patch 'crypto/ipsec_mb: fix cipher key setting' has been queued to stable release 20.11.4
Xueming(Steven) Li
xuemingl at nvidia.com
Mon Dec 6 13:45:01 CET 2021
Hi Pablo,
On Sun, 2021-11-28 at 22:54 +0800, Xueming Li wrote:
> Hi,
>
> FYI, your patch has been queued to stable release 20.11.4
>
> Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
> It will be pushed if I get no objections before 11/30/21. So please
> shout if anyone has objections.
>
> Also note that after the patch there's a diff of the upstream commit vs the
> patch applied to the branch. This will indicate if there was any rebasing
> needed to apply to the stable branch. If there were code changes for rebasing
> (ie: not only metadata diffs), please double check that the rebase was
> correctly done.
>
> Queued patches are on a temporary branch at:
> https://github.com/steevenlee/dpdk
>
> This queued commit can be viewed at:
> https://github.com/steevenlee/dpdk/commit/6096e4200509865f35a2cf9383da0af76bc68aff
>
> Thanks.
>
> Xueming Li <xuemingl at nvidia.com>
>
> ---
> From 6096e4200509865f35a2cf9383da0af76bc68aff Mon Sep 17 00:00:00 2001
> From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> Date: Mon, 22 Nov 2021 17:47:29 +0000
> Subject: [PATCH] crypto/ipsec_mb: fix cipher key setting
> Cc: Xueming Li <xuemingl at nvidia.com>
>
> [ upstream commit b0a37e8cd2ac559202086d88c1761e0b6406b445 ]
>
> When authenticating with SNOW3G, KASUMI and ZUC,
> the pointers for encryption/decryption keys is not set.
> If a cipher algorithm such as AES-CBC is also used,
> the application would seg fault.
> Hence, these pointers should be set to some value by default.
>
> Command line to replicate the issue:
> ./build/app/dpdk-test-crypto-perf -l 4,5 -n 6 --vdev="crypto_aesni_mb" -- \
> --devtype="crypto_aesni_mb" --optype=cipher-then-auth --auth-algo \
> snow3g-uia2 --auth-key-sz 16 --auth-iv-sz 16 --digest-sz 4 --silent \
> --total-ops 1000000 --auth-op generate --burst-sz 32 \
> --cipher-algo aes-ctr --cipher-key-sz 16 --cipher-iv-sz 16
>
> Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
> Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
> Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
>
> Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
> Acked-by: Ciara Power <ciara.power at intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang at intel.com>
> ---
> drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 19 ++++++++-----------
> 1 file changed, 8 insertions(+), 11 deletions(-)
>
> diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> index 03186485f9..6e14788fd0 100644
> --- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> +++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
> @@ -1267,6 +1267,14 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
>
> const int aead = is_aead_algo(job->hash_alg, job->cipher_mode);
>
> + if (job->cipher_mode == IMB_CIPHER_DES3) {
In 20.11, intel-ipsec-mb 0.52 is required, IMB_CIPHER_DES3 not defined,
comiple error happens in server with lower verison.
Changed it to DES3, please let me know if wrong.
Regards,
Xueming
> + job->enc_keys = session->cipher.exp_3des_keys.ks_ptr;
> + job->dec_keys = session->cipher.exp_3des_keys.ks_ptr;
> + } else {
> + job->enc_keys = session->cipher.expanded_aes_keys.encode;
> + job->dec_keys = session->cipher.expanded_aes_keys.decode;
> + }
> +
> switch (job->hash_alg) {
> case AES_XCBC:
> job->u.XCBC._k1_expanded = session->auth.xcbc.k1_expanded;
> @@ -1339,17 +1347,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
> job->u.HMAC._hashed_auth_key_xor_ipad = session->auth.pads.inner;
> job->u.HMAC._hashed_auth_key_xor_opad = session->auth.pads.outer;
>
> - if (job->cipher_mode == DES3) {
> - job->aes_enc_key_expanded =
> - session->cipher.exp_3des_keys.ks_ptr;
> - job->aes_dec_key_expanded =
> - session->cipher.exp_3des_keys.ks_ptr;
> - } else {
> - job->aes_enc_key_expanded =
> - session->cipher.expanded_aes_keys.encode;
> - job->aes_dec_key_expanded =
> - session->cipher.expanded_aes_keys.decode;
> - }
> }
>
> if (aead)
More information about the stable
mailing list