crypto/ipsec_mb: fix cipher key setting

Message ID	20211122174729.1153925-1-pablo.de.lara.guarch@intel.com (mailing list archive)
State	Accepted, archived
Delegated to:	akhil goyal
Headers	show Return-Path: <dev-bounces@dpdk.org> From: Pablo de Lara <pablo.de.lara.guarch@intel.com> To: roy.fan.zhang@intel.com, ciara.power@intel.com Cc: dev@dpdk.org, Pablo de Lara <pablo.de.lara.guarch@intel.com>, stable@dpdk.org Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting Date: Mon, 22 Nov 2021 17:47:29 +0000 Message-Id: <20211122174729.1153925-1-pablo.de.lara.guarch@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: dev-bounces@dpdk.org
Series	crypto/ipsec_mb: fix cipher key setting \| expand crypto/ipsec_mb: fix cipher key setting

Message ID

20211122174729.1153925-1-pablo.de.lara.guarch@intel.com (mailing list archive)

State

Accepted, archived

Delegated to:

akhil goyal

Headers

From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: roy.fan.zhang@intel.com,
	ciara.power@intel.com
Cc: dev@dpdk.org, Pablo de Lara <pablo.de.lara.guarch@intel.com>,
 stable@dpdk.org
Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
Date: Mon, 22 Nov 2021 17:47:29 +0000
Message-Id: <20211122174729.1153925-1-pablo.de.lara.guarch@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Errors-To: dev-bounces@dpdk.org

Series

crypto/ipsec_mb: fix cipher key setting | expand

Checks

Context	Check	Description
ci/iol-aarch64-compile-testing	success	Testing PASS
ci/iol-x86_64-compile-testing	success	Testing PASS
ci/iol-aarch64-unit-testing	success	Testing PASS
ci/iol-x86_64-unit-testing	success	Testing PASS
ci/iol-intel-Performance	success	Performance Testing PASS
ci/iol-intel-Functional	success	Functional Testing PASS
ci/iol-broadcom-Functional	success	Functional Testing PASS
ci/iol-broadcom-Performance	success	Performance Testing PASS
ci/iol-mellanox-Performance	success	Performance Testing PASS
ci/github-robot: build	success	github build: passed
ci/intel-Testing	success	Testing PASS
ci/Intel-compilation	success	Compilation OK
ci/checkpatch	warning	coding style issues

Context

Check

Description

ci/iol-aarch64-compile-testing

success

Testing PASS

ci/iol-x86_64-compile-testing

success

Testing PASS

ci/iol-aarch64-unit-testing

success

Testing PASS

ci/iol-x86_64-unit-testing

success

Testing PASS

ci/iol-intel-Performance

success

Performance Testing PASS

ci/iol-intel-Functional

success

Functional Testing PASS

ci/iol-broadcom-Functional

success

Functional Testing PASS

ci/iol-broadcom-Performance

success

Performance Testing PASS

ci/iol-mellanox-Performance

success

Performance Testing PASS

ci/github-robot: build

success

github build: passed

ci/intel-Testing

success

Testing PASS

ci/Intel-compilation

success

Compilation OK

ci/checkpatch

warning

coding style issues

Commit Message

De Lara Guarch, Pablo Nov. 22, 2021, 5:47 p.m. UTC

When authenticating with SNOW3G, KASUMI and ZUC,
the pointers for encryption/decryption keys is not set.
If a cipher algorithm such as AES-CBC is also used,
the application would seg fault.
Hence, these pointers should be set to some value by default.

Command line to replicate the issue:
./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \
 --devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo snow3g-uia2 \
 --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent --total-ops 1000000 \
 --auth-op generate --burst-sz 32 --cipher-algo aes-ctr
 --cipher-key-sz 16 --cipher-iv-sz 16

Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Cc: stable@dpdk.org

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

Comments

Ciara Power Nov. 23, 2021, 8:22 a.m. UTC | #1

>-----Original Message-----
>From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
>Sent: Monday 22 November 2021 17:47
>To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
><ciara.power@intel.com>
>Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
>stable@dpdk.org
>Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
>
>When authenticating with SNOW3G, KASUMI and ZUC, the pointers for
>encryption/decryption keys is not set.
>If a cipher algorithm such as AES-CBC is also used, the application would seg
>fault.
>Hence, these pointers should be set to some value by default.
>
>Command line to replicate the issue:
>./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \  --
>devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo snow3g-
>uia2 \  --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent --total-ops 1000000
>\  --auth-op generate --burst-sz 32 --cipher-algo aes-ctr  --cipher-key-sz 16 --
>cipher-iv-sz 16
>
>Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
>Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
>Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
>Cc: stable@dpdk.org
>
>Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
>---
> drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 15 ++++++++-------
> 1 file changed, 8 insertions(+), 7 deletions(-)
>
>diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>index e05bc04c3b..a308d42ffa 100644
>--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
>@@ -1120,6 +1120,14 @@ set_mb_job_params(IMB_JOB *job, struct
>ipsec_mb_qp *qp,
>
> 	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
>
>+	if (job->cipher_mode == IMB_CIPHER_DES3) {
>+		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
>+		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
>+	} else {
>+		job->enc_keys = session-
>>cipher.expanded_aes_keys.encode;
>+		job->dec_keys = session-
>>cipher.expanded_aes_keys.decode;
>+	}
>+
> 	switch (job->hash_alg) {
> 	case IMB_AUTH_AES_XCBC:
> 		job->u.XCBC._k1_expanded = session-
>>auth.xcbc.k1_expanded; @@ -1189,13 +1197,6 @@
>set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
> 		job->u.HMAC._hashed_auth_key_xor_opad =
> 			session->auth.pads.outer;
>
>-		if (job->cipher_mode == IMB_CIPHER_DES3) {
>-			job->enc_keys = session-
>>cipher.exp_3des_keys.ks_ptr;
>-			job->dec_keys = session-
>>cipher.exp_3des_keys.ks_ptr;
>-		} else {
>-			job->enc_keys = session-
>>cipher.expanded_aes_keys.encode;
>-			job->dec_keys = session-
>>cipher.expanded_aes_keys.decode;
>-		}
> 	}
>
> 	if (aead)
>--
>2.25.1

Acked-by: Ciara Power <ciara.power@intel.com>

Zhang, Roy Fan Nov. 23, 2021, 1:09 p.m. UTC | #2

> -----Original Message-----
> From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Sent: Monday, November 22, 2021 5:47 PM
> To: Zhang, Roy Fan <roy.fan.zhang@intel.com>; Power, Ciara
> <ciara.power@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> stable@dpdk.org
> Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
> 
> When authenticating with SNOW3G, KASUMI and ZUC,
> the pointers for encryption/decryption keys is not set.
> If a cipher algorithm such as AES-CBC is also used,
> the application would seg fault.
> Hence, these pointers should be set to some value by default.
> 
> Command line to replicate the issue:
> ./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \
>  --devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo
> snow3g-uia2 \
>  --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent --total-ops 1000000 \
>  --auth-op generate --burst-sz 32 --cipher-algo aes-ctr
>  --cipher-key-sz 16 --cipher-iv-sz 16
> 
> Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
> Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
> Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>  drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 15 ++++++++-------
>  1 file changed, 8 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index e05bc04c3b..a308d42ffa 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -1120,6 +1120,14 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
> 
>  	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
> 
> +	if (job->cipher_mode == IMB_CIPHER_DES3) {
> +		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
> +		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
> +	} else {
> +		job->enc_keys = session-
> >cipher.expanded_aes_keys.encode;
> +		job->dec_keys = session-
> >cipher.expanded_aes_keys.decode;
> +	}
> +
>  	switch (job->hash_alg) {
>  	case IMB_AUTH_AES_XCBC:
>  		job->u.XCBC._k1_expanded = session-
> >auth.xcbc.k1_expanded;
> @@ -1189,13 +1197,6 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
>  		job->u.HMAC._hashed_auth_key_xor_opad =
>  			session->auth.pads.outer;
> 
> -		if (job->cipher_mode == IMB_CIPHER_DES3) {
> -			job->enc_keys = session-
> >cipher.exp_3des_keys.ks_ptr;
> -			job->dec_keys = session-
> >cipher.exp_3des_keys.ks_ptr;
> -		} else {
> -			job->enc_keys = session-
> >cipher.expanded_aes_keys.encode;
> -			job->dec_keys = session-
> >cipher.expanded_aes_keys.decode;
> -		}
>  	}
> 
>  	if (aead)
> --
> 2.25.1
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>

Akhil Goyal Nov. 23, 2021, 6:39 p.m. UTC | #3

> > Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Applied to dpdk-next-crypto

Thanks.

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index e05bc04c3b..a308d42ffa 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -1120,6 +1120,14 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 
 	const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
 
+	if (job->cipher_mode == IMB_CIPHER_DES3) {
+		job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
+		job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
+	} else {
+		job->enc_keys = session->cipher.expanded_aes_keys.encode;
+		job->dec_keys = session->cipher.expanded_aes_keys.decode;
+	}
+
 	switch (job->hash_alg) {
 	case IMB_AUTH_AES_XCBC:
 		job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
@@ -1189,13 +1197,6 @@  set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->u.HMAC._hashed_auth_key_xor_opad =
 			session->auth.pads.outer;
 
-		if (job->cipher_mode == IMB_CIPHER_DES3) {
-			job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
-			job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
-		} else {
-			job->enc_keys = session->cipher.expanded_aes_keys.encode;
-			job->dec_keys = session->cipher.expanded_aes_keys.decode;
-		}
 	}
 
 	if (aead)

crypto/ipsec_mb: fix cipher key setting

Checks

Commit Message

Comments

Patch