[v2] examples/ipsec-secgw: fix SA salt endianness problem
Checks
Commit Message
From: Shihong Wang <shihong.wang@corigine.com>
The SA salt of struct ipsec_sa is a CPU-endian u32 variable, but it’s
value is stored in an array of encryption or authentication keys
according to big-endian. So it maybe need to convert the endianness
order to ensure that the value assigned to the SA salt is CPU-endian.
Fixes: 50d75cae2a2c ("examples/ipsec-secgw: initialize SA salt")
Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms")
Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
Cc: stable@dpdk.org
Signed-off-by: Shihong Wang <shihong.wang@corigine.com>
Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
---
v2:
* Put the 'memcpy()' call in a singal line as the review comment.
---
examples/ipsec-secgw/sa.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
Comments
> From: Shihong Wang <shihong.wang@corigine.com>
>
> The SA salt of struct ipsec_sa is a CPU-endian u32 variable, but it’s
> value is stored in an array of encryption or authentication keys
> according to big-endian. So it maybe need to convert the endianness
> order to ensure that the value assigned to the SA salt is CPU-endian.
>
> Fixes: 50d75cae2a2c ("examples/ipsec-secgw: initialize SA salt")
> Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms")
> Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> Cc: stable@dpdk.org
>
> Signed-off-by: Shihong Wang <shihong.wang@corigine.com>
> Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
>
Acked-by: Akhil Goyal <gakhil@marvell.com>
Applied to dpdk-next-crypto
Thanks
> Subject: RE: [EXTERNAL] [PATCH v2] examples/ipsec-secgw: fix SA salt
> endianness problem
>
> > From: Shihong Wang <shihong.wang@corigine.com>
> >
> > The SA salt of struct ipsec_sa is a CPU-endian u32 variable, but it’s
> > value is stored in an array of encryption or authentication keys
> > according to big-endian. So it maybe need to convert the endianness
> > order to ensure that the value assigned to the SA salt is CPU-endian.
> >
> > Fixes: 50d75cae2a2c ("examples/ipsec-secgw: initialize SA salt")
> > Fixes: 9413c3901f31 ("examples/ipsec-secgw: support additional algorithms")
> > Fixes: 501e9c226adf ("examples/ipsec-secgw: add AEAD parameters")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Shihong Wang <shihong.wang@corigine.com>
> > Reviewed-by: Chaoyong He <chaoyong.he@corigine.com>
> >
> Acked-by: Akhil Goyal <gakhil@marvell.com>
>
> Applied to dpdk-next-crypto
The patch is pulled back from dpdk-next-crypto.
This change may cause all the PMDs to fail these cases.
Would need acks from PMDs.
@@ -374,6 +374,7 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
uint32_t ti; /*token index*/
uint32_t *ri /*rule index*/;
struct ipsec_sa_cnt *sa_cnt;
+ rte_be32_t salt; /*big-endian salt*/
uint32_t cipher_algo_p = 0;
uint32_t auth_algo_p = 0;
uint32_t aead_algo_p = 0;
@@ -508,8 +509,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
if (algo->algo == RTE_CRYPTO_CIPHER_AES_CTR) {
key_len -= 4;
rule->cipher_key_len = key_len;
- memcpy(&rule->salt,
- &rule->cipher_key[key_len], 4);
+ memcpy(&salt, &rule->cipher_key[key_len], 4);
+ rule->salt = rte_be_to_cpu_32(salt);
}
cipher_algo_p = 1;
@@ -573,8 +574,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
key_len -= 4;
rule->auth_key_len = key_len;
rule->iv_len = algo->iv_len;
- memcpy(&rule->salt,
- &rule->auth_key[key_len], 4);
+ memcpy(&salt, &rule->auth_key[key_len], 4);
+ rule->salt = rte_be_to_cpu_32(salt);
}
auth_algo_p = 1;
@@ -632,8 +633,8 @@ parse_sa_tokens(char **tokens, uint32_t n_tokens,
key_len -= 4;
rule->cipher_key_len = key_len;
- memcpy(&rule->salt,
- &rule->cipher_key[key_len], 4);
+ memcpy(&salt, &rule->cipher_key[key_len], 4);
+ rule->salt = rte_be_to_cpu_32(salt);
aead_algo_p = 1;
continue;