From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id A25D2A034F for ; Tue, 1 Mar 2022 11:44:11 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9E054426E8; Tue, 1 Mar 2022 11:44:11 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id D7287407FF for ; Tue, 1 Mar 2022 11:44:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646131449; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yFF33rNSh9HJtajWFdKBvJvLjR266QvLGgdXIVk/Hl4=; b=JjuHUL7pDLNtw7yj9GXYXXtVhakrJOE1MvVOlm8xPc8P0mhRgkp4mXlStl5eXEMipwvRi4 JDxLHnYni13fD7oGLpwwfL5Lv0Y7qDj/ndX1rm2AHkLZ7Dh+hE8owH2OWs9VfjGbZmKcQ7 l66xXt0lE56wdzKi29d5nlWCSDXxwEM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-639-o-3_eCHEPMWPJ9GccVF-9A-1; Tue, 01 Mar 2022 05:44:06 -0500 X-MC-Unique: o-3_eCHEPMWPJ9GccVF-9A-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 95482801AB2; Tue, 1 Mar 2022 10:44:05 +0000 (UTC) Received: from rh.Home (unknown [10.39.194.142]) by smtp.corp.redhat.com (Postfix) with ESMTP id BA57E6FB02; Tue, 1 Mar 2022 10:44:04 +0000 (UTC) From: Kevin Traynor To: Pablo de Lara Cc: dpdk stable Subject: patch 'crypto/ipsec_mb: fix length and offset settings' has been queued to stable release 21.11.1 Date: Tue, 1 Mar 2022 10:41:51 +0000 Message-Id: <20220301104300.334382-35-ktraynor@redhat.com> In-Reply-To: <20220301104300.334382-1-ktraynor@redhat.com> References: <20220301104300.334382-1-ktraynor@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org Hi, FYI, your patch has been queued to stable release 21.11.1 Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet. It will be pushed if I get no objections before 03/06/22. So please shout if anyone has objections. Also note that after the patch there's a diff of the upstream commit vs the patch applied to the branch. This will indicate if there was any rebasing needed to apply to the stable branch. If there were code changes for rebasing (ie: not only metadata diffs), please double check that the rebase was correctly done. Queued patches are on a temporary branch at: https://github.com/kevintraynor/dpdk-stable This queued commit can be viewed at: https://github.com/kevintraynor/dpdk-stable/commit/daf06c45e8576d8a2a86455e33e2bc4574f8f8b4 Thanks. Kevin --- >From daf06c45e8576d8a2a86455e33e2bc4574f8f8b4 Mon Sep 17 00:00:00 2001 From: Pablo de Lara Date: Wed, 23 Feb 2022 16:01:16 +0000 Subject: [PATCH] crypto/ipsec_mb: fix length and offset settings [ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ] KASUMI, SNOW3G and ZUC require lengths and offsets to be set in bits or bytes depending on the algorithm. There were some algorithms that were mixing these two, so this commit is fixing this issue. Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9") Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2") Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3") Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb") Signed-off-by: Pablo de Lara --- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 93 ++++++++++++++++---------- 1 file changed, 57 insertions(+), 36 deletions(-) diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c index a308d42ffa..748382320b 100644 --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c @@ -919,5 +919,7 @@ error_exit: static inline uint64_t auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, - uint32_t oop) + uint32_t oop, const uint32_t auth_offset, + const uint32_t cipher_offset, const uint32_t auth_length, + const uint32_t cipher_length) { struct rte_mbuf *m_src, *m_dst; @@ -928,5 +930,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, /* Only cipher then hash needs special calculation. */ if (!oop || session->chain_order != IMB_ORDER_CIPHER_HASH) - return op->sym->auth.data.offset; + return auth_offset; m_src = op->sym->m_src; @@ -936,5 +938,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); u_src = (uintptr_t)p_src; - u_dst = (uintptr_t)p_dst + op->sym->auth.data.offset; + u_dst = (uintptr_t)p_dst + auth_offset; /** @@ -942,9 +944,9 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, * correct digest. */ - if (op->sym->cipher.data.offset > op->sym->auth.data.offset) - memcpy(p_dst + op->sym->auth.data.offset, - p_src + op->sym->auth.data.offset, - op->sym->cipher.data.offset - - op->sym->auth.data.offset); + if (cipher_offset > auth_offset) + memcpy(p_dst + auth_offset, + p_src + auth_offset, + cipher_offset - + auth_offset); /** @@ -952,6 +954,6 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, * length) for generating correct digest */ - cipher_end = op->sym->cipher.data.offset + op->sym->cipher.data.length; - auth_end = op->sym->auth.data.offset + op->sym->auth.data.length; + cipher_end = cipher_offset + cipher_length; + auth_end = auth_offset + auth_length; if (cipher_end < auth_end) memcpy(p_dst + cipher_end, p_src + cipher_end, @@ -1100,4 +1102,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, struct aesni_mb_session *session; uint32_t m_offset, oop; + uint32_t auth_off_in_bytes; + uint32_t ciph_off_in_bytes; + uint32_t auth_len_in_bytes; + uint32_t ciph_len_in_bytes; session = ipsec_mb_get_session_private(qp, op); @@ -1208,4 +1214,5 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, job->enc_keys = session->cipher.zuc_cipher_key; job->dec_keys = session->cipher.zuc_cipher_key; + m_offset >>= 3; } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; @@ -1265,7 +1272,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, switch (job->hash_alg) { case IMB_AUTH_AES_CCM: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; job->msg_len_to_hash_in_bytes = op->sym->aead.data.length; @@ -1277,17 +1281,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, case IMB_AUTH_AES_GMAC: if (session->cipher.mode == IMB_CIPHER_GCM) { - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = - op->sym->aead.data.length; job->msg_len_to_hash_in_bytes = op->sym->aead.data.length; } else { - job->cipher_start_src_offset_in_bytes = - op->sym->auth.data.offset; - job->hash_start_src_offset_in_bytes = - op->sym->auth.data.offset; job->msg_len_to_cipher_in_bytes = 0; job->msg_len_to_hash_in_bytes = 0; @@ -1299,10 +1295,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, case IMB_AUTH_CHACHA20_POLY1305: - job->cipher_start_src_offset_in_bytes = - op->sym->aead.data.offset; job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset; - job->msg_len_to_cipher_in_bytes = - op->sym->aead.data.length; job->msg_len_to_hash_in_bytes = op->sym->aead.data.length; @@ -1311,12 +1303,46 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, session->iv.offset); break; + /* ZUC and SNOW3G require length in bits and offset in bytes */ + case IMB_AUTH_ZUC_EIA3_BITLEN: + case IMB_AUTH_ZUC256_EIA3_BITLEN: + case IMB_AUTH_SNOW3G_UIA2_BITLEN: + auth_off_in_bytes = op->sym->auth.data.offset >> 3; + ciph_off_in_bytes = op->sym->cipher.data.offset >> 3; + auth_len_in_bytes = op->sym->auth.data.length >> 3; + ciph_len_in_bytes = op->sym->cipher.data.length >> 3; + + job->hash_start_src_offset_in_bytes = auth_start_offset(op, + session, oop, auth_off_in_bytes, + ciph_off_in_bytes, auth_len_in_bytes, + ciph_len_in_bytes); + job->msg_len_to_hash_in_bits = op->sym->auth.data.length; + + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->iv.offset); + break; + + /* KASUMI requires lengths and offset in bytes */ + case IMB_AUTH_KASUMI_UIA1: + auth_off_in_bytes = op->sym->auth.data.offset >> 3; + ciph_off_in_bytes = op->sym->cipher.data.offset >> 3; + auth_len_in_bytes = op->sym->auth.data.length >> 3; + ciph_len_in_bytes = op->sym->cipher.data.length >> 3; + + job->hash_start_src_offset_in_bytes = auth_start_offset(op, + session, oop, auth_off_in_bytes, + ciph_off_in_bytes, auth_len_in_bytes, + ciph_len_in_bytes); + job->msg_len_to_hash_in_bytes = auth_len_in_bytes; + + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, + session->iv.offset); + break; + default: - /* For SNOW3G, length and offsets are already in bits */ - job->cipher_start_src_offset_in_bytes = - op->sym->cipher.data.offset; - job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; - job->hash_start_src_offset_in_bytes = auth_start_offset(op, - session, oop); + session, oop, op->sym->auth.data.offset, + op->sym->cipher.data.offset, + op->sym->auth.data.length, + op->sym->cipher.data.length); job->msg_len_to_hash_in_bytes = op->sym->auth.data.length; @@ -1325,9 +1351,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, } - if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) - job->msg_len_to_cipher_in_bytes >>= 3; - else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) - job->msg_len_to_hash_in_bytes >>= 3; - /* Set user data to be crypto operation data struct */ job->user_data = op; -- 2.34.1 --- Diff of the applied patch vs upstream commit (please double-check if non-empty: --- --- - 2022-03-01 10:41:02.279858967 +0000 +++ 0035-crypto-ipsec_mb-fix-length-and-offset-settings.patch 2022-03-01 10:41:01.288244095 +0000 @@ -1 +1 @@ -From a501609ea6466ed8526c0dfadedee332a4d4a451 Mon Sep 17 00:00:00 2001 +From daf06c45e8576d8a2a86455e33e2bc4574f8f8b4 Mon Sep 17 00:00:00 2001 @@ -5,0 +6,2 @@ +[ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ] + @@ -15 +16,0 @@ -Cc: stable@dpdk.org @@ -19,2 +20,2 @@ - drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 122 +++++++++++++++++-------- - 1 file changed, 86 insertions(+), 36 deletions(-) + drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 93 ++++++++++++++++---------- + 1 file changed, 57 insertions(+), 36 deletions(-) @@ -23 +24 @@ -index 0111c6f540..c974886032 100644 +index a308d42ffa..748382320b 100644 @@ -26 +27 @@ -@@ -931,5 +931,7 @@ error_exit: +@@ -919,5 +919,7 @@ error_exit: @@ -35 +36 @@ -@@ -940,5 +942,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, +@@ -928,5 +930,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, @@ -42 +43 @@ -@@ -948,5 +950,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, +@@ -936,5 +938,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, @@ -49 +50 @@ -@@ -954,9 +956,9 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, +@@ -942,9 +944,9 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, @@ -64 +65 @@ -@@ -964,6 +966,6 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, +@@ -952,6 +954,6 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session, @@ -73 +74 @@ -@@ -1112,4 +1114,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1100,4 +1102,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, @@ -82 +83 @@ -@@ -1220,4 +1226,5 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1208,4 +1214,5 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, @@ -88 +89 @@ -@@ -1277,7 +1284,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1265,7 +1272,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, @@ -96 +97 @@ -@@ -1289,17 +1293,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1277,17 +1281,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, @@ -114 +115 @@ -@@ -1311,10 +1307,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1299,10 +1295,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, @@ -125 +126 @@ -@@ -1323,12 +1315,46 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1311,12 +1303,46 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, @@ -178,35 +179 @@ -@@ -1337,4 +1363,33 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, - } - -+ switch (job->cipher_mode) { -+ /* ZUC requires length and offset in bytes */ -+ case IMB_CIPHER_ZUC_EEA3: -+ job->cipher_start_src_offset_in_bytes = -+ op->sym->cipher.data.offset >> 3; -+ job->msg_len_to_cipher_in_bytes = -+ op->sym->cipher.data.length >> 3; -+ break; -+ /* ZUC and SNOW3G require length and offset in bits */ -+ case IMB_CIPHER_SNOW3G_UEA2_BITLEN: -+ case IMB_CIPHER_KASUMI_UEA1_BITLEN: -+ job->cipher_start_src_offset_in_bits = -+ op->sym->cipher.data.offset; -+ job->msg_len_to_cipher_in_bits = -+ op->sym->cipher.data.length; -+ break; -+ case IMB_CIPHER_CCM: -+ case IMB_CIPHER_GCM: -+ case IMB_CIPHER_CHACHA20_POLY1305: -+ job->cipher_start_src_offset_in_bytes = -+ op->sym->aead.data.offset; -+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length; -+ break; -+ default: -+ job->cipher_start_src_offset_in_bytes = -+ op->sym->cipher.data.offset; -+ job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length; -+ } -+ - if (job->cipher_mode == IMB_CIPHER_NULL && oop) { - memcpy(job->dst + job->cipher_start_src_offset_in_bytes, -@@ -1343,9 +1398,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp, +@@ -1325,9 +1351,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,