[dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I

Akhil Goyal gakhil at marvell.com
Wed Sep 8 14:15:12 CEST 2021
Previous message (by thread): [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I
Next message (by thread): [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> From: Hemant Agrawal <hemant.agrawal at nxp.com>
> 
> This patch add support to handle PDCP short MAC-I domain
> along with standard control and data domains as it has to
> be treated as special case with PDCP protocol offload support.
> 
> ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> when a RRC message is exchanged between UE and eNodeB it is integrity &
> ciphered protected.
> 
> MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> and C-RNTI of old cell). Other parameters like count, bearer and
> direction set to all 1.
> 
> Signed-off-by: Gagandeep Singh <g.singh at nxp.com>
> Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
> ---
>  app/test-crypto-perf/cperf_options_parsing.c |  8 ++++++-
>  doc/guides/prog_guide/rte_security.rst       | 11 ++++++++-
>  doc/guides/tools/cryptoperf.rst              |  4 ++--
>  drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c  | 25 ++++++++++----------

Why is the dpaa2_sec patch squashed in this patch?
I asked to have it as a separate patch in this series instead of the dpaa_sec series.

>  lib/security/rte_security.h                  |  1 +
>  5 files changed, 33 insertions(+), 16 deletions(-)
> 
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index e84f56cfaa..0348972c85 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> char *arg)
> 
>  const char *cperf_pdcp_domain_strs[] = {
>  	[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> -	[RTE_SECURITY_PDCP_MODE_DATA] = "data"
> +	[RTE_SECURITY_PDCP_MODE_DATA] = "data",
> +	[RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
>  };
> 
>  static int
> @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> const char *arg)
>  			cperf_pdcp_domain_strs
>  			[RTE_SECURITY_PDCP_MODE_DATA],
>  			RTE_SECURITY_PDCP_MODE_DATA
> +		},
> +		{
> +			cperf_pdcp_domain_strs
> +			[RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> +			RTE_SECURITY_PDCP_MODE_SHORT_MAC
>  		}
>  	};
> 
> diff --git a/doc/guides/prog_guide/rte_security.rst
> b/doc/guides/prog_guide/rte_security.rst
> index f72bc8a78f..ad92c16868 100644
> --- a/doc/guides/prog_guide/rte_security.rst
> +++ b/doc/guides/prog_guide/rte_security.rst
> @@ -1,5 +1,5 @@
>  ..  SPDX-License-Identifier: BSD-3-Clause
> -    Copyright 2017,2020 NXP
> +    Copyright 2017,2020-2021 NXP
> 
> 
> 
> @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
>                  },
>                  .crypto_capabilities = pmd_capabilities
>          },
> +	{ /* PDCP Lookaside Protocol offload short MAC-I */
> +                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> +                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> +                .pdcp = {
> +                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> +                        .capa_flags = 0
> +                },
> +                .crypto_capabilities = pmd_capabilities
> +        },
>          {
>                  .action = RTE_SECURITY_ACTION_TYPE_NONE
>          }
> diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> index be3109054d..d3963f23e3 100644
> --- a/doc/guides/tools/cryptoperf.rst
> +++ b/doc/guides/tools/cryptoperf.rst
> @@ -316,9 +316,9 @@ The following are the application command-line
> options:
>          Set PDCP sequence number size(n) in bits. Valid values of n will
>          be 5/7/12/15/18.
> 
> -* ``--pdcp-domain <control/user>``
> +* ``--pdcp-domain <control/user/short_mac>``
> 
> -        Set PDCP domain to specify Control/user plane.
> +        Set PDCP domain to specify short_mac/control/user plane.
> 
>  * ``--docsis-hdr-sz <n>``
> 
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index d6a101499a..b8d57c2b22 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
>  	struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
>  	struct rte_crypto_sym_xform *xform = conf->crypto_xform;
>  	struct rte_crypto_auth_xform *auth_xform = NULL;
> -	struct rte_crypto_cipher_xform *cipher_xform;
> +	struct rte_crypto_cipher_xform *cipher_xform = NULL;
>  	dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
>  	struct ctxt_priv *priv;
>  	struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
> @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct
> rte_cryptodev *dev,
>  	flc = &priv->flc_desc[0].flc;
> 
>  	/* find xfrm types */
> -	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
> >next == NULL) {
> -		cipher_xform = &xform->cipher;
> -	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> -		   xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> -		session->ext_params.aead_ctxt.auth_cipher_text = true;
> +	if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
>  		cipher_xform = &xform->cipher;
> -		auth_xform = &xform->next->auth;
> -	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> -		   xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> -		session->ext_params.aead_ctxt.auth_cipher_text = false;
> -		cipher_xform = &xform->next->cipher;
> +		if (xform->next != NULL) {
> +			session->ext_params.aead_ctxt.auth_cipher_text =
> true;
> +			auth_xform = &xform->next->auth;
> +		}
> +	} else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
>  		auth_xform = &xform->auth;
> +		if (xform->next != NULL) {
> +			session->ext_params.aead_ctxt.auth_cipher_text =
> false;
> +			cipher_xform = &xform->next->cipher;
> +		}
>  	} else {
>  		DPAA2_SEC_ERR("Invalid crypto type");
>  		return -EINVAL;
> @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
>  	session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
>  	session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
>  	/* hfv ovd offset location is stored in iv.offset value*/
> -	session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> +	if (cipher_xform)
> +		session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> 
>  	cipherdata.key = (size_t)session->cipher_key.data;
>  	cipherdata.keylen = session->cipher_key.length;
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de0a6..2e136d7929 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
>  enum rte_security_pdcp_domain {
>  	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control
> plane */
>  	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
> +	RTE_SECURITY_PDCP_MODE_SHORT_MAC,	/**< PDCP short mac
> */
>  };
> 
>  /** PDCP Frame direction */
> --
> 2.25.1
Previous message (by thread): [dpdk-dev] [PATCH v3 1/4] security: support PDCP short MAC-I
Next message (by thread): [dpdk-dev] [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the dev mailing list