* [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue
@ 2018-01-25 17:19 Fiona Trahe
2018-01-25 17:19 ` [dpdk-dev] [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe
2018-01-25 17:36 ` [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu
0 siblings, 2 replies; 6+ messages in thread
From: Fiona Trahe @ 2018-01-25 17:19 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, pablo.de.lara.guarch, fiona.trahe
If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0
in the xform and digest pointer is set in the op, then
the PMD may overwrite memory at the digest pointer.
With this patch the memory is not overwritten.
Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
drivers/crypto/qat/qat_crypto.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index cff709a..fdc6d3b 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1338,7 +1338,9 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
}
min_ofs = auth_ofs;
- auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
+ if (likely(ctx->qat_hash_alg != ICP_QAT_HW_AUTH_ALGO_NULL))
+ auth_param->auth_res_addr =
+ op->sym->auth.digest.phys_addr;
}
--
2.7.4
^ permalink raw reply [flat|nested] 6+ messages in thread
* [dpdk-dev] [PATCH 2/2] test: improve test validation in NULL AUTH case
2018-01-25 17:19 [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Fiona Trahe
@ 2018-01-25 17:19 ` Fiona Trahe
2018-01-29 11:52 ` De Lara Guarch, Pablo
2018-01-25 17:36 ` [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu
1 sibling, 1 reply; 6+ messages in thread
From: Fiona Trahe @ 2018-01-25 17:19 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, pablo.de.lara.guarch, fiona.trahe
Add comparison to make sure memory pointed to by
digest pointer is not overwritten in NULL auth case.
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
test/test/test_cryptodev.c | 62 ++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 60 insertions(+), 2 deletions(-)
diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0f2a045..1417482 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -6583,17 +6583,29 @@ test_null_cipher_only_operation(void)
return TEST_SUCCESS;
}
-
+uint8_t orig_data[] = {0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab,
+ 0xab, 0xab, 0xab, 0xab};
static int
test_null_auth_only_operation(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ uint8_t *digest;
/* Generate test mbuf data and space for digest */
ut_params->ibuf = setup_test_string(ts_params->mbuf_pool,
catch_22_quote, QUOTE_512_BYTES, 0);
+ /* create a pointer for digest, but don't expect anything to be written
+ * here in a NULL auth algo so no mbuf append done.
+ */
+ digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *,
+ QUOTE_512_BYTES);
+ /* prefill the memory pointed to by digest */
+ memcpy(digest, orig_data, sizeof(orig_data));
+
/* Setup HMAC Parameters */
ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
ut_params->auth_xform.next = NULL;
@@ -6625,6 +6637,9 @@ test_null_auth_only_operation(void)
sym_op->auth.data.offset = 0;
sym_op->auth.data.length = QUOTE_512_BYTES;
+ sym_op->auth.digest.data = digest;
+ sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf,
+ QUOTE_512_BYTES);
/* Process crypto operation */
ut_params->op = process_crypto_request(ts_params->valid_devs[0],
@@ -6633,20 +6648,36 @@ test_null_auth_only_operation(void)
TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
"crypto operation processing failed");
+ /* Make sure memory pointed to by digest hasn't been overwritten */
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(
+ orig_data,
+ digest,
+ sizeof(orig_data),
+ "Memory at digest ptr overwritten unexpectedly");
return TEST_SUCCESS;
}
+
static int
test_null_cipher_auth_operation(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ uint8_t *digest;
/* Generate test mbuf data and space for digest */
ut_params->ibuf = setup_test_string(ts_params->mbuf_pool,
catch_22_quote, QUOTE_512_BYTES, 0);
+ /* create a pointer for digest, but don't expect anything to be written
+ * here in a NULL auth algo so no mbuf append done.
+ */
+ digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *,
+ QUOTE_512_BYTES);
+ /* prefill the memory pointed to by digest */
+ memcpy(digest, orig_data, sizeof(orig_data));
+
/* Setup Cipher Parameters */
ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
ut_params->cipher_xform.next = &ut_params->auth_xform;
@@ -6688,6 +6719,9 @@ test_null_cipher_auth_operation(void)
sym_op->auth.data.offset = 0;
sym_op->auth.data.length = QUOTE_512_BYTES;
+ sym_op->auth.digest.data = digest;
+ sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf,
+ QUOTE_512_BYTES);
/* Process crypto operation */
ut_params->op = process_crypto_request(ts_params->valid_devs[0],
@@ -6703,6 +6737,12 @@ test_null_cipher_auth_operation(void)
catch_22_quote,
QUOTE_512_BYTES,
"Ciphertext data not as expected");
+ /* Make sure memory pointed to by digest hasn't been overwritten */
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(
+ orig_data,
+ digest,
+ sizeof(orig_data),
+ "Memory at digest ptr overwritten unexpectedly");
return TEST_SUCCESS;
}
@@ -6712,11 +6752,20 @@ test_null_auth_cipher_operation(void)
{
struct crypto_testsuite_params *ts_params = &testsuite_params;
struct crypto_unittest_params *ut_params = &unittest_params;
+ uint8_t *digest;
- /* Generate test mbuf data and space for digest */
+ /* Generate test mbuf data */
ut_params->ibuf = setup_test_string(ts_params->mbuf_pool,
catch_22_quote, QUOTE_512_BYTES, 0);
+ /* create a pointer for digest, but don't expect anything to be written
+ * here in a NULL auth algo so no mbuf append done.
+ */
+ digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *,
+ QUOTE_512_BYTES);
+ /* prefill the memory pointed to by digest */
+ memcpy(digest, orig_data, sizeof(orig_data));
+
/* Setup Cipher Parameters */
ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
ut_params->cipher_xform.next = NULL;
@@ -6758,6 +6807,9 @@ test_null_auth_cipher_operation(void)
sym_op->auth.data.offset = 0;
sym_op->auth.data.length = QUOTE_512_BYTES;
+ sym_op->auth.digest.data = digest;
+ sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf,
+ QUOTE_512_BYTES);
/* Process crypto operation */
ut_params->op = process_crypto_request(ts_params->valid_devs[0],
@@ -6773,6 +6825,12 @@ test_null_auth_cipher_operation(void)
catch_22_quote,
QUOTE_512_BYTES,
"Ciphertext data not as expected");
+ /* Make sure memory pointed to by digest hasn't been overwritten */
+ TEST_ASSERT_BUFFERS_ARE_EQUAL(
+ orig_data,
+ digest,
+ sizeof(orig_data),
+ "Memory at digest ptr overwritten unexpectedly");
return TEST_SUCCESS;
}
--
2.7.4
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue
2018-01-25 17:19 [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Fiona Trahe
2018-01-25 17:19 ` [dpdk-dev] [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe
@ 2018-01-25 17:36 ` Nicolau, Radu
2018-01-29 15:58 ` De Lara Guarch, Pablo
1 sibling, 1 reply; 6+ messages in thread
From: Nicolau, Radu @ 2018-01-25 17:36 UTC (permalink / raw)
To: Trahe, Fiona, dev; +Cc: De Lara Guarch, Pablo
> -----Original Message-----
> From: Trahe, Fiona
> Sent: Thursday, January 25, 2018 5:19 PM
> To: dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [PATCH 1/2] crypto/qat: fix null auth algo issue
>
> If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0 in the
> xform and digest pointer is set in the op, then the PMD may overwrite
> memory at the digest pointer.
> With this patch the memory is not overwritten.
>
> Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
>
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> ---
Tested and
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH 2/2] test: improve test validation in NULL AUTH case
2018-01-25 17:19 ` [dpdk-dev] [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe
@ 2018-01-29 11:52 ` De Lara Guarch, Pablo
2018-01-29 15:58 ` [dpdk-dev] [dpdk-stable] " De Lara Guarch, Pablo
0 siblings, 1 reply; 6+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-29 11:52 UTC (permalink / raw)
To: Trahe, Fiona, dev; +Cc: Nicolau, Radu, stable
> -----Original Message-----
> From: Trahe, Fiona
> Sent: Thursday, January 25, 2018 5:19 PM
> To: dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [PATCH 2/2] test: improve test validation in NULL AUTH case
>
> Add comparison to make sure memory pointed to by digest pointer is not
> overwritten in NULL auth case.
>
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue
2018-01-25 17:36 ` [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu
@ 2018-01-29 15:58 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 6+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-29 15:58 UTC (permalink / raw)
To: Nicolau, Radu, Trahe, Fiona, dev
> -----Original Message-----
> From: Nicolau, Radu
> Sent: Thursday, January 25, 2018 5:37 PM
> To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: RE: [PATCH 1/2] crypto/qat: fix null auth algo issue
>
>
> > -----Original Message-----
> > From: Trahe, Fiona
> > Sent: Thursday, January 25, 2018 5:19 PM
> > To: dev@dpdk.org
> > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: [PATCH 1/2] crypto/qat: fix null auth algo issue
> >
> > If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0 in
> > the xform and digest pointer is set in the op, then the PMD may
> > overwrite memory at the digest pointer.
> > With this patch the memory is not overwritten.
> >
> > Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
> >
> > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> > ---
>
> Tested and
> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-dev] [dpdk-stable] [PATCH 2/2] test: improve test validation in NULL AUTH case
2018-01-29 11:52 ` De Lara Guarch, Pablo
@ 2018-01-29 15:58 ` De Lara Guarch, Pablo
0 siblings, 0 replies; 6+ messages in thread
From: De Lara Guarch, Pablo @ 2018-01-29 15:58 UTC (permalink / raw)
To: De Lara Guarch, Pablo, Trahe, Fiona, dev; +Cc: Nicolau, Radu, stable
> -----Original Message-----
> From: stable [mailto:stable-bounces@dpdk.org] On Behalf Of De Lara
> Guarch, Pablo
> Sent: Monday, January 29, 2018 11:53 AM
> To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; stable@dpdk.org
> Subject: Re: [dpdk-stable] [PATCH 2/2] test: improve test validation in NULL
> AUTH case
>
>
>
> > -----Original Message-----
> > From: Trahe, Fiona
> > Sent: Thursday, January 25, 2018 5:19 PM
> > To: dev@dpdk.org
> > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: [PATCH 2/2] test: improve test validation in NULL AUTH case
> >
> > Add comparison to make sure memory pointed to by digest pointer is not
> > overwritten in NULL auth case.
> >
> > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
>
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Applied to dpdk-next-crypto.
Thanks,
Pablo
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-01-29 15:58 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-25 17:19 [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Fiona Trahe
2018-01-25 17:19 ` [dpdk-dev] [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe
2018-01-29 11:52 ` De Lara Guarch, Pablo
2018-01-29 15:58 ` [dpdk-dev] [dpdk-stable] " De Lara Guarch, Pablo
2018-01-25 17:36 ` [dpdk-dev] [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu
2018-01-29 15:58 ` De Lara Guarch, Pablo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).