[v3,1/4] security: support PDCP short MAC-I
Checks
Commit Message
From: Hemant Agrawal <hemant.agrawal@nxp.com>
This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treated as special case with PDCP protocol offload support.
ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.
MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.
Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++-
doc/guides/prog_guide/rte_security.rst | 11 ++++++++-
doc/guides/tools/cryptoperf.rst | 4 ++--
drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++----------
lib/security/rte_security.h | 1 +
5 files changed, 33 insertions(+), 16 deletions(-)
Comments
> From: Hemant Agrawal <hemant.agrawal@nxp.com>
>
> This patch add support to handle PDCP short MAC-I domain
> along with standard control and data domains as it has to
> be treated as special case with PDCP protocol offload support.
>
> ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> when a RRC message is exchanged between UE and eNodeB it is integrity &
> ciphered protected.
>
> MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> and C-RNTI of old cell). Other parameters like count, bearer and
> direction set to all 1.
>
> Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
> app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++-
> doc/guides/prog_guide/rte_security.rst | 11 ++++++++-
> doc/guides/tools/cryptoperf.rst | 4 ++--
> drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++----------
Why is the dpaa2_sec patch squashed in this patch?
I asked to have it as a separate patch in this series instead of the dpaa_sec series.
> lib/security/rte_security.h | 1 +
> 5 files changed, 33 insertions(+), 16 deletions(-)
>
> diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> perf/cperf_options_parsing.c
> index e84f56cfaa..0348972c85 100644
> --- a/app/test-crypto-perf/cperf_options_parsing.c
> +++ b/app/test-crypto-perf/cperf_options_parsing.c
> @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> char *arg)
>
> const char *cperf_pdcp_domain_strs[] = {
> [RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> - [RTE_SECURITY_PDCP_MODE_DATA] = "data"
> + [RTE_SECURITY_PDCP_MODE_DATA] = "data",
> + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
> };
>
> static int
> @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> const char *arg)
> cperf_pdcp_domain_strs
> [RTE_SECURITY_PDCP_MODE_DATA],
> RTE_SECURITY_PDCP_MODE_DATA
> + },
> + {
> + cperf_pdcp_domain_strs
> + [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> + RTE_SECURITY_PDCP_MODE_SHORT_MAC
> }
> };
>
> diff --git a/doc/guides/prog_guide/rte_security.rst
> b/doc/guides/prog_guide/rte_security.rst
> index f72bc8a78f..ad92c16868 100644
> --- a/doc/guides/prog_guide/rte_security.rst
> +++ b/doc/guides/prog_guide/rte_security.rst
> @@ -1,5 +1,5 @@
> .. SPDX-License-Identifier: BSD-3-Clause
> - Copyright 2017,2020 NXP
> + Copyright 2017,2020-2021 NXP
>
>
>
> @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
> },
> .crypto_capabilities = pmd_capabilities
> },
> + { /* PDCP Lookaside Protocol offload short MAC-I */
> + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> + .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> + .pdcp = {
> + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> + .capa_flags = 0
> + },
> + .crypto_capabilities = pmd_capabilities
> + },
> {
> .action = RTE_SECURITY_ACTION_TYPE_NONE
> }
> diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> index be3109054d..d3963f23e3 100644
> --- a/doc/guides/tools/cryptoperf.rst
> +++ b/doc/guides/tools/cryptoperf.rst
> @@ -316,9 +316,9 @@ The following are the application command-line
> options:
> Set PDCP sequence number size(n) in bits. Valid values of n will
> be 5/7/12/15/18.
>
> -* ``--pdcp-domain <control/user>``
> +* ``--pdcp-domain <control/user/short_mac>``
>
> - Set PDCP domain to specify Control/user plane.
> + Set PDCP domain to specify short_mac/control/user plane.
>
> * ``--docsis-hdr-sz <n>``
>
> diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> index d6a101499a..b8d57c2b22 100644
> --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
> struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
> struct rte_crypto_sym_xform *xform = conf->crypto_xform;
> struct rte_crypto_auth_xform *auth_xform = NULL;
> - struct rte_crypto_cipher_xform *cipher_xform;
> + struct rte_crypto_cipher_xform *cipher_xform = NULL;
> dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
> struct ctxt_priv *priv;
> struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
> @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct
> rte_cryptodev *dev,
> flc = &priv->flc_desc[0].flc;
>
> /* find xfrm types */
> - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
> >next == NULL) {
> - cipher_xform = &xform->cipher;
> - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> - session->ext_params.aead_ctxt.auth_cipher_text = true;
> + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> cipher_xform = &xform->cipher;
> - auth_xform = &xform->next->auth;
> - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> - session->ext_params.aead_ctxt.auth_cipher_text = false;
> - cipher_xform = &xform->next->cipher;
> + if (xform->next != NULL) {
> + session->ext_params.aead_ctxt.auth_cipher_text =
> true;
> + auth_xform = &xform->next->auth;
> + }
> + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> auth_xform = &xform->auth;
> + if (xform->next != NULL) {
> + session->ext_params.aead_ctxt.auth_cipher_text =
> false;
> + cipher_xform = &xform->next->cipher;
> + }
> } else {
> DPAA2_SEC_ERR("Invalid crypto type");
> return -EINVAL;
> @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> *dev,
> session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
> session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
> /* hfv ovd offset location is stored in iv.offset value*/
> - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> + if (cipher_xform)
> + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
>
> cipherdata.key = (size_t)session->cipher_key.data;
> cipherdata.keylen = session->cipher_key.length;
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 88d31de0a6..2e136d7929 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
> enum rte_security_pdcp_domain {
> RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control
> plane */
> RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
> + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac
> */
> };
>
> /** PDCP Frame direction */
> --
> 2.25.1
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, September 8, 2021 5:45 PM
> To: Gagandeep Singh <G.Singh@nxp.com>; dev@dpdk.org
> Cc: thomas@monjalon.net; Hemant Agrawal <hemant.agrawal@nxp.com>
> Subject: RE: [EXT] [PATCH v3 1/4] security: support PDCP short MAC-I
>
> > From: Hemant Agrawal <hemant.agrawal@nxp.com>
> >
> > This patch add support to handle PDCP short MAC-I domain
> > along with standard control and data domains as it has to
> > be treated as special case with PDCP protocol offload support.
> >
> > ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
> > when a RRC message is exchanged between UE and eNodeB it is integrity &
> > ciphered protected.
> >
> > MAC-I = f(key, varShortMAC-I, count, bearer, direction).
> > Here varShortMAC-I is prepared by using (current cellId, pci of source cell
> > and C-RNTI of old cell). Other parameters like count, bearer and
> > direction set to all 1.
> >
> > Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
> > Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> > ---
> > app/test-crypto-perf/cperf_options_parsing.c | 8 ++++++-
> > doc/guides/prog_guide/rte_security.rst | 11 ++++++++-
> > doc/guides/tools/cryptoperf.rst | 4 ++--
> > drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c | 25 ++++++++++----------
>
> Why is the dpaa2_sec patch squashed in this patch?
> I asked to have it as a separate patch in this series instead of the dpaa_sec
> series.
Ok, I will send v4 with a separate patch for dpaa2_sec in this series.
>
> > lib/security/rte_security.h | 1 +
> > 5 files changed, 33 insertions(+), 16 deletions(-)
> >
> > diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-
> > perf/cperf_options_parsing.c
> > index e84f56cfaa..0348972c85 100644
> > --- a/app/test-crypto-perf/cperf_options_parsing.c
> > +++ b/app/test-crypto-perf/cperf_options_parsing.c
> > @@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const
> > char *arg)
> >
> > const char *cperf_pdcp_domain_strs[] = {
> > [RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
> > - [RTE_SECURITY_PDCP_MODE_DATA] = "data"
> > + [RTE_SECURITY_PDCP_MODE_DATA] = "data",
> > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
> > };
> >
> > static int
> > @@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts,
> > const char *arg)
> > cperf_pdcp_domain_strs
> > [RTE_SECURITY_PDCP_MODE_DATA],
> > RTE_SECURITY_PDCP_MODE_DATA
> > + },
> > + {
> > + cperf_pdcp_domain_strs
> > + [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
> > + RTE_SECURITY_PDCP_MODE_SHORT_MAC
> > }
> > };
> >
> > diff --git a/doc/guides/prog_guide/rte_security.rst
> > b/doc/guides/prog_guide/rte_security.rst
> > index f72bc8a78f..ad92c16868 100644
> > --- a/doc/guides/prog_guide/rte_security.rst
> > +++ b/doc/guides/prog_guide/rte_security.rst
> > @@ -1,5 +1,5 @@
> > .. SPDX-License-Identifier: BSD-3-Clause
> > - Copyright 2017,2020 NXP
> > + Copyright 2017,2020-2021 NXP
> >
> >
> >
> > @@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
> > },
> > .crypto_capabilities = pmd_capabilities
> > },
> > + { /* PDCP Lookaside Protocol offload short MAC-I */
> > + .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
> > + .protocol = RTE_SECURITY_PROTOCOL_PDCP,
> > + .pdcp = {
> > + .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
> > + .capa_flags = 0
> > + },
> > + .crypto_capabilities = pmd_capabilities
> > + },
> > {
> > .action = RTE_SECURITY_ACTION_TYPE_NONE
> > }
> > diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
> > index be3109054d..d3963f23e3 100644
> > --- a/doc/guides/tools/cryptoperf.rst
> > +++ b/doc/guides/tools/cryptoperf.rst
> > @@ -316,9 +316,9 @@ The following are the application command-line
> > options:
> > Set PDCP sequence number size(n) in bits. Valid values of n will
> > be 5/7/12/15/18.
> >
> > -* ``--pdcp-domain <control/user>``
> > +* ``--pdcp-domain <control/user/short_mac>``
> >
> > - Set PDCP domain to specify Control/user plane.
> > + Set PDCP domain to specify short_mac/control/user plane.
> >
> > * ``--docsis-hdr-sz <n>``
> >
> > diff --git a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > index d6a101499a..b8d57c2b22 100644
> > --- a/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > +++ b/drivers/crypto/dpaa2_sec/dpaa2_sec_dpseci.c
> > @@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> > *dev,
> > struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
> > struct rte_crypto_sym_xform *xform = conf->crypto_xform;
> > struct rte_crypto_auth_xform *auth_xform = NULL;
> > - struct rte_crypto_cipher_xform *cipher_xform;
> > + struct rte_crypto_cipher_xform *cipher_xform = NULL;
> > dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
> > struct ctxt_priv *priv;
> > struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
> > @@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct
> > rte_cryptodev *dev,
> > flc = &priv->flc_desc[0].flc;
> >
> > /* find xfrm types */
> > - if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform-
> > >next == NULL) {
> > - cipher_xform = &xform->cipher;
> > - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
> > - xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> > - session->ext_params.aead_ctxt.auth_cipher_text = true;
> > + if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> > cipher_xform = &xform->cipher;
> > - auth_xform = &xform->next->auth;
> > - } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
> > - xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
> > - session->ext_params.aead_ctxt.auth_cipher_text = false;
> > - cipher_xform = &xform->next->cipher;
> > + if (xform->next != NULL) {
> > + session->ext_params.aead_ctxt.auth_cipher_text =
> > true;
> > + auth_xform = &xform->next->auth;
> > + }
> > + } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
> > auth_xform = &xform->auth;
> > + if (xform->next != NULL) {
> > + session->ext_params.aead_ctxt.auth_cipher_text =
> > false;
> > + cipher_xform = &xform->next->cipher;
> > + }
> > } else {
> > DPAA2_SEC_ERR("Invalid crypto type");
> > return -EINVAL;
> > @@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev
> > *dev,
> > session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
> > session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
> > /* hfv ovd offset location is stored in iv.offset value*/
> > - session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> > + if (cipher_xform)
> > + session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
> >
> > cipherdata.key = (size_t)session->cipher_key.data;
> > cipherdata.keylen = session->cipher_key.length;
> > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> > index 88d31de0a6..2e136d7929 100644
> > --- a/lib/security/rte_security.h
> > +++ b/lib/security/rte_security.h
> > @@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
> > enum rte_security_pdcp_domain {
> > RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control
> > plane */
> > RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
> > + RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac
> > */
> > };
> >
> > /** PDCP Frame direction */
> > --
> > 2.25.1
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
const char *cperf_pdcp_domain_strs[] = {
[RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
- [RTE_SECURITY_PDCP_MODE_DATA] = "data"
+ [RTE_SECURITY_PDCP_MODE_DATA] = "data",
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
};
static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
cperf_pdcp_domain_strs
[RTE_SECURITY_PDCP_MODE_DATA],
RTE_SECURITY_PDCP_MODE_DATA
+ },
+ {
+ cperf_pdcp_domain_strs
+ [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC
}
};
@@ -1,5 +1,5 @@
.. SPDX-License-Identifier: BSD-3-Clause
- Copyright 2017,2020 NXP
+ Copyright 2017,2020-2021 NXP
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
},
.crypto_capabilities = pmd_capabilities
},
+ { /* PDCP Lookaside Protocol offload short MAC-I */
+ .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+ .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+ .pdcp = {
+ .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+ .capa_flags = 0
+ },
+ .crypto_capabilities = pmd_capabilities
+ },
{
.action = RTE_SECURITY_ACTION_TYPE_NONE
}
@@ -316,9 +316,9 @@ The following are the application command-line options:
Set PDCP sequence number size(n) in bits. Valid values of n will
be 5/7/12/15/18.
-* ``--pdcp-domain <control/user>``
+* ``--pdcp-domain <control/user/short_mac>``
- Set PDCP domain to specify Control/user plane.
+ Set PDCP domain to specify short_mac/control/user plane.
* ``--docsis-hdr-sz <n>``
@@ -3104,7 +3104,7 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
struct rte_security_pdcp_xform *pdcp_xform = &conf->pdcp;
struct rte_crypto_sym_xform *xform = conf->crypto_xform;
struct rte_crypto_auth_xform *auth_xform = NULL;
- struct rte_crypto_cipher_xform *cipher_xform;
+ struct rte_crypto_cipher_xform *cipher_xform = NULL;
dpaa2_sec_session *session = (dpaa2_sec_session *)sess;
struct ctxt_priv *priv;
struct dpaa2_sec_dev_private *dev_priv = dev->data->dev_private;
@@ -3136,18 +3136,18 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
flc = &priv->flc_desc[0].flc;
/* find xfrm types */
- if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER && xform->next == NULL) {
- cipher_xform = &xform->cipher;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
- session->ext_params.aead_ctxt.auth_cipher_text = true;
+ if (xform->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
cipher_xform = &xform->cipher;
- auth_xform = &xform->next->auth;
- } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH &&
- xform->next->type == RTE_CRYPTO_SYM_XFORM_CIPHER) {
- session->ext_params.aead_ctxt.auth_cipher_text = false;
- cipher_xform = &xform->next->cipher;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = true;
+ auth_xform = &xform->next->auth;
+ }
+ } else if (xform->type == RTE_CRYPTO_SYM_XFORM_AUTH) {
auth_xform = &xform->auth;
+ if (xform->next != NULL) {
+ session->ext_params.aead_ctxt.auth_cipher_text = false;
+ cipher_xform = &xform->next->cipher;
+ }
} else {
DPAA2_SEC_ERR("Invalid crypto type");
return -EINVAL;
@@ -3186,7 +3186,8 @@ dpaa2_sec_set_pdcp_session(struct rte_cryptodev *dev,
session->pdcp.hfn_threshold = pdcp_xform->hfn_threshold;
session->pdcp.hfn_ovd = pdcp_xform->hfn_ovrd;
/* hfv ovd offset location is stored in iv.offset value*/
- session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
+ if (cipher_xform)
+ session->pdcp.hfn_ovd_offset = cipher_xform->iv.offset;
cipherdata.key = (size_t)session->cipher_key.data;
cipherdata.keylen = session->cipher_key.length;
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
enum rte_security_pdcp_domain {
RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */
RTE_SECURITY_PDCP_MODE_DATA, /**< PDCP data plane */
+ RTE_SECURITY_PDCP_MODE_SHORT_MAC, /**< PDCP short mac */
};
/** PDCP Frame direction */