From 893fbab031860752e910f1ddab258686afbc385e Mon Sep 17 00:00:00 2001
From: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Date: Wed, 12 Oct 2016 10:58:44 +0200
Subject: [PATCH] examples/l2fwd-crypto: fix verify with decrypt in chain

This patch fixes crypto operation data parameters setting
in l2fwd-crypto application, making decryption in chain
with auth verification work.

How to reproduce the issue:

1. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain CIPHER_HASH \
--cipher_op ENCRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op GENERATE --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

2. Send packet with payload and capture forwarded packet.
Payload in forwarded packet is encrypted, what is good.

3. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain HASH_CIPHER \
--cipher_op DECRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op VERIFY --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

4. Send earlier captured packet and capture forwarded packet.
Payload in newly captured packet is not decrypted, what is wrong.

Fixes: 387259bd6c67 ("examples/l2fwd-crypto: add sample application")

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>
---
 examples/l2fwd-crypto/main.c | 23 ++++++++---------------
 1 file changed, 8 insertions(+), 15 deletions(-)

diff --git a/examples/l2fwd-crypto/main.c b/examples/l2fwd-crypto/main.c
index dae45f534f..43fef59e52 100644
--- a/examples/l2fwd-crypto/main.c
+++ b/examples/l2fwd-crypto/main.c
@@ -451,6 +451,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 
 	/* Zero pad data to be crypto'd so it is block aligned */
 	data_len  = rte_pktmbuf_data_len(m) - ipdata_offset;
+
+	if (cparams->do_hash && cparams->hash_verify)
+		data_len -= cparams->digest_length;
+
 	pad_len = data_len % cparams->block_size ? cparams->block_size -
 			(data_len % cparams->block_size) : 0;
 
@@ -472,8 +476,8 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
 				cparams->digest_length);
 		} else {
-			op->sym->auth.digest.data = (uint8_t *)rte_pktmbuf_append(m,
-				cparams->digest_length);
+			op->sym->auth.digest.data = rte_pktmbuf_mtod(m,
+				uint8_t *) + ipdata_offset + data_len;
 		}
 
 		op->sym->auth.digest.phys_addr = rte_pktmbuf_mtophys_offset(m,
@@ -508,21 +512,10 @@ l2fwd_simple_crypto_enqueue(struct rte_mbuf *m,
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_KASUMI_F8 ||
 				cparams->cipher_algo == RTE_CRYPTO_CIPHER_ZUC_EEA3) {
 			op->sym->cipher.data.offset = ipdata_offset << 3;
-			if (cparams->do_hash && cparams->hash_verify)
-				/* Do not cipher the hash tag */
-				op->sym->cipher.data.length = (data_len -
-					cparams->digest_length) << 3;
-			else
-				op->sym->cipher.data.length = data_len << 3;
-
+			op->sym->cipher.data.length = data_len << 3;
 		} else {
 			op->sym->cipher.data.offset = ipdata_offset;
-			if (cparams->do_hash && cparams->hash_verify)
-				/* Do not cipher the hash tag */
-				op->sym->cipher.data.length = data_len -
-					cparams->digest_length;
-			else
-				op->sym->cipher.data.length = data_len;
+			op->sym->cipher.data.length = data_len;
 		}
 	}
 
-- 
2.20.1