crypto/armv8: fix authentication session configuration

For key sizes greater than digest length, pad with zero rather than computing hash of the key itself. Fixes: 169ca3db55 ("crypto/armv8: add PMD optimized for ARMv8 processors") Cc: stable@dpdk.org Signed-off-by: Srisivasubramanian S <ssrinivasan@caviumnetworks.com>
2017-07-30 16:53:00 +05:30 · 2017-07-30 16:53:00 +05:30 · 473174a7da
commit 473174a7da
parent 31850d2685
2 changed files with 16 additions and 42 deletions
--- a/drivers/crypto/armv8/rte_armv8_pmd.c
+++ b/drivers/crypto/armv8/rte_armv8_pmd.c
@ -291,27 +291,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
 		 * Generate authentication key, i_key_pad and o_key_pad.
 		 */
 		/* Zero memory under key */
-		memset(sess->auth.hmac.key, 0, SHA1_AUTH_KEY_LENGTH);
+		memset(sess->auth.hmac.key, 0, SHA1_BLOCK_SIZE);

-		if (xform->auth.key.length > SHA1_AUTH_KEY_LENGTH) {
-			/*
-			 * In case the key is longer than 160 bits
-			 * the algorithm will use SHA1(key) instead.
-			 */
-			error = sha1_block(NULL, xform->auth.key.data,
-				sess->auth.hmac.key, xform->auth.key.length);
-			if (error != 0)
-				return -1;
-		} else {
-			/*
-			 * Now copy the given authentication key to the session
-			 * key assuming that the session key is zeroed there is
-			 * no need for additional zero padding if the key is
-			 * shorter than SHA1_AUTH_KEY_LENGTH.
-			 */
-			rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
-							xform->auth.key.length);
-		}
+		/*
+		 * Now copy the given authentication key to the session
+		 * key.
+		 */
+		rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
+						xform->auth.key.length);

 		/* Prepare HMAC padding: key|pattern */
 		auth_hmac_pad_prepare(sess, xform);
@ -337,27 +324,14 @@ auth_set_prerequisites(struct armv8_crypto_session *sess,
 		 * Generate authentication key, i_key_pad and o_key_pad.
 		 */
 		/* Zero memory under key */
-		memset(sess->auth.hmac.key, 0, SHA256_AUTH_KEY_LENGTH);
+		memset(sess->auth.hmac.key, 0, SHA256_BLOCK_SIZE);

-		if (xform->auth.key.length > SHA256_AUTH_KEY_LENGTH) {
-			/*
-			 * In case the key is longer than 256 bits
-			 * the algorithm will use SHA256(key) instead.
-			 */
-			error = sha256_block(NULL, xform->auth.key.data,
-				sess->auth.hmac.key, xform->auth.key.length);
-			if (error != 0)
-				return -1;
-		} else {
-			/*
-			 * Now copy the given authentication key to the session
-			 * key assuming that the session key is zeroed there is
-			 * no need for additional zero padding if the key is
-			 * shorter than SHA256_AUTH_KEY_LENGTH.
-			 */
-			rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
-							xform->auth.key.length);
-		}
+		/*
+		 * Now copy the given authentication key to the session
+		 * key.
+		 */
+		rte_memcpy(sess->auth.hmac.key, xform->auth.key.data,
+						xform->auth.key.length);

 		/* Prepare HMAC padding: key|pattern */
 		auth_hmac_pad_prepare(sess, xform);
--- a/drivers/crypto/armv8/rte_armv8_pmd_private.h
+++ b/drivers/crypto/armv8/rte_armv8_pmd_private.h
@ -198,8 +198,8 @@ struct armv8_crypto_session {
 				uint8_t o_key_pad[SHA_BLOCK_MAX]
 							__rte_cache_aligned;
 				/**< outer pad (max supported block length) */
-				uint8_t key[SHA_AUTH_KEY_MAX];
-				/**< HMAC key (max supported length)*/
+				uint8_t key[SHA_BLOCK_MAX];
+				/**< HMAC key (max supported block length)*/
 			} hmac;
 		};
 		uint16_t digest_length;