DPDK  18.08.0
rte_security.h
Go to the documentation of this file.
1 /* SPDX-License-Identifier: BSD-3-Clause
2  * Copyright 2017 NXP.
3  * Copyright(c) 2017 Intel Corporation.
4  */
5 
6 #ifndef _RTE_SECURITY_H_
7 #define _RTE_SECURITY_H_
8 
17 #ifdef __cplusplus
18 extern "C" {
19 #endif
20 
21 #include <sys/types.h>
22 
23 #include <netinet/in.h>
24 #include <netinet/ip.h>
25 #include <netinet/ip6.h>
26 
27 #include <rte_compat.h>
28 #include <rte_common.h>
29 #include <rte_crypto.h>
30 #include <rte_mbuf.h>
31 #include <rte_memory.h>
32 #include <rte_mempool.h>
33 
35 enum rte_security_ipsec_sa_mode {
36  RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT = 1,
38  RTE_SECURITY_IPSEC_SA_MODE_TUNNEL,
40 };
41 
43 enum rte_security_ipsec_sa_protocol {
44  RTE_SECURITY_IPSEC_SA_PROTO_AH = 1,
46  RTE_SECURITY_IPSEC_SA_PROTO_ESP,
48 };
49 
51 enum rte_security_ipsec_tunnel_type {
52  RTE_SECURITY_IPSEC_TUNNEL_IPV4 = 1,
54  RTE_SECURITY_IPSEC_TUNNEL_IPV6,
56 };
57 
67 struct rte_security_ctx {
68  void *device;
70  const struct rte_security_ops *ops;
72  uint16_t sess_cnt;
74 };
75 
81 struct rte_security_ipsec_tunnel_param {
82  enum rte_security_ipsec_tunnel_type type;
84  RTE_STD_C11
85  union {
86  struct {
87  struct in_addr src_ip;
89  struct in_addr dst_ip;
91  uint8_t dscp;
93  uint8_t df;
95  uint8_t ttl;
97  } ipv4;
99  struct {
100  struct in6_addr src_addr;
102  struct in6_addr dst_addr;
104  uint8_t dscp;
106  uint32_t flabel;
108  uint8_t hlimit;
110  } ipv6;
112  };
113 };
114 
118 struct rte_security_ipsec_sa_options {
124  uint32_t esn : 1;
125 
132  uint32_t udp_encap : 1;
133 
141  uint32_t copy_dscp : 1;
142 
149  uint32_t copy_flabel : 1;
150 
157  uint32_t copy_df : 1;
158 
166  uint32_t dec_ttl : 1;
167 };
168 
170 enum rte_security_ipsec_sa_direction {
171  RTE_SECURITY_IPSEC_SA_DIR_EGRESS,
173  RTE_SECURITY_IPSEC_SA_DIR_INGRESS,
175 };
176 
182 struct rte_security_ipsec_xform {
183  uint32_t spi;
185  uint32_t salt;
187  struct rte_security_ipsec_sa_options options;
189  enum rte_security_ipsec_sa_direction direction;
191  enum rte_security_ipsec_sa_protocol proto;
193  enum rte_security_ipsec_sa_mode mode;
195  struct rte_security_ipsec_tunnel_param tunnel;
197  uint64_t esn_soft_limit;
199 };
200 
204 struct rte_security_macsec_xform {
206  int dummy;
207 };
208 
212 enum rte_security_session_action_type {
213  RTE_SECURITY_ACTION_TYPE_NONE,
215  RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO,
219  RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL,
223  RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
227 };
228 
230 enum rte_security_session_protocol {
231  RTE_SECURITY_PROTOCOL_IPSEC = 1,
233  RTE_SECURITY_PROTOCOL_MACSEC,
235 };
236 
240 struct rte_security_session_conf {
241  enum rte_security_session_action_type action_type;
243  enum rte_security_session_protocol protocol;
245  RTE_STD_C11
246  union {
247  struct rte_security_ipsec_xform ipsec;
248  struct rte_security_macsec_xform macsec;
249  };
251  struct rte_crypto_sym_xform *crypto_xform;
253  void *userdata;
255 };
256 
257 struct rte_security_session {
258  void *sess_private_data;
260 };
261 
272 struct rte_security_session * __rte_experimental
273 rte_security_session_create(struct rte_security_ctx *instance,
274  struct rte_security_session_conf *conf,
275  struct rte_mempool *mp);
276 
287 int __rte_experimental
288 rte_security_session_update(struct rte_security_ctx *instance,
289  struct rte_security_session *sess,
290  struct rte_security_session_conf *conf);
291 
301 unsigned int __rte_experimental
302 rte_security_session_get_size(struct rte_security_ctx *instance);
303 
316 int __rte_experimental
317 rte_security_session_destroy(struct rte_security_ctx *instance,
318  struct rte_security_session *sess);
319 
333 int __rte_experimental
334 rte_security_set_pkt_metadata(struct rte_security_ctx *instance,
335  struct rte_security_session *sess,
336  struct rte_mbuf *mb, void *params);
337 
355 void * __rte_experimental
356 rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md);
357 
364 static inline int __rte_experimental
365 __rte_security_attach_session(struct rte_crypto_sym_op *sym_op,
366  struct rte_security_session *sess)
367 {
368  sym_op->sec_session = sess;
369 
370  return 0;
371 }
372 
373 static inline void * __rte_experimental
374 get_sec_session_private_data(const struct rte_security_session *sess)
375 {
376  return sess->sess_private_data;
377 }
378 
379 static inline void __rte_experimental
380 set_sec_session_private_data(struct rte_security_session *sess,
381  void *private_data)
382 {
383  sess->sess_private_data = private_data;
384 }
385 
395 static inline int __rte_experimental
396 rte_security_attach_session(struct rte_crypto_op *op,
397  struct rte_security_session *sess)
398 {
399  if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
400  return -EINVAL;
401 
402  op->sess_type = RTE_CRYPTO_OP_SECURITY_SESSION;
403 
404  return __rte_security_attach_session(op->sym, sess);
405 }
406 
407 struct rte_security_macsec_stats {
408  uint64_t reserved;
409 };
410 
411 struct rte_security_ipsec_stats {
412  uint64_t reserved;
413 
414 };
415 
416 struct rte_security_stats {
417  enum rte_security_session_protocol protocol;
420  RTE_STD_C11
421  union {
422  struct rte_security_macsec_stats macsec;
423  struct rte_security_ipsec_stats ipsec;
424  };
425 };
426 
437 int __rte_experimental
438 rte_security_session_stats_get(struct rte_security_ctx *instance,
439  struct rte_security_session *sess,
440  struct rte_security_stats *stats);
441 
445 struct rte_security_capability {
446  enum rte_security_session_action_type action;
448  enum rte_security_session_protocol protocol;
450  RTE_STD_C11
451  union {
452  struct {
453  enum rte_security_ipsec_sa_protocol proto;
455  enum rte_security_ipsec_sa_mode mode;
457  enum rte_security_ipsec_sa_direction direction;
459  struct rte_security_ipsec_sa_options options;
461  } ipsec;
463  struct {
464  /* To be Filled */
465  int dummy;
466  } macsec;
468  };
469 
470  const struct rte_cryptodev_capabilities *crypto_capabilities;
473  uint32_t ol_flags;
475 };
476 
477 #define RTE_SECURITY_TX_OLOAD_NEED_MDATA 0x00000001
478 
481 #define RTE_SECURITY_TX_HW_TRAILER_OFFLOAD 0x00000002
482 
487 #define RTE_SECURITY_RX_HW_TRAILER_OFFLOAD 0x00010000
488 
498 struct rte_security_capability_idx {
499  enum rte_security_session_action_type action;
500  enum rte_security_session_protocol protocol;
501 
502  RTE_STD_C11
503  union {
504  struct {
505  enum rte_security_ipsec_sa_protocol proto;
506  enum rte_security_ipsec_sa_mode mode;
507  enum rte_security_ipsec_sa_direction direction;
508  } ipsec;
509  };
510 };
511 
521 const struct rte_security_capability * __rte_experimental
522 rte_security_capabilities_get(struct rte_security_ctx *instance);
523 
535 const struct rte_security_capability * __rte_experimental
536 rte_security_capability_get(struct rte_security_ctx *instance,
537  struct rte_security_capability_idx *idx);
538 
539 #ifdef __cplusplus
540 }
541 #endif
542 
543 #endif /* _RTE_SECURITY_H_ */
rte_security_ipsec_sa_protocol
rte_security_ipsec_sa_protocol
Definition: rte_security.h:43
__rte_security_attach_session
static int __rte_experimental __rte_security_attach_session(struct rte_crypto_sym_op *sym_op, struct rte_security_session *sess)
Definition: rte_security.h:365
rte_mbuf.h
rte_security_ops
Definition: rte_security_driver.h:137
rte_security_session_action_type
rte_security_session_action_type
Definition: rte_security.h:212
RTE_SECURITY_IPSEC_TUNNEL_IPV4
Definition: rte_security.h:52
rte_security_session_destroy
int __rte_experimental rte_security_session_destroy(struct rte_security_ctx *instance, struct rte_security_session *sess)
rte_crypto_sym_xform
Definition: rte_crypto_sym.h:442
rte_security_ipsec_xform::direction
enum rte_security_ipsec_sa_direction direction
Definition: rte_security.h:189
rte_security_ipsec_tunnel_param::src_ip
struct in_addr src_ip
Definition: rte_security.h:87
rte_crypto_sym_op::sec_session
struct rte_security_session * sec_session
Definition: rte_crypto_sym.h:500
RTE_SECURITY_IPSEC_TUNNEL_IPV6
Definition: rte_security.h:54
rte_security_ipsec_xform::tunnel
struct rte_security_ipsec_tunnel_param tunnel
Definition: rte_security.h:195
rte_security_ipsec_xform::options
struct rte_security_ipsec_sa_options options
Definition: rte_security.h:187
rte_security_capability
Definition: rte_security.h:445
rte_security_capability::action
enum rte_security_session_action_type action
Definition: rte_security.h:446
rte_mempool
Definition: rte_mempool.h:213
rte_security_capability::macsec
struct rte_security_capability::@209::@212 macsec
rte_memory.h
RTE_SECURITY_ACTION_TYPE_NONE
Definition: rte_security.h:213
rte_security_session_create
struct rte_security_session *__rte_experimental rte_security_session_create(struct rte_security_ctx *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp)
rte_security_ipsec_tunnel_param::dst_addr
struct in6_addr dst_addr
Definition: rte_security.h:102
rte_crypto_op::type
uint8_t type
Definition: rte_crypto.h:84
rte_security_session_conf::crypto_xform
struct rte_crypto_sym_xform * crypto_xform
Definition: rte_security.h:251
rte_mempool.h
rte_security_ipsec_tunnel_param::dst_ip
struct in_addr dst_ip
Definition: rte_security.h:89
rte_security_ipsec_sa_mode
rte_security_ipsec_sa_mode
Definition: rte_security.h:35
rte_security_ipsec_sa_options::copy_dscp
uint32_t copy_dscp
Definition: rte_security.h:141
rte_security_ipsec_tunnel_param::df
uint8_t df
Definition: rte_security.h:93
rte_security_ipsec_xform::salt
uint32_t salt
Definition: rte_security.h:185
rte_security_ctx::sess_cnt
uint16_t sess_cnt
Definition: rte_security.h:72
rte_security_ipsec_xform::esn_soft_limit
uint64_t esn_soft_limit
Definition: rte_security.h:197
RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
Definition: rte_security.h:219
RTE_SECURITY_PROTOCOL_IPSEC
Definition: rte_security.h:231
rte_security_session_conf::userdata
void * userdata
Definition: rte_security.h:253
rte_crypto.h
rte_crypto_op
Definition: rte_crypto.h:78
rte_security_ipsec_tunnel_param::hlimit
uint8_t hlimit
Definition: rte_security.h:108
RTE_SECURITY_ACTION_TYPE_INLINE_CRYPTO
Definition: rte_security.h:215
rte_security_session_update
int __rte_experimental rte_security_session_update(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_session_conf *conf)
rte_security_ipsec_sa_direction
rte_security_ipsec_sa_direction
Definition: rte_security.h:170
rte_security_ipsec_tunnel_type
rte_security_ipsec_tunnel_type
Definition: rte_security.h:51
RTE_SECURITY_ACTION_TYPE_LOOKASIDE_PROTOCOL
Definition: rte_security.h:223
rte_security_get_userdata
void *__rte_experimental rte_security_get_userdata(struct rte_security_ctx *instance, uint64_t md)
RTE_CRYPTO_OP_TYPE_SYMMETRIC
Definition: rte_crypto.h:32
rte_security_ipsec_sa_options::copy_flabel
uint32_t copy_flabel
Definition: rte_security.h:149
rte_security_ctx::device
void * device
Definition: rte_security.h:68
rte_security_attach_session
static int __rte_experimental rte_security_attach_session(struct rte_crypto_op *op, struct rte_security_session *sess)
Definition: rte_security.h:396
unlikely
#define unlikely(x)
Definition: rte_branch_prediction.h:38
rte_security_ipsec_tunnel_param::ttl
uint8_t ttl
Definition: rte_security.h:95
rte_security_ctx
Definition: rte_security.h:67
rte_security_ipsec_sa_options
Definition: rte_security.h:118
rte_security_session_conf::protocol
enum rte_security_session_protocol protocol
Definition: rte_security.h:243
rte_security_session_conf::action_type
enum rte_security_session_action_type action_type
Definition: rte_security.h:241
rte_security_capabilities_get
const struct rte_security_capability *__rte_experimental rte_security_capabilities_get(struct rte_security_ctx *instance)
rte_security_capability::ol_flags
uint32_t ol_flags
Definition: rte_security.h:473
RTE_SECURITY_PROTOCOL_MACSEC
Definition: rte_security.h:233
rte_security_capability::options
struct rte_security_ipsec_sa_options options
Definition: rte_security.h:459
rte_security_session_stats_get
int __rte_experimental rte_security_session_stats_get(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_security_stats *stats)
rte_security_set_pkt_metadata
int __rte_experimental rte_security_set_pkt_metadata(struct rte_security_ctx *instance, struct rte_security_session *sess, struct rte_mbuf *mb, void *params)
rte_security_ipsec_xform::spi
uint32_t spi
Definition: rte_security.h:183
rte_security_ipsec_sa_options::copy_df
uint32_t copy_df
Definition: rte_security.h:157
rte_security_ipsec_sa_options::udp_encap
uint32_t udp_encap
Definition: rte_security.h:132
RTE_SECURITY_IPSEC_SA_DIR_EGRESS
Definition: rte_security.h:171
rte_security_ipsec_xform::proto
enum rte_security_ipsec_sa_protocol proto
Definition: rte_security.h:191
rte_security_capability::direction
enum rte_security_ipsec_sa_direction direction
Definition: rte_security.h:457
rte_security_ipsec_tunnel_param::flabel
uint32_t flabel
Definition: rte_security.h:106
rte_security_ipsec_tunnel_param::ipv4
struct rte_security_ipsec_tunnel_param::@201::@203 ipv4
rte_security_ipsec_sa_options::esn
uint32_t esn
Definition: rte_security.h:124
rte_common.h
rte_security_ipsec_tunnel_param::ipv6
struct rte_security_ipsec_tunnel_param::@201::@204 ipv6
rte_security_capability_get
const struct rte_security_capability *__rte_experimental rte_security_capability_get(struct rte_security_ctx *instance, struct rte_security_capability_idx *idx)
RTE_SECURITY_IPSEC_SA_MODE_TRANSPORT
Definition: rte_security.h:36
rte_cryptodev_capabilities
Definition: rte_cryptodev.h:176
RTE_SECURITY_IPSEC_SA_PROTO_ESP
Definition: rte_security.h:46
RTE_CRYPTO_OP_SECURITY_SESSION
Definition: rte_crypto.h:65
RTE_SECURITY_IPSEC_SA_PROTO_AH
Definition: rte_security.h:44
rte_security_ipsec_tunnel_param::dscp
uint8_t dscp
Definition: rte_security.h:91
RTE_STD_C11
#define RTE_STD_C11
Definition: rte_common.h:37
rte_security_ipsec_tunnel_param
Definition: rte_security.h:81
rte_security_capability::proto
enum rte_security_ipsec_sa_protocol proto
Definition: rte_security.h:453
rte_mbuf
Definition: rte_mbuf.h:431
rte_security_macsec_xform
Definition: rte_security.h:204
rte_security_capability::mode
enum rte_security_ipsec_sa_mode mode
Definition: rte_security.h:455
rte_security_capability::crypto_capabilities
const struct rte_cryptodev_capabilities * crypto_capabilities
Definition: rte_security.h:470
rte_security_ipsec_xform::mode
enum rte_security_ipsec_sa_mode mode
Definition: rte_security.h:193
rte_security_ipsec_tunnel_param::type
enum rte_security_ipsec_tunnel_type type
Definition: rte_security.h:82
rte_crypto_op::sess_type
uint8_t sess_type
Definition: rte_crypto.h:94
rte_security_session_protocol
rte_security_session_protocol
Definition: rte_security.h:230
RTE_SECURITY_IPSEC_SA_DIR_INGRESS
Definition: rte_security.h:173
rte_security_macsec_xform::dummy
int dummy
Definition: rte_security.h:206
rte_security_session_conf
Definition: rte_security.h:240
rte_security_capability::ipsec
struct rte_security_capability::@209::@211 ipsec
rte_security_ipsec_xform
Definition: rte_security.h:182
rte_security_capability::protocol
enum rte_security_session_protocol protocol
Definition: rte_security.h:448
rte_security_ipsec_tunnel_param::src_addr
struct in6_addr src_addr
Definition: rte_security.h:100
rte_security_ctx::ops
const struct rte_security_ops * ops
Definition: rte_security.h:70
rte_security_capability_idx
Definition: rte_security.h:498
rte_security_session_get_size
unsigned int __rte_experimental rte_security_session_get_size(struct rte_security_ctx *instance)
rte_crypto_sym_op
Definition: rte_crypto_sym.h:490
rte_crypto_op::sym
struct rte_crypto_sym_op sym[0]
Definition: rte_crypto.h:118
RTE_SECURITY_IPSEC_SA_MODE_TUNNEL
Definition: rte_security.h:38
Generated by   doxygen 1.8.15