[2/5] security: add pdcp short MAC-I support
Checks
Commit Message
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treaty as special case with PDCP protocol offload support.
ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.
MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
app/test-crypto-perf/cperf_options_parsing.c | 8 +++++++-
doc/guides/prog_guide/rte_security.rst | 11 ++++++++++-
doc/guides/tools/cryptoperf.rst | 2 +-
lib/security/rte_security.h | 1 +
4 files changed, 19 insertions(+), 3 deletions(-)
Comments
> From: Hemant Agrawal <hemant.agrawal@nxp.com>
>
Title should be "security: support PDCP short MAC-I"
> This patch add support to handle PDCP short MAC-I domain
> along with standard control and data domains as it has to
> be treaty as special case with PDCP protocol offload support.
Spell check treated.
>
> ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> when a RRC message is exchanged between UE and eNodeB it is integrity &
> ciphered protected.
>
> MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> and C-RNTI of old cell). Other parameters like count, bearer and
> direction set to all 1.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
> app/test-crypto-perf/cperf_options_parsing.c | 8 +++++++-
> doc/guides/prog_guide/rte_security.rst | 11 ++++++++++-
> doc/guides/tools/cryptoperf.rst | 2 +-
> lib/security/rte_security.h | 1 +
> 4 files changed, 19 insertions(+), 3 deletions(-)
>
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index e84f56cfaa..0348972c85 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> char *arg)
>
> const char *cperf_pdcp_domain_strs[] = {
> [RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> - [RTE_SECURITY_PDCP_MODE_DATA] = "data"
> + [RTE_SECURITY_PDCP_MODE_DATA] = "data",
> + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
> };
>
> static int
> @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> const char *arg)
> cperf_pdcp_domain_strs
> [RTE_SECURITY_PDCP_MODE_DATA],
> RTE_SECURITY_PDCP_MODE_DATA
> + },
> + {
> + cperf_pdcp_domain_strs
> + [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> + RTE_SECURITY_PDCP_MODE_SHORT_MAC
> }
> };
>
> diff --git a/doc/guides/prog_guide/rte_security.rst
> b/doc/guides/prog_guide/rte_security.rst
> index f72bc8a78f..ad92c16868 100644
> --- a/doc/guides/prog_guide/rte_security.rst
> +++ b/doc/guides/prog_guide/rte_security.rst
> @@ -1,5 +1,5 @@
> .. SPDX-License-Identifier: BSD-3-Clause
> - Copyright 2017,2020 NXP
> + Copyright 2017,2020-2021 NXP
>
>
>
> @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
> },
> .crypto_capabilities = pmd_capabilities
> },
> + { /* PDCP Lookaside Protocol offload short MAC-I */
> + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> + .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> + .pdcp = {
> + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> + .capa_flags = 0
> + },
> + .crypto_capabilities = pmd_capabilities
> + },
> {
> .action = RTE_SECURITY_ACTION_TYPE_NONE
> }
> diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> index be3109054d..9a7b990596 100644
> --- a/doc/guides/tools/cryptoperf.rst
> +++ b/doc/guides/tools/cryptoperf.rst
> @@ -318,7 +318,7 @@ The following are the application command-line
> options:
>
> * ``--pdcp-domain <control/user>``
You can add short_mac here as well.
>
> - Set PDCP domain to specify Control/user plane.
> + Set PDCP domain to specify short_mac/control/user plane.
>
> * ``--docsis-hdr-sz <n>``
>
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de0a6..2e136d7929 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
> enum rte_security_pdcp_domain {
> RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control
> plane */
> RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
> + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac
> */
> };
>
> /** PDCP Frame direction */
> --
> 2.25.1
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
const char *cperf_pdcp_domain_strs[] = {
[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
- [RTE_SECURITY_PDCP_MODE_DATA] = "data"
+ [RTE_SECURITY_PDCP_MODE_DATA] = "data",
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
};
static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
cperf_pdcp_domain_strs
[RTE_SECURITY_PDCP_MODE_DATA],
RTE_SECURITY_PDCP_MODE_DATA
+ },
+ {
+ cperf_pdcp_domain_strs
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC
}
};
@@ -1,5 +1,5 @@
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright 2017,2020 NXP
+ Copyright 2017,2020-2021 NXP
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
},
.crypto_capabilities = pmd_capabilities
},
+ { /* PDCP Lookaside Protocol offload short MAC-I */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+ .pdcp = {
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .capa_flags = 0
+ },
+ .crypto_capabilities = pmd_capabilities
+ },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
@@ -318,7 +318,7 @@ The following are the application command-line options:
* ``--pdcp-domain <control/user>``
- Set PDCP domain to specify Control/user plane.
+ Set PDCP domain to specify short_mac/control/user plane.
* ``--docsis-hdr-sz <n>``
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
enum rte_security_pdcp_domain {
RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */
RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac */
};
/** PDCP Frame direction */