From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A43BCA0350; Tue, 23 Jun 2020 20:06:53 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 6B87F1D6A4; Tue, 23 Jun 2020 20:06:52 +0200 (CEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2059.outbound.protection.outlook.com [40.107.22.59]) by dpdk.org (Postfix) with ESMTP id 589BB1D690 for ; Tue, 23 Jun 2020 20:06:50 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mceK84DGpRtZEppW2VjQIuNm00pMyDmVA2m8yfdBhk2A/A02eaQ2mSFg4B83Li0QCXgQHUkNjLagmqevHdOeIZMYQel42DGhmD7Ed4NpcPNx16859GunognYYXb4DdVc6aMeUJ01qMhOsRxGxhGAYgt47P5RWW2j2B+mGf+nHA7F/c/IJLTFof1QM8+SEX+8c5SNghgJWgwRNpWA1IvLcbG9/chulWE6Ls8HFMcU2ZL6fnb8A6hD78LS1x+uyvl1dr/yG4aGAfEYT3IMm14toCso0ZshMCzAMPAFdpzvMOK0Dx+ETtwPMtJHy0fD/Wmz+HtTQg9raiS9R57EyOc+bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8BtQe1B8cEdOLRIPQ6/CkZyiKMvurZLfCvuE8Bmpob8=; b=D7TQj4oFpP0xA4k/SwUkhcQjYsi56qn1w7q1OaqhRL5Fq9oxiruBIIsDDlpdtC+Q1otS47ufSiFMZpJAPoYEMl+QHMpjwyNbct8JsdJ7N3lJm1WfQF1eBIGSaNc+PcW2p1si98THajS+Efma1L+DWpAsUhP75QfYJ8cdENSjgDTV5d2kh6aV6d+L7pIM+eJqJ3OgGot1+lfd2GgzwOj6x+JAdIaGW/2yWKFvjC5TJP6p8U8CxUsSMAbCNyELWm9eUcDhjLOR7ZwULtSKFI84QR6TYFc1IclujWk72WtBeqUsy5zS+6r5Y0OfhsPVJ7U2QZHPBnH6yE5XHA9KR9PAIQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8BtQe1B8cEdOLRIPQ6/CkZyiKMvurZLfCvuE8Bmpob8=; b=f2SqzAsYZRPO/uSz9bQrHpKhFE/SQyVhPIytrVANBUyY8B5jwYn+2BnleyAUQu970Q/M3NWokjdTGIarPcx9v1Kuj/koyQ9+x3hQVTVPKtCmFkloLWK5M7dkv+S0gSzXwutqxR8nDcbRL2mmf7gFm8jZ11snequ2WZ+kxmFiF9o= Received: from VI1PR04MB3168.eurprd04.prod.outlook.com (2603:10a6:802:6::10) by VI1PR04MB5695.eurprd04.prod.outlook.com (2603:10a6:803:e9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3109.25; Tue, 23 Jun 2020 18:06:49 +0000 Received: from VI1PR04MB3168.eurprd04.prod.outlook.com ([fe80::b077:1fe4:d352:b464]) by VI1PR04MB3168.eurprd04.prod.outlook.com ([fe80::b077:1fe4:d352:b464%7]) with mapi id 15.20.3109.027; Tue, 23 Jun 2020 18:06:49 +0000 From: Akhil Goyal To: David Coyle , "declan.doherty@intel.com" , "pablo.de.lara.guarch@intel.com" , "fiona.trahe@intel.com" , "roy.fan.zhang@intel.com" , "konstantin.ananyev@intel.com" CC: "dev@dpdk.org" , "thomas@monjalon.net" , "ferruh.yigit@intel.com" , "brendan.ryan@intel.com" , Hemant Agrawal , "anoobj@marvell.com" , "ruifeng.wang@arm.com" , "lironh@marvell.com" , "rnagadheeraj@marvell.com" , "jsrikanth@marvell.com" , Gagandeep Singh , "jianjay.zhou@huawei.com" , "ravi1.kumar@amd.com" , "bruce.richardson@intel.com" , "olivier.matz@6wind.com" , "honnappa.nagarahalli@arm.com" , "stephen@networkplumber.org" , "alexr@mellanox.com" , "jerinj@marvell.com" , Mairtin o Loingsigh Thread-Topic: [PATCH v2 2/6] security: add support for DOCSIS protocol Thread-Index: AQHWSUowNR5Nm4VatUSKxD7knuEdSajmfLdQ Date: Tue, 23 Jun 2020 18:06:48 +0000 Message-ID: References: <20200604151324.50704-1-david.coyle@intel.com> <20200623101423.9215-1-david.coyle@intel.com> <20200623101423.9215-3-david.coyle@intel.com> In-Reply-To: <20200623101423.9215-3-david.coyle@intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=nxp.com; x-originating-ip: [45.118.167.75] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 09749204-90d8-4b4c-22aa-08d817a0330c x-ms-traffictypediagnostic: VI1PR04MB5695: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:5516; x-forefront-prvs: 04433051BF x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: xdv/aS44Oqq0yxwXegWxHZIYYJ7UB8YGXsgj4vELWen0BjUIe1pEEvPS/WP6E607idrDtI8Akhede7SlB3N1r5UoBoFkTl5ypANQlrVaWmcB6UmCp5e3poRBxABkkieyfHqPrqDf+1TiUbPYmSqkYbnppaDbyQbx02bthFDWNNvwgrynKTnJtP932epGNrVtHhk5HQMAXaMEl4fmN/7aupYS1BClm7mIwkWQIhUyw1N82YSSpjalzvR5Mm2wSkVztyqm2dLPQTXcOpzkP1rvrH/8po6qqcW7u99xJKIviYTUVfFSxgwX0lcbvPBHX6MYHzPP7viUpezssKnaeLOmTw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR04MB3168.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(376002)(366004)(396003)(39850400004)(136003)(33656002)(76116006)(66946007)(55016002)(52536014)(186003)(9686003)(2906002)(8936002)(8676002)(54906003)(7696005)(4326008)(110136005)(7416002)(15650500001)(316002)(26005)(5660300002)(83380400001)(6506007)(71200400001)(64756008)(66476007)(66556008)(66446008)(478600001)(86362001)(44832011); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: nXcTAQXu8agFmW9rqeWz9ScmRyHUHYrDAF0Wt43T2pzFh0hGucBWEVoDAiU/TnAYBLKXbBGM0ugDxFjPhGOQceFjmeD60INkPKuz11VOAaSdN8T/NnMB4apsEkrTz0DmJa2ZKspUprJDxNgho/DrUESgxyciwYMi7wzU9R8z3PrCi2PYS0fn/WMZy1srPyi9czAENIf7CHqwfl7ZwWz5tjzBt5k4q8cbqwxAImXKXbJjZb3K+J2OIqb7U0u8RVZXUDuCEX+Iev1NC9HT6Kk46cA8Z7feafRksMEZXFTzAfYNqReUUgQAm9nDm/hG2G+oNwOgWEL4chBeOG75hHqNyEZf0f1BHFhqwKvlTnctS0j2VNt6CPJPkSDh1YijEwXErX/TJEgE9/Hk8qWjjeoKW/Hg0ajYWBsot9fRq7nOar02N5gY4KPgWOjO5L9f/b52vCYne+uRM5NlEq7CCiiCHioHzp09BKxmA2mQtydj2po= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 09749204-90d8-4b4c-22aa-08d817a0330c X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2020 18:06:48.9715 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: drcDW+cR22+6h1QzVjI+VWPdL6I9jgQKRG+bXgn7XYEz66shMDK3lExafShIT6vxKEKap257SlsQ7bXAaypp8g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB5695 Subject: Re: [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi David, > +/** DOCSIS direction */ > +enum rte_security_docsis_direction { > + RTE_SECURITY_DOCSIS_UPLINK, > + /**< Uplink > + * - Decryption, followed by CRC Verification > + */ > + RTE_SECURITY_DOCSIS_DOWNLINK, > + /**< Downlink > + * - CRC Generation, followed by Encryption > + */ > +}; > + > +/** > + * DOCSIS security session configuration. > + * > + * This structure contains data required to create a DOCSIS security ses= sion. > + */ > +struct rte_security_docsis_xform { > + enum rte_security_docsis_direction direction; > + /** DOCSIS direction */ > + uint16_t crc_size; > + /**< CRC size in bytes */ > +}; > + > /** > * Security session action type. > */ > @@ -325,6 +349,8 @@ enum rte_security_session_protocol { > /**< MACSec Protocol */ > RTE_SECURITY_PROTOCOL_PDCP, > /**< PDCP Protocol */ > + RTE_SECURITY_PROTOCOL_DOCSIS, > + /**< DOCSIS Protocol */ > }; >=20 > /** > @@ -340,6 +366,7 @@ struct rte_security_session_conf { > struct rte_security_ipsec_xform ipsec; > struct rte_security_macsec_xform macsec; > struct rte_security_pdcp_xform pdcp; > + struct rte_security_docsis_xform docsis; > }; > /**< Configuration parameters for security session */ > struct rte_crypto_sym_xform *crypto_xform; > @@ -355,6 +382,63 @@ struct rte_security_session { > /**< Opaque user defined data */ > }; >=20 > +/** > + * DOCSIS operation parameters > + */ > +struct rte_security_docsis_op { > + struct rte_crypto_sym_op crypto_sym; > + /**< Symmetric crypto operation parameters */ > + > + struct { > + uint16_t offset; > + /**< > + * Starting point for CRC processing, specified > + * as the number of bytes from start of the packet in > + * the source mbuf in crypto_sym > + */ > + uint16_t length; > + /**< > + * The length, in bytes, of the source mbuf on which the > + * CRC will be computed > + */ > + } crc; > + /**< CRC operation parameters */ As per my understanding, CRC is a kind of authentication. Can we reuse the = fields of rte_crypto_sym_op Auth.data.offset and auth.data.length. This way you can save the unnecessar= y 4 bytes here. Probably add Comment in the structure definition that it can be used as offset and lengt= h for CRC. And if you feel that reserved field is needed in near future, then you can = add a proper name to it or else You can do away with the rte_security_docsis_op itself as there will be no = other fields in it. > + > + uint64_t reserved; > + /**< Reserved for future use */ > +}; > + > +/** > + * Security operation types > + */ > +enum rte_security_op_type { > + RTE_SECURITY_OP_TYPE_DOCSIS =3D 1 > + /**< DOCSIS operation */ > +}; > + > +/** > + * Security operation parameters > + * > + * @note If the size of this struct changes, it may be also necessary to= update > + * the RTE_CRYPTO_OP_SECURITY_MAX_SZ define > + */ > +struct rte_security_op { > + enum rte_security_op_type type; > + /**< Type of operation */ > + RTE_STD_C11 > + union { > + struct rte_security_docsis_op docsis; > + }; > + /**< Parameters for security operation */ > +}; > + > +/* Macro to check the size of a struct at compile time */ > +#define _SECURITY_STRUCT_LEN_CHECK(n, X) enum > security_static_assert_enum_##X \ > + { security_static_assert_##X =3D (n)/((sizeof(struct X) <=3D (n)) ? 1 := 0) } > + > +/* Check the size of the rte_security_op struct */ > +_SECURITY_STRUCT_LEN_CHECK(RTE_CRYPTO_OP_SECURITY_MAX_SZ, > rte_security_op); > + > /** > * Create security session as specified by the session configuration > * > @@ -496,12 +580,22 @@ static inline int > rte_security_attach_session(struct rte_crypto_op *op, > struct rte_security_session *sess) > { > - if (unlikely(op->type !=3D RTE_CRYPTO_OP_TYPE_SYMMETRIC)) > - return -EINVAL; > + struct rte_security_op *s_op; > + int ret =3D -EINVAL; > + > + if (likely(op->type =3D=3D RTE_CRYPTO_OP_TYPE_SYMMETRIC)) { > + ret =3D __rte_security_attach_session(op->sym, sess); > + } else if (op->type =3D=3D RTE_CRYPTO_OP_TYPE_SECURITY) { > + s_op =3D (struct rte_security_op *)&op->security; > + if (s_op->type =3D=3D RTE_SECURITY_OP_TYPE_DOCSIS) > + ret =3D __rte_security_attach_session( > + &s_op->docsis.crypto_sym, > + sess); > + } >=20 > op->sess_type =3D RTE_CRYPTO_OP_SECURITY_SESSION; >=20 > - return __rte_security_attach_session(op->sym, sess); > + return ret; > } >=20 > struct rte_security_macsec_stats { > @@ -523,6 +617,10 @@ struct rte_security_pdcp_stats { > uint64_t reserved; > }; >=20 > +struct rte_security_docsis_stats { > + uint64_t reserved; > +}; > + > struct rte_security_stats { > enum rte_security_session_protocol protocol; > /**< Security protocol to be configured */ > @@ -532,6 +630,7 @@ struct rte_security_stats { > struct rte_security_macsec_stats macsec; > struct rte_security_ipsec_stats ipsec; > struct rte_security_pdcp_stats pdcp; > + struct rte_security_docsis_stats docsis; > }; > }; >=20 > @@ -591,6 +690,13 @@ struct rte_security_capability { > /**< Capability flags, see RTE_SECURITY_PDCP_* */ > } pdcp; > /**< PDCP capability */ > + struct { > + enum rte_security_docsis_direction direction; > + /**< DOCSIS direction */ > + uint16_t crc_size; > + /**< CRC size in bytes */ > + } docsis; > + /**< DOCSIS capability */ > }; >=20 > const struct rte_cryptodev_capabilities *crypto_capabilities; > @@ -649,6 +755,10 @@ struct rte_security_capability_idx { > enum rte_security_pdcp_domain domain; > uint32_t capa_flags; > } pdcp; > + struct { > + enum rte_security_docsis_direction direction; > + uint16_t crc_size; > + } docsis; > }; > }; >=20 > -- > 2.17.1