DPDK patches and discussions
 help / color / mirror / Atom feed
From: akhil.goyal@nxp.com
To: dev@dpdk.org
Cc: hemant.agrawal@nxp.com, anoobj@marvell.com,
	declan.doherty@intel.com, david.coyle@intel.com,
	Akhil Goyal <akhil.goyal@nxp.com>
Subject: [dpdk-dev] [PATCH 2/7] security: modify PDCP xform to support SDAP
Date: Thu,  3 Sep 2020 21:36:47 +0530
Message-ID: <20200903160652.31654-3-akhil.goyal@nxp.com> (raw)
In-Reply-To: <20200903160652.31654-1-akhil.goyal@nxp.com>

From: Akhil Goyal <akhil.goyal@nxp.com>

The SDAP is a protocol in the LTE stack on top of PDCP for
QOS. A particular PDCP session may or may not have
SDAP enabled. But if it is enabled, SDAP header should be
authenticated but not encrypted if both confidentiality and
integrity is enabled. Hence, the driver should be intimated
from the xform so that it skip the SDAP header while encryption.

A new field is added in the PDCP xform to specify SDAP is enabled.
The overall size of the xform is not changed, as hfn_ovrd is just
a flag and does not need uint32. Hence, it is converted to uint8_t
and a 16 bit reserved field is added for future.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/prog_guide/rte_security.rst | 19 ++++++++++++++++++-
 lib/librte_security/rte_security.h     | 12 ++++++++++--
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index 127da2e4f..ab535d1cd 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017 NXP
+    Copyright 2017,2020 NXP
 
 
 
@@ -693,6 +693,23 @@ PDCP related configuration parameters are defined in ``rte_security_pdcp_xform``
         uint32_t hfn;
         /** HFN Threshold for key renegotiation */
         uint32_t hfn_threshold;
+        /** HFN can be given as a per packet value also.
+         * As we do not have IV in case of PDCP, and HFN is
+         * used to generate IV. IV field can be used to get the
+         * per packet HFN while enq/deq.
+         * If hfn_ovrd field is set, user is expected to set the
+         * per packet HFN in place of IV. PMDs will extract the HFN
+         * and perform operations accordingly.
+         */
+         uint8_t hfn_ovrd;
+         /** In case of 5G NR, a new protocol(SDAP) header may be set
+          * inside PDCP payload which should be authenticated but not
+          * encrypted. Hence, driver should be notified if SDAP is
+          * enabled or not, so that SDAP header is not encrypted.
+          */
+         uint8_t sdap_enabled;
+         /** Reserved for future */
+         uint16_t reserved;
     };
 
 DOCSIS related configuration parameters are defined in ``rte_security_docsis_xform``
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 16839e539..48b377b20 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2020 NXP
  * Copyright(c) 2017-2020 Intel Corporation.
  */
 
@@ -290,7 +290,15 @@ struct rte_security_pdcp_xform {
 	 * per packet HFN in place of IV. PMDs will extract the HFN
 	 * and perform operations accordingly.
 	 */
-	uint32_t hfn_ovrd;
+	uint8_t hfn_ovrd;
+	/** In case of 5G NR, a new protocol(SDAP) header may be set
+	 * inside PDCP payload which should be authenticated but not
+	 * encrypted. Hence, driver should be notified if SDAP is
+	 * enabled or not, so that SDAP header is not encrypted.
+	 */
+	uint8_t sdap_enabled;
+	/** Reserved for future */
+	uint16_t reserved;
 };
 
 /** DOCSIS direction */
-- 
2.17.1


  parent reply	other threads:[~2020-09-03 16:07 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-03 16:06 [dpdk-dev] [PATCH 0/7] support PDCP-SDAP for dpaa2_sec akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 1/7] common/dpaax/caamflib: Support PDCP-SDAP akhil.goyal
2020-09-03 16:06 ` akhil.goyal [this message]
2020-10-05 18:04   ` [dpdk-dev] [PATCH 2/7] security: modify PDCP xform to support SDAP Coyle, David
2020-10-08  9:01     ` Akhil Goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 3/7] crypto/dpaa2_sec: enable PDCP-SDAP sessions akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 4/7] crypto/dpaa_sec: " akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 5/7] test/crypto: Add test vectors for PDCP-SDAP akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 6/7] test/crypto: Modify test_pdcp_proto to take parameters akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 7/7] test/crypto: Add PDCP-SDAP cases akhil.goyal
2020-10-11 21:33 ` [dpdk-dev] [PATCH v2 0/8] support PDCP-SDAP for dpaa2_sec Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 1/8] common/dpaax/caamflib: Support PDCP-SDAP Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 2/8] security: modify PDCP xform to support SDAP Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 3/8] doc: remove unnecessary API code from security guide Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 4/8] crypto/dpaa2_sec: enable PDCP-SDAP sessions Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 5/8] crypto/dpaa_sec: " Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 6/8] test/crypto: Add test vectors for PDCP-SDAP Akhil Goyal
2020-10-11 21:49     ` Thomas Monjalon
2020-10-12 14:01       ` Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 7/8] test/crypto: Modify test_pdcp_proto to take parameters Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 8/8] test/crypto: Add PDCP-SDAP cases Akhil Goyal
2020-10-12 14:09   ` [dpdk-dev] [PATCH v3 0/8] support PDCP-SDAP for dpaa2_sec Akhil Goyal
2020-10-12 14:09     ` [dpdk-dev] [PATCH v3 1/8] common/dpaax/caamflib: Support PDCP-SDAP Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 2/8] security: modify PDCP xform to support SDAP Akhil Goyal
2020-10-14  7:46       ` Thomas Monjalon
2020-10-14 20:26         ` Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 3/8] doc: remove unnecessary API code from security guide Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 4/8] crypto/dpaa2_sec: enable PDCP-SDAP sessions Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 5/8] crypto/dpaa_sec: " Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: Add test vectors for PDCP-SDAP Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: Modify test_pdcp_proto to take parameters Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: Add PDCP-SDAP cases Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200903160652.31654-3-akhil.goyal@nxp.com \
    --to=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=david.coyle@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=hemant.agrawal@nxp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git