Please refer to the suggestion from the AE team.
Can they try the DPDK from:
https://github.com/nxpmicro/dpdk/tree/19.11-qoriq
branch: 19.11-qoriq
Next, they can refer the example code in :
https://github.com/NXPmicro/dpdk/blob/19.11-qoriq/app/test/test_cryptodev_security_pdcp.c
Please note that LS processors supports SNOW and ZUC as security offload.
Here are additional information:
#####
#13 PDCP support in DPDK
PDCP is supported using rte_securityAPIs as illustrated below. It support all PDCP algosfor both control/data plane for all SN sizes.
Get device context
void *rte_cryptodev_get_sec_ctx(uint8_t dev_id)
void *rte_eth_dev_get_sec_ctx(uint8_t port_id)
Create Session
struct rte_security_session* rte_security_session_create(
struct rte_security_ctx*instance,
struct rte_security_session_conf*conf,
struct rte_mempool*mp);
Update (rte_security_session_update)
Destroy (rte_security_session_destroy)
Attach session with crypto_op(rte_security_attach_session)
/* Security context for crypto/eth devices */
struct rte_security_ctx{
void *device;
/**< Crypto/ethernet device attached */
conststruct rte_security_ops*ops;
/**< Pointer to security ops for the device */
uint16_t sess_cnt;
/**< Number of sessions attached to this context */
};
/** security session configuration parameters */
struct rte_security_session_confsess_conf= {
.action_type= RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
.protocol = RTE_SECURITY_PROTOCOL_PDCP,
{.pdcp= {
.bearer = pdcp_test_bearer[i],
.domain = pdcp_test_params[i].domain,
.pkt_dir= pdcp_test_packet_direction[i],
.sn_size= pdcp_test_data_sn_size[i],
.hfn= pdcp_test_hfn[i],
.hfn_threshold= pdcp_test_hfn_threshold[i],
} },
.crypto_xform= &ut_params->cipher_xform
};
#14 rte_security–PDCP xform
Create PDCP security session using rte_security_session_create() with updated session configuration as follows:
struct rte_security_session_conf{
enumrte_security_session_action_typeaction_type; /**< Type of action to be performed on the session */
enumrte_security_session_protocolprotocol; /**< Security protocol to be configured */
RTE_STD_C11
union {
struct rte_security_ipsec_xformipsec; /**< IPSec specific configurations */
struct rte_security_macsec_xformmacsec; /**< macsecSpecific configurations */
struct rte_security_pdcp_xformpdcp; /**< PDCP specific configurations */
}; /**< Configuration parameters for security session */
struct rte_crypto_sym_xform*crypto_xform; /**< Security Session Crypto Transformations */
void *userdata; /**< Application specific userdatato be saved with session */
};
•Here protocolshould be RTE_SECURITY_PROTOCOL_PDCP.
#15 PDCP Configuration
/**
* PDCP security association configuration data.
*
* This structure contains data required to create a PDCP security session.
*/
struct rte_security_pdcp_xform{
int8_t bearer; /**< PDCP bearer ID */
enumrte_security_pdcp_domaindomain; /** < PDCP mode of operation: Control or data */
enumrte_security_pdcp_directionpkt_dir; /**< PDCP Frame Direction 0:UL 1:DL */
enumrte_security_pdcp_sn_sizesn_size; /**< Sequence number size, 5/7/12/15/18 */
int8_t hfn_ovd; /**< Overwrite HFN per operation 0:disable,1:enable */
uint32_t hfn; /**< Hyper Frame Number */
uint32_t hfn_threshold; /**< HFN Threshold for key renegotiation */
};
#16 PDCP Supported Algos/SN sizes
A test code can be seen in DPDK test app and test-crypto-perf app
#17 Crypto algosupport
•Cipher
−AES-128/256 –both CBC/CTR mode
−3DES
−SNOW-3G-UEA2
−ZUC-EEA2
•Auth
−HMAC-SHA1
−HMAC-SHA256/384/512
−HMAC-MD5
−SNOW-3G-UIA2
−ZUC-EIA2
•AEAD
−AES-GCM 128/256
Note: Cipher+Authis supported in single pass for ipsecalgoonly. It is not supported for PDCP algosin non-security mode.
Though HW is capable of supporting many more algos, they are yet to be enabled in software.
#18 RTE_SECURITY based IPSEC algoin DPAAx_SECdrivers
•Cipher
−AES-128/256 –both CBC/CTR mode
−3DES
•Auth
−HMAC-SHA1
−HMAC-SHA256/384/512
−HMAC-MD5
•AEAD
−AES-GCM 128/256
Note: Cipher+Authis supported in single pass
Though HW is capable of supporting many more algos, they are yet to be enabled in software.
#####
