From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by dpdk.org (Postfix) with ESMTP id 2A97B2170 for ; Thu, 13 Oct 2016 10:48:21 +0200 (CEST) Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga105.jf.intel.com with ESMTP; 13 Oct 2016 01:48:20 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.31,339,1473145200"; d="scan'208";a="1044087411" Received: from irsmsx151.ger.corp.intel.com ([163.33.192.59]) by orsmga001.jf.intel.com with ESMTP; 13 Oct 2016 01:48:20 -0700 Received: from irsmsx109.ger.corp.intel.com ([169.254.13.6]) by IRSMSX151.ger.corp.intel.com ([169.254.4.226]) with mapi id 14.03.0248.002; Thu, 13 Oct 2016 09:48:18 +0100 From: "Jastrzebski, MichalX K" To: "Azarewicz, PiotrX T" , "De Lara Guarch, Pablo" , "Yang, GangX" CC: "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] examples/l2fwd-crypto: fix verify with decrypt in chain Thread-Index: AQHSJGb7XIuxeiiapEuJ/yr7ISZSL6CmE4SQ Date: Thu, 13 Oct 2016 08:48:17 +0000 Message-ID: <60ABE07DBB3A454EB7FAD707B4BB158213B046F3@IRSMSX109.ger.corp.intel.com> References: <1476262724-164925-1-git-send-email-piotrx.t.azarewicz@intel.com> In-Reply-To: <1476262724-164925-1-git-send-email-piotrx.t.azarewicz@intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [163.33.239.181] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH] examples/l2fwd-crypto: fix verify with decrypt in chain X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Oct 2016 08:48:21 -0000 > -----Original Message----- > From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Piotr Azarewicz > Sent: Wednesday, October 12, 2016 10:59 AM > To: De Lara Guarch, Pablo ; Yang, GangX > > Cc: dev@dpdk.org > Subject: [dpdk-dev] [PATCH] examples/l2fwd-crypto: fix verify with decryp= t > in chain >=20 > This patch fix setting crypto operation data parameters in l2fwd-crypto > application. > From now decryption in chain with auth verify work fine. >=20 > How to reproduce the issue: >=20 > 1. Run l2fwd_crypto with command: > -c 0x3 -n 4 --vdev "crypto_aesni_mb" \ > --vdev "crypto_aesni_mb" \ > -- -p 0x3 --chain CIPHER_HASH \ > --cipher_op ENCRYPT --cipher_algo AES_CBC \ > --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \ > --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \ > --auth_op GENERATE --auth_algo SHA1_HMAC \ > --auth_key > 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: > 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: > 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 >=20 > 2. Send packet with payload and capture forwarded packet. > Payload in forwarded packet is encrypted, what is good. >=20 > 3. Run l2fwd_crypto with command: > -c 0x3 -n 4 --vdev "crypto_aesni_mb" \ > --vdev "crypto_aesni_mb" \ > -- -p 0x3 --chain HASH_CIPHER \ > --cipher_op DECRYPT --cipher_algo AES_CBC \ > --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \ > --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \ > --auth_op VERIFY --auth_algo SHA1_HMAC \ > --auth_key > 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: > 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: > 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 >=20 > 4. Send earlier captured packet and capture forwarded packet. > Payload in newly captured packet is not decrypted, what is wrong. >=20 > Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application") >=20 > Signed-off-by: Piotr Azarewicz > --- > examples/l2fwd-crypto/main.c | 23 ++++++++--------------- > 1 file changed, 8 insertions(+), 15 deletions(-) >=20 > diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c > index dae45f5..43fef59 100644 > --- a/examples/l2fwd-crypto/main.c > +++ b/examples/l2fwd-crypto/main.c > @@ -451,6 +451,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf > *m, >=20 > /* Zero pad data to be crypto'd so it is block aligned */ > data_len =3D rte_pktmbuf_data_len(m) - ipdata_offset; > + > + if (cparams->do_hash && cparams->hash_verify) > + data_len -=3D cparams->digest_length; > + > pad_len =3D data_len % cparams->block_size ? cparams->block_size - > (data_len % cparams->block_size) : 0; >=20 > @@ -472,8 +476,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m, > op->sym->auth.digest.data =3D (uint8_t > *)rte_pktmbuf_append(m, > cparams->digest_length); > } else { > - op->sym->auth.digest.data =3D (uint8_t > *)rte_pktmbuf_append(m, > - cparams->digest_length); > + op->sym->auth.digest.data =3D rte_pktmbuf_mtod(m, > + uint8_t *) + ipdata_offset + data_len; > } >=20 > op->sym->auth.digest.phys_addr =3D > rte_pktmbuf_mtophys_offset(m, > @@ -508,21 +512,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf > *m, > cparams->cipher_algo =3D=3D > RTE_CRYPTO_CIPHER_KASUMI_F8 || > cparams->cipher_algo =3D=3D > RTE_CRYPTO_CIPHER_ZUC_EEA3) { > op->sym->cipher.data.offset =3D ipdata_offset << 3; > - if (cparams->do_hash && cparams->hash_verify) > - /* Do not cipher the hash tag */ > - op->sym->cipher.data.length =3D (data_len - > - cparams->digest_length) << 3; > - else > - op->sym->cipher.data.length =3D data_len << 3; > - > + op->sym->cipher.data.length =3D data_len << 3; > } else { > op->sym->cipher.data.offset =3D ipdata_offset; > - if (cparams->do_hash && cparams->hash_verify) > - /* Do not cipher the hash tag */ > - op->sym->cipher.data.length =3D data_len - > - cparams->digest_length; > - else > - op->sym->cipher.data.length =3D data_len; > + op->sym->cipher.data.length =3D data_len; > } > } >=20 > -- > 1.7.9.5 Acked-by: Michal Jastrzebski