All of lore.kernel.org
 help / color / mirror / Atom feed
From: Konstantin Ananyev <konstantin.ananyev@intel.com>
To: dev@dpdk.org
Cc: akhil.goyal@nxp.com, olivier.matz@6wind.com,
	Konstantin Ananyev <konstantin.ananyev@intel.com>
Subject: [PATCH v3 6/8] ipsec: reorder packet check for esp inbound
Date: Tue, 26 Mar 2019 15:43:18 +0000	[thread overview]
Message-ID: <20190326154320.29913-7-konstantin.ananyev@intel.com> (raw)
In-Reply-To: <20190326154320.29913-1-konstantin.ananyev@intel.com>

Right now check for packet length and padding is done inside cop_prepare().
It makes sense to have all necessary checks in one place at early stage:
inside pkt_prepare().
That allows to simplify (and later hopefully) optimize cop_prepare() part.

Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
---
 lib/librte_ipsec/esp_inb.c | 41 +++++++++++++++++---------------------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/lib/librte_ipsec/esp_inb.c b/lib/librte_ipsec/esp_inb.c
index 2a2b1be82..ea95e21e1 100644
--- a/lib/librte_ipsec/esp_inb.c
+++ b/lib/librte_ipsec/esp_inb.c
@@ -18,7 +18,7 @@
 /*
  * setup crypto op and crypto sym op for ESP inbound tunnel packet.
  */
-static inline int32_t
+static inline void
 inb_cop_prepare(struct rte_crypto_op *cop,
 	const struct rte_ipsec_sa *sa, struct rte_mbuf *mb,
 	const union sym_op_data *icv, uint32_t pofs, uint32_t plen)
@@ -27,11 +27,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 	struct aead_gcm_iv *gcm;
 	struct aesctr_cnt_blk *ctr;
 	uint64_t *ivc, *ivp;
-	uint32_t algo, clen;
-
-	clen = plen - sa->ctp.cipher.length;
-	if ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)
-		return -EINVAL;
+	uint32_t algo;
 
 	algo = sa->algo_type;
 
@@ -41,7 +37,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 	switch (algo) {
 	case ALGO_TYPE_AES_GCM:
 		sop->aead.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->aead.data.length = clen;
+		sop->aead.data.length = plen - sa->ctp.cipher.length;
 		sop->aead.digest.data = icv->va;
 		sop->aead.digest.phys_addr = icv->pa;
 		sop->aead.aad.data = icv->va + sa->icv_len;
@@ -57,7 +53,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 	case ALGO_TYPE_AES_CBC:
 	case ALGO_TYPE_3DES_CBC:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->cipher.data.length = clen;
+		sop->cipher.data.length = plen - sa->ctp.cipher.length;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
 		sop->auth.data.length = plen - sa->ctp.auth.length;
 		sop->auth.digest.data = icv->va;
@@ -71,7 +67,7 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 		break;
 	case ALGO_TYPE_AES_CTR:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->cipher.data.length = clen;
+		sop->cipher.data.length = plen - sa->ctp.cipher.length;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
 		sop->auth.data.length = plen - sa->ctp.auth.length;
 		sop->auth.digest.data = icv->va;
@@ -86,17 +82,13 @@ inb_cop_prepare(struct rte_crypto_op *cop,
 		break;
 	case ALGO_TYPE_NULL:
 		sop->cipher.data.offset = pofs + sa->ctp.cipher.offset;
-		sop->cipher.data.length = clen;
+		sop->cipher.data.length = plen - sa->ctp.cipher.length;
 		sop->auth.data.offset = pofs + sa->ctp.auth.offset;
 		sop->auth.data.length = plen - sa->ctp.auth.length;
 		sop->auth.digest.data = icv->va;
 		sop->auth.digest.phys_addr = icv->pa;
 		break;
-	default:
-		return -EINVAL;
 	}
-
-	return 0;
 }
 
 /*
@@ -132,7 +124,7 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,
 {
 	int32_t rc;
 	uint64_t sqn;
-	uint32_t icv_ofs, plen;
+	uint32_t clen, icv_ofs, plen;
 	struct rte_mbuf *ml;
 	struct esp_hdr *esph;
 
@@ -159,6 +151,11 @@ inb_pkt_prepare(const struct rte_ipsec_sa *sa, const struct replay_sqn *rsn,
 	ml = rte_pktmbuf_lastseg(mb);
 	icv_ofs = ml->data_len - sa->icv_len + sa->sqh_len;
 
+	/* check that packet has a valid length */
+	clen = plen - sa->ctp.cipher.length;
+	if ((int32_t)clen < 0 || (clen & (sa->pad_align - 1)) != 0)
+		return -EBADMSG;
+
 	/* we have to allocate space for AAD somewhere,
 	 * right now - just use free trailing space at the last segment.
 	 * Would probably be more convenient to reserve space for AAD
@@ -201,21 +198,19 @@ esp_inb_pkt_prepare(const struct rte_ipsec_session *ss, struct rte_mbuf *mb[],
 		rc = inb_pkt_prepare(sa, rsn, mb[i], hl, &icv);
 		if (rc >= 0) {
 			lksd_none_cop_prepare(cop[k], cs, mb[i]);
-			rc = inb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);
-		}
-
-		k += (rc == 0);
-		if (rc != 0) {
+			inb_cop_prepare(cop[k], sa, mb[i], &icv, hl, rc);
+			k++;
+		} else
 			dr[i - k] = i;
-			rte_errno = -rc;
-		}
 	}
 
 	rsn_release(sa, rsn);
 
 	/* copy not prepared mbufs beyond good ones */
-	if (k != num && k != 0)
+	if (k != num && k != 0) {
 		mbuf_bad_move(mb, dr, num, num - k);
+		rte_errno = EBADMSG;
+	}
 
 	return k;
 }
-- 
2.17.1

  parent reply	other threads:[~2019-03-26 15:44 UTC|newest]

Thread overview: 85+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-02-28 19:20 [PATCH 0/6] Few small improvements for ipsec library Konstantin Ananyev
2019-02-28 19:20 ` [PATCH 1/6] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-02-28 19:20 ` [PATCH 2/6] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-02-28 19:20 ` [PATCH 3/6] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-02-28 19:20 ` [PATCH 4/6] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-02-28 19:21 ` [PATCH 5/6] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-02-28 19:21 ` [PATCH 6/6] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 0/7] Few small improvements for ipsec library Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 1/7] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-20 17:53   ` Wiles, Keith
2019-03-22 17:37     ` Ananyev, Konstantin
2019-03-20 17:24 ` [PATCH v2 2/7] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 3/7] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 4/7] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 5/7] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 6/7] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-20 17:24 ` [PATCH v2 7/7] ipsec: reorder packet process " Konstantin Ananyev
2019-03-20 18:46 ` [PATCH v2 0/7] Few small improvements for ipsec library Konstantin Ananyev
2019-03-20 18:46   ` [PATCH v2 1/7] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-21  3:33     ` Jerin Jacob Kollanukkaran
2019-03-21  6:04     ` Shahaf Shuler
2019-03-21 13:51       ` Ananyev, Konstantin
2019-03-24  8:00         ` Shahaf Shuler
2019-03-26 15:43     ` [PATCH v3 0/8] Few small improvements for ipsec library Konstantin Ananyev
2019-03-26 15:43       ` [PATCH v3 1/8] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-28  8:16         ` Akhil Goyal
2019-03-26 15:43       ` [PATCH v3 2/8] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-28  8:52         ` Akhil Goyal
2019-03-26 15:43       ` [PATCH v3 3/8] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-28  9:02         ` Akhil Goyal
2019-03-26 15:43       ` [PATCH v3 4/8] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-28 10:52         ` Akhil Goyal
2019-03-26 15:43       ` [PATCH v3 5/8] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-28 11:20         ` Akhil Goyal
2019-03-26 15:43       ` Konstantin Ananyev [this message]
2019-03-28 11:27         ` [PATCH v3 6/8] ipsec: reorder packet check for esp inbound Akhil Goyal
2019-03-26 15:43       ` [PATCH v3 7/8] ipsec: reorder packet process " Konstantin Ananyev
2019-03-26 15:43       ` [PATCH v3 8/8] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-03-28 11:35         ` Akhil Goyal
2019-03-28 11:21       ` [PATCH v3 0/8] Few small improvements for ipsec library Akhil Goyal
2019-03-28 11:49         ` Ananyev, Konstantin
2019-03-29 10:27       ` [PATCH v4 0/9] " Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 1/9] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-03-29 12:54           ` Olivier Matz
2019-03-30 14:20             ` Ananyev, Konstantin
2019-03-29 10:27         ` [PATCH v4 2/9] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 3/9] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 4/9] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 5/9] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 6/9] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 7/9] ipsec: reorder packet process " Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 8/9] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-03-29 10:27         ` [PATCH v4 9/9] doc: add ipsec lib into shared libraries list Konstantin Ananyev
2019-03-29 16:03           ` Akhil Goyal
2019-04-01 12:56         ` [PATCH v5 0/9] Few small improvements for ipsec library Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 1/9] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-04-01 13:18             ` Akhil Goyal
2019-04-01 13:22             ` Olivier Matz
2019-04-01 13:55               ` Ananyev, Konstantin
2019-04-01 12:56           ` [PATCH v5 2/9] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 3/9] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 4/9] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 5/9] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 6/9] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 7/9] ipsec: reorder packet process " Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 8/9] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-04-01 12:56           ` [PATCH v5 9/9] doc: add ipsec lib into shared libraries list Konstantin Ananyev
2019-04-02  8:34           ` [PATCH v6 0/9] Few small improvements for ipsec library Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 1/9] mbuf: new function to generate raw Tx offload value Konstantin Ananyev
2019-04-02  8:49               ` Olivier Matz
2019-04-02  8:34             ` [PATCH v6 2/9] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 3/9] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 4/9] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 5/9] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 6/9] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 7/9] ipsec: reorder packet process " Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 8/9] ipsec: de-duplicate crypto op prepare code-path Konstantin Ananyev
2019-04-02  8:34             ` [PATCH v6 9/9] doc: add ipsec lib into shared libraries list Konstantin Ananyev
2019-04-02 15:36             ` [PATCH v6 0/9] Few small improvements for ipsec library Akhil Goyal
2019-03-20 18:46   ` [PATCH v2 2/7] ipsec: add Tx offload template into SA Konstantin Ananyev
2019-03-20 18:46   ` [PATCH v2 3/7] ipsec: change the order in filling crypto op Konstantin Ananyev
2019-03-20 18:46   ` [PATCH v2 4/7] ipsec: change the way unprocessed mbufs are accounted Konstantin Ananyev
2019-03-20 18:46   ` [PATCH v2 5/7] ipsec: move inbound and outbound code into different files Konstantin Ananyev
2019-03-20 18:46   ` [PATCH v2 6/7] ipsec: reorder packet check for esp inbound Konstantin Ananyev
2019-03-20 18:46   ` [PATCH v2 7/7] ipsec: reorder packet process " Konstantin Ananyev

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190326154320.29913-7-konstantin.ananyev@intel.com \
    --to=konstantin.ananyev@intel.com \
    --cc=akhil.goyal@nxp.com \
    --cc=dev@dpdk.org \
    --cc=olivier.matz@6wind.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.