Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 127336,
    "url": "http://patches.dpdk.org/api/patches/127336/?format=api",
    "web_url": "http://patches.dpdk.org/project/dpdk/patch/20230524160116.304-6-anoobj@marvell.com/",
    "project": {
        "id": 1,
        "url": "http://patches.dpdk.org/api/projects/1/?format=api",
        "name": "DPDK",
        "link_name": "dpdk",
        "list_id": "dev.dpdk.org",
        "list_email": "dev@dpdk.org",
        "web_url": "http://core.dpdk.org",
        "scm_url": "git://dpdk.org/dpdk",
        "webscm_url": "http://git.dpdk.org/dpdk",
        "list_archive_url": "https://inbox.dpdk.org/dev",
        "list_archive_url_format": "https://inbox.dpdk.org/dev/{}",
        "commit_url_format": ""
    },
    "msgid": "<20230524160116.304-6-anoobj@marvell.com>",
    "list_archive_url": "https://inbox.dpdk.org/dev/20230524160116.304-6-anoobj@marvell.com",
    "date": "2023-05-24T16:00:59",
    "name": "[v3,05/22] pdcp: add crypto session create and destroy",
    "commit_ref": null,
    "pull_url": null,
    "state": "superseded",
    "archived": true,
    "hash": "2360f856fe7e94ed4e5dd8bf445588e6258b88e6",
    "submitter": {
        "id": 1205,
        "url": "http://patches.dpdk.org/api/people/1205/?format=api",
        "name": "Anoob Joseph",
        "email": "anoobj@marvell.com"
    },
    "delegate": {
        "id": 6690,
        "url": "http://patches.dpdk.org/api/users/6690/?format=api",
        "username": "akhil",
        "first_name": "akhil",
        "last_name": "goyal",
        "email": "gakhil@marvell.com"
    },
    "mbox": "http://patches.dpdk.org/project/dpdk/patch/20230524160116.304-6-anoobj@marvell.com/mbox/",
    "series": [
        {
            "id": 28158,
            "url": "http://patches.dpdk.org/api/series/28158/?format=api",
            "web_url": "http://patches.dpdk.org/project/dpdk/list/?series=28158",
            "date": "2023-05-24T16:00:54",
            "name": "lib: add pdcp protocol",
            "version": 3,
            "mbox": "http://patches.dpdk.org/series/28158/mbox/"
        }
    ],
    "comments": "http://patches.dpdk.org/api/patches/127336/comments/",
    "check": "warning",
    "checks": "http://patches.dpdk.org/api/patches/127336/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<dev-bounces@dpdk.org>",
        "X-Original-To": "patchwork@inbox.dpdk.org",
        "Delivered-To": "patchwork@inbox.dpdk.org",
        "Received": [
            "from mails.dpdk.org (mails.dpdk.org [217.70.189.124])\n\tby inbox.dpdk.org (Postfix) with ESMTP id 41E3542B8F;\n\tWed, 24 May 2023 18:02:11 +0200 (CEST)",
            "from mails.dpdk.org (localhost [127.0.0.1])\n\tby mails.dpdk.org (Postfix) with ESMTP id 013EC42D46;\n\tWed, 24 May 2023 18:01:52 +0200 (CEST)",
            "from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com\n [67.231.148.174])\n by mails.dpdk.org (Postfix) with ESMTP id 5B74742D46\n for <dev@dpdk.org>; Wed, 24 May 2023 18:01:50 +0200 (CEST)",
            "from pps.filterd (m0045849.ppops.net [127.0.0.1])\n by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id\n 34OErTLo025156; Wed, 24 May 2023 09:01:48 -0700",
            "from dc5-exch02.marvell.com ([199.233.59.182])\n by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3qsbxetjrm-1\n (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);\n Wed, 24 May 2023 09:01:48 -0700",
            "from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.48;\n Wed, 24 May 2023 09:01:46 -0700",
            "from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com\n (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.48 via Frontend\n Transport; Wed, 24 May 2023 09:01:46 -0700",
            "from BG-LT92004.corp.innovium.com (unknown [10.28.161.183])\n by maili.marvell.com (Postfix) with ESMTP id C9AFD3F70B3;\n Wed, 24 May 2023 09:01:42 -0700 (PDT)"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;\n h=from : to : cc :\n subject : date : message-id : in-reply-to : references : mime-version :\n content-transfer-encoding : content-type; s=pfpt0220;\n bh=b/c8UDH4nj4B/uUJG3WURUSquYxmw3rLpnVImgK2pXM=;\n b=g6eXVwdTjVQtPfVpz8wtZTpY188SsB4HQNhCJ/qH4f12TCvbhGOHnpsxgCRb1G9LpeV7\n z9f0IU23MYN7JErfBcVphHMnaTDez8YxoeUM6qiH7Z2W/EtspcetM/gZNuGzQaXdipSC\n GwcIt1hDPzTYm4jF2tgyvZ/pTbrYgBd0mUu4OLRQZ6rrU75cbyU/WAoEs0GTDArC2UWq\n CZ56T37cM0o5ANoZmx0YGsNSdpM797xhan31q8b53yussM2kaGyaBB8cVYZ1qEyVoeCS\n pzsfvVZi79jCzKaltTZasJzsHFqs5I6nwr9Oz5zlRRa5+Ax8sGv6ttgg22uiPvv16w4h Ww==",
        "From": "Anoob Joseph <anoobj@marvell.com>",
        "To": "Thomas Monjalon <thomas@monjalon.net>, Akhil Goyal <gakhil@marvell.com>,\n Jerin Jacob <jerinj@marvell.com>, Konstantin Ananyev\n <konstantin.v.ananyev@yandex.ru>, Bernard Iremonger\n <bernard.iremonger@intel.com>",
        "CC": "Hemant Agrawal <hemant.agrawal@nxp.com>,\n =?utf-8?q?Mattias_R=C3=B6nnblom?= <mattias.ronnblom@ericsson.com>,\n \"Kiran Kumar K\" <kirankumark@marvell.com>,\n Volodymyr Fialko <vfialko@marvell.com>, <dev@dpdk.org>,\n Olivier Matz <olivier.matz@6wind.com>",
        "Subject": "[PATCH v3 05/22] pdcp: add crypto session create and destroy",
        "Date": "Wed, 24 May 2023 21:30:59 +0530",
        "Message-ID": "<20230524160116.304-6-anoobj@marvell.com>",
        "X-Mailer": "git-send-email 2.25.1",
        "In-Reply-To": "<20230524160116.304-1-anoobj@marvell.com>",
        "References": "<20230414174512.642-1-anoobj@marvell.com>\n <20230524160116.304-1-anoobj@marvell.com>",
        "MIME-Version": "1.0",
        "Content-Transfer-Encoding": "8bit",
        "Content-Type": "text/plain",
        "X-Proofpoint-ORIG-GUID": "aBaaUNTqBdvrG2a4rV2MEYQtbhCenGjV",
        "X-Proofpoint-GUID": "aBaaUNTqBdvrG2a4rV2MEYQtbhCenGjV",
        "X-Proofpoint-Virus-Version": "vendor=baseguard\n engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.573,FMLib:17.11.176.26\n definitions=2023-05-24_11,2023-05-24_01,2023-05-22_02",
        "X-BeenThere": "dev@dpdk.org",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "DPDK patches and discussions <dev.dpdk.org>",
        "List-Unsubscribe": "<https://mails.dpdk.org/options/dev>,\n <mailto:dev-request@dpdk.org?subject=unsubscribe>",
        "List-Archive": "<http://mails.dpdk.org/archives/dev/>",
        "List-Post": "<mailto:dev@dpdk.org>",
        "List-Help": "<mailto:dev-request@dpdk.org?subject=help>",
        "List-Subscribe": "<https://mails.dpdk.org/listinfo/dev>,\n <mailto:dev-request@dpdk.org?subject=subscribe>",
        "Errors-To": "dev-bounces@dpdk.org"
    },
    "content": "Add routines to create & destroy sessions. PDCP lib would take\ncrypto transforms as input and creates the session on the corresponding\ndevice after verifying capabilities.\n\nSigned-off-by: Anoob Joseph <anoobj@marvell.com>\nSigned-off-by: Volodymyr Fialko <vfialko@marvell.com>\nAcked-by: Akhil Goyal <gakhil@marvell.com>\n---\n lib/pdcp/pdcp_crypto.c | 223 ++++++++++++++++++++++++++++++++++++++++-\n lib/pdcp/pdcp_crypto.h |   5 +\n 2 files changed, 225 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/lib/pdcp/pdcp_crypto.c b/lib/pdcp/pdcp_crypto.c\nindex 755e27ec9e..17feef43df 100644\n--- a/lib/pdcp/pdcp_crypto.c\n+++ b/lib/pdcp/pdcp_crypto.c\n@@ -2,20 +2,237 @@\n  * Copyright(C) 2023 Marvell.\n  */\n \n+#include <rte_crypto.h>\n+#include <rte_crypto_sym.h>\n+#include <rte_cryptodev.h>\n+#include <rte_errno.h>\n #include <rte_pdcp.h>\n+#include <rte_pdcp_hdr.h>\n \n #include \"pdcp_crypto.h\"\n+#include \"pdcp_entity.h\"\n+\n+static int\n+pdcp_crypto_caps_cipher_verify(uint8_t dev_id, const struct rte_crypto_sym_xform *c_xfrm)\n+{\n+\tconst struct rte_cryptodev_symmetric_capability *cap;\n+\tstruct rte_cryptodev_sym_capability_idx cap_idx;\n+\tint ret;\n+\n+\tcap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER;\n+\tcap_idx.algo.cipher = c_xfrm->cipher.algo;\n+\n+\tcap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);\n+\tif (cap == NULL)\n+\t\treturn -1;\n+\n+\tret = rte_cryptodev_sym_capability_check_cipher(cap, c_xfrm->cipher.key.length,\n+\t\t\t\t\t\t\tc_xfrm->cipher.iv.length);\n+\n+\treturn ret;\n+}\n+\n+static int\n+pdcp_crypto_caps_auth_verify(uint8_t dev_id, const struct rte_crypto_sym_xform *a_xfrm)\n+{\n+\tconst struct rte_cryptodev_symmetric_capability *cap;\n+\tstruct rte_cryptodev_sym_capability_idx cap_idx;\n+\tint ret;\n+\n+\tcap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH;\n+\tcap_idx.algo.auth = a_xfrm->auth.algo;\n+\n+\tcap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx);\n+\tif (cap == NULL)\n+\t\treturn -1;\n+\n+\tret = rte_cryptodev_sym_capability_check_auth(cap, a_xfrm->auth.key.length,\n+\t\t\t\t\t\t      a_xfrm->auth.digest_length,\n+\t\t\t\t\t\t      a_xfrm->auth.iv.length);\n+\n+\treturn ret;\n+}\n+\n+static int\n+pdcp_crypto_xfrm_validate(const struct rte_pdcp_entity_conf *conf,\n+\t\t\t\t const struct rte_crypto_sym_xform *c_xfrm,\n+\t\t\t\t const struct rte_crypto_sym_xform *a_xfrm,\n+\t\t\t\t bool is_auth_then_cipher)\n+{\n+\tuint16_t ciph_iv_len, auth_digest_len, auth_iv_len;\n+\tint ret;\n+\n+\t/*\n+\t * Uplink means PDCP entity is configured for transmit. Downlink means PDCP entity is\n+\t * configured for receive. When integrity protection is enabled, PDCP always performs\n+\t * digest-encrypted or auth-gen-encrypt for uplink (and decrypt-auth-verify for downlink).\n+\t * So for uplink, crypto chain would be auth-cipher while for downlink it would be\n+\t * cipher-auth.\n+\t *\n+\t * When integrity protection is not required, xform would be cipher only.\n+\t */\n+\n+\tif (c_xfrm == NULL)\n+\t\treturn -EINVAL;\n+\n+\tif (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) {\n+\n+\t\t/* With UPLINK, if auth is enabled, it should be before cipher */\n+\t\tif (a_xfrm != NULL && !is_auth_then_cipher)\n+\t\t\treturn -EINVAL;\n+\n+\t\t/* With UPLINK, cipher operation must be encrypt */\n+\t\tif (c_xfrm->cipher.op != RTE_CRYPTO_CIPHER_OP_ENCRYPT)\n+\t\t\treturn -EINVAL;\n+\n+\t\t/* With UPLINK, auth operation (if present) must be generate */\n+\t\tif (a_xfrm != NULL && a_xfrm->auth.op != RTE_CRYPTO_AUTH_OP_GENERATE)\n+\t\t\treturn -EINVAL;\n+\n+\t} else if (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) {\n+\n+\t\t/* With DOWNLINK, if auth is enabled, it should be after cipher */\n+\t\tif (a_xfrm != NULL && is_auth_then_cipher)\n+\t\t\treturn -EINVAL;\n+\n+\t\t/* With DOWNLINK, cipher operation must be decrypt */\n+\t\tif (c_xfrm->cipher.op != RTE_CRYPTO_CIPHER_OP_DECRYPT)\n+\t\t\treturn -EINVAL;\n+\n+\t\t/* With DOWNLINK, auth operation (if present) must be verify */\n+\t\tif (a_xfrm != NULL && a_xfrm->auth.op != RTE_CRYPTO_AUTH_OP_VERIFY)\n+\t\t\treturn -EINVAL;\n+\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tif ((c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_NULL) &&\n+\t    (c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_AES_CTR) &&\n+\t    (c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_ZUC_EEA3) &&\n+\t    (c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2))\n+\t\treturn -EINVAL;\n+\n+\tif (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL)\n+\t\tciph_iv_len = 0;\n+\telse\n+\t\tciph_iv_len = PDCP_IV_LEN;\n+\n+\tif (ciph_iv_len != c_xfrm->cipher.iv.length)\n+\t\treturn -EINVAL;\n+\n+\tif (a_xfrm != NULL) {\n+\t\tif ((a_xfrm->auth.algo != RTE_CRYPTO_AUTH_NULL) &&\n+\t\t    (a_xfrm->auth.algo != RTE_CRYPTO_AUTH_AES_CMAC) &&\n+\t\t    (a_xfrm->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3) &&\n+\t\t    (a_xfrm->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2))\n+\t\t\treturn -EINVAL;\n+\n+\t\t/* For AUTH NULL, lib PDCP would add 4 byte 0s */\n+\t\tif (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL)\n+\t\t\tauth_digest_len = 0;\n+\t\telse\n+\t\t\tauth_digest_len = RTE_PDCP_MAC_I_LEN;\n+\n+\t\tif (auth_digest_len != a_xfrm->auth.digest_length)\n+\t\t\treturn -EINVAL;\n+\n+\t\tif ((a_xfrm->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) ||\n+\t\t    (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2))\n+\t\t\tauth_iv_len = PDCP_IV_LEN;\n+\t\telse\n+\t\t\tauth_iv_len = 0;\n+\n+\t\tif (a_xfrm->auth.iv.length != auth_iv_len)\n+\t\t\treturn -EINVAL;\n+\t}\n+\n+\tif (!rte_cryptodev_is_valid_dev(conf->dev_id))\n+\t\treturn -EINVAL;\n+\n+\tret = pdcp_crypto_caps_cipher_verify(conf->dev_id, c_xfrm);\n+\tif (ret)\n+\t\treturn -ENOTSUP;\n+\n+\tif (a_xfrm != NULL) {\n+\t\tret = pdcp_crypto_caps_auth_verify(conf->dev_id, a_xfrm);\n+\t\tif (ret)\n+\t\t\treturn -ENOTSUP;\n+\t}\n+\n+\treturn 0;\n+}\n \n int\n pdcp_crypto_sess_create(struct rte_pdcp_entity *entity, const struct rte_pdcp_entity_conf *conf)\n {\n-\tRTE_SET_USED(entity);\n-\tRTE_SET_USED(conf);\n+\tstruct rte_crypto_sym_xform *c_xfrm, *a_xfrm;\n+\tstruct entity_priv *en_priv;\n+\tbool is_auth_then_cipher;\n+\tint ret;\n+\n+\tif (entity == NULL || conf == NULL || conf->crypto_xfrm == NULL)\n+\t\treturn -EINVAL;\n+\n+\ten_priv = entity_priv_get(entity);\n+\n+\ten_priv->dev_id = conf->dev_id;\n+\n+\tif (conf->crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {\n+\t\tc_xfrm = conf->crypto_xfrm;\n+\t\ta_xfrm = conf->crypto_xfrm->next;\n+\t\tis_auth_then_cipher = false;\n+\t} else if (conf->crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AUTH) {\n+\t\ta_xfrm = conf->crypto_xfrm;\n+\t\tc_xfrm = conf->crypto_xfrm->next;\n+\t\tis_auth_then_cipher = true;\n+\t} else {\n+\t\treturn -EINVAL;\n+\t}\n+\n+\tret = pdcp_crypto_xfrm_validate(conf, c_xfrm, a_xfrm, is_auth_then_cipher);\n+\tif (ret)\n+\t\treturn ret;\n+\n+\tif (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL)\n+\t\tc_xfrm->cipher.iv.offset = 0;\n+\telse\n+\t\tc_xfrm->cipher.iv.offset = PDCP_IV_OFFSET;\n+\n+\tif (a_xfrm != NULL) {\n+\t\tif (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL)\n+\t\t\ta_xfrm->auth.iv.offset = 0;\n+\t\telse\n+\t\t\tif (c_xfrm->cipher.iv.offset)\n+\t\t\t\ta_xfrm->auth.iv.offset = PDCP_IV_OFFSET + PDCP_IV_LEN;\n+\t\t\telse\n+\t\t\t\ta_xfrm->auth.iv.offset = PDCP_IV_OFFSET;\n+\t}\n+\n+\tif (conf->sess_mpool == NULL)\n+\t\treturn -EINVAL;\n+\n+\ten_priv->crypto_sess = rte_cryptodev_sym_session_create(conf->dev_id, conf->crypto_xfrm,\n+\t\t\t\t\t\t\t\tconf->sess_mpool);\n+\tif (en_priv->crypto_sess == NULL) {\n+\t\t/* rte_errno is set as positive values of error codes */\n+\t\treturn -rte_errno;\n+\t}\n+\n+\trte_cryptodev_sym_session_opaque_data_set(en_priv->crypto_sess, (uint64_t)entity);\n+\n \treturn 0;\n }\n \n void\n pdcp_crypto_sess_destroy(struct rte_pdcp_entity *entity)\n {\n-\tRTE_SET_USED(entity);\n+\tstruct entity_priv *en_priv;\n+\n+\ten_priv = entity_priv_get(entity);\n+\n+\tif (en_priv->crypto_sess != NULL) {\n+\t\trte_cryptodev_sym_session_free(en_priv->dev_id, en_priv->crypto_sess);\n+\t\ten_priv->crypto_sess = NULL;\n+\t}\n }\ndiff --git a/lib/pdcp/pdcp_crypto.h b/lib/pdcp/pdcp_crypto.h\nindex 6563331d37..f694818713 100644\n--- a/lib/pdcp/pdcp_crypto.h\n+++ b/lib/pdcp/pdcp_crypto.h\n@@ -5,8 +5,13 @@\n #ifndef PDCP_CRYPTO_H\n #define PDCP_CRYPTO_H\n \n+#include <rte_crypto.h>\n+#include <rte_crypto_sym.h>\n #include <rte_pdcp.h>\n \n+#define PDCP_IV_OFFSET (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op))\n+#define PDCP_IV_LEN 16\n+\n int pdcp_crypto_sess_create(struct rte_pdcp_entity *entity,\n \t\t\t    const struct rte_pdcp_entity_conf *conf);\n \n",
    "prefixes": [
        "v3",
        "05/22"
    ]
}