From: Gagandeep Singh <g.singh@nxp.com>
To: gakhil@marvell.com, dev@dpdk.org
Cc: thomas@monjalon.net, Hemant Agrawal <hemant.agrawal@nxp.com>,
Gagandeep Singh <g.singh@nxp.com>
Subject: [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I
Date: Wed, 8 Sep 2021 17:31:12 +0530 [thread overview]
Message-ID: <20210908120115.3548009-2-g.singh@nxp.com> (raw)
In-Reply-To: <20210908120115.3548009-1-g.singh@nxp.com>
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treated as special case with PDCP protocol offload support.
ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.
MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++-
doc/guides/prog_guide/rte_security.rst | 11 ++++++++-
doc/guides/tools/cryptoperf.rst | 4 ++--
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++----------
lib/security/rte_security.h | 1 +
5 files changed, 33 insertions(+), 16 deletions(-)
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56cfaa..0348972c85 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
const char *cperf_pdcp_domain_strs[] = {
[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
- [RTE_SECURITY_PDCP_MODE_DATA] = "data"
+ [RTE_SECURITY_PDCP_MODE_DATA] = "data",
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
};
static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
cperf_pdcp_domain_strs
[RTE_SECURITY_PDCP_MODE_DATA],
RTE_SECURITY_PDCP_MODE_DATA
+ },
+ {
+ cperf_pdcp_domain_strs
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC
}
};
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78f..ad92c16868 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright 2017,2020 NXP
+ Copyright 2017,2020-2021 NXP
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
},
.crypto_capabilities = pmd_capabilities
},
+ { /* PDCP Lookaside Protocol offload short MAC-I */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+ .pdcp = {
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .capa_flags = 0
+ },
+ .crypto_capabilities = pmd_capabilities
+ },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be3109054d..d3963f23e3 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -316,9 +316,9 @@ The following are the application command-line options:
Set PDCP sequence number size(n) in bits. Valid values of n will
be 5/7/12/15/18.
-* ``--pdcp-domain <control/user>``
+* ``--pdcp-domain <control/user/short_mac>``
- Set PDCP domain to specify Control/user plane.
+ Set PDCP domain to specify short_mac/control/user plane.
* ``--docsis-hdr-sz <n>``
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index d6a101499a..b8d57c2b22 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
struct rte_crypto_sym_xform *xform = conf->crypto_xform;
struct rte_crypto_auth_xform *auth_xform = NULL;
- struct rte_crypto_cipher_xform *cipher_xform;
+ struct rte_crypto_cipher_xform *cipher_xform = NULL;
dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
struct ctxt_priv *priv;
struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
flc = &priv->flc_desc[0].flc;
/* find xfrm types */
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
- cipher_xform = &xform->cipher;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
- session->ext_params.aead_ctxt.auth_cipher_text = true;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
cipher_xform = &xform->cipher;
- auth_xform = &xform->next->auth;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- session->ext_params.aead_ctxt.auth_cipher_text = false;
- cipher_xform = &xform->next->cipher;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = true;
+ auth_xform = &xform->next->auth;
+ }
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &xform->auth;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = false;
+ cipher_xform = &xform->next->cipher;
+ }
} else {
DPAA2_SEC_ERR("Invalid crypto type");
return -EINVAL;
@@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
/* hfv ovd offset location is stored in iv.offset value*/
- session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+ if (cipher_xform)
+ session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
cipherdata.key = (size_t)session->cipher_key.data;
cipherdata.keylen = session->cipher_key.length;
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2e136d7929 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
enum rte_security_pdcp_domain {
RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */
RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac */
};
/** PDCP Frame direction */
--
2.25.1
next prev parent reply other threads:[~2021-09-08 12:01 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
2021-09-02 11:38 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-26 11:23 ` [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support Gagandeep Singh
2021-09-02 11:34 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-26 11:23 ` [dpdk-dev] [PATCH 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
2021-09-08 12:01 ` Gagandeep Singh [this message]
2021-09-08 12:15 ` [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I Akhil Goyal
2021-09-08 12:33 ` Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 2/5] security: add pdcp short MAC-I support Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-08 15:21 ` [dpdk-dev] [EXT] [PATCH v4 0/5] support of MAC-I Akhil Goyal
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 2/4] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 3/4] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 4/4] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 3/5] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 11:46 ` [dpdk-dev] [EXT] [PATCH v2 0/5] support of MAC-I Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210908120115.3548009-2-g.singh@nxp.com \
--to=g.singh@nxp.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.