security: support PDCP short MAC-I

This patch add support to handle PDCP short MAC-I domain
along with standard control and data domains as it has to
be treaty as special case with PDCP protocol offload support.

ShortMAC-I is the 16 least significant bits of calculated MAC-I. Usually
when a RRC message is exchanged between UE and eNodeB it is integrity &
ciphered protected.

MAC-I = f(key, varShortMAC-I, count, bearer, direction).
Here varShortMAC-I is prepared by using (current cellId, pci of source cell
and C-RNTI of old cell). Other parameters like count, bearer and
direction set to all 1.

crypto-perf app is updated to take short MAC as input mode.

Signed-off-by: Gagandeep Singh <g.singh@nxp.com>
Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

diff --git a/app/test-crypto-perf/cperf_options_parsing.c b/app/test-crypto-perf/cperf_options_parsing.c
index e84f56c..0348972 100644 (file)
--- a/app/test-crypto-perf/cperf_options_parsing.c
+++ b/app/test-crypto-perf/cperf_options_parsing.c
@@ -662,7 +662,8 @@ parse_pdcp_sn_sz(struct cperf_options *opts, const char *arg)
 
 const char *cperf_pdcp_domain_strs[] = {
        [RTE_SECURITY_PDCP_MODE_CONTROL] = "control",
-       [RTE_SECURITY_PDCP_MODE_DATA] = "data"
+       [RTE_SECURITY_PDCP_MODE_DATA] = "data",
+       [RTE_SECURITY_PDCP_MODE_SHORT_MAC] = "short_mac"
 };
 
 static int
@@ -677,6 +678,11 @@ parse_pdcp_domain(struct cperf_options *opts, const char *arg)
                        cperf_pdcp_domain_strs
                        [RTE_SECURITY_PDCP_MODE_DATA],
                        RTE_SECURITY_PDCP_MODE_DATA
+               },
+               {
+                       cperf_pdcp_domain_strs
+                       [RTE_SECURITY_PDCP_MODE_SHORT_MAC],
+                       RTE_SECURITY_PDCP_MODE_SHORT_MAC
                }
        };
 

diff --git a/doc/guides/prog_guide/rte_security.rst b/doc/guides/prog_guide/rte_security.rst
index f72bc8a..ad92c16 100644 (file)
--- a/doc/guides/prog_guide/rte_security.rst
+++ b/doc/guides/prog_guide/rte_security.rst
@@ -1,5 +1,5 @@
 ..  SPDX-License-Identifier: BSD-3-Clause
-    Copyright 2017,2020 NXP
+    Copyright 2017,2020-2021 NXP
 
 
 
@@ -408,6 +408,15 @@ PMD which supports the IPsec and PDCP protocol.
                 },
                 .crypto_capabilities = pmd_capabilities
         },
+       { /* PDCP Lookaside Protocol offload short MAC-I */
+                .action = RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL,
+                .protocol = RTE_SECURITY_PROTOCOL_PDCP,
+                .pdcp = {
+                        .domain = RTE_SECURITY_PDCP_MODE_SHORT_MAC,
+                        .capa_flags = 0
+                },
+                .crypto_capabilities = pmd_capabilities
+        },
         {
                 .action = RTE_SECURITY_ACTION_TYPE_NONE
         }

diff --git a/doc/guides/tools/cryptoperf.rst b/doc/guides/tools/cryptoperf.rst
index be31090..9a7b990 100644 (file)
--- a/doc/guides/tools/cryptoperf.rst
+++ b/doc/guides/tools/cryptoperf.rst
@@ -318,7 +318,7 @@ The following are the application command-line options:
 
 * ``--pdcp-domain <control/user>``
 
-        Set PDCP domain to specify Control/user plane.
+        Set PDCP domain to specify short_mac/control/user plane.
 
 * ``--docsis-hdr-sz <n>``
 

diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 88d31de..2e136d7 100644 (file)
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -233,6 +233,7 @@ struct rte_security_macsec_xform {
 enum rte_security_pdcp_domain {
        RTE_SECURITY_PDCP_MODE_CONTROL, /**< PDCP control plane */
        RTE_SECURITY_PDCP_MODE_DATA,    /**< PDCP data plane */
+       RTE_SECURITY_PDCP_MODE_SHORT_MAC,       /**< PDCP short mac */
 };
 
 /** PDCP Frame direction */