patch 'crypto/ipsec_mb: fix length and offset settings' has been queued to stable release 20.11.6
Xueming Li
xuemingl at nvidia.com
Tue Jun 21 10:01:07 CEST 2022
Hi,
FYI, your patch has been queued to stable release 20.11.6
Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 06/23/22. So please
shout if anyone has objections.
Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.
Queued patches are on a temporary branch at:
https://github.com/steevenlee/dpdk
This queued commit can be viewed at:
https://github.com/steevenlee/dpdk/commit/0fb580b1c018649febad807b13f3bcba2efc1b21
Thanks.
Xueming Li <xuemingl at nvidia.com>
---
>From 0fb580b1c018649febad807b13f3bcba2efc1b21 Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Date: Tue, 22 Mar 2022 13:39:09 +0000
Subject: [PATCH] crypto/ipsec_mb: fix length and offset settings
Cc: Xueming Li <xuemingl at nvidia.com>
[ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ]
KASUMI, SNOW3G and ZUC require lengths and offsets to
be set in bits or bytes depending on the algorithm.
There were some algorithms that were mixing these two,
so this commit is fixing this issue.
Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++------
1 file changed, 90 insertions(+), 36 deletions(-)
diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
index f4ffb21e10..ab9864739d 100644
--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
@@ -1057,7 +1057,9 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
static inline uint64_t
auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
- uint32_t oop)
+ uint32_t oop, const uint32_t auth_offset,
+ const uint32_t cipher_offset, const uint32_t auth_length,
+ const uint32_t cipher_length)
{
struct rte_mbuf *m_src, *m_dst;
uint8_t *p_src, *p_dst;
@@ -1066,7 +1068,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
/* Only cipher then hash needs special calculation. */
if (!oop || session->chain_order != CIPHER_HASH)
- return op->sym->auth.data.offset;
+ return auth_offset;
m_src = op->sym->m_src;
m_dst = op->sym->m_dst;
@@ -1074,24 +1076,23 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
p_src = rte_pktmbuf_mtod(m_src, uint8_t *);
p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *);
u_src = (uintptr_t)p_src;
- u_dst = (uintptr_t)p_dst + op->sym->auth.data.offset;
+ u_dst = (uintptr_t)p_dst + auth_offset;
/**
* Copy the content between cipher offset and auth offset for generating
* correct digest.
*/
- if (op->sym->cipher.data.offset > op->sym->auth.data.offset)
- memcpy(p_dst + op->sym->auth.data.offset,
- p_src + op->sym->auth.data.offset,
- op->sym->cipher.data.offset -
- op->sym->auth.data.offset);
-
+ if (cipher_offset > auth_offset)
+ memcpy(p_dst + auth_offset,
+ p_src + auth_offset,
+ cipher_offset -
+ auth_offset);
/**
* Copy the content between (cipher offset + length) and (auth offset +
* length) for generating correct digest
*/
- cipher_end = op->sym->cipher.data.offset + op->sym->cipher.data.length;
- auth_end = op->sym->auth.data.offset + op->sym->auth.data.length;
+ cipher_end = cipher_offset + cipher_length;
+ auth_end = auth_offset + auth_length;
if (cipher_end < auth_end)
memcpy(p_dst + cipher_end, p_src + cipher_end,
auth_end - cipher_end);
@@ -1246,7 +1247,12 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
struct rte_mbuf *m_src = op->sym->m_src, *m_dst;
struct aesni_mb_session *session;
uint32_t m_offset, oop;
-
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+ uint32_t auth_off_in_bytes;
+ uint32_t ciph_off_in_bytes;
+ uint32_t auth_len_in_bytes;
+ uint32_t ciph_len_in_bytes;
+#endif
session = get_session(qp, op);
if (session == NULL) {
op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
@@ -1362,6 +1368,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3) {
job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
+ m_offset >>= 3;
} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
m_offset = 0;
@@ -1418,9 +1425,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
switch (job->hash_alg) {
case AES_CCM:
- job->cipher_start_src_offset_in_bytes =
- op->sym->aead.data.offset;
- job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
job->msg_len_to_hash_in_bytes = op->sym->aead.data.length;
@@ -1430,19 +1434,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
case AES_GMAC:
if (session->cipher.mode == GCM) {
- job->cipher_start_src_offset_in_bytes =
- op->sym->aead.data.offset;
job->hash_start_src_offset_in_bytes =
op->sym->aead.data.offset;
- job->msg_len_to_cipher_in_bytes =
- op->sym->aead.data.length;
job->msg_len_to_hash_in_bytes =
op->sym->aead.data.length;
} else {
- job->cipher_start_src_offset_in_bytes =
- op->sym->auth.data.offset;
- job->hash_start_src_offset_in_bytes =
- op->sym->auth.data.offset;
job->msg_len_to_cipher_in_bytes = 0;
job->msg_len_to_hash_in_bytes = 0;
}
@@ -1453,10 +1449,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
case IMB_AUTH_CHACHA20_POLY1305:
- job->cipher_start_src_offset_in_bytes = op->sym->aead.data.offset;
job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
- job->msg_len_to_cipher_in_bytes =
- op->sym->aead.data.length;
job->msg_len_to_hash_in_bytes =
op->sym->aead.data.length;
@@ -1464,26 +1457,87 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
session->iv.offset);
break;
#endif
- default:
- /* For SNOW3G, length and offsets are already in bits */
- job->cipher_start_src_offset_in_bytes =
- op->sym->cipher.data.offset;
- job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
+#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+ /* ZUC and SNOW3G require length in bits and offset in bytes */
+ case IMB_AUTH_ZUC_EIA3_BITLEN:
+ case IMB_AUTH_SNOW3G_UIA2_BITLEN:
+ auth_off_in_bytes = op->sym->auth.data.offset >> 3;
+ ciph_off_in_bytes = op->sym->cipher.data.offset >> 3;
+ auth_len_in_bytes = op->sym->auth.data.length >> 3;
+ ciph_len_in_bytes = op->sym->cipher.data.length >> 3;
job->hash_start_src_offset_in_bytes = auth_start_offset(op,
- session, oop);
+ session, oop, auth_off_in_bytes,
+ ciph_off_in_bytes, auth_len_in_bytes,
+ ciph_len_in_bytes);
+ job->msg_len_to_hash_in_bits = op->sym->auth.data.length;
+
+ job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+ session->iv.offset);
+ break;
+
+ /* KASUMI requires lengths and offset in bytes */
+ case IMB_AUTH_KASUMI_UIA1:
+ auth_off_in_bytes = op->sym->auth.data.offset >> 3;
+ ciph_off_in_bytes = op->sym->cipher.data.offset >> 3;
+ auth_len_in_bytes = op->sym->auth.data.length >> 3;
+ ciph_len_in_bytes = op->sym->cipher.data.length >> 3;
+
+ job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+ session, oop, auth_off_in_bytes,
+ ciph_off_in_bytes, auth_len_in_bytes,
+ ciph_len_in_bytes);
+ job->msg_len_to_hash_in_bytes = auth_len_in_bytes;
+
+ job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+ session->iv.offset);
+ break;
+#endif
+
+ default:
+ job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+ session, oop, op->sym->auth.data.offset,
+ op->sym->cipher.data.offset,
+ op->sym->auth.data.length,
+ op->sym->cipher.data.length);
job->msg_len_to_hash_in_bytes = op->sym->auth.data.length;
job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
session->iv.offset);
}
+ switch (job->cipher_mode) {
#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
- if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
- job->msg_len_to_cipher_in_bytes >>= 3;
- else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1)
- job->msg_len_to_hash_in_bytes >>= 3;
+ /* ZUC requires length and offset in bytes */
+ case IMB_CIPHER_ZUC_EEA3:
+ job->cipher_start_src_offset_in_bytes =
+ op->sym->cipher.data.offset >> 3;
+ job->msg_len_to_cipher_in_bytes =
+ op->sym->cipher.data.length >> 3;
+ break;
+ /* ZUC and SNOW3G require length and offset in bits */
+ case IMB_CIPHER_SNOW3G_UEA2_BITLEN:
+ case IMB_CIPHER_KASUMI_UEA1_BITLEN:
+ job->cipher_start_src_offset_in_bits =
+ op->sym->cipher.data.offset;
+ job->msg_len_to_cipher_in_bits =
+ op->sym->cipher.data.length;
+ break;
+#endif
+ case CCM:
+ case GCM:
+#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
+ case IMB_CIPHER_CHACHA20_POLY1305:
#endif
+ job->cipher_start_src_offset_in_bytes =
+ op->sym->aead.data.offset;
+ job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
+ break;
+ default:
+ job->cipher_start_src_offset_in_bytes =
+ op->sym->cipher.data.offset;
+ job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
+ }
/* Set user data to be crypto operation data struct */
job->user_data = op;
--
2.35.1
---
Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- - 2022-06-21 15:37:49.365082886 +0800
+++ 0001-crypto-ipsec_mb-fix-length-and-offset-settings.patch 2022-06-21 15:37:48.951117611 +0800
@@ -1 +1 @@
-From a501609ea6466ed8526c0dfadedee332a4d4a451 Mon Sep 17 00:00:00 2001
+From 0fb580b1c018649febad807b13f3bcba2efc1b21 Mon Sep 17 00:00:00 2001
@@ -3 +3 @@
-Date: Wed, 23 Feb 2022 16:01:16 +0000
+Date: Tue, 22 Mar 2022 13:39:09 +0000
@@ -4,0 +5,3 @@
+Cc: Xueming Li <xuemingl at nvidia.com>
+
+[ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ]
@@ -14,2 +16,0 @@
-Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")
-Cc: stable at dpdk.org
@@ -19,2 +20,2 @@
- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 122 +++++++++++++++++--------
- 1 file changed, 86 insertions(+), 36 deletions(-)
+ drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c | 126 +++++++++++++++------
+ 1 file changed, 90 insertions(+), 36 deletions(-)
@@ -22,5 +23,5 @@
-diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
-index 0111c6f540..c974886032 100644
---- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
-+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
-@@ -930,7 +930,9 @@ error_exit:
+diff --git a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+index f4ffb21e10..ab9864739d 100644
+--- a/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
++++ b/drivers/crypto/aesni_mb/rte_aesni_mb_pmd.c
+@@ -1057,7 +1057,9 @@ get_session(struct aesni_mb_qp *qp, struct rte_crypto_op *op)
@@ -37 +38 @@
-@@ -939,7 +941,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
+@@ -1066,7 +1068,7 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
@@ -40 +41 @@
- if (!oop || session->chain_order != IMB_ORDER_CIPHER_HASH)
+ if (!oop || session->chain_order != CIPHER_HASH)
@@ -46 +47 @@
-@@ -947,24 +949,24 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
+@@ -1074,24 +1076,23 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
@@ -61,0 +63 @@
+-
@@ -67 +68,0 @@
-
@@ -79,2 +80,2 @@
-@@ -1111,6 +1113,10 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
- struct aesni_mb_qp_data *qp_data = ipsec_mb_get_qp_private_data(qp);
+@@ -1246,7 +1247,12 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
+ struct rte_mbuf *m_src = op->sym->m_src, *m_dst;
@@ -82,0 +84,2 @@
+-
++#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
@@ -87,2 +90,2 @@
-
- session = ipsec_mb_get_session_private(qp, op);
++#endif
+ session = get_session(qp, op);
@@ -90 +93,2 @@
-@@ -1219,6 +1225,7 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+ op->status = RTE_CRYPTO_OP_STATUS_INVALID_SESSION;
+@@ -1362,6 +1368,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
@@ -92,2 +96,2 @@
- job->enc_keys = session->cipher.zuc_cipher_key;
- job->dec_keys = session->cipher.zuc_cipher_key;
+ job->aes_enc_key_expanded = session->cipher.zuc_cipher_key;
+ job->aes_dec_key_expanded = session->cipher.zuc_cipher_key;
@@ -98 +102 @@
-@@ -1276,9 +1283,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1418,9 +1425,6 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
@@ -101 +105 @@
- case IMB_AUTH_AES_CCM:
+ case AES_CCM:
@@ -108 +112 @@
-@@ -1288,19 +1292,11 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1430,19 +1434,11 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
@@ -110,2 +114,2 @@
- case IMB_AUTH_AES_GMAC:
- if (session->cipher.mode == IMB_CIPHER_GCM) {
+ case AES_GMAC:
+ if (session->cipher.mode == GCM) {
@@ -128,2 +132 @@
-@@ -1310,43 +1306,97 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
- break;
+@@ -1453,10 +1449,7 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
@@ -130,0 +134 @@
+ #if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
@@ -132,4 +136,2 @@
-- job->cipher_start_src_offset_in_bytes =
-- op->sym->aead.data.offset;
- job->hash_start_src_offset_in_bytes =
- op->sym->aead.data.offset;
+- job->cipher_start_src_offset_in_bytes = op->sym->aead.data.offset;
+ job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
@@ -141 +143 @@
- job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+@@ -1464,26 +1457,87 @@ set_mb_job_params(JOB_AES_HMAC *job, struct aesni_mb_qp *qp,
@@ -143,0 +146 @@
+ #endif
@@ -148,0 +152 @@
++#if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
@@ -151 +154,0 @@
-+ case IMB_AUTH_ZUC256_EIA3_BITLEN:
@@ -157,2 +160,3 @@
-+
-+ job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+
+ job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+- session, oop);
@@ -174,3 +178,2 @@
-
- job->hash_start_src_offset_in_bytes = auth_start_offset(op,
-- session, oop);
++
++ job->hash_start_src_offset_in_bytes = auth_start_offset(op,
@@ -184,0 +188 @@
++#endif
@@ -198,0 +203,5 @@
+ #if IMB_VERSION(0, 53, 3) <= IMB_VERSION_NUM
+- if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
+- job->msg_len_to_cipher_in_bytes >>= 3;
+- else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1)
+- job->msg_len_to_hash_in_bytes >>= 3;
@@ -214,2 +223,4 @@
-+ case IMB_CIPHER_CCM:
-+ case IMB_CIPHER_GCM:
++#endif
++ case CCM:
++ case GCM:
++#if IMB_VERSION(0, 54, 3) <= IMB_VERSION_NUM
@@ -216,0 +228 @@
+ #endif
@@ -226,6 +237,0 @@
-+
- if (job->cipher_mode == IMB_CIPHER_NULL && oop) {
- memcpy(job->dst + job->cipher_start_src_offset_in_bytes,
- job->src + job->cipher_start_src_offset_in_bytes,
- job->msg_len_to_cipher_in_bytes);
- }
@@ -233,5 +238,0 @@
-- if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
-- job->msg_len_to_cipher_in_bytes >>= 3;
-- else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1)
-- job->msg_len_to_hash_in_bytes >>= 3;
--
@@ -240 +240,0 @@
-
More information about the stable
mailing list