A race condition between loading the key into CAAM’s internal
memory and initiating cryptographic operations can cause SEC
errors in PDCP AES algorithm combinations.
To mitigate this, the CALM instruction is added for the
12-bit SN case, and the older version of the descriptor
is used for the 18-bit SN case.
Fixes: 6127fff842a7 ("common/dpaax: remove outdated caamflib code")
Cc: franck.lenorm...@nxp.com
Cc: sta...@dpdk.org
Signed-off-by: Gagandeep Singh <g.si...@nxp.com>
---
drivers/common/dpaax/caamflib/desc/pdcp.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h
b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 9ada3905c5..f4379ede2c 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
/* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
* Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2023 NXP
+ * Copyright 2019-2025 NXP
*/
#ifndef __DESC_PDCP_H__
@@ -1981,8 +1981,7 @@ pdcp_insert_uplane_no_int_op(struct program *p,
KEY(p, KEY1, cipherdata->key_enc_flags, cipherdata->key,
cipherdata->keylen, INLINE_KEY(cipherdata));
- if ((sn_size == PDCP_SN_SIZE_15) ||
- (rta_sec_era >= RTA_SEC_ERA_10)) {
+ if (sn_size == PDCP_SN_SIZE_15) {
PROTOCOL(p, dir, OP_PCLID_LTE_PDCP_USER,
(uint16_t)cipherdata->algtype);
return 0;
@@ -2747,6 +2746,7 @@ cnstr_shdsc_pdcp_u_plane_encap(uint32_t *descbuf,
(uint64_t)cipherdata->key, cipherdata->keylen,
INLINE_KEY(cipherdata));
+ JUMP(p, 1, LOCAL_JUMP, ALL_TRUE, CALM);
if (authdata)
PROTOCOL(p, OP_TYPE_ENCAP_PROTOCOL,
OP_PCLID_LTE_PDCP_USER_RN,
--
2.25.1
