From patchwork Tue Sep 7 08:56:02 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gagandeep Singh X-Patchwork-Id: 507528 Delivered-To: patch@linaro.org Received: by 2002:a02:8629:0:0:0:0:0 with SMTP id e38csp4038291jai; Tue, 7 Sep 2021 01:56:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzgufs89BqQi/6DMiywz2tuh4KHgts66V7tjrfnPogetnqClag0wQswag/GNbpei1wlG3SB X-Received: by 2002:a17:906:d057:: with SMTP id bo23mr17837761ejb.208.1631005002498; Tue, 07 Sep 2021 01:56:42 -0700 (PDT) Return-Path: Received: from mails.dpdk.org (mails.dpdk.org. [217.70.189.124]) by mx.google.com with ESMTP id e26si10787960ejl.88.2021.09.07.01.56.42; Tue, 07 Sep 2021 01:56:42 -0700 (PDT) Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) client-ip=217.70.189.124; Authentication-Results: mx.google.com; dkim=fail header.i=@nxp.com header.s=selector2 header.b=jJZoizwJ; arc=fail (signature failed); spf=pass (google.com: domain of dev-bounces@dpdk.org designates 217.70.189.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id F28D04113F; Tue, 7 Sep 2021 10:56:32 +0200 (CEST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150053.outbound.protection.outlook.com [40.107.15.53]) by mails.dpdk.org (Postfix) with ESMTP id C78D441137 for ; Tue, 7 Sep 2021 10:56:31 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iSt3cFXzjzWYZlqs2XNKXmBKfVgJ8eg3MpLxlWXUK1bv1chDbPtbEQPf6ZmLP71aut8sJ0QzoD1NsV93eIOQILQP8a9E4kz+6XI51g7KOZQPUptYM9J/BiUrQt6/WWwil55QaAcPyFkxjMhIE5FCER9X4e5bPh5YhRZHhDY8JF2Rz3TIyYaDOIt+fu8XOKOwcjGQZTk16fM6D8jx8SlxtlL9lnoCYUNR2c2iJbs23qgLHZ3evBahC48T+UMd8STViIeJipbp4je6g9Fmw3J9nOBb2y1ZgGYBpg1Q5VaJs5y3Il2UqzCVp8E1YfQhp++5L7Gk5q5vZ+UpgVH81T11kQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=L9uLLzFO01yg0QykHKRGZM5mbXXa8fWquHYn8P2K998=; b=fc4xZHRQrijhbvMmzHMJuWHqEAYsJza66P87F4eGn2QWpTyRWcUi/C1qW/dwNsuFGDTIxGswYEkzYu2lcf4lM+Y+mQSYePCVg2PLZoiXnI02eAcHLxz0fgPHUoCpZ+X2S1mV5rtKN89/KTxFv0dI7YjvhK1AL7BItjSu0aQRlIiejoSCPlUbP5HlHap3CeRF+GC8hIgk4qdjN35nILFmRw9iu07ToiCd2G1MmdRX/CndkvCaJ2WXGEpkb62POXQii4ip5i1VlBwdv5hLZrWLlu2+HvtSQ+CFkwrDsfDecA3r9JRgW6Z2dBO07XeymYNH05CQUp1Sg5DvzA8IMQlHow== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=L9uLLzFO01yg0QykHKRGZM5mbXXa8fWquHYn8P2K998=; b=jJZoizwJsuZaVJk0b4ZdbGqhUSCxuBMGfoLszbZMsWXkzd0WCr1PSrKzA5YrEV7BKzOaKJ6OWq+w+5dHo9vYRD9+3aIvG5pgDDfBz3Wah1aaPj4G6SNcfEZDT3E+smltaKJCpSO1UCWmqxT1uatc93XjSb8k1pvN2OETKMlo1E0= Authentication-Results: marvell.com; dkim=none (message not signed) header.d=none; marvell.com; dmarc=none action=none header.from=nxp.com; Received: from VI1PR04MB6960.eurprd04.prod.outlook.com (2603:10a6:803:12d::10) by VE1PR04MB7262.eurprd04.prod.outlook.com (2603:10a6:800:1ab::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.21; Tue, 7 Sep 2021 08:56:30 +0000 Received: from VI1PR04MB6960.eurprd04.prod.outlook.com ([fe80::d496:fcce:f667:7aa7]) by VI1PR04MB6960.eurprd04.prod.outlook.com ([fe80::d496:fcce:f667:7aa7%7]) with mapi id 15.20.4478.025; Tue, 7 Sep 2021 08:56:30 +0000 From: Gagandeep Singh To: gakhil@marvell.com, dev@dpdk.org Cc: thomas@monjalon.net, Hemant Agrawal , Gagandeep Singh Date: Tue, 7 Sep 2021 14:26:02 +0530 Message-Id: <20210907085605.3010882-3-g.singh@nxp.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20210907085605.3010882-1-g.singh@nxp.com> References: <20210826112315.1375237-1-g.singh@nxp.com> <20210907085605.3010882-1-g.singh@nxp.com> X-ClientProxiedBy: SG2PR04CA0133.apcprd04.prod.outlook.com (2603:1096:3:16::17) To VI1PR04MB6960.eurprd04.prod.outlook.com (2603:10a6:803:12d::10) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from lsv03457.swis.in-blr01.nxp.com (14.142.151.118) by SG2PR04CA0133.apcprd04.prod.outlook.com (2603:1096:3:16::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4478.19 via Frontend Transport; Tue, 7 Sep 2021 08:56:28 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e8b5176e-a184-4597-0cbe-08d971dd623c X-MS-TrafficTypeDiagnostic: VE1PR04MB7262: X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:7691; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /+aH/eFLummlryAH1ARHmQalubEtv+SObx8FOVXCpz2NduQvAqa08bSz9Ts0Eb3xRBanuVo4NkpmiMFxHlQjrtubtY92oh7kbLaCfb3dEHo0LMs/BOPjqSMiR9J0+zx0sVdf7ENG5d9uWCATZHU+8UGBSt+sB9+xM5UZoSUTft1T17ZbvkNPxll1LdUxtCEZFkIGWcGZpd6OkXbJVVCS1+Jur8rpm/KHwaN8lq5ubxYzxWDWx1PPAkSZqnZdQG0V4gmnLya0MG0l2Th6dgQU7JP51pSCnLBA2DUXO94Y5IY9Y3ULb+KSdYBQI1pD8Tt51RhMkEFWPV6TtfN+d9YSciwoVsEC3pB1BvwbJ3aZ5FkpoBiqwwpXk+yDsqE4lkOKWegNv4XxdghlYhgAkVeyQAyz72BdwTQjl+po5JQmTXOwBNLkBl4zo/FEsW4mMiT4MTZXGzhSl1bTvY9t3YraLLeVRhNplrinr0G4ieqGbGmxvfMbdN7Hp8rF4+aORu0NEXT97JVUIrrnWwgykxaJIJhAPf1+RzzqWgJx5NLgOG+0D4UCOsZYLFUMB/9Es5U7Df9894yNKrMU7ZowFjFaPg3PZMX3jnADdwwPwH9YxiUEwTfFdwNE3HmsCU+hoOSitrTwJgPA1ZVNEaotJLmLhHWatkxdZicAcHieQRQWo9fZQYKH3MgGE3WB9oIWifeamdmOVz1cwP55NMvIOLU+gWGAnwNozkwjLlOoMIuFJBk= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR04MB6960.eurprd04.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(39860400002)(136003)(376002)(396003)(1076003)(1006002)(36756003)(55236004)(66556008)(66476007)(4326008)(38100700002)(6666004)(8676002)(52116002)(7696005)(8936002)(66946007)(38350700002)(54906003)(5660300002)(478600001)(26005)(956004)(2616005)(6486002)(316002)(83380400001)(86362001)(2906002)(15650500001)(186003)(110426009); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: WKSOJP1h6n1E2d4DzqfPXi9+VFqHntwQu7Uix7HBpXjaXORwFLBuXD6bTJuVBirav1xjeJ49ELCcf97UXi2QMq/sCu9flESIF6z/2QB6x+rFg64LP4CaUax413h8wNabyzQYr9eeVDBOgi125Wbd1LlY9xPJoYVtZcvXlYmmPElSem/uO3zG3WrB7cV9P41qIPgEvQNVA551Wt22bR60xoGKMfjXAuxB5Q2G284lusSpAkg4221zJCbXnBgc+en1iCOdRDe1cc2gw9NaIWuHlIo+mfbYf9r/PalC64nIkN97hZscFRWgmmI6XiNRx8MaC/bEtJKO9+8rXFemQR4dbSO2QrLpToq446wCIiZj090nOYwQWCDuk82FsbBu6kXmx+DlkGoDXzA+O3zFvQJD69koglcf6ot4Jok3EP1qMm72CLGIN808Ett0F3Y2xR8BF8OL1oTvbyNkz7lAsLivPf2MQ8aBPx5l0Ov/1oHJlCuk1i3UUs+/qjSbnyC9SnlU2RAHumoHbweForfWp2oGpW87wsnmWbIS29zvrd0xbiqgGgVL1yBedcPUBBf+9tz8khy/Nb3NP03Lz8iS80u7UhdP0DN/b3B61dXHag+FXpvJMqjm44LX0L60OLWoNa40cB3PgnA8tz5MPiuQYx00TNdLYeoA8M73ldbAYwjuecXDjiThvP7GhsdjjQMxx8VLD2bGqF3GFx/z6vhMBMPA706yea4WjkLl/m5Rz1mHHYk1eb5EQZxDifREcXKCWM6DpibcOaqbd6gVwqsH4atuRWsbHMWckrGqrfShsfwj1gEqFeEru3kkMtwJ9y8w7AbxTbkLwsbJkzfTV7VLYnxvBQ4DWZLeKBlQZd2O7o+Pi2lSRKCB2tCrZreaW3PimFfL33KGyRrfD4fPjKByj8TyKIwruLawV/SpbXJO+q0TMOy7UPUh6cM71dgGB4foln5RR0YIvzZuSHiM2ICULZ6pMATSKKIgidhqG7eDHkUsH0CI1uWdGp7W+8E+97dBLh0evFw7lq0F8/PHr2970CWCpv6tFldcJwJOmmOknyiQ4bf8f8BVgMyUK/3TlCeda/HwOrc/Nm6RcLDKbS7OATe80haomYWcnhTELPE4xXkTG3or8UMloAn3tKnY/66thi+VeMFIHC+dze5Gp2ooOxscjsZb52miG2ne94neESotK4JWvZzIPU7yGfWM+PPvCHoL4hVCK2FAuaGdfHoRM3zuWVgBN7EVvKwSMhsl2I+qyXbfJ5QAZrSfPxOL3DZRYI6o8Ox95omF0lnT71L0SRhvQ5yygAlqxnVhsz/YL8JeDYxaANF1dGt0HiFp29S6POMF X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: e8b5176e-a184-4597-0cbe-08d971dd623c X-MS-Exchange-CrossTenant-AuthSource: VI1PR04MB6960.eurprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 07 Sep 2021 08:56:30.4248 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: I2HCCj/0OnrwqU/U+h8wltuGL5M70GLYIJhbEhrWjNj5QTZgCr2JytzgTVXlMb+S X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB7262 Subject: [dpdk-dev] [PATCH v2 2/5] security: support PDCP short MAC-I X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Hemant Agrawal This patch add support to handle PDCP short MAC-I domain along with standard control and data domains as it has to be treated as special case with PDCP protocol offload support. ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually when a RRC message is exchanged between UE and eNodeB it is integrity & ciphered protected. MAC-I = f(key, varShortMAC-I, count, bearer, direction). Here varShortMAC-I is prepared by using (current cellId, pci of source cell and C-RNTI of old cell). Other parameters like count, bearer and direction set to all 1. Signed-off-by: Gagandeep Singh Signed-off-by: Hemant Agrawal --- app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++- doc/guides/prog_guide/rte_security.rst | 11 ++++++++- doc/guides/tools/cryptoperf.rst | 4 ++-- drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++---------- lib/security/rte_security.h | 1 + 5 files changed, 33 insertions(+), 16 deletions(-) -- 2.25.1 diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index e84f56cfaa..0348972c85 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg) const char *cperf_pdcp_domain_strs[] = { [RTE_SECURITY_PDCP_MODE_CONTROL] = "control", - [RTE_SECURITY_PDCP_MODE_DATA] = "data" + [RTE_SECURITY_PDCP_MODE_DATA] = "data", + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac" }; static int @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg) cperf_pdcp_domain_strs [RTE_SECURITY_PDCP_MODE_DATA], RTE_SECURITY_PDCP_MODE_DATA + }, + { + cperf_pdcp_domain_strs + [RTE_SECURITY_PDCP_MODE_SHORT_MAC], + RTE_SECURITY_PDCP_MODE_SHORT_MAC } }; diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst index f72bc8a78f..ad92c16868 100644 --- a/doc/guides/prog_guide/rte_security.rst +++ b/doc/guides/prog_guide/rte_security.rst @@ -1,5 +1,5 @@ .. SPDX-License-Identifier: BSD-3-Clause - Copyright 2017,2020 NXP + Copyright 2017,2020-2021 NXP @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol. }, .crypto_capabilities = pmd_capabilities }, + { /* PDCP Lookaside Protocol offload short MAC-I */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + .pdcp = { + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, + .capa_flags = 0 + }, + .crypto_capabilities = pmd_capabilities + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index be3109054d..d3963f23e3 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -316,9 +316,9 @@ The following are the application command-line options: Set PDCP sequence number size(n) in bits. Valid values of n will be 5/7/12/15/18. -* ``--pdcp-domain `` +* ``--pdcp-domain `` - Set PDCP domain to specify Control/user plane. + Set PDCP domain to specify short_mac/control/user plane. * ``--docsis-hdr-sz `` diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index 1ccead3641..4438486a8b 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -3102,7 +3102,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp; struct rte_crypto_sym_xform *xform = conf->crypto_xform; struct rte_crypto_auth_xform *auth_xform = NULL; - struct rte_crypto_cipher_xform *cipher_xform; + struct rte_crypto_cipher_xform *cipher_xform = NULL; dpaa2_sec_session *session = (dpaa2_sec_session *)sess; struct ctxt_priv *priv; struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private; @@ -3134,18 +3134,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, flc = &priv->flc_desc[0].flc; /* find xfrm types */ - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) { - cipher_xform = &xform->cipher; - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { - session->ext_params.aead_ctxt.auth_cipher_text = true; + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { cipher_xform = &xform->cipher; - auth_xform = &xform->next->auth; - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { - session->ext_params.aead_ctxt.auth_cipher_text = false; - cipher_xform = &xform->next->cipher; + if (xform->next != NULL) { + session->ext_params.aead_ctxt.auth_cipher_text = true; + auth_xform = &xform->next->auth; + } + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { auth_xform = &xform->auth; + if (xform->next != NULL) { + session->ext_params.aead_ctxt.auth_cipher_text = false; + cipher_xform = &xform->next->cipher; + } } else { DPAA2_SEC_ERR("Invalid crypto type"); return -EINVAL; @@ -3184,7 +3184,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold; session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd; /* hfv ovd offset location is stored in iv.offset value*/ - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; + if (cipher_xform) + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; cipherdata.key = (size_t)session->cipher_key.data; cipherdata.keylen = session->cipher_key.length; diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 88d31de0a6..2e136d7929 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -233,6 +233,7 @@ struct rte_security_macsec_xform { enum rte_security_pdcp_domain { RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */ RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */ + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac */ }; /** PDCP Frame direction */