xref: /dpdk/lib/security/rte_security_driver.h (revision 54140461b60485941da282d8da2db2f2bc19e281) 
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2017 NXP.
3  * Copyright(c) 2017 Intel Corporation.
4  */
5 
6 #ifndef _RTE_SECURITY_DRIVER_H_
7 #define _RTE_SECURITY_DRIVER_H_
8 
9 /**
10  * @file rte_security_driver.h
11  *
12  * RTE Security Common Definitions
13  */
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 #include <rte_compat.h>
20 #include "rte_security.h"
21 
22 /**
23  * @internal
24  * Security session to be used by library for internal usage
25  */
26 struct rte_security_session {
27 	RTE_MARKER cacheline0;
28 	uint64_t opaque_data;
29 	/**< Opaque user defined data */
30 	uint64_t fast_mdata;
31 	/**< Fast metadata to be used for inline path */
32 	rte_iova_t driver_priv_data_iova;
33 	/**< session private data IOVA address */
34 
35 	RTE_MARKER cacheline1 __rte_cache_min_aligned;
36 	uint8_t driver_priv_data[0];
37 	/**< Private session material, variable size (depends on driver) */
38 };
39 
40 /**
41  * Security context for crypto/eth devices
42  *
43  * Security instance for each driver to register security operations.
44  * The application can get the security context from the crypto/eth device id
45  * using the APIs rte_cryptodev_get_sec_ctx()/rte_eth_dev_get_sec_ctx()
46  * This structure is used to identify the device(crypto/eth) for which the
47  * security operations need to be performed.
48  */
49 struct rte_security_ctx {
50 	void *device;
51 	/**< Crypto/ethernet device attached */
52 	const struct rte_security_ops *ops;
53 	/**< Pointer to security ops for the device */
54 	uint32_t flags;
55 	/**< Flags for security context */
56 	uint16_t sess_cnt;
57 	/**< Number of sessions attached to this context */
58 	uint16_t macsec_sc_cnt;
59 	/**< Number of MACsec SC attached to this context */
60 	uint16_t macsec_sa_cnt;
61 	/**< Number of MACsec SA attached to this context */
62 };
63 
64 /**
65  * Helper macro to get driver private data
66  */
67 #define SECURITY_GET_SESS_PRIV(s) \
68 	((void *)(((struct rte_security_session *)s)->driver_priv_data))
69 #define SECURITY_GET_SESS_PRIV_IOVA(s) \
70 	(((struct rte_security_session *)s)->driver_priv_data_iova)
71 
72 /**
73  * Configure a security session on a device.
74  *
75  * @param	device		Crypto/eth device pointer
76  * @param	conf		Security session configuration
77  * @param	sess		Pointer to Security private session structure
78  *
79  * @return
80  *  - Returns 0 if private session structure have been created successfully.
81  *  - Returns -EINVAL if input parameters are invalid.
82  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
83  */
84 typedef int (*security_session_create_t)(void *device,
85 		struct rte_security_session_conf *conf,
86 		struct rte_security_session *sess);
87 
88 /**
89  * Free driver private session data.
90  *
91  * @param	device		Crypto/eth device pointer
92  * @param	sess		Security session structure
93  */
94 typedef int (*security_session_destroy_t)(void *device,
95 		struct rte_security_session *sess);
96 
97 /**
98  * Update driver private session data.
99  *
100  * @param	device		Crypto/eth device pointer
101  * @param	sess		Pointer to Security private session structure
102  * @param	conf		Security session configuration
103  *
104  * @return
105  *  - Returns 0 if private session structure have been updated successfully.
106  *  - Returns -EINVAL if input parameters are invalid.
107  *  - Returns -ENOTSUP if crypto device does not support the crypto transform.
108  */
109 typedef int (*security_session_update_t)(void *device,
110 		struct rte_security_session *sess,
111 		struct rte_security_session_conf *conf);
112 
113 /**
114  * Configure a MACsec secure channel (SC) on a device.
115  *
116  * @param	device		Crypto/eth device pointer
117  * @param	conf		MACsec SC configuration params
118  *
119  * @return
120  *  - positive sc_id if SC is created successfully.
121  *  - -EINVAL if input parameters are invalid.
122  *  - -ENOTSUP if device does not support MACsec.
123  *  - -ENOMEM if the SC cannot be created.
124  */
125 typedef int (*security_macsec_sc_create_t)(void *device, struct rte_security_macsec_sc *conf);
126 
127 /**
128  * Free MACsec secure channel (SC).
129  *
130  * @param	device		Crypto/eth device pointer
131  * @param	sc_id		MACsec SC ID
132  * @param	dir		Direction of SC
133  */
134 typedef int (*security_macsec_sc_destroy_t)(void *device, uint16_t sc_id,
135 		enum rte_security_macsec_direction dir);
136 
137 /**
138  * Configure a MACsec security Association (SA) on a device.
139  *
140  * @param	device		Crypto/eth device pointer
141  * @param	conf		MACsec SA configuration params
142  *
143  * @return
144  *  - positive sa_id if SA is created successfully.
145  *  - -EINVAL if input parameters are invalid.
146  *  - -ENOTSUP if device does not support MACsec.
147  *  - -ENOMEM if the SA cannot be created.
148  */
149 typedef int (*security_macsec_sa_create_t)(void *device, struct rte_security_macsec_sa *conf);
150 
151 /**
152  * Free MACsec security association (SA).
153  *
154  * @param	device		Crypto/eth device pointer
155  * @param	sa_id		MACsec SA ID
156  * @param	dir		Direction of SA
157  */
158 typedef int (*security_macsec_sa_destroy_t)(void *device, uint16_t sa_id,
159 		enum rte_security_macsec_direction dir);
160 
161 /**
162  * Get the size of a security session
163  *
164  * @param	device		Crypto/eth device pointer
165  *
166  * @return
167  *  - On success returns the size of the session structure for device
168  *  - On failure returns 0
169  */
170 typedef unsigned int (*security_session_get_size)(void *device);
171 
172 /**
173  * Get stats from the PMD.
174  *
175  * @param	device		Crypto/eth device pointer
176  * @param	sess		Pointer to Security private session structure
177  * @param	stats		Security stats of the driver
178  *
179  * @return
180  *  - Returns 0 if private session structure have been updated successfully.
181  *  - Returns -EINVAL if session parameters are invalid.
182  */
183 typedef int (*security_session_stats_get_t)(void *device,
184 		struct rte_security_session *sess,
185 		struct rte_security_stats *stats);
186 
187 /**
188  * Get MACsec secure channel stats from the PMD.
189  *
190  * @param	device		Crypto/eth device pointer
191  * @param	sc_id		secure channel ID created by rte_security_macsec_sc_create()
192  * @param	dir		direction of SC
193  * @param	stats		SC stats of the driver
194  *
195  * @return
196  *  - 0 if success.
197  *  - -EINVAL if sc_id or device is invalid.
198  */
199 typedef int (*security_macsec_sc_stats_get_t)(void *device, uint16_t sc_id,
200 		enum rte_security_macsec_direction dir,
201 		struct rte_security_macsec_sc_stats *stats);
202 
203 /**
204  * Get MACsec SA stats from the PMD.
205  *
206  * @param	device		Crypto/eth device pointer
207  * @param	sa_id		secure channel ID created by rte_security_macsec_sc_create()
208  * @param	dir		direction of SA
209  * @param	stats		SC stats of the driver
210  *
211  * @return
212  *  - 0 if success.
213  *  - -EINVAL if sa_id or device is invalid.
214  */
215 typedef int (*security_macsec_sa_stats_get_t)(void *device, uint16_t sa_id,
216 		enum rte_security_macsec_direction dir,
217 		struct rte_security_macsec_sa_stats *stats);
218 
219 
220 
221 __rte_internal
222 int rte_security_dynfield_register(void);
223 
224 /**
225  * @internal
226  * Register mbuf dynamic field for security inline ingress Out-of-Place(OOP)
227  * processing.
228  */
229 __rte_internal
230 int rte_security_oop_dynfield_register(void);
231 
232 /**
233  * Update the mbuf with provided metadata.
234  *
235  * @param	device		Crypto/eth device pointer
236  * @param	sess		Security session structure
237  * @param	mb		Packet buffer
238  * @param	params		Metadata
239  *
240  * @return
241  *  - Returns 0 if metadata updated successfully.
242  *  - Returns -ve value for errors.
243  */
244 typedef int (*security_set_pkt_metadata_t)(void *device,
245 		struct rte_security_session *sess, struct rte_mbuf *mb,
246 		void *params);
247 
248 /**
249  * Get security capabilities of the device.
250  *
251  * @param	device		crypto/eth device pointer
252  *
253  * @return
254  *  - Returns rte_security_capability pointer on success.
255  *  - Returns NULL on error.
256  */
257 typedef const struct rte_security_capability *(*security_capabilities_get_t)(
258 		void *device);
259 
260 /** Security operations function pointer table */
261 struct rte_security_ops {
262 	security_session_create_t session_create;
263 	/**< Configure a security session. */
264 	security_session_update_t session_update;
265 	/**< Update a security session. */
266 	security_session_get_size session_get_size;
267 	/**< Return size of security session. */
268 	security_session_stats_get_t session_stats_get;
269 	/**< Get security session statistics. */
270 	security_session_destroy_t session_destroy;
271 	/**< Clear a security sessions private data. */
272 	security_set_pkt_metadata_t set_pkt_metadata;
273 	/**< Update mbuf metadata. */
274 	security_capabilities_get_t capabilities_get;
275 	/**< Get security capabilities. */
276 	security_macsec_sc_create_t macsec_sc_create;
277 	/**< Configure a MACsec security channel (SC). */
278 	security_macsec_sc_destroy_t macsec_sc_destroy;
279 	/**< Free a MACsec security channel (SC). */
280 	security_macsec_sa_create_t macsec_sa_create;
281 	/**< Configure a MACsec security association (SA). */
282 	security_macsec_sa_destroy_t macsec_sa_destroy;
283 	/**< Free a MACsec security association (SA). */
284 	security_macsec_sc_stats_get_t macsec_sc_stats_get;
285 	/**< Get MACsec SC statistics. */
286 	security_macsec_sa_stats_get_t macsec_sa_stats_get;
287 	/**< Get MACsec SA statistics. */
288 };
289 
290 #ifdef __cplusplus
291 }
292 #endif
293 
294 #endif /* _RTE_SECURITY_DRIVER_H_ */
295