numam-dpdk

History

Piotr Azarewicz 893fbab031 examples/l2fwd-crypto: fix verify with decrypt in chain This patch fixes crypto operation data parameters setting in l2fwd-crypto application, making decryption in chain with auth verification work. How to reproduce the issue: 1. Run l2fwd_crypto with command: -c 0x3 -n 4 --vdev "crypto_aesni_mb" \ --vdev "crypto_aesni_mb" \ -- -p 0x3 --chain CIPHER_HASH \ --cipher_op ENCRYPT --cipher_algo AES_CBC \ --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \ --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \ --auth_op GENERATE --auth_algo SHA1_HMAC \ --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 2. Send packet with payload and capture forwarded packet. Payload in forwarded packet is encrypted, what is good. 3. Run l2fwd_crypto with command: -c 0x3 -n 4 --vdev "crypto_aesni_mb" \ --vdev "crypto_aesni_mb" \ -- -p 0x3 --chain HASH_CIPHER \ --cipher_op DECRYPT --cipher_algo AES_CBC \ --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \ --iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \ --auth_op VERIFY --auth_algo SHA1_HMAC \ --auth_key 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11: 11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11 4. Send earlier captured packet and capture forwarded packet. Payload in newly captured packet is not decrypted, what is wrong. Fixes: `387259bd6c` ("examples/l2fwd-crypto: add sample application") Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com> Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>	2016-10-13 21:58:44 +02:00
..
main.c	examples/l2fwd-crypto: fix verify with decrypt in chain	2016-10-13 21:58:44 +02:00
Makefile	examples/l2fwd-crypto: add sample application	2015-11-25 19:18:04 +01:00

Piotr Azarewicz 893fbab031 examples/l2fwd-crypto: fix verify with decrypt in chain

This patch fixes crypto operation data parameters setting
in l2fwd-crypto application, making decryption in chain
with auth verification work.

How to reproduce the issue:

1. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain CIPHER_HASH \
--cipher_op ENCRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op GENERATE --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

2. Send packet with payload and capture forwarded packet.
Payload in forwarded packet is encrypted, what is good.

3. Run l2fwd_crypto with command:
-c 0x3 -n 4 --vdev "crypto_aesni_mb" \
--vdev "crypto_aesni_mb" \
-- -p 0x3 --chain HASH_CIPHER \
--cipher_op DECRYPT --cipher_algo AES_CBC \
--cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f \
--iv 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:ff \
--auth_op VERIFY --auth_algo SHA1_HMAC \
--auth_key
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:
11:11:11:11:11:11:11:11:11:11:11:11:11:11:11:11

4. Send earlier captured packet and capture forwarded packet.
Payload in newly captured packet is not decrypted, what is wrong.

Fixes: 387259bd6c ("examples/l2fwd-crypto: add sample application")

Signed-off-by: Piotr Azarewicz <piotrx.t.azarewicz@intel.com>
Acked-by: Michal Jastrzebski <michalx.k.jastrzebski@intel.com>

2016-10-13 21:58:44 +02:00

main.c examples/l2fwd-crypto: fix verify with decrypt in chain 2016-10-13 21:58:44 +02:00

Makefile examples/l2fwd-crypto: add sample application 2015-11-25 19:18:04 +01:00