/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017,2019 NXP
+ * Copyright 2017,2019-2020 NXP
* Copyright(c) 2017-2020 Intel Corporation.
*/
#include <rte_common.h>
#include <rte_crypto.h>
#include <rte_mbuf.h>
+#include <rte_mbuf_dyn.h>
#include <rte_memory.h>
#include <rte_mempool.h>
* per packet HFN in place of IV. PMDs will extract the HFN
* and perform operations accordingly.
*/
- uint32_t hfn_ovrd;
+ uint8_t hfn_ovrd;
+ /** In case of 5G NR, a new protocol (SDAP) header may be set
+ * inside PDCP payload which should be authenticated but not
+ * encrypted. Hence, driver should be notified if SDAP is
+ * enabled or not, so that SDAP header is not encrypted.
+ */
+ uint8_t sdap_enabled;
+ /** Reserved for future */
+ uint16_t reserved;
+};
+
+/** DOCSIS direction */
+enum rte_security_docsis_direction {
+ RTE_SECURITY_DOCSIS_UPLINK,
+ /**< Uplink
+ * - Decryption, followed by CRC Verification
+ */
+ RTE_SECURITY_DOCSIS_DOWNLINK,
+ /**< Downlink
+ * - CRC Generation, followed by Encryption
+ */
+};
+
+/**
+ * DOCSIS security session configuration.
+ *
+ * This structure contains data required to create a DOCSIS security session.
+ */
+struct rte_security_docsis_xform {
+ enum rte_security_docsis_direction direction;
+ /**< DOCSIS direction */
};
/**
/**< MACSec Protocol */
RTE_SECURITY_PROTOCOL_PDCP,
/**< PDCP Protocol */
+ RTE_SECURITY_PROTOCOL_DOCSIS,
+ /**< DOCSIS Protocol */
};
/**
struct rte_security_ipsec_xform ipsec;
struct rte_security_macsec_xform macsec;
struct rte_security_pdcp_xform pdcp;
+ struct rte_security_docsis_xform docsis;
};
/**< Configuration parameters for security session */
struct rte_crypto_sym_xform *crypto_xform;
* @param instance security instance
* @param conf session configuration parameters
* @param mp mempool to allocate session objects from
+ * @param priv_mp mempool to allocate session private data objects from
* @return
* - On success, pointer to session
* - On failure, NULL
struct rte_security_session *
rte_security_session_create(struct rte_security_ctx *instance,
struct rte_security_session_conf *conf,
- struct rte_mempool *mp);
+ struct rte_mempool *mp,
+ struct rte_mempool *priv_mp);
/**
* Update security session as specified by the session configuration
* @param conf update configuration parameters
* @return
* - On success returns 0
- * - On failure return errno
+ * - On failure returns a negative errno value.
*/
__rte_experimental
int
* return it to its original mempool.
*
* @param instance security instance
- * @param sess security session to freed
+ * @param sess security session to be freed
*
* @return
* - 0 if successful.
- * - -EINVAL if session is NULL.
+ * - -EINVAL if session or context instance is NULL.
* - -EBUSY if not all device private data has been freed.
+ * - -ENOTSUP if destroying private data is not supported.
+ * - other negative values in case of freeing private data errors.
*/
int
rte_security_session_destroy(struct rte_security_ctx *instance,
struct rte_security_session *sess);
+/** Device-specific metadata field type */
+typedef uint64_t rte_security_dynfield_t;
+/** Dynamic mbuf field for device-specific metadata */
+extern int rte_security_dynfield_offset;
+
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice
+ *
+ * Get pointer to mbuf field for device-specific metadata.
+ *
+ * For performance reason, no check is done,
+ * the dynamic field may not be registered.
+ * @see rte_security_dynfield_is_registered
+ *
+ * @param mbuf packet to access
+ * @return pointer to mbuf field
+ */
+__rte_experimental
+static inline rte_security_dynfield_t *
+rte_security_dynfield(struct rte_mbuf *mbuf)
+{
+ return RTE_MBUF_DYNFIELD(mbuf,
+ rte_security_dynfield_offset,
+ rte_security_dynfield_t *);
+}
+
+/**
+ * @warning
+ * @b EXPERIMENTAL: this API may change without prior notice
+ *
+ * Check whether the dynamic field is registered.
+ *
+ * @return true if rte_security_dynfield_register() has been called.
+ */
+__rte_experimental
+static inline bool rte_security_dynfield_is_registered(void)
+{
+ return rte_security_dynfield_offset >= 0;
+}
+
/**
* Updates the buffer with device-specific defined metadata
*
uint64_t reserved;
};
+struct rte_security_docsis_stats {
+ uint64_t reserved;
+};
+
struct rte_security_stats {
enum rte_security_session_protocol protocol;
/**< Security protocol to be configured */
struct rte_security_macsec_stats macsec;
struct rte_security_ipsec_stats ipsec;
struct rte_security_pdcp_stats pdcp;
+ struct rte_security_docsis_stats docsis;
};
};
/**< Capability flags, see RTE_SECURITY_PDCP_* */
} pdcp;
/**< PDCP capability */
+ struct {
+ enum rte_security_docsis_direction direction;
+ /**< DOCSIS direction */
+ } docsis;
+ /**< DOCSIS capability */
};
const struct rte_cryptodev_capabilities *crypto_capabilities;
enum rte_security_pdcp_domain domain;
uint32_t capa_flags;
} pdcp;
+ struct {
+ enum rte_security_docsis_direction direction;
+ } docsis;
};
};