ipsec-secgw: fix AES-CTR block size in legacy mode

Message ID 20190305144041.88771-1-roy.fan.zhang@intel.com
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series
  • ipsec-secgw: fix AES-CTR block size in legacy mode
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/intel-Performance-Testing success Performance Testing PASS
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Fan Zhang March 5, 2019, 2:40 p.m.
This patch fixes the incorrect block size for AES-CTR in
legacy mode. Originally, wrong block size will cause
esp_inbound() drop AES-CTR encrypted packets if the payload
sizes not equal to multiple times of 16.

Fixes: 4470c22de2e1 ("examples/ipsec-secgw: add AES-CTR")
Cc: stable@dpdk.org

Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
---
 examples/ipsec-secgw/sa.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Ananyev, Konstantin March 6, 2019, 10:08 a.m. | #1
> -----Original Message-----
> From: Zhang, Roy Fan
> Sent: Tuesday, March 5, 2019 2:41 PM
> To: dev@dpdk.org
> Cc: akhil.goyal@nxp.com; Zhang, Roy Fan <roy.fan.zhang@intel.com>; Ananyev, Konstantin <konstantin.ananyev@intel.com>;
> stable@dpdk.org
> Subject: [PATCH] ipsec-secgw: fix AES-CTR block size in legacy mode
> 
> This patch fixes the incorrect block size for AES-CTR in
> legacy mode. Originally, wrong block size will cause
> esp_inbound() drop AES-CTR encrypted packets if the payload
> sizes not equal to multiple times of 16.
> 
> Fixes: 4470c22de2e1 ("examples/ipsec-secgw: add AES-CTR")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---
>  examples/ipsec-secgw/sa.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 414fcd26c..93e3620bc 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -80,7 +80,7 @@ const struct supported_cipher_algo cipher_algos[] = {
>  		.keyword = "aes-128-ctr",
>  		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
>  		.iv_len = 8,
> -		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
> +		.block_size = 4,
>  		.key_len = 20
>  	},
>  	{
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.14.5
Akhil Goyal March 19, 2019, 1:45 p.m. | #2
On 3/5/2019 8:10 PM, Fan Zhang wrote:
> This patch fixes the incorrect block size for AES-CTR in
> legacy mode. Originally, wrong block size will cause
> esp_inbound() drop AES-CTR encrypted packets if the payload
> sizes not equal to multiple times of 16.
>
> Fixes: 4470c22de2e1 ("examples/ipsec-secgw: add AES-CTR")
> Cc: stable@dpdk.org
>
> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
> ---
>   examples/ipsec-secgw/sa.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 414fcd26c..93e3620bc 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -80,7 +80,7 @@ const struct supported_cipher_algo cipher_algos[] = {
>   		.keyword = "aes-128-ctr",
>   		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
>   		.iv_len = 8,
> -		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
> +		.block_size = 4,
>   		.key_len = 20
>   	},
>   	{
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>

Title should be examples/ipsec-secgw:...
Will correct it while merging
Akhil Goyal March 19, 2019, 2:05 p.m. | #3
On 3/19/2019 7:15 PM, Akhil Goyal wrote:
>
> On 3/5/2019 8:10 PM, Fan Zhang wrote:
>> This patch fixes the incorrect block size for AES-CTR in
>> legacy mode. Originally, wrong block size will cause
>> esp_inbound() drop AES-CTR encrypted packets if the payload
>> sizes not equal to multiple times of 16.
>>
>> Fixes: 4470c22de2e1 ("examples/ipsec-secgw: add AES-CTR")
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Fan Zhang <roy.fan.zhang@intel.com>
>> ---
>>    examples/ipsec-secgw/sa.c | 2 +-
>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
>> index 414fcd26c..93e3620bc 100644
>> --- a/examples/ipsec-secgw/sa.c
>> +++ b/examples/ipsec-secgw/sa.c
>> @@ -80,7 +80,7 @@ const struct supported_cipher_algo cipher_algos[] = {
>>    		.keyword = "aes-128-ctr",
>>    		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
>>    		.iv_len = 8,
>> -		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
>> +		.block_size = 4,
>>    		.key_len = 20
>>    	},
>>    	{
> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
>
> Title should be examples/ipsec-secgw:...
> Will correct it while merging
Applied to dpdk-next-crypto

Thanks.

Patch

diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 414fcd26c..93e3620bc 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -80,7 +80,7 @@  const struct supported_cipher_algo cipher_algos[] = {
 		.keyword = "aes-128-ctr",
 		.algo = RTE_CRYPTO_CIPHER_AES_CTR,
 		.iv_len = 8,
-		.block_size = 16, /* XXX AESNI MB limition, should be 4 */
+		.block_size = 4,
 		.key_len = 20
 	},
 	{