From patchwork Fri Oct 25 17:53:52 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pavel Belous X-Patchwork-Id: 62021 X-Patchwork-Delegate: gakhil@marvell.com Return-Path: X-Original-To: patchwork@dpdk.org Delivered-To: patchwork@dpdk.org Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 86CF11D50C; Fri, 25 Oct 2019 19:53:57 +0200 (CEST) Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730073.outbound.protection.outlook.com [40.107.73.73]) by dpdk.org (Postfix) with ESMTP id 3C9B21D425 for ; Fri, 25 Oct 2019 19:53:54 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XJm1UlctuMSB5A6ridaXKvYciZt/25hFDJ0QpucwESEvy9uGWEE4RzaZgbYzR1nkcsXpkWxq3YyPKZ5B6GxOiRNyWnS5x6Qj4mP9n/REpNb+GBL06mTSfJ4gJmlhYLaYnFPqZh7skO5hfitb25DXtCND7hkuSkyTFNIfRV6oKt+maPycvbuTaKof86t6R8qSi9/M9aMPpXFYUJ+FjJ47kmQecrOqyW1BqH5AseZD9zwZwg9FhaM1NcsDfrqU7hCZKtgOB7Mqsl2JAWZHmbcRHABZgGrmLLmWStsgVJV/Ntx/ePcHUEdXUtg+aKCw6s800xi1Xpf5BgodtKb+w3Abiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nPaw/Gbqoc+v3Yhh60q7aa3CtgeJoIweKBKuYxtoVlk=; b=I6ubwlqsMMeyTgpG9Z3Vd/ipHlMYOnaez9gDI0ANp7xvqTzEYcBglr2yCPaZLMCs7rWyE66N9szSUhOQVz2x5/iuLS/si+ocjiK9msczBSrwp7f18qGZEncheHB2Lj5AkVUHOVlJI63VVHY3GvLsCiCGzd6G0EeMQOhRe+ZIk3nH/PMGJHAag7TMrlHGeRZZzIBIMi5l6vl9s9tnmKp0BfpR7nSQjIKmPSEnb7cfow6eS0/Z5kiiSQZI/tAdqonhuA8XUnrFICrXRGyK4Xmv/JJauDcjomvH52zaKb/I2z/j8NtMxgYoizcu1tXAdloLKcsfJJNtBi/fSPXrPF37Xg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=aquantia.com; dmarc=pass action=none header.from=aquantia.com; dkim=pass header.d=aquantia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=AQUANTIA1COM.onmicrosoft.com; s=selector2-AQUANTIA1COM-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nPaw/Gbqoc+v3Yhh60q7aa3CtgeJoIweKBKuYxtoVlk=; b=UzSaf6358O2dqgXLbF84rwo/SWgDv4eOEsK+3i3CtDfDRC6w5LRdpwJgo+uq0gSZw/6v1kyL8CCou2ayARg6eap+3DJxwtB0YM5oxky4cDeq5p7Yp9WEDtA9KyKdZ5h9bktLoiY19mg7viEjVHNKcwWNCq4YUCRbK+roMCOjLQI= Received: from CY4PR1101MB2183.namprd11.prod.outlook.com (10.172.76.20) by CY4PR1101MB2311.namprd11.prod.outlook.com (10.174.53.140) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Fri, 25 Oct 2019 17:53:52 +0000 Received: from CY4PR1101MB2183.namprd11.prod.outlook.com ([fe80::55e:4921:90d1:670a]) by CY4PR1101MB2183.namprd11.prod.outlook.com ([fe80::55e:4921:90d1:670a%12]) with mapi id 15.20.2387.023; Fri, 25 Oct 2019 17:53:52 +0000 From: Pavel Belous To: "dev@dpdk.org" CC: Ferruh Yigit , Akhil Goyal , John McNamara , Declan Doherty , Konstantin Ananyev , Thomas Monjalon , Igor Russkikh , Fenilkumar Patel , Hitesh K Maisheri , Pavel Belous , Pavel Belous Thread-Topic: [RFC v2 1/7] security: MACSEC infrastructure data declarations Thread-Index: AQHVi10pl+Kg7kj4tUmdVcjYFe5a7A== Date: Fri, 25 Oct 2019 17:53:52 +0000 Message-ID: <23d01b87ab0b6628fab4480c731930bf82eec91d.1571928488.git.Pavel.Belous@aquantia.com> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: PR1PR01CA0020.eurprd01.prod.exchangelabs.com (2603:10a6:102::33) To CY4PR1101MB2183.namprd11.prod.outlook.com (2603:10b6:910:18::20) authentication-results: spf=none (sender IP is ) smtp.mailfrom=Pavel.Belous@aquantia.com; x-ms-exchange-messagesentrepresentingtype: 1 x-mailer: git-send-email 2.7.4 x-originating-ip: [95.79.108.179] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: b89764f2-2a85-480e-65b3-08d759744c00 x-ms-traffictypediagnostic: CY4PR1101MB2311: x-ld-processed: 83e2e134-991c-4ede-8ced-34d47e38e6b1,ExtFwd x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:386; x-forefront-prvs: 02015246A9 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39850400004)(366004)(396003)(376002)(136003)(346002)(199004)(189003)(66476007)(66556008)(486006)(66446008)(64756008)(7736002)(476003)(36756003)(86362001)(2616005)(6486002)(446003)(71200400001)(118296001)(6512007)(5640700003)(71190400001)(44832011)(2906002)(6436002)(2351001)(11346002)(305945005)(66946007)(14454004)(5660300002)(508600001)(25786009)(4326008)(50226002)(66066001)(6116002)(2501003)(107886003)(3846002)(5024004)(256004)(14444005)(15650500001)(54906003)(99286004)(6916009)(26005)(186003)(102836004)(76176011)(52116002)(386003)(6506007)(316002)(8676002)(1730700003)(81156014)(81166006)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR1101MB2311; H:CY4PR1101MB2183.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: aquantia.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: uIq1u7UW8tx2zW6/wGIsP0xWTgNR6TMATN49DKGIRHQ/OZ7SJLcsXb8fggw8SyOGOTsaYuW0ifNxY9GYqRd0y2imRFQ1sFr/d8IV8sfVhLseF2wxIKA/O3bAIrdYMWVrBWEYJ/gZvmGzOIATvMJo2sq1GhVdBpA5tTb3LodkZXRpctIOkToj9In4bMUcvUynYebOVCpzzYwbgpRgznS+lw31exA77UUPun8EClnccutSS5VloJAeFxqshQrSV7LcM6XJDHi+mU9E7+8UZ+fQKVWZxSCcGkTBxabseuMr+iYuKNYSbUfeVLbuCbilXxovY43rW2bgtyfJllYecJLiLvv61KdVNYQOqKzPBVBmRAH9i/FBAWGGjBvE3PVHx+Vx8Zf9C+XEq/lq5i/a8HkKWGDp/P8PofMgnHMxc647dbGfCxOhYeZYJoHuaYGHjTXQ MIME-Version: 1.0 X-OriginatorOrg: aquantia.com X-MS-Exchange-CrossTenant-Network-Message-Id: b89764f2-2a85-480e-65b3-08d759744c00 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2019 17:53:52.4986 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 83e2e134-991c-4ede-8ced-34d47e38e6b1 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8paUdMV+WL1LML22t41J0Z8v8avtM15VOsbXUlv5C6Cd2i3zNKqkO7mhgNWd/zFzZMiFKAdnnfNiUYSyWlS8sw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2311 Subject: [dpdk-dev] [RFC v2 1/7] security: MACSEC infrastructure data declarations X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" From: Pavel Belous This patch extends rte_security framework to support MACSEC operations. Signed-off-by: Igor Russkikh Signed-off-by: Pavel Belous --- lib/librte_security/rte_security.h | 143 +++++++++++++++++++++++++++++++++++-- 1 file changed, 138 insertions(+), 5 deletions(-) diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index aaafdfc..201319f 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -29,6 +29,7 @@ extern "C" { #include #include #include +#include /** IPSec protocol mode */ enum rte_security_ipsec_sa_mode { @@ -215,11 +216,109 @@ struct rte_security_ipsec_xform { }; /** + * MACSEC global configuration parameters + * + */ +struct rte_security_macsec_param { + uint8_t enabled; + uint32_t ingress_pn_threshold; + uint32_t egress_pn_threshold; + uint8_t interrupts_enabled; + /**< List of bypassed ethertypes */ + uint32_t ctl_ether_types[8]; +}; + +/** + * MACSEC SC (Secure Connection) parameters + * + */ +struct rte_security_macsec_txsc_param { + struct rte_ether_addr s_mac; + /**< local side mac address */ + struct rte_ether_addr d_mac; + /**< remote side mac address */ + uint64_t sci; + uint32_t tci; + uint32_t sa_num; + uint8_t encrypt; + uint8_t protect; + uint8_t key_len; + uint8_t auto_rollover_enabled; + + uint32_t index; + uint32_t curr_an; +}; + +struct rte_security_macsec_rxsc_param { + struct rte_ether_addr s_mac; + struct rte_ether_addr d_mac; + uint64_t sci; + uint32_t tci; + uint32_t sa_num; + /**< remote side mac address */ + uint8_t replay_protection; + /**< replay protection */ + uint32_t anti_replay_window; + /**< anti replay window */ + uint16_t port_ident; + /**< remote side port identifier */ + uint8_t auto_rollover_enabled; + uint8_t validate_frames; + + uint32_t index; +}; + +struct rte_security_macsec_sa_param { + uint8_t sa_idx; + uint8_t an; + uint32_t packet_number; + uint8_t key_len; + uint8_t key[32]; +}; + +struct rte_security_macsec_capabilities { + /** Extended Packet Numbers (XPN) + * + * * 1: Extended (64 bit) packet numbers supported + * * 0: Extended (64 bit) packet numbers not supported + */ + uint32_t xpn : 1; +}; + +/** + * Available operations over MACSEC instance + */ +enum rte_security_macsec_op { + RTE_SECURITY_MACSEC_OP_CONFIG = 0, + + RTE_SECURITY_MACSEC_OP_ADD_TXSC, + RTE_SECURITY_MACSEC_OP_DEL_TXSC, + RTE_SECURITY_MACSEC_OP_UPD_TXSC, + + RTE_SECURITY_MACSEC_OP_ADD_RXSC, + RTE_SECURITY_MACSEC_OP_DEL_RXSC, + RTE_SECURITY_MACSEC_OP_UPD_RXSC, + + RTE_SECURITY_MACSEC_OP_ADD_TXSA, + RTE_SECURITY_MACSEC_OP_DEL_TXSA, + RTE_SECURITY_MACSEC_OP_UPD_TXSA, + + RTE_SECURITY_MACSEC_OP_ADD_RXSA, + RTE_SECURITY_MACSEC_OP_DEL_RXSA, + RTE_SECURITY_MACSEC_OP_UPD_RXSA, +}; + +/** * MACsec security session configuration */ struct rte_security_macsec_xform { - /** To be Filled */ - int dummy; + enum rte_security_macsec_op op; + union { + struct rte_security_macsec_param config_options; + struct rte_security_macsec_txsc_param txsc_options; + struct rte_security_macsec_rxsc_param rxsc_options; + struct rte_security_macsec_sa_param sa_options; + }; }; /** @@ -495,7 +594,42 @@ rte_security_attach_session(struct rte_crypto_op *op, } struct rte_security_macsec_stats { - uint64_t reserved; + /* Ingress Counters */ + uint64_t in_ctl_pkts; + uint64_t in_tagged_miss_pkts; + uint64_t in_untagged_miss_pkts; + uint64_t in_notag_pkts; + uint64_t in_untagged_pkts; + uint64_t in_bad_tag_pkts; + uint64_t in_no_sci_pkts; + uint64_t in_unknown_sci_pkts; + + /* Egress Counters */ + uint64_t out_ctl_pkts; + uint64_t out_unknown_sa_pkts; + uint64_t out_untagged_pkts; + uint64_t out_too_long; + + /* Ingress SA Counters */ + uint64_t in_untagged_hit_pkts; + uint64_t in_not_using_sa; + uint64_t in_unused_sa; + uint64_t in_not_valid_pkts; + uint64_t in_invalid_pkts; + uint64_t in_ok_pkts; + uint64_t in_unchecked_pkts; + uint64_t in_validated_octets; + uint64_t in_decrypted_octets; + /* Egress SC Counters */ + uint64_t out_sc_protected_pkts; + uint64_t out_sc_encrypted_pkts; + uint64_t out_sc_protected_octets; + uint64_t out_sc_encrypted_octets; + /* Egress SA Counters */ + uint64_t out_sa_hit_drop_redirect; + uint64_t out_sa_protected2_pkts; + uint64_t out_sa_protected_pkts; + uint64_t out_sa_encrypted_pkts; }; struct rte_security_ipsec_stats { @@ -566,8 +700,7 @@ struct rte_security_capability { } ipsec; /**< IPsec capability */ struct { - /* To be Filled */ - int dummy; + struct rte_security_macsec_capabilities caps; } macsec; /**< MACsec capability */ struct {