[PATCH 1/2] crypto/qat: fix null auth algo issue

[PATCH 1/2] crypto/qat: fix null auth algo issue

[Fiona Trahe]

If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0
in the xform and digest pointer is set in the op, then
the PMD may overwrite memory at the digest pointer.
With this patch the memory is not overwritten.

Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
 drivers/crypto/qat/qat_crypto.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index cff709a..fdc6d3b 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1338,7 +1338,9 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
 		}
 		min_ofs = auth_ofs;
 
-		auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
+		if (likely(ctx->qat_hash_alg != ICP_QAT_HW_AUTH_ALGO_NULL))
+			auth_param->auth_res_addr =
+					op->sym->auth.digest.phys_addr;
 
 	}
 
-- 
2.7.4

[PATCH 2/2] test: improve test validation in NULL AUTH case

[Fiona Trahe]

Add comparison to make sure memory pointed to by
digest pointer is not overwritten in NULL auth case.

Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
 test/test/test_cryptodev.c | 62 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 60 insertions(+), 2 deletions(-)

diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c
index 0f2a045..1417482 100644
--- a/test/test/test_cryptodev.c
+++ b/test/test/test_cryptodev.c
@@ -6583,17 +6583,29 @@ test_null_cipher_only_operation(void)
 
 	return TEST_SUCCESS;
 }
-
+uint8_t orig_data[] = {0xab, 0xab, 0xab, 0xab,
+			0xab, 0xab, 0xab, 0xab,
+			0xab, 0xab, 0xab, 0xab,
+			0xab, 0xab, 0xab, 0xab};
 static int
 test_null_auth_only_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
+	uint8_t *digest;
 
 	/* Generate test mbuf data and space for digest */
 	ut_params->ibuf = setup_test_string(ts_params->mbuf_pool,
 			catch_22_quote, QUOTE_512_BYTES, 0);
 
+	/* create a pointer for digest, but don't expect anything to be written
+	 * here in a NULL auth algo so no mbuf append done.
+	 */
+	digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *,
+			QUOTE_512_BYTES);
+	/* prefill the memory pointed to by digest */
+	memcpy(digest, orig_data, sizeof(orig_data));
+
 	/* Setup HMAC Parameters */
 	ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH;
 	ut_params->auth_xform.next = NULL;
@@ -6625,6 +6637,9 @@ test_null_auth_only_operation(void)
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
+	sym_op->auth.digest.data = digest;
+	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf,
+			QUOTE_512_BYTES);
 
 	/* Process crypto operation */
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
@@ -6633,20 +6648,36 @@ test_null_auth_only_operation(void)
 
 	TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS,
 			"crypto operation processing failed");
+	/* Make sure memory pointed to by digest hasn't been overwritten */
+	TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			orig_data,
+			digest,
+			sizeof(orig_data),
+			"Memory at digest ptr overwritten unexpectedly");
 
 	return TEST_SUCCESS;
 }
 
+
 static int
 test_null_cipher_auth_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
+	uint8_t *digest;
 
 	/* Generate test mbuf data and space for digest */
 	ut_params->ibuf = setup_test_string(ts_params->mbuf_pool,
 			catch_22_quote, QUOTE_512_BYTES, 0);
 
+	/* create a pointer for digest, but don't expect anything to be written
+	 * here in a NULL auth algo so no mbuf append done.
+	 */
+	digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *,
+			QUOTE_512_BYTES);
+	/* prefill the memory pointed to by digest */
+	memcpy(digest, orig_data, sizeof(orig_data));
+
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	ut_params->cipher_xform.next = &ut_params->auth_xform;
@@ -6688,6 +6719,9 @@ test_null_cipher_auth_operation(void)
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
+	sym_op->auth.digest.data = digest;
+	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf,
+			QUOTE_512_BYTES);
 
 	/* Process crypto operation */
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
@@ -6703,6 +6737,12 @@ test_null_cipher_auth_operation(void)
 			catch_22_quote,
 			QUOTE_512_BYTES,
 			"Ciphertext data not as expected");
+	/* Make sure memory pointed to by digest hasn't been overwritten */
+	TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			orig_data,
+			digest,
+			sizeof(orig_data),
+			"Memory at digest ptr overwritten unexpectedly");
 
 	return TEST_SUCCESS;
 }
@@ -6712,11 +6752,20 @@ test_null_auth_cipher_operation(void)
 {
 	struct crypto_testsuite_params *ts_params = &testsuite_params;
 	struct crypto_unittest_params *ut_params = &unittest_params;
+	uint8_t *digest;
 
-	/* Generate test mbuf data and space for digest */
+	/* Generate test mbuf data */
 	ut_params->ibuf = setup_test_string(ts_params->mbuf_pool,
 			catch_22_quote, QUOTE_512_BYTES, 0);
 
+	/* create a pointer for digest, but don't expect anything to be written
+	 * here in a NULL auth algo so no mbuf append done.
+	 */
+	digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *,
+				QUOTE_512_BYTES);
+	/* prefill the memory pointed to by digest */
+	memcpy(digest, orig_data, sizeof(orig_data));
+
 	/* Setup Cipher Parameters */
 	ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER;
 	ut_params->cipher_xform.next = NULL;
@@ -6758,6 +6807,9 @@ test_null_auth_cipher_operation(void)
 
 	sym_op->auth.data.offset = 0;
 	sym_op->auth.data.length = QUOTE_512_BYTES;
+	sym_op->auth.digest.data = digest;
+	sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf,
+					QUOTE_512_BYTES);
 
 	/* Process crypto operation */
 	ut_params->op = process_crypto_request(ts_params->valid_devs[0],
@@ -6773,6 +6825,12 @@ test_null_auth_cipher_operation(void)
 			catch_22_quote,
 			QUOTE_512_BYTES,
 			"Ciphertext data not as expected");
+	/* Make sure memory pointed to by digest hasn't been overwritten */
+	TEST_ASSERT_BUFFERS_ARE_EQUAL(
+			orig_data,
+			digest,
+			sizeof(orig_data),
+			"Memory at digest ptr overwritten unexpectedly");
 
 	return TEST_SUCCESS;
 }
-- 
2.7.4

Re: [PATCH 1/2] crypto/qat: fix null auth algo issue

[Nicolau, Radu]

> -----Original Message-----
> From: Trahe, Fiona
> Sent: Thursday, January 25, 2018 5:19 PM
> To: dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [PATCH 1/2] crypto/qat: fix null auth algo issue
> 
> If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0 in the
> xform and digest pointer is set in the op, then the PMD may overwrite
> memory at the digest pointer.
> With this patch the memory is not overwritten.
> 
> Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
> 
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> ---

Tested and 
Acked-by: Radu Nicolau <radu.nicolau@intel.com>

Re: [PATCH 2/2] test: improve test validation in NULL AUTH case

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Trahe, Fiona
> Sent: Thursday, January 25, 2018 5:19 PM
> To: dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [PATCH 2/2] test: improve test validation in NULL AUTH case
> 
> Add comparison to make sure memory pointed to by digest pointer is not
> overwritten in NULL auth case.
> 
> Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>

Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Re: [PATCH 1/2] crypto/qat: fix null auth algo issue

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: Nicolau, Radu
> Sent: Thursday, January 25, 2018 5:37 PM
> To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: RE: [PATCH 1/2] crypto/qat: fix null auth algo issue
> 
> 
> > -----Original Message-----
> > From: Trahe, Fiona
> > Sent: Thursday, January 25, 2018 5:19 PM
> > To: dev@dpdk.org
> > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: [PATCH 1/2] crypto/qat: fix null auth algo issue
> >
> > If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0 in
> > the xform and digest pointer is set in the op, then the PMD may
> > overwrite memory at the digest pointer.
> > With this patch the memory is not overwritten.
> >
> > Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
> >
> > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> > ---
> 
> Tested and
> Acked-by: Radu Nicolau <radu.nicolau@intel.com>

Applied to dpdk-next-crypto.
Thanks,

Pablo

Re: [dpdk-stable] [PATCH 2/2] test: improve test validation in NULL AUTH case

[De Lara Guarch, Pablo]

> -----Original Message-----
> From: stable [mailto:stable-bounces@dpdk.org] On Behalf Of De Lara
> Guarch, Pablo
> Sent: Monday, January 29, 2018 11:53 AM
> To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org
> Cc: Nicolau, Radu <radu.nicolau@intel.com>; stable@dpdk.org
> Subject: Re: [dpdk-stable] [PATCH 2/2] test: improve test validation in NULL
> AUTH case
> 
> 
> 
> > -----Original Message-----
> > From: Trahe, Fiona
> > Sent: Thursday, January 25, 2018 5:19 PM
> > To: dev@dpdk.org
> > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo
> > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: [PATCH 2/2] test: improve test validation in NULL AUTH case
> >
> > Add comparison to make sure memory pointed to by digest pointer is not
> > overwritten in NULL auth case.
> >
> > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
> 
> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>

Applied to dpdk-next-crypto.
Thanks,

Pablo