[1/3] security: add support for DOCSIS protocol
diff mbox series

Message ID 20200604151324.50704-2-david.coyle@intel.com
State Superseded
Delegated to: akhil goyal
Headers show
Series
  • add support for DOCSIS protocol to security library
Related show

Checks

Context Check Description
ci/checkpatch success coding style OK
ci/iol-mellanox-Performance success Performance Testing PASS
ci/iol-testing warning Testing issues
ci/Intel-compilation success Compilation OK
ci/iol-nxp-Performance success Performance Testing PASS
ci/iol-intel-Performance success Performance Testing PASS
ci/iol-broadcom-Performance success Performance Testing PASS

Commit Message

Coyle, David June 4, 2020, 3:13 p.m. UTC
Add support for DOCSIS protocol to rte_security library. This support
currently comprises the combination of Crypto and CRC operations.

Please note this is API changes only. Implementation will follow in
next version.

Signed-off-by: David Coyle <david.coyle@intel.com>
Signed-off-by: Mairtin o Loingsigh <mairtin.oloingsigh@intel.com>
---
 lib/librte_security/rte_security.h | 114 +++++++++++++++++++++++++++++
 1 file changed, 114 insertions(+)

Patch
diff mbox series

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 747830d67..46ec4997a 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -293,6 +293,30 @@  struct rte_security_pdcp_xform {
 	uint32_t hfn_ovrd;
 };
 
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+	RTE_SECURITY_DOCSIS_UPLINK,
+	/**< Uplink
+	 * - Decryption, followed by CRC Verification
+	 */
+	RTE_SECURITY_DOCSIS_DOWNLINK,
+	/**< Downlink
+	 * - CRC Generation, followed by Encryption
+	 */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+	enum rte_security_docsis_direction direction;
+	/** DOCSIS direction */
+	uint16_t crc_size;
+	/**< CRC size in bytes */
+};
+
 /**
  * Security session action type.
  */
@@ -325,6 +349,8 @@  enum rte_security_session_protocol {
 	/**< MACSec Protocol */
 	RTE_SECURITY_PROTOCOL_PDCP,
 	/**< PDCP Protocol */
+	RTE_SECURITY_PROTOCOL_DOCSIS,
+	/**< DOCSIS Protocol */
 };
 
 /**
@@ -340,6 +366,7 @@  struct rte_security_session_conf {
 		struct rte_security_ipsec_xform ipsec;
 		struct rte_security_macsec_xform macsec;
 		struct rte_security_pdcp_xform pdcp;
+		struct rte_security_docsis_xform docsis;
 	};
 	/**< Configuration parameters for security session */
 	struct rte_crypto_sym_xform *crypto_xform;
@@ -355,6 +382,77 @@  struct rte_security_session {
 	/**< Opaque user defined data */
 };
 
+/**
+ * DOCSIS operation parameters
+ */
+struct rte_security_docsis_op {
+	struct rte_crypto_sym_op crypto_sym;
+	/**< Symmetric crypto operation parameters */
+
+	struct {
+		struct {
+			uint16_t offset;
+			/**<
+			 * Starting point for CRC processing, specified
+			 * as the number of bytes from start of the packet in
+			 * the source mbuf in crypto_sym
+			 */
+			uint16_t length;
+			/**<
+			 * The length, in bytes, of the source mbuf on which the
+			 * CRC will be computed
+			 */
+		} data;
+		/**< Data offset and length for CRC */
+
+		struct {
+			uint8_t *data;
+			/**<
+			 * This points to the location where the CRC should be
+			 * written (in the case of generation) or where the
+			 * purported result exists (in the case of
+			 * verification).
+			 *
+			 * The caller must ensure the required length of
+			 * physically contiguous memory is available at this
+			 * address.
+			 *
+			 * This may point into the mbuf packet data. For
+			 * generation, the result will overwrite any data at
+			 * this location.
+			 */
+			rte_iova_t phys_addr;
+			/**< Physical address of output data */
+		} output;
+		/**< Output location */
+	} crc;
+	/**< CRC operation parameters */
+
+	uint64_t reserved;
+	/**< Reserved for future use */
+};
+
+/**
+ * Security operation types
+ */
+enum rte_security_op_type {
+	RTE_SECURITY_OP_TYPE_DOCSIS = 1
+	/**< DOCSIS operation */
+};
+
+/**
+ * Security operation parameters
+ */
+struct rte_security_op {
+	enum rte_security_op_type type;
+	/**< Type of operation */
+	RTE_STD_C11
+	union {
+		struct rte_security_docsis_op docsis;
+	};
+	/**< Parameters for security operation */
+};
+
 /**
  * Create security session as specified by the session configuration
  *
@@ -523,6 +621,10 @@  struct rte_security_pdcp_stats {
 	uint64_t reserved;
 };
 
+struct rte_security_docsis_stats {
+	uint64_t reserved;
+};
+
 struct rte_security_stats {
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
@@ -532,6 +634,7 @@  struct rte_security_stats {
 		struct rte_security_macsec_stats macsec;
 		struct rte_security_ipsec_stats ipsec;
 		struct rte_security_pdcp_stats pdcp;
+		struct rte_security_docsis_stats docsis;
 	};
 };
 
@@ -591,6 +694,13 @@  struct rte_security_capability {
 			/**< Capability flags, see RTE_SECURITY_PDCP_* */
 		} pdcp;
 		/**< PDCP capability */
+		struct {
+			enum rte_security_docsis_direction direction;
+			/**< DOCSIS direction */
+			uint16_t crc_size;
+			/**< CRC size in bytes */
+		} docsis;
+		/**< DOCSIS capability */
 	};
 
 	const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -649,6 +759,10 @@  struct rte_security_capability_idx {
 			enum rte_security_pdcp_domain domain;
 			uint32_t capa_flags;
 		} pdcp;
+		struct {
+			enum rte_security_docsis_direction direction;
+			uint16_t crc_size;
+		} docsis;
 	};
 };