From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 65DA5A04BF;
	Thu,  3 Sep 2020 18:07:12 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 0D7211C0CE;
	Thu,  3 Sep 2020 18:07:04 +0200 (CEST)
Received: from inva020.nxp.com (inva020.nxp.com [92.121.34.13])
 by dpdk.org (Postfix) with ESMTP id A3F1E1C0C0
 for <dev@dpdk.org>; Thu,  3 Sep 2020 18:07:02 +0200 (CEST)
Received: from inva020.nxp.com (localhost [127.0.0.1])
 by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id 760C21A0EDA;
 Thu,  3 Sep 2020 18:07:02 +0200 (CEST)
Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com
 [165.114.16.14])
 by inva020.eu-rdc02.nxp.com (Postfix) with ESMTP id B27281A0405;
 Thu,  3 Sep 2020 18:06:59 +0200 (CEST)
Received: from lsv03273.swis.in-blr01.nxp.com (lsv03273.swis.in-blr01.nxp.com
 [92.120.147.113])
 by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 469EC402D9;
 Thu,  3 Sep 2020 18:06:56 +0200 (CEST)
From: akhil.goyal@nxp.com
To: dev@dpdk.org
Cc: hemant.agrawal@nxp.com, anoobj@marvell.com, declan.doherty@intel.com,
 david.coyle@intel.com, Akhil Goyal <akhil.goyal@nxp.com>
Date: Thu,  3 Sep 2020 21:36:47 +0530
Message-Id: <20200903160652.31654-3-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200903160652.31654-1-akhil.goyal@nxp.com>
References: <20200903160652.31654-1-akhil.goyal@nxp.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [dpdk-dev] [PATCH 2/7] security: modify PDCP xform to support SDAP
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Akhil Goyal <akhil.goyal@nxp.com>

The SDAP is a protocol in the LTE stack on top of PDCP for
QOS. A particular PDCP session may or may not have
SDAP enabled. But if it is enabled, SDAP header should be
authenticated but not encrypted if both confidentiality and
integrity is enabled. Hence, the driver should be intimated
from the xform so that it skip the SDAP header while encryption.

A new field is added in the PDCP xform to specify SDAP is enabled.
The overall size of the xform is not changed, as hfn_ovrd is just
a flag and does not need uint32. Hence, it is converted to uint8_t
and a 16 bit reserved field is added for future.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/prog_guide/rte_security.rst | 19 ++++++++++++++++++-
 lib/librte_security/rte_security.h     | 12 ++++++++++--
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index 127da2e4f..ab535d1cd 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017 NXP
+    Copyright 2017,2020 NXP
 
 
 
@@ -693,6 +693,23 @@ PDCP related configuration parameters are defined in ``rte_security_pdcp_xform``
         uint32_t hfn;
         /** HFN Threshold for key renegotiation */
         uint32_t hfn_threshold;
+        /** HFN can be given as a per packet value also.
+         * As we do not have IV in case of PDCP, and HFN is
+         * used to generate IV. IV field can be used to get the
+         * per packet HFN while enq/deq.
+         * If hfn_ovrd field is set, user is expected to set the
+         * per packet HFN in place of IV. PMDs will extract the HFN
+         * and perform operations accordingly.
+         */
+         uint8_t hfn_ovrd;
+         /** In case of 5G NR, a new protocol(SDAP) header may be set
+          * inside PDCP payload which should be authenticated but not
+          * encrypted. Hence, driver should be notified if SDAP is
+          * enabled or not, so that SDAP header is not encrypted.
+          */
+         uint8_t sdap_enabled;
+         /** Reserved for future */
+         uint16_t reserved;
     };
 
 DOCSIS related configuration parameters are defined in ``rte_security_docsis_xform``
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 16839e539..48b377b20 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2020 NXP
  * Copyright(c) 2017-2020 Intel Corporation.
  */
 
@@ -290,7 +290,15 @@ struct rte_security_pdcp_xform {
 	 * per packet HFN in place of IV. PMDs will extract the HFN
 	 * and perform operations accordingly.
 	 */
-	uint32_t hfn_ovrd;
+	uint8_t hfn_ovrd;
+	/** In case of 5G NR, a new protocol(SDAP) header may be set
+	 * inside PDCP payload which should be authenticated but not
+	 * encrypted. Hence, driver should be notified if SDAP is
+	 * enabled or not, so that SDAP header is not encrypted.
+	 */
+	uint8_t sdap_enabled;
+	/** Reserved for future */
+	uint16_t reserved;
 };
 
 /** DOCSIS direction */
-- 
2.17.1