From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 263D7A04B6;
	Mon, 12 Oct 2020 16:10:42 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id D1A791D735;
	Mon, 12 Oct 2020 16:10:21 +0200 (CEST)
Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21])
 by dpdk.org (Postfix) with ESMTP id 113021D6E2;
 Mon, 12 Oct 2020 16:10:19 +0200 (CEST)
Received: from inva021.nxp.com (localhost [127.0.0.1])
 by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id CF7F2200E1D;
 Mon, 12 Oct 2020 16:10:17 +0200 (CEST)
Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com
 [165.114.16.14])
 by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 7739C200E20;
 Mon, 12 Oct 2020 16:10:14 +0200 (CEST)
Received: from lsv03273.swis.in-blr01.nxp.com (lsv03273.swis.in-blr01.nxp.com
 [92.120.147.113])
 by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 45F0640313;
 Mon, 12 Oct 2020 16:10:10 +0200 (CEST)
From: Akhil Goyal <akhil.goyal@nxp.com>
To: dev@dpdk.org,
	techboard@dpdk.org
Cc: thomas@monjalon.net, anoobj@marvell.com, hemant.agrawal@nxp.com,
 declan.doherty@intel.com, david.coyle@intel.com,
 Akhil Goyal <akhil.goyal@nxp.com>
Date: Mon, 12 Oct 2020 19:40:00 +0530
Message-Id: <20201012141006.31463-3-akhil.goyal@nxp.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201012141006.31463-1-akhil.goyal@nxp.com>
References: <20201011213403.21169-1-akhil.goyal@nxp.com>
 <20201012141006.31463-1-akhil.goyal@nxp.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [dpdk-dev] [PATCH v3 2/8] security: modify PDCP xform to support
	SDAP
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The SDAP is a protocol in the LTE stack on top of PDCP for
QOS. A particular PDCP session may or may not have
SDAP enabled. But if it is enabled, SDAP header should be
authenticated but not encrypted if both confidentiality and
integrity is enabled. Hence, the driver should be intimated
from the xform so that it skip the SDAP header while encryption.

A new field is added in the PDCP xform to specify SDAP is enabled.
The overall size of the xform is not changed, as hfn_ovrd is just
a flag and does not need uint32. Hence, it is converted to uint8_t
and a 16 bit reserved field is added for future.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/rel_notes/release_20_11.rst |  9 +++++++++
 lib/librte_security/rte_security.h     | 12 ++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index c34ab5493..fad91487a 100644
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -103,6 +103,11 @@ New Features
   also known as Mount Bryce.  See the
   :doc:`../bbdevs/acc100` BBDEV guide for more details on this new driver.
 
+* **Updated rte_security library to support SDAP.**
+
+  ``rte_security_pdcp_xform`` in ``rte_security`` lib is updated to enable
+  5G NR processing of SDAP header in PMDs.
+
 * **Updated Virtio driver.**
 
   * Added support for Vhost-vDPA backend to Virtio-user PMD.
@@ -307,6 +312,10 @@ API Changes
   ``rte_fpga_lte_fec_configure`` and structure ``fpga_lte_fec_conf`` to
   ``rte_fpga_lte_fec_conf``.
 
+* security: ``hfn_ovrd`` field in ``rte_security_pdcp_xform`` is changed from
+  ``uint32_t`` to ``uint8_t`` so that a new field ``sdap_enabled`` can be added
+  to support SDAP.
+
 
 ABI Changes
 -----------
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 16839e539..c259b35e0 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2020 NXP
  * Copyright(c) 2017-2020 Intel Corporation.
  */
 
@@ -290,7 +290,15 @@ struct rte_security_pdcp_xform {
 	 * per packet HFN in place of IV. PMDs will extract the HFN
 	 * and perform operations accordingly.
 	 */
-	uint32_t hfn_ovrd;
+	uint8_t hfn_ovrd;
+	/** In case of 5G NR, a new protocol (SDAP) header may be set
+	 * inside PDCP payload which should be authenticated but not
+	 * encrypted. Hence, driver should be notified if SDAP is
+	 * enabled or not, so that SDAP header is not encrypted.
+	 */
+	uint8_t sdap_enabled;
+	/** Reserved for future */
+	uint16_t reserved;
 };
 
 /** DOCSIS direction */
-- 
2.17.1