From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id D2FA2A00C4; Thu, 4 Jun 2020 17:33:06 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AB5711D5F5; Thu, 4 Jun 2020 17:33:01 +0200 (CEST) Received: from mga18.intel.com (mga18.intel.com [134.134.136.126]) by dpdk.org (Postfix) with ESMTP id 37EF91D5F2 for ; Thu, 4 Jun 2020 17:33:00 +0200 (CEST) IronPort-SDR: 7N6c0TwXtZ20Y2iY9WuRklHdKnU3R3h2l2wcBJfK0nRHbuM/c0mfkuLzzQncYvHd15zyKN5t64 sPa/icKLrNzA== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 Jun 2020 08:32:58 -0700 IronPort-SDR: af8ilZ7SsH4gffcElvRHYi5UVHjGGIA5idCWH/CrbEiXkaFJr4SF8LwizPO7aCg9wTGHZGfVg8 OEjGsf+spyBw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="445542676" Received: from silpixa00399912.ir.intel.com (HELO silpixa00399912.ger.corp.intel.com) ([10.237.223.64]) by orsmga005.jf.intel.com with ESMTP; 04 Jun 2020 08:32:53 -0700 From: David Coyle To: akhil.goyal@nxp.com, declan.doherty@intel.com, pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com, roy.fan.zhang@intel.com Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com, brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com, ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com, honnappa.nagarahalli@arm.com, stephen@networkplumber.org, alexr@mellanox.com, jerinj@marvell.com, David Coyle , Mairtin o Loingsigh Date: Thu, 4 Jun 2020 16:13:22 +0100 Message-Id: <20200604151324.50704-2-david.coyle@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200604151324.50704-1-david.coyle@intel.com> References: <20200410142757.31508-1-david.coyle@intel.com> <20200604151324.50704-1-david.coyle@intel.com> Subject: [dpdk-dev] [PATCH 1/3] security: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Add support for DOCSIS protocol to rte_security library. This support currently comprises the combination of Crypto and CRC operations. Please note this is API changes only. Implementation will follow in next version. Signed-off-by: David Coyle Signed-off-by: Mairtin o Loingsigh --- lib/librte_security/rte_security.h | 114 +++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index 747830d67..46ec4997a 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -293,6 +293,30 @@ struct rte_security_pdcp_xform { uint32_t hfn_ovrd; }; +/** DOCSIS direction */ +enum rte_security_docsis_direction { + RTE_SECURITY_DOCSIS_UPLINK, + /**< Uplink + * - Decryption, followed by CRC Verification + */ + RTE_SECURITY_DOCSIS_DOWNLINK, + /**< Downlink + * - CRC Generation, followed by Encryption + */ +}; + +/** + * DOCSIS security session configuration. + * + * This structure contains data required to create a DOCSIS security session. + */ +struct rte_security_docsis_xform { + enum rte_security_docsis_direction direction; + /** DOCSIS direction */ + uint16_t crc_size; + /**< CRC size in bytes */ +}; + /** * Security session action type. */ @@ -325,6 +349,8 @@ enum rte_security_session_protocol { /**< MACSec Protocol */ RTE_SECURITY_PROTOCOL_PDCP, /**< PDCP Protocol */ + RTE_SECURITY_PROTOCOL_DOCSIS, + /**< DOCSIS Protocol */ }; /** @@ -340,6 +366,7 @@ struct rte_security_session_conf { struct rte_security_ipsec_xform ipsec; struct rte_security_macsec_xform macsec; struct rte_security_pdcp_xform pdcp; + struct rte_security_docsis_xform docsis; }; /**< Configuration parameters for security session */ struct rte_crypto_sym_xform *crypto_xform; @@ -355,6 +382,77 @@ struct rte_security_session { /**< Opaque user defined data */ }; +/** + * DOCSIS operation parameters + */ +struct rte_security_docsis_op { + struct rte_crypto_sym_op crypto_sym; + /**< Symmetric crypto operation parameters */ + + struct { + struct { + uint16_t offset; + /**< + * Starting point for CRC processing, specified + * as the number of bytes from start of the packet in + * the source mbuf in crypto_sym + */ + uint16_t length; + /**< + * The length, in bytes, of the source mbuf on which the + * CRC will be computed + */ + } data; + /**< Data offset and length for CRC */ + + struct { + uint8_t *data; + /**< + * This points to the location where the CRC should be + * written (in the case of generation) or where the + * purported result exists (in the case of + * verification). + * + * The caller must ensure the required length of + * physically contiguous memory is available at this + * address. + * + * This may point into the mbuf packet data. For + * generation, the result will overwrite any data at + * this location. + */ + rte_iova_t phys_addr; + /**< Physical address of output data */ + } output; + /**< Output location */ + } crc; + /**< CRC operation parameters */ + + uint64_t reserved; + /**< Reserved for future use */ +}; + +/** + * Security operation types + */ +enum rte_security_op_type { + RTE_SECURITY_OP_TYPE_DOCSIS = 1 + /**< DOCSIS operation */ +}; + +/** + * Security operation parameters + */ +struct rte_security_op { + enum rte_security_op_type type; + /**< Type of operation */ + RTE_STD_C11 + union { + struct rte_security_docsis_op docsis; + }; + /**< Parameters for security operation */ +}; + /** * Create security session as specified by the session configuration * @@ -523,6 +621,10 @@ struct rte_security_pdcp_stats { uint64_t reserved; }; +struct rte_security_docsis_stats { + uint64_t reserved; +}; + struct rte_security_stats { enum rte_security_session_protocol protocol; /**< Security protocol to be configured */ @@ -532,6 +634,7 @@ struct rte_security_stats { struct rte_security_macsec_stats macsec; struct rte_security_ipsec_stats ipsec; struct rte_security_pdcp_stats pdcp; + struct rte_security_docsis_stats docsis; }; }; @@ -591,6 +694,13 @@ struct rte_security_capability { /**< Capability flags, see RTE_SECURITY_PDCP_* */ } pdcp; /**< PDCP capability */ + struct { + enum rte_security_docsis_direction direction; + /**< DOCSIS direction */ + uint16_t crc_size; + /**< CRC size in bytes */ + } docsis; + /**< DOCSIS capability */ }; const struct rte_cryptodev_capabilities *crypto_capabilities; @@ -649,6 +759,10 @@ struct rte_security_capability_idx { enum rte_security_pdcp_domain domain; uint32_t capa_flags; } pdcp; + struct { + enum rte_security_docsis_direction direction; + uint16_t crc_size; + } docsis; }; }; -- 2.17.1