X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_security%2Frte_security.h;h=bbdf4b07b419bf4d5ef97ed16181a4e12841f591;hb=fb3ae0951abd05ff0dc9616a650d81b89c5ac33b;hp=afa2861f0fa90f473c040fea4e88d566b7fc26df;hpb=2f533cb325a7d329a81a0492c70134e2c39b0672;p=dpdk.git

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index afa2861f0f..bbdf4b07b4 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,34 +1,6 @@
-/*-
- *   BSD LICENSE
- *
- *   Copyright 2017 NXP.
- *   Copyright(c) 2017 Intel Corporation. All rights reserved.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- *
- *     * Redistributions of source code must retain the above copyright
- *       notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in
- *       the documentation and/or other materials provided with the
- *       distribution.
- *     * Neither the name of NXP nor the names of its
- *       contributors may be used to endorse or promote products derived
- *       from this software without specific prior written permission.
- *
- *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright 2017 NXP.
+ * Copyright(c) 2017 Intel Corporation.
  */
 
 #ifndef _RTE_SECURITY_H_
@@ -36,7 +8,6 @@
 
 /**
  * @file rte_security.h
- * @b EXPERIMENTAL: this API may change without prior notice
  *
  * RTE Security Common Definitions
  *
@@ -234,6 +205,64 @@ struct rte_security_macsec_xform {
 	int dummy;
 };
 
+/**
+ * PDCP Mode of session
+ */
+enum rte_security_pdcp_domain {
+	RTE_SECURITY_PDCP_MODE_CONTROL,	/**< PDCP control plane */
+	RTE_SECURITY_PDCP_MODE_DATA,	/**< PDCP data plane */
+};
+
+/** PDCP Frame direction */
+enum rte_security_pdcp_direction {
+	RTE_SECURITY_PDCP_UPLINK,	/**< Uplink */
+	RTE_SECURITY_PDCP_DOWNLINK,	/**< Downlink */
+};
+
+/** PDCP Sequence Number Size selectors */
+enum rte_security_pdcp_sn_size {
+	/** PDCP_SN_SIZE_5: 5bit sequence number */
+	RTE_SECURITY_PDCP_SN_SIZE_5 = 5,
+	/** PDCP_SN_SIZE_7: 7bit sequence number */
+	RTE_SECURITY_PDCP_SN_SIZE_7 = 7,
+	/** PDCP_SN_SIZE_12: 12bit sequence number */
+	RTE_SECURITY_PDCP_SN_SIZE_12 = 12,
+	/** PDCP_SN_SIZE_15: 15bit sequence number */
+	RTE_SECURITY_PDCP_SN_SIZE_15 = 15,
+	/** PDCP_SN_SIZE_18: 18bit sequence number */
+	RTE_SECURITY_PDCP_SN_SIZE_18 = 18
+};
+
+/**
+ * PDCP security association configuration data.
+ *
+ * This structure contains data required to create a PDCP security session.
+ */
+struct rte_security_pdcp_xform {
+	int8_t bearer;	/**< PDCP bearer ID */
+	/** Enable in order delivery, this field shall be set only if
+	 * driver/HW is capable. See RTE_SECURITY_PDCP_ORDERING_CAP.
+	 */
+	uint8_t en_ordering;
+	/** Notify driver/HW to detect and remove duplicate packets.
+	 * This field should be set only when driver/hw is capable.
+	 * See RTE_SECURITY_PDCP_DUP_DETECT_CAP.
+	 */
+	uint8_t remove_duplicates;
+	/** PDCP mode of operation: Control or data */
+	enum rte_security_pdcp_domain domain;
+	/** PDCP Frame Direction 0:UL 1:DL */
+	enum rte_security_pdcp_direction pkt_dir;
+	/** Sequence number size, 5/7/12/15/18 */
+	enum rte_security_pdcp_sn_size sn_size;
+	/** Starting Hyper Frame Number to be used together with the SN
+	 * from the PDCP frames
+	 */
+	uint32_t hfn;
+	/** HFN Threshold for key renegotiation */
+	uint32_t hfn_threshold;
+};
+
 /**
  * Security session action type.
  */
@@ -260,6 +289,8 @@ enum rte_security_session_protocol {
 	/**< IPsec Protocol */
 	RTE_SECURITY_PROTOCOL_MACSEC,
 	/**< MACSec Protocol */
+	RTE_SECURITY_PROTOCOL_PDCP,
+	/**< PDCP Protocol */
 };
 
 /**
@@ -274,6 +305,7 @@ struct rte_security_session_conf {
 	union {
 		struct rte_security_ipsec_xform ipsec;
 		struct rte_security_macsec_xform macsec;
+		struct rte_security_pdcp_xform pdcp;
 	};
 	/**< Configuration parameters for security session */
 	struct rte_crypto_sym_xform *crypto_xform;
@@ -285,6 +317,8 @@ struct rte_security_session_conf {
 struct rte_security_session {
 	void *sess_private_data;
 	/**< Private session material */
+	uint64_t opaque_data;
+	/**< Opaque user defined data */
 };
 
 /**
@@ -297,7 +331,7 @@ struct rte_security_session {
  *  - On success, pointer to session
  *  - On failure, NULL
  */
-struct rte_security_session * __rte_experimental
+struct rte_security_session *
 rte_security_session_create(struct rte_security_ctx *instance,
 			    struct rte_security_session_conf *conf,
 			    struct rte_mempool *mp);
@@ -312,7 +346,8 @@ rte_security_session_create(struct rte_security_ctx *instance,
  *  - On success returns 0
  *  - On failure return errno
  */
-int __rte_experimental
+__rte_experimental
+int
 rte_security_session_update(struct rte_security_ctx *instance,
 			    struct rte_security_session *sess,
 			    struct rte_security_session_conf *conf);
@@ -326,7 +361,7 @@ rte_security_session_update(struct rte_security_ctx *instance,
  *   - Size of the private data, if successful
  *   - 0 if device is invalid or does not support the operation.
  */
-unsigned int __rte_experimental
+unsigned int
 rte_security_session_get_size(struct rte_security_ctx *instance);
 
 /**
@@ -341,7 +376,7 @@ rte_security_session_get_size(struct rte_security_ctx *instance);
  *  - -EINVAL if session is NULL.
  *  - -EBUSY if not all device private data has been freed.
  */
-int __rte_experimental
+int
 rte_security_session_destroy(struct rte_security_ctx *instance,
 			     struct rte_security_session *sess);
 
@@ -358,7 +393,7 @@ rte_security_session_destroy(struct rte_security_ctx *instance,
  *  - On success, zero.
  *  - On failure, a negative value.
  */
-int __rte_experimental
+int
 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
 			      struct rte_security_session *sess,
 			      struct rte_mbuf *mb, void *params);
@@ -380,7 +415,8 @@ rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
  *  - On success, userdata
  *  - On failure, NULL
  */
-void * __rte_experimental
+__rte_experimental
+void *
 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
 
 /**
@@ -389,7 +425,7 @@ rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
  * @param	sym_op	crypto operation
  * @param	sess	security session
  */
-static inline int __rte_experimental
+static inline int
 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 			      struct rte_security_session *sess)
 {
@@ -398,13 +434,13 @@ __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
 	return 0;
 }
 
-static inline void * __rte_experimental
+static inline void *
 get_sec_session_private_data(const struct rte_security_session *sess)
 {
 	return sess->sess_private_data;
 }
 
-static inline void __rte_experimental
+static inline void
 set_sec_session_private_data(struct rte_security_session *sess,
 			     void *private_data)
 {
@@ -420,7 +456,7 @@ set_sec_session_private_data(struct rte_security_session *sess,
  * @param	op	crypto operation
  * @param	sess	security session
  */
-static inline int __rte_experimental
+static inline int
 rte_security_attach_session(struct rte_crypto_op *op,
 			    struct rte_security_session *sess)
 {
@@ -441,6 +477,10 @@ struct rte_security_ipsec_stats {
 
 };
 
+struct rte_security_pdcp_stats {
+	uint64_t reserved;
+};
+
 struct rte_security_stats {
 	enum rte_security_session_protocol protocol;
 	/**< Security protocol to be configured */
@@ -449,6 +489,7 @@ struct rte_security_stats {
 	union {
 		struct rte_security_macsec_stats macsec;
 		struct rte_security_ipsec_stats ipsec;
+		struct rte_security_pdcp_stats pdcp;
 	};
 };
 
@@ -462,7 +503,8 @@ struct rte_security_stats {
  *  - On success return 0
  *  - On failure errno
  */
-int __rte_experimental
+__rte_experimental
+int
 rte_security_session_stats_get(struct rte_security_ctx *instance,
 			       struct rte_security_session *sess,
 			       struct rte_security_stats *stats);
@@ -493,6 +535,13 @@ struct rte_security_capability {
 			int dummy;
 		} macsec;
 		/**< MACsec capability */
+		struct {
+			enum rte_security_pdcp_domain domain;
+			/**< PDCP mode of operation: Control or data */
+			uint32_t capa_flags;
+			/**< Capability flags, see RTE_SECURITY_PDCP_* */
+		} pdcp;
+		/**< PDCP capability */
 	};
 
 	const struct rte_cryptodev_capabilities *crypto_capabilities;
@@ -502,6 +551,19 @@ struct rte_security_capability {
 	/**< Device offload flags */
 };
 
+/** Underlying Hardware/driver which support PDCP may or may not support
+ * packet ordering. Set RTE_SECURITY_PDCP_ORDERING_CAP if it support.
+ * If it is not set, driver/HW assumes packets received are in order
+ * and it will be application's responsibility to maintain ordering.
+ */
+#define RTE_SECURITY_PDCP_ORDERING_CAP		0x00000001
+
+/** Underlying Hardware/driver which support PDCP may or may not detect
+ * duplicate packet. Set RTE_SECURITY_PDCP_DUP_DETECT_CAP if it support.
+ * If it is not set, driver/HW assumes there is no duplicate packet received.
+ */
+#define RTE_SECURITY_PDCP_DUP_DETECT_CAP	0x00000002
+
 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA	0x00000001
 /**< HW needs metadata update, see rte_security_set_pkt_metadata().
  */
@@ -509,7 +571,7 @@ struct rte_security_capability {
 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD	0x00000002
 /**< HW constructs trailer of packets
  * Transmitted packets will have the trailer added to them
- * by hardawre. The next protocol field will be based on
+ * by hardware. The next protocol field will be based on
  * the mbuf->inner_esp_next_proto field.
  */
 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD	0x00010000
@@ -534,6 +596,10 @@ struct rte_security_capability_idx {
 			enum rte_security_ipsec_sa_mode mode;
 			enum rte_security_ipsec_sa_direction direction;
 		} ipsec;
+		struct {
+			enum rte_security_pdcp_domain domain;
+			uint32_t capa_flags;
+		} pdcp;
 	};
 };
 
@@ -546,7 +612,7 @@ struct rte_security_capability_idx {
  *   - Returns array of security capabilities.
  *   - Return NULL if no capabilities available.
  */
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
 rte_security_capabilities_get(struct rte_security_ctx *instance);
 
 /**
@@ -560,7 +626,7 @@ rte_security_capabilities_get(struct rte_security_ctx *instance);
  *     index criteria.
  *   - Return NULL if the capability not matched on security instance.
  */
-const struct rte_security_capability * __rte_experimental
+const struct rte_security_capability *
 rte_security_capability_get(struct rte_security_ctx *instance,
 			    struct rte_security_capability_idx *idx);