From patchwork Wed Oct 12 08:58:44 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
X-Patchwork-Id: 16502
X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [IPv6:::1])
	by dpdk.org (Postfix) with ESMTP id 146D958D4;
	Wed, 12 Oct 2016 10:59:11 +0200 (CEST)
Received: from mga05.intel.com (mga05.intel.com [192.55.52.43])
	by dpdk.org (Postfix) with ESMTP id 907D43238
	for <dev@dpdk.org>; Wed, 12 Oct 2016 10:59:09 +0200 (CEST)
Received: from orsmga002.jf.intel.com ([10.7.209.21])
	by fmsmga105.fm.intel.com with ESMTP; 12 Oct 2016 01:59:08 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.31,333,1473145200"; d="scan'208";
	a="1063723652"
Received: from gklab-246-023.igk.intel.com (HELO Sent) ([10.217.246.23])
	by orsmga002.jf.intel.com with SMTP; 12 Oct 2016 01:59:07 -0700
Received: by Sent (sSMTP sendmail emulation); Wed, 12 Oct 2016 10:58:54 +0200
From: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
To: pablo.de.lara.guarch@intel.com,
	gangx.yang@intel.com
Cc: dev@dpdk.org
Date: Wed, 12 Oct 2016 10:58:44 +0200
Message-Id: <1476262724-164925-1-git-send-email-piotrx.t.azarewicz@intel.com>
X-Mailer: git-send-email 1.7.9.5
Subject: [dpdk-dev] [PATCH] examples/l2fwd-crypto: fix verify with decrypt
	in chain
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches and discussions about DPDK <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

This patch fix setting crypto operation data parameters in l2fwd-crypto
application.
From now decryption in chain with auth verify work fine.

How to reproduce the issue:

1. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain CIPHER_HASH \
--cipher_op ENCRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op GENERATE --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

2. Send packet with payload and capture forwarded packet.
Payload in forwarded packet is encrypted, what is good.

3. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain HASH_CIPHER \
--cipher_op DECRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op VERIFY --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

4. Send earlier captured packet and capture forwarded packet.
Payload in newly captured packet is not decrypted, what is wrong.

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
---
 examples/l2fwd-crypto/main.c |   23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index dae45f5..43fef59 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -451,6 +451,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 
 	/* Zero pad data to be crypto'd so it is block aligned */
 	data_len  = rte_pktmbuf_data_len(m) - ipdata_offset;
+
+	if (cparams->do_hash && cparams->hash_verify)
+		data_len -= cparams->digest_length;
+
 	pad_len = data_len % cparams->block_size ? cparams->block_size -
 			(data_len % cparams->block_size) : 0;
 
@@ -472,8 +476,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
 				cparams->digest_length);
 		} else {
-			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
-				cparams->digest_length);
+			op->sym->auth.digest.data = rte_pktmbuf_mtod(m,
+				uint8_t *) + ipdata_offset + data_len;
 		}
 
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
@@ -508,21 +512,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
 			op->sym->cipher.data.offset = ipdata_offset << 3;
-			if (cparams->do_hash && cparams->hash_verify)
-				/* Do not cipher the hash tag */
-				op->sym->cipher.data.length = (data_len -
-					cparams->digest_length) << 3;
-			else
-				op->sym->cipher.data.length = data_len << 3;
-
+			op->sym->cipher.data.length = data_len << 3;
 		} else {
 			op->sym->cipher.data.offset = ipdata_offset;
-			if (cparams->do_hash && cparams->hash_verify)
-				/* Do not cipher the hash tag */
-				op->sym->cipher.data.length = data_len -
-					cparams->digest_length;
-			else
-				op->sym->cipher.data.length = data_len;
+			op->sym->cipher.data.length = data_len;
 		}
 	}