From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 547B6A0C56; Wed, 8 Sep 2021 14:15:18 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id DFEB141140; Wed, 8 Sep 2021 14:15:17 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id AF18040E25 for ; Wed, 8 Sep 2021 14:15:15 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 1889r4gA000992; Wed, 8 Sep 2021 05:15:14 -0700 Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2174.outbound.protection.outlook.com [104.47.57.174]) by mx0b-0016f401.pphosted.com with ESMTP id 3axtxc0e43-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 08 Sep 2021 05:15:13 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mzq0+S8BdDLGPKNr87NhNGH9Cv4Y1b8U/2TzmsQ9mW2uSZJ7qnntn/fF6D4onpG89Nrc5aaACituTPddVsCxp7Y2HFaWZKka+LoGRuVxcA0qDDp/gMrAo5Gaa2FcpMdRrcbJIyqIlTGmaL6mp9ir+zj5hl8D04wMqe6ap59gZqSjXIvHImSbo5PeEp3AqNgVK5J2ngwjAOfZdNHqjZccL6pa69lOwheiVZxlEBvtPwYwo3LyrC/B9BD7tah2fcx9YCBnnPMbljioXYkHxXRFdK4500wP8EMPlc/pM2jBPbxAOTXJhV1viH6fCfFQkW92englmPh5jPbMJ610yg9GXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=G2GXGOGvr1C9QRvEI5z0lst59WNj5jnVpCqAQ0tAFMc=; b=FaSPM+fZjYSOQcei0jfOQI6phHTxajWjZnvVtBZ+iHWHRoJFg+EIH8UxcIKPFQWS386FAsta0WMNQZ0BvvVpQZse51+KYNznw1d8SvuzDsYFBpBPyBbueQLjxxF3yXfeQdxUxW3sIa+lsBFBkTGCeCNTF9rm8sLSZl61DQ3cbIQh+5RsGqp+nJPTCd4gj6Z5vPBpSxRt4ZX373klmOgTrHde2riN/w9tCYj7WgYjW4i3B8R7+8VoKdCPVyShb0ZJZOAcH8lbdMWSEDZ6grnbbH7DhNN7AaO3kkNzvIESQ7NYfD/CBnIAZY19Ro0Ql7rgHTlggrLkvS9L4x3XY5hWIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G2GXGOGvr1C9QRvEI5z0lst59WNj5jnVpCqAQ0tAFMc=; b=JcxYvmspEGx6/K/XpqcUJdB9DSvFLLKLL8yg7nBe8t4Mq3bKE7+u5SCAvIpoY8E+EkSmhteeIwycwO/IzdBXFKqK0DMCn8agsBlft1bP1H80ixBQ317kJ7V2r7hnfLUFJRO++ulrFGydKDmqyatYXlC9c/BkirfYdbFD5Ft9zbo= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by CO1PR18MB4665.namprd18.prod.outlook.com (2603:10b6:303:e4::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.22; Wed, 8 Sep 2021 12:15:12 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::411f:5b87:321e:de29]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::411f:5b87:321e:de29%3]) with mapi id 15.20.4478.026; Wed, 8 Sep 2021 12:15:12 +0000 From: Akhil Goyal To: Gagandeep Singh , "dev@dpdk.org" CC: "thomas@monjalon.net" , Hemant Agrawal Thread-Topic: [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I Thread-Index: AQHXpKlKa80cvCWppkS3PkIsYDWYk6uaDGqw Date: Wed, 8 Sep 2021 12:15:12 +0000 Message-ID: References: <20210907085605.3010882-2-g.singh@nxp.com> <20210908120115.3548009-1-g.singh@nxp.com> <20210908120115.3548009-2-g.singh@nxp.com> In-Reply-To: <20210908120115.3548009-2-g.singh@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=none action=none header.from=marvell.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d3d9ddbf-1295-4eeb-5d04-08d972c24ee5 x-ms-traffictypediagnostic: CO1PR18MB4665: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: N/hoDIBYc7hgZ4/sxQf8xa3H5yHUvfLFnO3yX2R1lVkbZRH0SBJWeMlUTho67cCh4swcQEix81T7UyEI1LQ/u2IDPN/0v+g+AkAIkfUSAPAHtO3N8Yc6pH4zVenfXmrNkfgN62Fn7HEmiY1jP5KndhlHAuTduXHIhPwMMjCOPi8CzepAIsdNZqZs6/xmkujzEDH+L/t7pxsgh7ET9USkl5AviWdvFbfccMKcBJP8AgPdG9t8iadZLdazFohURb0uFqPQnrKXE6x8pzqgIbSLauAl8cigTak/emADyu8Nl3WaODAyxMYUjhOfTUciZwsNrGLN+M15YthNCKHjOlQbuu/oOSB3lwNxht3Y1nBerb1rAjzly6K9YS1KGrlT4gsx7mXV59pmBsL+qdCqo9FooU4jHng8YZ2jNkYSH3H6MK8N41l8B06LB/CwT2pGRVZDOAM9nCalVftr37IdeDLSdoK21ice5k1m6fyxVFiRBJyXayVWnIkge4id0o0YXqWQQtcRxpxxNggE28KpJ7ZzgsDvlrRP0QctL/GFlk/R/BVXk5HX/3z63zdUhaWuGTWI5+Bo1IYUyBfsOEFCwUCyhHfl2VcYy01FiSaBAaLXKS0xW5NiyJpJj/Y1fXleeItDVRlljhMZP1Zuf4XIECdWPeR3G20fYlU+ZyBCael9Nip39ogxKl1xNTdRGZatnWVbUh0Cp/ujOQdQ/tkoWVCZsg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(71200400001)(2906002)(33656002)(316002)(122000001)(66476007)(7696005)(38070700005)(5660300002)(8676002)(186003)(52536014)(8936002)(508600001)(38100700002)(66446008)(55236004)(55016002)(4326008)(64756008)(9686003)(66556008)(86362001)(76116006)(26005)(15650500001)(83380400001)(6506007)(66946007)(54906003)(110136005); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?YskX/wWH9sNFlk74bQpZzDzy258bIg3sw22ya1l0wXDY8nS5CB3nB6g7wswe?= =?us-ascii?Q?rH+nB7V7osgOptq0jp2tNG8MKZ+wnvxqND4vBOVNT45+JVb1j8Ikg7DhKBC7?= =?us-ascii?Q?W610w6kkv/jf44aQ+XrfkIGdNwE61Wmn42WEnIPHnd/7nAfDYSv/1KRhwTPM?= =?us-ascii?Q?KAtfb1wXdnXliZjdnBGA/dPPs/hK93hC3uMt1b1c7PYUm+hI6CpB5YLK/rAE?= =?us-ascii?Q?1xNonTtQ0MYL+NVKWAMnISxGGvHrzBAE8IlksXWNumYKEqLYOEI7ngvtR0Xd?= =?us-ascii?Q?s/F8cN7RvBHTyyG60/Nrie4Tm5MKA+c/B4xtPMQoMSZRMeh9VBde4Moip1tD?= =?us-ascii?Q?OCEI9vvFrbQneJlIp4irgTqkVTwPdxAWBslxSqhpZGhOv63kr8h7Mo9JuFLe?= =?us-ascii?Q?JQZWSKtINzSH+rBAmIcKIGvreaGdOHpIRTA0kCu37KVKt3YAuZ8QhzHxBWLQ?= =?us-ascii?Q?xHSKJV36x+7tsu7QKGHK0LxGGNEdKT2ajjg/8Ocr8rZ32/OmwnHzNum5SdjO?= =?us-ascii?Q?NRIEUL0xPKbj0xs3tq2gyelj9V6ByHjJR/7WynkMmY6m8h54MpvPWpi8h89v?= =?us-ascii?Q?kdmD5xWbWKjj6kC1s1MJ4hCpwBYpZaSkg7O2+LbXYuNMIi8booBFceVAll+o?= =?us-ascii?Q?XvJCjTLzqVe5C2+B93hyjTtCJbNgb+ROTwUsOVQRLRkpnjP+5u2byzeGSB91?= =?us-ascii?Q?rTLVjDE83mJ/8H2EXSrCCjfQfDna6M3yoTAazvjvg9ebwXRkGTucfE6Dv9gy?= =?us-ascii?Q?16Ea82z+ZyP8rWrsdQPeDAwbYiWSRHXuGZWegMbBTulNaieDDNdEP/yl5qdG?= =?us-ascii?Q?QpW7QtMyqmlmg/mXG2Cqr7CiLKwoj+AW7Bs/LrcVoRXigkXNEbJRakS7Q0Q5?= =?us-ascii?Q?1rrc7zQtokox4XGjlhg4BRTFXyHl3CGdggzjFAO5rU3ac51nGSsKI8D1X27f?= =?us-ascii?Q?CLMkLNWXCo7kISX9zn1k4Ha+clBse2/I1rkkdMzFvzKhMrcXaHuJsXgHw/tq?= =?us-ascii?Q?JkwzERm78z0wp5B2rO5DHSj1IU1W2o1j8nvDTjsRASi3WE50K3B28lDbZFUf?= =?us-ascii?Q?e18q4msiMA3JDnwzjOmvTgrOxnvPUP3dX5OpozlPxtQnoy9gORkzMeRcUUW5?= =?us-ascii?Q?3j0fsDKiN5ap09AaJ7dTCYY9O1E2R4ufbThC8WtmDABHbb3QO2m9VFePfES1?= =?us-ascii?Q?9X7V+m1C2QDm5XVlhnc70FwsQfyUD+wvR6zHn6Denf+se/qWA6/mKNj3sGZC?= =?us-ascii?Q?oyQm754hqcXTC3BLzzMiv1si/fhpt21QBy963wT61I57K28k2TAiBoaab6Zx?= =?us-ascii?Q?TpcCrh0ryyICJfmC3J2gw9Cg?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d3d9ddbf-1295-4eeb-5d04-08d972c24ee5 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2021 12:15:12.0600 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 3knzd+zs7hHgv7m0FSlAnLaDmuMenKDaXT9+TOe6iZiW4UhHl5XEP5pU9IDlbPFs7FfONO8huZ6QgKeEu4Uwjg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR18MB4665 X-Proofpoint-ORIG-GUID: KqHNHWe0d57JEGB9i_igCGPoJ2htoZ31 X-Proofpoint-GUID: KqHNHWe0d57JEGB9i_igCGPoJ2htoZ31 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-08_05,2021-09-07_02,2020-04-07_01 Subject: Re: [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > From: Hemant Agrawal >=20 > This patch add support to handle PDCP short MAC-I domain > along with standard control and data domains as it has to > be treated as special case with PDCP protocol offload support. >=20 > ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually > when a RRC message is exchanged between UE and eNodeB it is integrity & > ciphered protected. >=20 > MAC-I =3D f(key, varShortMAC-I, count, bearer, direction). > Here varShortMAC-I is prepared by using (current cellId, pci of source ce= ll > and C-RNTI of old cell). Other parameters like count, bearer and > direction set to all 1. >=20 > Signed-off-by: Gagandeep Singh > Signed-off-by: Hemant Agrawal > --- > app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++- > doc/guides/prog_guide/rte_security.rst | 11 ++++++++- > doc/guides/tools/cryptoperf.rst | 4 ++-- > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++---------- Why is the dpaa2_sec patch squashed in this patch? I asked to have it as a separate patch in this series instead of the dpaa_s= ec series. > lib/security/rte_security.h | 1 + > 5 files changed, 33 insertions(+), 16 deletions(-) >=20 > diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-cryp= to- > perf/cperf_options_parsing.c > index e84f56cfaa..0348972c85 100644 > --- a/app/test-crypto-perf/cperf_options_parsing.c > +++ b/app/test-crypto-perf/cperf_options_parsing.c > @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const > char *arg) >=20 > const char *cperf_pdcp_domain_strs[] =3D { > [RTE_SECURITY_PDCP_MODE_CONTROL] =3D "control", > - [RTE_SECURITY_PDCP_MODE_DATA] =3D "data" > + [RTE_SECURITY_PDCP_MODE_DATA] =3D "data", > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] =3D "short_mac" > }; >=20 > static int > @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, > const char *arg) > cperf_pdcp_domain_strs > [RTE_SECURITY_PDCP_MODE_DATA], > RTE_SECURITY_PDCP_MODE_DATA > + }, > + { > + cperf_pdcp_domain_strs > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC], > + RTE_SECURITY_PDCP_MODE_SHORT_MAC > } > }; >=20 > diff --git a/doc/guides/prog_guide/rte_security.rst > b/doc/guides/prog_guide/rte_security.rst > index f72bc8a78f..ad92c16868 100644 > --- a/doc/guides/prog_guide/rte_security.rst > +++ b/doc/guides/prog_guide/rte_security.rst > @@ -1,5 +1,5 @@ > .. SPDX-License-Identifier: BSD-3-Clause > - Copyright 2017,2020 NXP > + Copyright 2017,2020-2021 NXP >=20 >=20 >=20 > @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol. > }, > .crypto_capabilities =3D pmd_capabilities > }, > + { /* PDCP Lookaside Protocol offload short MAC-I */ > + .action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, > + .protocol =3D RTE_SECURITY_PROTOCOL_PDCP, > + .pdcp =3D { > + .domain =3D RTE_SECURITY_PDCP_MODE_SHORT_MAC, > + .capa_flags =3D 0 > + }, > + .crypto_capabilities =3D pmd_capabilities > + }, > { > .action =3D RTE_SECURITY_ACTION_TYPE_NONE > } > diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoper= f.rst > index be3109054d..d3963f23e3 100644 > --- a/doc/guides/tools/cryptoperf.rst > +++ b/doc/guides/tools/cryptoperf.rst > @@ -316,9 +316,9 @@ The following are the application command-line > options: > Set PDCP sequence number size(n) in bits. Valid values of n will > be 5/7/12/15/18. >=20 > -* ``--pdcp-domain `` > +* ``--pdcp-domain `` >=20 > - Set PDCP domain to specify Control/user plane. > + Set PDCP domain to specify short_mac/control/user plane. >=20 > * ``--docsis-hdr-sz `` >=20 > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > index d6a101499a..b8d57c2b22 100644 > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > *dev, > struct rte_security_pdcp_xform *pdcp_xform =3D &conf->pdcp; > struct rte_crypto_sym_xform *xform =3D conf->crypto_xform; > struct rte_crypto_auth_xform *auth_xform =3D NULL; > - struct rte_crypto_cipher_xform *cipher_xform; > + struct rte_crypto_cipher_xform *cipher_xform =3D NULL; > dpaa2_sec_session *session =3D (dpaa2_sec_session *)sess; > struct ctxt_priv *priv; > struct dpaa2_sec_dev_private *dev_priv =3D dev->data->dev_private; > @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct > rte_cryptodev *dev, > flc =3D &priv->flc_desc[0].flc; >=20 > /* find xfrm types */ > - if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER && xform- > >next =3D=3D NULL) { > - cipher_xform =3D &xform->cipher; > - } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER && > - xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { > - session->ext_params.aead_ctxt.auth_cipher_text =3D true; > + if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) { > cipher_xform =3D &xform->cipher; > - auth_xform =3D &xform->next->auth; > - } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH && > - xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) { > - session->ext_params.aead_ctxt.auth_cipher_text =3D false; > - cipher_xform =3D &xform->next->cipher; > + if (xform->next !=3D NULL) { > + session->ext_params.aead_ctxt.auth_cipher_text =3D > true; > + auth_xform =3D &xform->next->auth; > + } > + } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { > auth_xform =3D &xform->auth; > + if (xform->next !=3D NULL) { > + session->ext_params.aead_ctxt.auth_cipher_text =3D > false; > + cipher_xform =3D &xform->next->cipher; > + } > } else { > DPAA2_SEC_ERR("Invalid crypto type"); > return -EINVAL; > @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > *dev, > session->pdcp.hfn_threshold =3D pdcp_xform->hfn_threshold; > session->pdcp.hfn_ovd =3D pdcp_xform->hfn_ovrd; > /* hfv ovd offset location is stored in iv.offset value*/ > - session->pdcp.hfn_ovd_offset =3D cipher_xform->iv.offset; > + if (cipher_xform) > + session->pdcp.hfn_ovd_offset =3D cipher_xform->iv.offset; >=20 > cipherdata.key =3D (size_t)session->cipher_key.data; > cipherdata.keylen =3D session->cipher_key.length; > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h > index 88d31de0a6..2e136d7929 100644 > --- a/lib/security/rte_security.h > +++ b/lib/security/rte_security.h > @@ -233,6 +233,7 @@ struct rte_security_macsec_xform { > enum rte_security_pdcp_domain { > RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control > plane */ > RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */ > + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac > */ > }; >=20 > /** PDCP Frame direction */ > -- > 2.25.1