diff mbox series

crypto/ipsec_mb: fix cipher key setting

Message ID 20211122174729.1153925-1-pablo.de.lara.guarch@intel.com (mailing list archive)
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series crypto/ipsec_mb: fix cipher key setting | expand

Checks

Context Check Description
ci/iol-aarch64-compile-testing success Testing PASS
ci/iol-x86_64-compile-testing success Testing PASS
ci/iol-aarch64-unit-testing success Testing PASS
ci/iol-x86_64-unit-testing success Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-intel-Functional success Functional Testing PASS
ci/iol-broadcom-Functional success Functional Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS
ci/iol-mellanox-Performance success Performance Testing PASS
ci/github-robot: build success github build: passed
ci/intel-Testing success Testing PASS
ci/Intel-compilation success Compilation OK
ci/checkpatch warning coding style issues

Commit Message

De Lara Guarch, Pablo Nov. 22, 2021, 5:47 p.m. UTC
When authenticating with SNOW3G, KASUMI and ZUC,
the pointers for encryption/decryption keys is not set.
If a cipher algorithm such as AES-CBC is also used,
the application would seg fault.
Hence, these pointers should be set to some value by default.

Command line to replicate the issue:
./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \
 --devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo snow3g-uia2 \
 --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent --total-ops 1000000 \
 --auth-op generate --burst-sz 32 --cipher-algo aes-ctr
 --cipher-key-sz 16 --cipher-iv-sz 16

Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

Comments

Ciara Power Nov. 23, 2021, 8:22 a.m. UTC | #1
>-----Original Message-----
>From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Sent: Monday 22 November 2021 17:47
>To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
><ciara.power@intel.com>
>Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>stable@dpdk.org
>Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
>
>When authenticating with SNOW3G, KASUMI and ZUC, the pointers for
>encryption/decryption keys is not set.
>If a cipher algorithm such as AES-CBC is also used, the application would seg
>fault.
>Hence, these pointers should be set to some value by default.
>
>Command line to replicate the issue:
>./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \  --
>devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo snow3g-
>uia2 \  --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent --total-ops 1000000
>\  --auth-op generate --burst-sz 32 --cipher-algo aes-ctr  --cipher-key-sz 16 --
>cipher-iv-sz 16
>
>Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
>Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
>Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
>Cc: stable@dpdk.org
>
>Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
>---
> drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
>diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>index e05bc04c3b..a308d42ffa 100644
>--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>@@ -1120,6 +1120,14 @@ set_mb_job_params(IMB_JOB *job, struct
>ipsec_mb_qp *qp,
>
> 	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
>
>+	if (job->cipher_mode == IMB_CIPHER_DES3) {
>+		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
>+		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
>+	} else {
>+		job->enc_keys = session-
>>cipher.expanded_aes_keys.encode;
>+		job->dec_keys = session-
>>cipher.expanded_aes_keys.decode;
>+	}
>+
> 	switch (job->hash_alg) {
> 	case IMB_AUTH_AES_XCBC:
> 		job->u.XCBC._k1_expanded = session-
>>auth.xcbc.k1_expanded; @@ -1189,13 +1197,6 @@
>set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
> 		job->u.HMAC._hashed_auth_key_xor_opad =
> 			session->auth.pads.outer;
>
>-		if (job->cipher_mode == IMB_CIPHER_DES3) {
>-			job->enc_keys = session-
>>cipher.exp_3des_keys.ks_ptr;
>-			job->dec_keys = session-
>>cipher.exp_3des_keys.ks_ptr;
>-		} else {
>-			job->enc_keys = session-
>>cipher.expanded_aes_keys.encode;
>-			job->dec_keys = session-
>>cipher.expanded_aes_keys.decode;
>-		}
> 	}
>
> 	if (aead)
>--
>2.25.1

Acked-by: Ciara Power <ciara.power@intel.com>
Zhang, Roy Fan Nov. 23, 2021, 1:09 p.m. UTC | #2
> -----Original Message-----
> From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Sent: Monday, November 22, 2021 5:47 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
> <ciara.power@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> stable@dpdk.org
> Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
> 
> When authenticating with SNOW3G, KASUMI and ZUC,
> the pointers for encryption/decryption keys is not set.
> If a cipher algorithm such as AES-CBC is also used,
> the application would seg fault.
> Hence, these pointers should be set to some value by default.
> 
> Command line to replicate the issue:
> ./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \
>  --devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo
> snow3g-uia2 \
>  --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent --total-ops 1000000 \
>  --auth-op generate --burst-sz 32 --cipher-algo aes-ctr
>  --cipher-key-sz 16 --cipher-iv-sz 16
> 
> Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
> Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
> Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 15 ++++++++-------
>  1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index e05bc04c3b..a308d42ffa 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -1120,6 +1120,14 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
> 
>  	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
> 
> +	if (job->cipher_mode == IMB_CIPHER_DES3) {
> +		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
> +		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
> +	} else {
> +		job->enc_keys = session-
> >cipher.expanded_aes_keys.encode;
> +		job->dec_keys = session-
> >cipher.expanded_aes_keys.decode;
> +	}
> +
>  	switch (job->hash_alg) {
>  	case IMB_AUTH_AES_XCBC:
>  		job->u.XCBC._k1_expanded = session-
> >auth.xcbc.k1_expanded;
> @@ -1189,13 +1197,6 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  		job->u.HMAC._hashed_auth_key_xor_opad =
>  			session->auth.pads.outer;
> 
> -		if (job->cipher_mode == IMB_CIPHER_DES3) {
> -			job->enc_keys = session-
> >cipher.exp_3des_keys.ks_ptr;
> -			job->dec_keys = session-
> >cipher.exp_3des_keys.ks_ptr;
> -		} else {
> -			job->enc_keys = session-
> >cipher.expanded_aes_keys.encode;
> -			job->dec_keys = session-
> >cipher.expanded_aes_keys.decode;
> -		}
>  	}
> 
>  	if (aead)
> --
> 2.25.1
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Akhil Goyal Nov. 23, 2021, 6:39 p.m. UTC | #3
> > Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Applied to dpdk-next-crypto

Thanks.
diff mbox series

Patch

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index e05bc04c3b..a308d42ffa 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1120,6 +1120,14 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 
 	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
 
+	if (job->cipher_mode == IMB_CIPHER_DES3) {
+		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
+		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
+	} else {
+		job->enc_keys = session->cipher.expanded_aes_keys.encode;
+		job->dec_keys = session->cipher.expanded_aes_keys.decode;
+	}
+
 	switch (job->hash_alg) {
 	case IMB_AUTH_AES_XCBC:
 		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
@@ -1189,13 +1197,6 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->u.HMAC._hashed_auth_key_xor_opad =
 			session->auth.pads.outer;
 
-		if (job->cipher_mode == IMB_CIPHER_DES3) {
-			job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
-			job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
-		} else {
-			job->enc_keys = session->cipher.expanded_aes_keys.encode;
-			job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		}
 	}
 
 	if (aead)