patches for DPDK stable branches
 help / color / mirror / Atom feed
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: luca.boccassi@gmail.com
Cc: stable@dpdk.org, Pablo de Lara <pablo.de.lara.guarch@intel.com>,
	Fan Zhang <roy.fan.zhang@intel.com>,
	Radu Nicolau <radu.nicolau@intel.com>
Subject: [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting
Date: Tue, 22 Mar 2022 13:39:10 +0000	[thread overview]
Message-ID: <20220322133910.664010-2-pablo.de.lara.guarch@intel.com> (raw)
In-Reply-To: <20220322133910.664010-1-pablo.de.lara.guarch@intel.com>

[ upstream commit 837269c2e5c5a8813adfcf59f23b80569048ddeb ]
AES-GMAC requires plaintext length to be 0 when using AES-GCM,
so only AAD data is used.

Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
Cc: pablo.de.lara.guarch@intel.com
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Tested-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index ab9864739d..94055d8177 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1438,9 +1438,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 					op->sym->aead.data.offset;
 			job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
-		} else {
-			job->msg_len_to_cipher_in_bytes = 0;
+		} else { /* AES-GMAC only, only AAD used */
 			job->msg_len_to_hash_in_bytes = 0;
+			job->hash_start_src_offset_in_bytes = 0;
 		}
 
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -1524,8 +1524,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 					op->sym->cipher.data.length;
 		break;
 #endif
-	case CCM:
 	case GCM:
+		if (session->cipher.mode == NULL_CIPHER) {
+			/* AES-GMAC only (only AAD used) */
+			job->msg_len_to_cipher_in_bytes = 0;
+			job->cipher_start_src_offset_in_bytes = 0;
+		} else {
+			job->cipher_start_src_offset_in_bytes =
+					op->sym->aead.data.offset;
+			job->msg_len_to_cipher_in_bytes =
+					op->sym->aead.data.length;
+		}
+		break;
+	case CCM:
 #if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
 	case IMB_CIPHER_CHACHA20_POLY1305:
 #endif
-- 
2.25.1


  reply	other threads:[~2022-03-22 13:39 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-03-22 13:39 [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings Pablo de Lara
2022-03-22 13:39 ` Pablo de Lara [this message]
2022-04-04 13:35   ` [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting Luca Boccassi
  -- strict thread matches above, loose matches on Subject: below --
2022-03-14 11:05 [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings Pablo de Lara
2022-03-14 11:05 ` [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting Pablo de Lara

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220322133910.664010-2-pablo.de.lara.guarch@intel.com \
    --to=pablo.de.lara.guarch@intel.com \
    --cc=luca.boccassi@gmail.com \
    --cc=radu.nicolau@intel.com \
    --cc=roy.fan.zhang@intel.com \
    --cc=stable@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).