From patchwork Thu Dec 22 09:25:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 121279 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EC204A034C; Thu, 22 Dec 2022 10:25:35 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id CDDD140698; Thu, 22 Dec 2022 10:25:35 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 23CCE400D7 for ; Thu, 22 Dec 2022 10:25:34 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BM9MmSk003965; Thu, 22 Dec 2022 01:25:32 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=7UN7hyZbpClUaMs2DD4h49eA1uaQH+YgQw8x3NDf/jo=; b=dL/47QEvC3l9fXQ30+6C7iT0bnjUQMxrkItLN2hj8DyFalaGOD6KHfg+OVEdWMNzMbd+ /x5Y31js6fqDi4P77Bsj4aiJovp492gAHyblq46/Yeb1RwctHeXzKXLTzEEU5wZwWHA+ 7snR5XI2qlaEFp/vuQ0xWCVCu9JCRjaOpnjZPXRPYRnCNEnuVouhtDO5ybBH7HHfPR+K IaZ2uYF0ugNppk1slurXXrgRkBt/ELTeOt6inAz0qSvecfh0DPCEPt3kvBOI/KIOVTGV idx2cqNo7v4jVrQVpDZFESAnTkLplHlsKRSCW+7tGBy4VaxjNigaB0ZiUu4elfzRHb9f Jg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3mhe5rstv1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Dec 2022 01:25:32 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 22 Dec 2022 01:25:30 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 22 Dec 2022 01:25:30 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.193.66.59]) by maili.marvell.com (Postfix) with ESMTP id D5D2F3F706C; Thu, 22 Dec 2022 01:25:26 -0800 (PST) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev , Bernard Iremonger , Olivier Matz CC: Volodymyr Fialko , Hemant Agrawal , =?utf-8?q?Mattias_R=C3=B6nnblom?= , Kiran Kumar K , Subject: [PATCH 1/5] net: add PDCP header Date: Thu, 22 Dec 2022 14:55:18 +0530 Message-ID: <20221222092522.1628-2-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221222092522.1628-1-anoobj@marvell.com> References: <20221027052140.155-1-anoobj@marvell.com> <20221222092522.1628-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: dVSEOiPw7yHJECq5Ysl9RRcX6C9_wSRE X-Proofpoint-ORIG-GUID: dVSEOiPw7yHJECq5Ysl9RRcX6C9_wSRE X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-12-22_04,2022-12-21_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Volodymyr Fialko Added PDCP protocol header to be used for supporting PDCP protocol processing. Signed-off-by: Anoob Joseph Signed-off-by: Kiran Kumar K Signed-off-by: Volodymyr Fialko --- doc/api/doxy-api-index.md | 3 +- lib/net/meson.build | 1 + lib/net/rte_pdcp_hdr.h | 93 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 lib/net/rte_pdcp_hdr.h diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md index de488c7abf..ae4b107240 100644 --- a/doc/api/doxy-api-index.md +++ b/doc/api/doxy-api-index.md @@ -125,7 +125,8 @@ The public API headers are grouped by topics: [Geneve](@ref rte_geneve.h), [eCPRI](@ref rte_ecpri.h), [L2TPv2](@ref rte_l2tpv2.h), - [PPP](@ref rte_ppp.h) + [PPP](@ref rte_ppp.h), + [PDCP hdr](@ref rte_pdcp_hdr.h) - **QoS**: [metering](@ref rte_meter.h), diff --git a/lib/net/meson.build b/lib/net/meson.build index 379d161ee0..bd56f91c22 100644 --- a/lib/net/meson.build +++ b/lib/net/meson.build @@ -22,6 +22,7 @@ headers = files( 'rte_geneve.h', 'rte_l2tpv2.h', 'rte_ppp.h', + 'rte_pdcp_hdr.h', ) sources = files( diff --git a/lib/net/rte_pdcp_hdr.h b/lib/net/rte_pdcp_hdr.h new file mode 100644 index 0000000000..f9b8258949 --- /dev/null +++ b/lib/net/rte_pdcp_hdr.h @@ -0,0 +1,93 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#ifndef _RTE_PDCP_HDR_H_ +#define _RTE_PDCP_HDR_H_ + +/** + * @file + * + * PDCP-related defines + * + * Based on - ETSI TS 138 323 V17.1.0 (2022-08) + * https://www.etsi.org/deliver/etsi_ts/138300_138399/138323/17.01.00_60/ts_138323v170100p.pdf + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * 6.2.2.1 Data PDU for SRBs + */ +__extension__ +struct rte_pdcp_cp_data_pdu_sn_12_hdr { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint8_t sn_11_8 : 4; /**< Sequence number bits 8-11 */ + uint8_t r : 4; /**< Reserved */ +#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN + uint8_t r : 4; /**< Reserved */ + uint8_t sn_11_8 : 4; /**< Sequence number bits 8-11 */ +#endif + uint8_t sn_7_0; /**< Sequence number bits 0-7 */ +}; + +/** + * 6.2.2.2 Data PDU for DRBs and MRBs with 12 bits PDCP SN + */ +__extension__ +struct rte_pdcp_up_data_pdu_sn_12_hdr { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint8_t sn_11_8 : 4; /**< Sequence number bits 8-11 */ + uint8_t r : 3; /**< Reserved */ + uint8_t d_c : 1; /**< D/C bit */ +#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN + uint8_t d_c : 1; /**< D/C bit */ + uint8_t r : 3; /**< Reserved */ + uint8_t sn_11_8 : 4; /**< Sequence number bits 8-11 */ +#endif + uint8_t sn_7_0; /**< Sequence number bits 0-7 */ +}; + +/** + * 6.2.2.3 Data PDU for DRBs and MRBs with 18 bits PDCP SN + */ +__extension__ +struct rte_pdcp_up_data_pdu_sn_18_hdr { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint8_t sn_17_16 : 2; /**< Sequence number bits 16-17 */ + uint8_t r : 5; /**< Reserved */ + uint8_t d_c : 1; /**< D/C bit */ +#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN + uint8_t d_c : 1; /**< D/C bit */ + uint8_t r : 5; /**< Reserved */ + uint8_t sn_17_16 : 2; /**< Sequence number bits 16-17 */ +#endif + uint8_t sn_15_8; /**< Sequence number bits 8-15 */ + uint8_t sn_7_0; /**< Sequence number bits 0-7 */ +}; + +/** + * 6.2.3.1 Control PDU for PDCP status report + */ +__extension__ +struct rte_pdcp_up_ctrl_pdu_hdr { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint8_t r : 4; /**< Reserved */ + uint8_t pdu_type : 3; /**< Control PDU type */ + uint8_t d_c : 1; /**< D/C bit */ +#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN + uint8_t d_c : 1; /**< D/C bit */ + uint8_t pdu_type : 3; /**< Control PDU type */ + uint8_t r : 4; /**< Reserved */ +#endif +}; + +#ifdef __cplusplus +} +#endif + +#endif /* _RTE_PDCP_HDR_H_ */ From patchwork Thu Dec 22 09:25:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 121282 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id AD8EAA034C; Thu, 22 Dec 2022 10:28:01 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 586BF42D1F; Thu, 22 Dec 2022 10:27:51 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 394F642B8C for ; Thu, 22 Dec 2022 10:27:50 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BM7Mp6v015823; Thu, 22 Dec 2022 01:27:48 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=njKhWfBZEh0fEY8g7wB1I5J8ROgHjaqWZb4uGhrKzy8=; b=HV3J/1zwZx2ziycve08o/MxVUP0UquWVeIr5Bp9RNhje740ivRnVFwMd/OvpRz5jJnzg VMDv4YSL/S8WLb/P3Gfsv8BHyF1V+rWL3UwJH9jYpxLG3hUhQuN31V2DSV6O1zcqNpwj DbYImzgeH4KBJvPw9pI4vNZi0zW0+V+j3aaR5C6mSbyiKixPmsx1IFjwJU604Bhgq5c4 GX44C/AwCyxIWgpXPsNmhau/ViPZV21AvRkcorxLOux6sJ++S4v6omUvKJkjBONsAIz3 sui+Ube4rSpm9xmUL3TQe55UTnWPooKC+gVLaiIPm+XqTmoEop9QpgSLgkx14VsmKynz 0Q== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3mm79c3stv-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Dec 2022 01:27:47 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 22 Dec 2022 01:25:35 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 22 Dec 2022 01:25:35 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.193.66.59]) by maili.marvell.com (Postfix) with ESMTP id F35553F7073; Thu, 22 Dec 2022 01:25:30 -0800 (PST) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev , Bernard Iremonger CC: Hemant Agrawal , =?utf-8?q?Mattias_R=C3=B6nnblom?= , "Kiran Kumar K" , Volodymyr Fialko , , Olivier Matz Subject: [PATCH 2/5] lib: add pdcp protocol Date: Thu, 22 Dec 2022 14:55:19 +0530 Message-ID: <20221222092522.1628-3-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221222092522.1628-1-anoobj@marvell.com> References: <20221027052140.155-1-anoobj@marvell.com> <20221222092522.1628-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: 72vwhaAJlqVxYuuzUfjd7n_cG8aoIs0S X-Proofpoint-GUID: 72vwhaAJlqVxYuuzUfjd7n_cG8aoIs0S X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-12-22_04,2022-12-21_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add Packet Data Convergence Protocol (PDCP) processing library. The library is similar to lib_ipsec which provides IPsec processing capabilities in DPDK. PDCP would involve roughly the following options, 1. Transfer of user plane data 2. Transfer of control plane data 3. Header compression 4. Uplink data compression 5. Ciphering and integrity protection PDCP library provides following control path APIs that is used to configure various PDCP entities, 1. rte_pdcp_entity_establish() 2. rte_pdcp_entity_suspend() 3. rte_pdcp_entity_release() PDCP process is split into 2 parts. One before crypto processing (rte_pdcp_pkt_pre_process()) and one after crypto processing (rte_pdcp_pkt_post_process()). Since cryptodev dequeue can return crypto operations belonging to multiple entities, rte_pdcp_pkt_crypto_group() is added to help grouping crypto operations belonging to same entity. Signed-off-by: Anoob Joseph Signed-off-by: Kiran Kumar K Signed-off-by: Volodymyr Fialko --- doc/api/doxy-api-index.md | 3 +- doc/api/doxy-api.conf.in | 1 + lib/meson.build | 1 + lib/pdcp/meson.build | 8 + lib/pdcp/pdcp_crypto.c | 240 ++++++++ lib/pdcp/pdcp_crypto.h | 20 + lib/pdcp/pdcp_entity.h | 218 +++++++ lib/pdcp/pdcp_process.c | 1195 +++++++++++++++++++++++++++++++++++++ lib/pdcp/pdcp_process.h | 13 + lib/pdcp/rte_pdcp.c | 136 +++++ lib/pdcp/rte_pdcp.h | 263 ++++++++ lib/pdcp/rte_pdcp_group.h | 133 +++++ lib/pdcp/version.map | 13 + 13 files changed, 2243 insertions(+), 1 deletion(-) create mode 100644 lib/pdcp/meson.build create mode 100644 lib/pdcp/pdcp_crypto.c create mode 100644 lib/pdcp/pdcp_crypto.h create mode 100644 lib/pdcp/pdcp_entity.h create mode 100644 lib/pdcp/pdcp_process.c create mode 100644 lib/pdcp/pdcp_process.h create mode 100644 lib/pdcp/rte_pdcp.c create mode 100644 lib/pdcp/rte_pdcp.h create mode 100644 lib/pdcp/rte_pdcp_group.h create mode 100644 lib/pdcp/version.map diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md index ae4b107240..6014bee079 100644 --- a/doc/api/doxy-api-index.md +++ b/doc/api/doxy-api-index.md @@ -126,7 +126,8 @@ The public API headers are grouped by topics: [eCPRI](@ref rte_ecpri.h), [L2TPv2](@ref rte_l2tpv2.h), [PPP](@ref rte_ppp.h), - [PDCP hdr](@ref rte_pdcp_hdr.h) + [PDCP hdr](@ref rte_pdcp_hdr.h), + [PDCP](@ref rte_pdcp.h), - **QoS**: [metering](@ref rte_meter.h), diff --git a/doc/api/doxy-api.conf.in b/doc/api/doxy-api.conf.in index f0886c3bd1..01314b087e 100644 --- a/doc/api/doxy-api.conf.in +++ b/doc/api/doxy-api.conf.in @@ -61,6 +61,7 @@ INPUT = @TOPDIR@/doc/api/doxy-api-index.md \ @TOPDIR@/lib/net \ @TOPDIR@/lib/pcapng \ @TOPDIR@/lib/pci \ + @TOPDIR@/lib/pdcp \ @TOPDIR@/lib/pdump \ @TOPDIR@/lib/pipeline \ @TOPDIR@/lib/port \ diff --git a/lib/meson.build b/lib/meson.build index fd55925340..a827006d29 100644 --- a/lib/meson.build +++ b/lib/meson.build @@ -63,6 +63,7 @@ libraries = [ 'flow_classify', # flow_classify lib depends on pkt framework table lib 'graph', 'node', + 'pdcp', # pdcp lib depends on crypto and security ] optional_libs = [ diff --git a/lib/pdcp/meson.build b/lib/pdcp/meson.build new file mode 100644 index 0000000000..a7f5a408cf --- /dev/null +++ b/lib/pdcp/meson.build @@ -0,0 +1,8 @@ +# SPDX-License-Identifier: BSD-3-Clause +# Copyright(C) 2022 Marvell. +# + +sources = files('pdcp_crypto.c', 'pdcp_process.c', 'rte_pdcp.c') +headers = files('rte_pdcp.h') + +deps += ['security'] diff --git a/lib/pdcp/pdcp_crypto.c b/lib/pdcp/pdcp_crypto.c new file mode 100644 index 0000000000..7ffb8a07a7 --- /dev/null +++ b/lib/pdcp/pdcp_crypto.c @@ -0,0 +1,240 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#include +#include +#include +#include + +#include "pdcp_crypto.h" +#include "pdcp_entity.h" + +static int +pdcp_crypto_caps_cipher_verify(uint8_t dev_id, const struct rte_crypto_sym_xform *c_xfrm) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + int ret; + + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cap_idx.algo.cipher = c_xfrm->cipher.algo; + + cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx); + if (cap == NULL) + return -1; + + ret = rte_cryptodev_sym_capability_check_cipher(cap, c_xfrm->cipher.key.length, + c_xfrm->cipher.iv.length); + + return ret; +} + +static int +pdcp_crypto_caps_auth_verify(uint8_t dev_id, const struct rte_crypto_sym_xform *a_xfrm) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + int ret; + + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + cap_idx.algo.auth = a_xfrm->auth.algo; + + cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx); + if (cap == NULL) + return -1; + + ret = rte_cryptodev_sym_capability_check_auth(cap, a_xfrm->auth.key.length, + a_xfrm->auth.digest_length, + a_xfrm->auth.iv.length); + + return ret; +} + +static int +pdcp_crypto_xfrm_validate(const struct rte_pdcp_entity_conf *conf, + const struct rte_crypto_sym_xform *c_xfrm, + const struct rte_crypto_sym_xform *a_xfrm, + bool is_auth_then_cipher) +{ + uint16_t ciph_iv_len, auth_digest_len, auth_iv_len; + int ret; + + /* + * Uplink means PDCP entity is configured for transmit. Downlink means PDCP entity is + * configured for receive. When integrity protection is enabled, PDCP always performs + * digest-encrypted or auth-gen-encrypt for uplink (and decrypt-auth-verify for downlink). + * So for uplink, crypto chain would be auth-cipher while for downlink it would be + * cipher-auth. + * + * When integrity protection is not required, xform would be cipher only. + */ + + if (c_xfrm == NULL) + return -EINVAL; + + if (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) { + + /* With UPLINK, if auth is enabled, it should be before cipher */ + if (a_xfrm != NULL && !is_auth_then_cipher) + return -EINVAL; + + /* With UPLINK, cipher operation must be encrypt */ + if (c_xfrm->cipher.op != RTE_CRYPTO_CIPHER_OP_ENCRYPT) + return -EINVAL; + + /* With UPLINK, auth operation (if present) must be generate */ + if (a_xfrm != NULL && a_xfrm->auth.op != RTE_CRYPTO_AUTH_OP_GENERATE) + return -EINVAL; + + } else if (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) { + + /* With DOWNLINK, if auth is enabled, it should be after cipher */ + if (a_xfrm != NULL && is_auth_then_cipher) + return -EINVAL; + + /* With DOWNLINK, cipher operation must be decrypt */ + if (c_xfrm->cipher.op != RTE_CRYPTO_CIPHER_OP_DECRYPT) + return -EINVAL; + + /* With DOWNLINK, auth operation (if present) must be verify */ + if (a_xfrm != NULL && a_xfrm->auth.op != RTE_CRYPTO_AUTH_OP_VERIFY) + return -EINVAL; + + } else { + return -EINVAL; + } + + if ((c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_NULL) && + (c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_AES_CTR) && + (c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_ZUC_EEA3) && + (c_xfrm->cipher.algo != RTE_CRYPTO_CIPHER_SNOW3G_UEA2)) + return -EINVAL; + + if (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL) + ciph_iv_len = 0; + else + ciph_iv_len = PDCP_IV_LENGTH; + + if (ciph_iv_len != c_xfrm->cipher.iv.length) + return -EINVAL; + + if (a_xfrm != NULL) { + if ((a_xfrm->auth.algo != RTE_CRYPTO_AUTH_NULL) && + (a_xfrm->auth.algo != RTE_CRYPTO_AUTH_AES_CMAC) && + (a_xfrm->auth.algo != RTE_CRYPTO_AUTH_ZUC_EIA3) && + (a_xfrm->auth.algo != RTE_CRYPTO_AUTH_SNOW3G_UIA2)) + return -EINVAL; + + if (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL) + auth_digest_len = 0; + else + auth_digest_len = 4; + + if (auth_digest_len != a_xfrm->auth.digest_length) + return -EINVAL; + + if ((a_xfrm->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) || + (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2)) + auth_iv_len = PDCP_IV_LENGTH; + else + auth_iv_len = 0; + + if (a_xfrm->auth.iv.length != auth_iv_len) + return -EINVAL; + } + + if (!rte_cryptodev_is_valid_dev(conf->dev_id)) + return -EINVAL; + + ret = pdcp_crypto_caps_cipher_verify(conf->dev_id, c_xfrm); + if (ret) + return -ENOTSUP; + + if (a_xfrm != NULL) { + ret = pdcp_crypto_caps_auth_verify(conf->dev_id, a_xfrm); + if (ret) + return -ENOTSUP; + } + + return 0; +} + +int +pdcp_crypto_sess_create(struct rte_pdcp_entity *entity, const struct rte_pdcp_entity_conf *conf) +{ + struct rte_crypto_sym_xform *c_xfrm, *a_xfrm; + struct entity_priv *en_priv; + bool is_auth_then_cipher; + int ret; + + if (entity == NULL || conf == NULL || conf->crypto_xfrm == NULL) + return -EINVAL; + + en_priv = entity_priv_get(entity); + + en_priv->dev_id = conf->dev_id; + + if (conf->crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + c_xfrm = conf->crypto_xfrm; + a_xfrm = conf->crypto_xfrm->next; + is_auth_then_cipher = false; + } else if (conf->crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + a_xfrm = conf->crypto_xfrm; + c_xfrm = conf->crypto_xfrm->next; + is_auth_then_cipher = true; + } else { + return -EINVAL; + } + + ret = pdcp_crypto_xfrm_validate(conf, c_xfrm, a_xfrm, is_auth_then_cipher); + if (ret) + return ret; + + if (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_NULL) + c_xfrm->cipher.iv.offset = 0; + else + c_xfrm->cipher.iv.offset = PDCP_IV_OFFSET; + + if (a_xfrm != NULL) { + if (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_NULL) + a_xfrm->auth.iv.offset = 0; + else + if (c_xfrm->cipher.iv.offset) + a_xfrm->auth.iv.offset = PDCP_IV_OFFSET + PDCP_IV_LENGTH; + else + a_xfrm->auth.iv.offset = PDCP_IV_OFFSET; + } + + if (conf->sess_mpool == NULL) + return -EINVAL; + + en_priv->crypto_sess = rte_cryptodev_sym_session_create(conf->dev_id, conf->crypto_xfrm, + conf->sess_mpool); + if (en_priv->crypto_sess == NULL) { + /* API returns positive values as error codes */ + return -rte_errno; + } + + rte_cryptodev_sym_session_opaque_data_set(en_priv->crypto_sess, (uint64_t)entity); + + return 0; +} + +int +pdcp_crypto_sess_destroy(struct rte_pdcp_entity *entity) +{ + struct entity_priv *en_priv; + + if (entity == NULL) + return -EINVAL; + + en_priv = entity_priv_get(entity); + + if (en_priv->crypto_sess != NULL) { + rte_cryptodev_sym_session_free(en_priv->dev_id, en_priv->crypto_sess); + en_priv->crypto_sess = NULL; + } + + return 0; +} diff --git a/lib/pdcp/pdcp_crypto.h b/lib/pdcp/pdcp_crypto.h new file mode 100644 index 0000000000..dc625b35d0 --- /dev/null +++ b/lib/pdcp/pdcp_crypto.h @@ -0,0 +1,20 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#ifndef _PDCP_CRYPTO_H_ +#define _PDCP_CRYPTO_H_ + +#include +#include +#include + +#define PDCP_IV_OFFSET (sizeof(struct rte_crypto_op) + sizeof(struct rte_crypto_sym_op)) +#define PDCP_IV_LENGTH 16 + +int pdcp_crypto_sess_create(struct rte_pdcp_entity *entity, + const struct rte_pdcp_entity_conf *conf); + +int pdcp_crypto_sess_destroy(struct rte_pdcp_entity *entity); + +#endif /* _PDCP_CRYPTO_H_ */ diff --git a/lib/pdcp/pdcp_entity.h b/lib/pdcp/pdcp_entity.h new file mode 100644 index 0000000000..e312fd4a8c --- /dev/null +++ b/lib/pdcp/pdcp_entity.h @@ -0,0 +1,218 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#ifndef _PDCP_ENTITY_H_ +#define _PDCP_ENTITY_H_ + +#include +#include +#include +#include +#include + +struct entity_priv; + +#define PDCP_PDU_HDR_SIZE_SN_12 (RTE_ALIGN_MUL_CEIL(12, 8) / 8) +#define PDCP_PDU_HDR_SIZE_SN_18 (RTE_ALIGN_MUL_CEIL(18, 8) / 8) + +#define PDCP_GET_SN_12_FROM_COUNT(c) ((c) & 0xfff) +#define PDCP_GET_SN_18_FROM_COUNT(c) ((c) & 0x3ffff) + +#define PDCP_GET_HFN_SN_12_FROM_COUNT(c) (((c) >> 12) & 0xfffff) +#define PDCP_GET_HFN_SN_18_FROM_COUNT(c) (((c) >> 18) & 0x3fff) + +#define PDCP_SET_COUNT_FROM_HFN_SN_12(h, s) ((((h) & 0xfffff) << 12) | ((s) & 0xfff)) +#define PDCP_SET_COUNT_FROM_HFN_SN_18(h, s) ((((h) & 0x3fff) << 18) | ((s) & 0x3ffff)) + +#define PDCP_SN_12_WINDOW_SZ 0x800 +#define PDCP_SN_18_WINDOW_SZ 0x20000 + +#define PDCP_SN_12_HFN_MAX ((1 << (32 - 12)) - 1) +#define PDCP_SN_12_HFN_MIN 0 +#define PDCP_SN_18_HFN_MAX ((1 << (32 - 18)) - 1) +#define PDCP_SN_18_HFN_MIN 0 + +/* IV generation function based on the entity configuration */ +typedef void (*iv_gen_t)(struct rte_crypto_op *cop, const struct entity_priv *en_priv, + uint32_t count); + +enum pdcp_pdu_type { + PDCP_PDU_TYPE_CTRL = 0, + PDCP_PDU_TYPE_DATA = 1, +}; + +enum pdcp_up_ctrl_pdu_type { + PDCP_UP_CTRL_PDU_TYPE_STATUS_REPORT, + PDCP_UP_CTRL_PDU_TYPE_ROHC_FEEDBACK, + PDCP_UP_CTRL_PDU_TYPE_EHC_FEEDBACK, + PDCP_UP_CRTL_PDU_TYPE_UDC_FEEDBACK +}; + +struct entity_state { + uint32_t rx_next; + uint32_t tx_next; + uint32_t rx_deliv; + uint32_t rx_reord; +}; + +union auth_iv_partial { + /* For AES-CMAC, there is no IV, but message gets prepended */ + struct { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint64_t count : 32; + uint64_t zero_38_39 : 2; + uint64_t direction : 1; + uint64_t bearer : 5; + uint64_t zero_40_63 : 24; +#else + uint64_t count : 32; + uint64_t bearer : 5; + uint64_t direction : 1; + uint64_t zero_38_39 : 2; + uint64_t zero_40_63 : 24; +#endif + } aes_cmac; + struct { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint64_t count : 32; + uint64_t zero_37_39 : 3; + uint64_t bearer : 5; + uint64_t zero_40_63 : 24; + + uint64_t rsvd_65_71 : 7; + uint64_t direction_64 : 1; + uint64_t rsvd_72_111 : 40; + uint64_t rsvd_113_119 : 7; + uint64_t direction_112 : 1; + uint64_t rsvd_120_127 : 8; +#else + uint64_t count : 32; + uint64_t bearer : 5; + uint64_t zero_37_39 : 3; + uint64_t zero_40_63 : 24; + + uint64_t direction_64 : 1; + uint64_t rsvd_65_71 : 7; + uint64_t rsvd_72_111 : 40; + uint64_t direction_112 : 1; + uint64_t rsvd_113_119 : 7; + uint64_t rsvd_120_127 : 8; +#endif + } zs; + uint64_t u64[2]; +}; + +union cipher_iv_partial { + struct { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint64_t count : 32; + uint64_t zero_38_39 : 2; + uint64_t direction : 1; + uint64_t bearer : 5; + uint64_t zero_40_63 : 24; + + uint64_t zero_64_127; +#else + uint64_t count : 32; + uint64_t bearer : 5; + uint64_t direction : 1; + uint64_t zero_38_39 : 2; + uint64_t zero_40_63 : 24; + + uint64_t zero_64_127; +#endif + } aes_ctr; + struct { +#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN + uint64_t count : 32; + uint64_t zero_38_39 : 2; + uint64_t direction : 1; + uint64_t bearer : 5; + uint64_t zero_40_63 : 24; + + uint64_t rsvd_64_127; +#else + uint64_t count : 32; + uint64_t bearer : 5; + uint64_t direction : 1; + uint64_t zero_38_39 : 2; + uint64_t zero_40_63 : 24; + + uint64_t rsvd_64_127; +#endif + } zs; + uint64_t u64[2]; +}; + +/* + * Layout of PDCP entity: [rte_pdcp_entity] [entity_priv] [entity_dl/ul] + */ + +struct entity_priv { + /** Crypto sym session. */ + struct rte_cryptodev_sym_session *crypto_sess; + /** Entity specific IV generation function. */ + iv_gen_t iv_gen; + /** Pre-prepared auth IV. */ + union auth_iv_partial auth_iv_part; + /** Pre-prepared cipher IV. */ + union cipher_iv_partial cipher_iv_part; + /** Entity state variables. */ + struct entity_state state; + /** Flags. */ + struct { + /** PDCP PDU has 4 byte MAC-I. */ + uint64_t is_authenticated : 1; + /** Cipher offset & length in bits. */ + uint64_t is_ciph_in_bits : 1; + /** Auth offset & length in bits. */ + uint64_t is_auth_in_bits : 1; + /** Is UL/transmitting PDCP entity */ + uint64_t is_ul_entity : 1; + } flags; + /** Crypto op pool. */ + struct rte_mempool *cop_pool; + /** PDCP header size. */ + uint8_t hdr_sz; + /** PDCP AAD size. For AES-CMAC, additional message is prepended for the operation. */ + uint8_t aad_sz; + /** Device ID of the device to be used for offload. */ + uint8_t dev_id; +}; + +struct entity_priv_dl_part { + /* TODO - when in-order-delivery is supported, post PDCP packets would need to cached. */ + uint8_t dummy; +}; + +struct entity_priv_ul_part { + /* + * TODO - when re-establish is supported, both plain & post PDCP packets would need to be + * cached. + */ + uint8_t dummy; +}; + +static inline struct entity_priv * +entity_priv_get(const struct rte_pdcp_entity *entity) { + return RTE_PTR_ADD(entity, sizeof(struct rte_pdcp_entity)); +} + +static inline struct entity_priv_dl_part * +entity_dl_part_get(const struct rte_pdcp_entity *entity) { + return RTE_PTR_ADD(entity, sizeof(struct rte_pdcp_entity) + sizeof(struct entity_priv)); +} + +static inline struct entity_priv_ul_part * +entity_ul_part_get(const struct rte_pdcp_entity *entity) { + return RTE_PTR_ADD(entity, sizeof(struct rte_pdcp_entity) + sizeof(struct entity_priv)); +} + +static inline int +pdcp_hdr_size_get(enum rte_security_pdcp_sn_size sn_size) +{ + return RTE_ALIGN_MUL_CEIL(sn_size, 8) / 8; +} + +#endif /* _PDCP_ENTITY_H_ */ diff --git a/lib/pdcp/pdcp_process.c b/lib/pdcp/pdcp_process.c new file mode 100644 index 0000000000..282cf38ec4 --- /dev/null +++ b/lib/pdcp/pdcp_process.c @@ -0,0 +1,1195 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#include +#include +#include +#include +#include +#include + +#include "pdcp_crypto.h" +#include "pdcp_entity.h" +#include "pdcp_process.h" + +#define PDCP_MAC_I_LEN 4 + +/* Enum of supported algorithms for ciphering */ +enum pdcp_cipher_algo { + PDCP_CIPHER_ALGO_NULL, + PDCP_CIPHER_ALGO_AES, + PDCP_CIPHER_ALGO_ZUC, + PDCP_CIPHER_ALGO_SNOW3G, + PDCP_CIPHER_ALGO_MAX +}; + +/* Enum of supported algorithms for integrity */ +enum pdcp_auth_algo { + PDCP_AUTH_ALGO_NULL, + PDCP_AUTH_ALGO_AES, + PDCP_AUTH_ALGO_ZUC, + PDCP_AUTH_ALGO_SNOW3G, + PDCP_AUTH_ALGO_MAX +}; + +/* IV generation functions based on type of operation (cipher - auth) */ + +static void +pdcp_iv_gen_null_null(struct rte_crypto_op *cop, const struct entity_priv *en_priv, uint32_t count) +{ + /* No IV required for NULL cipher + NULL auth */ + RTE_SET_USED(cop); + RTE_SET_USED(en_priv); + RTE_SET_USED(count); +} + +static void +pdcp_iv_gen_null_aes_cmac(struct rte_crypto_op *cop, const struct entity_priv *en_priv, + uint32_t count) +{ + struct rte_crypto_sym_op *op = cop->sym; + struct rte_mbuf *mb = op->m_src; + uint8_t *m_ptr; + uint64_t m; + + /* AES-CMAC requires message to be prepended with info on count etc */ + + /* Prepend by 8 bytes to add custom message */ + m_ptr = (uint8_t *)rte_pktmbuf_prepend(mb, 8); + + m = en_priv->auth_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + + rte_memcpy(m_ptr, &m, 8); +} + +static void +pdcp_iv_gen_null_zs(struct rte_crypto_op *cop, const struct entity_priv *en_priv, uint32_t count) +{ + uint64_t iv_u64[2]; + uint8_t *iv; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + + iv_u64[0] = en_priv->auth_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(iv, &iv_u64[0], 8); + + iv_u64[1] = iv_u64[0] ^ en_priv->auth_iv_part.u64[1]; + rte_memcpy(iv + 8, &iv_u64[1], 8); +} + +static void +pdcp_iv_gen_aes_ctr_null(struct rte_crypto_op *cop, const struct entity_priv *en_priv, + uint32_t count) +{ + uint64_t iv_u64[2]; + uint8_t *iv; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + + iv_u64[0] = en_priv->cipher_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + iv_u64[1] = 0; + rte_memcpy(iv, iv_u64, 16); +} + +static void +pdcp_iv_gen_zs_null(struct rte_crypto_op *cop, const struct entity_priv *en_priv, uint32_t count) +{ + uint64_t iv_u64; + uint8_t *iv; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + + iv_u64 = en_priv->cipher_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(iv, &iv_u64, 8); + rte_memcpy(iv + 8, &iv_u64, 8); +} + +static void +pdcp_iv_gen_zs_zs(struct rte_crypto_op *cop, const struct entity_priv *en_priv, uint32_t count) +{ + uint64_t iv_u64[2]; + uint8_t *iv; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + + /* Generating cipher IV */ + iv_u64[0] = en_priv->cipher_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(iv, &iv_u64[0], 8); + rte_memcpy(iv + 8, &iv_u64[0], 8); + + iv += PDCP_IV_LENGTH; + + /* Generating auth IV */ + iv_u64[0] = en_priv->auth_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(iv, &iv_u64[0], 8); + + iv_u64[1] = iv_u64[0] ^ en_priv->auth_iv_part.u64[1]; + rte_memcpy(iv + 8, &iv_u64[1], 8); +} + +static void +pdcp_iv_gen_zs_aes_cmac(struct rte_crypto_op *cop, const struct entity_priv *en_priv, + uint32_t count) +{ + struct rte_crypto_sym_op *op = cop->sym; + struct rte_mbuf *mb = op->m_src; + uint8_t *m_ptr, *iv; + uint64_t iv_u64[2]; + uint64_t m; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + iv_u64[0] = en_priv->cipher_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(iv, &iv_u64[0], 8); + rte_memcpy(iv + 8, &iv_u64[0], 8); + + m_ptr = (uint8_t *)rte_pktmbuf_prepend(mb, 8); + m = en_priv->auth_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(m_ptr, &m, 8); +} + +static void +pdcp_iv_gen_aes_ctr_aes_cmac(struct rte_crypto_op *cop, const struct entity_priv *en_priv, + uint32_t count) +{ + struct rte_crypto_sym_op *op = cop->sym; + struct rte_mbuf *mb = op->m_src; + uint8_t *m_ptr, *iv; + uint64_t iv_u64[2]; + uint64_t m; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + + iv_u64[0] = en_priv->cipher_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + iv_u64[1] = 0; + rte_memcpy(iv, iv_u64, PDCP_IV_LENGTH); + + m_ptr = (uint8_t *)rte_pktmbuf_prepend(mb, 8); + m = en_priv->auth_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(m_ptr, &m, 8); +} + +static void +pdcp_iv_gen_aes_ctr_zs(struct rte_crypto_op *cop, const struct entity_priv *en_priv, uint32_t count) +{ + uint64_t iv_u64[2]; + uint8_t *iv; + + iv = rte_crypto_op_ctod_offset(cop, uint8_t *, PDCP_IV_OFFSET); + + iv_u64[0] = en_priv->cipher_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + iv_u64[1] = 0; + rte_memcpy(iv, iv_u64, PDCP_IV_LENGTH); + + iv += PDCP_IV_LENGTH; + + iv_u64[0] = en_priv->auth_iv_part.u64[0] | ((uint64_t)(rte_cpu_to_be_32(count))); + rte_memcpy(iv, &iv_u64[0], 8); + + iv_u64[1] = iv_u64[0] ^ en_priv->auth_iv_part.u64[1]; + rte_memcpy(iv + 8, &iv_u64[1], 8); +} + +static int +pdcp_crypto_xfrm_get(const struct rte_pdcp_entity_conf *conf, struct rte_crypto_sym_xform **c_xfrm, + struct rte_crypto_sym_xform **a_xfrm) +{ + *c_xfrm = NULL; + *a_xfrm = NULL; + + if (conf->crypto_xfrm == NULL) + return -EINVAL; + + if (conf->crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_CIPHER) { + *c_xfrm = conf->crypto_xfrm; + *a_xfrm = conf->crypto_xfrm->next; + } else if (conf->crypto_xfrm->type == RTE_CRYPTO_SYM_XFORM_AUTH) { + *a_xfrm = conf->crypto_xfrm; + *c_xfrm = conf->crypto_xfrm->next; + } else { + return -EINVAL; + } + + return 0; +} + +static int +pdcp_iv_gen_func_set(struct rte_pdcp_entity *entity, const struct rte_pdcp_entity_conf *conf) +{ + struct rte_crypto_sym_xform *c_xfrm, *a_xfrm; + enum rte_security_pdcp_direction direction; + enum pdcp_cipher_algo ciph_algo; + enum pdcp_auth_algo auth_algo; + struct entity_priv *en_priv; + int ret; + + en_priv = entity_priv_get(entity); + + direction = conf->pdcp_xfrm.pkt_dir; + if (conf->reverse_iv_direction) + direction = !direction; + + ret = pdcp_crypto_xfrm_get(conf, &c_xfrm, &a_xfrm); + if (ret) + return ret; + + if (c_xfrm == NULL) + return -EINVAL; + + memset(&en_priv->auth_iv_part, 0, sizeof(en_priv->auth_iv_part)); + memset(&en_priv->cipher_iv_part, 0, sizeof(en_priv->cipher_iv_part)); + + switch (c_xfrm->cipher.algo) { + case RTE_CRYPTO_CIPHER_NULL: + ciph_algo = PDCP_CIPHER_ALGO_NULL; + break; + case RTE_CRYPTO_CIPHER_AES_CTR: + ciph_algo = PDCP_CIPHER_ALGO_AES; + en_priv->cipher_iv_part.aes_ctr.bearer = conf->pdcp_xfrm.bearer; + en_priv->cipher_iv_part.aes_ctr.direction = direction; + break; + case RTE_CRYPTO_CIPHER_SNOW3G_UEA2: + ciph_algo = PDCP_CIPHER_ALGO_SNOW3G; + en_priv->cipher_iv_part.zs.bearer = conf->pdcp_xfrm.bearer; + en_priv->cipher_iv_part.zs.direction = direction; + break; + case RTE_CRYPTO_CIPHER_ZUC_EEA3: + ciph_algo = PDCP_CIPHER_ALGO_ZUC; + en_priv->cipher_iv_part.zs.bearer = conf->pdcp_xfrm.bearer; + en_priv->cipher_iv_part.zs.direction = direction; + break; + default: + return -ENOTSUP; + } + + if (a_xfrm != NULL) { + switch (a_xfrm->auth.algo) { + case RTE_CRYPTO_AUTH_NULL: + auth_algo = PDCP_AUTH_ALGO_NULL; + break; + case RTE_CRYPTO_AUTH_AES_CMAC: + auth_algo = PDCP_AUTH_ALGO_AES; + en_priv->auth_iv_part.aes_cmac.bearer = conf->pdcp_xfrm.bearer; + en_priv->auth_iv_part.aes_cmac.direction = direction; + break; + case RTE_CRYPTO_AUTH_SNOW3G_UIA2: + auth_algo = PDCP_AUTH_ALGO_SNOW3G; + en_priv->auth_iv_part.zs.bearer = conf->pdcp_xfrm.bearer; + en_priv->auth_iv_part.zs.direction_64 = direction; + en_priv->auth_iv_part.zs.direction_112 = direction; + break; + case RTE_CRYPTO_AUTH_ZUC_EIA3: + auth_algo = PDCP_AUTH_ALGO_ZUC; + en_priv->auth_iv_part.zs.bearer = conf->pdcp_xfrm.bearer; + en_priv->auth_iv_part.zs.direction_64 = direction; + en_priv->auth_iv_part.zs.direction_112 = direction; + break; + default: + return -ENOTSUP; + } + } else { + auth_algo = PDCP_AUTH_ALGO_NULL; + } + + static const iv_gen_t iv_gen_map[PDCP_CIPHER_ALGO_MAX][PDCP_AUTH_ALGO_MAX] = { + [PDCP_CIPHER_ALGO_NULL][PDCP_AUTH_ALGO_NULL] = pdcp_iv_gen_null_null, + [PDCP_CIPHER_ALGO_NULL][PDCP_AUTH_ALGO_AES] = pdcp_iv_gen_null_aes_cmac, + [PDCP_CIPHER_ALGO_NULL][PDCP_AUTH_ALGO_SNOW3G] = pdcp_iv_gen_null_zs, + [PDCP_CIPHER_ALGO_NULL][PDCP_AUTH_ALGO_ZUC] = pdcp_iv_gen_null_zs, + + [PDCP_CIPHER_ALGO_AES][PDCP_AUTH_ALGO_NULL] = pdcp_iv_gen_aes_ctr_null, + [PDCP_CIPHER_ALGO_AES][PDCP_AUTH_ALGO_AES] = pdcp_iv_gen_aes_ctr_aes_cmac, + [PDCP_CIPHER_ALGO_AES][PDCP_AUTH_ALGO_SNOW3G] = pdcp_iv_gen_aes_ctr_zs, + [PDCP_CIPHER_ALGO_AES][PDCP_AUTH_ALGO_ZUC] = pdcp_iv_gen_aes_ctr_zs, + + [PDCP_CIPHER_ALGO_SNOW3G][PDCP_AUTH_ALGO_NULL] = pdcp_iv_gen_zs_null, + [PDCP_CIPHER_ALGO_SNOW3G][PDCP_AUTH_ALGO_AES] = pdcp_iv_gen_zs_aes_cmac, + [PDCP_CIPHER_ALGO_SNOW3G][PDCP_AUTH_ALGO_SNOW3G] = pdcp_iv_gen_zs_zs, + [PDCP_CIPHER_ALGO_SNOW3G][PDCP_AUTH_ALGO_ZUC] = pdcp_iv_gen_zs_zs, + + [PDCP_CIPHER_ALGO_ZUC][PDCP_AUTH_ALGO_NULL] = pdcp_iv_gen_zs_null, + [PDCP_CIPHER_ALGO_ZUC][PDCP_AUTH_ALGO_AES] = pdcp_iv_gen_zs_aes_cmac, + [PDCP_CIPHER_ALGO_ZUC][PDCP_AUTH_ALGO_SNOW3G] = pdcp_iv_gen_zs_zs, + [PDCP_CIPHER_ALGO_ZUC][PDCP_AUTH_ALGO_ZUC] = pdcp_iv_gen_zs_zs, + }; + + en_priv->iv_gen = iv_gen_map[ciph_algo][auth_algo]; + + return 0; +} + +static inline void +cop_prepare(const struct entity_priv *en_priv, struct rte_mbuf *mb, struct rte_crypto_op *cop, + uint8_t data_offset, uint32_t count, const bool is_auth) +{ + const struct rte_crypto_op cop_init = { + .type = RTE_CRYPTO_OP_TYPE_SYMMETRIC, + .status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED, + .sess_type = RTE_CRYPTO_OP_WITH_SESSION, + }; + struct rte_crypto_sym_op *op; + uint32_t pkt_len; + + const uint8_t ciph_shift = 3 * en_priv->flags.is_ciph_in_bits; + const uint8_t auth_shift = 3 * en_priv->flags.is_auth_in_bits; + + op = cop->sym; + cop->raw = cop_init.raw; + op->m_src = mb; + op->m_dst = mb; + + /* Set IV */ + en_priv->iv_gen(cop, en_priv, count); + + /* Prepare op */ + pkt_len = rte_pktmbuf_pkt_len(mb); + op->cipher.data.offset = data_offset << ciph_shift; + op->cipher.data.length = (pkt_len - data_offset) << ciph_shift; + + if (is_auth) { + op->auth.data.offset = 0; + op->auth.data.length = (pkt_len - PDCP_MAC_I_LEN) << auth_shift; + op->auth.digest.data = rte_pktmbuf_mtod_offset(mb, uint8_t *, + (pkt_len - PDCP_MAC_I_LEN)); + } + + __rte_crypto_sym_op_attach_sym_session(op, en_priv->crypto_sess); +} + +static inline bool +pdcp_pre_process_uplane_sn_12_ul_set_sn(struct entity_priv *en_priv, struct rte_mbuf *mb, + uint32_t *count) +{ + struct rte_pdcp_up_data_pdu_sn_12_hdr *pdu_hdr; + const uint8_t hdr_sz = en_priv->hdr_sz; + uint32_t sn; + + /* Prepend PDU header */ + pdu_hdr = (struct rte_pdcp_up_data_pdu_sn_12_hdr *)rte_pktmbuf_prepend(mb, hdr_sz); + if (unlikely(pdu_hdr == NULL)) + return false; + + /* Update sequence num in the PDU header */ + *count = __atomic_fetch_add(&en_priv->state.tx_next, 1, __ATOMIC_RELAXED); + sn = PDCP_GET_SN_12_FROM_COUNT(*count); + + pdu_hdr->d_c = PDCP_PDU_TYPE_DATA; + pdu_hdr->sn_11_8 = ((sn & 0xf00) >> 8); + pdu_hdr->sn_7_0 = (sn & 0xff); + pdu_hdr->r = 0; + return true; +} + +static uint16_t +pdcp_pre_process_uplane_sn_12_ul(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + uint16_t nb_cop; + uint32_t count; + int i; + + const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz; + + nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop, + num); + + if (en_priv->flags.is_authenticated) { + for (i = 0; i < nb_cop; i++) { + if (unlikely(rte_pktmbuf_append(mb[i], PDCP_MAC_I_LEN) == NULL)) + goto cop_free; + if (unlikely(!pdcp_pre_process_uplane_sn_12_ul_set_sn(en_priv, mb[i], + &count))) + goto cop_free; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, true); + } + } else { + for (i = 0; i < nb_cop; i++) { + if (unlikely(!pdcp_pre_process_uplane_sn_12_ul_set_sn(en_priv, mb[i], + &count))) + goto cop_free; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, false); + } + } + + *nb_err = num - nb_cop; + return nb_cop; +cop_free: + /* Using mempool API since crypto API is not providing bulk free */ + rte_mempool_put_bulk(en_priv->cop_pool, (void *)&cop[i], nb_cop - i); + *nb_err = num - i; + return i; +} + +static inline bool +pdcp_pre_process_uplane_sn_18_ul_set_sn(struct entity_priv *en_priv, struct rte_mbuf *mb, + uint32_t *count) +{ + struct rte_pdcp_up_data_pdu_sn_18_hdr *pdu_hdr; + const uint8_t hdr_sz = en_priv->hdr_sz; + uint32_t sn; + + /* Prepend PDU header */ + pdu_hdr = (struct rte_pdcp_up_data_pdu_sn_18_hdr *)rte_pktmbuf_prepend(mb, hdr_sz); + if (unlikely(pdu_hdr == NULL)) + return false; + + /* Update sequence num in the PDU header */ + *count = __atomic_fetch_add(&en_priv->state.tx_next, 1, __ATOMIC_RELAXED); + sn = PDCP_GET_SN_18_FROM_COUNT(*count); + + pdu_hdr->d_c = PDCP_PDU_TYPE_DATA; + pdu_hdr->sn_17_16 = ((sn & 0x30000) >> 16); + pdu_hdr->sn_15_8 = ((sn & 0xff00) >> 8); + pdu_hdr->sn_7_0 = (sn & 0xff); + pdu_hdr->r = 0; + + return true; +} + +static inline uint16_t +pdcp_pre_process_uplane_sn_18_ul(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + uint16_t nb_cop; + uint32_t count; + int i; + + const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz; + + nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop, + num); + + if (en_priv->flags.is_authenticated) { + for (i = 0; i < nb_cop; i++) { + if (unlikely(rte_pktmbuf_append(mb[i], PDCP_MAC_I_LEN) == NULL)) + goto cop_free; + if (unlikely(!pdcp_pre_process_uplane_sn_18_ul_set_sn(en_priv, mb[i], + &count))) + goto cop_free; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, true); + } + } else { + for (i = 0; i < nb_cop; i++) { + if (unlikely(!pdcp_pre_process_uplane_sn_18_ul_set_sn(en_priv, mb[i], + &count))) + goto cop_free; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, false); + } + } + + *nb_err = num - nb_cop; + return nb_cop; + +cop_free: + /* Using mempool API since crypto API is not providing bulk free */ + rte_mempool_put_bulk(en_priv->cop_pool, (void *)&cop[i], nb_cop - i); + *nb_err = num - i; + return i; +} + +static uint16_t +pdcp_pre_process_cplane_sn_12_ul(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_cp_data_pdu_sn_12_hdr *pdu_hdr; + uint32_t count, sn; + uint16_t nb_cop; + int i; + + const uint8_t hdr_sz = en_priv->hdr_sz; + const uint8_t data_offset = hdr_sz + en_priv->aad_sz; + + nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop, + num); + + for (i = 0; i < nb_cop; i++) { + /* Prepend PDU header */ + pdu_hdr = (struct rte_pdcp_cp_data_pdu_sn_12_hdr *)rte_pktmbuf_prepend(mb[i], + hdr_sz); + if (unlikely(pdu_hdr == NULL)) + goto cop_free; + if (unlikely(rte_pktmbuf_append(mb[i], PDCP_MAC_I_LEN) == NULL)) + goto cop_free; + + /* Update sequence number in the PDU header */ + count = __atomic_fetch_add(&en_priv->state.tx_next, 1, __ATOMIC_RELAXED); + sn = PDCP_GET_SN_12_FROM_COUNT(count); + + pdu_hdr->sn_11_8 = ((sn & 0xf00) >> 8); + pdu_hdr->sn_7_0 = (sn & 0xff); + pdu_hdr->r = 0; + + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, true); + } + + *nb_err = num - nb_cop; + return nb_cop; + +cop_free: + /* Using mempool API since crypto API is not providing bulk free */ + rte_mempool_put_bulk(en_priv->cop_pool, (void *)&cop[i], nb_cop - i); + *nb_err = num - i; + return i; +} + +static uint16_t +pdcp_post_process_uplane_sn_12_ul(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err_ret) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + const uint32_t hdr_trim_sz = en_priv->aad_sz; + int i, nb_success = 0, nb_err = 0; + struct rte_mbuf *err_mb[num]; + struct rte_mbuf *mb; + + for (i = 0; i < num; i++) { + mb = in_mb[i]; + if (unlikely(mb->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) { + err_mb[nb_err++] = mb; + continue; + } + + if (hdr_trim_sz) + rte_pktmbuf_adj(mb, hdr_trim_sz); + + out_mb[nb_success++] = mb; + } + + if (unlikely(nb_err != 0)) + rte_memcpy(&out_mb[nb_success], err_mb, nb_err * sizeof(struct rte_mbuf *)); + + *nb_err_ret = nb_err; + return nb_success; +} + +static uint16_t +pdcp_post_process_uplane_sn_18_ul(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err_ret) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + const uint32_t hdr_trim_sz = en_priv->aad_sz; + int i, nb_success = 0, nb_err = 0; + struct rte_mbuf *err_mb[num]; + struct rte_mbuf *mb; + + for (i = 0; i < num; i++) { + mb = in_mb[i]; + if (unlikely(mb->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) { + err_mb[nb_err++] = mb; + continue; + } + + if (hdr_trim_sz) + rte_pktmbuf_adj(mb, hdr_trim_sz); + + out_mb[nb_success++] = mb; + } + + if (unlikely(nb_err != 0)) + rte_memcpy(&out_mb[nb_success], err_mb, nb_err * sizeof(struct rte_mbuf *)); + + *nb_err_ret = nb_err; + return nb_success; +} + +static uint16_t +pdcp_post_process_cplane_sn_12_ul(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err_ret) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + const uint32_t hdr_trim_sz = en_priv->aad_sz; + int i, nb_success = 0, nb_err = 0; + struct rte_mbuf *mb, *err_mb[num]; + + for (i = 0; i < num; i++) { + mb = in_mb[i]; + if (unlikely(mb->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) { + err_mb[nb_err++] = mb; + continue; + } + + if (hdr_trim_sz) + rte_pktmbuf_adj(mb, hdr_trim_sz); + + out_mb[nb_success++] = mb; + } + + if (unlikely(nb_err != 0)) + rte_memcpy(&out_mb[nb_success], err_mb, nb_err * sizeof(struct rte_mbuf *)); + + *nb_err_ret = nb_err; + return nb_success; +} + +static inline int +pdcp_sn_18_count_get(const struct rte_pdcp_entity *entity, int32_t rsn, uint32_t *count) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + uint32_t rhfn, rx_deliv; + + rx_deliv = __atomic_load_n(&en_priv->state.rx_deliv, __ATOMIC_RELAXED); + rhfn = PDCP_GET_HFN_SN_18_FROM_COUNT(rx_deliv); + + if (rsn < (int32_t)(PDCP_GET_SN_18_FROM_COUNT(rx_deliv) - PDCP_SN_18_WINDOW_SZ)) { + if (unlikely(rhfn == PDCP_SN_18_HFN_MAX)) + return -ERANGE; + rhfn += 1; + } else if ((uint32_t)rsn >= (PDCP_GET_SN_18_FROM_COUNT(rx_deliv) + PDCP_SN_18_WINDOW_SZ)) { + if (unlikely(rhfn == PDCP_SN_18_HFN_MIN)) + return -ERANGE; + rhfn -= 1; + } + + *count = PDCP_SET_COUNT_FROM_HFN_SN_18(rhfn, rsn); + + return 0; +} + +static inline int +pdcp_sn_12_count_get(const struct rte_pdcp_entity *entity, int32_t rsn, uint32_t *count) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + uint32_t rhfn, rx_deliv; + + rx_deliv = __atomic_load_n(&en_priv->state.rx_deliv, __ATOMIC_RELAXED); + rhfn = PDCP_GET_HFN_SN_12_FROM_COUNT(rx_deliv); + + if (rsn < (int32_t)(PDCP_GET_SN_12_FROM_COUNT(rx_deliv) - PDCP_SN_12_WINDOW_SZ)) { + if (unlikely(rhfn == PDCP_SN_12_HFN_MAX)) + return -ERANGE; + rhfn += 1; + } else if ((uint32_t)rsn >= (PDCP_GET_SN_12_FROM_COUNT(rx_deliv) + PDCP_SN_12_WINDOW_SZ)) { + if (unlikely(rhfn == PDCP_SN_12_HFN_MIN)) + return -ERANGE; + rhfn -= 1; + } + + *count = PDCP_SET_COUNT_FROM_HFN_SN_12(rhfn, rsn); + + return 0; +} + +static inline uint16_t +pdcp_pre_process_uplane_sn_12_dl_flags(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err, + const bool is_integ_protected) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_up_data_pdu_sn_12_hdr *pdu_hdr; + uint16_t nb_cop; + int32_t rsn = 0; + uint32_t count; + int i; + + const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz; + + nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop, + num); + + for (i = 0; i < nb_cop; i++) { + + pdu_hdr = rte_pktmbuf_mtod(mb[i], struct rte_pdcp_up_data_pdu_sn_12_hdr *); + + /* Check for PDU type */ + if (likely(pdu_hdr->d_c == PDCP_PDU_TYPE_DATA)) + rsn = ((pdu_hdr->sn_11_8 << 8) | (pdu_hdr->sn_7_0)); + else + rte_panic("TODO: Control PDU not handled"); + + if (unlikely(pdcp_sn_12_count_get(entity, rsn, &count))) + break; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, is_integ_protected); + } + + *nb_err = num - nb_cop; + + return nb_cop; +} + +static uint16_t +pdcp_pre_process_uplane_sn_12_dl_ip(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + return pdcp_pre_process_uplane_sn_12_dl_flags(entity, mb, cop, num, nb_err, true); +} + +static uint16_t +pdcp_pre_process_uplane_sn_12_dl(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + return pdcp_pre_process_uplane_sn_12_dl_flags(entity, mb, cop, num, nb_err, false); +} + +static inline uint16_t +pdcp_pre_process_uplane_sn_18_dl_flags(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err, + const bool is_integ_protected) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_up_data_pdu_sn_18_hdr *pdu_hdr; + uint16_t nb_cop; + int32_t rsn = 0; + uint32_t count; + int i; + + const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz; + nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop, + num); + + for (i = 0; i < nb_cop; i++) { + pdu_hdr = rte_pktmbuf_mtod(mb[i], struct rte_pdcp_up_data_pdu_sn_18_hdr *); + + /* Check for PDU type */ + if (likely(pdu_hdr->d_c == PDCP_PDU_TYPE_DATA)) + rsn = ((pdu_hdr->sn_17_16 << 16) | (pdu_hdr->sn_15_8 << 8) | + (pdu_hdr->sn_7_0)); + else + rte_panic("TODO: Control PDU not handled"); + + if (unlikely(pdcp_sn_18_count_get(entity, rsn, &count))) + break; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, is_integ_protected); + } + + *nb_err = num - nb_cop; + + return nb_cop; +} + +static uint16_t +pdcp_pre_process_uplane_sn_18_dl_ip(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + return pdcp_pre_process_uplane_sn_18_dl_flags(entity, mb, cop, num, nb_err, true); +} + +static uint16_t +pdcp_pre_process_uplane_sn_18_dl(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + return pdcp_pre_process_uplane_sn_18_dl_flags(entity, mb, cop, num, nb_err, false); +} + +static uint16_t +pdcp_pre_process_cplane_sn_12_dl(const struct rte_pdcp_entity *entity, struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], uint16_t num, uint16_t *nb_err) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_cp_data_pdu_sn_12_hdr *pdu_hdr; + uint16_t nb_cop; + uint32_t count; + int32_t rsn; + int i; + + const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz; + + nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool, RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop, + num); + + for (i = 0; i < nb_cop; i++) { + pdu_hdr = rte_pktmbuf_mtod(mb[i], struct rte_pdcp_cp_data_pdu_sn_12_hdr *); + rsn = ((pdu_hdr->sn_11_8 << 8) | (pdu_hdr->sn_7_0)); + if (unlikely(pdcp_sn_12_count_get(entity, rsn, &count))) + break; + cop_prepare(en_priv, mb[i], cop[i], data_offset, count, true); + } + + *nb_err = num - nb_cop; + return nb_cop; +} + +static inline bool +pdcp_post_process_update_entity_state(const struct rte_pdcp_entity *entity, + const uint32_t count) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + + if (count < __atomic_load_n(&en_priv->state.rx_deliv, __ATOMIC_RELAXED)) + return false; + + /* t-Reordering timer is not supported - SDU will be delivered immediately. + * Update RX_DELIV to the COUNT value of the first PDCP SDU which has not + * been delivered to upper layers + */ + __atomic_store_n(&en_priv->state.rx_deliv, (count + 1), __ATOMIC_RELAXED); + + if (count >= __atomic_load_n(&en_priv->state.rx_next, __ATOMIC_RELAXED)) + __atomic_store_n(&en_priv->state.rx_next, (count + 1), __ATOMIC_RELAXED); + + return true; +} + +static inline uint16_t +pdcp_post_process_uplane_sn_12_dl_flags(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err_ret, + const bool is_integ_protected) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_up_data_pdu_sn_12_hdr *pdu_hdr; + int i, nb_success = 0, nb_err = 0, rsn = 0; + const uint32_t aad_sz = en_priv->aad_sz; + struct rte_mbuf *err_mb[num]; + struct rte_mbuf *mb; + uint32_t count; + + const uint32_t hdr_trim_sz = en_priv->hdr_sz + aad_sz; + + for (i = 0; i < num; i++) { + mb = in_mb[i]; + if (unlikely(mb->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) + goto error; + pdu_hdr = rte_pktmbuf_mtod_offset(mb, struct rte_pdcp_up_data_pdu_sn_12_hdr *, + aad_sz); + + /* Check for PDU type */ + if (likely(pdu_hdr->d_c == PDCP_PDU_TYPE_DATA)) + rsn = ((pdu_hdr->sn_11_8 << 8) | (pdu_hdr->sn_7_0)); + else + rte_panic("Control PDU should not be received"); + + if (unlikely(pdcp_sn_12_count_get(entity, rsn, &count))) + goto error; + + if (unlikely(!pdcp_post_process_update_entity_state(entity, count))) + goto error; + + rte_pktmbuf_adj(mb, hdr_trim_sz); + if (is_integ_protected) + rte_pktmbuf_trim(mb, PDCP_MAC_I_LEN); + out_mb[nb_success++] = mb; + continue; + +error: + err_mb[nb_err++] = mb; + } + + if (unlikely(nb_err != 0)) + rte_memcpy(&out_mb[nb_success], err_mb, nb_err * sizeof(struct rte_mbuf *)); + + *nb_err_ret = nb_err; + return nb_success; +} + +static uint16_t +pdcp_post_process_uplane_sn_12_dl_ip(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err) +{ + return pdcp_post_process_uplane_sn_12_dl_flags(entity, in_mb, out_mb, num, nb_err, true); +} + +static uint16_t +pdcp_post_process_uplane_sn_12_dl(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err) +{ + return pdcp_post_process_uplane_sn_12_dl_flags(entity, in_mb, out_mb, num, nb_err, false); +} + +static inline uint16_t +pdcp_post_process_uplane_sn_18_dl_flags(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err_ret, + const bool is_integ_protected) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_up_data_pdu_sn_18_hdr *pdu_hdr; + const uint32_t aad_sz = en_priv->aad_sz; + int i, nb_success = 0, nb_err = 0; + struct rte_mbuf *mb, *err_mb[num]; + int32_t rsn = 0; + uint32_t count; + + const uint32_t hdr_trim_sz = en_priv->hdr_sz + aad_sz; + + for (i = 0; i < num; i++) { + mb = in_mb[i]; + if (unlikely(mb->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) + goto error; + + pdu_hdr = rte_pktmbuf_mtod_offset(mb, struct rte_pdcp_up_data_pdu_sn_18_hdr *, + aad_sz); + + /* Check for PDU type */ + if (likely(pdu_hdr->d_c == PDCP_PDU_TYPE_DATA)) + rsn = ((pdu_hdr->sn_17_16 << 16) | (pdu_hdr->sn_15_8 << 8) | + (pdu_hdr->sn_7_0)); + else + rte_panic("Control PDU should not be received"); + + if (unlikely(pdcp_sn_18_count_get(entity, rsn, &count))) + goto error; + + if (unlikely(!pdcp_post_process_update_entity_state(entity, count))) + goto error; + + rte_pktmbuf_adj(mb, hdr_trim_sz); + if (is_integ_protected) + rte_pktmbuf_trim(mb, PDCP_MAC_I_LEN); + out_mb[nb_success++] = mb; + continue; + +error: + err_mb[nb_err++] = mb; + } + + if (unlikely(nb_err != 0)) + rte_memcpy(&out_mb[nb_success], err_mb, nb_err * sizeof(struct rte_mbuf *)); + + *nb_err_ret = nb_err; + return nb_success; +} + +static uint16_t +pdcp_post_process_uplane_sn_18_dl_ip(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err) +{ + return pdcp_post_process_uplane_sn_18_dl_flags(entity, in_mb, out_mb, num, nb_err, true); +} + +static uint16_t +pdcp_post_process_uplane_sn_18_dl(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err) +{ + return pdcp_post_process_uplane_sn_18_dl_flags(entity, in_mb, out_mb, num, nb_err, false); +} + +static uint16_t +pdcp_post_process_cplane_sn_12_dl(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err_ret) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + struct rte_pdcp_cp_data_pdu_sn_12_hdr *pdu_hdr; + const uint32_t aad_sz = en_priv->aad_sz; + int i, nb_success = 0, nb_err = 0; + struct rte_mbuf *err_mb[num]; + struct rte_mbuf *mb; + uint32_t count; + int32_t rsn; + + const uint32_t hdr_trim_sz = en_priv->hdr_sz + aad_sz; + + for (i = 0; i < num; i++) { + mb = in_mb[i]; + if (unlikely(mb->ol_flags & RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED)) + goto error; + + pdu_hdr = rte_pktmbuf_mtod_offset(mb, struct rte_pdcp_cp_data_pdu_sn_12_hdr *, + aad_sz); + rsn = ((pdu_hdr->sn_11_8 << 8) | (pdu_hdr->sn_7_0)); + + if (unlikely(pdcp_sn_12_count_get(entity, rsn, &count))) + goto error; + + if (unlikely(!pdcp_post_process_update_entity_state(entity, count))) + goto error; + + rte_pktmbuf_adj(mb, hdr_trim_sz); + rte_pktmbuf_trim(mb, PDCP_MAC_I_LEN); + out_mb[nb_success++] = mb; + continue; + +error: + err_mb[nb_err++] = mb; + } + + if (unlikely(nb_err != 0)) + rte_memcpy(&out_mb[nb_success], err_mb, nb_err * sizeof(struct rte_mbuf *)); + + *nb_err_ret = nb_err; + return nb_success; +} + +static int +pdcp_pre_process_func_set(struct rte_pdcp_entity *entity, const struct rte_pdcp_entity_conf *conf) +{ + struct entity_priv *en_priv = entity_priv_get(entity); + + entity->pre_process = NULL; + entity->post_process = NULL; + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_CONTROL) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_12) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK)) { + entity->pre_process = pdcp_pre_process_cplane_sn_12_ul; + entity->post_process = pdcp_post_process_cplane_sn_12_ul; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_CONTROL) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_12) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK)) { + entity->pre_process = pdcp_pre_process_cplane_sn_12_dl; + entity->post_process = pdcp_post_process_cplane_sn_12_dl; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_DATA) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_12) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK)) { + entity->pre_process = pdcp_pre_process_uplane_sn_12_ul; + entity->post_process = pdcp_post_process_uplane_sn_12_ul; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_DATA) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_18) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK)) { + entity->pre_process = pdcp_pre_process_uplane_sn_18_ul; + entity->post_process = pdcp_post_process_uplane_sn_18_ul; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_DATA) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_12) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) && + (en_priv->flags.is_authenticated)) { + entity->pre_process = pdcp_pre_process_uplane_sn_12_dl_ip; + entity->post_process = pdcp_post_process_uplane_sn_12_dl_ip; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_DATA) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_12) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) && + (!en_priv->flags.is_authenticated)) { + entity->pre_process = pdcp_pre_process_uplane_sn_12_dl; + entity->post_process = pdcp_post_process_uplane_sn_12_dl; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_DATA) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_18) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) && + (en_priv->flags.is_authenticated)) { + entity->pre_process = pdcp_pre_process_uplane_sn_18_dl_ip; + entity->post_process = pdcp_post_process_uplane_sn_18_dl_ip; + } + + if ((conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_DATA) && + (conf->pdcp_xfrm.sn_size == RTE_SECURITY_PDCP_SN_SIZE_18) && + (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) && + (!en_priv->flags.is_authenticated)) { + entity->pre_process = pdcp_pre_process_uplane_sn_18_dl; + entity->post_process = pdcp_post_process_uplane_sn_18_dl; + } + + if (entity->pre_process == NULL || entity->post_process == NULL) + return -ENOTSUP; + + return 0; +} + +static int +pdcp_entity_priv_populate(struct entity_priv *en_priv, const struct rte_pdcp_entity_conf *conf) +{ + struct rte_crypto_sym_xform *c_xfrm, *a_xfrm; + int ret; + + /** + * flags.is_authenticated + * + * MAC-I would be added in case of control plane packets and when authentication + * transform is not NULL. + */ + + if (conf->pdcp_xfrm.domain == RTE_SECURITY_PDCP_MODE_CONTROL) + en_priv->flags.is_authenticated = 1; + + ret = pdcp_crypto_xfrm_get(conf, &c_xfrm, &a_xfrm); + if (ret) + return ret; + + if (a_xfrm != NULL) + en_priv->flags.is_authenticated = 1; + + /** + * flags.is_ciph_in_bits + * + * For ZUC & SNOW3G cipher algos, offset & length need to be provided in bits. + */ + + if ((c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2) || + (c_xfrm->cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3)) + en_priv->flags.is_ciph_in_bits = 1; + + /** + * flags.is_auth_in_bits + * + * For ZUC & SNOW3G authentication algos, offset & length need to be provided in bits. + */ + + if (a_xfrm != NULL) { + if ((a_xfrm->auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2) || + (a_xfrm->auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3)) + en_priv->flags.is_auth_in_bits = 1; + } + + /** + * flags.is_ul_entity + * + * Indicate whether the entity is UL/transmitting PDCP entity. + */ + if (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) + en_priv->flags.is_ul_entity = 1; + + /** + * hdr_sz + * + * PDCP header size of the entity + */ + en_priv->hdr_sz = pdcp_hdr_size_get(conf->pdcp_xfrm.sn_size); + + /** + * aad_sz + * + * For AES-CMAC, additional message is prepended for processing. Need to be trimmed after + * crypto processing is done. + */ + if (a_xfrm != NULL && a_xfrm->auth.algo == RTE_CRYPTO_AUTH_AES_CMAC) + en_priv->aad_sz = 8; + else + en_priv->aad_sz = 0; + + return 0; +} + +int +pdcp_process_func_set(struct rte_pdcp_entity *entity, const struct rte_pdcp_entity_conf *conf) +{ + struct entity_priv *en_priv; + int ret; + + if (entity == NULL || conf == NULL) + return -EINVAL; + + en_priv = entity_priv_get(entity); + + ret = pdcp_iv_gen_func_set(entity, conf); + if (ret) + return ret; + + ret = pdcp_entity_priv_populate(en_priv, conf); + if (ret) + return ret; + + ret = pdcp_pre_process_func_set(entity, conf); + if (ret) + return ret; + + return 0; +} diff --git a/lib/pdcp/pdcp_process.h b/lib/pdcp/pdcp_process.h new file mode 100644 index 0000000000..c92ab34c40 --- /dev/null +++ b/lib/pdcp/pdcp_process.h @@ -0,0 +1,13 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#ifndef _PDCP_PROCESS_H_ +#define _PDCP_PROCESS_H_ + +#include + +int +pdcp_process_func_set(struct rte_pdcp_entity *entity, const struct rte_pdcp_entity_conf *conf); + +#endif /* _PDCP_PROCESS_H_ */ diff --git a/lib/pdcp/rte_pdcp.c b/lib/pdcp/rte_pdcp.c new file mode 100644 index 0000000000..b1533971c2 --- /dev/null +++ b/lib/pdcp/rte_pdcp.c @@ -0,0 +1,136 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#include +#include + +#include "pdcp_crypto.h" +#include "pdcp_entity.h" +#include "pdcp_process.h" + +static int +pdcp_entity_size_get(const struct rte_pdcp_entity_conf *conf) +{ + int size; + + size = sizeof(struct rte_pdcp_entity) + sizeof(struct entity_priv); + + if (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) + size += sizeof(struct entity_priv_dl_part); + else if (conf->pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) + size += sizeof(struct entity_priv_ul_part); + else + return -EINVAL; + + return RTE_ALIGN_CEIL(size, RTE_CACHE_LINE_SIZE); +} + +struct rte_pdcp_entity * +rte_pdcp_entity_establish(const struct rte_pdcp_entity_conf *conf) +{ + struct rte_pdcp_entity *entity = NULL; + struct entity_priv *en_priv; + int ret; + + if (conf == NULL || conf->cop_pool == NULL) { + rte_errno = -EINVAL; + return NULL; + } + + if (conf->pdcp_xfrm.en_ordering || conf->pdcp_xfrm.remove_duplicates || conf->is_slrb || + conf->en_sec_offload) { + rte_errno = -ENOTSUP; + return NULL; + } + + /* + * 6.3.2 PDCP SN + * Length: 12 or 18 bits as indicated in table 6.3.2-1. The length of the PDCP SN is + * configured by upper layers (pdcp-SN-SizeUL, pdcp-SN-SizeDL, or sl-PDCP-SN-Size in + * TS 38.331 [3]) + */ + if ((conf->pdcp_xfrm.sn_size != RTE_SECURITY_PDCP_SN_SIZE_12) && + (conf->pdcp_xfrm.sn_size != RTE_SECURITY_PDCP_SN_SIZE_18)) { + rte_errno = -ENOTSUP; + return NULL; + } + + if (conf->pdcp_xfrm.hfn || conf->pdcp_xfrm.hfn_threshold) { + rte_errno = -EINVAL; + return NULL; + } + + entity = rte_zmalloc_socket("pdcp_entity", pdcp_entity_size_get(conf), + RTE_CACHE_LINE_SIZE, SOCKET_ID_ANY); + if (entity == NULL) { + rte_errno = -ENOMEM; + return NULL; + } + + en_priv = entity_priv_get(entity); + + en_priv->state.rx_deliv = conf->count; + en_priv->state.tx_next = conf->count; + en_priv->cop_pool = conf->cop_pool; + + /* Setup crypto session */ + ret = pdcp_crypto_sess_create(entity, conf); + if (ret) + goto entity_free; + + ret = pdcp_process_func_set(entity, conf); + if (ret) + goto crypto_sess_destroy; + + return entity; + +crypto_sess_destroy: + pdcp_crypto_sess_destroy(entity); +entity_free: + rte_free(entity); + rte_errno = ret; + return NULL; +} + +int +rte_pdcp_entity_release(struct rte_pdcp_entity *pdcp_entity, struct rte_mbuf *out_mb[]) +{ + int ret; + + if (pdcp_entity == NULL) + return -EINVAL; + + /* Teardown crypto sessions */ + ret = pdcp_crypto_sess_destroy(pdcp_entity); + if (ret) + return ret; + + rte_free(pdcp_entity); + + RTE_SET_USED(out_mb); + return 0; +} + +int +rte_pdcp_entity_suspend(struct rte_pdcp_entity *pdcp_entity, + struct rte_mbuf *out_mb[]) +{ + struct entity_priv *en_priv; + + if (pdcp_entity == NULL) + return -EINVAL; + + en_priv = entity_priv_get(pdcp_entity); + + if (en_priv->flags.is_ul_entity) { + en_priv->state.tx_next = 0; + } else { + en_priv->state.rx_next = 0; + en_priv->state.rx_deliv = 0; + } + + RTE_SET_USED(out_mb); + + return 0; +} diff --git a/lib/pdcp/rte_pdcp.h b/lib/pdcp/rte_pdcp.h new file mode 100644 index 0000000000..b6c7f32c05 --- /dev/null +++ b/lib/pdcp/rte_pdcp.h @@ -0,0 +1,263 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#ifndef _RTE_PDCP_H_ +#define _RTE_PDCP_H_ + +/** + * @file rte_pdcp.h + * + * RTE PDCP support. + * + * librte_pdcp provides a framework for PDCP protocol processing. + */ + +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* Forward declarations */ +struct rte_pdcp_entity; + +/* PDCP pre-process function based on entity configuration */ +typedef uint16_t (*rte_pdcp_pre_p_t)(const struct rte_pdcp_entity *entity, + struct rte_mbuf *mb[], + struct rte_crypto_op *cop[], + uint16_t num, uint16_t *nb_err); + +/* PDCP post-process function based on entity configuration */ +typedef uint16_t (*rte_pdcp_post_p_t)(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err); + +/** + * PDCP entity. + */ +struct rte_pdcp_entity { + /** Entity specific pre-process handle. */ + rte_pdcp_pre_p_t pre_process; + /** Entity specific post-process handle. */ + rte_pdcp_post_p_t post_process; + /** + * PDCP entities may hold packets for purposes of in-order delivery (in + * case of receiving PDCP entity) and re-transmission (in case of + * transmitting PDCP entity). + * + * For receiving PDCP entity, it may hold packets when in-order + * delivery is enabled. The packets would be cached until either a + * packet that completes the sequence arrives or when discard timer + * expires. + * + * When post-processing of PDCP packet which completes a sequence is + * done, the API may return more packets than enqueued. Application is + * expected to provide *rte_pdcp_pkt_post_process()* with *out_mb* + * which can hold maximum number of packets which may be returned. + * + * For transmitting PDCP entity, during re-establishment (5.1.2), + * entity may be required to perform re-transmission of the buffers + * after applying new ciphering & integrity algorithms. For performing + * crypto operation, *rte_pdcp_entity_re_establish()* would return as + * many crypto_ops as the ones cached. + */ + uint16_t max_pkt_cache; + /** User area for saving application data. */ + uint64_t user_area[2]; +} __rte_cache_aligned; + +/** + * PDCP entity configuration to be used for establishing an entity. + */ +struct rte_pdcp_entity_conf { + /** PDCP transform for the entity. */ + struct rte_security_pdcp_xform pdcp_xfrm; + /** Crypto transform applicable for the entity. */ + struct rte_crypto_sym_xform *crypto_xfrm; + /** Mempool for crypto symmetric session. */ + struct rte_mempool *sess_mpool; + /** Crypto op pool.*/ + struct rte_mempool *cop_pool; + /** + * 32 bit count value (HFN + SN) to be used for the first packet. + * pdcp_xfrm.hfn would be ignored as the HFN would be derived from this value. + */ + uint32_t count; + /** Indicate whether the PDCP entity belongs to Side Link Radio Bearer. */ + bool is_slrb; + /** Enable security offload on the device specified. */ + bool en_sec_offload; + /** Enable non-atomic usage of entity. */ + bool en_non_atomic; + /** Device on which security/crypto session need to be created. */ + uint8_t dev_id; + /** Reverse direction during IV generation. Can be used to simulate UE crypto processing.*/ + bool reverse_iv_direction; +}; + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * 5.1.1 PDCP entity establishment + * + * Establish PDCP entity based on provided input configuration. + * + * @param conf + * Parameters to be used for initializing PDCP entity object. + * @return + * - Valid handle if success + * - NULL in case of failure. rte_errno will be set to error code + */ +__rte_experimental +struct rte_pdcp_entity * +rte_pdcp_entity_establish(const struct rte_pdcp_entity_conf *conf); + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * 5.1.3 PDCP entity release + * + * Release PDCP entity. + * + * For UL/transmitting PDCP entity, all stored PDCP SDUs would be dropped. + * For DL/receiving PDCP entity, the stored PDCP SDUs would be returned in + * *out_mb* buffer. The buffer should be large enough to hold all cached + * packets in the entity. + * + * @param pdcp_entity + * Pointer to the PDCP entity to be released. + * @param[out] out_mb + * The address of an array that can hold up to *rte_pdcp_entity.max_pkt_cache* + * pointers to *rte_mbuf* structures. + * @return + * - 0: Success and no cached packets to return + * - >0: Success and the number of packets returned in out_mb + * - <0: Error code in case of failures + */ +__rte_experimental +int +rte_pdcp_entity_release(struct rte_pdcp_entity *pdcp_entity, + struct rte_mbuf *out_mb[]); + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * 5.1.4 PDCP entity suspend + * + * Suspend PDCP entity. + * + * For DL/receiving PDCP entity, the stored PDCP SDUs would be returned in + * *out_mb* buffer. The buffer should be large enough to hold all cached + * packets in the entity. + * + * For UL/transmitting PDCP entity, *out_mb* buffer would be unused. + * + * @param pdcp_entity + * Pointer to the PDCP entity to be suspended. + * @param[out] out_mb + * The address of an array that can hold up to *rte_pdcp_entity.max_pkt_cache* + * pointers to *rte_mbuf* structures. + * @return + * - 0: Success and no cached packets to return + * - >0: Success and the number of packets returned in out_mb + * - <0: Error code in case of failures + */ +__rte_experimental +int +rte_pdcp_entity_suspend(struct rte_pdcp_entity *pdcp_entity, + struct rte_mbuf *out_mb[]); + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * For input mbufs and given PDCP entity pre-process the mbufs and prepare + * crypto ops that can be enqueued to the cryptodev associated with given + * session. Only error packets would be moved returned in the input buffer, + * *mb*, and it is the responsibility of the application to free the same. + * + * @param entity + * Pointer to the *rte_pdcp_entity* object the packets belong to. + * @param[in, out] mb + * The address of an array of *num* pointers to *rte_mbuf* structures + * which contain the input packets. Any error packets would be returned in the + * same buffer. + * @param[out] cop + * The address of an array that can hold up to *num* pointers to + * *rte_crypto_op* structures. Crypto ops would be allocated by + * ``rte_pdcp_pkt_pre_process`` API. + * @param num + * The maximum number of packets to process. + * @param[out] nb_err + * Pointer to return the number of error packets returned in *mb* + * @return + * Count of crypto_ops prepared + */ +__rte_experimental +static inline uint16_t +rte_pdcp_pkt_pre_process(const struct rte_pdcp_entity *entity, + struct rte_mbuf *mb[], struct rte_crypto_op *cop[], + uint16_t num, uint16_t *nb_err) +{ + return entity->pre_process(entity, mb, cop, num, nb_err); +} + +/** + * @warning + * @b EXPERIMENTAL: this API may change without prior notice + * + * For input mbufs and given PDCP entity, perform PDCP post-processing of the + * mbufs. + * + * Input mbufs are the ones retrieved from crypto_ops dequeued from cryptodev + * and grouped by *rte_pdcp_pkt_crypto_group()*. + * + * The post-processed packets would be returned in the *out_mb* buffer. + * The resultant mbufs would be grouped into success packets and error packets. + * Error packets would be grouped in the end of the array and it is the + * responsibility of the application to handle the same. + * + * When in-order delivery is enabled, PDCP entity may buffer packets and would + * deliver packets only when all prior packets have been post-processed. That + * would result in returning more/less packets than enqueued. + * + * @param entity + * Pointer to the *rte_pdcp_entity* object the packets belong to. + * @param in_mb + * The address of an array of *num* pointers to *rte_mbuf* structures. + * @param[out] out_mb + * The address of an array of *num* pointers to *rte_mbuf* structures + * to output packets after PDCP post-processing. + * @param num + * The maximum number of packets to process. + * @param[out] nb_err + * The number of error packets returned in *out_mb* buffer. + * @return + * Count of packets returned in *out_mb* buffer. + */ +__rte_experimental +static inline uint16_t +rte_pdcp_pkt_post_process(const struct rte_pdcp_entity *entity, + struct rte_mbuf *in_mb[], + struct rte_mbuf *out_mb[], + uint16_t num, uint16_t *nb_err) +{ + return entity->post_process(entity, in_mb, out_mb, num, nb_err); +} + +#include + +#ifdef __cplusplus +} +#endif + +#endif /* _RTE_PDCP_H_ */ diff --git a/lib/pdcp/rte_pdcp_group.h b/lib/pdcp/rte_pdcp_group.h new file mode 100644 index 0000000000..2c01c19d4e --- /dev/null +++ b/lib/pdcp/rte_pdcp_group.h @@ -0,0 +1,133 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#ifndef _RTE_PDCP_GROUP_H_ +#define _RTE_PDCP_GROUP_H_ + +/** + * @file rte_pdcp_group.h + * + * RTE PDCP grouping support. + * It is not recommended to include this file directly, include + * instead. + * Provides helper functions to process completed crypto-ops and group related + * packets by sessions they belong to. + */ + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Group packets belonging to same PDCP entity. + */ +struct rte_pdcp_group { + union { + uint64_t val; + void *ptr; + } id; /**< Grouped by value */ + struct rte_mbuf **m; /**< Start of the group */ + uint32_t cnt; /**< Number of entries in the group */ + int32_t rc; /**< Status code associated with the group */ +}; + +/** + * Take crypto-op as an input and extract pointer to related PDCP entity. + * @param cop + * The address of an input *rte_crypto_op* structure. + * @return + * The pointer to the related *rte_pdcp_entity* structure. + */ +static inline struct rte_pdcp_entity * +rte_pdcp_en_from_cop(const struct rte_crypto_op *cop) +{ + void *sess = cop->sym[0].session; + + if (cop->sess_type == RTE_CRYPTO_OP_SECURITY_SESSION) { + return (struct rte_pdcp_entity *)(uintptr_t) + rte_security_session_opaque_data_get(sess); + } else if (cop->sess_type == RTE_CRYPTO_OP_WITH_SESSION) { + return (struct rte_pdcp_entity *)(uintptr_t) + rte_cryptodev_sym_session_opaque_data_get(sess); + } + + return NULL; +} + +/** + * Take as input completed crypto ops, extract related mbufs and group them by + * *rte_pdcp_entity* they belong to. Mbuf for which the crypto operation has + * failed would be flagged using *RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED* flag + * in rte_mbuf.ol_flags. The crypto_ops would be freed after the grouping. + * + * Note that application must ensure only crypto-ops prepared by lib_pdcp is + * provided back to @see rte_pdcp_pkt_crypto_group(). + * + * @param cop + * The address of an array of *num* pointers to the input *rte_crypto_op* + * structures. + * @param[out] mb + * The address of an array of *num* pointers to output *rte_mbuf* structures. + * @param[out] grp + * The address of an array of *num* to output *rte_pdcp_group* structures. + * @param num + * The maximum number of crypto-ops to process. + * @return + * Number of filled elements in *grp* array. + * + */ +static inline uint16_t +rte_pdcp_pkt_crypto_group(struct rte_crypto_op *cop[], struct rte_mbuf *mb[], + struct rte_pdcp_group grp[], uint16_t num) +{ + uint32_t i, j = 0, n = 0; + void *ns, *ps = NULL; + struct rte_mbuf *m; + + for (i = 0; i != num; i++) { + m = cop[i]->sym[0].m_src; + ns = cop[i]->sym[0].session; + + m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD; + if (cop[i]->status != RTE_CRYPTO_OP_STATUS_SUCCESS) + m->ol_flags |= RTE_MBUF_F_RX_SEC_OFFLOAD_FAILED; + + /* Different entity */ + if (ps != ns) { + + /* Finalize open group and start a new one */ + if (ps != NULL) { + grp[n].cnt = mb + j - grp[n].m; + n++; + } + + /* Start new group */ + grp[n].m = mb + j; + ps = ns; + grp[n].id.ptr = rte_pdcp_en_from_cop(cop[i]); + } + + mb[j++] = m; + rte_crypto_op_free(cop[i]); + } + + /* Finalize last group */ + if (ps != NULL) { + grp[n].cnt = mb + j - grp[n].m; + n++; + } + + return n; +} + +#ifdef __cplusplus +} +#endif + +#endif /* _RTE_PDCP_GROUP_H_ */ diff --git a/lib/pdcp/version.map b/lib/pdcp/version.map new file mode 100644 index 0000000000..8fa9d5d7cc --- /dev/null +++ b/lib/pdcp/version.map @@ -0,0 +1,13 @@ +EXPERIMENTAL { + global: + + # added in 22.11 + rte_pdcp_entity_establish; + rte_pdcp_entity_release; + rte_pdcp_entity_suspend; + + rte_pdcp_pkt_post_process; + rte_pdcp_pkt_pre_process; + + local: *; +}; From patchwork Thu Dec 22 09:25:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 121281 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id CCAE6A034C; Thu, 22 Dec 2022 10:27:54 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 772F742D19; Thu, 22 Dec 2022 10:27:50 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 5F14D42D19 for ; Thu, 22 Dec 2022 10:27:49 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BM7Mp6t015823; Thu, 22 Dec 2022 01:27:47 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=+BNcUk9IFFn7wiVzuNzk3A7ksbOTIPsswRHavhamk0g=; b=bzN6FSj6C3b7utxq5PFq1iiAhC/Rnri3ucZcuU/DX0McVyYjCSPQaHdo3zeguzzX/RTP wlbeXrKmAa3KRmsVymjReMtum6KTfgtAR734iRJPCDJ/SQgPLCXPgT9MpMSRUwX8/4sB YG0NgN5d5CnCd5iQinSnWhEAexuRVc9TwF8blOYuZI+OFmAXASIriXnfMV8veZos3Xt6 PdLBihbkh+z7AcSVRxGDiLePUboqTZkcmlJ81wH/k014tL1wNXI1rxX8R1KzLyvR9v8h 5Td/yWVVpAE+0hGtpoE6ZyfKeazqNgoxChrcBfT5JnOXV7F5zwN4WlsCY5JlSU2d+5MW Xg== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3mm79c3su8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Dec 2022 01:27:45 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 22 Dec 2022 01:25:39 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 22 Dec 2022 01:25:39 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.193.66.59]) by maili.marvell.com (Postfix) with ESMTP id 92A553F707F; Thu, 22 Dec 2022 01:25:35 -0800 (PST) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev , Bernard Iremonger CC: Hemant Agrawal , =?utf-8?q?Mattias_R=C3=B6nnblom?= , "Kiran Kumar K" , Volodymyr Fialko , , Olivier Matz Subject: [PATCH 3/5] app/test: add lib pdcp tests Date: Thu, 22 Dec 2022 14:55:20 +0530 Message-ID: <20221222092522.1628-4-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221222092522.1628-1-anoobj@marvell.com> References: <20221027052140.155-1-anoobj@marvell.com> <20221222092522.1628-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: cIkHA8o0Rq9Q5orMcsW9w-Ohaykha5ES X-Proofpoint-GUID: cIkHA8o0Rq9Q5orMcsW9w-Ohaykha5ES X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-12-22_04,2022-12-21_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add tests to verify lib PDCP operations. Tests leverage existing PDCP test vectors. Signed-off-by: Anoob Joseph Signed-off-by: Kiran Kumar K Signed-off-by: Volodymyr Fialko --- app/test/meson.build | 1 + app/test/test_cryptodev.h | 3 + app/test/test_pdcp.c | 663 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 667 insertions(+) create mode 100644 app/test/test_pdcp.c diff --git a/app/test/meson.build b/app/test/meson.build index 1b9ce355f8..7e1f3f6543 100644 --- a/app/test/meson.build +++ b/app/test/meson.build @@ -95,6 +95,7 @@ test_sources = files( 'test_meter.c', 'test_mcslock.c', 'test_mp_secondary.c', + 'test_pdcp.c', 'test_per_lcore.c', 'test_pflock.c', 'test_pmd_perf.c', diff --git a/app/test/test_cryptodev.h b/app/test/test_cryptodev.h index abd795f54a..89057dba22 100644 --- a/app/test/test_cryptodev.h +++ b/app/test/test_cryptodev.h @@ -4,6 +4,9 @@ #ifndef TEST_CRYPTODEV_H_ #define TEST_CRYPTODEV_H_ +#include +#include + #define HEX_DUMP 0 #define FALSE 0 diff --git a/app/test/test_pdcp.c b/app/test/test_pdcp.c new file mode 100644 index 0000000000..10a383ddd7 --- /dev/null +++ b/app/test/test_pdcp.c @@ -0,0 +1,663 @@ +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(C) 2022 Marvell. + */ + +#include +#include + +#include "test.h" +#include "test_cryptodev.h" +#include "test_cryptodev_security_pdcp_test_vectors.h" + +#define NB_DESC 1024 + +struct pdcp_testsuite_params { + struct rte_mempool *mbuf_pool; + struct rte_mempool *cop_pool; + struct rte_mempool *sess_pool; +}; + +static struct pdcp_testsuite_params testsuite_params; + +#define PDCP_MAX_TEST_INPUT_LEN 2048 + +struct pdcp_test_conf { + struct rte_pdcp_entity_conf entity; + struct rte_crypto_sym_xform c_xfrm; + struct rte_crypto_sym_xform a_xfrm; + bool is_integrity_protected; + uint8_t input[PDCP_MAX_TEST_INPUT_LEN]; + uint32_t input_len; + const uint8_t *expected; + uint32_t expected_len; +}; + +static inline int +pdcp_hdr_size_get(enum rte_security_pdcp_sn_size sn_size) +{ + return RTE_ALIGN_MUL_CEIL(sn_size, 8) / 8; +} + +static int +cryptodev_init(int dev_id) +{ + struct rte_cryptodev_qp_conf qp_conf; + struct rte_cryptodev_info dev_info; + struct rte_cryptodev_config config; + int ret, socket_id; + + rte_cryptodev_info_get(dev_id, &dev_info); + + if (dev_info.max_nb_queue_pairs < 1) { + RTE_LOG(ERR, USER1, "Cryptodev doesn't have sufficient queue pairs available\n"); + return -ENODEV; + } + + socket_id = rte_socket_id(); + + memset(&config, 0, sizeof(config)); + config.nb_queue_pairs = 1; + config.socket_id = socket_id; + + ret = rte_cryptodev_configure(dev_id, &config); + if (ret < 0) { + RTE_LOG(ERR, USER1, "Could not configure cryptodev - %d\n", dev_id); + return -ENODEV; + } + + memset(&qp_conf, 0, sizeof(qp_conf)); + qp_conf.nb_descriptors = NB_DESC; + + ret = rte_cryptodev_queue_pair_setup(dev_id, 0, &qp_conf, socket_id); + if (ret < 0) { + RTE_LOG(ERR, USER1, "Could not configure queue pair\n"); + return -ENODEV; + } + + ret = rte_cryptodev_start(dev_id); + if (ret < 0) { + RTE_LOG(ERR, USER1, "Could not start cryptodev\n"); + return -ENODEV; + } + + return 0; +} + +static void +cryptodev_fini(int dev_id) +{ + rte_cryptodev_stop(dev_id); +} + +static unsigned int +cryptodev_sess_priv_max_req_get(void) +{ + struct rte_cryptodev_info info; + unsigned int sess_priv_sz; + int i, nb_dev; + void *sec_ctx; + + nb_dev = rte_cryptodev_count(); + + sess_priv_sz = 0; + + for (i = 0; i < nb_dev; i++) { + rte_cryptodev_info_get(i, &info); + sess_priv_sz = RTE_MAX(sess_priv_sz, rte_cryptodev_sym_get_private_session_size(i)); + if (info.feature_flags & RTE_CRYPTODEV_FF_SECURITY) { + sec_ctx = rte_cryptodev_get_sec_ctx(i); + sess_priv_sz = RTE_MAX(sess_priv_sz, + rte_security_session_get_size(sec_ctx)); + } + } + + return sess_priv_sz; +} + +static int +testsuite_setup(void) +{ + struct pdcp_testsuite_params *ts_params = &testsuite_params; + int nb_cdev, sess_priv_size, nb_sess = 1024; + + RTE_SET_USED(pdcp_test_auth_key); + RTE_SET_USED(pdcp_test_crypto_key); + RTE_SET_USED(pdcp_test_data_out); + RTE_SET_USED(pdcp_test_hfn_threshold); + + nb_cdev = rte_cryptodev_count(); + if (nb_cdev < 1) { + RTE_LOG(ERR, USER1, "No crypto devices found.\n"); + return TEST_SKIPPED; + } + + memset(ts_params, 0, sizeof(*ts_params)); + + ts_params->mbuf_pool = rte_pktmbuf_pool_create("mbuf_pool", NUM_MBUFS, MBUF_CACHE_SIZE, 0, + MBUF_SIZE, SOCKET_ID_ANY); + if (ts_params->mbuf_pool == NULL) { + RTE_LOG(ERR, USER1, "Could not create mbuf pool\n"); + return TEST_FAILED; + } + + ts_params->cop_pool = rte_crypto_op_pool_create("cop_pool", RTE_CRYPTO_OP_TYPE_SYMMETRIC, + NUM_MBUFS, MBUF_CACHE_SIZE, + 2 * MAXIMUM_IV_LENGTH, SOCKET_ID_ANY); + if (ts_params->cop_pool == NULL) { + RTE_LOG(ERR, USER1, "Could not create crypto_op pool\n"); + goto mbuf_pool_free; + } + + /* Get max session priv size required */ + sess_priv_size = cryptodev_sess_priv_max_req_get(); + + ts_params->sess_pool = rte_cryptodev_sym_session_pool_create("sess_pool", nb_sess, + sess_priv_size, + RTE_MEMPOOL_CACHE_MAX_SIZE, + 0, SOCKET_ID_ANY); + if (ts_params->sess_pool == NULL) { + RTE_LOG(ERR, USER1, "Could not create session pool\n"); + goto cop_pool_free; + } + + printf("TEST SUITE SETUP\n"); + return 0; + +cop_pool_free: + rte_mempool_free(ts_params->cop_pool); + ts_params->cop_pool = NULL; +mbuf_pool_free: + rte_mempool_free(ts_params->mbuf_pool); + ts_params->mbuf_pool = NULL; + return TEST_FAILED; +} + +static void +testsuite_teardown(void) +{ + struct pdcp_testsuite_params *ts_params = &testsuite_params; + + rte_mempool_free(ts_params->sess_pool); + ts_params->sess_pool = NULL; + + rte_mempool_free(ts_params->cop_pool); + ts_params->cop_pool = NULL; + + rte_mempool_free(ts_params->mbuf_pool); + ts_params->mbuf_pool = NULL; + + printf("TEST SUITE TEARDOWN\n"); +} + +static int +ut_setup_pdcp(void) +{ + printf("SETUP PDCP\n"); + return 0; +} + +static void +ut_teardown_pdcp(void) +{ + printf("TEARDOWN PDCP\n"); +} + +static int +crypto_caps_cipher_verify(uint8_t dev_id, const struct rte_crypto_sym_xform *c_xfrm) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + int ret; + + cap_idx.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + cap_idx.algo.cipher = c_xfrm->cipher.algo; + + cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx); + if (cap == NULL) + return -1; + + ret = rte_cryptodev_sym_capability_check_cipher(cap, c_xfrm->cipher.key.length, + c_xfrm->cipher.iv.length); + + return ret; +} + +static int +crypto_caps_auth_verify(uint8_t dev_id, const struct rte_crypto_sym_xform *a_xfrm) +{ + const struct rte_cryptodev_symmetric_capability *cap; + struct rte_cryptodev_sym_capability_idx cap_idx; + int ret; + + cap_idx.type = RTE_CRYPTO_SYM_XFORM_AUTH; + cap_idx.algo.auth = a_xfrm->auth.algo; + + cap = rte_cryptodev_sym_capability_get(dev_id, &cap_idx); + if (cap == NULL) + return -1; + + ret = rte_cryptodev_sym_capability_check_auth(cap, a_xfrm->auth.key.length, + a_xfrm->auth.digest_length, + a_xfrm->auth.iv.length); + + return ret; +} + +static int +cryptodev_id_get(bool is_integrity_protected, const struct rte_crypto_sym_xform *c_xfrm, + const struct rte_crypto_sym_xform *a_xfrm) +{ + int i, nb_devs; + + nb_devs = rte_cryptodev_count(); + + /* Check capabilities */ + + for (i = 0; i < nb_devs; i++) { + if ((crypto_caps_cipher_verify(i, c_xfrm) == 0) && + (!is_integrity_protected || crypto_caps_auth_verify(i, a_xfrm) == 0)) + break; + } + + if (i == nb_devs) + return -1; + + return i; +} + +static int +pdcp_known_vec_verify(struct rte_mbuf *m, const uint8_t *expected, uint32_t expected_pkt_len) +{ + uint8_t *actual = rte_pktmbuf_mtod(m, uint8_t *); + uint32_t actual_pkt_len = rte_pktmbuf_pkt_len(m); + + debug_hexdump(stdout, "Received:", actual, actual_pkt_len); + debug_hexdump(stdout, "Expected:", expected, expected_pkt_len); + + TEST_ASSERT_EQUAL(actual_pkt_len, expected_pkt_len, + "Mismatch in packet lengths [expected: %d, received: %d]", + expected_pkt_len, actual_pkt_len); + + TEST_ASSERT_BUFFERS_ARE_EQUAL(actual, expected, expected_pkt_len, + "Generated packet not as expected"); + + return 0; +} + +static struct rte_crypto_op * +process_crypto_request(uint8_t dev_id, struct rte_crypto_op *op) +{ + if (rte_cryptodev_enqueue_burst(dev_id, 0, &op, 1) != 1) { + RTE_LOG(ERR, USER1, "Error sending packet to cryptodev\n"); + return NULL; + } + + op = NULL; + + while (rte_cryptodev_dequeue_burst(dev_id, 0, &op, 1) == 0) + rte_pause(); + + return op; +} + +static int +create_test_conf_from_index(const int index, struct pdcp_test_conf *conf) +{ + const struct pdcp_testsuite_params *ts_params = &testsuite_params; + struct rte_crypto_sym_xform c_xfrm, a_xfrm; + uint32_t hfn, sn, count = 0; + int pdcp_hdr_sz; + uint8_t *data; + + memset(conf, 0, sizeof(*conf)); + memset(&c_xfrm, 0, sizeof(c_xfrm)); + memset(&a_xfrm, 0, sizeof(a_xfrm)); + + conf->entity.sess_mpool = ts_params->sess_pool; + conf->entity.cop_pool = ts_params->cop_pool; + conf->entity.pdcp_xfrm.bearer = pdcp_test_bearer[index]; + conf->entity.pdcp_xfrm.en_ordering = 0; + conf->entity.pdcp_xfrm.remove_duplicates = 0; + conf->entity.pdcp_xfrm.domain = pdcp_test_params[index].domain; + + if (pdcp_test_packet_direction[index] == PDCP_DIR_UPLINK) + conf->entity.pdcp_xfrm.pkt_dir = RTE_SECURITY_PDCP_UPLINK; + else + conf->entity.pdcp_xfrm.pkt_dir = RTE_SECURITY_PDCP_DOWNLINK; + + conf->entity.pdcp_xfrm.sn_size = pdcp_test_data_sn_size[index]; + conf->entity.pdcp_xfrm.hfn_threshold = 0; + conf->entity.pdcp_xfrm.hfn_ovrd = 0; + conf->entity.pdcp_xfrm.sdap_enabled = 0; + + c_xfrm.type = RTE_CRYPTO_SYM_XFORM_CIPHER; + c_xfrm.cipher.algo = pdcp_test_params[index].cipher_alg; + c_xfrm.cipher.key.length = pdcp_test_params[index].cipher_key_len; + c_xfrm.cipher.key.data = pdcp_test_crypto_key[index]; + + a_xfrm.type = RTE_CRYPTO_SYM_XFORM_AUTH; + + if (pdcp_test_params[index].auth_alg == 0) { + conf->is_integrity_protected = false; + } else { + a_xfrm.auth.algo = pdcp_test_params[index].auth_alg; + a_xfrm.auth.key.data = pdcp_test_auth_key[index]; + a_xfrm.auth.key.length = pdcp_test_params[index].auth_key_len; + conf->is_integrity_protected = true; + } + + pdcp_hdr_sz = pdcp_hdr_size_get(pdcp_test_data_sn_size[index]); + + /* + * Uplink means PDCP entity is configured for transmit. Downlink means PDCP entity is + * configured for receive. When integrity protecting is enabled, PDCP always performs + * digest-encrypted or auth-gen-encrypt for uplink (and decrypt-auth-verify for downlink). + * So for uplink, crypto chain would be auth-cipher while for downlink it would be + * cipher-auth. + * + * When integrity protection is not required, xform would be cipher only. + */ + + if (conf->is_integrity_protected) { + if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) { + conf->entity.crypto_xfrm = &conf->a_xfrm; + + a_xfrm.auth.op = RTE_CRYPTO_AUTH_OP_GENERATE; + a_xfrm.next = &conf->c_xfrm; + + c_xfrm.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + c_xfrm.next = NULL; + } else { + conf->entity.crypto_xfrm = &conf->c_xfrm; + + c_xfrm.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + c_xfrm.next = &conf->a_xfrm; + + a_xfrm.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + a_xfrm.next = NULL; + } + } else { + conf->entity.crypto_xfrm = &conf->c_xfrm; + c_xfrm.next = NULL; + + if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) + c_xfrm.cipher.op = RTE_CRYPTO_CIPHER_OP_ENCRYPT; + else + c_xfrm.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + } + /* Update xforms to match PDCP requirements */ + + if ((c_xfrm.cipher.algo == RTE_CRYPTO_CIPHER_AES_CTR) || + (c_xfrm.cipher.algo == RTE_CRYPTO_CIPHER_ZUC_EEA3 || + (c_xfrm.cipher.algo == RTE_CRYPTO_CIPHER_SNOW3G_UEA2))) + c_xfrm.cipher.iv.length = 16; + else + c_xfrm.cipher.iv.length = 0; + + if (conf->is_integrity_protected) { + if (a_xfrm.auth.algo == RTE_CRYPTO_AUTH_NULL) + a_xfrm.auth.digest_length = 0; + else + a_xfrm.auth.digest_length = 4; + + if ((a_xfrm.auth.algo == RTE_CRYPTO_AUTH_ZUC_EIA3) || + (a_xfrm.auth.algo == RTE_CRYPTO_AUTH_SNOW3G_UIA2)) + a_xfrm.auth.iv.length = 16; + else + a_xfrm.auth.iv.length = 0; + } + + conf->c_xfrm = c_xfrm; + conf->a_xfrm = a_xfrm; + + if (pdcp_test_params[index].domain == RTE_SECURITY_PDCP_MODE_CONTROL || + pdcp_test_params[index].domain == RTE_SECURITY_PDCP_MODE_DATA) { + data = pdcp_test_data_in[index]; + hfn = pdcp_test_hfn[index] << pdcp_test_data_sn_size[index]; + sn = 0; + if (pdcp_test_data_sn_size[index] == RTE_SECURITY_PDCP_SN_SIZE_12) { + sn = rte_cpu_to_be_16(*(uint16_t *)data); + sn = sn & 0xfff; + } else if (pdcp_test_data_sn_size[index] == RTE_SECURITY_PDCP_SN_SIZE_18) { + sn = rte_cpu_to_be_32(*(uint32_t *)data); + sn = (sn & 0x3ffff00) >> 8; + } + count = hfn | sn; + } + conf->entity.count = count; + + + if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) { +#ifdef VEC_DUMP + debug_hexdump(stdout, "Original vector:", pdcp_test_data_in[index], + pdcp_test_data_in_len[index]); +#endif + /* Since the vectors available already have PDCP header, trim the same */ + conf->input_len = pdcp_test_data_in_len[index] - pdcp_hdr_sz; + memcpy(conf->input, pdcp_test_data_in[index] + pdcp_hdr_sz, conf->input_len); + } else { + conf->input_len = pdcp_test_data_in_len[index]; + + if (conf->is_integrity_protected) + conf->input_len += 4; + + memcpy(conf->input, pdcp_test_data_out[index], conf->input_len); +#ifdef VEC_DUMP + debug_hexdump(stdout, "Original vector:", conf->input, conf->input_len); +#endif + } + + if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) + conf->expected = pdcp_test_data_out[index]; + else + conf->expected = pdcp_test_data_in[index]; + + /* Calculate expected packet length */ + conf->expected_len = pdcp_test_data_in_len[index]; + + /* In DL processing, PDCP header would be stripped */ + if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) { + conf->expected += pdcp_hdr_sz; + conf->expected_len -= pdcp_hdr_sz; + } + + /* In UL processing with integrity protection, MAC would be added */ + if (conf->is_integrity_protected && + conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) + conf->expected_len += 4; + + return 0; +} + +static int +test_attempt_single(const struct pdcp_test_conf *t_conf) +{ + const struct pdcp_testsuite_params *ts_params = &testsuite_params; + struct rte_mbuf *mbuf, *mb, **out_mb = NULL; + uint16_t nb_success, nb_err, nb_grp; + struct rte_pdcp_entity *pdcp_entity; + struct rte_crypto_op *cop, *cop_out; + int cdev_id, ret = 0, nb_max_out_mb; + struct rte_pdcp_entity_conf conf; + struct rte_pdcp_group grp[1]; + uint8_t *input_text; + + if (t_conf->entity.pdcp_xfrm.sn_size != RTE_SECURITY_PDCP_SN_SIZE_12 && + t_conf->entity.pdcp_xfrm.sn_size != RTE_SECURITY_PDCP_SN_SIZE_18) { + ret = -ENOTSUP; + goto exit; + } + + cdev_id = cryptodev_id_get(t_conf->is_integrity_protected, + &t_conf->c_xfrm, &t_conf->a_xfrm); + if (cdev_id == -1) { + RTE_LOG(DEBUG, USER1, "Could not find device with required capabilities\n"); + ret = -ENOTSUP; + goto exit; + } + + ret = cryptodev_init(cdev_id); + if (ret) { + RTE_LOG(DEBUG, USER1, "Could not initialize cryptode\nv"); + goto exit; + } + + conf = t_conf->entity; + + pdcp_entity = rte_pdcp_entity_establish(&conf); + if (pdcp_entity == NULL) { + RTE_LOG(DEBUG, USER1, "Could not establish PDCP entity\n"); + ret = rte_errno; + goto cdev_fini; + } + + /* Allocate buffer for holding mbufs returned */ + + /* Max packets that can be cached in entity + burst size */ + nb_max_out_mb = pdcp_entity->max_pkt_cache + 1; + out_mb = rte_malloc(NULL, nb_max_out_mb * sizeof(uintptr_t), 0); + if (out_mb == NULL) { + RTE_LOG(ERR, USER1, "Could not allocate buffer for holding out_mb buffers\n"); + ret = -ENOMEM; + goto entity_release; + } + + mbuf = rte_pktmbuf_alloc(ts_params->mbuf_pool); + if (mbuf == NULL) { + RTE_LOG(ERR, USER1, "Could not create mbuf\n"); + ret = -ENOMEM; + goto entity_release; + } + + memset(rte_pktmbuf_mtod(mbuf, uint8_t *), 0, + rte_pktmbuf_tailroom(mbuf)); + input_text = (uint8_t *)rte_pktmbuf_append(mbuf, t_conf->input_len); + memcpy(input_text, t_conf->input, t_conf->input_len); + +#ifdef VEC_DUMP + printf("Adjusted vector:\n"); + rte_pktmbuf_dump(stdout, mbuf, t_conf->input_len); +#endif + + nb_success = rte_pdcp_pkt_pre_process(pdcp_entity, &mbuf, &cop_out, 1, &nb_err); + if (nb_success != 1 || nb_err != 0) { + RTE_LOG(ERR, USER1, "Could not pre process PDCP packet\n"); + ret = -ENOSYS; + goto mbuf_free; + } + +#ifdef VEC_DUMP + printf("Pre-processed vector:\n"); + rte_pktmbuf_dump(stdout, mbuf, rte_pktmbuf_pkt_len(mbuf)); +#endif + + cop = process_crypto_request(cdev_id, cop_out); + if (cop == NULL) { + RTE_LOG(ERR, USER1, "Could not process crypto request\n"); + ret = -EIO; + goto mbuf_free; + } + + nb_grp = rte_pdcp_pkt_crypto_group(&cop_out, &mb, grp, 1); + if (nb_grp != 1 || grp[0].cnt != 1) { + RTE_LOG(ERR, USER1, "Could not group PDCP crypto results\n"); + ret = -ENOTRECOVERABLE; + goto mbuf_free; + } + + if ((uintptr_t)pdcp_entity != grp[0].id.val) { + RTE_LOG(ERR, USER1, "PDCP entity not matching the one from crypto_op\n"); + ret = -ENOTRECOVERABLE; + goto mbuf_free; + } + +#ifdef VEC_DUMP + printf("Crypto processed vector:\n"); + rte_pktmbuf_dump(stdout, cop->sym->m_dst, rte_pktmbuf_pkt_len(mbuf)); +#endif + + nb_success = rte_pdcp_pkt_post_process(grp[0].id.ptr, grp[0].m, out_mb, grp[0].cnt, + &nb_err); + if (nb_success != 1 || nb_err != 0) { + RTE_LOG(ERR, USER1, "Could not post process PDCP packet\n"); + ret = -ENOSYS; + goto mbuf_free; + } + + ret = pdcp_known_vec_verify(mbuf, t_conf->expected, t_conf->expected_len); + if (ret) + goto mbuf_free; + + ret = rte_pdcp_entity_suspend(pdcp_entity, out_mb); + if (ret) { + RTE_LOG(DEBUG, USER1, "Could not suspend PDCP entity\n"); + goto mbuf_free; + } + +mbuf_free: + rte_pktmbuf_free(mbuf); +entity_release: + rte_pdcp_entity_release(pdcp_entity, out_mb); + rte_free(out_mb); +cdev_fini: + cryptodev_fini(cdev_id); +exit: + if (ret == -ENOTSUP) + return TEST_SKIPPED; + if (ret == 0) + return TEST_SUCCESS; + return TEST_FAILED; +} + +static int +test_iterate_all(void) +{ + int ret, nb_test, i, passed = 0; + struct pdcp_test_conf t_conf; + + nb_test = RTE_DIM(pdcp_test_params); + + for (i = 0; i < nb_test; i++) { + printf("[%03i] - %s", i, pdcp_test_params[i].name); + create_test_conf_from_index(i, &t_conf); + ret = test_attempt_single(&t_conf); + if (ret == TEST_FAILED) { + printf(" - failed\n"); + return ret; + } else if (ret == TEST_SKIPPED) { + printf(" - skipped\n"); + continue; + } + + printf(" - passed\n"); + passed += 1; + } + printf("Passed: %i\n", passed); + + return TEST_SUCCESS; +} + +static int +test_sample(void) +{ + return test_iterate_all(); +} + +static struct unit_test_suite pdcp_testsuite = { + .suite_name = "PDCP Unit Test Suite", + .setup = testsuite_setup, + .teardown = testsuite_teardown, + .unit_test_cases = { + TEST_CASE_ST(ut_setup_pdcp, ut_teardown_pdcp, + test_sample), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + +static int +test_pdcp(void) +{ + return unit_test_suite_runner(&pdcp_testsuite); +} + +REGISTER_TEST_COMMAND(pdcp_autotest, test_pdcp); From patchwork Thu Dec 22 09:25:21 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 121284 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9287AA034C; Thu, 22 Dec 2022 10:28:18 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8FFE542D2D; Thu, 22 Dec 2022 10:27:54 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 65825400D7 for ; Thu, 22 Dec 2022 10:27:53 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BM7Mp71015823; Thu, 22 Dec 2022 01:27:51 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=YJcx1vX/4BwAQ+xf0p+F5bUn4Q+s6NodOSUhDuf2mQc=; b=bC1VaplOQdzN9kvzhNiFXlYtYq9iE7i/XYzYfgrTCWw0udAyJfG3j9v4gX6LBOkep5TS 202/65PEqbmnIaJu72oiLKKw3aD1GXsa8kYV+vlrC4g9Ye01k5bqPyAHnHX9G49TjFTr r0smMuqQTdFn+Qz6Wu8rSf/Ug7TghM6MziHBcGZsEyPJomQaGXiS7iecH19L+vVXn2qY GvcIxVD5uqdJc1Ac4DuLuP83iAO5HDHeuR/zaEL2GEDgfMQWsQs1cxlHSWwfvczFQgd0 lSnwrete7rYnMJMS8iosyk5n+s5e748zEiAVns43Ox6lHHKvTSuS75L5JHxgzByuzx6S +A== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3mm79c3stv-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Dec 2022 01:27:51 -0800 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 22 Dec 2022 01:25:43 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 22 Dec 2022 01:25:43 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.193.66.59]) by maili.marvell.com (Postfix) with ESMTP id A0F793F705D; Thu, 22 Dec 2022 01:25:39 -0800 (PST) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev , Bernard Iremonger CC: Volodymyr Fialko , Hemant Agrawal , =?utf-8?q?Mattias_R=C3=B6nnblom?= , Kiran Kumar K , , Olivier Matz Subject: [PATCH 4/5] app/test: pdcp HFN tests in combined mode Date: Thu, 22 Dec 2022 14:55:21 +0530 Message-ID: <20221222092522.1628-5-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221222092522.1628-1-anoobj@marvell.com> References: <20221027052140.155-1-anoobj@marvell.com> <20221222092522.1628-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-ORIG-GUID: YWLEWQ6ke7WDMUsllKQxRPEYqoEcy-F6 X-Proofpoint-GUID: YWLEWQ6ke7WDMUsllKQxRPEYqoEcy-F6 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-12-22_04,2022-12-21_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org From: Volodymyr Fialko Add tests to verify HFN/SN behaviour. Signed-off-by: Anoob Joseph Signed-off-by: Kiran Kumar K Signed-off-by: Volodymyr Fialko --- app/test/test_pdcp.c | 390 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 363 insertions(+), 27 deletions(-) diff --git a/app/test/test_pdcp.c b/app/test/test_pdcp.c index 10a383ddd7..1e74147579 100644 --- a/app/test/test_pdcp.c +++ b/app/test/test_pdcp.c @@ -4,6 +4,7 @@ #include #include +#include #include "test.h" #include "test_cryptodev.h" @@ -19,17 +20,17 @@ struct pdcp_testsuite_params { static struct pdcp_testsuite_params testsuite_params; -#define PDCP_MAX_TEST_INPUT_LEN 2048 +#define PDCP_MAX_TEST_DATA_LEN 2048 struct pdcp_test_conf { struct rte_pdcp_entity_conf entity; struct rte_crypto_sym_xform c_xfrm; struct rte_crypto_sym_xform a_xfrm; bool is_integrity_protected; - uint8_t input[PDCP_MAX_TEST_INPUT_LEN]; + uint8_t input[PDCP_MAX_TEST_DATA_LEN]; uint32_t input_len; - const uint8_t *expected; - uint32_t expected_len; + uint8_t output[PDCP_MAX_TEST_DATA_LEN]; + uint32_t output_len; }; static inline int @@ -38,6 +39,19 @@ pdcp_hdr_size_get(enum rte_security_pdcp_sn_size sn_size) return RTE_ALIGN_MUL_CEIL(sn_size, 8) / 8; } +static int +pktmbuf_read_into(const struct rte_mbuf *m, void *buf, size_t buf_len) +{ + if (m->pkt_len > buf_len) + return -ENOMEM; + + const void *read = rte_pktmbuf_read(m, 0, m->pkt_len, buf); + if (read != NULL && read != buf) + memcpy(buf, read, m->pkt_len); + + return 0; +} + static int cryptodev_init(int dev_id) { @@ -300,14 +314,45 @@ process_crypto_request(uint8_t dev_id, struct rte_crypto_op *op) return op; } +static uint32_t +pdcp_sn_from_raw_get(const void *data, enum rte_security_pdcp_sn_size size) +{ + uint32_t sn = 0; + + if (size == RTE_SECURITY_PDCP_SN_SIZE_12) { + sn = rte_cpu_to_be_16(*(const uint16_t *)data); + sn = sn & 0xfff; + } else if (size == RTE_SECURITY_PDCP_SN_SIZE_18) { + sn = rte_cpu_to_be_32(*(const uint32_t *)data); + sn = (sn & 0x3ffff00) >> 8; + } + + return sn; +} + +static void +pdcp_sn_to_raw_set(void *data, uint32_t sn, int size) +{ + if (size == RTE_SECURITY_PDCP_SN_SIZE_12) { + struct rte_pdcp_up_data_pdu_sn_12_hdr *pdu_hdr = data; + pdu_hdr->sn_11_8 = ((sn & 0xf00) >> 8); + pdu_hdr->sn_7_0 = (sn & 0xff); + } else if (size == RTE_SECURITY_PDCP_SN_SIZE_18) { + struct rte_pdcp_up_data_pdu_sn_18_hdr *pdu_hdr = data; + pdu_hdr->sn_17_16 = ((sn & 0x30000) >> 16); + pdu_hdr->sn_15_8 = ((sn & 0xff00) >> 8); + pdu_hdr->sn_7_0 = (sn & 0xff); + } +} + static int create_test_conf_from_index(const int index, struct pdcp_test_conf *conf) { const struct pdcp_testsuite_params *ts_params = &testsuite_params; struct rte_crypto_sym_xform c_xfrm, a_xfrm; - uint32_t hfn, sn, count = 0; + uint32_t hfn, sn, expected_len, count = 0; + uint8_t *data, *expected; int pdcp_hdr_sz; - uint8_t *data; memset(conf, 0, sizeof(*conf)); memset(&c_xfrm, 0, sizeof(c_xfrm)); @@ -326,6 +371,7 @@ create_test_conf_from_index(const int index, struct pdcp_test_conf *conf) conf->entity.pdcp_xfrm.pkt_dir = RTE_SECURITY_PDCP_DOWNLINK; conf->entity.pdcp_xfrm.sn_size = pdcp_test_data_sn_size[index]; + /* Zero initialize unsupported flags */ conf->entity.pdcp_xfrm.hfn_threshold = 0; conf->entity.pdcp_xfrm.hfn_ovrd = 0; conf->entity.pdcp_xfrm.sdap_enabled = 0; @@ -414,14 +460,7 @@ create_test_conf_from_index(const int index, struct pdcp_test_conf *conf) pdcp_test_params[index].domain == RTE_SECURITY_PDCP_MODE_DATA) { data = pdcp_test_data_in[index]; hfn = pdcp_test_hfn[index] << pdcp_test_data_sn_size[index]; - sn = 0; - if (pdcp_test_data_sn_size[index] == RTE_SECURITY_PDCP_SN_SIZE_12) { - sn = rte_cpu_to_be_16(*(uint16_t *)data); - sn = sn & 0xfff; - } else if (pdcp_test_data_sn_size[index] == RTE_SECURITY_PDCP_SN_SIZE_18) { - sn = rte_cpu_to_be_32(*(uint32_t *)data); - sn = (sn & 0x3ffff00) >> 8; - } + sn = pdcp_sn_from_raw_get(data, pdcp_test_data_sn_size[index]); count = hfn | sn; } conf->entity.count = count; @@ -448,29 +487,32 @@ create_test_conf_from_index(const int index, struct pdcp_test_conf *conf) } if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) - conf->expected = pdcp_test_data_out[index]; + expected = pdcp_test_data_out[index]; else - conf->expected = pdcp_test_data_in[index]; + expected = pdcp_test_data_in[index]; /* Calculate expected packet length */ - conf->expected_len = pdcp_test_data_in_len[index]; + expected_len = pdcp_test_data_in_len[index]; /* In DL processing, PDCP header would be stripped */ if (conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) { - conf->expected += pdcp_hdr_sz; - conf->expected_len -= pdcp_hdr_sz; + expected += pdcp_hdr_sz; + expected_len -= pdcp_hdr_sz; } /* In UL processing with integrity protection, MAC would be added */ if (conf->is_integrity_protected && conf->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK) - conf->expected_len += 4; + expected_len += 4; + + memcpy(conf->output, expected, expected_len); + conf->output_len = expected_len; return 0; } static int -test_attempt_single(const struct pdcp_test_conf *t_conf) +test_attempt_single(struct pdcp_test_conf *t_conf) { const struct pdcp_testsuite_params *ts_params = &testsuite_params; struct rte_mbuf *mbuf, *mb, **out_mb = NULL; @@ -584,9 +626,17 @@ test_attempt_single(const struct pdcp_test_conf *t_conf) goto mbuf_free; } - ret = pdcp_known_vec_verify(mbuf, t_conf->expected, t_conf->expected_len); - if (ret) - goto mbuf_free; + /* If expected output provided - verify, else - store for future use */ + if (t_conf->output_len) { + ret = pdcp_known_vec_verify(mbuf, t_conf->output, t_conf->output_len); + if (ret) + goto mbuf_free; + } else { + ret = pktmbuf_read_into(mbuf, t_conf->output, PDCP_MAX_TEST_DATA_LEN); + if (ret) + goto mbuf_free; + t_conf->output_len = mbuf->pkt_len; + } ret = rte_pdcp_entity_suspend(pdcp_entity, out_mb); if (ret) { @@ -609,6 +659,195 @@ test_attempt_single(const struct pdcp_test_conf *t_conf) return TEST_FAILED; } +static void +uplink_to_downlink_convert(const struct pdcp_test_conf *ul_cfg, + struct pdcp_test_conf *dl_cfg) +{ + assert(ul_cfg->entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_UPLINK); + + memcpy(dl_cfg, ul_cfg, sizeof(*dl_cfg)); + dl_cfg->entity.pdcp_xfrm.pkt_dir = RTE_SECURITY_PDCP_DOWNLINK; + dl_cfg->entity.reverse_iv_direction = false; + + if (dl_cfg->is_integrity_protected) { + dl_cfg->entity.crypto_xfrm = &dl_cfg->c_xfrm; + + dl_cfg->c_xfrm.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + dl_cfg->c_xfrm.next = &dl_cfg->a_xfrm; + + dl_cfg->a_xfrm.auth.op = RTE_CRYPTO_AUTH_OP_VERIFY; + dl_cfg->a_xfrm.next = NULL; + } else { + dl_cfg->entity.crypto_xfrm = &dl_cfg->c_xfrm; + dl_cfg->c_xfrm.next = NULL; + dl_cfg->c_xfrm.cipher.op = RTE_CRYPTO_CIPHER_OP_DECRYPT; + } + + memcpy(dl_cfg->input, ul_cfg->output, ul_cfg->output_len); + dl_cfg->input_len = ul_cfg->output_len; + + memcpy(dl_cfg->output, ul_cfg->input, ul_cfg->input_len); + dl_cfg->output_len = ul_cfg->input_len; +} + +/* + * According to ETSI TS 138 323 V17.1.0, Section 5.2.2.1, + * SN could be divided into following ranges, + * relatively to current value of RX_DELIV state: + * +-------------+-------------+-------------+-------------+ + * | -Outside | -Window | +Window | +Outside | + * | (valid) | (Invalid) | (Valid) | (Invalid) | + * +-------------+-------------^-------------+-------------+ + * | + * v + * SN(RX_DELIV) + */ +enum sn_range_type { + SN_RANGE_MINUS_OUTSIDE, + SN_RANGE_MINUS_WINDOW, + SN_RANGE_PLUS_WINDOW, + SN_RANGE_PLUS_OUTSIDE, +}; + +#define PDCP_SET_COUNT(hfn, sn, size) ((hfn << size) | (sn & ((1 << size) - 1))) + +/* + * Take uplink test case as base, modify RX_DELIV in state and SN in input + */ +static int +test_sn_range_type_with_config(enum sn_range_type type, struct pdcp_test_conf *conf) +{ + uint32_t rx_deliv_hfn, rx_deliv_sn, rx_deliv, new_hfn, new_sn; + const int domain = conf->entity.pdcp_xfrm.domain; + struct pdcp_test_conf dl_conf; + int ret, expected_ret; + + if (domain != RTE_SECURITY_PDCP_MODE_CONTROL && domain != RTE_SECURITY_PDCP_MODE_DATA) + return TEST_SKIPPED; + + const uint32_t sn_size = conf->entity.pdcp_xfrm.sn_size; + /* According to formula(7.2.a Window_Size) */ + const uint32_t window_size = 1 << (sn_size - 1); + /* Max value of SN that could fit in `sn_size` bits */ + const uint32_t max_sn = (1 << sn_size) - 1; + const uint32_t shift = (max_sn - window_size) / 2; + /* Could be any number up to `shift` value */ + const uint32_t default_sn = RTE_MIN(2u, shift); + + /* Initialize HFN as non zero value, to be able check values before */ + rx_deliv_hfn = 0xa; + + switch (type) { + case SN_RANGE_PLUS_WINDOW: + /* Within window size, HFN stay same */ + new_hfn = rx_deliv_hfn; + rx_deliv_sn = default_sn; + new_sn = rx_deliv_sn + 1; + expected_ret = TEST_SUCCESS; + break; + case SN_RANGE_MINUS_WINDOW: + /* Within window size, HFN stay same */ + new_hfn = rx_deliv_hfn; + rx_deliv_sn = default_sn; + new_sn = rx_deliv_sn - 1; + expected_ret = TEST_FAILED; + break; + case SN_RANGE_PLUS_OUTSIDE: + /* RCVD_SN >= SN(RX_DELIV) + Window_Size */ + new_hfn = rx_deliv_hfn - 1; + rx_deliv_sn = default_sn; + new_sn = rx_deliv_sn + window_size; + expected_ret = TEST_FAILED; + break; + case SN_RANGE_MINUS_OUTSIDE: + /* RCVD_SN < SN(RX_DELIV) - Window_Size */ + new_hfn = rx_deliv_hfn + 1; + rx_deliv_sn = window_size + default_sn; + new_sn = rx_deliv_sn - window_size - 1; + expected_ret = TEST_SUCCESS; + break; + default: + return TEST_FAILED; + } + + rx_deliv = PDCP_SET_COUNT(rx_deliv_hfn, rx_deliv_sn, sn_size); + + /* Configure Uplink to generate expected, encrypted packet */ + pdcp_sn_to_raw_set(conf->input, new_sn, conf->entity.pdcp_xfrm.sn_size); + conf->entity.reverse_iv_direction = true; + conf->entity.count = PDCP_SET_COUNT(new_hfn, new_sn, sn_size); + conf->output_len = 0; + ret = test_attempt_single(conf); + if (ret != TEST_SUCCESS) + return ret; + + /* Flip configuration to downlink */ + uplink_to_downlink_convert(conf, &dl_conf); + /* Modify the rx_deliv to verify the expected behaviour */ + dl_conf.entity.count = rx_deliv; + ret = test_attempt_single(&dl_conf); + if (ret == TEST_SKIPPED) + return TEST_SKIPPED; + TEST_ASSERT_EQUAL(ret, expected_ret, "Unexpected result"); + + return TEST_SUCCESS; +} + +static int +test_sn_range_type(enum sn_range_type type) +{ + int i, ret, passed = 0; + struct pdcp_test_conf t_conf; + + int nb_test = RTE_DIM(pdcp_test_params); + + for (i = 0; i < nb_test; i++) { + create_test_conf_from_index(i, &t_conf); + if (t_conf.entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) + continue; + printf("[%03i] - %s", i, pdcp_test_params[i].name); + ret = test_sn_range_type_with_config(type, &t_conf); + if (ret == TEST_FAILED) { + printf(" - failed\n"); + return ret; + } else if (ret == TEST_SKIPPED) { + printf(" - skipped\n"); + continue; + } + printf(" - passed\n"); + passed += 1; + } + + printf("Passed: %i\n", passed); + + return TEST_SUCCESS; +} + +static int +test_sn_plus_window(void) +{ + return test_sn_range_type(SN_RANGE_PLUS_WINDOW); +} + +static int +test_sn_minus_window(void) +{ + return test_sn_range_type(SN_RANGE_MINUS_WINDOW); +} + + +static int +test_sn_plus_outside(void) +{ + return test_sn_range_type(SN_RANGE_PLUS_OUTSIDE); +} + +static int +test_sn_minus_outside(void) +{ + return test_sn_range_type(SN_RANGE_MINUS_OUTSIDE); +} + static int test_iterate_all(void) { @@ -632,6 +871,7 @@ test_iterate_all(void) printf(" - passed\n"); passed += 1; } + printf("Passed: %i\n", passed); return TEST_SUCCESS; @@ -643,8 +883,52 @@ test_sample(void) return test_iterate_all(); } -static struct unit_test_suite pdcp_testsuite = { - .suite_name = "PDCP Unit Test Suite", +static int +test_combined(void) +{ + struct pdcp_test_conf ul_conf, dl_conf; + int ret, nb_test, i, passed = 0; + + nb_test = RTE_DIM(pdcp_test_params); + + for (i = 0; i < nb_test; i++) { + create_test_conf_from_index(i, &ul_conf); + if (ul_conf.entity.pdcp_xfrm.pkt_dir == RTE_SECURITY_PDCP_DOWNLINK) + continue; + + ul_conf.entity.reverse_iv_direction = true; + ul_conf.output_len = 0; + printf("[%03i] - %s", i, pdcp_test_params[i].name); + + ret = test_attempt_single(&ul_conf); + if (ret == TEST_FAILED) { + printf(" - failed\n"); + return ret; + } else if (ret == TEST_SKIPPED) { + printf(" - skipped\n"); + continue; + } + + uplink_to_downlink_convert(&ul_conf, &dl_conf); + ret = test_attempt_single(&dl_conf); + if (ret == TEST_FAILED) { + printf(" - failed\n"); + return ret; + } else if (ret == TEST_SKIPPED) { + printf(" - skipped\n"); + continue; + } + + printf(" - passed\n"); + passed += 1; + } + printf("Passed: %i\n", passed); + + return TEST_SUCCESS; +} + +static struct unit_test_suite known_vector_cases = { + .suite_name = "PDCP known vectors", .setup = testsuite_setup, .teardown = testsuite_teardown, .unit_test_cases = { @@ -654,10 +938,62 @@ static struct unit_test_suite pdcp_testsuite = { } }; +static struct unit_test_suite combined_mode_cases = { + .suite_name = "PDCP combined mode", + .setup = testsuite_setup, + .teardown = testsuite_teardown, + .unit_test_cases = { + TEST_CASE_ST(ut_setup_pdcp, ut_teardown_pdcp, + test_combined), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + +static struct unit_test_suite hfn_sn_test_cases = { + .suite_name = "PDCP HFN/SN", + .setup = testsuite_setup, + .teardown = testsuite_teardown, + .unit_test_cases = { + TEST_CASE_ST(ut_setup_pdcp, ut_teardown_pdcp, + test_sn_plus_window), + TEST_CASE_ST(ut_setup_pdcp, ut_teardown_pdcp, + test_sn_minus_window), + TEST_CASE_ST(ut_setup_pdcp, ut_teardown_pdcp, + test_sn_plus_outside), + TEST_CASE_ST(ut_setup_pdcp, ut_teardown_pdcp, + test_sn_minus_outside), + TEST_CASES_END() /**< NULL terminate unit test array */ + } +}; + static int test_pdcp(void) { - return unit_test_suite_runner(&pdcp_testsuite); + int ret; + + static struct unit_test_suite pdcp_testsuite = { + .suite_name = "PDCP Unit Test Suite", + .unit_test_cases = {TEST_CASES_END()}, + }; + + struct unit_test_suite *static_suites[] = { + &known_vector_cases, + &combined_mode_cases, + &hfn_sn_test_cases, + NULL /* End of suites list */ + }; + + pdcp_testsuite.unit_test_suites = rte_zmalloc(NULL, sizeof(static_suites), 0); + if (pdcp_testsuite.unit_test_suites == NULL) { + RTE_LOG(ERR, USER1, "No memory for: '%s'\n", pdcp_testsuite.suite_name); + return TEST_FAILED; + } + + memcpy(pdcp_testsuite.unit_test_suites, static_suites, sizeof(static_suites)); + + ret = unit_test_suite_runner(&pdcp_testsuite); + rte_free(pdcp_testsuite.unit_test_suites); + return ret; } REGISTER_TEST_COMMAND(pdcp_autotest, test_pdcp); From patchwork Thu Dec 22 09:25:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anoob Joseph X-Patchwork-Id: 121283 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@inbox.dpdk.org Delivered-To: patchwork@inbox.dpdk.org Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id DE4AAA034C; Thu, 22 Dec 2022 10:28:11 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AFBEC42BB1; Thu, 22 Dec 2022 10:27:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 90F7542BB1 for ; Thu, 22 Dec 2022 10:27:52 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2BM9MYPk003843; Thu, 22 Dec 2022 01:27:51 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=gVaOEMLjx9DJT4l6pzn5N+a0bIa/nCbwOl2vN4yKmag=; b=NlJ5OrqfnNXI54e8ih2JxGxQ56RkMFpj5v8YH+Mz6Kx2uCi4Z3vgd/CdRu/V/QJWl5db Hu9qhAfQs2SZe/Yzq7hvozg+rkdYAVtdEvahyVgLEapFZZgyJ+DeG74NUqcV4ssX8yxJ IA3hisbUrHsh+M4Syc6TLdAzuvkQJ77zYOphsISLRC8vDNLLLOKMGlO9Wtyjmqx3GVUY pGWlYN0Vu0x2eeoKs1Mxhn0TSlwJA8JVHotAAi6RRKDrQNHOP6i0YNBJi/1SMOYgsDo1 CiQA8WlSuMkvuvXS++fOAFD9AbsZUaZVyc5q4+DteJacRXFYCBcpOvSJgzKWACG9CsSL Sw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3mhe5rsu1m-6 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 22 Dec 2022 01:27:51 -0800 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 22 Dec 2022 01:25:47 -0800 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.42 via Frontend Transport; Thu, 22 Dec 2022 01:25:47 -0800 Received: from BG-LT92004.corp.innovium.com (unknown [10.193.66.59]) by maili.marvell.com (Postfix) with ESMTP id C66033F7074; Thu, 22 Dec 2022 01:25:43 -0800 (PST) From: Anoob Joseph To: Thomas Monjalon , Akhil Goyal , Jerin Jacob , Konstantin Ananyev , Bernard Iremonger CC: Hemant Agrawal , =?utf-8?q?Mattias_R=C3=B6nnblom?= , "Kiran Kumar K" , Volodymyr Fialko , , Olivier Matz Subject: [PATCH 5/5] doc: add PDCP library guide Date: Thu, 22 Dec 2022 14:55:22 +0530 Message-ID: <20221222092522.1628-6-anoobj@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20221222092522.1628-1-anoobj@marvell.com> References: <20221027052140.155-1-anoobj@marvell.com> <20221222092522.1628-1-anoobj@marvell.com> MIME-Version: 1.0 X-Proofpoint-GUID: nUsovLVpbxPEHDgwBmZM60SCEXEZfKIv X-Proofpoint-ORIG-GUID: nUsovLVpbxPEHDgwBmZM60SCEXEZfKIv X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.923,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-12-22_04,2022-12-21_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Add guide for PDCP library. Signed-off-by: Anoob Joseph Signed-off-by: Kiran Kumar K Signed-off-by: Volodymyr Fialko --- .../img/pdcp_functional_overview.svg | 1 + doc/guides/prog_guide/index.rst | 1 + doc/guides/prog_guide/pdcp_lib.rst | 211 ++++++++++++++++++ 3 files changed, 213 insertions(+) create mode 100644 doc/guides/prog_guide/img/pdcp_functional_overview.svg create mode 100644 doc/guides/prog_guide/pdcp_lib.rst diff --git a/doc/guides/prog_guide/img/pdcp_functional_overview.svg b/doc/guides/prog_guide/img/pdcp_functional_overview.svg new file mode 100644 index 0000000000..287daafc21 --- /dev/null +++ b/doc/guides/prog_guide/img/pdcp_functional_overview.svg @@ -0,0 +1 @@ +Radio Interface (Uu/PC5)UE/NG-RAN/UE ANG-RAN/UE/UE BTransmitting PDCP entityReceiving PDCP entityTransmission buffer:SequencenumberingHeader or uplink dataCompressionHeader or uplink dataDecompressionRouting / DuplicationAdd PDCP headerCipheringIntegrity protectionPackets associated to a PDCP SDUPackets not associated to a PDCP SDURemove PDCP HeaderDecipheringIntegrity VerificationReception buffer:ReorderingDuplicate discardingPackets associated to a PDCP SDUPackets not associated to a PDCP SDU \ No newline at end of file diff --git a/doc/guides/prog_guide/index.rst b/doc/guides/prog_guide/index.rst index 8564883018..d062cd53ac 100644 --- a/doc/guides/prog_guide/index.rst +++ b/doc/guides/prog_guide/index.rst @@ -76,4 +76,5 @@ Programmer's Guide lto profile_app asan + pdcp_lib glossary diff --git a/doc/guides/prog_guide/pdcp_lib.rst b/doc/guides/prog_guide/pdcp_lib.rst new file mode 100644 index 0000000000..8e89f0e3a1 --- /dev/null +++ b/doc/guides/prog_guide/pdcp_lib.rst @@ -0,0 +1,211 @@ +.. SPDX-License-Identifier: BSD-3-Clause + Copyright(C) 2022 Marvell. + +PDCP Protocol Processing Library +================================ + +DPDK provides a library for PDCP protocol processing. The library utilizes +other DPDK libraries such as cryptodev, reorder etc to provide the application +with a transparent and high performant PDCP protocol processing library. + +The library abstracts complete PDCP protocol processing conforming to +``ETSI TS 138 323 V17.1.0 (2022-08)``. +https://www.etsi.org/deliver/etsi_ts/138300_138399/138323/17.01.00_60/ts_138323v170100p.pdf + +PDCP would involve the following operations, + +1. Transfer of user plane data +2. Transfer of control plane data +3. Header compression +4. Uplink data compression +5. Ciphering and integrity protection + +.. _figure_pdcp_functional_overview: + +.. figure:: img/pdcp_functional_overview.* + + PDCP functional overview new + +PDCP library would abstract the protocol offload features of the cryptodev and +would provide a uniform interface and consistent API usage to work with +cryptodev irrespective of the protocol offload features supported. + +PDCP entity API +--------------- + +PDCP library provides following control path APIs that is used to +configure various PDCP entities, + +1. rte_pdcp_entity_establish() +2. rte_pdcp_entity_suspend() +3. rte_pdcp_entity_release() + +A PDCP entity would translate to one ``rte_cryptodev_sym_session`` or +``rte_security_session`` based on the config. The sessions would be created/ +destroyed while corresponding PDCP entity operations are performed. + +PDCP packet processing API +-------------------------- + +PDCP processing is split into 2 parts. One before cryptodev processing +(``rte_pdcp_pkt_pre_process()``) and one after cryptodev processing +(``rte_pdcp_pkt_post_process()``). Since cryptodev dequeue can return crypto +operations belonging to multiple entities, ``rte_pdcp_pkt_crypto_group()`` +is added to help grouping crypto operations belonging to same PDCP entity. + +Lib PDCP would allow application to use same API sequence while leveraging +protocol offload features enabled by ``rte_security`` library. Lib PDCP would +internally change the handles registered for ``pre_process`` and +``post_process`` based on features enabled in the entity. + +Lib PDCP would create the required sessions on the device provided in entity to +minimize the application requirements. Also, the crypto_op allocation and free +would also be done internally by lib PDCP to allow the library to create +crypto ops as required for the input packets. For example, when control PDUs are +received, no cryptodev enqueue-dequeue is expected for the same and lib PDCP +is expected to handle it differently. + +.. code-block:: c + + struct rte_mbuf **out_mb, *pkts[MAX_BURST_SIZE]; + struct rte_crypto_op *cop[MAX_BURST_SIZE]; + struct rte_pdcp_group grp[MAX_BURST_SIZE]; + struct rte_pdcp_entity *pdcp_entity; + int nb_max_out_mb, ret, nb_grp; + + /* Create PDCP entity */ + pdcp_entity = rte_pdcp_entity_establish(&conf); + + /** + * Allocate buffer for holding mbufs returned during PDCP suspend, + * release & post-process APIs. + */ + + /* Max packets that can be cached in entity + burst size */ + nb_max_out_mb = pdcp_entity->max_pkt_cache + 1; + out_mb = rte_malloc(NULL, nb_max_out_mb * sizeof(uintptr_t), 0); + if (out_mb == NULL) { + /* Handle error */ + } + + while (1) { + /* Receive packet and form mbuf */ + + /** + * Prepare packets for crypto operation. Following operations + * would be done, + * + * Transmitting entity/UL (only data PDUs): + * - Perform compression + * - Assign sequence number + * - Add PDCP header + * - Create & prepare crypto_op + * - Prepare IV for crypto operation (auth_gen, encrypt) + * - Save original PDCP SDU (during PDCP re-establishment, + * unconfirmed PDCP SDUs need to crypto processed again and + * transmitted/re-transmitted) + * + * Receiving entity/DL: + * - Any control PDUs received would be processed and + * appropriate actions taken. If data PDU, continue. + * - Determine sequence number (based on HFN & per packet SN) + * - Prepare crypto_op + * - Prepare IV for crypto operation (decrypt, auth_verify) + */ + nb_success = rte_pdcp_pkt_pre_process(pdcp_entity, pkts, cop, + nb_rx, &nb_err); + if (nb_err != 0) { + /* Handle error packets */ + } + + if ((rte_cryptodev_enqueue_burst(dev_id, qp_id, cop, nb_success) + != nb_success) { + /* Retry for enqueue failure packets */ + } + + ... + + ret = rte_cryptodev_dequeue_burst(dev_id, qp_id, cop, + MAX_BURST_SIZE); + if (ret == 0) + continue; + + /** + * Received a burst of completed crypto ops from cryptodev. It + * may belong to various entities. Group similar ones together + * for entity specific post-processing. + */ + + /** + * Groups similar entities together. Frees crypto op and based + * on crypto_op status, set mbuf->ol_flags which would be + * checked in rte_pdcp_pkt_post_process(). + */ + nb_grp = rte_pdcp_pkt_crypto_group(cop, pkts, grp, ret); + + for (i = 0; i != nb_grp; i++) { + + /** + * Post process packets after crypto completion. + * Following operations would be done, + * + * Transmitting entity/UL: + * - Check crypto result + * + * Receiving entity/DL: + * - Check crypto operation status + * - Check for duplication (if yes, drop duplicate) + * - Perform decompression + * - Trim PDCP header + * - Hold packet (SDU) for in-order delivery (return + * completed packets as and when sequence is + * completed) + * - If not in sequence, cache the packet and start + * t-Reordering timer. When timer expires, the + * packets need to delivered to upper layers (not + * treated as error packets). + */ + nb_success = rte_pdcp_pkt_post_process(grp[i].id.ptr, + grp[i].m, out_mb, + grp[i].cnt, + &nb_err); + if (nb_err != 0) { + /* Handle error packets */ + } + + /* Perform additional operations */ + + /** + * Transmitting entity/UL + * - If duplication is enabled, duplicate PDCP PDUs + * - When lower layers confirm reception of a PDCP PDU, + * it should be communicated to PDCP layer so that + * PDCP can drop the corresponding SDU + */ + } + } + + +Supported features +------------------ + +- 12 bit & 18 bit sequence numbers +- Uplink & downlink traffic +- HFN increment +- IV generation as required per algorithm + +Supported ciphering algorithms +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- NULL +- AES-CTR +- SNOW3G-CIPHER +- ZUC-CIPHER + +Supported integrity protection algorithms +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +- NULL +- AES-CMAC +- SNOW3G-AUTH +- ZUC-AUTH