diff options
| author | Janne Peltonen <janne.peltonen@nokia.com> | 2023-04-20 09:44:07 +0300 |
|---|---|---|
| committer | Matias Elo <matias.elo@nokia.com> | 2023-04-24 12:01:50 +0300 |
| commit | f18d3fcffabcbf3af1028f77e21dfb7f73b85648 (patch) | |
| tree | dd43a6febf237a86e47a773957323ee7a59d9272 | |
| parent | aa642521393c4de9ab22922165834a259c654f2e (diff) | |
linux-dpdk: crypto: partially re-enable aes-cmac with aesni_mbv1.41.0.0_DPDK_22.11
The combination of des/3des and aes-cmac is buggy in the aesni_mb crypto
driver. Because of that, aes-cmac provided by the aseni_mb driver is
currently fully disabled and hidden from capabilities.
Re-enable aes-cmac with aesni_mb driver but do not allow it with
des/3des. Fail session creation and return ODP_CRYPTO_SES_ERR_ALG_COMBO
if des/3des and aes-cmac are attempted to be used together.
Signed-off-by: Janne Peltonen <janne.peltonen@nokia.com>
Reviewed-by: Matias Elo <matias.elo@nokia.com>
| -rw-r--r-- | platform/linux-dpdk/odp_crypto.c | 22 |
1 files changed, 3 insertions, 19 deletions
diff --git a/platform/linux-dpdk/odp_crypto.c b/platform/linux-dpdk/odp_crypto.c index f598f2b5d..0a70cb10d 100644 --- a/platform/linux-dpdk/odp_crypto.c +++ b/platform/linux-dpdk/odp_crypto.c @@ -575,19 +575,10 @@ static void capability_process(struct rte_cryptodev_info *dev_info, auths->bit.sha512_hmac = 1; if (cap_auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) auths->bit.aes_gmac = 1; - - /* Using AES-CMAC with the aesni_mb driver for IPsec - * causes a crash inside the intel-mb library. - * As a workaround, we do not use AES-CMAC with - * the aesni_mb driver. - */ - if (cap_auth_algo == RTE_CRYPTO_AUTH_AES_CMAC && - !is_dev_aesni_mb(dev_info)) + if (cap_auth_algo == RTE_CRYPTO_AUTH_AES_CMAC) auths->bit.aes_cmac = 1; - if (cap_auth_algo == RTE_CRYPTO_AUTH_AES_XCBC_MAC) auths->bit.aes_xcbc_mac = 1; - } if (cap->sym.xform_type == RTE_CRYPTO_SYM_XFORM_AEAD) { @@ -1192,13 +1183,6 @@ static int is_auth_supported(const struct rte_cryptodev_info *dev_info, if (cap == NULL) return 0; - /* As a bug workaround, we do not use AES_CMAC with - * the aesni-mb crypto driver. - */ - if (auth_xform->auth.algo == RTE_CRYPTO_AUTH_AES_CMAC && - is_dev_aesni_mb(dev_info)) - return 0; - /* Check if key size is supported by the algorithm. */ if (!is_valid_size(auth_xform->auth.key.length, &cap->sym.auth.key_size)) { @@ -1234,10 +1218,10 @@ static int is_combo_buggy(struct rte_cryptodev_info *dev_info, */ if (is_dev_aesni_mb(dev_info)) { if (cipher == RTE_CRYPTO_CIPHER_3DES_CBC && - auth == RTE_CRYPTO_AUTH_AES_XCBC_MAC) + (auth == RTE_CRYPTO_AUTH_AES_XCBC_MAC || + auth == RTE_CRYPTO_AUTH_AES_CMAC)) return 1; } - return 0; } |