1 /* SPDX-License-Identifier: BSD-3-Clause 2 * Copyright 2017 NXP. 3 * Copyright(c) 2017 Intel Corporation. 4 */ 5 6 #ifndef _RTE_SECURITY_DRIVER_H_ 7 #define _RTE_SECURITY_DRIVER_H_ 8 9 /** 10 * @file rte_security_driver.h 11 * 12 * RTE Security Common Definitions 13 * 14 */ 15 16 #ifdef __cplusplus 17 extern "C" { 18 #endif 19 20 #include "rte_security.h" 21 22 /** 23 * @internal 24 * Security session to be used by library for internal usage 25 */ 26 struct rte_security_session { 27 RTE_MARKER cacheline0; 28 uint64_t opaque_data; 29 /**< Opaque user defined data */ 30 uint64_t fast_mdata; 31 /**< Fast metadata to be used for inline path */ 32 rte_iova_t driver_priv_data_iova; 33 /**< session private data IOVA address */ 34 35 RTE_MARKER cacheline1 __rte_cache_min_aligned; 36 uint8_t driver_priv_data[0]; 37 /**< Private session material, variable size (depends on driver) */ 38 }; 39 40 /** 41 * Helper macro to get driver private data 42 */ 43 #define SECURITY_GET_SESS_PRIV(s) \ 44 ((void *)(((struct rte_security_session *)s)->driver_priv_data)) 45 #define SECURITY_GET_SESS_PRIV_IOVA(s) \ 46 (((struct rte_security_session *)s)->driver_priv_data_iova) 47 48 /** 49 * Configure a security session on a device. 50 * 51 * @param device Crypto/eth device pointer 52 * @param conf Security session configuration 53 * @param sess Pointer to Security private session structure 54 * 55 * @return 56 * - Returns 0 if private session structure have been created successfully. 57 * - Returns -EINVAL if input parameters are invalid. 58 * - Returns -ENOTSUP if crypto device does not support the crypto transform. 59 */ 60 typedef int (*security_session_create_t)(void *device, 61 struct rte_security_session_conf *conf, 62 struct rte_security_session *sess); 63 64 /** 65 * Free driver private session data. 66 * 67 * @param device Crypto/eth device pointer 68 * @param sess Security session structure 69 */ 70 typedef int (*security_session_destroy_t)(void *device, 71 struct rte_security_session *sess); 72 73 /** 74 * Update driver private session data. 75 * 76 * @param device Crypto/eth device pointer 77 * @param sess Pointer to Security private session structure 78 * @param conf Security session configuration 79 * 80 * @return 81 * - Returns 0 if private session structure have been updated successfully. 82 * - Returns -EINVAL if input parameters are invalid. 83 * - Returns -ENOTSUP if crypto device does not support the crypto transform. 84 */ 85 typedef int (*security_session_update_t)(void *device, 86 struct rte_security_session *sess, 87 struct rte_security_session_conf *conf); 88 89 /** 90 * Configure a MACsec secure channel (SC) on a device. 91 * 92 * @param device Crypto/eth device pointer 93 * @param conf MACsec SC configuration params 94 * 95 * @return 96 * - positive sc_id if SC is created successfully. 97 * - -EINVAL if input parameters are invalid. 98 * - -ENOTSUP if device does not support MACsec. 99 * - -ENOMEM if the SC cannot be created. 100 */ 101 typedef int (*security_macsec_sc_create_t)(void *device, struct rte_security_macsec_sc *conf); 102 103 /** 104 * Free MACsec secure channel (SC). 105 * 106 * @param device Crypto/eth device pointer 107 * @param sc_id MACsec SC ID 108 */ 109 typedef int (*security_macsec_sc_destroy_t)(void *device, uint16_t sc_id); 110 111 /** 112 * Configure a MACsec security Association (SA) on a device. 113 * 114 * @param device Crypto/eth device pointer 115 * @param conf MACsec SA configuration params 116 * 117 * @return 118 * - positive sa_id if SA is created successfully. 119 * - -EINVAL if input parameters are invalid. 120 * - -ENOTSUP if device does not support MACsec. 121 * - -ENOMEM if the SA cannot be created. 122 */ 123 typedef int (*security_macsec_sa_create_t)(void *device, struct rte_security_macsec_sa *conf); 124 125 /** 126 * Free MACsec security association (SA). 127 * 128 * @param device Crypto/eth device pointer 129 * @param sa_id MACsec SA ID 130 */ 131 typedef int (*security_macsec_sa_destroy_t)(void *device, uint16_t sa_id); 132 133 /** 134 * Get the size of a security session 135 * 136 * @param device Crypto/eth device pointer 137 * 138 * @return 139 * - On success returns the size of the session structure for device 140 * - On failure returns 0 141 */ 142 typedef unsigned int (*security_session_get_size)(void *device); 143 144 /** 145 * Get stats from the PMD. 146 * 147 * @param device Crypto/eth device pointer 148 * @param sess Pointer to Security private session structure 149 * @param stats Security stats of the driver 150 * 151 * @return 152 * - Returns 0 if private session structure have been updated successfully. 153 * - Returns -EINVAL if session parameters are invalid. 154 */ 155 typedef int (*security_session_stats_get_t)(void *device, 156 struct rte_security_session *sess, 157 struct rte_security_stats *stats); 158 159 /** 160 * Get MACsec secure channel stats from the PMD. 161 * 162 * @param device Crypto/eth device pointer 163 * @param sc_id secure channel ID created by rte_security_macsec_sc_create() 164 * @param stats SC stats of the driver 165 * 166 * @return 167 * - 0 if success. 168 * - -EINVAL if sc_id or device is invalid. 169 */ 170 typedef int (*security_macsec_sc_stats_get_t)(void *device, uint16_t sc_id, 171 struct rte_security_macsec_sc_stats *stats); 172 173 /** 174 * Get MACsec SA stats from the PMD. 175 * 176 * @param device Crypto/eth device pointer 177 * @param sa_id secure channel ID created by rte_security_macsec_sc_create() 178 * @param stats SC stats of the driver 179 * 180 * @return 181 * - 0 if success. 182 * - -EINVAL if sa_id or device is invalid. 183 */ 184 typedef int (*security_macsec_sa_stats_get_t)(void *device, uint16_t sa_id, 185 struct rte_security_macsec_sa_stats *stats); 186 187 188 189 __rte_internal 190 int rte_security_dynfield_register(void); 191 192 /** 193 * Update the mbuf with provided metadata. 194 * 195 * @param device Crypto/eth device pointer 196 * @param sess Security session structure 197 * @param mb Packet buffer 198 * @param params Metadata 199 * 200 * @return 201 * - Returns 0 if metadata updated successfully. 202 * - Returns -ve value for errors. 203 */ 204 typedef int (*security_set_pkt_metadata_t)(void *device, 205 struct rte_security_session *sess, struct rte_mbuf *mb, 206 void *params); 207 208 /** 209 * Get security capabilities of the device. 210 * 211 * @param device crypto/eth device pointer 212 * 213 * @return 214 * - Returns rte_security_capability pointer on success. 215 * - Returns NULL on error. 216 */ 217 typedef const struct rte_security_capability *(*security_capabilities_get_t)( 218 void *device); 219 220 /** Security operations function pointer table */ 221 struct rte_security_ops { 222 security_session_create_t session_create; 223 /**< Configure a security session. */ 224 security_session_update_t session_update; 225 /**< Update a security session. */ 226 security_session_get_size session_get_size; 227 /**< Return size of security session. */ 228 security_session_stats_get_t session_stats_get; 229 /**< Get security session statistics. */ 230 security_session_destroy_t session_destroy; 231 /**< Clear a security sessions private data. */ 232 security_set_pkt_metadata_t set_pkt_metadata; 233 /**< Update mbuf metadata. */ 234 security_capabilities_get_t capabilities_get; 235 /**< Get security capabilities. */ 236 security_macsec_sc_create_t macsec_sc_create; 237 /**< Configure a MACsec security channel (SC). */ 238 security_macsec_sc_destroy_t macsec_sc_destroy; 239 /**< Free a MACsec security channel (SC). */ 240 security_macsec_sa_create_t macsec_sa_create; 241 /**< Configure a MACsec security association (SA). */ 242 security_macsec_sa_destroy_t macsec_sa_destroy; 243 /**< Free a MACsec security association (SA). */ 244 security_macsec_sc_stats_get_t macsec_sc_stats_get; 245 /**< Get MACsec SC statistics. */ 246 security_macsec_sa_stats_get_t macsec_sa_stats_get; 247 /**< Get MACsec SA statistics. */ 248 }; 249 250 #ifdef __cplusplus 251 } 252 #endif 253 254 #endif /* _RTE_SECURITY_DRIVER_H_ */ 255