From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
roy.fan.zhang@intel.com, konstantin.ananyev@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
brendan.ryan@intel.com, hemant.agrawal@nxp.com,
anoobj@marvell.com, ruifeng.wang@arm.com, lironh@marvell.com,
rnagadheeraj@marvell.com, jsrikanth@marvell.com, G.Singh@nxp.com,
jianjay.zhou@huawei.com, ravi1.kumar@amd.com,
bruce.richardson@intel.com, olivier.matz@6wind.com,
honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
alexr@mellanox.com, jerinj@marvell.com,
David Coyle <david.coyle@intel.com>,
Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Subject: [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol
Date: Tue, 23 Jun 2020 11:14:19 +0100 [thread overview]
Message-ID: <20200623101423.9215-3-david.coyle@intel.com> (raw)
In-Reply-To: <20200623101423.9215-1-david.coyle@intel.com>
Add support for DOCSIS protocol to rte_security library. This support
currently comprises the combination of Crypto and CRC operations.
A security operation definition is also added. This allow security
protocol related parameters be specified at the operation level. For
DOCSIS, these parameters include CRC length and offset. The security
operation is accessed via a crypto operation.
Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
lib/librte_security/rte_security.c | 7 ++
lib/librte_security/rte_security.h | 116 ++++++++++++++++++++++++++++-
2 files changed, 120 insertions(+), 3 deletions(-)
diff --git a/lib/librte_security/rte_security.c b/lib/librte_security/rte_security.c
index dc9a3e89c..e3844bf7e 100644
--- a/lib/librte_security/rte_security.c
+++ b/lib/librte_security/rte_security.c
@@ -173,6 +173,13 @@ rte_security_capability_get(struct rte_security_ctx *instance,
if (capability->pdcp.domain ==
idx->pdcp.domain)
return capability;
+ } else if (idx->protocol ==
+ RTE_SECURITY_PROTOCOL_DOCSIS) {
+ if (capability->docsis.direction ==
+ idx->docsis.direction &&
+ capability->docsis.crc_size ==
+ idx->docsis.crc_size)
+ return capability;
}
}
}
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 747830d67..25e3179e9 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -293,6 +293,30 @@ struct rte_security_pdcp_xform {
uint32_t hfn_ovrd;
};
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+ RTE_SECURITY_DOCSIS_UPLINK,
+ /**< Uplink
+ * - Decryption, followed by CRC Verification
+ */
+ RTE_SECURITY_DOCSIS_DOWNLINK,
+ /**< Downlink
+ * - CRC Generation, followed by Encryption
+ */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+ enum rte_security_docsis_direction direction;
+ /** DOCSIS direction */
+ uint16_t crc_size;
+ /**< CRC size in bytes */
+};
+
/**
* Security session action type.
*/
@@ -325,6 +349,8 @@ enum rte_security_session_protocol {
/**< MACSec Protocol */
RTE_SECURITY_PROTOCOL_PDCP,
/**< PDCP Protocol */
+ RTE_SECURITY_PROTOCOL_DOCSIS,
+ /**< DOCSIS Protocol */
};
/**
@@ -340,6 +366,7 @@ struct rte_security_session_conf {
struct rte_security_ipsec_xform ipsec;
struct rte_security_macsec_xform macsec;
struct rte_security_pdcp_xform pdcp;
+ struct rte_security_docsis_xform docsis;
};
/**< Configuration parameters for security session */
struct rte_crypto_sym_xform *crypto_xform;
@@ -355,6 +382,63 @@ struct rte_security_session {
/**< Opaque user defined data */
};
+/**
+ * DOCSIS operation parameters
+ */
+struct rte_security_docsis_op {
+ struct rte_crypto_sym_op crypto_sym;
+ /**< Symmetric crypto operation parameters */
+
+ struct {
+ uint16_t offset;
+ /**<
+ * Starting point for CRC processing, specified
+ * as the number of bytes from start of the packet in
+ * the source mbuf in crypto_sym
+ */
+ uint16_t length;
+ /**<
+ * The length, in bytes, of the source mbuf on which the
+ * CRC will be computed
+ */
+ } crc;
+ /**< CRC operation parameters */
+
+ uint64_t reserved;
+ /**< Reserved for future use */
+};
+
+/**
+ * Security operation types
+ */
+enum rte_security_op_type {
+ RTE_SECURITY_OP_TYPE_DOCSIS = 1
+ /**< DOCSIS operation */
+};
+
+/**
+ * Security operation parameters
+ *
+ * @note If the size of this struct changes, it may be also necessary to update
+ * the RTE_CRYPTO_OP_SECURITY_MAX_SZ define
+ */
+struct rte_security_op {
+ enum rte_security_op_type type;
+ /**< Type of operation */
+ RTE_STD_C11
+ union {
+ struct rte_security_docsis_op docsis;
+ };
+ /**< Parameters for security operation */
+};
+
+/* Macro to check the size of a struct at compile time */
+#define _SECURITY_STRUCT_LEN_CHECK(n, X) enum security_static_assert_enum_##X \
+ { security_static_assert_##X = (n)/((sizeof(struct X) <= (n)) ? 1 : 0) }
+
+/* Check the size of the rte_security_op struct */
+_SECURITY_STRUCT_LEN_CHECK(RTE_CRYPTO_OP_SECURITY_MAX_SZ, rte_security_op);
+
/**
* Create security session as specified by the session configuration
*
@@ -496,12 +580,22 @@ static inline int
rte_security_attach_session(struct rte_crypto_op *op,
struct rte_security_session *sess)
{
- if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
- return -EINVAL;
+ struct rte_security_op *s_op;
+ int ret = -EINVAL;
+
+ if (likely(op->type == RTE_CRYPTO_OP_TYPE_SYMMETRIC)) {
+ ret = __rte_security_attach_session(op->sym, sess);
+ } else if (op->type == RTE_CRYPTO_OP_TYPE_SECURITY) {
+ s_op = (struct rte_security_op *)&op->security;
+ if (s_op->type == RTE_SECURITY_OP_TYPE_DOCSIS)
+ ret = __rte_security_attach_session(
+ &s_op->docsis.crypto_sym,
+ sess);
+ }
op->sess_type = RTE_CRYPTO_OP_SECURITY_SESSION;
- return __rte_security_attach_session(op->sym, sess);
+ return ret;
}
struct rte_security_macsec_stats {
@@ -523,6 +617,10 @@ struct rte_security_pdcp_stats {
uint64_t reserved;
};
+struct rte_security_docsis_stats {
+ uint64_t reserved;
+};
+
struct rte_security_stats {
enum rte_security_session_protocol protocol;
/**< Security protocol to be configured */
@@ -532,6 +630,7 @@ struct rte_security_stats {
struct rte_security_macsec_stats macsec;
struct rte_security_ipsec_stats ipsec;
struct rte_security_pdcp_stats pdcp;
+ struct rte_security_docsis_stats docsis;
};
};
@@ -591,6 +690,13 @@ struct rte_security_capability {
/**< Capability flags, see RTE_SECURITY_PDCP_* */
} pdcp;
/**< PDCP capability */
+ struct {
+ enum rte_security_docsis_direction direction;
+ /**< DOCSIS direction */
+ uint16_t crc_size;
+ /**< CRC size in bytes */
+ } docsis;
+ /**< DOCSIS capability */
};
const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -649,6 +755,10 @@ struct rte_security_capability_idx {
enum rte_security_pdcp_domain domain;
uint32_t capa_flags;
} pdcp;
+ struct {
+ enum rte_security_docsis_direction direction;
+ uint16_t crc_size;
+ } docsis;
};
};
--
2.17.1
next prev parent reply other threads:[~2020-06-23 10:36 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-10 14:27 [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-function processing David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 1/4] raw/common: add multi-function interface David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 2/4] raw/aesni_mb_mfn: add aesni_mb_mfn raw device PMD David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 3/4] test/rawdev: add aesni_mb_mfn raw device tests David Coyle
2020-04-10 14:27 ` [dpdk-dev] [PATCH v3 4/4] doc: update docs for aesni_mb_mfn raw device PMD David Coyle
2020-04-10 22:55 ` [dpdk-dev] [PATCH v3 0/4] add AESNI-MB rawdev for multi-function processing Thomas Monjalon
2020-04-14 10:21 ` Ferruh Yigit
2020-04-14 10:32 ` Thomas Monjalon
2020-04-14 13:04 ` Trahe, Fiona
2020-04-14 13:24 ` Thomas Monjalon
2020-04-14 14:02 ` Trahe, Fiona
2020-04-14 14:44 ` Thomas Monjalon
2020-04-15 22:19 ` Doherty, Declan
2020-04-15 22:33 ` Thomas Monjalon
2020-04-21 16:46 ` Doherty, Declan
2020-04-21 17:23 ` Coyle, David
2020-04-22 10:51 ` Akhil Goyal
2020-04-22 13:17 ` Coyle, David
2020-04-22 13:44 ` Akhil Goyal
2020-04-22 14:21 ` Coyle, David
2020-05-01 13:18 ` Zhang, Roy Fan
2020-05-12 17:32 ` Coyle, David
2020-04-22 14:01 ` Kevin Traynor
2020-04-22 14:41 ` Coyle, David
2020-04-21 17:25 ` Thomas Monjalon
2020-04-21 18:37 ` Coyle, David
2020-04-21 21:51 ` Thomas Monjalon
2020-06-04 15:13 ` [dpdk-dev] [PATCH 0/3] add support for DOCSIS protocol to security library David Coyle
2020-06-04 15:13 ` [dpdk-dev] [PATCH 1/3] security: add support for DOCSIS protocol David Coyle
2020-06-04 15:13 ` [dpdk-dev] [PATCH 2/3] cryptodev: add security operation to crypto operation David Coyle
2020-06-09 13:23 ` Ananyev, Konstantin
2020-06-09 13:50 ` Coyle, David
2020-06-10 10:40 ` Ananyev, Konstantin
2020-06-10 12:02 ` Coyle, David
2020-06-11 12:21 ` Ananyev, Konstantin
2020-06-11 14:01 ` Coyle, David
2020-06-23 18:38 ` Akhil Goyal
2020-06-24 14:11 ` Coyle, David
2020-06-04 15:13 ` [dpdk-dev] [PATCH 3/3] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 0/6] " David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 1/6] cryptodev: add security operation to crypto operation David Coyle
2020-06-23 10:14 ` David Coyle [this message]
2020-06-23 17:29 ` [dpdk-dev] [PATCH v2 2/6] security: add support for DOCSIS protocol De Lara Guarch, Pablo
2020-06-26 15:15 ` Coyle, David
2020-06-23 18:06 ` Akhil Goyal
2020-06-24 14:25 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 3/6] crypto/aesni_mb: " David Coyle
2020-06-23 17:57 ` De Lara Guarch, Pablo
2020-06-26 15:13 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 4/6] crypto/qat: " David Coyle
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 5/6] test/crypto: add DOCSIS security test cases David Coyle
2020-06-23 18:04 ` De Lara Guarch, Pablo
2020-06-26 15:14 ` Coyle, David
2020-06-23 10:14 ` [dpdk-dev] [PATCH v2 6/6] test/security: add DOCSIS capability check tests David Coyle
2020-06-23 14:51 ` [dpdk-dev] [PATCH v2 0/6] add support for DOCSIS protocol David Marchand
2020-06-23 15:18 ` Coyle, David
2020-06-23 15:38 ` David Marchand
2020-06-23 15:56 ` Coyle, David
2020-06-23 16:22 ` David Marchand
2020-06-23 16:27 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 0/8] " David Coyle
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 1/8] security: " David Coyle
2020-07-01 21:41 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add a note regarding DOCSIS protocol support David Coyle
2020-07-01 21:42 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 3/8] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-07-01 17:04 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 4/8] crypto/qat: " David Coyle
2020-07-01 17:04 ` Coyle, David
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add DOCSIS security test cases David Coyle
2020-07-01 21:43 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 6/8] test/security: add DOCSIS capability check tests David Coyle
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 7/8] app/crypto-perf: add support for DOCSIS protocol David Coyle
2020-07-01 21:44 ` Akhil Goyal
2020-06-30 16:30 ` [dpdk-dev] [PATCH v3 8/8] doc: add doc updates for DOCSIS security protocol David Coyle
2020-06-30 18:33 ` Akhil Goyal
2020-07-01 17:03 ` Coyle, David
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 0/7] add support for DOCSIS protocol David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 1/7] security: " David Coyle
2020-07-03 17:50 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 2/7] cryptodev: add a note regarding DOCSIS protocol support David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 3/7] crypto/aesni_mb: add support for DOCSIS protocol David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-04 19:55 ` Akhil Goyal
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 4/7] crypto/qat: " David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 5/7] test/crypto: add DOCSIS security test cases David Coyle
2020-07-03 17:56 ` De Lara Guarch, Pablo
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 6/7] test/security: add DOCSIS capability check tests David Coyle
2020-07-03 12:39 ` [dpdk-dev] [PATCH v4 7/7] app/crypto-perf: add support for DOCSIS protocol David Coyle
2020-07-03 17:57 ` De Lara Guarch, Pablo
2020-07-04 19:54 ` [dpdk-dev] [PATCH v4 0/7] " Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623101423.9215-3-david.coyle@intel.com \
--to=david.coyle@intel.com \
--cc=G.Singh@nxp.com \
--cc=akhil.goyal@nxp.com \
--cc=alexr@mellanox.com \
--cc=anoobj@marvell.com \
--cc=brendan.ryan@intel.com \
--cc=bruce.richardson@intel.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=fiona.trahe@intel.com \
--cc=hemant.agrawal@nxp.com \
--cc=honnappa.nagarahalli@arm.com \
--cc=jerinj@marvell.com \
--cc=jianjay.zhou@huawei.com \
--cc=jsrikanth@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=lironh@marvell.com \
--cc=mairtin.oloingsigh@intel.com \
--cc=olivier.matz@6wind.com \
--cc=pablo.de.lara.guarch@intel.com \
--cc=ravi1.kumar@amd.com \
--cc=rnagadheeraj@marvell.com \
--cc=roy.fan.zhang@intel.com \
--cc=ruifeng.wang@arm.com \
--cc=stephen@networkplumber.org \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).