diff mbox

[dpdk-dev,v2] app/crypto-perf: fix for segfault when bad optype is used with gcm alghorithms

Message ID 1487244439-156256-1-git-send-email-danielx.t.mrzyglod@intel.com (mailing list archive)
State Superseded, archived
Delegated to: Pablo de Lara Guarch
Headers

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/Intel-compilation success Compilation OK

Commit Message

Daniel Mrzyglod Feb. 16, 2017, 11:27 a.m. UTC 
  When somebody use bad --optype with aead alghorithms
segmentation fault could happen.

Fixes: f8be1786b1b8 ("app/crypto-perf: introduce performance test application")

Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>
---
Changes for v2:
  - fix checkpatch error related with whitespace
  - fix spelling error

How to reproduce:
 AESNI_GCM:
./build/app/dpdk-test-crypto-perf -c 0xc0 --vdev crypto_aesni_gcm_pmd
-w 0000:5e:00.0 -w 0000:3d:01.0 -- --ptest throughput
--devtype crypto_aesni_gcm --optype cipher-then-auth  --cipher-algo aes-gcm
--cipher-op encrypt --cipher-key-sz 16 --cipher-iv-sz 12 --auth-algo aes-gcm
--auth-op generate --auth-key-sz 16 --auth-aad-sz 4 --auth-digest-sz 8
--total-ops 10000000 --burst-sz 32 --buffer-sz 1024

---
 app/test-crypto-perf/cperf_options_parsing.c | 9 +++++++++
 app/test-crypto-perf/main.c                  | 6 ++++--
 doc/guides/tools/cryptoperf.rst              | 2 ++
 3 files changed, 15 insertions(+), 2 deletions(-)

--
2.7.4

Comments

De Lara Guarch, Pablo March 6, 2017, 1:26 p.m. UTC | #1 
Hi Daniel,

> -----Original Message-----
> From: Mrzyglod, DanielX T
> Sent: Thursday, February 16, 2017 11:27 AM
> To: Mrozowicz, SlawomirX; Doherty, Declan; De Lara Guarch, Pablo
> Cc: dev@dpdk.org; Mrzyglod, DanielX T
> Subject: [PATCH v2] app/crypto-perf: fix for segfault when bad optype is
> used with gcm alghorithms

Typo in the title. Also, title is too long. Maybe something like "avoid wrong optype for AEAD algorithms" is better.

> 
> When somebody use bad --optype with aead alghorithms
> segmentation fault could happen.
> 
> Fixes: f8be1786b1b8 ("app/crypto-perf: introduce performance test
> application")
> 
> Signed-off-by: Daniel Mrzyglod <danielx.t.mrzyglod@intel.com>

...

> ---
>  app/test-crypto-perf/cperf_options_parsing.c | 9 +++++++++
>  app/test-crypto-perf/main.c                  | 6 ++++--
>  doc/guides/tools/cryptoperf.rst              | 2 ++
>  3 files changed, 15 insertions(+), 2 deletions(-)
> 
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index c1d5ffc..215a07b 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -829,6 +829,15 @@ cperf_options_check(struct cperf_options
> *options)
>  		}
>  	}
> 
> +	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
> +			options->auth_algo ==
> RTE_CRYPTO_AUTH_AES_GCM ||
> +			options->auth_algo ==
> RTE_CRYPTO_AUTH_AES_GMAC) {

I would expend this to AES_CCM as well, as it is another AEAD algorithm.

> +		if (options->op_type != CPERF_AEAD) {
> +			RTE_LOG(ERR, USER1, "Use --optype aead\n");
> +			return -EINVAL;
> +		}
> +	}
> +
>  	return 0;
>  }
> 

...

> diff --git a/doc/guides/tools/cryptoperf.rst
> b/doc/guides/tools/cryptoperf.rst
> index 1fc40c4..9cb3338 100644
> --- a/doc/guides/tools/cryptoperf.rst
> +++ b/doc/guides/tools/cryptoperf.rst
> @@ -180,6 +180,8 @@ The following are the appication command-line
> options:
>             auth-then-cipher
>             aead
> 
> +        For GCM algorithms you should use aead flag.

Include CCM here too.

> +
>  * ``--sessionless``
> 
>          Enable session-less crypto operations mode.
> --
> 2.7.4
diff mbox

Patch

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index c1d5ffc..215a07b 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -829,6 +829,15 @@  cperf_options_check(struct cperf_options *options)
 		}
 	}

+	if (options->cipher_algo == RTE_CRYPTO_CIPHER_AES_GCM ||
+			options->auth_algo == RTE_CRYPTO_AUTH_AES_GCM ||
+			options->auth_algo == RTE_CRYPTO_AUTH_AES_GMAC) {
+		if (options->op_type != CPERF_AEAD) {
+			RTE_LOG(ERR, USER1, "Use --optype aead\n");
+			return -EINVAL;
+		}
+	}
+
 	return 0;
 }

diff --git a/app/test-crypto-perf/main.c b/app/test-crypto-perf/main.c
index c1eaaff..fb3f72e 100644
--- a/app/test-crypto-perf/main.c
+++ b/app/test-crypto-perf/main.c
@@ -118,7 +118,8 @@  cperf_verify_devices_capabilities(struct cperf_options *opts,

 		if (opts->op_type == CPERF_AUTH_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER)  {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
+				opts->op_type == CPERF_AEAD)  {

 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 			cap_idx.algo.auth = opts->auth_algo;
@@ -139,7 +140,8 @@  cperf_verify_devices_capabilities(struct cperf_options *opts,

 		if (opts->op_type == CPERF_CIPHER_ONLY ||
 				opts->op_type == CPERF_CIPHER_THEN_AUTH ||
-				opts->op_type == CPERF_AUTH_THEN_CIPHER) {
+				opts->op_type == CPERF_AUTH_THEN_CIPHER ||
+				opts->op_type == CPERF_AEAD) {

 			cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 			cap_idx.algo.cipher = opts->cipher_algo;
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index 1fc40c4..9cb3338 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -180,6 +180,8 @@  The following are the appication command-line options:
            auth-then-cipher
            aead

+        For GCM algorithms you should use aead flag.
+
 * ``--sessionless``

         Enable session-less crypto operations mode.