From mboxrd@z Thu Jan 1 00:00:00 1970 From: Piotr Azarewicz Subject: [PATCH] examples/l2fwd-crypto: fix verify with decrypt in chain Date: Wed, 12 Oct 2016 10:58:44 +0200 Message-ID: <1476262724-164925-1-git-send-email-piotrx.t.azarewicz@intel.com> Cc: dev@dpdk.org To: pablo.de.lara.guarch@intel.com, gangx.yang@intel.com Return-path: Received: from mga05.intel.com (mga05.intel.com [192.55.52.43]) by dpdk.org (Postfix) with ESMTP id 907D43238 for ; Wed, 12 Oct 2016 10:59:09 +0200 (CEST) List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch fix setting crypto operation data parameters in l2fwd-crypto application. >>From now decryption in chain with auth verify work fine. How to reproduce the issue: 1. Run l2fwd_crypto with command: -c 0x3 -n 4 --vdev "crypto_aesni_mb" \ --vdev "crypto_aesni_mb" \ -- -p 0x3 --chain CIPHER_HASH \ --cipher_op ENCRYPT --cipher_algo AES_CBC \ --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \ --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \ --auth_op GENERATE --auth_algo SHA1_HMAC \ --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 2. Send packet with payload and capture forwarded packet. Payload in forwarded packet is encrypted, what is good. 3. Run l2fwd_crypto with command: -c 0x3 -n 4 --vdev "crypto_aesni_mb" \ --vdev "crypto_aesni_mb" \ -- -p 0x3 --chain HASH_CIPHER \ --cipher_op DECRYPT --cipher_algo AES_CBC \ --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \ --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \ --auth_op VERIFY --auth_algo SHA1_HMAC \ --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 4. Send earlier captured packet and capture forwarded packet. Payload in newly captured packet is not decrypted, what is wrong. Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application") Signed-off-by: Piotr Azarewicz --- examples/l2fwd-crypto/main.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c index dae45f5..43fef59 100644 --- a/examples/l2fwd-crypto/main.c +++ b/examples/l2fwd-crypto/main.c @@ -451,6 +451,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m, /* Zero pad data to be crypto'd so it is block aligned */ data_len = rte_pktmbuf_data_len(m) - ipdata_offset; + + if (cparams->do_hash && cparams->hash_verify) + data_len -= cparams->digest_length; + pad_len = data_len % cparams->block_size ? cparams->block_size - (data_len % cparams->block_size) : 0; @@ -472,8 +476,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m, op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m, cparams->digest_length); } else { - op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m, - cparams->digest_length); + op->sym->auth.digest.data = rte_pktmbuf_mtod(m, + uint8_t *) + ipdata_offset + data_len; } op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m, @@ -508,21 +512,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m, cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 || cparams->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) { op->sym->cipher.data.offset = ipdata_offset << 3; - if (cparams->do_hash && cparams->hash_verify) - /* Do not cipher the hash tag */ - op->sym->cipher.data.length = (data_len - - cparams->digest_length) << 3; - else - op->sym->cipher.data.length = data_len << 3; - + op->sym->cipher.data.length = data_len << 3; } else { op->sym->cipher.data.offset = ipdata_offset; - if (cparams->do_hash && cparams->hash_verify) - /* Do not cipher the hash tag */ - op->sym->cipher.data.length = data_len - - cparams->digest_length; - else - op->sym->cipher.data.length = data_len; + op->sym->cipher.data.length = data_len; } } -- 1.7.9.5