patch 'crypto/ipsec_mb: fix length and offset settings' has been queued to stable release 21.11.1

Kevin Traynor ktraynor at redhat.com
Tue Mar 1 11:41:51 CET 2022


Hi,

FYI, your patch has been queued to stable release 21.11.1

Note it hasn't been pushed to http://dpdk.org/browse/dpdk-stable yet.
It will be pushed if I get no objections before 03/06/22. So please
shout if anyone has objections.

Also note that after the patch there's a diff of the upstream commit vs the
patch applied to the branch. This will indicate if there was any rebasing
needed to apply to the stable branch. If there were code changes for rebasing
(ie: not only metadata diffs), please double check that the rebase was
correctly done.

Queued patches are on a temporary branch at:
https://github.com/kevintraynor/dpdk-stable

This queued commit can be viewed at:
https://github.com/kevintraynor/dpdk-stable/commit/daf06c45e8576d8a2a86455e33e2bc4574f8f8b4

Thanks.

Kevin

---
>From daf06c45e8576d8a2a86455e33e2bc4574f8f8b4 Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch at intel.com>
Date: Wed, 23 Feb 2022 16:01:16 +0000
Subject: [PATCH] crypto/ipsec_mb: fix length and offset settings

[ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ]

KASUMI, SNOW3G and ZUC require lengths and offsets to
be set in bits or bytes depending on the algorithm.
There were some algorithms that were mixing these two,
so this commit is fixing this issue.

Fixes: ae8e085c608d ("crypto/aesni_mb: support KASUMI F8/F9")
Fixes: 6c42e0cf4d12 ("crypto/aesni_mb: support SNOW3G-UEA2/UIA2")
Fixes: fd8df85487c4 ("crypto/aesni_mb: support ZUC-EEA3/EIA3")
Fixes: 8c835018de84 ("crypto/ipsec_mb: support ZUC-256 for aesni_mb")

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch at intel.com>
---
 drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 93 ++++++++++++++++----------
 1 file changed, 57 insertions(+), 36 deletions(-)

diff --git a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
index a308d42ffa..748382320b 100644
--- a/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
+++ b/drivers/crypto/ipsec_mb/pmd_aesni_mb.c
@@ -919,5 +919,7 @@ error_exit:
 static inline uint64_t
 auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
-		uint32_t oop)
+		uint32_t oop, const uint32_t auth_offset,
+		const uint32_t cipher_offset, const uint32_t auth_length,
+		const uint32_t cipher_length)
 {
 	struct rte_mbuf *m_src, *m_dst;
@@ -928,5 +930,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	/* Only cipher then hash needs special calculation. */
 	if (!oop || session->chain_order != IMB_ORDER_CIPHER_HASH)
-		return op->sym->auth.data.offset;
+		return auth_offset;
 
 	m_src = op->sym->m_src;
@@ -936,5 +938,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	p_dst = rte_pktmbuf_mtod(m_dst, uint8_t *);
 	u_src = (uintptr_t)p_src;
-	u_dst = (uintptr_t)p_dst + op->sym->auth.data.offset;
+	u_dst = (uintptr_t)p_dst + auth_offset;
 
 	/**
@@ -942,9 +944,9 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	 * correct digest.
 	 */
-	if (op->sym->cipher.data.offset > op->sym->auth.data.offset)
-		memcpy(p_dst + op->sym->auth.data.offset,
-				p_src + op->sym->auth.data.offset,
-				op->sym->cipher.data.offset -
-				op->sym->auth.data.offset);
+	if (cipher_offset > auth_offset)
+		memcpy(p_dst + auth_offset,
+				p_src + auth_offset,
+				cipher_offset -
+				auth_offset);
 
 	/**
@@ -952,6 +954,6 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
 	 * length) for generating correct digest
 	 */
-	cipher_end = op->sym->cipher.data.offset + op->sym->cipher.data.length;
-	auth_end = op->sym->auth.data.offset + op->sym->auth.data.length;
+	cipher_end = cipher_offset + cipher_length;
+	auth_end = auth_offset + auth_length;
 	if (cipher_end < auth_end)
 		memcpy(p_dst + cipher_end, p_src + cipher_end,
@@ -1100,4 +1102,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	struct aesni_mb_session *session;
 	uint32_t m_offset, oop;
+	uint32_t auth_off_in_bytes;
+	uint32_t ciph_off_in_bytes;
+	uint32_t auth_len_in_bytes;
+	uint32_t ciph_len_in_bytes;
 
 	session = ipsec_mb_get_session_private(qp, op);
@@ -1208,4 +1214,5 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 		job->enc_keys = session->cipher.zuc_cipher_key;
 		job->dec_keys = session->cipher.zuc_cipher_key;
+		m_offset >>= 3;
 	} else if (job->cipher_mode == IMB_CIPHER_SNOW3G_UEA2_BITLEN) {
 		job->enc_keys = &session->cipher.pKeySched_snow3g_cipher;
@@ -1265,7 +1272,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	switch (job->hash_alg) {
 	case IMB_AUTH_AES_CCM:
-		job->cipher_start_src_offset_in_bytes =
-				op->sym->aead.data.offset;
-		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
 		job->hash_start_src_offset_in_bytes = op->sym->aead.data.offset;
 		job->msg_len_to_hash_in_bytes = op->sym->aead.data.length;
@@ -1277,17 +1281,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	case IMB_AUTH_AES_GMAC:
 		if (session->cipher.mode == IMB_CIPHER_GCM) {
-			job->cipher_start_src_offset_in_bytes =
-					op->sym->aead.data.offset;
 			job->hash_start_src_offset_in_bytes =
 					op->sym->aead.data.offset;
-			job->msg_len_to_cipher_in_bytes =
-					op->sym->aead.data.length;
 			job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
 		} else {
-			job->cipher_start_src_offset_in_bytes =
-					op->sym->auth.data.offset;
-			job->hash_start_src_offset_in_bytes =
-					op->sym->auth.data.offset;
 			job->msg_len_to_cipher_in_bytes = 0;
 			job->msg_len_to_hash_in_bytes = 0;
@@ -1299,10 +1295,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 
 	case IMB_AUTH_CHACHA20_POLY1305:
-		job->cipher_start_src_offset_in_bytes =
-			op->sym->aead.data.offset;
 		job->hash_start_src_offset_in_bytes =
 			op->sym->aead.data.offset;
-		job->msg_len_to_cipher_in_bytes =
-				op->sym->aead.data.length;
 		job->msg_len_to_hash_in_bytes =
 					op->sym->aead.data.length;
@@ -1311,12 +1303,46 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 				session->iv.offset);
 		break;
+	/* ZUC and SNOW3G require length in bits and offset in bytes */
+	case IMB_AUTH_ZUC_EIA3_BITLEN:
+	case IMB_AUTH_ZUC256_EIA3_BITLEN:
+	case IMB_AUTH_SNOW3G_UIA2_BITLEN:
+		auth_off_in_bytes = op->sym->auth.data.offset >> 3;
+		ciph_off_in_bytes = op->sym->cipher.data.offset >> 3;
+		auth_len_in_bytes = op->sym->auth.data.length >> 3;
+		ciph_len_in_bytes = op->sym->cipher.data.length >> 3;
+
+		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+				session, oop, auth_off_in_bytes,
+				ciph_off_in_bytes, auth_len_in_bytes,
+				ciph_len_in_bytes);
+		job->msg_len_to_hash_in_bits = op->sym->auth.data.length;
+
+		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			session->iv.offset);
+		break;
+
+	/* KASUMI requires lengths and offset in bytes */
+	case IMB_AUTH_KASUMI_UIA1:
+		auth_off_in_bytes = op->sym->auth.data.offset >> 3;
+		ciph_off_in_bytes = op->sym->cipher.data.offset >> 3;
+		auth_len_in_bytes = op->sym->auth.data.length >> 3;
+		ciph_len_in_bytes = op->sym->cipher.data.length >> 3;
+
+		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
+				session, oop, auth_off_in_bytes,
+				ciph_off_in_bytes, auth_len_in_bytes,
+				ciph_len_in_bytes);
+		job->msg_len_to_hash_in_bytes = auth_len_in_bytes;
+
+		job->iv = rte_crypto_op_ctod_offset(op, uint8_t *,
+			session->iv.offset);
+		break;
+
 	default:
-		/* For SNOW3G, length and offsets are already in bits */
-		job->cipher_start_src_offset_in_bytes =
-				op->sym->cipher.data.offset;
-		job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
-
 		job->hash_start_src_offset_in_bytes = auth_start_offset(op,
-				session, oop);
+				session, oop, op->sym->auth.data.offset,
+				op->sym->cipher.data.offset,
+				op->sym->auth.data.length,
+				op->sym->cipher.data.length);
 		job->msg_len_to_hash_in_bytes = op->sym->auth.data.length;
 
@@ -1325,9 +1351,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
 	}
 
-	if (job->cipher_mode == IMB_CIPHER_ZUC_EEA3)
-		job->msg_len_to_cipher_in_bytes >>= 3;
-	else if (job->hash_alg == IMB_AUTH_KASUMI_UIA1)
-		job->msg_len_to_hash_in_bytes >>= 3;
-
 	/* Set user data to be crypto operation data struct */
 	job->user_data = op;
-- 
2.34.1

---
  Diff of the applied patch vs upstream commit (please double-check if non-empty:
---
--- -	2022-03-01 10:41:02.279858967 +0000
+++ 0035-crypto-ipsec_mb-fix-length-and-offset-settings.patch	2022-03-01 10:41:01.288244095 +0000
@@ -1 +1 @@
-From a501609ea6466ed8526c0dfadedee332a4d4a451 Mon Sep 17 00:00:00 2001
+From daf06c45e8576d8a2a86455e33e2bc4574f8f8b4 Mon Sep 17 00:00:00 2001
@@ -5,0 +6,2 @@
+[ upstream commit a501609ea6466ed8526c0dfadedee332a4d4a451 ]
+
@@ -15 +16,0 @@
-Cc: stable at dpdk.org
@@ -19,2 +20,2 @@
- drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 122 +++++++++++++++++--------
- 1 file changed, 86 insertions(+), 36 deletions(-)
+ drivers/crypto/ipsec_mb/pmd_aesni_mb.c | 93 ++++++++++++++++----------
+ 1 file changed, 57 insertions(+), 36 deletions(-)
@@ -23 +24 @@
-index 0111c6f540..c974886032 100644
+index a308d42ffa..748382320b 100644
@@ -26 +27 @@
-@@ -931,5 +931,7 @@ error_exit:
+@@ -919,5 +919,7 @@ error_exit:
@@ -35 +36 @@
-@@ -940,5 +942,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
+@@ -928,5 +930,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
@@ -42 +43 @@
-@@ -948,5 +950,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
+@@ -936,5 +938,5 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
@@ -49 +50 @@
-@@ -954,9 +956,9 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
+@@ -942,9 +944,9 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
@@ -64 +65 @@
-@@ -964,6 +966,6 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
+@@ -952,6 +954,6 @@ auth_start_offset(struct rte_crypto_op *op, struct aesni_mb_session *session,
@@ -73 +74 @@
-@@ -1112,4 +1114,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1100,4 +1102,8 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
@@ -82 +83 @@
-@@ -1220,4 +1226,5 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1208,4 +1214,5 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
@@ -88 +89 @@
-@@ -1277,7 +1284,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1265,7 +1272,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
@@ -96 +97 @@
-@@ -1289,17 +1293,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1277,17 +1281,9 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
@@ -114 +115 @@
-@@ -1311,10 +1307,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1299,10 +1295,6 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
@@ -125 +126 @@
-@@ -1323,12 +1315,46 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1311,12 +1303,46 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
@@ -178,35 +179 @@
-@@ -1337,4 +1363,33 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
- 	}
- 
-+	switch (job->cipher_mode) {
-+	/* ZUC requires length and offset in bytes */
-+	case IMB_CIPHER_ZUC_EEA3:
-+		job->cipher_start_src_offset_in_bytes =
-+					op->sym->cipher.data.offset >> 3;
-+		job->msg_len_to_cipher_in_bytes =
-+					op->sym->cipher.data.length >> 3;
-+		break;
-+	/* ZUC and SNOW3G require length and offset in bits */
-+	case IMB_CIPHER_SNOW3G_UEA2_BITLEN:
-+	case IMB_CIPHER_KASUMI_UEA1_BITLEN:
-+		job->cipher_start_src_offset_in_bits =
-+					op->sym->cipher.data.offset;
-+		job->msg_len_to_cipher_in_bits =
-+					op->sym->cipher.data.length;
-+		break;
-+	case IMB_CIPHER_CCM:
-+	case IMB_CIPHER_GCM:
-+	case IMB_CIPHER_CHACHA20_POLY1305:
-+		job->cipher_start_src_offset_in_bytes =
-+				op->sym->aead.data.offset;
-+		job->msg_len_to_cipher_in_bytes = op->sym->aead.data.length;
-+		break;
-+	default:
-+		job->cipher_start_src_offset_in_bytes =
-+					op->sym->cipher.data.offset;
-+		job->msg_len_to_cipher_in_bytes = op->sym->cipher.data.length;
-+	}
-+
- 	if (job->cipher_mode == IMB_CIPHER_NULL && oop) {
- 		memcpy(job->dst + job->cipher_start_src_offset_in_bytes,
-@@ -1343,9 +1398,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,
+@@ -1325,9 +1351,4 @@ set_mb_job_params(IMB_JOB *job, struct ipsec_mb_qp *qp,



More information about the stable mailing list