From 4792d3ea858ef636b4ee8a34e1fcd767174f056a Mon Sep 17 00:00:00 2001
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Thu, 13 Jul 2017 06:36:50 +0100
Subject: [PATCH] doc: extend installation section for SNOW3G/KASUMI

SNOW3G and KASUMI SW libraries encrypt buffers
assuming that they are padded to a specific block size.
This behaviour can be changed to avoid buffer overflow,
by modifying the Makefile of these libraries.
Therefore, the Installation section in the SNOW3G and
KASUMI documentation has been extended, to document
this case.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
Acked-by: Declan Doherty <declan.doherty@intel.com>
---
 doc/guides/cryptodevs/kasumi.rst | 12 ++++++++++++
 doc/guides/cryptodevs/snow3g.rst | 11 +++++++++++
 2 files changed, 23 insertions(+)

diff --git a/doc/guides/cryptodevs/kasumi.rst b/doc/guides/cryptodevs/kasumi.rst
index bff9321e33..738ecee07b 100644
--- a/doc/guides/cryptodevs/kasumi.rst
+++ b/doc/guides/cryptodevs/kasumi.rst
@@ -70,6 +70,18 @@ on their system before building DPDK::
 
    make
 
+**Note**: When encrypting with KASUMI F8, by default the library
+encrypts full blocks of 8 bytes, regardless the number of bytes to
+be encrypted provided (which leads to a possible buffer overflow).
+To avoid this situation, it is necessary not to pass
+3GPP_SAFE_BUFFERS as a compilation flag.
+Also, this is required when using chained operations
+(cipher-then-auth/auth-then-cipher).
+For this, in the Makefile of the library, make sure that this flag
+is commented out::
+
+  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+
 **Note**: To build the PMD as a shared library, the libsso_kasumi
 library must be built as follows::
 
diff --git a/doc/guides/cryptodevs/snow3g.rst b/doc/guides/cryptodevs/snow3g.rst
index 12b6c4af7a..41c48d69c3 100644
--- a/doc/guides/cryptodevs/snow3g.rst
+++ b/doc/guides/cryptodevs/snow3g.rst
@@ -69,6 +69,17 @@ on their system before building DPDK::
 
    make snow3G
 
+**Note**: When encrypting with SNOW3G UEA2, by default the library
+encrypts blocks of 4 bytes, regardless the number of bytes to
+be encrypted provided (which leads to a possible buffer overflow).
+To avoid this situation, it is necessary not to pass
+3GPP_SAFE_BUFFERS as a compilation flag.
+For this, in the Makefile of the library, make sure that this flag
+is commented out.::
+
+  #EXTRA_CFLAGS  += -D_3GPP_SAFE_BUFFERS
+
+
 Initialization
 --------------
 
-- 
2.20.1