From: Gagandeep Singh <g.singh@nxp.com>
To: gakhil@marvell.com, dev@dpdk.org
Cc: thomas@monjalon.net, Hemant Agrawal <hemant.agrawal@nxp.com>,
Gagandeep Singh <g.singh@nxp.com>
Subject: [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I
Date: Tue, 7 Sep 2021 14:26:02 +0530 [thread overview]
Message-ID: <20210907085605.3010882-3-g.singh@nxp.com> (raw)
In-Reply-To: <20210907085605.3010882-1-g.singh@nxp.com>
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treated as special case with PDCP protocol offload support.
ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.
MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++-
doc/guides/prog_guide/rte_security.rst | 11 ++++++++-
doc/guides/tools/cryptoperf.rst | 4 ++--
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++----------
lib/security/rte_security.h | 1 +
5 files changed, 33 insertions(+), 16 deletions(-)
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56cfaa..0348972c85 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
const char *cperf_pdcp_domain_strs[] = {
[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
- [RTE_SECURITY_PDCP_MODE_DATA] = "data"
+ [RTE_SECURITY_PDCP_MODE_DATA] = "data",
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
};
static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
cperf_pdcp_domain_strs
[RTE_SECURITY_PDCP_MODE_DATA],
RTE_SECURITY_PDCP_MODE_DATA
+ },
+ {
+ cperf_pdcp_domain_strs
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC
}
};
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78f..ad92c16868 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright 2017,2020 NXP
+ Copyright 2017,2020-2021 NXP
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
},
.crypto_capabilities = pmd_capabilities
},
+ { /* PDCP Lookaside Protocol offload short MAC-I */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+ .pdcp = {
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .capa_flags = 0
+ },
+ .crypto_capabilities = pmd_capabilities
+ },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be3109054d..d3963f23e3 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -316,9 +316,9 @@ The following are the application command-line options:
Set PDCP sequence number size(n) in bits. Valid values of n will
be 5/7/12/15/18.
-* ``--pdcp-domain <control/user>``
+* ``--pdcp-domain <control/user/short_mac>``
- Set PDCP domain to specify Control/user plane.
+ Set PDCP domain to specify short_mac/control/user plane.
* ``--docsis-hdr-sz <n>``
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1ccead3641..4438486a8b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3102,7 +3102,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
struct rte_crypto_sym_xform *xform = conf->crypto_xform;
struct rte_crypto_auth_xform *auth_xform = NULL;
- struct rte_crypto_cipher_xform *cipher_xform;
+ struct rte_crypto_cipher_xform *cipher_xform = NULL;
dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
struct ctxt_priv *priv;
struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3134,18 +3134,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
flc = &priv->flc_desc[0].flc;
/* find xfrm types */
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
- cipher_xform = &xform->cipher;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
- session->ext_params.aead_ctxt.auth_cipher_text = true;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
cipher_xform = &xform->cipher;
- auth_xform = &xform->next->auth;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- session->ext_params.aead_ctxt.auth_cipher_text = false;
- cipher_xform = &xform->next->cipher;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = true;
+ auth_xform = &xform->next->auth;
+ }
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &xform->auth;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = false;
+ cipher_xform = &xform->next->cipher;
+ }
} else {
DPAA2_SEC_ERR("Invalid crypto type");
return -EINVAL;
@@ -3184,7 +3184,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
/* hfv ovd offset location is stored in iv.offset value*/
- session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+ if (cipher_xform)
+ session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
cipherdata.key = (size_t)session->cipher_key.data;
cipherdata.keylen = session->cipher_key.length;
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2e136d7929 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
enum rte_security_pdcp_domain {
RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */
RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac */
};
/** PDCP Frame direction */
--
2.25.1
next prev parent reply other threads:[~2021-09-07 8:56 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
2021-09-02 11:38 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-26 11:23 ` [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support Gagandeep Singh
2021-09-02 11:34 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-26 11:23 ` [dpdk-dev] [PATCH 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
2021-09-08 12:15 ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-08 12:33 ` Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 2/5] security: add pdcp short MAC-I support Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-08 12:51 ` [dpdk-dev] [PATCH v4 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-08 15:21 ` [dpdk-dev] [EXT] [PATCH v4 0/5] support of MAC-I Akhil Goyal
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 2/4] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 3/4] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-08 12:01 ` [dpdk-dev] [PATCH v3 4/4] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 8:56 ` Gagandeep Singh [this message]
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-07 8:56 ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 11:46 ` [dpdk-dev] [EXT] [PATCH v2 0/5] support of MAC-I Akhil Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210907085605.3010882-3-g.singh@nxp.com \
--to=g.singh@nxp.com \
--cc=dev@dpdk.org \
--cc=gakhil@marvell.com \
--cc=hemant.agrawal@nxp.com \
--cc=thomas@monjalon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).