From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 80451A0547; Wed, 8 Sep 2021 14:33:39 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AFE7641140; Wed, 8 Sep 2021 14:33:38 +0200 (CEST) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60064.outbound.protection.outlook.com [40.107.6.64]) by mails.dpdk.org (Postfix) with ESMTP id E294140E25 for ; Wed, 8 Sep 2021 14:33:36 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aRynYTnbGkIn+6n/haeQbsDTP4fU1vcfdNIRYCE5aIEbt1DRkRB0AVPO0K1u/bXUrXpwCyQAyXHw8JfQmtUXf9ebIf4/na49vmVDrGMecqzgVu3z9MgERAY3JfyJdVbBEV8ZSCctDTea4HZYAXrWf/Lxqgk9x8Dj9SJiUeiZuMJF/XeD4Kf0oqbNtSsjgJJray6mm/efTeW7ej+AbknDzv3Q/rML1PQMDjsw+K6CUdkK8se65nmPz00iK354Ld0IeSTDtgBf/2VZ/VDkw9+dKhhFH7l51TCLICHGrVTlpWv5aAoEGeaxsiXZw/OE47R1F0ASyZBLxmJgJ5ZNQCURRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=D2W6GQD8D70iuZII+KS4hoifN1UrBOFAJ4xnDQDdLqI=; b=JPf3M9cwSWH93fi8/1YHe2dvlm4QBZfNRRlVDbqlUd4JtLRyCmvq1yuUNkqJ5vCilZVyYXw45yZrAnwRRZHRjqvZNkSkHq7aqK6cHg795OIJdwWp9AduMVzkQYDVS6p7iLyDB2cczzMT0wEKnFq4cKKYv662Dl0lU/9WvOfvyIoPHmzktpZ8iMxuVsrZ/ZB+C2kz3/HEQE+aXCo8dl2k2cHBa5Z5nqe6cmotfUWKzLD+E+sMBLCwAiyZKclsrOZbmWX41/LrSRss5BhnY52ehSJekdwNSQXNHnHZlw7XSKF9XFX9ocBWCVBQDHFozWN2+HdtEZMO8VgtWxNQvCSQBw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=D2W6GQD8D70iuZII+KS4hoifN1UrBOFAJ4xnDQDdLqI=; b=DmJJHRE3c8V8sArbFysJto+L1iEp2Hiw5qDmqZtSUHa1xLjhAwEHn+1QCWsB0nej/+cXJfpyUAdOkMBVwZ51NUllv9a81PbfoVopicfTR7TxQWt8BvVf9hk97e4njsxKwvYSZeTVmvW8FYI2KeJSplKj5KrDK2EJdjpozqdgeJk= Received: from VI1PR04MB6960.eurprd04.prod.outlook.com (2603:10a6:803:12d::10) by VI1PR04MB6958.eurprd04.prod.outlook.com (2603:10a6:803:137::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.22; Wed, 8 Sep 2021 12:33:35 +0000 Received: from VI1PR04MB6960.eurprd04.prod.outlook.com ([fe80::d496:fcce:f667:7aa7]) by VI1PR04MB6960.eurprd04.prod.outlook.com ([fe80::d496:fcce:f667:7aa7%8]) with mapi id 15.20.4500.015; Wed, 8 Sep 2021 12:33:34 +0000 From: Gagandeep Singh To: Akhil Goyal , "dev@dpdk.org" CC: "thomas@monjalon.net" , Hemant Agrawal Thread-Topic: [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I Thread-Index: AQHXpKlIHk16gx69ekOaAUHrD5dpP6uaDQYAgAAEzdA= Date: Wed, 8 Sep 2021 12:33:34 +0000 Message-ID: References: <20210907085605.3010882-2-g.singh@nxp.com> <20210908120115.3548009-1-g.singh@nxp.com> <20210908120115.3548009-2-g.singh@nxp.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=nxp.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5d248378-09a7-4375-b6a0-08d972c4e024 x-ms-traffictypediagnostic: VI1PR04MB6958: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: iR3iaTl45IutTmAeqL3XcQBPhsyjZqpEmMTX975u7TMrFa4as4jFYTU2OTjhnv1Wg7D46LFHrIesEIIAoothV0QM078jWRUCzuoihygXO9JrGQZm+jr95J1nIsW9wPaHK0L+B3xwrYcYvTxqns16JnM4QMpEc1MMWA6fFn31r/VlvB7g38jGoNFecLUYHaTSyIyPAztSy/jk7URsPoUnFxzYbc71257Z8qbT6RIQO9Lo+uWAdxjkAZ2DiEj+36Da+ATedGFx9Vz1gjj37K8ptfhN3Y2a5jLAx/RFNON1pU9Dz8fmFG/XthvGaVThZrB/pmiisfGJ2xcZkLgcRo1pNoegSUHQPjL+59Hcilit4104VD3kl/u53tYzdZL1sdVwBfJ7sDBusKGNT2UMn1XyUCwp3zh6QisRf+no57PB3EhwluSHKNeOascP47JREQyiSxzJsby6gHgi5erP41wX75RHJOoMj1b1Z7navjKrINOd3hNSL0fdDssn7gDWk5X86jEoYlfzzuiW1W9L+NhzZydfEKrEdbQZiva4U7hZclrZLSJoC/1eChdgJd18T3cu+fscgEz3jHdaicjKX84Y2zuQ9fiH/+vDPWESGPak+iOwTyDvdFgeQ6b6BtpE1OilbPvsglBxLKsFy5LsDoMOc7uTgazGhzuMRNqQ6IqVssa8Q2pyI7YByphVggIlqO+qPHhTtSHF58Oc708mC9KUeA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR04MB6960.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(346002)(366004)(136003)(39860400002)(15650500001)(6506007)(33656002)(53546011)(86362001)(38100700002)(122000001)(26005)(71200400001)(478600001)(66476007)(2906002)(76116006)(8936002)(66946007)(38070700005)(54906003)(8676002)(9686003)(55016002)(316002)(83380400001)(66446008)(110136005)(66556008)(5660300002)(4326008)(64756008)(7696005)(186003)(52536014); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?hyyzbIe6OBVAIwo2IPiVEj282kx12FiVWzO3SMzFCuw58yxnG0+pxYcuwwYj?= =?us-ascii?Q?LxeUhDRjcUAg4ctshQg3bJR1s6zW+gFsIeX1IkJlhwBmOclpNYoQxO7AARJZ?= =?us-ascii?Q?jaKs5UAVvEkpsJjKJIzWNoiLSsm4b3+SFunD0DcNTz6vXqGUpLwTSrZCGl3l?= =?us-ascii?Q?Cg9D769FbuWy8s1GQCqvZxMb9ZstBldI3d4uZ9KE5Qdl/7P3NQ3CGFzzbx45?= =?us-ascii?Q?BJ1mcoQw0RPL44PIQ4kSOZlBHFMGkf4DwB4IpNkO3eBr4BVHxXWv46T8RQBW?= =?us-ascii?Q?zBDKR9bz2sq7x0bfO+eaOC4FocHXLjVHVyXlmgXCF8v4u3PVAghlFB+uEcAr?= =?us-ascii?Q?JneB0bNFUJHvF+UaxRM4EpxJpYO/2IKVOC+03cR43wiYieiD9dxakua2vc/h?= =?us-ascii?Q?PaNGx8TRwV5imwVbHVfdT4nr2ggqs5/W+caXqld3iVhztKSdLOekLV50oNKB?= =?us-ascii?Q?BRvU5e/CO+3Oa3nI2mDs0NViaTHT7EOXyye63EQNwyZa/liekcV4KLomsvdi?= =?us-ascii?Q?CavZX8ZNw5eIrhNgU6wzODNCCBEPg3LqFGkexQW2gdVcG3qpundbFEr4Puc7?= =?us-ascii?Q?e8fjMt6Lt/RE999Ds+jOdFuGiz1Yyad5yXw05MXWeN23xAz54jjH29ZHBXMR?= =?us-ascii?Q?Dnes9l41nkBEFWhjcK0d+gPhsEoicr8tRpmzfRANWq9Ujsn/8F6Wlr6mAxAC?= =?us-ascii?Q?Ncv6J3WrH9wMX+0bMhblaczEHnxBOrOFm89xafq+KhO6oln1pKbLL/X6S5Ra?= =?us-ascii?Q?cSSdsGxSB6zqtT6KQwDYcJJyKzhwdkuJT14+CZfYfsS172SdfHPk6hJ4vi3r?= =?us-ascii?Q?K+O0kL/rBbepoAByQFTUTpecS+5O9KI9BTocc1gCBJ6kn/s/uFbd/D+EdOkS?= =?us-ascii?Q?UWywzXxTbiB3OSX7j9W917e/6sfQFYX7bKL6y1OKOLOlZ2Qf71/teheuQN7D?= =?us-ascii?Q?PBA0EXhVuc1JQjNPn6pxbXt0yBugzPoS1dXK2beLacO0026NP+fVVcO6WGfS?= =?us-ascii?Q?Hozw3f/wMB7mlHvb7ZWP7prAqWzCzc0R0BcX9taPPcU1y0zFfU91Gn2spvTH?= =?us-ascii?Q?S79qGV0ES6qGLfaCsOtfkEGyWPO+rKRo8PHr9kMLotRyigyvz6bYQt72eKDx?= =?us-ascii?Q?5kXVRJz8a3G+j2h1/GxsFdSrtzlux2q/VqqfVkn7XnubNHA6A8a+yfotxwBj?= =?us-ascii?Q?DeM33Yi4EZwe4Nvqq2vRCf2Vc3PAZI2u6OcFr/ymt4iYHusOsNHLn8X1PV5Y?= =?us-ascii?Q?uJG3k1Jvltade5shreaglZfyEvRs9NU5BqgovNov+obJbU0VXXxRSkPOxPTp?= =?us-ascii?Q?LTQ=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB6960.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5d248378-09a7-4375-b6a0-08d972c4e024 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Sep 2021 12:33:34.7512 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: i4T07ev35jcsLJ1X4czXLVJbofa6QU0Xu41IPKteacfD7mA0Yj4xGGNPGa8jxrKZ X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR04MB6958 Subject: Re: [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: Akhil Goyal > Sent: Wednesday, September 8, 2021 5:45 PM > To: Gagandeep Singh ; dev@dpdk.org > Cc: thomas@monjalon.net; Hemant Agrawal > Subject: RE: [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I >=20 > > From: Hemant Agrawal > > > > This patch add support to handle PDCP short MAC-I domain > > along with standard control and data domains as it has to > > be treated as special case with PDCP protocol offload support. > > > > ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usuall= y > > when a RRC message is exchanged between UE and eNodeB it is integrity & > > ciphered protected. > > > > MAC-I =3D f(key, varShortMAC-I, count, bearer, direction). > > Here varShortMAC-I is prepared by using (current cellId, pci of source = cell > > and C-RNTI of old cell). Other parameters like count, bearer and > > direction set to all 1. > > > > Signed-off-by: Gagandeep Singh > > Signed-off-by: Hemant Agrawal > > --- > > app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++- > > doc/guides/prog_guide/rte_security.rst | 11 ++++++++- > > doc/guides/tools/cryptoperf.rst | 4 ++-- > > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++---------- >=20 > Why is the dpaa2_sec patch squashed in this patch? > I asked to have it as a separate patch in this series instead of the dpaa= _sec > series. Ok, I will send v4 with a separate patch for dpaa2_sec in this series. >=20 > > lib/security/rte_security.h | 1 + > > 5 files changed, 33 insertions(+), 16 deletions(-) > > > > diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-cr= ypto- > > perf/cperf_options_parsing.c > > index e84f56cfaa..0348972c85 100644 > > --- a/app/test-crypto-perf/cperf_options_parsing.c > > +++ b/app/test-crypto-perf/cperf_options_parsing.c > > @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const > > char *arg) > > > > const char *cperf_pdcp_domain_strs[] =3D { > > [RTE_SECURITY_PDCP_MODE_CONTROL] =3D "control", > > - [RTE_SECURITY_PDCP_MODE_DATA] =3D "data" > > + [RTE_SECURITY_PDCP_MODE_DATA] =3D "data", > > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] =3D "short_mac" > > }; > > > > static int > > @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, > > const char *arg) > > cperf_pdcp_domain_strs > > [RTE_SECURITY_PDCP_MODE_DATA], > > RTE_SECURITY_PDCP_MODE_DATA > > + }, > > + { > > + cperf_pdcp_domain_strs > > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC], > > + RTE_SECURITY_PDCP_MODE_SHORT_MAC > > } > > }; > > > > diff --git a/doc/guides/prog_guide/rte_security.rst > > b/doc/guides/prog_guide/rte_security.rst > > index f72bc8a78f..ad92c16868 100644 > > --- a/doc/guides/prog_guide/rte_security.rst > > +++ b/doc/guides/prog_guide/rte_security.rst > > @@ -1,5 +1,5 @@ > > .. SPDX-License-Identifier: BSD-3-Clause > > - Copyright 2017,2020 NXP > > + Copyright 2017,2020-2021 NXP > > > > > > > > @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol. > > }, > > .crypto_capabilities =3D pmd_capabilities > > }, > > + { /* PDCP Lookaside Protocol offload short MAC-I */ > > + .action =3D RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCO= L, > > + .protocol =3D RTE_SECURITY_PROTOCOL_PDCP, > > + .pdcp =3D { > > + .domain =3D RTE_SECURITY_PDCP_MODE_SHORT_MAC, > > + .capa_flags =3D 0 > > + }, > > + .crypto_capabilities =3D pmd_capabilities > > + }, > > { > > .action =3D RTE_SECURITY_ACTION_TYPE_NONE > > } > > diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptop= erf.rst > > index be3109054d..d3963f23e3 100644 > > --- a/doc/guides/tools/cryptoperf.rst > > +++ b/doc/guides/tools/cryptoperf.rst > > @@ -316,9 +316,9 @@ The following are the application command-line > > options: > > Set PDCP sequence number size(n) in bits. Valid values of n wi= ll > > be 5/7/12/15/18. > > > > -* ``--pdcp-domain `` > > +* ``--pdcp-domain `` > > > > - Set PDCP domain to specify Control/user plane. > > + Set PDCP domain to specify short_mac/control/user plane. > > > > * ``--docsis-hdr-sz `` > > > > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > index d6a101499a..b8d57c2b22 100644 > > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > > *dev, > > struct rte_security_pdcp_xform *pdcp_xform =3D &conf->pdcp; > > struct rte_crypto_sym_xform *xform =3D conf->crypto_xform; > > struct rte_crypto_auth_xform *auth_xform =3D NULL; > > - struct rte_crypto_cipher_xform *cipher_xform; > > + struct rte_crypto_cipher_xform *cipher_xform =3D NULL; > > dpaa2_sec_session *session =3D (dpaa2_sec_session *)sess; > > struct ctxt_priv *priv; > > struct dpaa2_sec_dev_private *dev_priv =3D dev->data->dev_private; > > @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct > > rte_cryptodev *dev, > > flc =3D &priv->flc_desc[0].flc; > > > > /* find xfrm types */ > > - if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER && xform- > > >next =3D=3D NULL) { > > - cipher_xform =3D &xform->cipher; > > - } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER && > > - xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { > > - session->ext_params.aead_ctxt.auth_cipher_text =3D true; > > + if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) { > > cipher_xform =3D &xform->cipher; > > - auth_xform =3D &xform->next->auth; > > - } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH && > > - xform->next->type =3D=3D RTE_CRYPTO_SYM_XFORM_CIPHER) { > > - session->ext_params.aead_ctxt.auth_cipher_text =3D false; > > - cipher_xform =3D &xform->next->cipher; > > + if (xform->next !=3D NULL) { > > + session->ext_params.aead_ctxt.auth_cipher_text =3D > > true; > > + auth_xform =3D &xform->next->auth; > > + } > > + } else if (xform->type =3D=3D RTE_CRYPTO_SYM_XFORM_AUTH) { > > auth_xform =3D &xform->auth; > > + if (xform->next !=3D NULL) { > > + session->ext_params.aead_ctxt.auth_cipher_text =3D > > false; > > + cipher_xform =3D &xform->next->cipher; > > + } > > } else { > > DPAA2_SEC_ERR("Invalid crypto type"); > > return -EINVAL; > > @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > > *dev, > > session->pdcp.hfn_threshold =3D pdcp_xform->hfn_threshold; > > session->pdcp.hfn_ovd =3D pdcp_xform->hfn_ovrd; > > /* hfv ovd offset location is stored in iv.offset value*/ > > - session->pdcp.hfn_ovd_offset =3D cipher_xform->iv.offset; > > + if (cipher_xform) > > + session->pdcp.hfn_ovd_offset =3D cipher_xform->iv.offset; > > > > cipherdata.key =3D (size_t)session->cipher_key.data; > > cipherdata.keylen =3D session->cipher_key.length; > > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h > > index 88d31de0a6..2e136d7929 100644 > > --- a/lib/security/rte_security.h > > +++ b/lib/security/rte_security.h > > @@ -233,6 +233,7 @@ struct rte_security_macsec_xform { > > enum rte_security_pdcp_domain { > > RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control > > plane */ > > RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */ > > + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac > > */ > > }; > > > > /** PDCP Frame direction */ > > -- > > 2.25.1