->auth_alg = auth_xform->algo;
session->digest_length = auth_xform->digest_length;
} else {
session->auth_key.data = NULL;
session->auth_key.length = 0;
@ -2634,6 +2635,10 @@ dpaa_sec_ipsec_proto_init(struct rte_crypto_cipher_xform *cipher_xform,
case RTE_CRYPTO_AUTH_SHA256_HMAC:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_256_128;
session->auth_key.algmode = OP_ALG_AAI_HMAC;
if (session->digest_length != 16)
DPAA_SEC_WARN(
"+++Using sha256-hmac truncated len is non-standard,"
"it will not work with lookaside proto");
break;
case RTE_CRYPTO_AUTH_SHA384_HMAC:
session->auth_key.alg = OP_PCL_IPSEC_HMAC_SHA2_384_192;