From patchwork Thu Jun  4 15:13:22 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Coyle, David" <david.coyle@intel.com>
X-Patchwork-Id: 70858
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id D2FA2A00C4;
	Thu,  4 Jun 2020 17:33:06 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id AB5711D5F5;
	Thu,  4 Jun 2020 17:33:01 +0200 (CEST)
Received: from mga18.intel.com (mga18.intel.com [134.134.136.126])
 by dpdk.org (Postfix) with ESMTP id 37EF91D5F2
 for <dev@dpdk.org>; Thu,  4 Jun 2020 17:33:00 +0200 (CEST)
IronPort-SDR: 
 7N6c0TwXtZ20Y2iY9WuRklHdKnU3R3h2l2wcBJfK0nRHbuM/c0mfkuLzzQncYvHd15zyKN5t64
 sPa/icKLrNzA==
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga005.jf.intel.com ([10.7.209.41])
 by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 04 Jun 2020 08:32:58 -0700
IronPort-SDR: 
 af8ilZ7SsH4gffcElvRHYi5UVHjGGIA5idCWH/CrbEiXkaFJr4SF8LwizPO7aCg9wTGHZGfVg8
 OEjGsf+spyBw==
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.73,472,1583222400"; d="scan'208";a="445542676"
Received: from silpixa00399912.ir.intel.com (HELO
 silpixa00399912.ger.corp.intel.com) ([10.237.223.64])
 by orsmga005.jf.intel.com with ESMTP; 04 Jun 2020 08:32:53 -0700
From: David Coyle <david.coyle@intel.com>
To: akhil.goyal@nxp.com, declan.doherty@intel.com,
 pablo.de.lara.guarch@intel.com, fiona.trahe@intel.com,
 roy.fan.zhang@intel.com
Cc: dev@dpdk.org, thomas@monjalon.net, ferruh.yigit@intel.com,
 brendan.ryan@intel.com, hemant.agrawal@nxp.com, anoobj@marvell.com,
 ruifeng.wang@arm.com, lironh@marvell.com, rnagadheeraj@marvell.com,
 jsrikanth@marvell.com, G.Singh@nxp.com, jianjay.zhou@huawei.com,
 ravi1.kumar@amd.com, bruce.richardson@intel.com, olivier.matz@6wind.com,
 honnappa.nagarahalli@arm.com, stephen@networkplumber.org,
 alexr@mellanox.com, jerinj@marvell.com,
 David Coyle <david.coyle@intel.com>,
 Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
Date: Thu,  4 Jun 2020 16:13:22 +0100
Message-Id: <20200604151324.50704-2-david.coyle@intel.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20200604151324.50704-1-david.coyle@intel.com>
References: <20200410142757.31508-1-david.coyle@intel.com>
 <20200604151324.50704-1-david.coyle@intel.com>
Subject: [dpdk-dev] [PATCH 1/3] security: add support for DOCSIS protocol
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add support for DOCSIS protocol to rte_security library. This support
currently comprises the combination of Crypto and CRC operations.

Please note this is API changes only. Implementation will follow in
next version.

Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
 lib/librte_security/rte_security.h | 114 +++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 747830d67..46ec4997a 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -293,6 +293,30 @@ struct rte_security_pdcp_xform {
 	uint32_t hfn_ovrd;
 };
 
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+	RTE_SECURITY_DOCSIS_UPLINK,
+	/**< Uplink
+	 * - Decryption, followed by CRC Verification
+	 */
+	RTE_SECURITY_DOCSIS_DOWNLINK,
+	/**< Downlink
+	 * - CRC Generation, followed by Encryption
+	 */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+	enum rte_security_docsis_direction direction;
+	/** DOCSIS direction */
+	uint16_t crc_size;
+	/**< CRC size in bytes */
+};
+
 /**
  * Security session action type.
  */
@@ -325,6 +349,8 @@ enum rte_security_session_protocol {
 	/**< MACSec Protocol */
 	RTE_SECURITY_PROTOCOL_PDCP,
 	/**< PDCP Protocol */
+	RTE_SECURITY_PROTOCOL_DOCSIS,
+	/**< DOCSIS Protocol */
 };
 
 /**
@@ -340,6 +366,7 @@ struct rte_security_session_conf {
 		struct rte_security_ipsec_xform ipsec;
 		struct rte_security_macsec_xform macsec;
 		struct rte_security_pdcp_xform pdcp;
+		struct rte_security_docsis_xform docsis;
 	};
 	/**< Configuration parameters for security session */
 	struct rte_crypto_sym_xform *crypto_xform;
@@ -355,6 +382,77 @@ struct rte_security_session {
 	/**< Opaque user defined data */
 };
 
+/**
+ * DOCSIS operation parameters
+ */
+struct rte_security_docsis_op {
+	struct rte_crypto_sym_op crypto_sym;
+	/**< Symmetric crypto operation parameters */
+
+	struct {
+		struct {
+			uint16_t offset;
+			/**<
+			 * Starting point for CRC processing, specified
+			 * as the number of bytes from start of the packet in
+			 * the source mbuf in crypto_sym
+			 */
+			uint16_t length;
+			/**<
+			 * The length, in bytes, of the source mbuf on which the
+			 * CRC will be computed
+			 */
+		} data;
+		/**< Data offset and length for CRC */
+
+		struct {
+			uint8_t *data;
+			/**<
+			 * This points to the location where the CRC should be
+			 * written (in the case of generation) or where the
+			 * purported result exists (in the case of
+			 * verification).
+			 *
+			 * The caller must ensure the required length of
+			 * physically contiguous memory is available at this
+			 * address.
+			 *
+			 * This may point into the mbuf packet data. For
+			 * generation, the result will overwrite any data at
+			 * this location.
+			 */
+			rte_iova_t phys_addr;
+			/**< Physical address of output data */
+		} output;
+		/**< Output location */
+	} crc;
+	/**< CRC operation parameters */
+
+	uint64_t reserved;
+	/**< Reserved for future use */
+};
+
+/**
+ * Security operation types
+ */
+enum rte_security_op_type {
+	RTE_SECURITY_OP_TYPE_DOCSIS = 1
+	/**< DOCSIS operation */
+};
+
+/**
+ * Security operation parameters
+ */
+struct rte_security_op {
+	enum rte_security_op_type type;
+	/**< Type of operation */
+	RTE_STD_C11
+	union {
+		struct rte_security_docsis_op docsis;
+	};
+	/**< Parameters for security operation */
+};
+
 /**
  * Create security session as specified by the session configuration
  *
@@ -523,6 +621,10 @@ struct rte_security_pdcp_stats {
 	uint64_t reserved;
 };
 
+struct rte_security_docsis_stats {
+	uint64_t reserved;
+};
+
 struct rte_security_stats {
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
@@ -532,6 +634,7 @@ struct rte_security_stats {
 		struct rte_security_macsec_stats macsec;
 		struct rte_security_ipsec_stats ipsec;
 		struct rte_security_pdcp_stats pdcp;
+		struct rte_security_docsis_stats docsis;
 	};
 };
 
@@ -591,6 +694,13 @@ struct rte_security_capability {
 			/**< Capability flags, see RTE_SECURITY_PDCP_* */
 		} pdcp;
 		/**< PDCP capability */
+		struct {
+			enum rte_security_docsis_direction direction;
+			/**< DOCSIS direction */
+			uint16_t crc_size;
+			/**< CRC size in bytes */
+		} docsis;
+		/**< DOCSIS capability */
 	};
 
 	const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -649,6 +759,10 @@ struct rte_security_capability_idx {
 			enum rte_security_pdcp_domain domain;
 			uint32_t capa_flags;
 		} pdcp;
+		struct {
+			enum rte_security_docsis_direction direction;
+			uint16_t crc_size;
+		} docsis;
 	};
 };