crypto/ipsec_mb: fix GMAC parameters setting
Checks
Commit Message
AES-GMAC requires plaintext length to be 0 when using AES-GCM,
so only AAD data is used.
Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
Cc: pablo.de.lara.guarch@intel.com
Cc: stable@dpdk.org
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
Comments
> -----Original Message-----
> From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Sent: Wednesday, March 9, 2022 10:45 AM
> To: Nicolau, Radu <radu.nicolau@intel.com>; Buckley, Daniel M
> <daniel.m.buckley@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Cc: dev@dpdk.org; De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>;
> stable@dpdk.org
> Subject: [PATCH] crypto/ipsec_mb: fix GMAC parameters setting
>
> AES-GMAC requires plaintext length to be 0 when using AES-GCM,
> so only AAD data is used.
>
> Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
> Cc: pablo.de.lara.guarch@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
> drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> index c974886032..afa0b6e3a4 100644
> --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> @@ -1296,9 +1296,9 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
> op->sym->aead.data.offset;
> job->msg_len_to_hash_in_bytes =
> op->sym->aead.data.length;
> - } else {
> - job->msg_len_to_cipher_in_bytes = 0;
> + } else { /* AES-GMAC only, only AAD used */
> job->msg_len_to_hash_in_bytes = 0;
> + job->hash_start_src_offset_in_bytes = 0;
> }
>
> job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
> @@ -1378,8 +1378,18 @@ set_mb_job_params(IMB_JOB *job, struct
> ipsec_mb_qp *qp,
> job->msg_len_to_cipher_in_bits =
> op->sym->cipher.data.length;
> break;
> - case IMB_CIPHER_CCM:
> case IMB_CIPHER_GCM:
> + if (session->cipher.mode == IMB_CIPHER_NULL) {
> + /* AES-GMAC only (only AAD used) */
> + job->msg_len_to_cipher_in_bytes = 0;
> + job->cipher_start_src_offset_in_bytes = 0;
> + } else {
> + job->cipher_start_src_offset_in_bytes =
> + op->sym->aead.data.offset;
> + job->msg_len_to_cipher_in_bytes = op->sym-
> >aead.data.length;
> + }
> + break;
> + case IMB_CIPHER_CCM:
> case IMB_CIPHER_CHACHA20_POLY1305:
> job->cipher_start_src_offset_in_bytes =
> op->sym->aead.data.offset;
> --
> 2.25.1
Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
Thanks Pablo!
On 3/9/2022 10:45 AM, Pablo de Lara wrote:
> AES-GMAC requires plaintext length to be 0 when using AES-GCM,
> so only AAD data is used.
>
> Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset settings")
> Cc: pablo.de.lara.guarch@intel.com
> Cc: stable@dpdk.org
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> ---
>
Tested-by: Radu Nicolau <radu.nicolau@intel.com>
Acked-by: Radu Nicolau <radu.nicolau@intel.com>
Hi Thomas,
> -----Original Message-----
> From: Zhang, Roy Fan <roy.fan.zhang@intel.com>
> Sent: Wednesday, March 9, 2022 11:01 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Nicolau, Radu
> <radu.nicolau@intel.com>; Buckley, Daniel M <daniel.m.buckley@intel.com>
> Cc: dev@dpdk.org; stable@dpdk.org
> Subject: RE: [PATCH] crypto/ipsec_mb: fix GMAC parameters setting
>
> > -----Original Message-----
> > From: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> > Sent: Wednesday, March 9, 2022 10:45 AM
> > To: Nicolau, Radu <radu.nicolau@intel.com>; Buckley, Daniel M
> > <daniel.m.buckley@intel.com>; Zhang, Roy Fan <roy.fan.zhang@intel.com>
> > Cc: dev@dpdk.org; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; stable@dpdk.org
> > Subject: [PATCH] crypto/ipsec_mb: fix GMAC parameters setting
> >
> > AES-GMAC requires plaintext length to be 0 when using AES-GCM, so only
> > AAD data is used.
> >
> > Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset
> > settings")
> > Cc: pablo.de.lara.guarch@intel.com
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > ---
> > drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 16 +++++++++++++---
> > 1 file changed, 13 insertions(+), 3 deletions(-)
> >
> > diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> > b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> > index c974886032..afa0b6e3a4 100644
> > --- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> > +++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
> > @@ -1296,9 +1296,9 @@ set_mb_job_params(IMB_JOB *job, struct
> > ipsec_mb_qp *qp,
> > op->sym->aead.data.offset;
> > job->msg_len_to_hash_in_bytes =
> > op->sym->aead.data.length;
> > - } else {
> > - job->msg_len_to_cipher_in_bytes = 0;
> > + } else { /* AES-GMAC only, only AAD used */
> > job->msg_len_to_hash_in_bytes = 0;
> > + job->hash_start_src_offset_in_bytes = 0;
> > }
> >
> > job->iv = rte_crypto_op_ctod_offset(op, uint8_t *, @@ -1378,8
> > +1378,18 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
> > job->msg_len_to_cipher_in_bits =
> > op->sym->cipher.data.length;
> > break;
> > - case IMB_CIPHER_CCM:
> > case IMB_CIPHER_GCM:
> > + if (session->cipher.mode == IMB_CIPHER_NULL) {
> > + /* AES-GMAC only (only AAD used) */
> > + job->msg_len_to_cipher_in_bytes = 0;
> > + job->cipher_start_src_offset_in_bytes = 0;
> > + } else {
> > + job->cipher_start_src_offset_in_bytes =
> > + op->sym->aead.data.offset;
> > + job->msg_len_to_cipher_in_bytes = op->sym-
> > >aead.data.length;
> > + }
> > + break;
> > + case IMB_CIPHER_CCM:
> > case IMB_CIPHER_CHACHA20_POLY1305:
> > job->cipher_start_src_offset_in_bytes =
> > op->sym->aead.data.offset;
> > --
> > 2.25.1
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Thanks Pablo!
Would it be possible to merge this fix for this release?
A previous commit merged in this release has introduced a bug,
so it would be great if this fix can make it into 22.03.
Thanks,
Pablo
> > > AES-GMAC requires plaintext length to be 0 when using AES-GCM, so only
> > > AAD data is used.
> > >
> > > Fixes: a501609ea646 ("crypto/ipsec_mb: fix length and offset
> > > settings")
> > > Cc: pablo.de.lara.guarch@intel.com
> > > Cc: stable@dpdk.org
> > >
> > > Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
> > Acked-by: Fan Zhang <roy.fan.zhang@intel.com> Thanks Pablo!
>
> Would it be possible to merge this fix for this release?
> A previous commit merged in this release has introduced a bug,
> so it would be great if this fix can make it into 22.03.
Applied, thanks.
@@ -1296,9 +1296,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
op->sym->aead.data.offset;
job->msg_len_to_hash_in_bytes =
op->sym->aead.data.length;
- } else {
- job->msg_len_to_cipher_in_bytes = 0;
+ } else { /* AES-GMAC only, only AAD used */
job->msg_len_to_hash_in_bytes = 0;
+ job->hash_start_src_offset_in_bytes = 0;
}
job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
@@ -1378,8 +1378,18 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
job->msg_len_to_cipher_in_bits =
op->sym->cipher.data.length;
break;
- case IMB_CIPHER_CCM:
case IMB_CIPHER_GCM:
+ if (session->cipher.mode == IMB_CIPHER_NULL) {
+ /* AES-GMAC only (only AAD used) */
+ job->msg_len_to_cipher_in_bytes = 0;
+ job->cipher_start_src_offset_in_bytes = 0;
+ } else {
+ job->cipher_start_src_offset_in_bytes =
+ op->sym->aead.data.offset;
+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+ }
+ break;
+ case IMB_CIPHER_CCM:
case IMB_CIPHER_CHACHA20_POLY1305:
job->cipher_start_src_offset_in_bytes =
op->sym->aead.data.offset;