| Message ID | 20210908120115.3548009-2-g.singh@nxp.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v3,1/4] security: support PDCP short MAC-I | expand |
> From: Hemant Agrawal <hemant.agrawal@nxp.com> > > This patch add support to handle PDCP short MAC-I domain > along with standard control and data domains as it has to > be treated as special case with PDCP protocol offload support. > > ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually > when a RRC message is exchanged between UE and eNodeB it is integrity & > ciphered protected. > > MAC-I = f(key, varShortMAC-I, count, bearer, direction). > Here varShortMAC-I is prepared by using (current cellId, pci of source cell > and C-RNTI of old cell). Other parameters like count, bearer and > direction set to all 1. > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com> > Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com> > --- > app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++- > doc/guides/prog_guide/rte_security.rst | 11 ++++++++- > doc/guides/tools/cryptoperf.rst | 4 ++-- > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++---------- Why is the dpaa2_sec patch squashed in this patch? I asked to have it as a separate patch in this series instead of the dpaa_sec series. > lib/security/rte_security.h | 1 + > 5 files changed, 33 insertions(+), 16 deletions(-) > > diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto- > perf/cperf_options_parsing.c > index e84f56cfaa..0348972c85 100644 > --- a/app/test-crypto-perf/cperf_options_parsing.c > +++ b/app/test-crypto-perf/cperf_options_parsing.c > @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const > char *arg) > > const char *cperf_pdcp_domain_strs[] = { > [RTE_SECURITY_PDCP_MODE_CONTROL] = "control", > - [RTE_SECURITY_PDCP_MODE_DATA] = "data" > + [RTE_SECURITY_PDCP_MODE_DATA] = "data", > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac" > }; > > static int > @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, > const char *arg) > cperf_pdcp_domain_strs > [RTE_SECURITY_PDCP_MODE_DATA], > RTE_SECURITY_PDCP_MODE_DATA > + }, > + { > + cperf_pdcp_domain_strs > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC], > + RTE_SECURITY_PDCP_MODE_SHORT_MAC > } > }; > > diff --git a/doc/guides/prog_guide/rte_security.rst > b/doc/guides/prog_guide/rte_security.rst > index f72bc8a78f..ad92c16868 100644 > --- a/doc/guides/prog_guide/rte_security.rst > +++ b/doc/guides/prog_guide/rte_security.rst > @@ -1,5 +1,5 @@ > .. SPDX-License-Identifier: BSD-3-Clause > - Copyright 2017,2020 NXP > + Copyright 2017,2020-2021 NXP > > > > @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol. > }, > .crypto_capabilities = pmd_capabilities > }, > + { /* PDCP Lookaside Protocol offload short MAC-I */ > + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, > + .protocol = RTE_SECURITY_PROTOCOL_PDCP, > + .pdcp = { > + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, > + .capa_flags = 0 > + }, > + .crypto_capabilities = pmd_capabilities > + }, > { > .action = RTE_SECURITY_ACTION_TYPE_NONE > } > diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst > index be3109054d..d3963f23e3 100644 > --- a/doc/guides/tools/cryptoperf.rst > +++ b/doc/guides/tools/cryptoperf.rst > @@ -316,9 +316,9 @@ The following are the application command-line > options: > Set PDCP sequence number size(n) in bits. Valid values of n will > be 5/7/12/15/18. > > -* ``--pdcp-domain <control/user>`` > +* ``--pdcp-domain <control/user/short_mac>`` > > - Set PDCP domain to specify Control/user plane. > + Set PDCP domain to specify short_mac/control/user plane. > > * ``--docsis-hdr-sz <n>`` > > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > index d6a101499a..b8d57c2b22 100644 > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > *dev, > struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp; > struct rte_crypto_sym_xform *xform = conf->crypto_xform; > struct rte_crypto_auth_xform *auth_xform = NULL; > - struct rte_crypto_cipher_xform *cipher_xform; > + struct rte_crypto_cipher_xform *cipher_xform = NULL; > dpaa2_sec_session *session = (dpaa2_sec_session *)sess; > struct ctxt_priv *priv; > struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private; > @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct > rte_cryptodev *dev, > flc = &priv->flc_desc[0].flc; > > /* find xfrm types */ > - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform- > >next == NULL) { > - cipher_xform = &xform->cipher; > - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && > - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { > - session->ext_params.aead_ctxt.auth_cipher_text = true; > + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { > cipher_xform = &xform->cipher; > - auth_xform = &xform->next->auth; > - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && > - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { > - session->ext_params.aead_ctxt.auth_cipher_text = false; > - cipher_xform = &xform->next->cipher; > + if (xform->next != NULL) { > + session->ext_params.aead_ctxt.auth_cipher_text = > true; > + auth_xform = &xform->next->auth; > + } > + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { > auth_xform = &xform->auth; > + if (xform->next != NULL) { > + session->ext_params.aead_ctxt.auth_cipher_text = > false; > + cipher_xform = &xform->next->cipher; > + } > } else { > DPAA2_SEC_ERR("Invalid crypto type"); > return -EINVAL; > @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > *dev, > session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold; > session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd; > /* hfv ovd offset location is stored in iv.offset value*/ > - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; > + if (cipher_xform) > + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; > > cipherdata.key = (size_t)session->cipher_key.data; > cipherdata.keylen = session->cipher_key.length; > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h > index 88d31de0a6..2e136d7929 100644 > --- a/lib/security/rte_security.h > +++ b/lib/security/rte_security.h > @@ -233,6 +233,7 @@ struct rte_security_macsec_xform { > enum rte_security_pdcp_domain { > RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control > plane */ > RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */ > + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac > */ > }; > > /** PDCP Frame direction */ > -- > 2.25.1
> -----Original Message----- > From: Akhil Goyal <gakhil@marvell.com> > Sent: Wednesday, September 8, 2021 5:45 PM > To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org > Cc: thomas@monjalon.net; Hemant Agrawal <hemant.agrawal@nxp.com> > Subject: RE: [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I > > > From: Hemant Agrawal <hemant.agrawal@nxp.com> > > > > This patch add support to handle PDCP short MAC-I domain > > along with standard control and data domains as it has to > > be treated as special case with PDCP protocol offload support. > > > > ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually > > when a RRC message is exchanged between UE and eNodeB it is integrity & > > ciphered protected. > > > > MAC-I = f(key, varShortMAC-I, count, bearer, direction). > > Here varShortMAC-I is prepared by using (current cellId, pci of source cell > > and C-RNTI of old cell). Other parameters like count, bearer and > > direction set to all 1. > > > > Signed-off-by: Gagandeep Singh <g.singh@nxp.com> > > Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com> > > --- > > app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++- > > doc/guides/prog_guide/rte_security.rst | 11 ++++++++- > > doc/guides/tools/cryptoperf.rst | 4 ++-- > > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++---------- > > Why is the dpaa2_sec patch squashed in this patch? > I asked to have it as a separate patch in this series instead of the dpaa_sec > series. Ok, I will send v4 with a separate patch for dpaa2_sec in this series. > > > lib/security/rte_security.h | 1 + > > 5 files changed, 33 insertions(+), 16 deletions(-) > > > > diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto- > > perf/cperf_options_parsing.c > > index e84f56cfaa..0348972c85 100644 > > --- a/app/test-crypto-perf/cperf_options_parsing.c > > +++ b/app/test-crypto-perf/cperf_options_parsing.c > > @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const > > char *arg) > > > > const char *cperf_pdcp_domain_strs[] = { > > [RTE_SECURITY_PDCP_MODE_CONTROL] = "control", > > - [RTE_SECURITY_PDCP_MODE_DATA] = "data" > > + [RTE_SECURITY_PDCP_MODE_DATA] = "data", > > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac" > > }; > > > > static int > > @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, > > const char *arg) > > cperf_pdcp_domain_strs > > [RTE_SECURITY_PDCP_MODE_DATA], > > RTE_SECURITY_PDCP_MODE_DATA > > + }, > > + { > > + cperf_pdcp_domain_strs > > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC], > > + RTE_SECURITY_PDCP_MODE_SHORT_MAC > > } > > }; > > > > diff --git a/doc/guides/prog_guide/rte_security.rst > > b/doc/guides/prog_guide/rte_security.rst > > index f72bc8a78f..ad92c16868 100644 > > --- a/doc/guides/prog_guide/rte_security.rst > > +++ b/doc/guides/prog_guide/rte_security.rst > > @@ -1,5 +1,5 @@ > > .. SPDX-License-Identifier: BSD-3-Clause > > - Copyright 2017,2020 NXP > > + Copyright 2017,2020-2021 NXP > > > > > > > > @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol. > > }, > > .crypto_capabilities = pmd_capabilities > > }, > > + { /* PDCP Lookaside Protocol offload short MAC-I */ > > + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, > > + .protocol = RTE_SECURITY_PROTOCOL_PDCP, > > + .pdcp = { > > + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, > > + .capa_flags = 0 > > + }, > > + .crypto_capabilities = pmd_capabilities > > + }, > > { > > .action = RTE_SECURITY_ACTION_TYPE_NONE > > } > > diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst > > index be3109054d..d3963f23e3 100644 > > --- a/doc/guides/tools/cryptoperf.rst > > +++ b/doc/guides/tools/cryptoperf.rst > > @@ -316,9 +316,9 @@ The following are the application command-line > > options: > > Set PDCP sequence number size(n) in bits. Valid values of n will > > be 5/7/12/15/18. > > > > -* ``--pdcp-domain <control/user>`` > > +* ``--pdcp-domain <control/user/short_mac>`` > > > > - Set PDCP domain to specify Control/user plane. > > + Set PDCP domain to specify short_mac/control/user plane. > > > > * ``--docsis-hdr-sz <n>`` > > > > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > index d6a101499a..b8d57c2b22 100644 > > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c > > @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > > *dev, > > struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp; > > struct rte_crypto_sym_xform *xform = conf->crypto_xform; > > struct rte_crypto_auth_xform *auth_xform = NULL; > > - struct rte_crypto_cipher_xform *cipher_xform; > > + struct rte_crypto_cipher_xform *cipher_xform = NULL; > > dpaa2_sec_session *session = (dpaa2_sec_session *)sess; > > struct ctxt_priv *priv; > > struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private; > > @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct > > rte_cryptodev *dev, > > flc = &priv->flc_desc[0].flc; > > > > /* find xfrm types */ > > - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform- > > >next == NULL) { > > - cipher_xform = &xform->cipher; > > - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && > > - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { > > - session->ext_params.aead_ctxt.auth_cipher_text = true; > > + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { > > cipher_xform = &xform->cipher; > > - auth_xform = &xform->next->auth; > > - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && > > - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { > > - session->ext_params.aead_ctxt.auth_cipher_text = false; > > - cipher_xform = &xform->next->cipher; > > + if (xform->next != NULL) { > > + session->ext_params.aead_ctxt.auth_cipher_text = > > true; > > + auth_xform = &xform->next->auth; > > + } > > + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { > > auth_xform = &xform->auth; > > + if (xform->next != NULL) { > > + session->ext_params.aead_ctxt.auth_cipher_text = > > false; > > + cipher_xform = &xform->next->cipher; > > + } > > } else { > > DPAA2_SEC_ERR("Invalid crypto type"); > > return -EINVAL; > > @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev > > *dev, > > session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold; > > session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd; > > /* hfv ovd offset location is stored in iv.offset value*/ > > - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; > > + if (cipher_xform) > > + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; > > > > cipherdata.key = (size_t)session->cipher_key.data; > > cipherdata.keylen = session->cipher_key.length; > > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h > > index 88d31de0a6..2e136d7929 100644 > > --- a/lib/security/rte_security.h > > +++ b/lib/security/rte_security.h > > @@ -233,6 +233,7 @@ struct rte_security_macsec_xform { > > enum rte_security_pdcp_domain { > > RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control > > plane */ > > RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */ > > + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac > > */ > > }; > > > > /** PDCP Frame direction */ > > -- > > 2.25.1
> -----Original Message----- > ---------------------------------------------------------------------- > This series add support of Message Authentication Code > - Integrity on DPAAX platforms. > > v2-change-log: > * update commit message > * merged an existing patch with this series: > https://urldefense.proofpoint.com/v2/url?u=https- > 3A__patches.dpdk.org_project_dpdk_patch_20210825081837.23830-2D1- > 2Dhemant.agrawal- > 40nxp.com_mbox_&d=DwIDAg&c=nKjWec2b6R0mOyPaz7xtfQ&r=DnL7Si2wl > _PRwpZ9TWey3eu68gBzn7DkPwuqhd6WNyo&m=uVb88j-BcZCOk- > dj_YN250HwoG6vE4oaTbdZ0crhu_o&s=ke0c8NuRQj2AR4pX7yDDk5gytngbs6 > O1D6Urd1Xk5qk&e= > > v3-change-log: > * updated release notes > > v4-change-log: > * move the dpaa2_sec changes from first patch to a separate patch > > Gagandeep Singh (3): > test/crypto: add pdcp security short MAC-I support > crypto/dpaa2_sec: add PDCP short MAC-I support > crypto/dpaa_sec: add pdcp short MAC-I support > > Hemant Agrawal (2): > crypto/dpaa2_sec: support integrity only case for PDCP > security: add pdcp short MAC-I support > > app/test-crypto-perf/cperf_options_parsing.c | 8 +- > app/test/test_cryptodev.c | 48 ++++++++ > ...est_cryptodev_security_pdcp_test_vectors.h | 105 +++++++++++++++++- > doc/guides/prog_guide/rte_security.rst | 11 +- > doc/guides/rel_notes/release_21_11.rst | 8 ++ > doc/guides/tools/cryptoperf.rst | 2 +- > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 29 +++-- > drivers/crypto/dpaa2_sec/dpaa2_sec_priv.h | 9 ++ > drivers/crypto/dpaa_sec/dpaa_sec.c | 3 + > drivers/crypto/dpaa_sec/dpaa_sec.h | 11 +- > lib/security/rte_security.h | 1 + > 11 files changed, 218 insertions(+), 17 deletions(-) > Series Acked-by: Akhil Goyal <gakhil@marvell.com> Applied to dpdk-next-crypto Thanks.
diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c index e84f56cfaa..0348972c85 100644 --- a/app/test-crypto-perf/cperf_options_parsing.c +++ b/app/test-crypto-perf/cperf_options_parsing.c @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg) const char *cperf_pdcp_domain_strs[] = { [RTE_SECURITY_PDCP_MODE_CONTROL] = "control", - [RTE_SECURITY_PDCP_MODE_DATA] = "data" + [RTE_SECURITY_PDCP_MODE_DATA] = "data", + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac" }; static int @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg) cperf_pdcp_domain_strs [RTE_SECURITY_PDCP_MODE_DATA], RTE_SECURITY_PDCP_MODE_DATA + }, + { + cperf_pdcp_domain_strs + [RTE_SECURITY_PDCP_MODE_SHORT_MAC], + RTE_SECURITY_PDCP_MODE_SHORT_MAC } }; diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst index f72bc8a78f..ad92c16868 100644 --- a/doc/guides/prog_guide/rte_security.rst +++ b/doc/guides/prog_guide/rte_security.rst @@ -1,5 +1,5 @@ .. SPDX-License-Identifier: BSD-3-Clause - Copyright 2017,2020 NXP + Copyright 2017,2020-2021 NXP @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol. }, .crypto_capabilities = pmd_capabilities }, + { /* PDCP Lookaside Protocol offload short MAC-I */ + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL, + .protocol = RTE_SECURITY_PROTOCOL_PDCP, + .pdcp = { + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC, + .capa_flags = 0 + }, + .crypto_capabilities = pmd_capabilities + }, { .action = RTE_SECURITY_ACTION_TYPE_NONE } diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst index be3109054d..d3963f23e3 100644 --- a/doc/guides/tools/cryptoperf.rst +++ b/doc/guides/tools/cryptoperf.rst @@ -316,9 +316,9 @@ The following are the application command-line options: Set PDCP sequence number size(n) in bits. Valid values of n will be 5/7/12/15/18. -* ``--pdcp-domain <control/user>`` +* ``--pdcp-domain <control/user/short_mac>`` - Set PDCP domain to specify Control/user plane. + Set PDCP domain to specify short_mac/control/user plane. * ``--docsis-hdr-sz <n>`` diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c index d6a101499a..b8d57c2b22 100644 --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp; struct rte_crypto_sym_xform *xform = conf->crypto_xform; struct rte_crypto_auth_xform *auth_xform = NULL; - struct rte_crypto_cipher_xform *cipher_xform; + struct rte_crypto_cipher_xform *cipher_xform = NULL; dpaa2_sec_session *session = (dpaa2_sec_session *)sess; struct ctxt_priv *priv; struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private; @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, flc = &priv->flc_desc[0].flc; /* find xfrm types */ - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) { - cipher_xform = &xform->cipher; - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) { - session->ext_params.aead_ctxt.auth_cipher_text = true; + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { cipher_xform = &xform->cipher; - auth_xform = &xform->next->auth; - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH && - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { - session->ext_params.aead_ctxt.auth_cipher_text = false; - cipher_xform = &xform->next->cipher; + if (xform->next != NULL) { + session->ext_params.aead_ctxt.auth_cipher_text = true; + auth_xform = &xform->next->auth; + } + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) { auth_xform = &xform->auth; + if (xform->next != NULL) { + session->ext_params.aead_ctxt.auth_cipher_text = false; + cipher_xform = &xform->next->cipher; + } } else { DPAA2_SEC_ERR("Invalid crypto type"); return -EINVAL; @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev, session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold; session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd; /* hfv ovd offset location is stored in iv.offset value*/ - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; + if (cipher_xform) + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset; cipherdata.key = (size_t)session->cipher_key.data; cipherdata.keylen = session->cipher_key.length; diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h index 88d31de0a6..2e136d7929 100644 --- a/lib/security/rte_security.h +++ b/lib/security/rte_security.h @@ -233,6 +233,7 @@ struct rte_security_macsec_xform { enum rte_security_pdcp_domain { RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */ RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */ + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac */ }; /** PDCP Frame direction */