From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C4F40A04FF for ; Tue, 22 Mar 2022 11:39:52 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id BF00940151; Tue, 22 Mar 2022 11:39:52 +0100 (CET) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by mails.dpdk.org (Postfix) with ESMTP id BF96640151 for ; Tue, 22 Mar 2022 11:39:51 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1647945591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=aC7nqdVA0VNf6vqJQX44U5/ya2wM1uKdfLQse/22cwM=; b=Nzhm/WjopQUaqA1sU9xFF8zvuWmJcNq5vfOl2dE3/yzLs7KugsKn1PV4nyWCsqijoN75Az SkqPkvWFeD84UmAF9lAQJvpYcdWfoepjcKzmWZJaiBfzhGo93pT1DwtSXjgSagf/u4EzBh SsowGJcM2fae8zCMp8BHGNrQIznT+Qg= Received: from mail-wm1-f70.google.com (mail-wm1-f70.google.com [209.85.128.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-453-mQ2_nn2tO12UTFvrkS5_HQ-1; Tue, 22 Mar 2022 06:39:48 -0400 X-MC-Unique: mQ2_nn2tO12UTFvrkS5_HQ-1 Received: by mail-wm1-f70.google.com with SMTP id q6-20020a1cf306000000b0038c5726365aso682510wmq.3 for ; Tue, 22 Mar 2022 03:39:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent :content-language:to:cc:references:from:subject:in-reply-to :content-transfer-encoding; bh=aC7nqdVA0VNf6vqJQX44U5/ya2wM1uKdfLQse/22cwM=; b=JAHFg2Rad5q6TpGR25kEXJNFcr/LRbQvhy0mhfM0wr17I4LlySklmn8KxZWsvxF0Z2 JIpIIq2EGRrX9mPDqPxBKykPqXink7ugATrhSnn2eKEst5IX+1ZuT4FVDkhZ0i93lSe+ 82NLqEYymiFTwLWHJQi5ltxK/wGT3/kGtdZ/h7zCxM82ZdcXyxBzXu/r3QI3KKbmhPO4 toBD5A3licCZd3FvS1LoVMVUCgwT6YfHJAoKIui7Ay4zjYcpn7YL+5XKaK+B2+Bl9B6a Bd1idVbTfcLUyLe0txqI0twEuA5YC7iIGia8T0WW8XyPfg+AjH6IGTWpvQ2k9r8prD6T 1NHw== X-Gm-Message-State: AOAM531E8MBIVqI9X99dPbpeYkSZsukSWhKemTRqw/XUpcLmxxgVECCV j/bQPFGd5QbyQbsq1/4TyLAzbBtYSfYHkqQofzieOS8T5Cl5U5T3io2Dbg7sPtiQjsHU55kqzrn fq20uaek= X-Received: by 2002:adf:d1c4:0:b0:204:b9d:a840 with SMTP id b4-20020adfd1c4000000b002040b9da840mr9035025wrd.285.1647945586937; Tue, 22 Mar 2022 03:39:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw0F838hxYdtc2sc4XSK8zBfrQJ5DSc62TNNzMIKpiXNEKBingqTMFluYOT26Itpp0yl59sMg== X-Received: by 2002:adf:d1c4:0:b0:204:b9d:a840 with SMTP id b4-20020adfd1c4000000b002040b9da840mr9035011wrd.285.1647945586692; Tue, 22 Mar 2022 03:39:46 -0700 (PDT) Received: from [192.168.0.36] ([78.17.178.139]) by smtp.gmail.com with ESMTPSA id u7-20020a5d6da7000000b00203d9d1875bsm17397442wrs.73.2022.03.22.03.39.46 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 22 Mar 2022 03:39:46 -0700 (PDT) Message-ID: Date: Tue, 22 Mar 2022 10:39:45 +0000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 To: Luca Boccassi , "De Lara Guarch, Pablo" Cc: "stable@dpdk.org" References: <20220314110559.1502861-1-pablo.de.lara.guarch@intel.com> From: Kevin Traynor Subject: Re: [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings In-Reply-To: Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=ktraynor@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: stable-bounces@dpdk.org On 21/03/2022 22:12, Luca Boccassi wrote: > On Mon, 21 Mar 2022 at 19:57, De Lara Guarch, Pablo > wrote: >> >> Hi Luca, >> >>> -----Original Message----- >>> From: Luca Boccassi >>> Sent: Monday, March 14, 2022 12:20 PM >>> To: De Lara Guarch, Pablo ; stable@dpdk.org >>> Subject: Re: [PATCH 20.11 1/2] crypto/ipsec_mb: fix length and offset settings >>> >>> On Mon, 2022-03-14 at 11:05 +0000, Pablo de Lara wrote: >>>> [ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ] >>>> >>>> KASUMI, SNOW3G and ZUC require lengths and offsets to be set in bits >>>> or bytes depending on the algorithm. >>>> There were some algorithms that were mixing these two, so this commit >>>> is fixing this issue. >>>> >>>> Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9") >>>> Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2") >>>> Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3") >>>> >>>> Signed-off-by: Pablo de Lara >>>> --- >>>> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 121 >>>> +++++++++++++++------ >>>> 1 file changed, 86 insertions(+), 35 deletions(-) >>>> >>>> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c >>>> b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c >>>> index f4ffb21e10..07f5caa76f 100644 >>>> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c >>>> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c >>>> @@ -1057,7 +1057,9 @@ get_session(struct aesni_mb_qp *qp, struct >>>> rte_crypto_op *op) >>>> >>>> >>>> static inline uint64_t >>>> auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session >>> *session, >>>> - uint32_t oop) >>>> + uint32_t oop, const uint32_t auth_offset, >>>> + const uint32_t cipher_offset, const uint32_t auth_length, >>>> + const uint32_t cipher_length) >>>> { >>>> struct rte_mbuf *m_src, *m_dst; >>>> uint8_t *p_src, *p_dst; >>>> @@ -1066,7 +1068,7 @@ auth_start_offset(struct rte_crypto_op *op, >>>> struct aesni_mb_session *session, >>>> >>>> >>>> /* Only cipher then hash needs special calculation. */ >>>> if (!oop || session->chain_order != CIPHER_HASH) >>>> - return op->sym->auth.data.offset; >>>> + return auth_offset; >>>> >>>> >>>> m_src = op->sym->m_src; >>>> m_dst = op->sym->m_dst; >>>> @@ -1074,24 +1076,23 @@ auth_start_offset(struct rte_crypto_op *op, >>> struct aesni_mb_session *session, >>>> p_src = rte_pktmbuf_mtod(m_src, uint8_t *); >>>> p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *); >>>> u_src = (uintptr_t)p_src; >>>> - u_dst = (uintptr_t)p_dst + op->sym->auth.data.offset; >>>> + u_dst = (uintptr_t)p_dst + auth_offset; >>>> >>>> >>>> /** >>>> * Copy the content between cipher offset and auth offset for >>> generating >>>> * correct digest. >>>> */ >>>> - if (op->sym->cipher.data.offset > op->sym->auth.data.offset) >>>> - memcpy(p_dst + op->sym->auth.data.offset, >>>> - p_src + op->sym->auth.data.offset, >>>> - op->sym->cipher.data.offset - >>>> - op->sym->auth.data.offset); >>>> - >>>> + if (cipher_offset > auth_offset) >>>> + memcpy(p_dst + auth_offset, >>>> + p_src + auth_offset, >>>> + cipher_offset - >>>> + auth_offset); >>>> /** >>>> * Copy the content between (cipher offset + length) and (auth offset + >>>> * length) for generating correct digest >>>> */ >>>> - cipher_end = op->sym->cipher.data.offset + op->sym- >>>> cipher.data.length; >>>> - auth_end = op->sym->auth.data.offset + op->sym->auth.data.length; >>>> + cipher_end = cipher_offset + cipher_length; >>>> + auth_end = auth_offset + auth_length; >>>> if (cipher_end < auth_end) >>>> memcpy(p_dst + cipher_end, p_src + cipher_end, >>>> auth_end - cipher_end); >>>> @@ -1246,6 +1247,10 @@ set_mb_job_params(JOB_AES_HMAC *job, struct >>> aesni_mb_qp *qp, >>>> struct rte_mbuf *m_src = op->sym->m_src, *m_dst; >>>> struct aesni_mb_session *session; >>>> uint32_t m_offset, oop; >>>> + uint32_t auth_off_in_bytes; >>>> + uint32_t ciph_off_in_bytes; >>>> + uint32_t auth_len_in_bytes; >>>> + uint32_t ciph_len_in_bytes; >>>> >>>> >>>> session = get_session(qp, op); >>>> if (session == NULL) { >>>> @@ -1362,6 +1367,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct >>> aesni_mb_qp *qp, >>>> if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) { >>>> job->aes_enc_key_expanded = session->cipher.zuc_cipher_key; >>>> job->aes_dec_key_expanded = session->cipher.zuc_cipher_key; >>>> + m_offset >>= 3; >>>> } else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) { >>>> job->enc_keys = &session->cipher.pKeySched_snow3g_cipher; >>>> m_offset = 0; >>>> @@ -1418,9 +1424,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct >>>> aesni_mb_qp *qp, >>>> >>>> >>>> switch (job->hash_alg) { >>>> case AES_CCM: >>>> - job->cipher_start_src_offset_in_bytes = >>>> - op->sym->aead.data.offset; >>>> - job->msg_len_to_cipher_in_bytes = op->sym- >>>> aead.data.length; >>>> job->hash_start_src_offset_in_bytes = op->sym- >>>> aead.data.offset; >>>> job->msg_len_to_hash_in_bytes = op->sym->aead.data.length; >>>> >>>> >>>> @@ -1430,19 +1433,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct >>>> aesni_mb_qp *qp, >>>> >>>> >>>> case AES_GMAC: >>>> if (session->cipher.mode == GCM) { >>>> - job->cipher_start_src_offset_in_bytes = >>>> - op->sym->aead.data.offset; >>>> job->hash_start_src_offset_in_bytes = >>>> op->sym->aead.data.offset; >>>> - job->msg_len_to_cipher_in_bytes = >>>> - op->sym->aead.data.length; >>>> job->msg_len_to_hash_in_bytes = >>>> op->sym->aead.data.length; >>>> } else { >>>> - job->cipher_start_src_offset_in_bytes = >>>> - op->sym->auth.data.offset; >>>> - job->hash_start_src_offset_in_bytes = >>>> - op->sym->auth.data.offset; >>>> job->msg_len_to_cipher_in_bytes = 0; >>>> job->msg_len_to_hash_in_bytes = 0; >>>> } >>>> @@ -1453,10 +1448,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct >>>> aesni_mb_qp *qp, >>>> >>>> >>>> #if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM >>>> case IMB_AUTH_CHACHA20_POLY1305: >>>> - job->cipher_start_src_offset_in_bytes = op->sym- >>>> aead.data.offset; >>>> job->hash_start_src_offset_in_bytes = op->sym- >>>> aead.data.offset; >>>> - job->msg_len_to_cipher_in_bytes = >>>> - op->sym->aead.data.length; >>>> job->msg_len_to_hash_in_bytes = >>>> op->sym->aead.data.length; >>>> >>>> >>>> @@ -1464,26 +1456,85 @@ set_mb_job_params(JOB_AES_HMAC *job, struct >>> aesni_mb_qp *qp, >>>> session->iv.offset); >>>> break; >>>> #endif >>>> - default: >>>> - /* For SNOW3G, length and offsets are already in bits */ >>>> - job->cipher_start_src_offset_in_bytes = >>>> - op->sym->cipher.data.offset; >>>> - job->msg_len_to_cipher_in_bytes = op->sym- >>>> cipher.data.length; >>>> +#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM >>>> + /* ZUC and SNOW3G require length in bits and offset in bytes */ >>>> + case IMB_AUTH_ZUC_EIA3_BITLEN: >>>> + case IMB_AUTH_SNOW3G_UIA2_BITLEN: >>>> + auth_off_in_bytes = op->sym->auth.data.offset >> 3; >>>> + ciph_off_in_bytes = op->sym->cipher.data.offset >> 3; >>>> + auth_len_in_bytes = op->sym->auth.data.length >> 3; >>>> + ciph_len_in_bytes = op->sym->cipher.data.length >> 3; >>>> + >>>> + job->hash_start_src_offset_in_bytes = auth_start_offset(op, >>>> + session, oop, auth_off_in_bytes, >>>> + ciph_off_in_bytes, auth_len_in_bytes, >>>> + ciph_len_in_bytes); >>>> + job->msg_len_to_hash_in_bits = op->sym->auth.data.length; >>>> + >>>> + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, >>>> + session->iv.offset); >>>> + break; >>>> + >>>> + /* KASUMI requires lengths and offset in bytes */ >>>> + case IMB_AUTH_KASUMI_UIA1: >>>> + auth_off_in_bytes = op->sym->auth.data.offset >> 3; >>>> + ciph_off_in_bytes = op->sym->cipher.data.offset >> 3; >>>> + auth_len_in_bytes = op->sym->auth.data.length >> 3; >>>> + ciph_len_in_bytes = op->sym->cipher.data.length >> 3; >>>> >>>> >>>> job->hash_start_src_offset_in_bytes = auth_start_offset(op, >>>> - session, oop); >>>> + session, oop, auth_off_in_bytes, >>>> + ciph_off_in_bytes, auth_len_in_bytes, >>>> + ciph_len_in_bytes); >>>> + job->msg_len_to_hash_in_bytes = auth_len_in_bytes; >>>> + >>>> + job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, >>>> + session->iv.offset); >>>> + break; >>>> +#endif >>>> + >>>> + default: >>>> + job->hash_start_src_offset_in_bytes = auth_start_offset(op, >>>> + session, oop, op->sym->auth.data.offset, >>>> + op->sym->cipher.data.offset, >>>> + op->sym->auth.data.length, >>>> + op->sym->cipher.data.length); >>>> job->msg_len_to_hash_in_bytes = op->sym->auth.data.length; >>>> >>>> >>>> job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, >>>> session->iv.offset); >>>> } >>>> >>>> >>>> + switch (job->cipher_mode) { >>>> #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM >>>> - if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) >>>> - job->msg_len_to_cipher_in_bytes >>= 3; >>>> - else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1) >>>> - job->msg_len_to_hash_in_bytes >>= 3; >>>> + /* ZUC requires length and offset in bytes */ >>>> + case IMB_CIPHER_ZUC_EEA3: >>>> + job->cipher_start_src_offset_in_bytes = >>>> + op->sym->cipher.data.offset >> 3; >>>> + job->msg_len_to_cipher_in_bytes = >>>> + op->sym->cipher.data.length >> 3; >>>> + break; >>>> + /* ZUC and SNOW3G require length and offset in bits */ >>>> + case IMB_CIPHER_SNOW3G_UEA2_BITLEN: >>>> + case IMB_CIPHER_KASUMI_UEA1_BITLEN: >>>> + job->cipher_start_src_offset_in_bits = >>>> + op->sym->cipher.data.offset; >>>> + job->msg_len_to_cipher_in_bits = >>>> + op->sym->cipher.data.length; >>>> + break; >>>> #endif >>>> + case IMB_CIPHER_CCM: >>>> + case IMB_CIPHER_GCM: >>>> + case IMB_CIPHER_CHACHA20_POLY1305: >>>> + job->cipher_start_src_offset_in_bytes = >>>> + op->sym->aead.data.offset; >>>> + job->msg_len_to_cipher_in_bytes = op->sym- >>>> aead.data.length; >>>> + break; >>>> + default: >>>> + job->cipher_start_src_offset_in_bytes = >>>> + op->sym->cipher.data.offset; >>>> + job->msg_len_to_cipher_in_bytes = op->sym- >>>> cipher.data.length; >>>> + } >>>> >>>> >>>> /* Set user data to be crypto operation data struct */ >>>> job->user_data = op; >>> >>> This breaks the build on Ubuntu 20.04: >>> >>> [ 1944s] ../drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c: In function >>> ‘set_mb_job_params’: >>> [ 1944s] ../drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c:1526:7: error: >>> ‘IMB_CIPHER_GCM’ undeclared (first use in this function) [ 1944s] 1526 | case >>> IMB_CIPHER_GCM: >>> [ 1944s] | ^~~~~~~~~~~~~~ >>> [ 1944s] ../drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c:1526:7: note: each >>> undeclared identifier is reported only once for each function it appears in [ >>> 1944s] ../drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c:1527:31: error: >>> ‘IMB_CIPHER_NULL’ undeclared (first use in this function) >>> [ 1944s] 1527 | if (session->cipher.mode == IMB_CIPHER_NULL) { >>> [ 1944s] | ^~~~~~~~~~~~~~~ >>> [ 1944s] ../drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c:1538:7: error: >>> ‘IMB_CIPHER_CCM’ undeclared (first use in this function) [ 1944s] 1538 | case >>> IMB_CIPHER_CCM: >>> [ 1944s] | ^~~~~~~~~~~~~~ >>> [ 1944s] ../drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c:1539:7: error: >>> ‘IMB_CIPHER_CHACHA20_POLY1305’ undeclared (first use in this function); did >>> you mean ‘RTE_CRYPTO_AEAD_CHACHA20_POLY1305’? >>> [ 1944s] 1539 | case IMB_CIPHER_CHACHA20_POLY1305: >>> [ 1944s] | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ >>> [ 1944s] | RTE_CRYPTO_AEAD_CHACHA20_POLY1305 >>> >>> https://build.opensuse.org/package/live_build_log/home:bluca:dpdk/dpdk- >>> 20.11/Ubuntu_20.04/x86_64 >> >> Apologies, I did not see this till today. I don't think this patch is actually breaking the build. >> To me, it looks like an environment issue (IMB_CIPHER_GCM for instance is already present in the code). >> I wonder if that system has the right version of IPSec Multi buffer library. >> Only versions from v1.0 onwards are supported. >> >> Thanks, >> Pablo > > In 20.11 ipsec-mb v0.52.0 and over are supported: > > https://git.dpdk.org/dpdk-stable/tree/drivers/crypto/aesni_mb/meson.build?h=20.11#n4 > > If this patch requires a new version and breaks backward > compatibility, then it does not appear to be not suitable for > backporting. > +1 Just to confirm for 21.11 there was already a dependency of 1.0.0, so patches would be suitable for it.