xref: /dpdk/lib/security/rte_security_driver.h (revision 515cd4a488b6a0c6e40d20e6b10d8e89657dc23f) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2017 NXP.
3  * Copyright(c) 2017 Intel Corporation.
4  */
5 
6 #ifndef _RTE_SECURITY_DRIVER_H_
7 #define _RTE_SECURITY_DRIVER_H_
8 
9 /**
10  * @file rte_security_driver.h
11  *
12  * RTE Security Common Definitions
13  *
14  */
15 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif
19 
20 #include "rte_security.h"
21 
22 /**
23  * Configure a security session on a device.
24  *
25  * @param	device		Crypto/eth device pointer
26  * @param	conf		Security session configuration
27  * @param	sess		Pointer to Security private session structure
28  * @param	mp		Mempool where the private session is allocated
29  *
30  * @return
31  *  - Returns 0 if private session structure have been created successfully.
32  *  - Returns -EINVAL if input parameters are invalid.
33  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
34  *  - Returns -ENOMEM if the private session could not be allocated.
35  */
36 typedef int (*security_session_create_t)(void *device,
37 		struct rte_security_session_conf *conf,
38 		struct rte_security_session *sess,
39 		struct rte_mempool *mp);
40 
41 /**
42  * Free driver private session data.
43  *
44  * @param	device		Crypto/eth device pointer
45  * @param	sess		Security session structure
46  */
47 typedef int (*security_session_destroy_t)(void *device,
48 		struct rte_security_session *sess);
49 
50 /**
51  * Update driver private session data.
52  *
53  * @param	device		Crypto/eth device pointer
54  * @param	sess		Pointer to Security private session structure
55  * @param	conf		Security session configuration
56  *
57  * @return
58  *  - Returns 0 if private session structure have been updated successfully.
59  *  - Returns -EINVAL if input parameters are invalid.
60  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
61  */
62 typedef int (*security_session_update_t)(void *device,
63 		struct rte_security_session *sess,
64 		struct rte_security_session_conf *conf);
65 
66 /**
67  * Configure a MACsec secure channel (SC) on a device.
68  *
69  * @param	device		Crypto/eth device pointer
70  * @param	conf		MACsec SC configuration params
71  *
72  * @return
73  *  - positive sc_id if SC is created successfully.
74  *  - -EINVAL if input parameters are invalid.
75  *  - -ENOTSUP if device does not support MACsec.
76  *  - -ENOMEM if the SC cannot be created.
77  */
78 typedef int (*security_macsec_sc_create_t)(void *device, struct rte_security_macsec_sc *conf);
79 
80 /**
81  * Free MACsec secure channel (SC).
82  *
83  * @param	device		Crypto/eth device pointer
84  * @param	sc_id		MACsec SC ID
85  */
86 typedef int (*security_macsec_sc_destroy_t)(void *device, uint16_t sc_id);
87 
88 /**
89  * Configure a MACsec security Association (SA) on a device.
90  *
91  * @param	device		Crypto/eth device pointer
92  * @param	conf		MACsec SA configuration params
93  *
94  * @return
95  *  - positive sa_id if SA is created successfully.
96  *  - -EINVAL if input parameters are invalid.
97  *  - -ENOTSUP if device does not support MACsec.
98  *  - -ENOMEM if the SA cannot be created.
99  */
100 typedef int (*security_macsec_sa_create_t)(void *device, struct rte_security_macsec_sa *conf);
101 
102 /**
103  * Free MACsec security association (SA).
104  *
105  * @param	device		Crypto/eth device pointer
106  * @param	sa_id		MACsec SA ID
107  */
108 typedef int (*security_macsec_sa_destroy_t)(void *device, uint16_t sa_id);
109 
110 /**
111  * Get the size of a security session
112  *
113  * @param	device		Crypto/eth device pointer
114  *
115  * @return
116  *  - On success returns the size of the session structure for device
117  *  - On failure returns 0
118  */
119 typedef unsigned int (*security_session_get_size)(void *device);
120 
121 /**
122  * Get stats from the PMD.
123  *
124  * @param	device		Crypto/eth device pointer
125  * @param	sess		Pointer to Security private session structure
126  * @param	stats		Security stats of the driver
127  *
128  * @return
129  *  - Returns 0 if private session structure have been updated successfully.
130  *  - Returns -EINVAL if session parameters are invalid.
131  */
132 typedef int (*security_session_stats_get_t)(void *device,
133 		struct rte_security_session *sess,
134 		struct rte_security_stats *stats);
135 
136 /**
137  * Get MACsec secure channel stats from the PMD.
138  *
139  * @param	device		Crypto/eth device pointer
140  * @param	sc_id		secure channel ID created by rte_security_macsec_sc_create()
141  * @param	stats		SC stats of the driver
142  *
143  * @return
144  *  - 0 if success.
145  *  - -EINVAL if sc_id or device is invalid.
146  */
147 typedef int (*security_macsec_sc_stats_get_t)(void *device, uint16_t sc_id,
148 		struct rte_security_macsec_sc_stats *stats);
149 
150 /**
151  * Get MACsec SA stats from the PMD.
152  *
153  * @param	device		Crypto/eth device pointer
154  * @param	sa_id		secure channel ID created by rte_security_macsec_sc_create()
155  * @param	stats		SC stats of the driver
156  *
157  * @return
158  *  - 0 if success.
159  *  - -EINVAL if sa_id or device is invalid.
160  */
161 typedef int (*security_macsec_sa_stats_get_t)(void *device, uint16_t sa_id,
162 		struct rte_security_macsec_sa_stats *stats);
163 
164 
165 
166 __rte_internal
167 int rte_security_dynfield_register(void);
168 
169 /**
170  * Update the mbuf with provided metadata.
171  *
172  * @param	device		Crypto/eth device pointer
173  * @param	sess		Security session structure
174  * @param	mb		Packet buffer
175  * @param	params		Metadata
176  *
177  * @return
178  *  - Returns 0 if metadata updated successfully.
179  *  - Returns -ve value for errors.
180  */
181 typedef int (*security_set_pkt_metadata_t)(void *device,
182 		struct rte_security_session *sess, struct rte_mbuf *mb,
183 		void *params);
184 
185 /**
186  * Get security capabilities of the device.
187  *
188  * @param	device		crypto/eth device pointer
189  *
190  * @return
191  *  - Returns rte_security_capability pointer on success.
192  *  - Returns NULL on error.
193  */
194 typedef const struct rte_security_capability *(*security_capabilities_get_t)(
195 		void *device);
196 
197 /** Security operations function pointer table */
198 struct rte_security_ops {
199 	security_session_create_t session_create;
200 	/**< Configure a security session. */
201 	security_session_update_t session_update;
202 	/**< Update a security session. */
203 	security_session_get_size session_get_size;
204 	/**< Return size of security session. */
205 	security_session_stats_get_t session_stats_get;
206 	/**< Get security session statistics. */
207 	security_session_destroy_t session_destroy;
208 	/**< Clear a security sessions private data. */
209 	security_set_pkt_metadata_t set_pkt_metadata;
210 	/**< Update mbuf metadata. */
211 	security_capabilities_get_t capabilities_get;
212 	/**< Get security capabilities. */
213 	security_macsec_sc_create_t macsec_sc_create;
214 	/**< Configure a MACsec security channel (SC). */
215 	security_macsec_sc_destroy_t macsec_sc_destroy;
216 	/**< Free a MACsec security channel (SC). */
217 	security_macsec_sa_create_t macsec_sa_create;
218 	/**< Configure a MACsec security association (SA). */
219 	security_macsec_sa_destroy_t macsec_sa_destroy;
220 	/**< Free a MACsec security association (SA). */
221 	security_macsec_sc_stats_get_t macsec_sc_stats_get;
222 	/**< Get MACsec SC statistics. */
223 	security_macsec_sa_stats_get_t macsec_sa_stats_get;
224 	/**< Get MACsec SA statistics. */
225 };
226 
227 #ifdef __cplusplus
228 }
229 #endif
230 
231 #endif /* _RTE_SECURITY_DRIVER_H_ */
232