From patchwork Mon Mar 11 02:49:38 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Chaoyong He X-Patchwork-Id: 138146 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 8754C43C7F; Mon, 11 Mar 2024 03:50:09 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 962CA402DF; Mon, 11 Mar 2024 03:50:04 +0100 (CET) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2112.outbound.protection.outlook.com [40.107.237.112]) by mails.dpdk.org (Postfix) with ESMTP id 93D71402D8; Mon, 11 Mar 2024 03:50:02 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jV4/wdLghv1JBbeuJ3/1fZeytn8455zljPddgNYYhPefTd+fEA0JyqFbl7CW26C3g4H4SiZxudMpSv9lr+J/fdFPzsP3JMZSwZLQS2+Xez/Spq/6VoC06MdiFdNZBFNxrurQ8/2F4vf7VnkA5V9U1tO0Hf5DWca9+QxH52DsGZhDaG3Kb1SHFwInaucif49GbvxSXCCmVnf7bUE9awULNaQDiXY53XI8VvogpKlC7iPjxCjVmbwYTC0UWDvnhmtTWlXvEzq/HxM9goKFZ0ywq6gl9NOOXqHJ8e/401Kclv2y0C+cQVh9QZaFnwhM8g20lon4wnLVIrGynRw0opQETA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jo/isiK0RbYpR/lKLIAOe9kkiaht5GCDZAQ5hdKoGLg=; b=LYJRXfdBmecjbqRAlFMJvrP9e+CixNo2GBwdUaOZ22zTeHQ4qU0efCt+CsJbSZD26GPK+e2xPFfWpc3lNJauou76n2VlFuYFkuPSUNX6Fvnvo9ldapR1ZRAYI0LUnY7EZJPab6LrWCPAtdztLNYJOdsr9eX07HNMSPyABGLDJScSl6y+yW10BE6hAJce4zkbCKhB7NG2FQsovT1K7cn+rk38z/5UCg/9cy21/90xEvJWDnyXiePPGJoNzjUDOthc/o4z0oVYjGfCsTXzL4FhkEj2Dre1l6NFDwRbMN5HPecV+EAPd+vulbnx52elwe/1hVNFiVcwpjOZL4HOndF3/w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com; dkim=pass header.d=corigine.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jo/isiK0RbYpR/lKLIAOe9kkiaht5GCDZAQ5hdKoGLg=; b=njH9jywFNMgR8q2xFCA4vnKZUCfpm0cqUad4aYuNIUBEcTxdSLghNbemvEXz1Z7uIvZZLvPGXubC/N2BWkmOOFY2faNrnVGY4Dvz7mmwoMlpMKO3ZnF2gKh6X5Kt4Wh7LiVofwk32wje+UdctdsZw7XuiKkWsoVqGMdkbmIx8oI= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=corigine.com; Received: from SJ0PR13MB5545.namprd13.prod.outlook.com (2603:10b6:a03:424::5) by PH7PR13MB6244.namprd13.prod.outlook.com (2603:10b6:510:247::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.33; Mon, 11 Mar 2024 02:50:00 +0000 Received: from SJ0PR13MB5545.namprd13.prod.outlook.com ([fe80::ec12:7411:559a:850e]) by SJ0PR13MB5545.namprd13.prod.outlook.com ([fe80::ec12:7411:559a:850e%5]) with mapi id 15.20.7339.035; Mon, 11 Mar 2024 02:50:00 +0000 From: Chaoyong He To: dev@dpdk.org Cc: oss-drivers@corigine.com, Shihong Wang , stable@dpdk.org, Chaoyong He Subject: [PATCH 1/2] examples/ipsec-secgw: fix SA salt endianness problem Date: Mon, 11 Mar 2024 10:49:38 +0800 Message-Id: <20240311024939.2523778-2-chaoyong.he@corigine.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20240311024939.2523778-1-chaoyong.he@corigine.com> References: <20240311024939.2523778-1-chaoyong.he@corigine.com> X-ClientProxiedBy: PH1PEPF000132E8.NAMP220.PROD.OUTLOOK.COM (2603:10b6:518:1::28) To SJ0PR13MB5545.namprd13.prod.outlook.com (2603:10b6:a03:424::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR13MB5545:EE_|PH7PR13MB6244:EE_ X-MS-Office365-Filtering-Correlation-Id: f8ea460e-95f0-494a-e61c-08dc4175f195 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pDbBqHOKpr+DRNiD4VEY1IJqx0vaOfCZ4kMvQ3HsaHHgpWmotaTzvTef1JaUrzfo8OzBBLHMMdeaeC/hXKZtOoXCqSztuRPUSySOa6M1psuk4bOmcIId4tI3+UFELRMuEI4VOLTROOBNObN3+Mu/CNUIQtXR3PDWj9x/6Thi7UNnehnhW82yLPAJqyfMcLiYiMck94u+ygm6+JIoFhfOX3F/QCr07NbkPSbBkKV6el2LAT+AgROzrRCZsnxycBUiaKTPVmVmyP47XxUA4Y/5TiieqQoc+HuwpCkheyaadbmyoL/oPVH/zkVj4BZs/6agj3f2oKzbp/fTYgJhpuIHn7n1tnicxGrJY7LYLHqlAzwMjrXTWsE75t081Rt/sDzisojcsUnkgJ6jFkiQkTUFCP0vE9VRZs5LaOd04xIXLLk3/UoUCXoHCQl+c0Pg+HpXnjFGyGSENZneRN66c0Q+G0qYULMu45ks/xtMELkHfUhT6qBq5gte03lI4UF0qoi/CScUuKsWEym9IwF7XcSL+8mSUlDMH6MSd+ekL3eQHnPtZNO15UFz/d+lJn85q4UDrwgs3cDzMHOyPoWiKYn6XU9TnNusUmjCEQQ/hzFzL/O1xbUE2j2Xd8X8VURHLm0OL00P1MAXi/0ay51s1/OLtxKa4YyS316c567Kc9UCHhS6jUKsVU2XY5cFRfaoqCk/IuFdsZkZ9yd+7axfsuJ668aqk7M8zIa8k+t9rECEmQ8= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR13MB5545.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(52116005)(38350700005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?1Kf/dCxshaG9K5thfRXewoED9ImR?= =?utf-8?q?VCNVAtRX6Uaq5W8QndEy7/8TUKdtMbijzyr5ahI4aqNd5e1a2kgVOGjTrFQ0vRXmc?= =?utf-8?q?XrxhxT3PUxN5FTBxTHTRmQl99ulVLHy72mZBnBjWB5ImLGBvrGU670O46ifP5SpH3?= =?utf-8?q?5IqZ+bwuZ3eZXn/5Z4vUPGKczu2eLn2ySlgF4l6g+OtdccshQA2fTRZPEb2aGYYRy?= =?utf-8?q?JHkAh0FJDIXRtOZCL3zyQ161fVZ/jw6mf8ZDay8eicSHIHN+e2wXq0IKtpMN7RoSQ?= =?utf-8?q?+grNcW0b9Ev9MHDo7EtzWhVamAWxTcBAAZNGENL2S683BJORkzl3ybGzZEFT3Al8M?= =?utf-8?q?V8TNUOqlL1NB3fSMGzViK16zK82PX9xGOJg36YVIK196Yz9O0i0I0hfynWopuhz6G?= =?utf-8?q?C3spN/3hDBfZ3yBcJ4gmqx3dRk01CpHnzXmXGjy49dCnAJbWm27xblvP2cE6c5Qn/?= =?utf-8?q?LBrI7CPNLbK7yOK7VChIwjhuxs9aqpdfP5YQ/Dm9O6aMD6T82gn2MnOlF+MB5A/8I?= =?utf-8?q?S08wPsOAn5ZHVk2TGi0sAD0mGtCe3i5BCJl3ubbd8XiyrSASBXA6IHlPdLCD0IvGV?= =?utf-8?q?bWorh8cJTbw4qn2IrMsNSXXqo1IAXJ2f7f1vyEOcd5dO+1AND/3nJYxH0RO6HiTcu?= =?utf-8?q?UKIdH01LtWqQM4hWU5R+rDCmwWXfqXi42KsI9eFNgfO7s7SDt5ucedSznVTpcRXzm?= =?utf-8?q?hhRJYG+AMizPts9lnL15F0X+rIAl8J4L/YbHCenhcVjIJ4MRuoaeOte5Rc6Xg/san?= =?utf-8?q?BA0EmES03nuTlyXdG3V0eaPfHp7eBaaMtfbkK9tRnj9Nxfhw5AENzz5h4rPUSEVDw?= =?utf-8?q?SbM8XhvcLZlk4YkTn2JH+/3P1ZxN4+mKvsoGp/OP4rxhMC4FrhOpAHdH4Wj2nC2Oa?= =?utf-8?q?41MrrmfLIF6SaORUfS0410dbsrRDMI6say4qt9ckDwgxkoyESv/dHZ7YcDOZ5Sew7?= =?utf-8?q?xfmVEC2RzfugdhW4vQ2P5oBlx/bIS5Rt8p0UdVxZAVMJkAvgFDZU+s7+iVsOea6fl?= =?utf-8?q?ElDMQjN/kmihP8V0Kyjr+yRC4HjPDYucvqhd/nF+VFFlG+ay+435d++S79j6e2z6i?= =?utf-8?q?E3LcuelpyDfupnWAhHpdkjTXeGR1z0lKwNoeIU0LgwPkp8P2bWAC/euiEC2/keak6?= =?utf-8?q?/zmM02GZWjAh4155IdGJesP8Or6wXEAaZKULOKJ1cWCzynGVhtOUe4srMBXXn94wg?= =?utf-8?q?STaqBVSFaKJjSM7a4hm64fQ1BIH3/NQWtVPuLZqfgkuZs+gE7XbM6I90sV/JNuozw?= =?utf-8?q?/UUK7v/0794Pc6AgJNQkPmVLZA4fcSaRULOXSemWSAGJKoEk4uDcdZkK2MitKNbaD?= =?utf-8?q?vLwFdaxoPQr7YUzULRqyZRGUWal3o3wW//+l2ovseZfOVsmQ3iap1xVx0XRcqII0+?= =?utf-8?q?YBmr+fgN9nUo1hD/74XqK6Qj+H5qK8AdZBrzWZhOKiuGb90zThvL65PIyRvAqTwgH?= =?utf-8?q?KbPFxMaSZfxZvgYaXJWUvAWTq1nHC7W3TIkcpogIqA43mevZtS6iM/B9ImkuzCdit?= =?utf-8?q?voqoeBgn9sC0iY/qOjwQTFh8tRr7rBLTGQ=3D=3D?= X-OriginatorOrg: corigine.com X-MS-Exchange-CrossTenant-Network-Message-Id: f8ea460e-95f0-494a-e61c-08dc4175f195 X-MS-Exchange-CrossTenant-AuthSource: SJ0PR13MB5545.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2024 02:50:00.3177 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fe128f2c-073b-4c20-818e-7246a585940c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZE7niLe7yDbTDfp+5pdjWYg9fKyxFJIEWZDJfqTwgL7RGn7IDOOTujUXi3fLe7FrjRiqOv45OexJFHLP6GkGQ1R7rbcSAXmat87SaPTr9wA= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR13MB6244 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Shihong Wang The SA salt of struct ipsec_sa is a CPU-endian u32 variable, but it’s value is stored in an array of encryption or authentication keys according to big-endian. So it maybe need to convert the endianness order to ensure that the value assigned to the SA salt is CPU-endian. Fixes: 50d75cae2a2c ("examples/ipsec-secgw: initialize SA salt") Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms") Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters") Cc: stable@dpdk.org Signed-off-by: Shihong Wang Reviewed-by: Chaoyong He --- examples/ipsec-secgw/sa.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index c4bac17cd7..4018b0558a 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -374,6 +374,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, uint32_t ti; /*token index*/ uint32_t *ri /*rule index*/; struct ipsec_sa_cnt *sa_cnt; + rte_be32_t salt; /*big-endian salt*/ uint32_t cipher_algo_p = 0; uint32_t auth_algo_p = 0; uint32_t aead_algo_p = 0; @@ -508,8 +509,9 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) { key_len -= 4; rule->cipher_key_len = key_len; - memcpy(&rule->salt, + memcpy(&salt, &rule->cipher_key[key_len], 4); + rule->salt = rte_be_to_cpu_32(salt); } cipher_algo_p = 1; @@ -573,8 +575,9 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, key_len -= 4; rule->auth_key_len = key_len; rule->iv_len = algo->iv_len; - memcpy(&rule->salt, + memcpy(&salt, &rule->auth_key[key_len], 4); + rule->salt = rte_be_to_cpu_32(salt); } auth_algo_p = 1; @@ -632,8 +635,9 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens, key_len -= 4; rule->cipher_key_len = key_len; - memcpy(&rule->salt, + memcpy(&salt, &rule->cipher_key[key_len], 4); + rule->salt = rte_be_to_cpu_32(salt); aead_algo_p = 1; continue; From patchwork Mon Mar 11 02:49:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chaoyong He X-Patchwork-Id: 138147 X-Patchwork-Delegate: ferruh.yigit@amd.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AEF2243C7F; Mon, 11 Mar 2024 03:50:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A70A840685; Mon, 11 Mar 2024 03:50:06 +0100 (CET) Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2100.outbound.protection.outlook.com [40.107.237.100]) by mails.dpdk.org (Postfix) with ESMTP id CC12C402DF; Mon, 11 Mar 2024 03:50:03 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=c30ZFlp5dQ0PQC2Y928Tl/SAZhlESqX/I17KDw36hfVFIEi50L8+sVs935LgefrFO1ngHAPT+AgnJElCN/6NJaRenbUmNYrL0DbfcYFRgkAFF2VTTQhInRiH1sQX6+d0NZ7u7Qmi9e5NpYAx32s8h5uJFQO+b5Bc2Gu2XlaaD3R5UDIkd1GDf2UVDsL4CZ8Edj54X/QQh12AeBTajgAmJe48Tiyqm68DY4+crdpSMtZ7+vjmu7g4Yhwrb4spB4o4ue1vzYV1p8KwA+Dcl+1gPG4bu6rVVge4xJBprrIqG0eOz7lTniJVnfMKYwyybbluUpOZ4pdG8nCZymOSCOOtLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UJKfLTxuE7TdJkGGWmJtyJjelDKXDbQAgwlspSYBgVk=; b=gzBvJISiZuk+nSPqh3kTUUOdy/4Xi7nVyNjbyQKWW6vPXdWVQWkwr04iDDe+5H1g2fqOjEziEuTYUlpTVlupFEOWzPJLUdg3rRJ0ianP66BARhG6BvS2MHNnE7OsC2oNflyaoCXsKsHmsh6rhPWQMkQ0UBEAMci4WSuhSEJzAic0hoa9WyeTTx6yxw3QUlyKghqOwAudLbP68lAaqeZysv2O/f8hPxshU+/X3mrJL3FKwPC3yJDtNfi8cTdhBpaCsljll9KC5LQt56wtYZvg/5GtNytVNmsi2Pck3fQkhldx079M8V5R9HAFg5nFseK18i2l2yziofA4IKZPul77qQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=corigine.com; dmarc=pass action=none header.from=corigine.com; dkim=pass header.d=corigine.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=corigine.onmicrosoft.com; s=selector2-corigine-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UJKfLTxuE7TdJkGGWmJtyJjelDKXDbQAgwlspSYBgVk=; b=Ndw0widf4VB2iMf0fzQcf1Wf/E5/jkoLBb/wEw2QgqDYVBua2xzI+xjLx1JxCnJmexiHkUSrdM+V22ag0Qjoa3g5XkEpGerV0vLI48My1Tt9BPC1mjwU2mZ/KFXG3lcvDpo7Yo0Jj7Lqh/C0PCMAhcj3f9e84CE58T1CkrWnmxk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=corigine.com; Received: from SJ0PR13MB5545.namprd13.prod.outlook.com (2603:10b6:a03:424::5) by PH7PR13MB6244.namprd13.prod.outlook.com (2603:10b6:510:247::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7362.33; Mon, 11 Mar 2024 02:50:02 +0000 Received: from SJ0PR13MB5545.namprd13.prod.outlook.com ([fe80::ec12:7411:559a:850e]) by SJ0PR13MB5545.namprd13.prod.outlook.com ([fe80::ec12:7411:559a:850e%5]) with mapi id 15.20.7339.035; Mon, 11 Mar 2024 02:50:02 +0000 From: Chaoyong He To: dev@dpdk.org Cc: oss-drivers@corigine.com, Shihong Wang , stable@dpdk.org, Chaoyong He Subject: [PATCH 2/2] net/nfp: fix data endianness problem Date: Mon, 11 Mar 2024 10:49:39 +0800 Message-Id: <20240311024939.2523778-3-chaoyong.he@corigine.com> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20240311024939.2523778-1-chaoyong.he@corigine.com> References: <20240311024939.2523778-1-chaoyong.he@corigine.com> X-ClientProxiedBy: PH1PEPF000132E8.NAMP220.PROD.OUTLOOK.COM (2603:10b6:518:1::28) To SJ0PR13MB5545.namprd13.prod.outlook.com (2603:10b6:a03:424::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ0PR13MB5545:EE_|PH7PR13MB6244:EE_ X-MS-Office365-Filtering-Correlation-Id: 1f922fbb-7e5d-4e24-fb48-08dc4175f2cc X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YW0irBcJOa0fzCVeZASG14kEG2k39Cg59YBYqCEEQsDvNrwaBiF0IP7Zbgu2b6komQf5a7WaDmPdCx/nqNuWWGDR2f5qbckMLNBZpgxFSXNlonwCl/DqrFI/TaTdUK9XGfwelir/qHJC8vJvDDWgCDFc3BJXYURCiFoNnA5Skxx6ERSdLKQWlLQW/kJ1J4Eos0CxSQ0f3GnHJU3g0mSZS4ojg1bPcXDZmo4zCx7vl/hF2OXKlbDvavwMM+WkEW2LkWSndxenUBhHiELSGUKyKsXShw6L1cGU9JEIfjVgv5JlTnjF8XEjDyCVrVHoAP6SEQa2Bgy0b/LL5u+0/nJIuHWJPjm1Tjj5ILM8vseX+JjyZoMYu/HQ2ZVeldlzr6M8n9EX6fu/ruvQDI8OaMWvYpVxTSvX7dCDaEqvYX0CrEAWdUTEgFdVNi5JrxvB43CHLNP9rhKFzM0rOev00JKzr8HcDfpcWLDgYz22k66rBwvBp3uts+z8SkSkGKaMSGA5KNCwl6x54v0wGqP7KHmdJi/o+C3ICbTnrcQF2qhxNPqSOMzaDIIkYUcN1RUYeuOc6nVYmMeZcyOMMRWKpb8eNmGOG5V5oLc2N78jR8ADt0F8+KuZVi1gSe4T7cNtMPfU4sp1YecHuM7vGb10KBsIRyWM4INhCBfOuKj1VtBLMypeYdr3eLxnHvRwYB55S62dtitdY0vmUeEQYikc0x4jrAt8CHlAD2gaCDP/XaxOoB4= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR13MB5545.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376005)(1800799015)(52116005)(38350700005); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: aNXItK8K/UvNVcKi7ga2N9XOLC0jMHsGvAJP4hWUkcdfAWc54zK0+MBJGTlXmCzgNznoN61OK083j+nARM0MsWjXp8XSGEHyj+aSqSBBfPsHA+5pbLSjDcnLMf3VlMHjISTkZ2qgiKieMTaNIRDaV47sMJrlLjn8bhEJSHoYsFpcOHgbjfr4Sd9SjaMiiXyvTCRoQxcWdlZuWoqxeAof/nHYFO8He/5tUzxrrjXHFeO/x5H8DjMwmfElCGnlohAQ0pcJC3zK39cc5nR9hiC7CeNjSz5CMt6uGtXDSngu7V8hOKAk3SXyHMYiVBRtGr58r4PvM5nUpn+aA4n6tZ+Gz65p5IJfLmRzmQo31aKzfSKCfa3W8d+aTZ0EzHAFroBJZ5oyxXiquIGb9FQZXUilqr3fHjxaXN30Lg68ddXgIZVU1DCq6//ooeM3UwJHxoasry5lu8qaAz04atQth4/H2ycfmH8k+gIVDUDe/+iSx3e7ddch0eIhm3aWomlaGWa4GMd5MQsD+NIfbUAQBxbT+zcZH2suCS3QYa2J+ADuzzaxPVGqnEP50M8MwAuhX9yh5M+4Wa13ANKzxlXy7pac4Ki6BbBDooI/SOono1+obG6yNVg7U+6a/8KrrGqZbRfXHs1M/sxy6DUSiJWWMvHfaoownLvnrK+UYln+LscEMXEuqK3/QIz2+U4CAMdgV9JVycWWWlMOYzVNq4Bmp+xFSOq80Iuhlg796jQz29S+2+KiLgq+850nfz+JPBgziNoT/mhFBJpxQlqs1jvu8zorCiypUwWhRgakgiswHBFSPieFnQRRRc7mwVW2ZW4D631/rqt+FZZDlEOrW5yxJfsPRxxpwRMNgIDxenhDXZKq1ZTBDcqI4+NbS1R6hqZLtT9s9rYvUVvcUyF942oX/o1a5NkVCZZBkIddEnaWSigcJYKZW1c8i/eGyJ/Au9EZwNx5dF9Cqwc45aA8iwu+/+HZipMaGJt3Fllw4+j5FaXAUkWVMW041XpjzuQg3vRfbxDDo1UxMo9qVee5JNsp2V/OO7JBayn0Oz84XSIrjDNkh1Zp+GimzhA6Xj8TbouYW/V62GJRSWyZ6fWpVkyVheYm4tM5xxyORsQFo2BhM4d+b3lUIP6c497KKTlIRwTbqsephm4iHFE3O0n7IlEIBdGohxFnXbrZy0jEKRlD9vqQGwZlOzw9c9SI8whGOLVDv6v+nZU0NAzbixU+qSRz+6aX7fIXragiIceE1hd+CMVcBjkV83hh63gEZJC0MNTwzkuLFsfuC0LmA9ilksNYb59BFICSbZMwN9VJkGgWTl6JLbWGdzXetacNbZ8/3h1jMd1OUwNwss5CZSDUmbelZOcHzuM3IBp7SsziGDDyUGennlsJa2oPV7h6u4JboBmTsYR+QW4yxrOrorBVp6cHvghArDk5JgfJ++DOhyBXCSLbzr9/j2Ffl2sFe8dz7h8PVKEoJEhOEP6tnaKDRY+dUaMEfz0erG7t+USKsXvi0sU4iDB4K3UIpwbzVzm/aLEZAZvWUArxr6cYy6bMXGNRVx/R1T77sG92fR8uJdKuZWHJhoObP+MuVKMr3j9lQ75HbTL9o/RxZfFLkMZpL2qySFXL/w== X-OriginatorOrg: corigine.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1f922fbb-7e5d-4e24-fb48-08dc4175f2cc X-MS-Exchange-CrossTenant-AuthSource: SJ0PR13MB5545.namprd13.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Mar 2024 02:50:02.3458 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fe128f2c-073b-4c20-818e-7246a585940c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: wxUwzDHkeMa2PDarLVk8+mFcF1qS1ciGpn5ZyIfmqt5VelS/zfisrS3+Nx5M6oEXYHfFs2wKxgAmQayRAcxvymE/fwEKeIM9xwD3jznqc9c= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR13MB6244 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Shihong Wang The algorithm key of the security framework is stored in the u8 array according to big-endian, and the driver algorithm key is CPU-endian of u32, so it maybe need to convert the endianness order to ensure that the value assigned to the driver is CPU-endian. This patch removes the operation of converting IPsec Tx metadata to big-endian to ensure that IPsec Tx metadata is CPU-endian. Fixes: 547137405be7 ("net/nfp: initialize IPsec related content") Fixes: 3d21da66c06b ("net/nfp: create security session") Fixes: 310a1780581e ("net/nfp: support IPsec Rx and Tx offload") Cc: stable@dpdk.org Signed-off-by: Shihong Wang Reviewed-by: Chaoyong He --- drivers/net/nfp/nfp_ipsec.c | 72 +++++++++++++++++++++++-------------- drivers/net/nfp/nfp_ipsec.h | 9 ++--- 2 files changed, 47 insertions(+), 34 deletions(-) diff --git a/drivers/net/nfp/nfp_ipsec.c b/drivers/net/nfp/nfp_ipsec.c index 0b815fa983..8824533656 100644 --- a/drivers/net/nfp/nfp_ipsec.c +++ b/drivers/net/nfp/nfp_ipsec.c @@ -20,6 +20,7 @@ #include "nfp_rxtx.h" #define NFP_UDP_ESP_PORT 4500 +#define NFP_ESP_IV_LENGTH 8 static const struct rte_cryptodev_capabilities nfp_crypto_caps[] = { { @@ -523,7 +524,8 @@ nfp_aesgcm_iv_update(struct ipsec_add_sa *cfg, char *save; char *iv_b; char *iv_str; - uint8_t *cfg_iv; + const rte_be32_t *iv_value; + uint8_t cfg_iv[NFP_ESP_IV_LENGTH]; iv_str = strdup(iv_string); if (iv_str == NULL) { @@ -531,8 +533,6 @@ nfp_aesgcm_iv_update(struct ipsec_add_sa *cfg, return; } - cfg_iv = (uint8_t *)cfg->aesgcm_fields.iv; - for (i = 0; i < iv_len; i++) { iv_b = strtok_r(i ? NULL : iv_str, ",", &save); if (iv_b == NULL) @@ -541,8 +541,9 @@ nfp_aesgcm_iv_update(struct ipsec_add_sa *cfg, cfg_iv[i] = strtoul(iv_b, NULL, 0); } - *(uint32_t *)cfg_iv = rte_be_to_cpu_32(*(uint32_t *)cfg_iv); - *(uint32_t *)&cfg_iv[4] = rte_be_to_cpu_32(*(uint32_t *)&cfg_iv[4]); + iv_value = (const rte_be32_t *)(cfg_iv); + cfg->aesgcm_fields.iv[0] = rte_be_to_cpu_32(iv_value[0]); + cfg->aesgcm_fields.iv[1] = rte_be_to_cpu_32(iv_value[1]); free(iv_str); } @@ -583,7 +584,7 @@ nfp_aead_map(struct rte_eth_dev *eth_dev, uint32_t offset; uint32_t device_id; const char *iv_str; - const uint32_t *key; + const rte_be32_t *key; struct nfp_net_hw *net_hw; net_hw = eth_dev->data->dev_private; @@ -633,7 +634,7 @@ nfp_aead_map(struct rte_eth_dev *eth_dev, return -EINVAL; } - key = (const uint32_t *)(aead->key.data); + key = (const rte_be32_t *)(aead->key.data); /* * The CHACHA20's key order needs to be adjusted based on hardware design. @@ -645,16 +646,22 @@ nfp_aead_map(struct rte_eth_dev *eth_dev, for (i = 0; i < key_length / sizeof(cfg->cipher_key[0]); i++) { index = (i + offset) % (key_length / sizeof(cfg->cipher_key[0])); - cfg->cipher_key[index] = rte_cpu_to_be_32(*key++); + cfg->cipher_key[index] = rte_be_to_cpu_32(key[i]); } /* - * The iv of the FW is equal to ESN by default. Reading the - * iv of the configuration information is not supported. + * The iv of the FW is equal to ESN by default. Only the + * aead algorithm can offload the iv of configuration and + * the length of iv cannot be greater than NFP_ESP_IV_LENGTH. */ iv_str = getenv("ETH_SEC_IV_OVR"); if (iv_str != NULL) { iv_len = aead->iv.length; + if (iv_len > NFP_ESP_IV_LENGTH) { + PMD_DRV_LOG(ERR, "Unsupported length of iv data"); + return -EINVAL; + } + nfp_aesgcm_iv_update(cfg, iv_len, iv_str); } @@ -671,7 +678,7 @@ nfp_cipher_map(struct rte_eth_dev *eth_dev, int ret; uint32_t i; uint32_t device_id; - const uint32_t *key; + const rte_be32_t *key; struct nfp_net_hw *net_hw; net_hw = eth_dev->data->dev_private; @@ -705,14 +712,14 @@ nfp_cipher_map(struct rte_eth_dev *eth_dev, return -EINVAL; } - key = (const uint32_t *)(cipher->key.data); + key = (const rte_be32_t *)(cipher->key.data); if (key_length > sizeof(cfg->cipher_key)) { PMD_DRV_LOG(ERR, "Insufficient space for offloaded key"); return -EINVAL; } for (i = 0; i < key_length / sizeof(cfg->cipher_key[0]); i++) - cfg->cipher_key[i] = rte_cpu_to_be_32(*key++); + cfg->cipher_key[i] = rte_be_to_cpu_32(key[i]); return 0; } @@ -807,7 +814,7 @@ nfp_auth_map(struct rte_eth_dev *eth_dev, uint32_t i; uint8_t key_length; uint32_t device_id; - const uint32_t *key; + const rte_be32_t *key; struct nfp_net_hw *net_hw; if (digest_length == 0) { @@ -854,7 +861,7 @@ nfp_auth_map(struct rte_eth_dev *eth_dev, return -EINVAL; } - key = (const uint32_t *)(auth->key.data); + key = (const rte_be32_t *)(auth->key.data); key_length = auth->key.length; if (key_length > sizeof(cfg->auth_key)) { PMD_DRV_LOG(ERR, "Insufficient space for offloaded auth key!"); @@ -862,7 +869,7 @@ nfp_auth_map(struct rte_eth_dev *eth_dev, } for (i = 0; i < key_length / sizeof(cfg->auth_key[0]); i++) - cfg->auth_key[i] = rte_cpu_to_be_32(*key++); + cfg->auth_key[i] = rte_be_to_cpu_32(key[i]); return 0; } @@ -902,7 +909,7 @@ nfp_crypto_msg_build(struct rte_eth_dev *eth_dev, return ret; } - cfg->aesgcm_fields.salt = rte_cpu_to_be_32(conf->ipsec.salt); + cfg->aesgcm_fields.salt = conf->ipsec.salt; break; case RTE_CRYPTO_SYM_XFORM_AUTH: /* Only support Auth + Cipher for inbound */ @@ -967,7 +974,10 @@ nfp_ipsec_msg_build(struct rte_eth_dev *eth_dev, struct rte_security_session_conf *conf, struct nfp_ipsec_msg *msg) { + int i; int ret; + rte_be32_t *src_ip; + rte_be32_t *dst_ip; struct ipsec_add_sa *cfg; enum rte_security_ipsec_tunnel_type type; @@ -1025,12 +1035,18 @@ nfp_ipsec_msg_build(struct rte_eth_dev *eth_dev, type = conf->ipsec.tunnel.type; cfg->ctrl_word.mode = NFP_IPSEC_MODE_TUNNEL; if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { - cfg->src_ip.v4 = conf->ipsec.tunnel.ipv4.src_ip; - cfg->dst_ip.v4 = conf->ipsec.tunnel.ipv4.dst_ip; + src_ip = (rte_be32_t *)&conf->ipsec.tunnel.ipv4.src_ip.s_addr; + dst_ip = (rte_be32_t *)&conf->ipsec.tunnel.ipv4.dst_ip.s_addr; + cfg->src_ip[0] = rte_be_to_cpu_32(src_ip[0]); + cfg->dst_ip[0] = rte_be_to_cpu_32(dst_ip[0]); cfg->ipv6 = 0; } else if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) { - cfg->src_ip.v6 = conf->ipsec.tunnel.ipv6.src_addr; - cfg->dst_ip.v6 = conf->ipsec.tunnel.ipv6.dst_addr; + src_ip = (rte_be32_t *)conf->ipsec.tunnel.ipv6.src_addr.s6_addr; + dst_ip = (rte_be32_t *)conf->ipsec.tunnel.ipv6.dst_addr.s6_addr; + for (i = 0; i < 4; i++) { + cfg->src_ip[i] = rte_be_to_cpu_32(src_ip[i]); + cfg->dst_ip[i] = rte_be_to_cpu_32(dst_ip[i]); + } cfg->ipv6 = 1; } else { PMD_DRV_LOG(ERR, "Unsupported address family!"); @@ -1043,9 +1059,11 @@ nfp_ipsec_msg_build(struct rte_eth_dev *eth_dev, cfg->ctrl_word.mode = NFP_IPSEC_MODE_TRANSPORT; if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV4) { memset(&cfg->src_ip, 0, sizeof(cfg->src_ip)); + memset(&cfg->dst_ip, 0, sizeof(cfg->dst_ip)); cfg->ipv6 = 0; } else if (type == RTE_SECURITY_IPSEC_TUNNEL_IPV6) { memset(&cfg->src_ip, 0, sizeof(cfg->src_ip)); + memset(&cfg->dst_ip, 0, sizeof(cfg->dst_ip)); cfg->ipv6 = 1; } else { PMD_DRV_LOG(ERR, "Unsupported address family!"); @@ -1179,18 +1197,18 @@ nfp_security_set_pkt_metadata(void *device, desc_md = RTE_MBUF_DYNFIELD(m, offset, struct nfp_tx_ipsec_desc_msg *); if (priv_session->msg.ctrl_word.ext_seq != 0 && sqn != NULL) { - desc_md->esn.low = rte_cpu_to_be_32(*sqn); - desc_md->esn.hi = rte_cpu_to_be_32(*sqn >> 32); + desc_md->esn.low = (uint32_t)*sqn; + desc_md->esn.hi = (uint32_t)(*sqn >> 32); } else if (priv_session->msg.ctrl_word.ext_seq != 0) { - desc_md->esn.low = rte_cpu_to_be_32(priv_session->ipsec.esn.low); - desc_md->esn.hi = rte_cpu_to_be_32(priv_session->ipsec.esn.hi); + desc_md->esn.low = priv_session->ipsec.esn.low; + desc_md->esn.hi = priv_session->ipsec.esn.hi; } else { - desc_md->esn.low = rte_cpu_to_be_32(priv_session->ipsec.esn.value); + desc_md->esn.low = priv_session->ipsec.esn.low; desc_md->esn.hi = 0; } desc_md->enc = 1; - desc_md->sa_idx = rte_cpu_to_be_32(priv_session->sa_index); + desc_md->sa_idx = priv_session->sa_index; } return 0; diff --git a/drivers/net/nfp/nfp_ipsec.h b/drivers/net/nfp/nfp_ipsec.h index d7a729398a..f7c4f3f225 100644 --- a/drivers/net/nfp/nfp_ipsec.h +++ b/drivers/net/nfp/nfp_ipsec.h @@ -36,11 +36,6 @@ struct sa_ctrl_word { uint32_t spare2 :1; /**< Must be set to 0 */ }; -union nfp_ip_addr { - struct in6_addr v6; - struct in_addr v4; -}; - struct ipsec_add_sa { uint32_t cipher_key[8]; /**< Cipher Key */ union { @@ -60,8 +55,8 @@ struct ipsec_add_sa { uint8_t spare1; uint32_t soft_byte_cnt; /**< Soft lifetime byte count */ uint32_t hard_byte_cnt; /**< Hard lifetime byte count */ - union nfp_ip_addr src_ip; /**< Src IP addr */ - union nfp_ip_addr dst_ip; /**< Dst IP addr */ + uint32_t src_ip[4]; /**< Src IP addr */ + uint32_t dst_ip[4]; /**< Dst IP addr */ uint16_t natt_dst_port; /**< NAT-T UDP Header dst port */ uint16_t natt_src_port; /**< NAT-T UDP Header src port */ uint32_t soft_lifetime_limit; /**< Soft lifetime time limit */