pdcp: adding enable_security_timed() method

this is an extension to the currently available security
configuration and activation methods provided by PDCP.
The new call allows to specify a Rx and Tx SN after which the
entire security config, i.e. integrity and ciphering, should
be enabled.

this is mainly required for the PDCP entity of the conformance
testing SS but could potentially also be used by the eNB
to enable security for PDCP after sending the SecModeCommand
for example.

the extra call was added to not break the existing API.
master
Andre Puschmann 5 years ago
parent f4d648b26e
commit 9307a54512

@ -54,6 +54,7 @@ public:
void config_security_all(as_security_config_t sec_cfg); void config_security_all(as_security_config_t sec_cfg);
void enable_integrity(uint32_t lcid, srslte_direction_t direction); void enable_integrity(uint32_t lcid, srslte_direction_t direction);
void enable_encryption(uint32_t lcid, srslte_direction_t direction); void enable_encryption(uint32_t lcid, srslte_direction_t direction);
void enable_security_timed(uint32_t lcid, srslte_direction_t direction, uint32_t sn);
bool get_bearer_status(uint32_t lcid, uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn); bool get_bearer_status(uint32_t lcid, uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn);
// RLC interface // RLC interface

@ -83,6 +83,7 @@ public:
} else { } else {
integrity_direction = direction; integrity_direction = direction;
} }
log->debug("LCID=%d, integrity=%s\n", lcid, srslte_direction_text[integrity_direction]);
} }
void enable_encryption(srslte_direction_t direction = DIRECTION_TXRX) void enable_encryption(srslte_direction_t direction = DIRECTION_TXRX)
@ -95,6 +96,22 @@ public:
} else { } else {
encryption_direction = direction; encryption_direction = direction;
} }
log->debug("LCID=%d encryption=%s\n", lcid, srslte_direction_text[integrity_direction]);
}
void enable_security_timed(srslte_direction_t direction, uint32_t sn)
{
switch (direction) {
case DIRECTION_TX:
enable_security_tx_sn = sn;
break;
case DIRECTION_RX:
enable_security_rx_sn = sn;
break;
default:
log->error("Timed security activation for direction %s not supported.\n", srslte_direction_text[direction]);
break;
}
} }
void config_security(as_security_config_t sec_cfg_); void config_security(as_security_config_t sec_cfg_);
@ -119,6 +136,9 @@ protected:
srslte_direction_t integrity_direction = DIRECTION_NONE; srslte_direction_t integrity_direction = DIRECTION_NONE;
srslte_direction_t encryption_direction = DIRECTION_NONE; srslte_direction_t encryption_direction = DIRECTION_NONE;
int32_t enable_security_tx_sn = -1; // TX SN at which security will be enabled
int32_t enable_security_rx_sn = -1; // RX SN at which security will be enabled
pdcp_config_t cfg = {1, pdcp_config_t cfg = {1,
PDCP_RB_IS_DRB, PDCP_RB_IS_DRB,
SECURITY_DIRECTION_DOWNLINK, SECURITY_DIRECTION_DOWNLINK,

@ -60,9 +60,6 @@ public:
void write_sdu(unique_byte_buffer_t sdu, bool blocking); void write_sdu(unique_byte_buffer_t sdu, bool blocking);
void get_bearer_status(uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn); void get_bearer_status(uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn);
uint32_t get_ul_count();
uint32_t get_last_submitted_rx_count();
// RLC interface // RLC interface
void write_pdu(unique_byte_buffer_t pdu); void write_pdu(unique_byte_buffer_t pdu);

@ -225,6 +225,13 @@ void pdcp::enable_encryption(uint32_t lcid, srslte_direction_t direction)
} }
} }
void pdcp::enable_security_timed(uint32_t lcid, srslte_direction_t direction, uint32_t sn)
{
if (valid_lcid(lcid)) {
pdcp_array.at(lcid)->enable_security_timed(direction, sn);
}
}
bool pdcp::get_bearer_status(uint32_t lcid, uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn) bool pdcp::get_bearer_status(uint32_t lcid, uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn)
{ {
if (not valid_lcid(lcid)) { if (not valid_lcid(lcid)) {

@ -96,6 +96,13 @@ void pdcp_entity_lte::reset()
// GW/RRC interface // GW/RRC interface
void pdcp_entity_lte::write_sdu(unique_byte_buffer_t sdu, bool blocking) void pdcp_entity_lte::write_sdu(unique_byte_buffer_t sdu, bool blocking)
{ {
// check for pending security config in transmit direction
if (enable_security_tx_sn != -1 && enable_security_tx_sn == static_cast<int32_t>(tx_count)) {
enable_integrity(DIRECTION_TX);
enable_encryption(DIRECTION_TX);
enable_security_tx_sn = -1;
}
log->info_hex(sdu->msg, log->info_hex(sdu->msg,
sdu->N_bytes, sdu->N_bytes,
"TX %s SDU, SN=%d, integrity=%s, encryption=%s", "TX %s SDU, SN=%d, integrity=%s, encryption=%s",
@ -136,11 +143,21 @@ void pdcp_entity_lte::write_pdu(unique_byte_buffer_t pdu)
return; return;
} }
// Pull out SN
uint32_t sn = read_data_header(pdu);
// check for pending security config in receive direction
if (enable_security_rx_sn != -1 && enable_security_rx_sn == static_cast<int32_t>(sn)) {
enable_integrity(DIRECTION_RX);
enable_encryption(DIRECTION_RX);
enable_security_rx_sn = -1;
}
log->info_hex(pdu->msg, log->info_hex(pdu->msg,
pdu->N_bytes, pdu->N_bytes,
"%s Rx PDU SN=%d (%d B, integrity=%s, encryption=%s)", "%s Rx PDU SN=%d (%d B, integrity=%s, encryption=%s)",
rrc->get_rb_name(lcid).c_str(), rrc->get_rb_name(lcid).c_str(),
read_data_header(pdu), sn,
pdu->N_bytes, pdu->N_bytes,
srslte_direction_text[integrity_direction], srslte_direction_text[integrity_direction],
srslte_direction_text[encryption_direction]); srslte_direction_text[encryption_direction]);
@ -303,15 +320,6 @@ void pdcp_entity_lte::handle_am_drb_pdu(srslte::unique_byte_buffer_t pdu)
/**************************************************************************** /****************************************************************************
* Security functions * Security functions
***************************************************************************/ ***************************************************************************/
uint32_t pdcp_entity_lte::get_last_submitted_rx_count()
{
return COUNT(rx_hfn, last_submitted_pdcp_rx_sn);
}
uint32_t pdcp_entity_lte::get_ul_count()
{
return tx_count;
}
void pdcp_entity_lte::get_bearer_status(uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn) void pdcp_entity_lte::get_bearer_status(uint16_t* dlsn, uint16_t* dlhfn, uint16_t* ulsn, uint16_t* ulhfn)
{ {

Loading…
Cancel
Save