From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 186DEA04B6; Sun, 11 Oct 2020 23:34:36 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C854D1D591; Sun, 11 Oct 2020 23:34:19 +0200 (CEST) Received: from inva020.nxp.com (inva020.nxp.com [92.121.34.13]) by dpdk.org (Postfix) with ESMTP id E95E31D577; Sun, 11 Oct 2020 23:34:15 +0200 (CEST) Received: from inva020.nxp.com (localhost [127.0.0.1]) by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id B166C1A0D02; Sun, 11 Oct 2020 23:34:14 +0200 (CEST) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 49E911A0D15; Sun, 11 Oct 2020 23:34:11 +0200 (CEST) Received: from lsv03273.swis.in-blr01.nxp.com (lsv03273.swis.in-blr01.nxp.com [92.120.147.113]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 1A8864031C; Sun, 11 Oct 2020 23:34:07 +0200 (CEST) From: Akhil Goyal To: dev@dpdk.org, techboard@dpdk.org Cc: thomas@monjalon.net, anoobj@marvell.com, hemant.agrawal@nxp.com, declan.doherty@intel.com, david.coyle@intel.com, Akhil Goyal Date: Mon, 12 Oct 2020 03:03:57 +0530 Message-Id: <20201011213403.21169-3-akhil.goyal@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20201011213403.21169-1-akhil.goyal@nxp.com> References: <20200903160652.31654-1-akhil.goyal@nxp.com> <20201011213403.21169-1-akhil.goyal@nxp.com> X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH v2 2/8] security: modify PDCP xform to support SDAP X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The SDAP is a protocol in the LTE stack on top of PDCP for QOS. A particular PDCP session may or may not have SDAP enabled. But if it is enabled, SDAP header should be authenticated but not encrypted if both confidentiality and integrity is enabled. Hence, the driver should be intimated from the xform so that it skip the SDAP header while encryption. A new field is added in the PDCP xform to specify SDAP is enabled. The overall size of the xform is not changed, as hfn_ovrd is just a flag and does not need uint32. Hence, it is converted to uint8_t and a 16 bit reserved field is added for future. Signed-off-by: Akhil Goyal --- doc/guides/rel_notes/release_20_11.rst | 9 +++++++++ lib/librte_security/rte_security.h | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst index c34ab5493..fad91487a 100644 --- a/doc/guides/rel_notes/release_20_11.rst +++ b/doc/guides/rel_notes/release_20_11.rst @@ -103,6 +103,11 @@ New Features also known as Mount Bryce. See the :doc:`../bbdevs/acc100` BBDEV guide for more details on this new driver. +* **Updated rte_security library to support SDAP.** + + ``rte_security_pdcp_xform`` in ``rte_security`` lib is updated to enable + 5G NR processing of SDAP header in PMDs. + * **Updated Virtio driver.** * Added support for Vhost-vDPA backend to Virtio-user PMD. @@ -307,6 +312,10 @@ API Changes ``rte_fpga_lte_fec_configure`` and structure ``fpga_lte_fec_conf`` to ``rte_fpga_lte_fec_conf``. +* security: ``hfn_ovrd`` field in ``rte_security_pdcp_xform`` is changed from + ``uint32_t`` to ``uint8_t`` so that a new field ``sdap_enabled`` can be added + to support SDAP. + ABI Changes ----------- diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index 16839e539..c259b35e0 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: BSD-3-Clause - * Copyright 2017,2019 NXP + * Copyright 2017,2019-2020 NXP * Copyright(c) 2017-2020 Intel Corporation. */ @@ -290,7 +290,15 @@ struct rte_security_pdcp_xform { * per packet HFN in place of IV. PMDs will extract the HFN * and perform operations accordingly. */ - uint32_t hfn_ovrd; + uint8_t hfn_ovrd; + /** In case of 5G NR, a new protocol (SDAP) header may be set + * inside PDCP payload which should be authenticated but not + * encrypted. Hence, driver should be notified if SDAP is + * enabled or not, so that SDAP header is not encrypted. + */ + uint8_t sdap_enabled; + /** Reserved for future */ + uint16_t reserved; }; /** DOCSIS direction */ -- 2.17.1