patches for DPDK stable branches
 help / color / mirror / Atom feed
* [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings
@ 2022-03-22 13:39 Pablo de Lara
  2022-03-22 13:39 ` [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting Pablo de Lara
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo de Lara @ 2022-03-22 13:39 UTC (permalink / raw)
  To: luca.boccassi; +Cc: stable, Pablo de Lara

[ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ]

KASUMI, SNOW3G and ZUC require lengths and offsets to
be set in bits or bytes depending on the algorithm.
There were some algorithms that were mixing these two,
so this commit is fixing this issue.

Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++------
 1 file changed, 90 insertions(+), 36 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index f4ffb21e10..ab9864739d 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1057,7 +1057,9 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
 
 static inline uint64_t
 auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
-		uint32_t oop)
+		uint32_t oop, const uint32_t auth_offset,
+		const uint32_t cipher_offset, const uint32_t auth_length,
+		const uint32_t cipher_length)
 {
 	struct rte_mbuf *m_src, *m_dst;
 	uint8_t *p_src, *p_dst;
@@ -1066,7 +1068,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 
 	/* Only cipher then hash needs special calculation. */
 	if (!oop || session->chain_order != CIPHER_HASH)
-		return op->sym->auth.data.offset;
+		return auth_offset;
 
 	m_src = op->sym->m_src;
 	m_dst = op->sym->m_dst;
@@ -1074,24 +1076,23 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	p_src = rte_pktmbuf_mtod(m_src, uint8_t *);
 	p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *);
 	u_src = (uintptr_t)p_src;
-	u_dst = (uintptr_t)p_dst + op->sym->auth.data.offset;
+	u_dst = (uintptr_t)p_dst + auth_offset;
 
 	/**
 	 * Copy the content between cipher offset and auth offset for generating
 	 * correct digest.
 	 */
-	if (op->sym->cipher.data.offset > op->sym->auth.data.offset)
-		memcpy(p_dst + op->sym->auth.data.offset,
-				p_src + op->sym->auth.data.offset,
-				op->sym->cipher.data.offset -
-				op->sym->auth.data.offset);
-
+	if (cipher_offset > auth_offset)
+		memcpy(p_dst + auth_offset,
+				p_src + auth_offset,
+				cipher_offset -
+				auth_offset);
 	/**
 	 * Copy the content between (cipher offset + length) and (auth offset +
 	 * length) for generating correct digest
 	 */
-	cipher_end = op->sym->cipher.data.offset + op->sym->cipher.data.length;
-	auth_end = op->sym->auth.data.offset + op->sym->auth.data.length;
+	cipher_end = cipher_offset + cipher_length;
+	auth_end = auth_offset + auth_length;
 	if (cipher_end < auth_end)
 		memcpy(p_dst + cipher_end, p_src + cipher_end,
 				auth_end - cipher_end);
@@ -1246,7 +1247,12 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 	struct rte_mbuf *m_src = op->sym->m_src, *m_dst;
 	struct aesni_mb_session *session;
 	uint32_t m_offset, oop;
-
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	uint32_t auth_off_in_bytes;
+	uint32_t ciph_off_in_bytes;
+	uint32_t auth_len_in_bytes;
+	uint32_t ciph_len_in_bytes;
+#endif
 	session = get_session(qp, op);
 	if (session == NULL) {
 		op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1362,6 +1368,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
 		job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
 		job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
+		m_offset >>= 3;
 	} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
 		job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
 		m_offset = 0;
@@ -1418,9 +1425,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	switch (job->hash_alg) {
 	case AES_CCM:
-		job->cipher_start_src_offset_in_bytes =
-				op->sym->aead.data.offset;
-		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
 		job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
 		job->msg_len_to_hash_in_bytes = op->sym->aead.data.length;
 
@@ -1430,19 +1434,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 	case AES_GMAC:
 		if (session->cipher.mode == GCM) {
-			job->cipher_start_src_offset_in_bytes =
-					op->sym->aead.data.offset;
 			job->hash_start_src_offset_in_bytes =
 					op->sym->aead.data.offset;
-			job->msg_len_to_cipher_in_bytes =
-					op->sym->aead.data.length;
 			job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
 		} else {
-			job->cipher_start_src_offset_in_bytes =
-					op->sym->auth.data.offset;
-			job->hash_start_src_offset_in_bytes =
-					op->sym->auth.data.offset;
 			job->msg_len_to_cipher_in_bytes = 0;
 			job->msg_len_to_hash_in_bytes = 0;
 		}
@@ -1453,10 +1449,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 
 #if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
 	case IMB_AUTH_CHACHA20_POLY1305:
-		job->cipher_start_src_offset_in_bytes = op->sym->aead.data.offset;
 		job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
-		job->msg_len_to_cipher_in_bytes =
-				op->sym->aead.data.length;
 		job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
 
@@ -1464,26 +1457,87 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 				session->iv.offset);
 		break;
 #endif
-	default:
-		/* For SNOW3G, length and offsets are already in bits */
-		job->cipher_start_src_offset_in_bytes =
-				op->sym->cipher.data.offset;
-		job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+	/* ZUC and SNOW3G require length in bits and offset in bytes */
+	case IMB_AUTH_ZUC_EIA3_BITLEN:
+	case IMB_AUTH_SNOW3G_UIA2_BITLEN:
+		auth_off_in_bytes = op->sym->auth.data.offset >> 3;
+		ciph_off_in_bytes = op->sym->cipher.data.offset >> 3;
+		auth_len_in_bytes = op->sym->auth.data.length >> 3;
+		ciph_len_in_bytes = op->sym->cipher.data.length >> 3;
 
 		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
-				session, oop);
+				session, oop, auth_off_in_bytes,
+				ciph_off_in_bytes, auth_len_in_bytes,
+				ciph_len_in_bytes);
+		job->msg_len_to_hash_in_bits = op->sym->auth.data.length;
+
+		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			session->iv.offset);
+		break;
+
+	/* KASUMI requires lengths and offset in bytes */
+	case IMB_AUTH_KASUMI_UIA1:
+		auth_off_in_bytes = op->sym->auth.data.offset >> 3;
+		ciph_off_in_bytes = op->sym->cipher.data.offset >> 3;
+		auth_len_in_bytes = op->sym->auth.data.length >> 3;
+		ciph_len_in_bytes = op->sym->cipher.data.length >> 3;
+
+		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+				session, oop, auth_off_in_bytes,
+				ciph_off_in_bytes, auth_len_in_bytes,
+				ciph_len_in_bytes);
+		job->msg_len_to_hash_in_bytes = auth_len_in_bytes;
+
+		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			session->iv.offset);
+		break;
+#endif
+
+	default:
+		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+				session, oop, op->sym->auth.data.offset,
+				op->sym->cipher.data.offset,
+				op->sym->auth.data.length,
+				op->sym->cipher.data.length);
 		job->msg_len_to_hash_in_bytes = op->sym->auth.data.length;
 
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
 			session->iv.offset);
 	}
 
+	switch (job->cipher_mode) {
 #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
-	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
-		job->msg_len_to_cipher_in_bytes >>= 3;
-	else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1)
-		job->msg_len_to_hash_in_bytes >>= 3;
+	/* ZUC requires length and offset in bytes */
+	case IMB_CIPHER_ZUC_EEA3:
+		job->cipher_start_src_offset_in_bytes =
+					op->sym->cipher.data.offset >> 3;
+		job->msg_len_to_cipher_in_bytes =
+					op->sym->cipher.data.length >> 3;
+		break;
+	/* ZUC and SNOW3G require length and offset in bits */
+	case IMB_CIPHER_SNOW3G_UEA2_BITLEN:
+	case IMB_CIPHER_KASUMI_UEA1_BITLEN:
+		job->cipher_start_src_offset_in_bits =
+					op->sym->cipher.data.offset;
+		job->msg_len_to_cipher_in_bits =
+					op->sym->cipher.data.length;
+		break;
+#endif
+	case CCM:
+	case GCM:
+#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
+	case IMB_CIPHER_CHACHA20_POLY1305:
 #endif
+		job->cipher_start_src_offset_in_bytes =
+				op->sym->aead.data.offset;
+		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+		break;
+	default:
+		job->cipher_start_src_offset_in_bytes =
+					op->sym->cipher.data.offset;
+		job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
+	}
 
 	/* Set user data to be crypto operation data struct */
 	job->user_data = op;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting
  2022-03-22 13:39 [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings Pablo de Lara
@ 2022-03-22 13:39 ` Pablo de Lara
  2022-04-04 13:35   ` Luca Boccassi
  0 siblings, 1 reply; 4+ messages in thread
From: Pablo de Lara @ 2022-03-22 13:39 UTC (permalink / raw)
  To: luca.boccassi; +Cc: stable, Pablo de Lara, Fan Zhang, Radu Nicolau

[ upstream commit 837269c2e5c5a8813adfcf59f23b80569048ddeb ]
AES-GMAC requires plaintext length to be 0 when using AES-GCM,
so only AAD data is used.

Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
Cc: pablo.de.lara.guarch@intel.com
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Tested-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index ab9864739d..94055d8177 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1438,9 +1438,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 					op->sym->aead.data.offset;
 			job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
-		} else {
-			job->msg_len_to_cipher_in_bytes = 0;
+		} else { /* AES-GMAC only, only AAD used */
 			job->msg_len_to_hash_in_bytes = 0;
+			job->hash_start_src_offset_in_bytes = 0;
 		}
 
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -1524,8 +1524,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 					op->sym->cipher.data.length;
 		break;
 #endif
-	case CCM:
 	case GCM:
+		if (session->cipher.mode == NULL_CIPHER) {
+			/* AES-GMAC only (only AAD used) */
+			job->msg_len_to_cipher_in_bytes = 0;
+			job->cipher_start_src_offset_in_bytes = 0;
+		} else {
+			job->cipher_start_src_offset_in_bytes =
+					op->sym->aead.data.offset;
+			job->msg_len_to_cipher_in_bytes =
+					op->sym->aead.data.length;
+		}
+		break;
+	case CCM:
 #if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
 	case IMB_CIPHER_CHACHA20_POLY1305:
 #endif
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting
  2022-03-22 13:39 ` [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting Pablo de Lara
@ 2022-04-04 13:35   ` Luca Boccassi
  0 siblings, 0 replies; 4+ messages in thread
From: Luca Boccassi @ 2022-04-04 13:35 UTC (permalink / raw)
  To: Pablo de Lara; +Cc: stable, Fan Zhang, Radu Nicolau

On Tue, 2022-03-22 at 13:39 +0000, Pablo de Lara wrote:
> [ upstream commit 837269c2e5c5a8813adfcf59f23b80569048ddeb ]
> AES-GMAC requires plaintext length to be 0 when using AES-GCM,
> so only AAD data is used.
> 
> Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
> Cc: pablo.de.lara.guarch@intel.com
> Cc: stable@dpdk.org
> 
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
> Acked-by: Radu Nicolau <radu.nicolau@intel.com>
> Tested-by: Radu Nicolau <radu.nicolau@intel.com>
> ---
>  drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 17 ++++++++++++++---
>  1 file changed, 14 insertions(+), 3 deletions(-)

Thanks, series queued for 20.11.6.

-- 
Kind regards,
Luca Boccassi

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting
  2022-03-14 11:05 [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings Pablo de Lara
@ 2022-03-14 11:05 ` Pablo de Lara
  0 siblings, 0 replies; 4+ messages in thread
From: Pablo de Lara @ 2022-03-14 11:05 UTC (permalink / raw)
  To: luca.boccassi, stable; +Cc: Pablo de Lara, Fan Zhang, Radu Nicolau

[ upstream commit 837269c2e5c5a8813adfcf59f23b80569048ddeb ]
AES-GMAC requires plaintext length to be 0 when using AES-GCM,
so only AAD data is used.

Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
Cc: pablo.de.lara.guarch@intel.com
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Tested-by: Radu Nicolau <radu.nicolau@intel.com>
---
 drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index 07f5caa76f..ce23a9a332 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1437,9 +1437,9 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 					op->sym->aead.data.offset;
 			job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
-		} else {
-			job->msg_len_to_cipher_in_bytes = 0;
+		} else { /* AES-GMAC only, only AAD used */
 			job->msg_len_to_hash_in_bytes = 0;
+			job->hash_start_src_offset_in_bytes = 0;
 		}
 
 		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -1523,8 +1523,19 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
 					op->sym->cipher.data.length;
 		break;
 #endif
-	case IMB_CIPHER_CCM:
 	case IMB_CIPHER_GCM:
+		if (session->cipher.mode == IMB_CIPHER_NULL) {
+			/* AES-GMAC only (only AAD used) */
+			job->msg_len_to_cipher_in_bytes = 0;
+			job->cipher_start_src_offset_in_bytes = 0;
+		} else {
+			job->cipher_start_src_offset_in_bytes =
+					op->sym->aead.data.offset;
+			job->msg_len_to_cipher_in_bytes =
+					op->sym->aead.data.length;
+		}
+		break;
+	case IMB_CIPHER_CCM:
 	case IMB_CIPHER_CHACHA20_POLY1305:
 		job->cipher_start_src_offset_in_bytes =
 				op->sym->aead.data.offset;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-04-04 13:35 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-22 13:39 [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings Pablo de Lara
2022-03-22 13:39 ` [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting Pablo de Lara
2022-04-04 13:35   ` Luca Boccassi
  -- strict thread matches above, loose matches on Subject: below --
2022-03-14 11:05 [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings Pablo de Lara
2022-03-14 11:05 ` [PATCH 20.11 2/2] crypto/ipsec_mb: fix GMAC parameters setting Pablo de Lara

patches for DPDK stable branches

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.dpdk.org/stable/0 stable/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 stable stable/ http://inbox.dpdk.org/stable \
		stable@dpdk.org
	public-inbox-index stable

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.stable


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git