[v3,2/8] security: modify PDCP xform to support SDAP
diff mbox series

Message ID 20201012141006.31463-3-akhil.goyal@nxp.com
State Accepted, archived
Delegated to: akhil goyal
Headers show
Series
  • support PDCP-SDAP for dpaa2_sec
Related show

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Akhil Goyal Oct. 12, 2020, 2:10 p.m. UTC
The SDAP is a protocol in the LTE stack on top of PDCP for
QOS. A particular PDCP session may or may not have
SDAP enabled. But if it is enabled, SDAP header should be
authenticated but not encrypted if both confidentiality and
integrity is enabled. Hence, the driver should be intimated
from the xform so that it skip the SDAP header while encryption.

A new field is added in the PDCP xform to specify SDAP is enabled.
The overall size of the xform is not changed, as hfn_ovrd is just
a flag and does not need uint32. Hence, it is converted to uint8_t
and a 16 bit reserved field is added for future.

Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
---
 doc/guides/rel_notes/release_20_11.rst |  9 +++++++++
 lib/librte_security/rte_security.h     | 12 ++++++++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

Comments

Thomas Monjalon Oct. 14, 2020, 7:46 a.m. UTC | #1
12/10/2020 16:10, Akhil Goyal:
> The SDAP is a protocol in the LTE stack on top of PDCP for
> QOS. A particular PDCP session may or may not have
> SDAP enabled. But if it is enabled, SDAP header should be
> authenticated but not encrypted if both confidentiality and
> integrity is enabled. Hence, the driver should be intimated
> from the xform so that it skip the SDAP header while encryption.
> 
> A new field is added in the PDCP xform to specify SDAP is enabled.
> The overall size of the xform is not changed, as hfn_ovrd is just
> a flag and does not need uint32. Hence, it is converted to uint8_t
> and a 16 bit reserved field is added for future.
> 
> Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> ---
>  doc/guides/rel_notes/release_20_11.rst |  9 +++++++++
>  lib/librte_security/rte_security.h     | 12 ++++++++++--
>  2 files changed, 19 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
> index c34ab5493..fad91487a 100644
> --- a/doc/guides/rel_notes/release_20_11.rst
> +++ b/doc/guides/rel_notes/release_20_11.rst
> @@ -103,6 +103,11 @@ New Features
>    also known as Mount Bryce.  See the
>    :doc:`../bbdevs/acc100` BBDEV guide for more details on this new driver.
>  
> +* **Updated rte_security library to support SDAP.**
> +
> +  ``rte_security_pdcp_xform`` in ``rte_security`` lib is updated to enable
> +  5G NR processing of SDAP header in PMDs.
> +

Please try to keep the ordering:
crypto and security stuff should be after ethdev drivers
and related stuff (I would say even after flow-perf).

>  * **Updated Virtio driver.**
>  
>    * Added support for Vhost-vDPA backend to Virtio-user PMD.
> @@ -307,6 +312,10 @@ API Changes
>    ``rte_fpga_lte_fec_configure`` and structure ``fpga_lte_fec_conf`` to
>    ``rte_fpga_lte_fec_conf``.
>  
> +* security: ``hfn_ovrd`` field in ``rte_security_pdcp_xform`` is changed from
> +  ``uint32_t`` to ``uint8_t`` so that a new field ``sdap_enabled`` can be added
> +  to support SDAP.

For the API change,
Acked-by: Thomas Monjalon <thomas@monjalon.net>
Akhil Goyal Oct. 14, 2020, 8:26 p.m. UTC | #2
> 12/10/2020 16:10, Akhil Goyal:
> > The SDAP is a protocol in the LTE stack on top of PDCP for
> > QOS. A particular PDCP session may or may not have
> > SDAP enabled. But if it is enabled, SDAP header should be
> > authenticated but not encrypted if both confidentiality and
> > integrity is enabled. Hence, the driver should be intimated
> > from the xform so that it skip the SDAP header while encryption.
> >
> > A new field is added in the PDCP xform to specify SDAP is enabled.
> > The overall size of the xform is not changed, as hfn_ovrd is just
> > a flag and does not need uint32. Hence, it is converted to uint8_t
> > and a 16 bit reserved field is added for future.
> >
> > Signed-off-by: Akhil Goyal <akhil.goyal@nxp.com>
> > ---
> >  doc/guides/rel_notes/release_20_11.rst |  9 +++++++++
> >  lib/librte_security/rte_security.h     | 12 ++++++++++--
> >  2 files changed, 19 insertions(+), 2 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_20_11.rst
> b/doc/guides/rel_notes/release_20_11.rst
> > index c34ab5493..fad91487a 100644
> > --- a/doc/guides/rel_notes/release_20_11.rst
> > +++ b/doc/guides/rel_notes/release_20_11.rst
> > @@ -103,6 +103,11 @@ New Features
> >    also known as Mount Bryce.  See the
> >    :doc:`../bbdevs/acc100` BBDEV guide for more details on this new driver.
> >
> > +* **Updated rte_security library to support SDAP.**
> > +
> > +  ``rte_security_pdcp_xform`` in ``rte_security`` lib is updated to enable
> > +  5G NR processing of SDAP header in PMDs.
> > +
> 
> Please try to keep the ordering:
> crypto and security stuff should be after ethdev drivers
> and related stuff (I would say even after flow-perf).
> 
Fixed it while applying the series to dpdk-next-crypto

> >  * **Updated Virtio driver.**
> >
> >    * Added support for Vhost-vDPA backend to Virtio-user PMD.
> > @@ -307,6 +312,10 @@ API Changes
> >    ``rte_fpga_lte_fec_configure`` and structure ``fpga_lte_fec_conf`` to
> >    ``rte_fpga_lte_fec_conf``.
> >
> > +* security: ``hfn_ovrd`` field in ``rte_security_pdcp_xform`` is changed from
> > +  ``uint32_t`` to ``uint8_t`` so that a new field ``sdap_enabled`` can be added
> > +  to support SDAP.
> 
> For the API change,
> Acked-by: Thomas Monjalon <thomas@monjalon.net>
> 
Applied to dpdk-next-crypto

Patch
diff mbox series

diff --git a/doc/guides/rel_notes/release_20_11.rst b/doc/guides/rel_notes/release_20_11.rst
index c34ab5493..fad91487a 100644
--- a/doc/guides/rel_notes/release_20_11.rst
+++ b/doc/guides/rel_notes/release_20_11.rst
@@ -103,6 +103,11 @@  New Features
   also known as Mount Bryce.  See the
   :doc:`../bbdevs/acc100` BBDEV guide for more details on this new driver.
 
+* **Updated rte_security library to support SDAP.**
+
+  ``rte_security_pdcp_xform`` in ``rte_security`` lib is updated to enable
+  5G NR processing of SDAP header in PMDs.
+
 * **Updated Virtio driver.**
 
   * Added support for Vhost-vDPA backend to Virtio-user PMD.
@@ -307,6 +312,10 @@  API Changes
   ``rte_fpga_lte_fec_configure`` and structure ``fpga_lte_fec_conf`` to
   ``rte_fpga_lte_fec_conf``.
 
+* security: ``hfn_ovrd`` field in ``rte_security_pdcp_xform`` is changed from
+  ``uint32_t`` to ``uint8_t`` so that a new field ``sdap_enabled`` can be added
+  to support SDAP.
+
 
 ABI Changes
 -----------
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 16839e539..c259b35e0 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,5 +1,5 @@ 
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2020 NXP
  * Copyright(c) 2017-2020 Intel Corporation.
  */
 
@@ -290,7 +290,15 @@  struct rte_security_pdcp_xform {
 	 * per packet HFN in place of IV. PMDs will extract the HFN
 	 * and perform operations accordingly.
 	 */
-	uint32_t hfn_ovrd;
+	uint8_t hfn_ovrd;
+	/** In case of 5G NR, a new protocol (SDAP) header may be set
+	 * inside PDCP payload which should be authenticated but not
+	 * encrypted. Hence, driver should be notified if SDAP is
+	 * enabled or not, so that SDAP header is not encrypted.
+	 */
+	uint8_t sdap_enabled;
+	/** Reserved for future */
+	uint16_t reserved;
 };
 
 /** DOCSIS direction */