SDAP header when enabled needs to be authenticated but not encrypted.
Signed-off-by: Aakash Sasidharan <asasidha...@marvell.com>
---
lib/pdcp/pdcp_entity.h | 2 ++
lib/pdcp/pdcp_process.c | 22 ++++++++++++++++------
2 files changed, 18 insertions(+), 6 deletions(-)
diff --git a/lib/pdcp/pdcp_entity.h b/lib/pdcp/pdcp_entity.h
index 9f74b5d0e5..4fc6342a5c 100644
--- a/lib/pdcp/pdcp_entity.h
+++ b/lib/pdcp/pdcp_entity.h
@@ -171,6 +171,8 @@ struct entity_priv {
uint8_t hdr_sz;
/** PDCP AAD size. For AES-CMAC, additional message is prepended for
the operation. */
uint8_t aad_sz;
+ /** PDCP cipher skip size. When enabled, SDAP header needs to be
skipped from ciphering */
+ uint8_t cipher_skip_sz;
/** Device ID of the device to be used for offload. */
uint8_t dev_id;
};
diff --git a/lib/pdcp/pdcp_process.c b/lib/pdcp/pdcp_process.c
index c2f28d4d77..9b9b881124 100644
--- a/lib/pdcp/pdcp_process.c
+++ b/lib/pdcp/pdcp_process.c
@@ -391,7 +391,7 @@ pdcp_pre_process_uplane_sn_12_ul(const struct
rte_pdcp_entity *entity, struct rt
uint8_t *mac_i;
int i;
- const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz;
+ const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz +
en_priv->cipher_skip_sz;
const int is_null_auth = en_priv->flags.is_null_auth;
nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop,
@@ -477,7 +477,7 @@ pdcp_pre_process_uplane_sn_18_ul(const struct
rte_pdcp_entity *entity, struct rt
uint8_t *mac_i;
int i;
- const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz;
+ const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz +
en_priv->cipher_skip_sz;
const int is_null_auth = en_priv->flags.is_null_auth;
nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop,
@@ -540,7 +540,7 @@ pdcp_pre_process_cplane_sn_12_ul(const struct
rte_pdcp_entity *entity, struct rt
int i;
const uint8_t hdr_sz = en_priv->hdr_sz;
- const uint8_t data_offset = hdr_sz + en_priv->aad_sz;
+ const uint8_t data_offset = hdr_sz + en_priv->aad_sz +
en_priv->cipher_skip_sz;
const int is_null_auth = en_priv->flags.is_null_auth;
nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop,
@@ -658,7 +658,7 @@ pdcp_pre_process_uplane_sn_12_dl_flags(const struct
rte_pdcp_entity *entity,
uint32_t count;
int i;
- const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz;
+ const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz +
en_priv->cipher_skip_sz;
nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop,
num);
@@ -727,7 +727,7 @@ pdcp_pre_process_uplane_sn_18_dl_flags(const struct
rte_pdcp_entity *entity,
uint32_t count;
int i;
- const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz;
+ const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz +
en_priv->cipher_skip_sz;
nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop,
num);
@@ -795,7 +795,7 @@ pdcp_pre_process_cplane_sn_12_dl(const struct
rte_pdcp_entity *entity, struct rt
int32_t rsn;
int i;
- const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz;
+ const uint8_t data_offset = en_priv->hdr_sz + en_priv->aad_sz +
en_priv->cipher_skip_sz;
nb_cop = rte_crypto_op_bulk_alloc(en_priv->cop_pool,
RTE_CRYPTO_OP_TYPE_SYMMETRIC, cop,
num);
@@ -1202,6 +1202,16 @@ pdcp_entity_priv_populate(struct entity_priv *en_priv,
const struct rte_pdcp_ent
else
en_priv->aad_sz = 0;
+ /**
+ * cipher_skip_sz
+ *
+ * When SDAP protocol is enabled for the PDCP entity, skip the SDAP
header from ciphering.
+ */
+ if (conf->pdcp_xfrm.sdap_enabled)
+ en_priv->cipher_skip_sz = 1;
+ else
+ en_priv->cipher_skip_sz = 0;
+
return 0;
}
--
2.25.1
