* [PATCH 1/2] crypto/qat: fix null auth algo issue
@ 2018-01-25 17:19 Fiona Trahe
2018-01-25 17:19 ` [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe
2018-01-25 17:36 ` [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu
0 siblings, 2 replies; 6+ messages in thread
From: Fiona Trahe @ 2018-01-25 17:19 UTC (permalink / raw)
To: dev; +Cc: radu.nicolau, pablo.de.lara.guarch, fiona.trahe
If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0
in the xform and digest pointer is set in the op, then
the PMD may overwrite memory at the digest pointer.
With this patch the memory is not overwritten.
Fixes: db0e952a5c01 ("crypto/qat: add NULL capability")
Signed-off-by: Fiona Trahe <fiona.trahe@intel.com>
---
drivers/crypto/qat/qat_crypto.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/crypto/qat/qat_crypto.c b/drivers/crypto/qat/qat_crypto.c
index cff709a..fdc6d3b 100644
--- a/drivers/crypto/qat/qat_crypto.c
+++ b/drivers/crypto/qat/qat_crypto.c
@@ -1338,7 +1338,9 @@ qat_write_hw_desc_entry(struct rte_crypto_op *op, uint8_t *out_msg,
}
min_ofs = auth_ofs;
- auth_param->auth_res_addr = op->sym->auth.digest.phys_addr;
+ if (likely(ctx->qat_hash_alg != ICP_QAT_HW_AUTH_ALGO_NULL))
+ auth_param->auth_res_addr =
+ op->sym->auth.digest.phys_addr;
}
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread* [PATCH 2/2] test: improve test validation in NULL AUTH case 2018-01-25 17:19 [PATCH 1/2] crypto/qat: fix null auth algo issue Fiona Trahe @ 2018-01-25 17:19 ` Fiona Trahe 2018-01-29 11:52 ` De Lara Guarch, Pablo 2018-01-25 17:36 ` [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu 1 sibling, 1 reply; 6+ messages in thread From: Fiona Trahe @ 2018-01-25 17:19 UTC (permalink / raw) To: dev; +Cc: radu.nicolau, pablo.de.lara.guarch, fiona.trahe Add comparison to make sure memory pointed to by digest pointer is not overwritten in NULL auth case. Signed-off-by: Fiona Trahe <fiona.trahe@intel.com> --- test/test/test_cryptodev.c | 62 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 60 insertions(+), 2 deletions(-) diff --git a/test/test/test_cryptodev.c b/test/test/test_cryptodev.c index 0f2a045..1417482 100644 --- a/test/test/test_cryptodev.c +++ b/test/test/test_cryptodev.c @@ -6583,17 +6583,29 @@ test_null_cipher_only_operation(void) return TEST_SUCCESS; } - +uint8_t orig_data[] = {0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab, + 0xab, 0xab, 0xab, 0xab}; static int test_null_auth_only_operation(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *digest; /* Generate test mbuf data and space for digest */ ut_params->ibuf = setup_test_string(ts_params->mbuf_pool, catch_22_quote, QUOTE_512_BYTES, 0); + /* create a pointer for digest, but don't expect anything to be written + * here in a NULL auth algo so no mbuf append done. + */ + digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *, + QUOTE_512_BYTES); + /* prefill the memory pointed to by digest */ + memcpy(digest, orig_data, sizeof(orig_data)); + /* Setup HMAC Parameters */ ut_params->auth_xform.type = RTE_CRYPTO_SYM_XFORM_AUTH; ut_params->auth_xform.next = NULL; @@ -6625,6 +6637,9 @@ test_null_auth_only_operation(void) sym_op->auth.data.offset = 0; sym_op->auth.data.length = QUOTE_512_BYTES; + sym_op->auth.digest.data = digest; + sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf, + QUOTE_512_BYTES); /* Process crypto operation */ ut_params->op = process_crypto_request(ts_params->valid_devs[0], @@ -6633,20 +6648,36 @@ test_null_auth_only_operation(void) TEST_ASSERT_EQUAL(ut_params->op->status, RTE_CRYPTO_OP_STATUS_SUCCESS, "crypto operation processing failed"); + /* Make sure memory pointed to by digest hasn't been overwritten */ + TEST_ASSERT_BUFFERS_ARE_EQUAL( + orig_data, + digest, + sizeof(orig_data), + "Memory at digest ptr overwritten unexpectedly"); return TEST_SUCCESS; } + static int test_null_cipher_auth_operation(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *digest; /* Generate test mbuf data and space for digest */ ut_params->ibuf = setup_test_string(ts_params->mbuf_pool, catch_22_quote, QUOTE_512_BYTES, 0); + /* create a pointer for digest, but don't expect anything to be written + * here in a NULL auth algo so no mbuf append done. + */ + digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *, + QUOTE_512_BYTES); + /* prefill the memory pointed to by digest */ + memcpy(digest, orig_data, sizeof(orig_data)); + /* Setup Cipher Parameters */ ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; ut_params->cipher_xform.next = &ut_params->auth_xform; @@ -6688,6 +6719,9 @@ test_null_cipher_auth_operation(void) sym_op->auth.data.offset = 0; sym_op->auth.data.length = QUOTE_512_BYTES; + sym_op->auth.digest.data = digest; + sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf, + QUOTE_512_BYTES); /* Process crypto operation */ ut_params->op = process_crypto_request(ts_params->valid_devs[0], @@ -6703,6 +6737,12 @@ test_null_cipher_auth_operation(void) catch_22_quote, QUOTE_512_BYTES, "Ciphertext data not as expected"); + /* Make sure memory pointed to by digest hasn't been overwritten */ + TEST_ASSERT_BUFFERS_ARE_EQUAL( + orig_data, + digest, + sizeof(orig_data), + "Memory at digest ptr overwritten unexpectedly"); return TEST_SUCCESS; } @@ -6712,11 +6752,20 @@ test_null_auth_cipher_operation(void) { struct crypto_testsuite_params *ts_params = &testsuite_params; struct crypto_unittest_params *ut_params = &unittest_params; + uint8_t *digest; - /* Generate test mbuf data and space for digest */ + /* Generate test mbuf data */ ut_params->ibuf = setup_test_string(ts_params->mbuf_pool, catch_22_quote, QUOTE_512_BYTES, 0); + /* create a pointer for digest, but don't expect anything to be written + * here in a NULL auth algo so no mbuf append done. + */ + digest = rte_pktmbuf_mtod_offset(ut_params->ibuf, uint8_t *, + QUOTE_512_BYTES); + /* prefill the memory pointed to by digest */ + memcpy(digest, orig_data, sizeof(orig_data)); + /* Setup Cipher Parameters */ ut_params->cipher_xform.type = RTE_CRYPTO_SYM_XFORM_CIPHER; ut_params->cipher_xform.next = NULL; @@ -6758,6 +6807,9 @@ test_null_auth_cipher_operation(void) sym_op->auth.data.offset = 0; sym_op->auth.data.length = QUOTE_512_BYTES; + sym_op->auth.digest.data = digest; + sym_op->auth.digest.phys_addr = rte_pktmbuf_iova_offset(ut_params->ibuf, + QUOTE_512_BYTES); /* Process crypto operation */ ut_params->op = process_crypto_request(ts_params->valid_devs[0], @@ -6773,6 +6825,12 @@ test_null_auth_cipher_operation(void) catch_22_quote, QUOTE_512_BYTES, "Ciphertext data not as expected"); + /* Make sure memory pointed to by digest hasn't been overwritten */ + TEST_ASSERT_BUFFERS_ARE_EQUAL( + orig_data, + digest, + sizeof(orig_data), + "Memory at digest ptr overwritten unexpectedly"); return TEST_SUCCESS; } -- 2.7.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] test: improve test validation in NULL AUTH case 2018-01-25 17:19 ` [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe @ 2018-01-29 11:52 ` De Lara Guarch, Pablo 2018-01-29 15:58 ` [dpdk-stable] " De Lara Guarch, Pablo 0 siblings, 1 reply; 6+ messages in thread From: De Lara Guarch, Pablo @ 2018-01-29 11:52 UTC (permalink / raw) To: Trahe, Fiona, dev; +Cc: Nicolau, Radu, stable > -----Original Message----- > From: Trahe, Fiona > Sent: Thursday, January 25, 2018 5:19 PM > To: dev@dpdk.org > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com> > Subject: [PATCH 2/2] test: improve test validation in NULL AUTH case > > Add comparison to make sure memory pointed to by digest pointer is not > overwritten in NULL auth case. > > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com> Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [dpdk-stable] [PATCH 2/2] test: improve test validation in NULL AUTH case 2018-01-29 11:52 ` De Lara Guarch, Pablo @ 2018-01-29 15:58 ` De Lara Guarch, Pablo 0 siblings, 0 replies; 6+ messages in thread From: De Lara Guarch, Pablo @ 2018-01-29 15:58 UTC (permalink / raw) To: De Lara Guarch, Pablo, Trahe, Fiona, dev; +Cc: Nicolau, Radu, stable > -----Original Message----- > From: stable [mailto:stable-bounces@dpdk.org] On Behalf Of De Lara > Guarch, Pablo > Sent: Monday, January 29, 2018 11:53 AM > To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org > Cc: Nicolau, Radu <radu.nicolau@intel.com>; stable@dpdk.org > Subject: Re: [dpdk-stable] [PATCH 2/2] test: improve test validation in NULL > AUTH case > > > > > -----Original Message----- > > From: Trahe, Fiona > > Sent: Thursday, January 25, 2018 5:19 PM > > To: dev@dpdk.org > > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo > > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com> > > Subject: [PATCH 2/2] test: improve test validation in NULL AUTH case > > > > Add comparison to make sure memory pointed to by digest pointer is not > > overwritten in NULL auth case. > > > > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com> > > Acked-by: Pablo de Lara <pablo.de.lara.guarch@intel.com> Applied to dpdk-next-crypto. Thanks, Pablo ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] crypto/qat: fix null auth algo issue 2018-01-25 17:19 [PATCH 1/2] crypto/qat: fix null auth algo issue Fiona Trahe 2018-01-25 17:19 ` [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe @ 2018-01-25 17:36 ` Nicolau, Radu 2018-01-29 15:58 ` De Lara Guarch, Pablo 1 sibling, 1 reply; 6+ messages in thread From: Nicolau, Radu @ 2018-01-25 17:36 UTC (permalink / raw) To: Trahe, Fiona, dev; +Cc: De Lara Guarch, Pablo > -----Original Message----- > From: Trahe, Fiona > Sent: Thursday, January 25, 2018 5:19 PM > To: dev@dpdk.org > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com> > Subject: [PATCH 1/2] crypto/qat: fix null auth algo issue > > If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0 in the > xform and digest pointer is set in the op, then the PMD may overwrite > memory at the digest pointer. > With this patch the memory is not overwritten. > > Fixes: db0e952a5c01 ("crypto/qat: add NULL capability") > > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com> > --- Tested and Acked-by: Radu Nicolau <radu.nicolau@intel.com> ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 1/2] crypto/qat: fix null auth algo issue 2018-01-25 17:36 ` [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu @ 2018-01-29 15:58 ` De Lara Guarch, Pablo 0 siblings, 0 replies; 6+ messages in thread From: De Lara Guarch, Pablo @ 2018-01-29 15:58 UTC (permalink / raw) To: Nicolau, Radu, Trahe, Fiona, dev > -----Original Message----- > From: Nicolau, Radu > Sent: Thursday, January 25, 2018 5:37 PM > To: Trahe, Fiona <fiona.trahe@intel.com>; dev@dpdk.org > Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com> > Subject: RE: [PATCH 1/2] crypto/qat: fix null auth algo issue > > > > -----Original Message----- > > From: Trahe, Fiona > > Sent: Thursday, January 25, 2018 5:19 PM > > To: dev@dpdk.org > > Cc: Nicolau, Radu <radu.nicolau@intel.com>; De Lara Guarch, Pablo > > <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com> > > Subject: [PATCH 1/2] crypto/qat: fix null auth algo issue > > > > If auth algorithm is RTE_CRYPTO_AUTH_NULL and digest_length is 0 in > > the xform and digest pointer is set in the op, then the PMD may > > overwrite memory at the digest pointer. > > With this patch the memory is not overwritten. > > > > Fixes: db0e952a5c01 ("crypto/qat: add NULL capability") > > > > Signed-off-by: Fiona Trahe <fiona.trahe@intel.com> > > --- > > Tested and > Acked-by: Radu Nicolau <radu.nicolau@intel.com> Applied to dpdk-next-crypto. Thanks, Pablo ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2018-01-29 15:58 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-01-25 17:19 [PATCH 1/2] crypto/qat: fix null auth algo issue Fiona Trahe 2018-01-25 17:19 ` [PATCH 2/2] test: improve test validation in NULL AUTH case Fiona Trahe 2018-01-29 11:52 ` De Lara Guarch, Pablo 2018-01-29 15:58 ` [dpdk-stable] " De Lara Guarch, Pablo 2018-01-25 17:36 ` [PATCH 1/2] crypto/qat: fix null auth algo issue Nicolau, Radu 2018-01-29 15:58 ` De Lara Guarch, Pablo
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.