Re: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: fix SA salt endianness problem

DPDK patches and discussions
 help / color / mirror / Atom feed

From: Radu Nicolau <radu.nicolau@intel.com>
To: Akhil Goyal <gakhil@marvell.com>,
	"Medvedkin, Vladimir" <vladimir.medvedkin@intel.com>,
	Chaoyong He <chaoyong.he@corigine.com>,
	"dev@dpdk.org" <dev@dpdk.org>, Anoob Joseph <anoobj@marvell.com>,
	"Nithin Kumar Dabilpuram" <ndabilpuram@marvell.com>,
	Gagandeep Singh <g.singh@nxp.com>, Kai Ji <kai.ji@intel.com>,
	Brian Dooley <brian.dooley@intel.com>,
	Jack Bond-Preston <jack.bond-preston@foss.arm.com>,
	 "pablo.de.lara.guarch@intel.com"
	<pablo.de.lara.guarch@intel.com>,
	"hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>,
	"suanmingm@nvidia.com" <suanmingm@nvidia.com>
Cc: "oss-drivers@corigine.com" <oss-drivers@corigine.com>,
	Shihong Wang <shihong.wang@corigine.com>,
	"stable@dpdk.org" <stable@dpdk.org>
Subject: Re: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: fix SA salt endianness problem
Date: Wed, 24 Jul 2024 11:59:15 +0100	[thread overview]
Message-ID: <4494141c-268a-4b41-8582-37ca96ddaf0a@intel.com> (raw)
In-Reply-To: <CO6PR18MB44848449B39767F88B9A76D6D8A92@CO6PR18MB4484.namprd18.prod.outlook.com>


On 23-Jul-24 5:57 PM, Akhil Goyal wrote:
>> Hi all,
>>
>> This patch breaks ipsec tests with ipsec-secgw:
>>
>>
>> ./examples/ipsec-secgw/test/run_test.sh -4 trs_aesctr_sha1
>> ...
>> ERROR: ./examples/ipsec-secgw/test/linux_test.sh failed for dst=192.168.31.14,
>> sz=1
>>   test IPv4 trs_aesctr_sha1 finished with status 1
>> ERROR  test trs_aesctr_sha1 FAILED
>>
> The patch seems to be correct.
> Please check endianness in the PMD you are testing.

In my opinion salt should not be affected by endianness and it should be 
used as it is in the key parameter. I think the patch is wrong to make 
it CPU endianness dependent before being passed to the PMDs, any PMD 
that needs the endianness swapped should do it in the PMD code. Indeed 
it's passed around as a 32 bit integer but it's not used as such, and 
when it's actually used it should be evaluated as a byte array.

https://datatracker.ietf.org/doc/html/rfc4106#section-4
https://datatracker.ietf.org/doc/html/rfc4106#section-8.1

>
>
>>
>>
>> On 03/07/2024 18:58, Akhil Goyal wrote:
>>
>>
>>
>>
>>
>> 		-----Original Message-----
>> 		From: Akhil Goyal <gakhil@marvell.com>
>> <mailto:gakhil@marvell.com>
>> 		Sent: Friday, March 15, 2024 12:42 AM
>> 		To: Akhil Goyal <gakhil@marvell.com>
>> <mailto:gakhil@marvell.com> ; Chaoyong He
>> 		<chaoyong.he@corigine.com>
>> <mailto:chaoyong.he@corigine.com> ; dev@dpdk.org <mailto:dev@dpdk.org>
>> 		Cc: oss-drivers@corigine.com <mailto:oss-
>> drivers@corigine.com> ; Shihong Wang <shihong.wang@corigine.com>
>> <mailto:shihong.wang@corigine.com> ;
>> 		stable@dpdk.org <mailto:stable@dpdk.org>
>> 		Subject: RE: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: fix
>> SA salt
>> 		endianness problem
>>
>>
>> 			Subject: RE: [EXTERNAL] [PATCH v2] examples/ipsec-
>> secgw: fix SA salt
>> 			endianness problem
>>
>>
>> 				From: Shihong Wang
>> <shihong.wang@corigine.com> <mailto:shihong.wang@corigine.com>
>>
>> 				The SA salt of struct ipsec_sa is a CPU-endian
>> u32 variable, but it’s
>> 				value is stored in an array of encryption or
>> authentication keys
>> 				according to big-endian. So it maybe need to
>> convert the endianness
>> 				order to ensure that the value assigned to the
>> SA salt is CPU-endian.
>>
>> 				Fixes: 50d75cae2a2c ("examples/ipsec-secgw:
>> initialize SA salt")
>> 				Fixes: 9413c3901f31 ("examples/ipsec-secgw:
>> support additional algorithms")
>> 				Fixes: 501e9c226adf ("examples/ipsec-secgw:
>> add AEAD parameters")
>> 				Cc: stable@dpdk.org <mailto:stable@dpdk.org>
>>
>> 				Signed-off-by: Shihong Wang
>> <shihong.wang@corigine.com> <mailto:shihong.wang@corigine.com>
>> 				Reviewed-by: Chaoyong He
>> <chaoyong.he@corigine.com> <mailto:chaoyong.he@corigine.com>
>>
>>
>> 			Acked-by: Akhil Goyal <gakhil@marvell.com>
>> <mailto:gakhil@marvell.com>
>>
>> 			Applied to dpdk-next-crypto
>>
>>
>> 		The patch is pulled back from dpdk-next-crypto.
>> 		This change may cause all the PMDs to fail these cases.
>> 		Would need acks from PMDs.
>>
>>
>> 	Applied to dpdk-next-crypto
>> 	No update from PMD owners.
>> 	Applying it before RC2 so that we have time for fixes if needed.
>>
>>
>> --
>> Regards,
>> Vladimir

next prev parent reply	other threads:[~2024-07-24 11:03 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-11  2:49 [PATCH 0/2] fix IPSec " Chaoyong He
2024-03-11  2:49 ` [PATCH 1/2] examples/ipsec-secgw: fix SA salt " Chaoyong He
2024-03-13 18:33   ` [EXTERNAL] " Akhil Goyal
2024-03-14  1:41     ` Chaoyong He
2024-03-14  2:00   ` [PATCH v2] " Chaoyong He
2024-03-14 18:17     ` [EXTERNAL] " Akhil Goyal
2024-03-14 19:11       ` Akhil Goyal
2024-07-03 17:58         ` Akhil Goyal
2024-07-23 16:04           ` Medvedkin, Vladimir
2024-07-23 16:57             ` Akhil Goyal
2024-07-24 10:59               ` Radu Nicolau [this message]
2024-07-24 11:20                 ` Akhil Goyal
2024-07-24 11:33                   ` Radu Nicolau
2024-07-24 13:04                     ` Akhil Goyal
2024-07-24 14:44                       ` Radu Nicolau
2024-07-25  4:47                         ` Akhil Goyal
2024-07-25 10:16                           ` Radu Nicolau
2024-07-25 10:19                             ` Akhil Goyal
2024-03-11  2:49 ` [PATCH 2/2] net/nfp: fix data " Chaoyong He
2024-03-13 15:39   ` Ferruh Yigit
2024-03-12 10:37 ` [PATCH 0/2] fix IPSec " Ferruh Yigit

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4494141c-268a-4b41-8582-37ca96ddaf0a@intel.com \
    --to=radu.nicolau@intel.com \
    --cc=anoobj@marvell.com \
    --cc=brian.dooley@intel.com \
    --cc=chaoyong.he@corigine.com \
    --cc=dev@dpdk.org \
    --cc=g.singh@nxp.com \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=jack.bond-preston@foss.arm.com \
    --cc=kai.ji@intel.com \
    --cc=ndabilpuram@marvell.com \
    --cc=oss-drivers@corigine.com \
    --cc=pablo.de.lara.guarch@intel.com \
    --cc=shihong.wang@corigine.com \
    --cc=stable@dpdk.org \
    --cc=suanmingm@nvidia.com \
    --cc=vladimir.medvedkin@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).