patches for DPDK stable branches
 help / color / mirror / Atom feed
* [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys
@ 2024-04-05 10:38 Ciara Power
  2024-04-05 14:43 ` Luca Boccassi
  0 siblings, 1 reply; 6+ messages in thread
From: Ciara Power @ 2024-04-05 10:38 UTC (permalink / raw)
  To: stable; +Cc: Ciara Power, pablo.de.lara.guarch, Kai Ji

The encryption and decryption keys were incorrectly being reset based on
authentication algorithm after already being set earlier in the code
based on cipher algorithm.
In cases when 3DES was used, the keys were being
incorrectly overwritten.

For CPU path, there is no need to have the keys set for XCBC and CMAC
cases.

Fixes: 010230a1543b ("crypto/aesni_mb: support Chacha20-Poly1305")
Fixes: b0a37e8cd2ac ("crypto/ipsec_mb: fix cipher key setting")
Fixes: a2c6d3f34f90 ("crypto/aesni_mb: support CPU crypto")

Signed-off-by: Ciara Power <ciara.power@intel.com>
---
Cc: pablo.de.lara.guarch@intel.com
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index ac20d01937..02d419b587 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1017,9 +1017,6 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
 		job->u.XCBC._k2 = session->auth.xcbc.k2;
 		job->u.XCBC._k3 = session->auth.xcbc.k3;
-
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_CCM:
@@ -1034,8 +1031,6 @@ set_cpu_mb_job_params(IMB_JOB *job, struct aesni_mb_session *session,
 		job->u.CMAC._key_expanded = session->auth.cmac.expkey;
 		job->u.CMAC._skey1 = session->auth.cmac.skey1;
 		job->u.CMAC._skey2 = session->auth.cmac.skey2;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_GMAC:
@@ -1331,24 +1326,17 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
 		job->u.XCBC._k2 = session->auth.xcbc.k2;
 		job->u.XCBC._k3 = session->auth.xcbc.k3;
-
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_CCM:
 		job->u.CCM.aad = op->sym->aead.aad.data + 18;
 		job->u.CCM.aad_len_in_bytes = session->aead.aad_len;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_CMAC:
 		job->u.CMAC._key_expanded = session->auth.cmac.expkey;
 		job->u.CMAC._skey1 = session->auth.cmac.skey1;
 		job->u.CMAC._skey2 = session->auth.cmac.skey2;
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.decode;
 		break;
 
 	case IMB_AUTH_AES_GMAC:
@@ -1396,8 +1384,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 			job->cipher_mode = IMB_CIPHER_CHACHA20_POLY1305_SGL;
 			job->hash_alg = IMB_AUTH_CHACHA20_POLY1305_SGL;
 		}
-		job->enc_keys = session->cipher.expanded_aes_keys.encode;
-		job->dec_keys = session->cipher.expanded_aes_keys.encode;
 		break;
 	default:
 		job->u.HMAC._hashed_auth_key_xor_ipad =
-- 
2.25.1


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2024-04-10 13:07 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-05 10:38 [PATCH 22.11] crypto/ipsec_mb: fix incorrectly setting cipher keys Ciara Power
2024-04-05 14:43 ` Luca Boccassi
2024-04-08  7:17   ` Power, Ciara
2024-04-08  9:22     ` Luca Boccassi
2024-04-10  7:56       ` Power, Ciara
2024-04-10 13:07         ` Luca Boccassi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).