DPDK patches and discussions
 help / color / mirror / Atom feed
From: Akhil Goyal <akhil.goyal@nxp.com>
To: "Coyle, David" <david.coyle@intel.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	"techboard@dpdk.org" <techboard@dpdk.org>
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>,
	"anoobj@marvell.com" <anoobj@marvell.com>,
	"Doherty, Declan" <declan.doherty@intel.com>
Subject: Re: [dpdk-dev] [PATCH 2/7] security: modify PDCP xform to support SDAP
Date: Thu, 8 Oct 2020 09:01:19 +0000
Message-ID: <VI1PR04MB3168367AEE4EA602183ABBC2E60B0@VI1PR04MB3168.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <MN2PR11MB3550870313447A3AB6CE0FEBE30C0@MN2PR11MB3550.namprd11.prod.outlook.com>

Hi David,
> Hi Akhil
> 
> 
> > @@ -693,6 +693,23 @@ PDCP related configuration parameters are defined
> > in ``rte_security_pdcp_xform``
> >          uint32_t hfn;
> >          /** HFN Threshold for key renegotiation */
> >          uint32_t hfn_threshold;
> > +        /** HFN can be given as a per packet value also.
> > +         * As we do not have IV in case of PDCP, and HFN is
> > +         * used to generate IV. IV field can be used to get the
> > +         * per packet HFN while enq/deq.
> > +         * If hfn_ovrd field is set, user is expected to set the
> > +         * per packet HFN in place of IV. PMDs will extract the HFN
> > +         * and perform operations accordingly.
> > +         */
> > +         uint8_t hfn_ovrd;
> > +         /** In case of 5G NR, a new protocol(SDAP) header may be set
> > +          * inside PDCP payload which should be authenticated but not
> > +          * encrypted. Hence, driver should be notified if SDAP is
> > +          * enabled or not, so that SDAP header is not encrypted.
> > +          */
> > +         uint8_t sdap_enabled;
> > +         /** Reserved for future */
> > +         uint16_t reserved;
> >      };
> 
> [DC] Should we consider removing the API code out of the security
> documentation?
> It's a direct copy of the API code itself, and just means 2 files need to be updated
> for every API change.
> And as with 'hfn_ovrd', sometimes it's forgotten.
> From maintainability point of view, it might be better just remove it.

Yes we can remove it. I will remove it in a separate patch.


> 
> >
> >  DOCSIS related configuration parameters are defined in
> > ``rte_security_docsis_xform`` diff --git a/lib/librte_security/rte_security.h
> > b/lib/librte_security/rte_security.h
> > index 16839e539..48b377b20 100644
> > --- a/lib/librte_security/rte_security.h
> > +++ b/lib/librte_security/rte_security.h
> > @@ -1,5 +1,5 @@
> >  /* SPDX-License-Identifier: BSD-3-Clause
> > - * Copyright 2017,2019 NXP
> > + * Copyright 2017,2019-2020 NXP
> >   * Copyright(c) 2017-2020 Intel Corporation.
> >   */
> >
> > @@ -290,7 +290,15 @@ struct rte_security_pdcp_xform {
> >  	 * per packet HFN in place of IV. PMDs will extract the HFN
> >  	 * and perform operations accordingly.
> >  	 */
> > -	uint32_t hfn_ovrd;
> > +	uint8_t hfn_ovrd;
> > +	/** In case of 5G NR, a new protocol(SDAP) header may be set
> 
> [DC] Very minor thing... add space between 'protocol' and '(SDAP)' in the
> comment block.

Sure. Will add it.
> 
Adding Techboard for request for approval of the change in the xform structure to
Add sdap support.


> And same comment for the documentation if you choose to keep the API code
> blocks there too.
> 
> > +	 * inside PDCP payload which should be authenticated but not
> > +	 * encrypted. Hence, driver should be notified if SDAP is
> > +	 * enabled or not, so that SDAP header is not encrypted.
> > +	 */
> > +	uint8_t sdap_enabled;
> > +	/** Reserved for future */
> > +	uint16_t reserved;
> >  };
> >
> >  /** DOCSIS direction */
> > --
> > 2.17.1


  reply	other threads:[~2020-10-08  9:01 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-03 16:06 [dpdk-dev] [PATCH 0/7] support PDCP-SDAP for dpaa2_sec akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 1/7] common/dpaax/caamflib: Support PDCP-SDAP akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 2/7] security: modify PDCP xform to support SDAP akhil.goyal
2020-10-05 18:04   ` Coyle, David
2020-10-08  9:01     ` Akhil Goyal [this message]
2020-09-03 16:06 ` [dpdk-dev] [PATCH 3/7] crypto/dpaa2_sec: enable PDCP-SDAP sessions akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 4/7] crypto/dpaa_sec: " akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 5/7] test/crypto: Add test vectors for PDCP-SDAP akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 6/7] test/crypto: Modify test_pdcp_proto to take parameters akhil.goyal
2020-09-03 16:06 ` [dpdk-dev] [PATCH 7/7] test/crypto: Add PDCP-SDAP cases akhil.goyal
2020-10-11 21:33 ` [dpdk-dev] [PATCH v2 0/8] support PDCP-SDAP for dpaa2_sec Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 1/8] common/dpaax/caamflib: Support PDCP-SDAP Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 2/8] security: modify PDCP xform to support SDAP Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 3/8] doc: remove unnecessary API code from security guide Akhil Goyal
2020-10-11 21:33   ` [dpdk-dev] [PATCH v2 4/8] crypto/dpaa2_sec: enable PDCP-SDAP sessions Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 5/8] crypto/dpaa_sec: " Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 6/8] test/crypto: Add test vectors for PDCP-SDAP Akhil Goyal
2020-10-11 21:49     ` Thomas Monjalon
2020-10-12 14:01       ` Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 7/8] test/crypto: Modify test_pdcp_proto to take parameters Akhil Goyal
2020-10-11 21:34   ` [dpdk-dev] [PATCH v2 8/8] test/crypto: Add PDCP-SDAP cases Akhil Goyal
2020-10-12 14:09   ` [dpdk-dev] [PATCH v3 0/8] support PDCP-SDAP for dpaa2_sec Akhil Goyal
2020-10-12 14:09     ` [dpdk-dev] [PATCH v3 1/8] common/dpaax/caamflib: Support PDCP-SDAP Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 2/8] security: modify PDCP xform to support SDAP Akhil Goyal
2020-10-14  7:46       ` Thomas Monjalon
2020-10-14 20:26         ` Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 3/8] doc: remove unnecessary API code from security guide Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 4/8] crypto/dpaa2_sec: enable PDCP-SDAP sessions Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 5/8] crypto/dpaa_sec: " Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 6/8] test/crypto: Add test vectors for PDCP-SDAP Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 7/8] test/crypto: Modify test_pdcp_proto to take parameters Akhil Goyal
2020-10-12 14:10     ` [dpdk-dev] [PATCH v3 8/8] test/crypto: Add PDCP-SDAP cases Akhil Goyal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=VI1PR04MB3168367AEE4EA602183ABBC2E60B0@VI1PR04MB3168.eurprd04.prod.outlook.com \
    --to=akhil.goyal@nxp.com \
    --cc=anoobj@marvell.com \
    --cc=david.coyle@intel.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=hemant.agrawal@nxp.com \
    --cc=techboard@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git