From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 59C94A0350;
	Tue, 23 Jun 2020 12:36:47 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 3393F1D627;
	Tue, 23 Jun 2020 12:36:43 +0200 (CEST)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by dpdk.org (Postfix) with ESMTP id 49CB21D5EF
 for <dev@dpdk.org>; Tue, 23 Jun 2020 12:36:41 +0200 (CEST)
IronPort-SDR: okZ0HCqrto2UQpXKK3pzTI1UW71mONF33VgGJpzCj1k5V7yhONVzRoK8QMmNbUNehXA0JZoJC/
 ZvTveZFhe4Ag==
X-IronPort-AV: E=McAfee;i="6000,8403,9660"; a="131435883"
X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="131435883"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga008.fm.intel.com ([10.253.24.58])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 23 Jun 2020 03:36:40 -0700
IronPort-SDR: oBPyMiL+F1PWFwFb808j+SLWAyTeZue0qtK8hEb/czowNKhr2mYMVii0cvMLPexEVBzav0mZrQ
 m5vT9xU2dpew==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.75,271,1589266800"; d="scan'208";a="264756011"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by fmsmga008.fm.intel.com with ESMTP; 23 Jun 2020 03:36:34 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
 roy.fan.zhang@intel.com, konstantin.ananyev@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
 brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com,
 ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com,
 jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com,
 ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com,
 honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
 alexr@mellanox.com, jerinj@marvell.com,
 David Coyle <david.coyle@intel.com>,
 Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Date: Tue, 23 Jun 2020 11:14:19 +0100
Message-Id: <20200623101423.9215-3-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com>
References: <20200604151324.50704-1-david.coyle@intel.com>
 <20200623101423.9215-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for DOCSIS protocol to rte_security library. This support
currently comprises the combination of Crypto and CRC operations.

A security operation definition is also added. This allow security
protocol related parameters be specified at the operation level. For
DOCSIS, these parameters include CRC length and offset. The security
operation is accessed via a crypto operation.

Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
 lib/librte_security/rte_security.c |   7 ++
 lib/librte_security/rte_security.h | 116 ++++++++++++++++++++++++++++-
 2 files changed, 120 insertions(+), 3 deletions(-)

diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index dc9a3e89c..e3844bf7e 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -173,6 +173,13 @@ rte_security_capability_get(struct rte_security_ctx *instance,
 				if (capability->pdcp.domain ==
 							idx->pdcp.domain)
 					return capability;
+			} else if (idx->protocol ==
+						RTE_SECURITY_PROTOCOL_DOCSIS) {
+				if (capability->docsis.direction ==
+							idx->docsis.direction &&
+					capability->docsis.crc_size ==
+							idx->docsis.crc_size)
+					return capability;
 			}
 		}
 	}
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 747830d67..25e3179e9 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -293,6 +293,30 @@ struct rte_security_pdcp_xform {
 	uint32_t hfn_ovrd;
 };
 
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+	RTE_SECURITY_DOCSIS_UPLINK,
+	/**< Uplink
+	 * - Decryption, followed by CRC Verification
+	 */
+	RTE_SECURITY_DOCSIS_DOWNLINK,
+	/**< Downlink
+	 * - CRC Generation, followed by Encryption
+	 */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+	enum rte_security_docsis_direction direction;
+	/** DOCSIS direction */
+	uint16_t crc_size;
+	/**< CRC size in bytes */
+};
+
 /**
  * Security session action type.
  */
@@ -325,6 +349,8 @@ enum rte_security_session_protocol {
 	/**< MACSec Protocol */
 	RTE_SECURITY_PROTOCOL_PDCP,
 	/**< PDCP Protocol */
+	RTE_SECURITY_PROTOCOL_DOCSIS,
+	/**< DOCSIS Protocol */
 };
 
 /**
@@ -340,6 +366,7 @@ struct rte_security_session_conf {
 		struct rte_security_ipsec_xform ipsec;
 		struct rte_security_macsec_xform macsec;
 		struct rte_security_pdcp_xform pdcp;
+		struct rte_security_docsis_xform docsis;
 	};
 	/**< Configuration parameters for security session */
 	struct rte_crypto_sym_xform *crypto_xform;
@@ -355,6 +382,63 @@ struct rte_security_session {
 	/**< Opaque user defined data */
 };
 
+/**
+ * DOCSIS operation parameters
+ */
+struct rte_security_docsis_op {
+	struct rte_crypto_sym_op crypto_sym;
+	/**< Symmetric crypto operation parameters */
+
+	struct {
+		uint16_t offset;
+		/**<
+		 * Starting point for CRC processing, specified
+		 * as the number of bytes from start of the packet in
+		 * the source mbuf in crypto_sym
+		 */
+		uint16_t length;
+		/**<
+		 * The length, in bytes, of the source mbuf on which the
+		 * CRC will be computed
+		 */
+	} crc;
+	/**< CRC operation parameters */
+
+	uint64_t reserved;
+	/**< Reserved for future use */
+};
+
+/**
+ * Security operation types
+ */
+enum rte_security_op_type {
+	RTE_SECURITY_OP_TYPE_DOCSIS = 1
+	/**< DOCSIS operation */
+};
+
+/**
+ * Security operation parameters
+ *
+ * @note If the size of this struct changes, it may be also necessary to update
+ * the RTE_CRYPTO_OP_SECURITY_MAX_SZ define
+ */
+struct rte_security_op {
+	enum rte_security_op_type type;
+	/**< Type of operation */
+	RTE_STD_C11
+	union {
+		struct rte_security_docsis_op docsis;
+	};
+	/**< Parameters for security operation */
+};
+
+/* Macro to check the size of a struct at compile time */
+#define _SECURITY_STRUCT_LEN_CHECK(n, X) enum security_static_assert_enum_##X \
+	{ security_static_assert_##X = (n)/((sizeof(struct X) <= (n)) ? 1 : 0) }
+
+/* Check the size of the rte_security_op struct */
+_SECURITY_STRUCT_LEN_CHECK(RTE_CRYPTO_OP_SECURITY_MAX_SZ, rte_security_op);
+
 /**
  * Create security session as specified by the session configuration
  *
@@ -496,12 +580,22 @@ static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
 			    struct rte_security_session *sess)
 {
-	if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
-		return -EINVAL;
+	struct rte_security_op *s_op;
+	int ret = -EINVAL;
+
+	if (likely(op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
+		ret = __rte_security_attach_session(op->sym, sess);
+	} else if (op->type == RTE_CRYPTO_OP_TYPE_SECURITY) {
+		s_op = (struct rte_security_op *)&op->security;
+		if (s_op->type == RTE_SECURITY_OP_TYPE_DOCSIS)
+			ret = __rte_security_attach_session(
+						&s_op->docsis.crypto_sym,
+						sess);
+	}
 
 	op->sess_type =  RTE_CRYPTO_OP_SECURITY_SESSION;
 
-	return __rte_security_attach_session(op->sym, sess);
+	return ret;
 }
 
 struct rte_security_macsec_stats {
@@ -523,6 +617,10 @@ struct rte_security_pdcp_stats {
 	uint64_t reserved;
 };
 
+struct rte_security_docsis_stats {
+	uint64_t reserved;
+};
+
 struct rte_security_stats {
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
@@ -532,6 +630,7 @@ struct rte_security_stats {
 		struct rte_security_macsec_stats macsec;
 		struct rte_security_ipsec_stats ipsec;
 		struct rte_security_pdcp_stats pdcp;
+		struct rte_security_docsis_stats docsis;
 	};
 };
 
@@ -591,6 +690,13 @@ struct rte_security_capability {
 			/**< Capability flags, see RTE_SECURITY_PDCP_* */
 		} pdcp;
 		/**< PDCP capability */
+		struct {
+			enum rte_security_docsis_direction direction;
+			/**< DOCSIS direction */
+			uint16_t crc_size;
+			/**< CRC size in bytes */
+		} docsis;
+		/**< DOCSIS capability */
 	};
 
 	const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -649,6 +755,10 @@ struct rte_security_capability_idx {
 			enum rte_security_pdcp_domain domain;
 			uint32_t capa_flags;
 		} pdcp;
+		struct {
+			enum rte_security_docsis_direction direction;
+			uint16_t crc_size;
+		} docsis;
 	};
 };
 
-- 
2.17.1