DPDK patches and discussions
 help / color / mirror / Atom feed
* [dpdk-dev] [PATCH 0/5] support of MAC-I
@ 2021-08-26 11:23 Gagandeep Singh
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
                   ` (5 more replies)
  0 siblings, 6 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-08-26 11:23 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This series add support of Message Authentication Code
- Integrity on DPAAX platforms.

Gagandeep Singh (4):
  common/dpaax: fix IV value for shortMAC-I for SNOW algo
  test/crypto: add pdcp security short MAC-I support
  crypto/dpaa2_sec: add PDCP short MAC-I support
  crypto/dpaa_sec: add pdcp short MAC-I support

Hemant Agrawal (1):
  security: add pdcp short MAC-I support

 app/test-crypto-perf/cperf_options_parsing.c  |   8 +-
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 doc/guides/prog_guide/rte_security.rst        |  11 +-
 doc/guides/tools/cryptoperf.rst               |   2 +-
 drivers/common/dpaax/caamflib/desc/pdcp.h     |   7 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |   4 +
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |   9 ++
 drivers/crypto/dpaa_sec/dpaa_sec.c            |   3 +
 drivers/crypto/dpaa_sec/dpaa_sec.h            |  11 +-
 lib/security/rte_security.h                   |   1 +
 11 files changed, 201 insertions(+), 8 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo
  2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
@ 2021-08-26 11:23 ` Gagandeep Singh
  2021-09-02 11:38   ` [dpdk-dev] [EXT] " Akhil Goyal
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support Gagandeep Singh
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 29+ messages in thread
From: Gagandeep Singh @ 2021-08-26 11:23 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh, stable

The logic was incorecly doing conditional swap. It need to
be bit swap always.

Fixes: 73a24060cd70 ("crypto/dpaa2_sec: add sample PDCP descriptor APIs")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 659e289a45..041c66cfba 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
  * Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2020 NXP
+ * Copyright 2019-2021 NXP
  */
 
 #ifndef __DESC_PDCP_H__
@@ -3710,9 +3710,10 @@ cnstr_shdsc_pdcp_short_mac(uint32_t *descbuf,
 		break;
 
 	case PDCP_AUTH_TYPE_SNOW:
+		/* IV calculation based on 3GPP specs. 36331, section:5.3.7.4 */
 		iv[0] = 0xFFFFFFFF;
-		iv[1] = swap ? swab32(0x04000000) : 0x04000000;
-		iv[2] = swap ? swab32(0xF8000000) : 0xF8000000;
+		iv[1] = swab32(0x04000000);
+		iv[2] = swab32(0xF8000000);
 
 		KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
 		    authdata->keylen, INLINE_KEY(authdata));
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support
  2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
@ 2021-08-26 11:23 ` Gagandeep Singh
  2021-09-02 11:34   ` [dpdk-dev] [EXT] " Akhil Goyal
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 3/5] test/crypto: add pdcp security " Gagandeep Singh
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 29+ messages in thread
From: Gagandeep Singh @ 2021-08-26 11:23 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Hemant Agrawal, Gagandeep Singh

From: Hemant Agrawal <hemant.agrawal@nxp.com>

This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treaty as special case with PDCP protocol offload support.

ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.

MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 app/test-crypto-perf/cperf_options_parsing.c |  8 +++++++-
 doc/guides/prog_guide/rte_security.rst       | 11 ++++++++++-
 doc/guides/tools/cryptoperf.rst              |  2 +-
 lib/security/rte_security.h                  |  1 +
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56cfaa..0348972c85 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
 
 const char *cperf_pdcp_domain_strs[] = {
 	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
-	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
+	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
+	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
 };
 
 static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
 			cperf_pdcp_domain_strs
 			[RTE_SECURITY_PDCP_MODE_DATA],
 			RTE_SECURITY_PDCP_MODE_DATA
+		},
+		{
+			cperf_pdcp_domain_strs
+			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+			RTE_SECURITY_PDCP_MODE_SHORT_MAC
 		}
 	};
 
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78f..ad92c16868 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017,2020 NXP
+    Copyright 2017,2020-2021 NXP
 
 
 
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
                 },
                 .crypto_capabilities = pmd_capabilities
         },
+	{ /* PDCP Lookaside Protocol offload short MAC-I */
+                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+                .pdcp = {
+                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+                        .capa_flags = 0
+                },
+                .crypto_capabilities = pmd_capabilities
+        },
         {
                 .action = RTE_SECURITY_ACTION_TYPE_NONE
         }
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be3109054d..9a7b990596 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -318,7 +318,7 @@ The following are the application command-line options:
 
 * ``--pdcp-domain <control/user>``
 
-        Set PDCP domain to specify Control/user plane.
+        Set PDCP domain to specify short_mac/control/user plane.
 
 * ``--docsis-hdr-sz <n>``
 
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2e136d7929 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
 enum rte_security_pdcp_domain {
 	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control plane */
 	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
+	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac */
 };
 
 /** PDCP Frame direction */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH 3/5] test/crypto: add pdcp security short MAC-I support
  2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support Gagandeep Singh
@ 2021-08-26 11:23 ` Gagandeep Singh
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
                   ` (2 subsequent siblings)
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-08-26 11:23 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add support to test the pdcp short mac
packets support in crypto.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 2 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9ad0b37473..86809de90b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8768,6 +8768,50 @@ test_PDCP_SDAP_PROTO_encap_all(void)
 	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
 }
 
+static int
+test_PDCP_PROTO_short_mac(void)
+{
+	int i = 0, size = 0;
+	int err, all_err = TEST_SUCCESS;
+	const struct pdcp_short_mac_test *cur_test;
+
+	size = RTE_DIM(list_pdcp_smac_tests);
+
+	for (i = 0; i < size; i++) {
+		cur_test = &list_pdcp_smac_tests[i];
+		err = test_pdcp_proto(
+			i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in,
+			cur_test->in_len, cur_test->data_out,
+			cur_test->in_len + ((cur_test->auth_key) ? 4 : 0),
+			RTE_CRYPTO_CIPHER_NULL, NULL,
+			0, cur_test->param.auth_alg,
+			cur_test->auth_key, cur_test->param.auth_key_len,
+			0, cur_test->param.domain, 0, 0,
+			0, 0, 0);
+		if (err) {
+			printf("\t%d) %s: Short MAC test failed\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			err = TEST_FAILED;
+		} else {
+			printf("\t%d) %s: Short MAC test PASS\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			rte_hexdump(stdout, "MAC I",
+				    cur_test->data_out + cur_test->in_len + 2,
+				    2);
+			err = TEST_SUCCESS;
+		}
+		all_err += err;
+	}
+
+	printf("Success: %d, Failure: %d\n", size + all_err, -all_err);
+
+	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
+
+}
+
 static int
 test_PDCP_SDAP_PROTO_decap_all(void)
 {
@@ -14039,6 +14083,8 @@ static struct unit_test_suite cryptodev_snow3g_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_5),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_1_oop),
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -14279,6 +14325,8 @@ static struct unit_test_suite cryptodev_kasumi_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_decryption_test_case_1_oop),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_cipher_auth_test_case_1),
 
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 703076479d..81fd6e606b 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  * Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2021 NXP
  */
 
 #ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -28,6 +28,109 @@ struct pdcp_test_param {
 	const char *name;
 };
 
+struct pdcp_short_mac_test {
+	uint32_t test_idx;
+	struct pdcp_short_mac_test_param {
+		enum rte_security_pdcp_domain domain;
+		enum rte_crypto_auth_algorithm auth_alg;
+		uint8_t auth_key_len;
+		const char *name;
+	} param;
+	const uint8_t *auth_key;
+	const uint8_t *data_in;
+	uint32_t in_len;
+	const uint8_t *data_out;
+};
+
+static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
+	{
+		.test_idx = 1,
+		.param = {.name = "PDCP-SMAC SNOW3G UIA2",
+			.auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2b, 0xd6, 0x45, 0x9f, 0x82, 0xc5,
+					 0xb3, 0x00, 0x95, 0x2c, 0x49, 0x10,
+					 0x48, 0x81, 0xff, 0x48 },
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x56, 0xd2, 0x09, 0xae },
+	},
+
+	{
+		.test_idx = 2,
+		.param = {.name = "PDCP-SMAC AES CMAC 1",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x13, 0xf8, 0x4b, 0xea },
+	},
+
+	{
+		.test_idx = 3,
+		.param = {.name = "PDCP-SMAC AES CMAC 2",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x16, 0xc1, 0x98, 0x14,  0x9a, 0x2c,
+					 0xf4, 0x12, 0x4f, 0xd4, 0x14, 0xec,
+					 0x72, 0x43, 0x29, 0x04 },
+		.data_in = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					0x09, 0xe4 },
+		.in_len = 8,
+		.data_out = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					 0x09, 0xe4, 0xdd, 0xff, 0xde, 0xa9 },
+	},
+
+	{
+		.test_idx = 4,
+		.param = {.name = "PDCP-SMAC AES CMAC 3",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0xD3, 0xC5, 0xD5, 0x92, 0x32, 0x7F,
+					 0xB1, 0x1C, 0x40, 0x35, 0xC6, 0x68,
+					 0x0A, 0xF8, 0xC6, 0xD3 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x23, 0xea, 0x95, 0xb0 },
+	},
+
+	{
+		.test_idx = 5,
+		.param = {.name = "PDCP-SMAC NULL",
+			.auth_alg = RTE_CRYPTO_AUTH_NULL,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5,
+					 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10,
+					 0x48, 0x81, 0xFF, 0x48
+		},
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x00, 0x00, 0x00, 0x00 },
+	},
+
+};
+
 static struct pdcp_test_param pdcp_test_params[] = {
 	{
 	 .name =
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add PDCP short MAC-I support
  2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
                   ` (2 preceding siblings ...)
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 3/5] test/crypto: add pdcp security " Gagandeep Singh
@ 2021-08-26 11:23 ` Gagandeep Singh
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-08-26 11:23 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add PDCP short mac support in dpaa2_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 4 ++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1ccead3641..fe5cf76162 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3290,6 +3290,10 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 					pdcp_xform->hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+
+	} else if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		bufsize = cnstr_shdsc_pdcp_short_mac(priv->flc_desc[0].desc,
+						     1, swap, &authdata);
 	} else {
 		if (session->dir == DIR_ENC) {
 			if (pdcp_xform->sdap_enabled)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 7dbc69f6cb..8dee0a4bda 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -941,6 +941,15 @@ static const struct rte_security_capability dpaa2_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa2_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa2_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add pdcp short MAC-I support
  2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
                   ` (3 preceding siblings ...)
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
@ 2021-08-26 11:23 ` Gagandeep Singh
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-08-26 11:23 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add pdcp security short MAC-I support for
dpaa_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c |  3 +++
 drivers/crypto/dpaa_sec/dpaa_sec.h | 11 ++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 19d4684e24..59ac74f3d8 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -294,6 +294,9 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 					ses->pdcp.hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+	} else if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		shared_desc_len = cnstr_shdsc_pdcp_short_mac(cdb->sh_desc,
+						     1, swap, &authdata);
 	} else {
 		if (ses->dir == DIR_ENC) {
 			if (ses->pdcp.sdap_enabled)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 368699678b..2ab9c69bb6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -769,6 +769,15 @@ static const struct rte_security_capability dpaa_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH 2/5] security: add pdcp short MAC-I support
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support Gagandeep Singh
@ 2021-09-02 11:34   ` Akhil Goyal
  0 siblings, 0 replies; 29+ messages in thread
From: Akhil Goyal @ 2021-09-02 11:34 UTC (permalink / raw)
  To: Gagandeep Singh, dev; +Cc: thomas, Hemant Agrawal

> From: Hemant Agrawal <hemant.agrawal@nxp.com>
> 

Title should be "security: support PDCP short MAC-I"

> This patch add support to handle PDCP short MAC-I domain
> along with standard control and data domains as it has to
> be treaty as special case with PDCP protocol offload support.
Spell check treated.

> 
> ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> when a RRC message is exchanged between UE and eNodeB it is integrity &
> ciphered protected.
> 
> MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> and C-RNTI of old cell). Other parameters like count, bearer and
> direction set to all 1.
> 
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
>  app/test-crypto-perf/cperf_options_parsing.c |  8 +++++++-
>  doc/guides/prog_guide/rte_security.rst       | 11 ++++++++++-
>  doc/guides/tools/cryptoperf.rst              |  2 +-
>  lib/security/rte_security.h                  |  1 +
>  4 files changed, 19 insertions(+), 3 deletions(-)
> 
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index e84f56cfaa..0348972c85 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> char *arg)
> 
>  const char *cperf_pdcp_domain_strs[] = {
>  	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> -	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
> +	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
> +	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
>  };
> 
>  static int
> @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> const char *arg)
>  			cperf_pdcp_domain_strs
>  			[RTE_SECURITY_PDCP_MODE_DATA],
>  			RTE_SECURITY_PDCP_MODE_DATA
> +		},
> +		{
> +			cperf_pdcp_domain_strs
> +			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> +			RTE_SECURITY_PDCP_MODE_SHORT_MAC
>  		}
>  	};
> 
> diff --git a/doc/guides/prog_guide/rte_security.rst
> b/doc/guides/prog_guide/rte_security.rst
> index f72bc8a78f..ad92c16868 100644
> --- a/doc/guides/prog_guide/rte_security.rst
> +++ b/doc/guides/prog_guide/rte_security.rst
> @@ -1,5 +1,5 @@
>  ..  SPDX-License-Identifier: BSD-3-Clause
> -    Copyright 2017,2020 NXP
> +    Copyright 2017,2020-2021 NXP
> 
> 
> 
> @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
>                  },
>                  .crypto_capabilities = pmd_capabilities
>          },
> +	{ /* PDCP Lookaside Protocol offload short MAC-I */
> +                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> +                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> +                .pdcp = {
> +                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> +                        .capa_flags = 0
> +                },
> +                .crypto_capabilities = pmd_capabilities
> +        },
>          {
>                  .action = RTE_SECURITY_ACTION_TYPE_NONE
>          }
> diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> index be3109054d..9a7b990596 100644
> --- a/doc/guides/tools/cryptoperf.rst
> +++ b/doc/guides/tools/cryptoperf.rst
> @@ -318,7 +318,7 @@ The following are the application command-line
> options:
> 
>  * ``--pdcp-domain <control/user>``

You can add short_mac here as well.

> 
> -        Set PDCP domain to specify Control/user plane.
> +        Set PDCP domain to specify short_mac/control/user plane.
> 
>  * ``--docsis-hdr-sz <n>``
> 
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de0a6..2e136d7929 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
>  enum rte_security_pdcp_domain {
>  	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control
> plane */
>  	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
> +	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac
> */
>  };
> 
>  /** PDCP Frame direction */
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
@ 2021-09-02 11:38   ` Akhil Goyal
  0 siblings, 0 replies; 29+ messages in thread
From: Akhil Goyal @ 2021-09-02 11:38 UTC (permalink / raw)
  To: Gagandeep Singh, dev; +Cc: thomas, stable

> The logic was incorecly doing conditional swap. It need to
> be bit swap always.
Spell check " incorrectly"

> 
> Fixes: 73a24060cd70 ("crypto/dpaa2_sec: add sample PDCP descriptor APIs")
> Cc: stable@dpdk.org
> 
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> ---
Move this patch as 3rd patch of your series.

^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v2 0/5] support of MAC-I
  2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
                   ` (4 preceding siblings ...)
  2021-08-26 11:23 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
@ 2021-09-07  8:56 ` Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
                     ` (5 more replies)
  5 siblings, 6 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-07  8:56 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This series add support of Message Authentication Code
- Integrity on DPAAX platforms.

v2-change-log:
* update commit message
* merged an existing patch with this series:
https://patches.dpdk.org/project/dpdk/patch/20210825081837.23830-1-hemant.agrawal@nxp.com/mbox/

Gagandeep Singh (4):
  common/dpaax: fix IV value for shortMAC-I for SNOW algo
  test/crypto: add pdcp security short MAC-I support
  crypto/dpaa2_sec: add PDCP short MAC-I support
  crypto/dpaa_sec: add pdcp short MAC-I support

Hemant Agrawal (1):
  security: support PDCP short MAC-I

 app/test-crypto-perf/cperf_options_parsing.c  |   8 +-
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 doc/guides/prog_guide/rte_security.rst        |  11 +-
 doc/guides/tools/cryptoperf.rst               |   4 +-
 drivers/common/dpaax/caamflib/desc/pdcp.h     |   7 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |   9 ++
 drivers/crypto/dpaa_sec/dpaa_sec.c            |   3 +
 drivers/crypto/dpaa_sec/dpaa_sec.h            |  11 +-
 lib/security/rte_security.h                   |   1 +
 11 files changed, 215 insertions(+), 21 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
@ 2021-09-07  8:56   ` Gagandeep Singh
  2021-09-08 12:01     ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I Gagandeep Singh
                     ` (4 subsequent siblings)
  5 siblings, 1 reply; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-07  8:56 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh, stable

The logic was incorecly doing conditional swap. It need to
be bit swap always.

Fixes: 73a24060cd70 ("crypto/dpaa2_sec: add sample PDCP descriptor APIs")
Cc: stable@dpdk.org

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/common/dpaax/caamflib/desc/pdcp.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/drivers/common/dpaax/caamflib/desc/pdcp.h b/drivers/common/dpaax/caamflib/desc/pdcp.h
index 659e289a45..041c66cfba 100644
--- a/drivers/common/dpaax/caamflib/desc/pdcp.h
+++ b/drivers/common/dpaax/caamflib/desc/pdcp.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause or GPL-2.0+
  * Copyright 2008-2013 Freescale Semiconductor, Inc.
- * Copyright 2019-2020 NXP
+ * Copyright 2019-2021 NXP
  */
 
 #ifndef __DESC_PDCP_H__
@@ -3710,9 +3710,10 @@ cnstr_shdsc_pdcp_short_mac(uint32_t *descbuf,
 		break;
 
 	case PDCP_AUTH_TYPE_SNOW:
+		/* IV calculation based on 3GPP specs. 36331, section:5.3.7.4 */
 		iv[0] = 0xFFFFFFFF;
-		iv[1] = swap ? swab32(0x04000000) : 0x04000000;
-		iv[2] = swap ? swab32(0xF8000000) : 0xF8000000;
+		iv[1] = swab32(0x04000000);
+		iv[2] = swab32(0xF8000000);
 
 		KEY(p, KEY2, authdata->key_enc_flags, authdata->key,
 		    authdata->keylen, INLINE_KEY(authdata));
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
@ 2021-09-07  8:56   ` Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 3/5] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
                     ` (3 subsequent siblings)
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-07  8:56 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Hemant Agrawal, Gagandeep Singh

From: Hemant Agrawal <hemant.agrawal@nxp.com>

This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treated as special case with PDCP protocol offload support.

ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.

MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 app/test-crypto-perf/cperf_options_parsing.c |  8 ++++++-
 doc/guides/prog_guide/rte_security.rst       | 11 ++++++++-
 doc/guides/tools/cryptoperf.rst              |  4 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 25 ++++++++++----------
 lib/security/rte_security.h                  |  1 +
 5 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56cfaa..0348972c85 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
 
 const char *cperf_pdcp_domain_strs[] = {
 	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
-	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
+	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
+	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
 };
 
 static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
 			cperf_pdcp_domain_strs
 			[RTE_SECURITY_PDCP_MODE_DATA],
 			RTE_SECURITY_PDCP_MODE_DATA
+		},
+		{
+			cperf_pdcp_domain_strs
+			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+			RTE_SECURITY_PDCP_MODE_SHORT_MAC
 		}
 	};
 
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78f..ad92c16868 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017,2020 NXP
+    Copyright 2017,2020-2021 NXP
 
 
 
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
                 },
                 .crypto_capabilities = pmd_capabilities
         },
+	{ /* PDCP Lookaside Protocol offload short MAC-I */
+                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+                .pdcp = {
+                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+                        .capa_flags = 0
+                },
+                .crypto_capabilities = pmd_capabilities
+        },
         {
                 .action = RTE_SECURITY_ACTION_TYPE_NONE
         }
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be3109054d..d3963f23e3 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -316,9 +316,9 @@ The following are the application command-line options:
         Set PDCP sequence number size(n) in bits. Valid values of n will
         be 5/7/12/15/18.
 
-* ``--pdcp-domain <control/user>``
+* ``--pdcp-domain <control/user/short_mac>``
 
-        Set PDCP domain to specify Control/user plane.
+        Set PDCP domain to specify short_mac/control/user plane.
 
 * ``--docsis-hdr-sz <n>``
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 1ccead3641..4438486a8b 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3102,7 +3102,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
 	struct rte_crypto_sym_xform *xform = conf->crypto_xform;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct rte_crypto_cipher_xform *cipher_xform;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
 	struct ctxt_priv *priv;
 	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3134,18 +3134,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	flc = &priv->flc_desc[0].flc;
 
 	/* find xfrm types */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
-		cipher_xform = &xform->cipher;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-		   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		session->ext_params.aead_ctxt.auth_cipher_text = true;
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
 		cipher_xform = &xform->cipher;
-		auth_xform = &xform->next->auth;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-		   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-		session->ext_params.aead_ctxt.auth_cipher_text = false;
-		cipher_xform = &xform->next->cipher;
+		if (xform->next != NULL) {
+			session->ext_params.aead_ctxt.auth_cipher_text = true;
+			auth_xform = &xform->next->auth;
+		}
+	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = &xform->auth;
+		if (xform->next != NULL) {
+			session->ext_params.aead_ctxt.auth_cipher_text = false;
+			cipher_xform = &xform->next->cipher;
+		}
 	} else {
 		DPAA2_SEC_ERR("Invalid crypto type");
 		return -EINVAL;
@@ -3184,7 +3184,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
 	session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
 	/* hfv ovd offset location is stored in iv.offset value*/
-	session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+	if (cipher_xform)
+		session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
 
 	cipherdata.key = (size_t)session->cipher_key.data;
 	cipherdata.keylen = session->cipher_key.length;
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2e136d7929 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
 enum rte_security_pdcp_domain {
 	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control plane */
 	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
+	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac */
 };
 
 /** PDCP Frame direction */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v2 3/5] test/crypto: add pdcp security short MAC-I support
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I Gagandeep Singh
@ 2021-09-07  8:56   ` Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
                     ` (2 subsequent siblings)
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-07  8:56 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add support to test the pdcp short mac
packets support in crypto.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 2 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9ad0b37473..86809de90b 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8768,6 +8768,50 @@ test_PDCP_SDAP_PROTO_encap_all(void)
 	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
 }
 
+static int
+test_PDCP_PROTO_short_mac(void)
+{
+	int i = 0, size = 0;
+	int err, all_err = TEST_SUCCESS;
+	const struct pdcp_short_mac_test *cur_test;
+
+	size = RTE_DIM(list_pdcp_smac_tests);
+
+	for (i = 0; i < size; i++) {
+		cur_test = &list_pdcp_smac_tests[i];
+		err = test_pdcp_proto(
+			i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in,
+			cur_test->in_len, cur_test->data_out,
+			cur_test->in_len + ((cur_test->auth_key) ? 4 : 0),
+			RTE_CRYPTO_CIPHER_NULL, NULL,
+			0, cur_test->param.auth_alg,
+			cur_test->auth_key, cur_test->param.auth_key_len,
+			0, cur_test->param.domain, 0, 0,
+			0, 0, 0);
+		if (err) {
+			printf("\t%d) %s: Short MAC test failed\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			err = TEST_FAILED;
+		} else {
+			printf("\t%d) %s: Short MAC test PASS\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			rte_hexdump(stdout, "MAC I",
+				    cur_test->data_out + cur_test->in_len + 2,
+				    2);
+			err = TEST_SUCCESS;
+		}
+		all_err += err;
+	}
+
+	printf("Success: %d, Failure: %d\n", size + all_err, -all_err);
+
+	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
+
+}
+
 static int
 test_PDCP_SDAP_PROTO_decap_all(void)
 {
@@ -14039,6 +14083,8 @@ static struct unit_test_suite cryptodev_snow3g_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_5),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_1_oop),
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -14279,6 +14325,8 @@ static struct unit_test_suite cryptodev_kasumi_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_decryption_test_case_1_oop),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_cipher_auth_test_case_1),
 
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 703076479d..81fd6e606b 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  * Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2021 NXP
  */
 
 #ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -28,6 +28,109 @@ struct pdcp_test_param {
 	const char *name;
 };
 
+struct pdcp_short_mac_test {
+	uint32_t test_idx;
+	struct pdcp_short_mac_test_param {
+		enum rte_security_pdcp_domain domain;
+		enum rte_crypto_auth_algorithm auth_alg;
+		uint8_t auth_key_len;
+		const char *name;
+	} param;
+	const uint8_t *auth_key;
+	const uint8_t *data_in;
+	uint32_t in_len;
+	const uint8_t *data_out;
+};
+
+static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
+	{
+		.test_idx = 1,
+		.param = {.name = "PDCP-SMAC SNOW3G UIA2",
+			.auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2b, 0xd6, 0x45, 0x9f, 0x82, 0xc5,
+					 0xb3, 0x00, 0x95, 0x2c, 0x49, 0x10,
+					 0x48, 0x81, 0xff, 0x48 },
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x56, 0xd2, 0x09, 0xae },
+	},
+
+	{
+		.test_idx = 2,
+		.param = {.name = "PDCP-SMAC AES CMAC 1",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x13, 0xf8, 0x4b, 0xea },
+	},
+
+	{
+		.test_idx = 3,
+		.param = {.name = "PDCP-SMAC AES CMAC 2",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x16, 0xc1, 0x98, 0x14,  0x9a, 0x2c,
+					 0xf4, 0x12, 0x4f, 0xd4, 0x14, 0xec,
+					 0x72, 0x43, 0x29, 0x04 },
+		.data_in = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					0x09, 0xe4 },
+		.in_len = 8,
+		.data_out = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					 0x09, 0xe4, 0xdd, 0xff, 0xde, 0xa9 },
+	},
+
+	{
+		.test_idx = 4,
+		.param = {.name = "PDCP-SMAC AES CMAC 3",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0xD3, 0xC5, 0xD5, 0x92, 0x32, 0x7F,
+					 0xB1, 0x1C, 0x40, 0x35, 0xC6, 0x68,
+					 0x0A, 0xF8, 0xC6, 0xD3 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x23, 0xea, 0x95, 0xb0 },
+	},
+
+	{
+		.test_idx = 5,
+		.param = {.name = "PDCP-SMAC NULL",
+			.auth_alg = RTE_CRYPTO_AUTH_NULL,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5,
+					 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10,
+					 0x48, 0x81, 0xFF, 0x48
+		},
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x00, 0x00, 0x00, 0x00 },
+	},
+
+};
+
 static struct pdcp_test_param pdcp_test_params[] = {
 	{
 	 .name =
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v2 4/5] crypto/dpaa2_sec: add PDCP short MAC-I support
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
                     ` (2 preceding siblings ...)
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 3/5] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
@ 2021-09-07  8:56   ` Gagandeep Singh
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
  2021-09-07 11:46   ` [dpdk-dev] [EXT] [PATCH v2 0/5] support of MAC-I Akhil Goyal
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-07  8:56 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add PDCP short mac support in dpaa2_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 4 ++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index 4438486a8b..0d3a7989cd 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3291,6 +3291,10 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 					pdcp_xform->hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+
+	} else if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		bufsize = cnstr_shdsc_pdcp_short_mac(priv->flc_desc[0].desc,
+						     1, swap, &authdata);
 	} else {
 		if (session->dir == DIR_ENC) {
 			if (pdcp_xform->sdap_enabled)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 7dbc69f6cb..8dee0a4bda 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -941,6 +941,15 @@ static const struct rte_security_capability dpaa2_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa2_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa2_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v2 5/5] crypto/dpaa_sec: add pdcp short MAC-I support
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
                     ` (3 preceding siblings ...)
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
@ 2021-09-07  8:56   ` Gagandeep Singh
  2021-09-07 11:46   ` [dpdk-dev] [EXT] [PATCH v2 0/5] support of MAC-I Akhil Goyal
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-07  8:56 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add pdcp security short MAC-I support for
dpaa_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/crypto/dpaa_sec/dpaa_sec.c |  3 +++
 drivers/crypto/dpaa_sec/dpaa_sec.h | 11 ++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index 19d4684e24..59ac74f3d8 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -294,6 +294,9 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 					ses->pdcp.hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+	} else if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		shared_desc_len = cnstr_shdsc_pdcp_short_mac(cdb->sh_desc,
+						     1, swap, &authdata);
 	} else {
 		if (ses->dir == DIR_ENC) {
 			if (ses->pdcp.sdap_enabled)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index 368699678b..2ab9c69bb6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -769,6 +769,15 @@ static const struct rte_security_capability dpaa_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v2 0/5] support of MAC-I
  2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
                     ` (4 preceding siblings ...)
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
@ 2021-09-07 11:46   ` Akhil Goyal
  5 siblings, 0 replies; 29+ messages in thread
From: Akhil Goyal @ 2021-09-07 11:46 UTC (permalink / raw)
  To: Gagandeep Singh, dev; +Cc: thomas

> ----------------------------------------------------------------------
> This series add support of Message Authentication Code
> - Integrity on DPAAX platforms.
> 
> v2-change-log:
> * update commit message
> * merged an existing patch with this series:
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__patches.dpdk.org_project_dpdk_patch_20210825081837.23830-2D1-
> 2Dhemant.agrawal-
> 40nxp.com_mbox_&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl
> _PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=rsC8q5LCqM75FDZlT9cU21
> Qaf4v__D1_IufHF8an_x0&s=8v25-
> EfDZN2P66hDuhUAZtK5PNPnODDAyGSmtKeQ_oI&e=
> 
> Gagandeep Singh (4):
>   common/dpaax: fix IV value for shortMAC-I for SNOW algo
>   test/crypto: add pdcp security short MAC-I support
>   crypto/dpaa2_sec: add PDCP short MAC-I support
>   crypto/dpaa_sec: add pdcp short MAC-I support
> 
> Hemant Agrawal (1):
>   security: support PDCP short MAC-I
> 
>  app/test-crypto-perf/cperf_options_parsing.c  |   8 +-
>  app/test/test_cryptodev.c                     |  48 ++++++++
>  ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
>  doc/guides/prog_guide/rte_security.rst        |  11 +-
>  doc/guides/tools/cryptoperf.rst               |   4 +-
>  drivers/common/dpaax/caamflib/desc/pdcp.h     |   7 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |   9 ++
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |   3 +
>  drivers/crypto/dpaa_sec/dpaa_sec.h            |  11 +-
>  lib/security/rte_security.h                   |   1 +
>  11 files changed, 215 insertions(+), 21 deletions(-)

Release notes missing for new feature updates

^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v3 0/4] support of MAC-I
  2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
@ 2021-09-08 12:01     ` Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
                         ` (3 more replies)
  0 siblings, 4 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:01 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This series add support of Message Authentication Code
- Integrity on DPAAX platforms.

v2-change-log:
* update commit message
* merged an existing patch with this series:
https://patches.dpdk.org/project/dpdk/patch/20210825081837.23830-1-hemant.agrawal@nxp.com/mbox/

v3-change-log:
* updated release notes

Gagandeep Singh (3):
  test/crypto: add pdcp security short MAC-I support
  crypto/dpaa2_sec: add PDCP short MAC-I support
  crypto/dpaa_sec: add pdcp short MAC-I support

Hemant Agrawal (1):
  security: support PDCP short MAC-I

 app/test-crypto-perf/cperf_options_parsing.c  |   8 +-
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 doc/guides/prog_guide/rte_security.rst        |  11 +-
 doc/guides/rel_notes/release_21_11.rst        |   8 ++
 doc/guides/tools/cryptoperf.rst               |   4 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |   9 ++
 drivers/crypto/dpaa_sec/dpaa_sec.c            |   3 +
 drivers/crypto/dpaa_sec/dpaa_sec.h            |  11 +-
 lib/security/rte_security.h                   |   1 +
 11 files changed, 219 insertions(+), 18 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I
  2021-09-08 12:01     ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
@ 2021-09-08 12:01       ` Gagandeep Singh
  2021-09-08 12:15         ` [dpdk-dev] [EXT] " Akhil Goyal
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 2/4] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
                         ` (2 subsequent siblings)
  3 siblings, 2 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:01 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Hemant Agrawal, Gagandeep Singh

From: Hemant Agrawal <hemant.agrawal@nxp.com>

This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treated as special case with PDCP protocol offload support.

ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.

MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 app/test-crypto-perf/cperf_options_parsing.c |  8 ++++++-
 doc/guides/prog_guide/rte_security.rst       | 11 ++++++++-
 doc/guides/tools/cryptoperf.rst              |  4 ++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 25 ++++++++++----------
 lib/security/rte_security.h                  |  1 +
 5 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56cfaa..0348972c85 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
 
 const char *cperf_pdcp_domain_strs[] = {
 	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
-	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
+	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
+	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
 };
 
 static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
 			cperf_pdcp_domain_strs
 			[RTE_SECURITY_PDCP_MODE_DATA],
 			RTE_SECURITY_PDCP_MODE_DATA
+		},
+		{
+			cperf_pdcp_domain_strs
+			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+			RTE_SECURITY_PDCP_MODE_SHORT_MAC
 		}
 	};
 
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78f..ad92c16868 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017,2020 NXP
+    Copyright 2017,2020-2021 NXP
 
 
 
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
                 },
                 .crypto_capabilities = pmd_capabilities
         },
+	{ /* PDCP Lookaside Protocol offload short MAC-I */
+                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+                .pdcp = {
+                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+                        .capa_flags = 0
+                },
+                .crypto_capabilities = pmd_capabilities
+        },
         {
                 .action = RTE_SECURITY_ACTION_TYPE_NONE
         }
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be3109054d..d3963f23e3 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -316,9 +316,9 @@ The following are the application command-line options:
         Set PDCP sequence number size(n) in bits. Valid values of n will
         be 5/7/12/15/18.
 
-* ``--pdcp-domain <control/user>``
+* ``--pdcp-domain <control/user/short_mac>``
 
-        Set PDCP domain to specify Control/user plane.
+        Set PDCP domain to specify short_mac/control/user plane.
 
 * ``--docsis-hdr-sz <n>``
 
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index d6a101499a..b8d57c2b22 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
 	struct rte_crypto_sym_xform *xform = conf->crypto_xform;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct rte_crypto_cipher_xform *cipher_xform;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
 	struct ctxt_priv *priv;
 	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	flc = &priv->flc_desc[0].flc;
 
 	/* find xfrm types */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
-		cipher_xform = &xform->cipher;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-		   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		session->ext_params.aead_ctxt.auth_cipher_text = true;
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
 		cipher_xform = &xform->cipher;
-		auth_xform = &xform->next->auth;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-		   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-		session->ext_params.aead_ctxt.auth_cipher_text = false;
-		cipher_xform = &xform->next->cipher;
+		if (xform->next != NULL) {
+			session->ext_params.aead_ctxt.auth_cipher_text = true;
+			auth_xform = &xform->next->auth;
+		}
+	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = &xform->auth;
+		if (xform->next != NULL) {
+			session->ext_params.aead_ctxt.auth_cipher_text = false;
+			cipher_xform = &xform->next->cipher;
+		}
 	} else {
 		DPAA2_SEC_ERR("Invalid crypto type");
 		return -EINVAL;
@@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
 	session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
 	/* hfv ovd offset location is stored in iv.offset value*/
-	session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+	if (cipher_xform)
+		session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
 
 	cipherdata.key = (size_t)session->cipher_key.data;
 	cipherdata.keylen = session->cipher_key.length;
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2e136d7929 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
 enum rte_security_pdcp_domain {
 	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control plane */
 	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
+	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac */
 };
 
 /** PDCP Frame direction */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v3 2/4] test/crypto: add pdcp security short MAC-I support
  2021-09-08 12:01     ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
@ 2021-09-08 12:01       ` Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 3/4] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 4/4] crypto/dpaa_sec: add pdcp " Gagandeep Singh
  3 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:01 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add support to test the pdcp short mac
packets support in crypto.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 2 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9e823db1e6..16d770a17f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8767,6 +8767,50 @@ test_PDCP_SDAP_PROTO_encap_all(void)
 	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
 }
 
+static int
+test_PDCP_PROTO_short_mac(void)
+{
+	int i = 0, size = 0;
+	int err, all_err = TEST_SUCCESS;
+	const struct pdcp_short_mac_test *cur_test;
+
+	size = RTE_DIM(list_pdcp_smac_tests);
+
+	for (i = 0; i < size; i++) {
+		cur_test = &list_pdcp_smac_tests[i];
+		err = test_pdcp_proto(
+			i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in,
+			cur_test->in_len, cur_test->data_out,
+			cur_test->in_len + ((cur_test->auth_key) ? 4 : 0),
+			RTE_CRYPTO_CIPHER_NULL, NULL,
+			0, cur_test->param.auth_alg,
+			cur_test->auth_key, cur_test->param.auth_key_len,
+			0, cur_test->param.domain, 0, 0,
+			0, 0, 0);
+		if (err) {
+			printf("\t%d) %s: Short MAC test failed\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			err = TEST_FAILED;
+		} else {
+			printf("\t%d) %s: Short MAC test PASS\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			rte_hexdump(stdout, "MAC I",
+				    cur_test->data_out + cur_test->in_len + 2,
+				    2);
+			err = TEST_SUCCESS;
+		}
+		all_err += err;
+	}
+
+	printf("Success: %d, Failure: %d\n", size + all_err, -all_err);
+
+	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
+
+}
+
 static int
 test_PDCP_SDAP_PROTO_decap_all(void)
 {
@@ -14039,6 +14083,8 @@ static struct unit_test_suite cryptodev_snow3g_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_5),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_1_oop),
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -14279,6 +14325,8 @@ static struct unit_test_suite cryptodev_kasumi_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_decryption_test_case_1_oop),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_cipher_auth_test_case_1),
 
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 703076479d..81fd6e606b 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  * Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2021 NXP
  */
 
 #ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -28,6 +28,109 @@ struct pdcp_test_param {
 	const char *name;
 };
 
+struct pdcp_short_mac_test {
+	uint32_t test_idx;
+	struct pdcp_short_mac_test_param {
+		enum rte_security_pdcp_domain domain;
+		enum rte_crypto_auth_algorithm auth_alg;
+		uint8_t auth_key_len;
+		const char *name;
+	} param;
+	const uint8_t *auth_key;
+	const uint8_t *data_in;
+	uint32_t in_len;
+	const uint8_t *data_out;
+};
+
+static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
+	{
+		.test_idx = 1,
+		.param = {.name = "PDCP-SMAC SNOW3G UIA2",
+			.auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2b, 0xd6, 0x45, 0x9f, 0x82, 0xc5,
+					 0xb3, 0x00, 0x95, 0x2c, 0x49, 0x10,
+					 0x48, 0x81, 0xff, 0x48 },
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x56, 0xd2, 0x09, 0xae },
+	},
+
+	{
+		.test_idx = 2,
+		.param = {.name = "PDCP-SMAC AES CMAC 1",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x13, 0xf8, 0x4b, 0xea },
+	},
+
+	{
+		.test_idx = 3,
+		.param = {.name = "PDCP-SMAC AES CMAC 2",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x16, 0xc1, 0x98, 0x14,  0x9a, 0x2c,
+					 0xf4, 0x12, 0x4f, 0xd4, 0x14, 0xec,
+					 0x72, 0x43, 0x29, 0x04 },
+		.data_in = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					0x09, 0xe4 },
+		.in_len = 8,
+		.data_out = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					 0x09, 0xe4, 0xdd, 0xff, 0xde, 0xa9 },
+	},
+
+	{
+		.test_idx = 4,
+		.param = {.name = "PDCP-SMAC AES CMAC 3",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0xD3, 0xC5, 0xD5, 0x92, 0x32, 0x7F,
+					 0xB1, 0x1C, 0x40, 0x35, 0xC6, 0x68,
+					 0x0A, 0xF8, 0xC6, 0xD3 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x23, 0xea, 0x95, 0xb0 },
+	},
+
+	{
+		.test_idx = 5,
+		.param = {.name = "PDCP-SMAC NULL",
+			.auth_alg = RTE_CRYPTO_AUTH_NULL,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5,
+					 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10,
+					 0x48, 0x81, 0xFF, 0x48
+		},
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x00, 0x00, 0x00, 0x00 },
+	},
+
+};
+
 static struct pdcp_test_param pdcp_test_params[] = {
 	{
 	 .name =
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v3 3/4] crypto/dpaa2_sec: add PDCP short MAC-I support
  2021-09-08 12:01     ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 2/4] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
@ 2021-09-08 12:01       ` Gagandeep Singh
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 4/4] crypto/dpaa_sec: add pdcp " Gagandeep Singh
  3 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:01 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add PDCP short mac support in dpaa2_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 doc/guides/rel_notes/release_21_11.rst      | 4 ++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 4 ++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   | 9 +++++++++
 3 files changed, 17 insertions(+)

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 50e4fb1205..b7e5128be5 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -77,6 +77,10 @@ New Features
 
   * Added DES-CBC, AES-XCBC-MAC, AES-CMAC and non-HMAC algo support.
 
+* **Updated NXP dpaa2_sec crypto PMD.**
+
+  * Added PDCP short MAC-I support.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index b8d57c2b22..dfa72f3f93 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3309,6 +3309,10 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 					pdcp_xform->hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+
+	} else if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		bufsize = cnstr_shdsc_pdcp_short_mac(priv->flc_desc[0].desc,
+						     1, swap, &authdata);
 	} else {
 		if (session->dir == DIR_ENC) {
 			if (pdcp_xform->sdap_enabled)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 7dbc69f6cb..8dee0a4bda 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -941,6 +941,15 @@ static const struct rte_security_capability dpaa2_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa2_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa2_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v3 4/4] crypto/dpaa_sec: add pdcp short MAC-I support
  2021-09-08 12:01     ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
                         ` (2 preceding siblings ...)
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 3/4] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
@ 2021-09-08 12:01       ` Gagandeep Singh
  3 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:01 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add pdcp security short MAC-I support for
dpaa_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 doc/guides/rel_notes/release_21_11.rst |  4 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c     |  3 +++
 drivers/crypto/dpaa_sec/dpaa_sec.h     | 11 ++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index b7e5128be5..7a07161f9d 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -81,6 +81,10 @@ New Features
 
   * Added PDCP short MAC-I support.
 
+* **Updated NXP dpaa_sec crypto PMD.**
+
+  * Added PDCP short MAC-I support.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index fa4d276ead..d5aa2748d6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -311,6 +311,9 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 					ses->pdcp.hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+	} else if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		shared_desc_len = cnstr_shdsc_pdcp_short_mac(cdb->sh_desc,
+						     1, swap, &authdata);
 	} else {
 		if (ses->dir == DIR_ENC) {
 			if (ses->pdcp.sdap_enabled)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index c94d78e046..503047879e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -958,6 +958,15 @@ static const struct rte_security_capability dpaa_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
@ 2021-09-08 12:15         ` Akhil Goyal
  2021-09-08 12:33           ` Gagandeep Singh
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
  1 sibling, 1 reply; 29+ messages in thread
From: Akhil Goyal @ 2021-09-08 12:15 UTC (permalink / raw)
  To: Gagandeep Singh, dev; +Cc: thomas, Hemant Agrawal

> From: Hemant Agrawal <hemant.agrawal@nxp.com>
> 
> This patch add support to handle PDCP short MAC-I domain
> along with standard control and data domains as it has to
> be treated as special case with PDCP protocol offload support.
> 
> ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> when a RRC message is exchanged between UE and eNodeB it is integrity &
> ciphered protected.
> 
> MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> and C-RNTI of old cell). Other parameters like count, bearer and
> direction set to all 1.
> 
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
>  app/test-crypto-perf/cperf_options_parsing.c |  8 ++++++-
>  doc/guides/prog_guide/rte_security.rst       | 11 ++++++++-
>  doc/guides/tools/cryptoperf.rst              |  4 ++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 25 ++++++++++----------

Why is the dpaa2_sec patch squashed in this patch?
I asked to have it as a separate patch in this series instead of the dpaa_sec series.

>  lib/security/rte_security.h                  |  1 +
>  5 files changed, 33 insertions(+), 16 deletions(-)
> 
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index e84f56cfaa..0348972c85 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> char *arg)
> 
>  const char *cperf_pdcp_domain_strs[] = {
>  	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> -	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
> +	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
> +	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
>  };
> 
>  static int
> @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> const char *arg)
>  			cperf_pdcp_domain_strs
>  			[RTE_SECURITY_PDCP_MODE_DATA],
>  			RTE_SECURITY_PDCP_MODE_DATA
> +		},
> +		{
> +			cperf_pdcp_domain_strs
> +			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> +			RTE_SECURITY_PDCP_MODE_SHORT_MAC
>  		}
>  	};
> 
> diff --git a/doc/guides/prog_guide/rte_security.rst
> b/doc/guides/prog_guide/rte_security.rst
> index f72bc8a78f..ad92c16868 100644
> --- a/doc/guides/prog_guide/rte_security.rst
> +++ b/doc/guides/prog_guide/rte_security.rst
> @@ -1,5 +1,5 @@
>  ..  SPDX-License-Identifier: BSD-3-Clause
> -    Copyright 2017,2020 NXP
> +    Copyright 2017,2020-2021 NXP
> 
> 
> 
> @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
>                  },
>                  .crypto_capabilities = pmd_capabilities
>          },
> +	{ /* PDCP Lookaside Protocol offload short MAC-I */
> +                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> +                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> +                .pdcp = {
> +                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> +                        .capa_flags = 0
> +                },
> +                .crypto_capabilities = pmd_capabilities
> +        },
>          {
>                  .action = RTE_SECURITY_ACTION_TYPE_NONE
>          }
> diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> index be3109054d..d3963f23e3 100644
> --- a/doc/guides/tools/cryptoperf.rst
> +++ b/doc/guides/tools/cryptoperf.rst
> @@ -316,9 +316,9 @@ The following are the application command-line
> options:
>          Set PDCP sequence number size(n) in bits. Valid values of n will
>          be 5/7/12/15/18.
> 
> -* ``--pdcp-domain <control/user>``
> +* ``--pdcp-domain <control/user/short_mac>``
> 
> -        Set PDCP domain to specify Control/user plane.
> +        Set PDCP domain to specify short_mac/control/user plane.
> 
>  * ``--docsis-hdr-sz <n>``
> 
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index d6a101499a..b8d57c2b22 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
>  	struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
>  	struct rte_crypto_sym_xform *xform = conf->crypto_xform;
>  	struct rte_crypto_auth_xform *auth_xform = NULL;
> -	struct rte_crypto_cipher_xform *cipher_xform;
> +	struct rte_crypto_cipher_xform *cipher_xform = NULL;
>  	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
>  	struct ctxt_priv *priv;
>  	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
> @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct
> rte_cryptodev *dev,
>  	flc = &priv->flc_desc[0].flc;
> 
>  	/* find xfrm types */
> -	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
> >next == NULL) {
> -		cipher_xform = &xform->cipher;
> -	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> -		   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> -		session->ext_params.aead_ctxt.auth_cipher_text = true;
> +	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
>  		cipher_xform = &xform->cipher;
> -		auth_xform = &xform->next->auth;
> -	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> -		   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> -		session->ext_params.aead_ctxt.auth_cipher_text = false;
> -		cipher_xform = &xform->next->cipher;
> +		if (xform->next != NULL) {
> +			session->ext_params.aead_ctxt.auth_cipher_text =
> true;
> +			auth_xform = &xform->next->auth;
> +		}
> +	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
>  		auth_xform = &xform->auth;
> +		if (xform->next != NULL) {
> +			session->ext_params.aead_ctxt.auth_cipher_text =
> false;
> +			cipher_xform = &xform->next->cipher;
> +		}
>  	} else {
>  		DPAA2_SEC_ERR("Invalid crypto type");
>  		return -EINVAL;
> @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
>  	session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
>  	session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
>  	/* hfv ovd offset location is stored in iv.offset value*/
> -	session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> +	if (cipher_xform)
> +		session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> 
>  	cipherdata.key = (size_t)session->cipher_key.data;
>  	cipherdata.keylen = session->cipher_key.length;
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de0a6..2e136d7929 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
>  enum rte_security_pdcp_domain {
>  	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control
> plane */
>  	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
> +	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac
> */
>  };
> 
>  /** PDCP Frame direction */
> --
> 2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I
  2021-09-08 12:15         ` [dpdk-dev] [EXT] " Akhil Goyal
@ 2021-09-08 12:33           ` Gagandeep Singh
  0 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:33 UTC (permalink / raw)
  To: Akhil Goyal, dev; +Cc: thomas, Hemant Agrawal



> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 8, 2021 5:45 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; Hemant Agrawal <hemant.agrawal@nxp.com>
> Subject: RE: [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I
> 
> > From: Hemant Agrawal <hemant.agrawal@nxp.com>
> >
> > This patch add support to handle PDCP short MAC-I domain
> > along with standard control and data domains as it has to
> > be treated as special case with PDCP protocol offload support.
> >
> > ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> > when a RRC message is exchanged between UE and eNodeB it is integrity &
> > ciphered protected.
> >
> > MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> > Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> > and C-RNTI of old cell). Other parameters like count, bearer and
> > direction set to all 1.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> > ---
> >  app/test-crypto-perf/cperf_options_parsing.c |  8 ++++++-
> >  doc/guides/prog_guide/rte_security.rst       | 11 ++++++++-
> >  doc/guides/tools/cryptoperf.rst              |  4 ++--
> >  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 25 ++++++++++----------
> 
> Why is the dpaa2_sec patch squashed in this patch?
> I asked to have it as a separate patch in this series instead of the dpaa_sec
> series.

Ok, I will send  v4  with a separate  patch for dpaa2_sec in this series.

> 
> >  lib/security/rte_security.h                  |  1 +
> >  5 files changed, 33 insertions(+), 16 deletions(-)
> >
> > diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> > perf/cperf_options_parsing.c
> > index e84f56cfaa..0348972c85 100644
> > --- a/app/test-crypto-perf/cperf_options_parsing.c
> > +++ b/app/test-crypto-perf/cperf_options_parsing.c
> > @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> > char *arg)
> >
> >  const char *cperf_pdcp_domain_strs[] = {
> >  	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> > -	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
> > +	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
> > +	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
> >  };
> >
> >  static int
> > @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> > const char *arg)
> >  			cperf_pdcp_domain_strs
> >  			[RTE_SECURITY_PDCP_MODE_DATA],
> >  			RTE_SECURITY_PDCP_MODE_DATA
> > +		},
> > +		{
> > +			cperf_pdcp_domain_strs
> > +			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> > +			RTE_SECURITY_PDCP_MODE_SHORT_MAC
> >  		}
> >  	};
> >
> > diff --git a/doc/guides/prog_guide/rte_security.rst
> > b/doc/guides/prog_guide/rte_security.rst
> > index f72bc8a78f..ad92c16868 100644
> > --- a/doc/guides/prog_guide/rte_security.rst
> > +++ b/doc/guides/prog_guide/rte_security.rst
> > @@ -1,5 +1,5 @@
> >  ..  SPDX-License-Identifier: BSD-3-Clause
> > -    Copyright 2017,2020 NXP
> > +    Copyright 2017,2020-2021 NXP
> >
> >
> >
> > @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
> >                  },
> >                  .crypto_capabilities = pmd_capabilities
> >          },
> > +	{ /* PDCP Lookaside Protocol offload short MAC-I */
> > +                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> > +                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> > +                .pdcp = {
> > +                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> > +                        .capa_flags = 0
> > +                },
> > +                .crypto_capabilities = pmd_capabilities
> > +        },
> >          {
> >                  .action = RTE_SECURITY_ACTION_TYPE_NONE
> >          }
> > diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> > index be3109054d..d3963f23e3 100644
> > --- a/doc/guides/tools/cryptoperf.rst
> > +++ b/doc/guides/tools/cryptoperf.rst
> > @@ -316,9 +316,9 @@ The following are the application command-line
> > options:
> >          Set PDCP sequence number size(n) in bits. Valid values of n will
> >          be 5/7/12/15/18.
> >
> > -* ``--pdcp-domain <control/user>``
> > +* ``--pdcp-domain <control/user/short_mac>``
> >
> > -        Set PDCP domain to specify Control/user plane.
> > +        Set PDCP domain to specify short_mac/control/user plane.
> >
> >  * ``--docsis-hdr-sz <n>``
> >
> > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > index d6a101499a..b8d57c2b22 100644
> > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> > *dev,
> >  	struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
> >  	struct rte_crypto_sym_xform *xform = conf->crypto_xform;
> >  	struct rte_crypto_auth_xform *auth_xform = NULL;
> > -	struct rte_crypto_cipher_xform *cipher_xform;
> > +	struct rte_crypto_cipher_xform *cipher_xform = NULL;
> >  	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
> >  	struct ctxt_priv *priv;
> >  	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
> > @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct
> > rte_cryptodev *dev,
> >  	flc = &priv->flc_desc[0].flc;
> >
> >  	/* find xfrm types */
> > -	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
> > >next == NULL) {
> > -		cipher_xform = &xform->cipher;
> > -	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> > -		   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> > -		session->ext_params.aead_ctxt.auth_cipher_text = true;
> > +	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> >  		cipher_xform = &xform->cipher;
> > -		auth_xform = &xform->next->auth;
> > -	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> > -		   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> > -		session->ext_params.aead_ctxt.auth_cipher_text = false;
> > -		cipher_xform = &xform->next->cipher;
> > +		if (xform->next != NULL) {
> > +			session->ext_params.aead_ctxt.auth_cipher_text =
> > true;
> > +			auth_xform = &xform->next->auth;
> > +		}
> > +	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> >  		auth_xform = &xform->auth;
> > +		if (xform->next != NULL) {
> > +			session->ext_params.aead_ctxt.auth_cipher_text =
> > false;
> > +			cipher_xform = &xform->next->cipher;
> > +		}
> >  	} else {
> >  		DPAA2_SEC_ERR("Invalid crypto type");
> >  		return -EINVAL;
> > @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> > *dev,
> >  	session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
> >  	session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
> >  	/* hfv ovd offset location is stored in iv.offset value*/
> > -	session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> > +	if (cipher_xform)
> > +		session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> >
> >  	cipherdata.key = (size_t)session->cipher_key.data;
> >  	cipherdata.keylen = session->cipher_key.length;
> > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> > index 88d31de0a6..2e136d7929 100644
> > --- a/lib/security/rte_security.h
> > +++ b/lib/security/rte_security.h
> > @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
> >  enum rte_security_pdcp_domain {
> >  	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control
> > plane */
> >  	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
> > +	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac
> > */
> >  };
> >
> >  /** PDCP Frame direction */
> > --
> > 2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v4 0/5] support of MAC-I
  2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
  2021-09-08 12:15         ` [dpdk-dev] [EXT] " Akhil Goyal
@ 2021-09-08 12:51         ` Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP Gagandeep Singh
                             ` (5 more replies)
  1 sibling, 6 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:51 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This series add support of Message Authentication Code
- Integrity on DPAAX platforms.

v2-change-log:
* update commit message
* merged an existing patch with this series:
https://patches.dpdk.org/project/dpdk/patch/20210825081837.23830-1-hemant.agrawal@nxp.com/mbox/

v3-change-log:
* updated release notes

v4-change-log:
* move the dpaa2_sec changes from first patch to a separate patch

Gagandeep Singh (3):
  test/crypto: add pdcp security short MAC-I support
  crypto/dpaa2_sec: add PDCP short MAC-I support
  crypto/dpaa_sec: add pdcp short MAC-I support

Hemant Agrawal (2):
  crypto/dpaa2_sec: support integrity only case for PDCP
  security: add pdcp short MAC-I support

 app/test-crypto-perf/cperf_options_parsing.c  |   8 +-
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 doc/guides/prog_guide/rte_security.rst        |  11 +-
 doc/guides/rel_notes/release_21_11.rst        |   8 ++
 doc/guides/tools/cryptoperf.rst               |   2 +-
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +++--
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |   9 ++
 drivers/crypto/dpaa_sec/dpaa_sec.c            |   3 +
 drivers/crypto/dpaa_sec/dpaa_sec.h            |  11 +-
 lib/security/rte_security.h                   |   1 +
 11 files changed, 218 insertions(+), 17 deletions(-)

-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
@ 2021-09-08 12:51           ` Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 2/5] security: add pdcp short MAC-I support Gagandeep Singh
                             ` (4 subsequent siblings)
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:51 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Hemant Agrawal, Gagandeep Singh

From: Hemant Agrawal <hemant.agrawal@nxp.com>

To support short MAC-I, integrity only case is required
to be supported for PDCP.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 +++++++++++----------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index d6a101499a..b8d57c2b22 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
 	struct rte_crypto_sym_xform *xform = conf->crypto_xform;
 	struct rte_crypto_auth_xform *auth_xform = NULL;
-	struct rte_crypto_cipher_xform *cipher_xform;
+	struct rte_crypto_cipher_xform *cipher_xform = NULL;
 	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
 	struct ctxt_priv *priv;
 	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	flc = &priv->flc_desc[0].flc;
 
 	/* find xfrm types */
-	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
-		cipher_xform = &xform->cipher;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
-		   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
-		session->ext_params.aead_ctxt.auth_cipher_text = true;
+	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
 		cipher_xform = &xform->cipher;
-		auth_xform = &xform->next->auth;
-	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
-		   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
-		session->ext_params.aead_ctxt.auth_cipher_text = false;
-		cipher_xform = &xform->next->cipher;
+		if (xform->next != NULL) {
+			session->ext_params.aead_ctxt.auth_cipher_text = true;
+			auth_xform = &xform->next->auth;
+		}
+	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
 		auth_xform = &xform->auth;
+		if (xform->next != NULL) {
+			session->ext_params.aead_ctxt.auth_cipher_text = false;
+			cipher_xform = &xform->next->cipher;
+		}
 	} else {
 		DPAA2_SEC_ERR("Invalid crypto type");
 		return -EINVAL;
@@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 	session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
 	session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
 	/* hfv ovd offset location is stored in iv.offset value*/
-	session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+	if (cipher_xform)
+		session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
 
 	cipherdata.key = (size_t)session->cipher_key.data;
 	cipherdata.keylen = session->cipher_key.length;
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v4 2/5] security: add pdcp short MAC-I support
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP Gagandeep Singh
@ 2021-09-08 12:51           ` Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add pdcp security " Gagandeep Singh
                             ` (3 subsequent siblings)
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:51 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Hemant Agrawal, Gagandeep Singh

From: Hemant Agrawal <hemant.agrawal@nxp.com>

This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treaty as special case with PDCP protocol offload support.

ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.

MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 app/test-crypto-perf/cperf_options_parsing.c |  8 +++++++-
 doc/guides/prog_guide/rte_security.rst       | 11 ++++++++++-
 doc/guides/tools/cryptoperf.rst              |  2 +-
 lib/security/rte_security.h                  |  1 +
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56cfaa..0348972c85 100644
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
 
 const char *cperf_pdcp_domain_strs[] = {
 	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
-	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
+	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
+	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
 };
 
 static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
 			cperf_pdcp_domain_strs
 			[RTE_SECURITY_PDCP_MODE_DATA],
 			RTE_SECURITY_PDCP_MODE_DATA
+		},
+		{
+			cperf_pdcp_domain_strs
+			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+			RTE_SECURITY_PDCP_MODE_SHORT_MAC
 		}
 	};
 
diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a78f..ad92c16868 100644
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017,2020 NXP
+    Copyright 2017,2020-2021 NXP
 
 
 
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
                 },
                 .crypto_capabilities = pmd_capabilities
         },
+	{ /* PDCP Lookaside Protocol offload short MAC-I */
+                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+                .pdcp = {
+                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+                        .capa_flags = 0
+                },
+                .crypto_capabilities = pmd_capabilities
+        },
         {
                 .action = RTE_SECURITY_ACTION_TYPE_NONE
         }
diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be3109054d..9a7b990596 100644
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -318,7 +318,7 @@ The following are the application command-line options:
 
 * ``--pdcp-domain <control/user>``
 
-        Set PDCP domain to specify Control/user plane.
+        Set PDCP domain to specify short_mac/control/user plane.
 
 * ``--docsis-hdr-sz <n>``
 
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de0a6..2e136d7929 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
 enum rte_security_pdcp_domain {
 	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control plane */
 	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
+	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac */
 };
 
 /** PDCP Frame direction */
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v4 3/5] test/crypto: add pdcp security short MAC-I support
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 2/5] security: add pdcp short MAC-I support Gagandeep Singh
@ 2021-09-08 12:51           ` Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
                             ` (2 subsequent siblings)
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:51 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add support to test the pdcp short mac
packets support in crypto.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 app/test/test_cryptodev.c                     |  48 ++++++++
 ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
 2 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/app/test/test_cryptodev.c b/app/test/test_cryptodev.c
index 9e823db1e6..16d770a17f 100644
--- a/app/test/test_cryptodev.c
+++ b/app/test/test_cryptodev.c
@@ -8767,6 +8767,50 @@ test_PDCP_SDAP_PROTO_encap_all(void)
 	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
 }
 
+static int
+test_PDCP_PROTO_short_mac(void)
+{
+	int i = 0, size = 0;
+	int err, all_err = TEST_SUCCESS;
+	const struct pdcp_short_mac_test *cur_test;
+
+	size = RTE_DIM(list_pdcp_smac_tests);
+
+	for (i = 0; i < size; i++) {
+		cur_test = &list_pdcp_smac_tests[i];
+		err = test_pdcp_proto(
+			i, 0, RTE_CRYPTO_CIPHER_OP_ENCRYPT,
+			RTE_CRYPTO_AUTH_OP_GENERATE, cur_test->data_in,
+			cur_test->in_len, cur_test->data_out,
+			cur_test->in_len + ((cur_test->auth_key) ? 4 : 0),
+			RTE_CRYPTO_CIPHER_NULL, NULL,
+			0, cur_test->param.auth_alg,
+			cur_test->auth_key, cur_test->param.auth_key_len,
+			0, cur_test->param.domain, 0, 0,
+			0, 0, 0);
+		if (err) {
+			printf("\t%d) %s: Short MAC test failed\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			err = TEST_FAILED;
+		} else {
+			printf("\t%d) %s: Short MAC test PASS\n",
+					cur_test->test_idx,
+					cur_test->param.name);
+			rte_hexdump(stdout, "MAC I",
+				    cur_test->data_out + cur_test->in_len + 2,
+				    2);
+			err = TEST_SUCCESS;
+		}
+		all_err += err;
+	}
+
+	printf("Success: %d, Failure: %d\n", size + all_err, -all_err);
+
+	return (all_err == TEST_SUCCESS) ? TEST_SUCCESS : TEST_FAILED;
+
+}
+
 static int
 test_PDCP_SDAP_PROTO_decap_all(void)
 {
@@ -14039,6 +14083,8 @@ static struct unit_test_suite cryptodev_snow3g_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_5),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_snow3g_encryption_test_case_1_oop),
 		TEST_CASE_ST(ut_setup, ut_teardown,
@@ -14279,6 +14325,8 @@ static struct unit_test_suite cryptodev_kasumi_testsuite  = {
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_decryption_test_case_1_oop),
 
+		TEST_CASE_ST(ut_setup, ut_teardown,
+			test_PDCP_PROTO_short_mac),
 		TEST_CASE_ST(ut_setup, ut_teardown,
 			test_kasumi_cipher_auth_test_case_1),
 
diff --git a/app/test/test_cryptodev_security_pdcp_test_vectors.h b/app/test/test_cryptodev_security_pdcp_test_vectors.h
index 703076479d..81fd6e606b 100644
--- a/app/test/test_cryptodev_security_pdcp_test_vectors.h
+++ b/app/test/test_cryptodev_security_pdcp_test_vectors.h
@@ -1,7 +1,7 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
  * Copyright (C) 2015-2016 Freescale Semiconductor,Inc.
- * Copyright 2018-2019 NXP
+ * Copyright 2018-2021 NXP
  */
 
 #ifndef SECURITY_PDCP_TEST_VECTOR_H_
@@ -28,6 +28,109 @@ struct pdcp_test_param {
 	const char *name;
 };
 
+struct pdcp_short_mac_test {
+	uint32_t test_idx;
+	struct pdcp_short_mac_test_param {
+		enum rte_security_pdcp_domain domain;
+		enum rte_crypto_auth_algorithm auth_alg;
+		uint8_t auth_key_len;
+		const char *name;
+	} param;
+	const uint8_t *auth_key;
+	const uint8_t *data_in;
+	uint32_t in_len;
+	const uint8_t *data_out;
+};
+
+static const struct pdcp_short_mac_test list_pdcp_smac_tests[] = {
+	{
+		.test_idx = 1,
+		.param = {.name = "PDCP-SMAC SNOW3G UIA2",
+			.auth_alg = RTE_CRYPTO_AUTH_SNOW3G_UIA2,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2b, 0xd6, 0x45, 0x9f, 0x82, 0xc5,
+					 0xb3, 0x00, 0x95, 0x2c, 0x49, 0x10,
+					 0x48, 0x81, 0xff, 0x48 },
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x56, 0xd2, 0x09, 0xae },
+	},
+
+	{
+		.test_idx = 2,
+		.param = {.name = "PDCP-SMAC AES CMAC 1",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x00, 0x00, 0x00 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x13, 0xf8, 0x4b, 0xea },
+	},
+
+	{
+		.test_idx = 3,
+		.param = {.name = "PDCP-SMAC AES CMAC 2",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x16, 0xc1, 0x98, 0x14,  0x9a, 0x2c,
+					 0xf4, 0x12, 0x4f, 0xd4, 0x14, 0xec,
+					 0x72, 0x43, 0x29, 0x04 },
+		.data_in = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					0x09, 0xe4 },
+		.in_len = 8,
+		.data_out = (uint8_t[]){ 0x00, 0xc0, 0x00, 0x00, 0x00, 0x05,
+					 0x09, 0xe4, 0xdd, 0xff, 0xde, 0xa9 },
+	},
+
+	{
+		.test_idx = 4,
+		.param = {.name = "PDCP-SMAC AES CMAC 3",
+			.auth_alg = RTE_CRYPTO_AUTH_AES_CMAC,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0xD3, 0xC5, 0xD5, 0x92, 0x32, 0x7F,
+					 0xB1, 0x1C, 0x40, 0x35, 0xC6, 0x68,
+					 0x0A, 0xF8, 0xC6, 0xD3 },
+		.data_in = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					0x00 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+					 0x00, 0x23, 0xea, 0x95, 0xb0 },
+	},
+
+	{
+		.test_idx = 5,
+		.param = {.name = "PDCP-SMAC NULL",
+			.auth_alg = RTE_CRYPTO_AUTH_NULL,
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.auth_key_len = 16,
+		},
+		.auth_key = (uint8_t[]){ 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5,
+					 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10,
+					 0x48, 0x81, 0xFF, 0x48
+		},
+		.data_in = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					0x38 },
+		.in_len = 7,
+		.data_out = (uint8_t[]){ 0x33, 0x32, 0x34, 0x62, 0x63, 0x39,
+					 0x38, 0x00, 0x00, 0x00, 0x00 },
+	},
+
+};
+
 static struct pdcp_test_param pdcp_test_params[] = {
 	{
 	 .name =
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v4 4/5] crypto/dpaa2_sec: add PDCP short MAC-I support
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
                             ` (2 preceding siblings ...)
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add pdcp security " Gagandeep Singh
@ 2021-09-08 12:51           ` Gagandeep Singh
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
  2021-09-08 15:21           ` [dpdk-dev] [EXT] [PATCH v4 0/5] support of MAC-I Akhil Goyal
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:51 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add PDCP short mac support in dpaa2_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 doc/guides/rel_notes/release_21_11.rst      | 4 ++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 4 ++++
 drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h   | 9 +++++++++
 3 files changed, 17 insertions(+)

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index 50e4fb1205..b7e5128be5 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -77,6 +77,10 @@ New Features
 
   * Added DES-CBC, AES-XCBC-MAC, AES-CMAC and non-HMAC algo support.
 
+* **Updated NXP dpaa2_sec crypto PMD.**
+
+  * Added PDCP short MAC-I support.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
index b8d57c2b22..dfa72f3f93 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
@@ -3309,6 +3309,10 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
 					pdcp_xform->hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+
+	} else if (pdcp_xform->domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		bufsize = cnstr_shdsc_pdcp_short_mac(priv->flc_desc[0].desc,
+						     1, swap, &authdata);
 	} else {
 		if (session->dir == DIR_ENC) {
 			if (pdcp_xform->sdap_enabled)
diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
index 7dbc69f6cb..8dee0a4bda 100644
--- a/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
+++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h
@@ -941,6 +941,15 @@ static const struct rte_security_capability dpaa2_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa2_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa2_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* [dpdk-dev] [PATCH v4 5/5] crypto/dpaa_sec: add pdcp short MAC-I support
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
                             ` (3 preceding siblings ...)
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
@ 2021-09-08 12:51           ` Gagandeep Singh
  2021-09-08 15:21           ` [dpdk-dev] [EXT] [PATCH v4 0/5] support of MAC-I Akhil Goyal
  5 siblings, 0 replies; 29+ messages in thread
From: Gagandeep Singh @ 2021-09-08 12:51 UTC (permalink / raw)
  To: gakhil, dev; +Cc: thomas, Gagandeep Singh

This patch add pdcp security short MAC-I support for
dpaa_sec driver.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
---
 doc/guides/rel_notes/release_21_11.rst |  4 ++++
 drivers/crypto/dpaa_sec/dpaa_sec.c     |  3 +++
 drivers/crypto/dpaa_sec/dpaa_sec.h     | 11 ++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index b7e5128be5..7a07161f9d 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -81,6 +81,10 @@ New Features
 
   * Added PDCP short MAC-I support.
 
+* **Updated NXP dpaa_sec crypto PMD.**
+
+  * Added PDCP short MAC-I support.
+
 
 Removed Items
 -------------
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.c b/drivers/crypto/dpaa_sec/dpaa_sec.c
index fa4d276ead..d5aa2748d6 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.c
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.c
@@ -311,6 +311,9 @@ dpaa_sec_prep_pdcp_cdb(dpaa_sec_session *ses)
 					ses->pdcp.hfn_threshold,
 					&cipherdata, &authdata,
 					0);
+	} else if (ses->pdcp.domain == RTE_SECURITY_PDCP_MODE_SHORT_MAC) {
+		shared_desc_len = cnstr_shdsc_pdcp_short_mac(cdb->sh_desc,
+						     1, swap, &authdata);
 	} else {
 		if (ses->dir == DIR_ENC) {
 			if (ses->pdcp.sdap_enabled)
diff --git a/drivers/crypto/dpaa_sec/dpaa_sec.h b/drivers/crypto/dpaa_sec/dpaa_sec.h
index c94d78e046..503047879e 100644
--- a/drivers/crypto/dpaa_sec/dpaa_sec.h
+++ b/drivers/crypto/dpaa_sec/dpaa_sec.h
@@ -1,6 +1,6 @@
 /* SPDX-License-Identifier: BSD-3-Clause
  *
- *   Copyright 2016-2020 NXP
+ *   Copyright 2016-2021 NXP
  *
  */
 
@@ -958,6 +958,15 @@ static const struct rte_security_capability dpaa_sec_security_cap[] = {
 		},
 		.crypto_capabilities = dpaa_pdcp_capabilities
 	},
+	{ /* PDCP Lookaside Protocol offload Short MAC */
+		.action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+		.protocol = RTE_SECURITY_PROTOCOL_PDCP,
+		.pdcp = {
+			.domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+			.capa_flags = 0
+		},
+		.crypto_capabilities = dpaa_pdcp_capabilities
+	},
 	{
 		.action = RTE_SECURITY_ACTION_TYPE_NONE
 	}
-- 
2.25.1


^ permalink raw reply	[flat|nested] 29+ messages in thread

* Re: [dpdk-dev] [EXT] [PATCH v4 0/5] support of MAC-I
  2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
                             ` (4 preceding siblings ...)
  2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
@ 2021-09-08 15:21           ` Akhil Goyal
  5 siblings, 0 replies; 29+ messages in thread
From: Akhil Goyal @ 2021-09-08 15:21 UTC (permalink / raw)
  To: Gagandeep Singh, dev; +Cc: thomas



> -----Original Message----- 
> ----------------------------------------------------------------------
> This series add support of Message Authentication Code
> - Integrity on DPAAX platforms.
> 
> v2-change-log:
> * update commit message
> * merged an existing patch with this series:
> https://urldefense.proofpoint.com/v2/url?u=https-
> 3A__patches.dpdk.org_project_dpdk_patch_20210825081837.23830-2D1-
> 2Dhemant.agrawal-
> 40nxp.com_mbox_&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl
> _PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=uVb88j-BcZCOk-
> dj_YN250HwoG6vE4oaTbdZ0crhu_o&s=ke0c8NuRQj2AR4pX7yDDk5gytngbs6
> O1D6Urd1Xk5qk&e=
> 
> v3-change-log:
> * updated release notes
> 
> v4-change-log:
> * move the dpaa2_sec changes from first patch to a separate patch
> 
> Gagandeep Singh (3):
>   test/crypto: add pdcp security short MAC-I support
>   crypto/dpaa2_sec: add PDCP short MAC-I support
>   crypto/dpaa_sec: add pdcp short MAC-I support
> 
> Hemant Agrawal (2):
>   crypto/dpaa2_sec: support integrity only case for PDCP
>   security: add pdcp short MAC-I support
> 
>  app/test-crypto-perf/cperf_options_parsing.c  |   8 +-
>  app/test/test_cryptodev.c                     |  48 ++++++++
>  ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++-
>  doc/guides/prog_guide/rte_security.rst        |  11 +-
>  doc/guides/rel_notes/release_21_11.rst        |   8 ++
>  doc/guides/tools/cryptoperf.rst               |   2 +-
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c   |  29 +++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h     |   9 ++
>  drivers/crypto/dpaa_sec/dpaa_sec.c            |   3 +
>  drivers/crypto/dpaa_sec/dpaa_sec.h            |  11 +-
>  lib/security/rte_security.h                   |   1 +
>  11 files changed, 218 insertions(+), 17 deletions(-)
> 
Series Acked-by: Akhil Goyal <gakhil@marvell.com>

Applied to dpdk-next-crypto

Thanks.

^ permalink raw reply	[flat|nested] 29+ messages in thread

end of thread, other threads:[~2021-09-08 15:22 UTC | newest]

Thread overview: 29+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-26 11:23 [dpdk-dev] [PATCH 0/5] support of MAC-I Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
2021-09-02 11:38   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-26 11:23 ` [dpdk-dev] [PATCH 2/5] security: add pdcp short MAC-I support Gagandeep Singh
2021-09-02 11:34   ` [dpdk-dev] [EXT] " Akhil Goyal
2021-08-26 11:23 ` [dpdk-dev] [PATCH 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-08-26 11:23 ` [dpdk-dev] [PATCH 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07  8:56 ` [dpdk-dev] [PATCH v2 0/5] support of MAC-I Gagandeep Singh
2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 1/5] common/dpaax: fix IV value for shortMAC-I for SNOW algo Gagandeep Singh
2021-09-08 12:01     ` [dpdk-dev] [PATCH v3 0/4] support of MAC-I Gagandeep Singh
2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I Gagandeep Singh
2021-09-08 12:15         ` [dpdk-dev] [EXT] " Akhil Goyal
2021-09-08 12:33           ` Gagandeep Singh
2021-09-08 12:51         ` [dpdk-dev] [PATCH v4 0/5] support of MAC-I Gagandeep Singh
2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 1/5] crypto/dpaa2_sec: support integrity only case for PDCP Gagandeep Singh
2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 2/5] security: add pdcp short MAC-I support Gagandeep Singh
2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 3/5] test/crypto: add pdcp security " Gagandeep Singh
2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-08 12:51           ` [dpdk-dev] [PATCH v4 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-08 15:21           ` [dpdk-dev] [EXT] [PATCH v4 0/5] support of MAC-I Akhil Goyal
2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 2/4] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 3/4] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-08 12:01       ` [dpdk-dev] [PATCH v3 4/4] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I Gagandeep Singh
2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 3/5] test/crypto: add pdcp security short MAC-I support Gagandeep Singh
2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 4/5] crypto/dpaa2_sec: add PDCP " Gagandeep Singh
2021-09-07  8:56   ` [dpdk-dev] [PATCH v2 5/5] crypto/dpaa_sec: add pdcp " Gagandeep Singh
2021-09-07 11:46   ` [dpdk-dev] [EXT] [PATCH v2 0/5] support of MAC-I Akhil Goyal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).