patches for DPDK stable branches
 help / color / Atom feed
* [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check
@ 2020-10-06 10:59 Pablo de Lara
  2020-10-06 10:59 ` [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara
  2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara
  0 siblings, 2 replies; 4+ messages in thread
From: Pablo de Lara @ 2020-10-06 10:59 UTC (permalink / raw)
  To: declan.doherty; +Cc: dev, Pablo de Lara, stable

Digest size for CCM was being checked for other algorithms
apart from CCM.

Fixes: c4c0c312a823 ("crypto/aesni_mb: check for invalid digest size")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 29 +++++++++++-----------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 1bddbcf74..784278719 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -564,6 +564,14 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->aead.iv.offset;
+	sess->iv.length = xform->aead.iv.length;
+
+	/* Set digest sizes */
+	sess->auth.req_digest_len = xform->aead.digest_length;
+	sess->auth.gen_digest_len = sess->auth.req_digest_len;
+
 	switch (xform->aead.algo) {
 	case RTE_CRYPTO_AEAD_AES_CCM:
 		sess->cipher.mode = CCM;
@@ -582,6 +590,13 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		/* CCM digests must be between 4 and 16 and an even number */
+		if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
+				sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
+				(sess->auth.req_digest_len & 1) == 1) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
 		break;
 
 	case RTE_CRYPTO_AEAD_AES_GCM:
@@ -616,20 +631,6 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 		return -ENOTSUP;
 	}
 
-	/* Set IV parameters */
-	sess->iv.offset = xform->aead.iv.offset;
-	sess->iv.length = xform->aead.iv.length;
-
-	sess->auth.req_digest_len = xform->aead.digest_length;
-	/* CCM digests must be between 4 and 16 and an even number */
-	if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
-			sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
-			(sess->auth.req_digest_len & 1) == 1) {
-		AESNI_MB_LOG(ERR, "Invalid digest size\n");
-		return -EINVAL;
-	}
-	sess->auth.gen_digest_len = sess->auth.req_digest_len;
-
 	return 0;
 }
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM digest size check
  2020-10-06 10:59 [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check Pablo de Lara
@ 2020-10-06 10:59 ` " Pablo de Lara
  2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara
  1 sibling, 0 replies; 4+ messages in thread
From: Pablo de Lara @ 2020-10-06 10:59 UTC (permalink / raw)
  To: declan.doherty; +Cc: dev, Pablo de Lara, stable

GCM digest sizes should be between 1 and 16 bytes.

Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |  4 ++--
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    | 22 +++++++++----------
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  8 +++----
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index e0c7b4f7c..8c5acfc51 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -80,7 +80,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
 		[AES_CMAC]	= 12,
 		[AES_CCM]	= 8,
 		[NULL_HASH]	= 0,
-		[AES_GMAC]	= 16,
+		[AES_GMAC]	= 12,
 		[PLAIN_SHA1]	= 20,
 		[PLAIN_SHA_224]	= 28,
 		[PLAIN_SHA_256]	= 32,
@@ -111,7 +111,7 @@ static const unsigned auth_digest_byte_lengths[] = {
 		[AES_XCBC]	= 16,
 		[AES_CMAC]	= 16,
 		[AES_CCM]	= 16,
-		[AES_GMAC]	= 12,
+		[AES_GMAC]	= 16,
 		[NULL_HASH]	= 0,
 		[PLAIN_SHA1]	= 20,
 		[PLAIN_SHA_224]	= 28,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 784278719..fa364530e 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -209,19 +209,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			sess->cipher.direction = DECRYPT;
 
 		sess->auth.algo = AES_GMAC;
-		/*
-		 * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
-		 * If size requested is different, generate the full digest
-		 * (16 bytes) in a temporary location and then memcpy
-		 * the requested number of bytes.
-		 */
-		if (sess->auth.req_digest_len != 16 &&
-				sess->auth.req_digest_len != 12 &&
-				sess->auth.req_digest_len != 8) {
-			sess->auth.gen_digest_len = 16;
-		} else {
-			sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
 		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
 		sess->iv.length = xform->auth.iv.length;
 		sess->iv.offset = xform->auth.iv.offset;
 
@@ -624,6 +616,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		/* GCM digest size must be between 1 and 16 */
+		if (sess->auth.req_digest_len == 0 ||
+				sess->auth.req_digest_len > 16) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
 		break;
 
 	default:
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 2362f0c3c..3e4282954 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.aad_size = {
 					.min = 0,
@@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.iv_size = {
 					.min = 12,
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM digest size check
  2020-10-06 10:59 [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check Pablo de Lara
  2020-10-06 10:59 ` [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara
@ 2020-10-09 12:05 ` " Pablo de Lara
  2020-10-09 12:05   ` [dpdk-stable] [PATCH v2 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara
  1 sibling, 1 reply; 4+ messages in thread
From: Pablo de Lara @ 2020-10-09 12:05 UTC (permalink / raw)
  To: declan.doherty; +Cc: dev, Pablo de Lara, stable

Digest size for CCM was being checked for other algorithms
apart from CCM.

Fixes: c4c0c312a823 ("crypto/aesni_mb: check for invalid digest size")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---

Changes:

This patchset depends on series http://patches.dpdk.org/project/dpdk/list/?series=12820.

-v2 : rebased on top of crypto subtree

---

 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 29 +++++++++++-----------
 1 file changed, 15 insertions(+), 14 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 34a39ca99..ba2882d27 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -661,6 +661,14 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 		return -EINVAL;
 	}
 
+	/* Set IV parameters */
+	sess->iv.offset = xform->aead.iv.offset;
+	sess->iv.length = xform->aead.iv.length;
+
+	/* Set digest sizes */
+	sess->auth.req_digest_len = xform->aead.digest_length;
+	sess->auth.gen_digest_len = sess->auth.req_digest_len;
+
 	switch (xform->aead.algo) {
 	case RTE_CRYPTO_AEAD_AES_CCM:
 		sess->cipher.mode = CCM;
@@ -679,6 +687,13 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		/* CCM digests must be between 4 and 16 and an even number */
+		if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
+				sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
+				(sess->auth.req_digest_len & 1) == 1) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
 		break;
 
 	case RTE_CRYPTO_AEAD_AES_GCM:
@@ -713,20 +728,6 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 		return -ENOTSUP;
 	}
 
-	/* Set IV parameters */
-	sess->iv.offset = xform->aead.iv.offset;
-	sess->iv.length = xform->aead.iv.length;
-
-	sess->auth.req_digest_len = xform->aead.digest_length;
-	/* CCM digests must be between 4 and 16 and an even number */
-	if (sess->auth.req_digest_len < AES_CCM_DIGEST_MIN_LEN ||
-			sess->auth.req_digest_len > AES_CCM_DIGEST_MAX_LEN ||
-			(sess->auth.req_digest_len & 1) == 1) {
-		AESNI_MB_LOG(ERR, "Invalid digest size\n");
-		return -EINVAL;
-	}
-	sess->auth.gen_digest_len = sess->auth.req_digest_len;
-
 	return 0;
 }
 
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [dpdk-stable] [PATCH v2 2/3] crypto/aesni_mb: fix GCM digest size check
  2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara
@ 2020-10-09 12:05   ` " Pablo de Lara
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo de Lara @ 2020-10-09 12:05 UTC (permalink / raw)
  To: declan.doherty; +Cc: dev, Pablo de Lara, stable

GCM digest sizes should be between 1 and 16 bytes.

Fixes: 7b2d4706c90e ("crypto/aesni_mb: support newer library version only")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---

Changes:

This patchset depends on series http://patches.dpdk.org/project/dpdk/list/?series=12820.

-v2 : rebased on top of crypto subtree

---

 .../crypto/aesni_mb/aesni_mb_pmd_private.h    |  4 ++--
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c    | 22 +++++++++----------
 .../crypto/aesni_mb/rte_aesni_mb_pmd_ops.c    |  8 +++----
 3 files changed, 16 insertions(+), 18 deletions(-)

diff --git a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
index 9693bf985..7481e1d5e 100644
--- a/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
+++ b/drivers/crypto/aesni_mb/aesni_mb_pmd_private.h
@@ -85,7 +85,7 @@ static const unsigned auth_truncated_digest_byte_lengths[] = {
 		[AES_CMAC]			= 12,
 		[AES_CCM]			= 8,
 		[NULL_HASH]			= 0,
-		[AES_GMAC]			= 16,
+		[AES_GMAC]			= 12,
 		[PLAIN_SHA1]			= 20,
 		[PLAIN_SHA_224]			= 28,
 		[PLAIN_SHA_256]			= 32,
@@ -121,7 +121,7 @@ static const unsigned auth_digest_byte_lengths[] = {
 		[AES_XCBC]			= 16,
 		[AES_CMAC]			= 16,
 		[AES_CCM]			= 16,
-		[AES_GMAC]			= 12,
+		[AES_GMAC]			= 16,
 		[NULL_HASH]			= 0,
 		[PLAIN_SHA1]			= 20,
 		[PLAIN_SHA_224]			= 28,
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index ba2882d27..7dbe40e02 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -213,19 +213,11 @@ aesni_mb_set_session_auth_parameters(const MB_MGR *mb_mgr,
 			sess->cipher.direction = DECRYPT;
 
 		sess->auth.algo = AES_GMAC;
-		/*
-		 * Multi-buffer lib supports 8, 12 and 16 bytes of digest.
-		 * If size requested is different, generate the full digest
-		 * (16 bytes) in a temporary location and then memcpy
-		 * the requested number of bytes.
-		 */
-		if (sess->auth.req_digest_len != 16 &&
-				sess->auth.req_digest_len != 12 &&
-				sess->auth.req_digest_len != 8) {
-			sess->auth.gen_digest_len = 16;
-		} else {
-			sess->auth.gen_digest_len = sess->auth.req_digest_len;
+		if (sess->auth.req_digest_len > get_digest_byte_length(AES_GMAC)) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
 		}
+		sess->auth.gen_digest_len = sess->auth.req_digest_len;
 		sess->iv.length = xform->auth.iv.length;
 		sess->iv.offset = xform->auth.iv.offset;
 
@@ -721,6 +713,12 @@ aesni_mb_set_session_aead_parameters(const MB_MGR *mb_mgr,
 			return -EINVAL;
 		}
 
+		/* GCM digest size must be between 1 and 16 */
+		if (sess->auth.req_digest_len == 0 ||
+				sess->auth.req_digest_len > 16) {
+			AESNI_MB_LOG(ERR, "Invalid digest size\n");
+			return -EINVAL;
+		}
 		break;
 
 	default:
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
index 0f74be126..dc2238191 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd_ops.c
@@ -455,9 +455,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.aad_size = {
 					.min = 0,
@@ -485,9 +485,9 @@ static const struct rte_cryptodev_capabilities aesni_mb_pmd_capabilities[] = {
 					.increment = 8
 				},
 				.digest_size = {
-					.min = 8,
+					.min = 1,
 					.max = 16,
-					.increment = 4
+					.increment = 1
 				},
 				.iv_size = {
 					.min = 12,
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-06 10:59 [dpdk-stable] [PATCH 1/3] crypto/aesni_mb: fix CCM digest size check Pablo de Lara
2020-10-06 10:59 ` [dpdk-stable] [PATCH 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara
2020-10-09 12:05 ` [dpdk-stable] [PATCH v2 1/3] crypto/aesni_mb: fix CCM " Pablo de Lara
2020-10-09 12:05   ` [dpdk-stable] [PATCH v2 2/3] crypto/aesni_mb: fix GCM " Pablo de Lara

patches for DPDK stable branches

Archives are clonable:
	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable


Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/ public-inbox