From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 76196A04B1; Mon, 5 Oct 2020 21:16:15 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AFBC12C58; Mon, 5 Oct 2020 21:16:13 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by dpdk.org (Postfix) with ESMTP id 3D49A2C12 for ; Mon, 5 Oct 2020 21:16:11 +0200 (CEST) IronPort-SDR: mqwde9cXSXGzAr25NPrv256gIp8mQLsb7Sy70fSHC8QlK635qNsgJY3P/YI+vsiuPD/1ylDDH5 PJfqZqBuodNw== X-IronPort-AV: E=McAfee;i="6000,8403,9765"; a="160821805" X-IronPort-AV: E=Sophos;i="5.77,340,1596524400"; d="scan'208";a="160821805" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga102.fm.intel.com with ESMTP; 05 Oct 2020 12:11:57 -0700 IronPort-SDR: 1j4brdna8VRFLoTBUclG9i1zrXzIIBG53sCphw4K9Z5pTSXEwc85lTXkyYv6BxRWGCacPXkrmg sxtv4njOq9sA== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.77,340,1596524400"; d="scan'208";a="517021488" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by fmsmga005.fm.intel.com with ESMTP; 05 Oct 2020 11:06:55 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 5 Oct 2020 11:04:10 -0700 Received: from orsmsx606.amr.corp.intel.com (10.22.229.19) by ORSMSX611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Mon, 5 Oct 2020 11:04:10 -0700 Received: from ORSEDG601.ED.cps.intel.com (10.7.248.6) by orsmsx606.amr.corp.intel.com (10.22.229.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5 via Frontend Transport; Mon, 5 Oct 2020 11:04:10 -0700 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (104.47.56.170) by edgegateway.intel.com (134.134.137.102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1713.5; Mon, 5 Oct 2020 11:04:07 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bCVbKivR/1JpoAWd4VUa80WdVmAiD/UIQtoGbKmTrE+XC0t0ATLlayASSiMyuT4yqklVQWDiJLWANkO0P9N/F9kkBBeeGyLNN50B15c6gIQgPZaeHLLkLRQJUMfzPLjzrQmdl2arKQAM/5OWAf0tXv5nx9j8/DAtAZjQcto8BvcXjLA3Nax/O98dUmr6N76v+xw8PnbD5qhdc/FxYgTK8VBWN1jBHsZy+bqpvMt1QT3gTxVAcux6z858JJL6TCv99dmHGRKBTg9a+cnvyZLoo5KuvXjnPhg4EGdadHAiuXGYxKS8S8Sbk9zkHx36YAV5FLuuCNyMeTagFXW/6H6Ngg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2xp8jHNNfg6MTL4BrCBG7Qs1cuOvyWHQvbfE41deYEQ=; b=Q3bw5E+Gww82gxMxgFq9bwX8ALrzwq0S8CmBMd7LzuI3vFPSxviXOgT0FuQilaB40jtTpLJjJDD15/vHwsnHP3xhEW8zMdE/Pgir8JShsDVmM/NSuBdb/AKxZVZ0PjnXZVZ5DldkStE4HytnwzrWozAO4Lkf23zLvPmH6f3ZqY4mg5ENjHFRIQpjQs+kaL8XttiauooO04mxEJOlbF6uDygJM5BImhmyBclY5pBcW/FCu08BqoLK0tjwQGR4bKdgRa5B0T3oADa9ZSYENcdPquO201WIb2jgXKA39SWH04ehYMia0QbJWNBuWDtG9vZdsYKns0QEP2itNtQGPOji2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2xp8jHNNfg6MTL4BrCBG7Qs1cuOvyWHQvbfE41deYEQ=; b=d/cZYGXPHhcD+yZAeW9IvUMNqDvwuTlnEd/inCd4nvSVTOfiYCAX/npJLGNb1CgEF32A4NOcriXPWTFW5WX2O20xbuvQDh6RPKyRxJtldKeTAlu5dgw1KCmAB+g8Nq2BR6zN8K9SxwUymqH9Uza2bsoMK2Otp/zkJmWr06+BX6A= Received: from MN2PR11MB3550.namprd11.prod.outlook.com (2603:10b6:208:ee::21) by MN2PR11MB3871.namprd11.prod.outlook.com (2603:10b6:208:13c::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.35; Mon, 5 Oct 2020 18:04:03 +0000 Received: from MN2PR11MB3550.namprd11.prod.outlook.com ([fe80::850f:c50e:27f4:a517]) by MN2PR11MB3550.namprd11.prod.outlook.com ([fe80::850f:c50e:27f4:a517%7]) with mapi id 15.20.3433.039; Mon, 5 Oct 2020 18:04:03 +0000 From: "Coyle, David" To: "akhil.goyal@nxp.com" , "dev@dpdk.org" CC: "hemant.agrawal@nxp.com" , "anoobj@marvell.com" , "Doherty, Declan" Thread-Topic: [PATCH 2/7] security: modify PDCP xform to support SDAP Thread-Index: AQHWggxQFiHVdGWY20ueLpPJ8FYVt6mJfIQw Date: Mon, 5 Oct 2020 18:04:02 +0000 Message-ID: References: <20200903160652.31654-1-akhil.goyal@nxp.com> <20200903160652.31654-3-akhil.goyal@nxp.com> In-Reply-To: <20200903160652.31654-3-akhil.goyal@nxp.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-reaction: no-action dlp-version: 11.5.1.3 dlp-product: dlpe-windows authentication-results: nxp.com; dkim=none (message not signed) header.d=none;nxp.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [109.79.52.120] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b13a31ad-5391-4301-09d9-08d869590b18 x-ms-traffictypediagnostic: MN2PR11MB3871: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: vZh738+Ta8OpzWqEgcPlsIPDbUdfS4JtV1JMkCiWAdyu2HlEFbUubDitFs9nvp1owlfGHr3bImht7vrN2DdugGL8f5cZxKFDVjAawe/xAIxEwa+7ny0a3Uza3R5ZWisj3PjHUyKTsxiOtpJ9ClN000NLUww5Khm5o5oTH5oPDV5nRH2ExTDLrYVt0UkuIcss7XqriTTdz8C6cu7CGyBvGwvinwVddDbvRUKWFFfzL1t1eB9yO50YL63aINt0mTlqFD7emicTOzoDA10acHeX3ZAm6LwaPJD5r7DSF6W/WS/sk/Sn9P7gNCkXoXSVOWrJ89nJokAoKf4EEIsmkk5ylw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR11MB3550.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(346002)(39860400002)(396003)(136003)(110136005)(66946007)(2906002)(4326008)(316002)(33656002)(8936002)(76116006)(66556008)(64756008)(478600001)(7696005)(66476007)(5660300002)(15650500001)(54906003)(66446008)(107886003)(71200400001)(6506007)(55016002)(186003)(9686003)(26005)(8676002)(83380400001)(52536014)(86362001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: UQgv7P0i11E/ky+go6JuzdTV/uY7CmiqO//MGXW9RFyu2gR7ssfcGS5PP9VCFjyqk/rOgMAgv7KrTHVHFGwyDdNtDtgNEDUstGg7yiira1llqyXujTOcxIK2kkO7Py7JrV5Mb9pIlHFyU+960H1322c9otSWTF5oA3xAMN2ZmRhyGQ0a11CN3nRheFzM2RZHtu1xqXmmjVGCu7lwWs0ulkNKDyrOjQCghN4SyMwApWYX8EtTlBBsvxtX7jWBPZMPQS7tBl9ELY35PWYRDrjTUchIplAcZmg5FrfjkK+cYNu5FpQZDSlFcr1s1Rd9D9O5OLTG6hStsDwzsx88Asfy41z9BaB/eRFcu6lD+0/ozLk1Gjlhmo6e8r7KxztYBoAStr8Guic+RaqqbeApi0StdYVbMZOZUfW5bfRp2ucUm1c5F2dhVl06IAICL+bKO3v4ar294tSAWUtiUIKc2S4rAexNvfPRHJPNdVlJziwaCuEv7z4W6D+7xEUsPmsmrdZXsm6R7TwSb2g4J+iISpPon0Pz0ap8UKDINhcoRnfyo+s6l/F/DsUSiOf49l/GOxJT0UIbYebA7F7Mew6fe3KPtHuYQKNSV9GL4g4XdnyPAjjSifFqUfgk7ngx38eg8tXcykt8ibdao8ZhZHM6BIjsPA== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR11MB3550.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b13a31ad-5391-4301-09d9-08d869590b18 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Oct 2020 18:04:03.0086 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: ONDZVe2H2iWmbisbV6tXkJe97xmFwZKgY5RIU2Yp0U9bbBOTJM6P6kLoTcCZbDp1HR9XjiuJo6LxfFb1hZbVcQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3871 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 2/7] security: modify PDCP xform to support SDAP X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil > -----Original Message----- > From: akhil.goyal@nxp.com > diff --git a/doc/guides/prog_guide/rte_security.rst > b/doc/guides/prog_guide/rte_security.rst > index 127da2e4f..ab535d1cd 100644 > --- a/doc/guides/prog_guide/rte_security.rst > +++ b/doc/guides/prog_guide/rte_security.rst > @@ -1,5 +1,5 @@ > @@ -693,6 +693,23 @@ PDCP related configuration parameters are defined > in ``rte_security_pdcp_xform`` > uint32_t hfn; > /** HFN Threshold for key renegotiation */ > uint32_t hfn_threshold; > + /** HFN can be given as a per packet value also. > + * As we do not have IV in case of PDCP, and HFN is > + * used to generate IV. IV field can be used to get the > + * per packet HFN while enq/deq. > + * If hfn_ovrd field is set, user is expected to set the > + * per packet HFN in place of IV. PMDs will extract the HFN > + * and perform operations accordingly. > + */ > + uint8_t hfn_ovrd; > + /** In case of 5G NR, a new protocol(SDAP) header may be set > + * inside PDCP payload which should be authenticated but not > + * encrypted. Hence, driver should be notified if SDAP is > + * enabled or not, so that SDAP header is not encrypted. > + */ > + uint8_t sdap_enabled; > + /** Reserved for future */ > + uint16_t reserved; > }; [DC] Should we consider removing the API code out of the security documenta= tion? It's a direct copy of the API code itself, and just means 2 files need to b= e updated for every API change. And as with 'hfn_ovrd', sometimes it's forgotten. >From maintainability point of view, it might be better just remove it. >=20 > DOCSIS related configuration parameters are defined in > ``rte_security_docsis_xform`` diff --git a/lib/librte_security/rte_securi= ty.h > b/lib/librte_security/rte_security.h > index 16839e539..48b377b20 100644 > --- a/lib/librte_security/rte_security.h > +++ b/lib/librte_security/rte_security.h > @@ -1,5 +1,5 @@ > /* SPDX-License-Identifier: BSD-3-Clause > - * Copyright 2017,2019 NXP > + * Copyright 2017,2019-2020 NXP > * Copyright(c) 2017-2020 Intel Corporation. > */ >=20 > @@ -290,7 +290,15 @@ struct rte_security_pdcp_xform { > * per packet HFN in place of IV. PMDs will extract the HFN > * and perform operations accordingly. > */ > - uint32_t hfn_ovrd; > + uint8_t hfn_ovrd; > + /** In case of 5G NR, a new protocol(SDAP) header may be set [DC] Very minor thing... add space between 'protocol' and '(SDAP)' in the c= omment block. And same comment for the documentation if you choose to keep the API code b= locks there too. > + * inside PDCP payload which should be authenticated but not > + * encrypted. Hence, driver should be notified if SDAP is > + * enabled or not, so that SDAP header is not encrypted. > + */ > + uint8_t sdap_enabled; > + /** Reserved for future */ > + uint16_t reserved; > }; >=20 > /** DOCSIS direction */ > -- > 2.17.1