psp.yaml 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282
  1. # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
  2. ---
  3. name: psp
  4. doc:
  5. PSP Security Protocol Generic Netlink family.
  6. definitions:
  7. -
  8. type: enum
  9. name: version
  10. entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256,
  11. hdr0-aes-gmac-128, hdr0-aes-gmac-256]
  12. attribute-sets:
  13. -
  14. name: dev
  15. attributes:
  16. -
  17. name: id
  18. doc: PSP device ID.
  19. type: u32
  20. checks:
  21. min: 1
  22. -
  23. name: ifindex
  24. doc: ifindex of the main netdevice linked to the PSP device.
  25. type: u32
  26. -
  27. name: psp-versions-cap
  28. doc: Bitmask of PSP versions supported by the device.
  29. type: u32
  30. enum: version
  31. enum-as-flags: true
  32. -
  33. name: psp-versions-ena
  34. doc: Bitmask of currently enabled (accepted on Rx) PSP versions.
  35. type: u32
  36. enum: version
  37. enum-as-flags: true
  38. -
  39. name: assoc
  40. attributes:
  41. -
  42. name: dev-id
  43. doc: PSP device ID.
  44. type: u32
  45. checks:
  46. min: 1
  47. -
  48. name: version
  49. doc: |
  50. PSP versions (AEAD and protocol version) used by this association,
  51. dictates the size of the key.
  52. type: u32
  53. enum: version
  54. -
  55. name: rx-key
  56. type: nest
  57. nested-attributes: keys
  58. -
  59. name: tx-key
  60. type: nest
  61. nested-attributes: keys
  62. -
  63. name: sock-fd
  64. doc: Sockets which should be bound to the association immediately.
  65. type: u32
  66. -
  67. name: keys
  68. attributes:
  69. -
  70. name: key
  71. type: binary
  72. -
  73. name: spi
  74. doc: Security Parameters Index (SPI) of the association.
  75. type: u32
  76. -
  77. name: stats
  78. attributes:
  79. -
  80. name: dev-id
  81. doc: PSP device ID.
  82. type: u32
  83. checks:
  84. min: 1
  85. -
  86. name: key-rotations
  87. type: uint
  88. doc: |
  89. Number of key rotations during the lifetime of the device.
  90. Kernel statistic.
  91. -
  92. name: stale-events
  93. type: uint
  94. doc: |
  95. Number of times a socket's Rx got shut down due to using
  96. a key which went stale (fully rotated out).
  97. Kernel statistic.
  98. -
  99. name: rx-packets
  100. type: uint
  101. doc: |
  102. Number of successfully processed and authenticated PSP packets.
  103. Device statistic (from the PSP spec).
  104. -
  105. name: rx-bytes
  106. type: uint
  107. doc: |
  108. Number of successfully authenticated PSP bytes received, counting from
  109. the first byte after the IV through the last byte of payload.
  110. The fixed initial portion of the PSP header (16 bytes)
  111. and the PSP trailer/ICV (16 bytes) are not included in this count.
  112. Device statistic (from the PSP spec).
  113. -
  114. name: rx-auth-fail
  115. type: uint
  116. doc: |
  117. Number of received PSP packets with unsuccessful authentication.
  118. Device statistic (from the PSP spec).
  119. -
  120. name: rx-error
  121. type: uint
  122. doc: |
  123. Number of received PSP packets with length/framing errors.
  124. Device statistic (from the PSP spec).
  125. -
  126. name: rx-bad
  127. type: uint
  128. doc: |
  129. Number of received PSP packets with miscellaneous errors
  130. (invalid master key indicated by SPI, unsupported version, etc.)
  131. Device statistic (from the PSP spec).
  132. -
  133. name: tx-packets
  134. type: uint
  135. doc: |
  136. Number of successfully processed PSP packets for transmission.
  137. Device statistic (from the PSP spec).
  138. -
  139. name: tx-bytes
  140. type: uint
  141. doc: |
  142. Number of successfully processed PSP bytes for transmit, counting from
  143. the first byte after the IV through the last byte of payload.
  144. The fixed initial portion of the PSP header (16 bytes)
  145. and the PSP trailer/ICV (16 bytes) are not included in this count.
  146. Device statistic (from the PSP spec).
  147. -
  148. name: tx-error
  149. type: uint
  150. doc: |
  151. Number of PSP packets for transmission with errors.
  152. Device statistic (from the PSP spec).
  153. operations:
  154. list:
  155. -
  156. name: dev-get
  157. doc: Get / dump information about PSP capable devices on the system.
  158. attribute-set: dev
  159. do:
  160. request:
  161. attributes:
  162. - id
  163. reply: &dev-all
  164. attributes:
  165. - id
  166. - ifindex
  167. - psp-versions-cap
  168. - psp-versions-ena
  169. pre: psp-device-get-locked
  170. post: psp-device-unlock
  171. dump:
  172. reply: *dev-all
  173. -
  174. name: dev-add-ntf
  175. doc: Notification about device appearing.
  176. notify: dev-get
  177. mcgrp: mgmt
  178. -
  179. name: dev-del-ntf
  180. doc: Notification about device disappearing.
  181. notify: dev-get
  182. mcgrp: mgmt
  183. -
  184. name: dev-set
  185. doc: Set the configuration of a PSP device.
  186. attribute-set: dev
  187. do:
  188. request:
  189. attributes:
  190. - id
  191. - psp-versions-ena
  192. reply:
  193. attributes: []
  194. pre: psp-device-get-locked
  195. post: psp-device-unlock
  196. -
  197. name: dev-change-ntf
  198. doc: Notification about device configuration being changed.
  199. notify: dev-get
  200. mcgrp: mgmt
  201. -
  202. name: key-rotate
  203. doc: Rotate the device key.
  204. attribute-set: dev
  205. do:
  206. request:
  207. attributes:
  208. - id
  209. reply:
  210. attributes:
  211. - id
  212. pre: psp-device-get-locked
  213. post: psp-device-unlock
  214. -
  215. name: key-rotate-ntf
  216. doc: Notification about device key getting rotated.
  217. notify: key-rotate
  218. mcgrp: use
  219. -
  220. name: rx-assoc
  221. doc: Allocate a new Rx key + SPI pair, associate it with a socket.
  222. attribute-set: assoc
  223. do:
  224. request:
  225. attributes:
  226. - dev-id
  227. - version
  228. - sock-fd
  229. reply:
  230. attributes:
  231. - dev-id
  232. - rx-key
  233. pre: psp-assoc-device-get-locked
  234. post: psp-device-unlock
  235. -
  236. name: tx-assoc
  237. doc: Add a PSP Tx association.
  238. attribute-set: assoc
  239. do:
  240. request:
  241. attributes:
  242. - dev-id
  243. - version
  244. - tx-key
  245. - sock-fd
  246. reply:
  247. attributes: []
  248. pre: psp-assoc-device-get-locked
  249. post: psp-device-unlock
  250. -
  251. name: get-stats
  252. doc: Get device statistics.
  253. attribute-set: stats
  254. do:
  255. request:
  256. attributes:
  257. - dev-id
  258. reply: &stats-all
  259. attributes:
  260. - dev-id
  261. - key-rotations
  262. - stale-events
  263. pre: psp-device-get-locked
  264. post: psp-device-unlock
  265. dump:
  266. reply: *stats-all
  267. mcast-groups:
  268. list:
  269. -
  270. name: mgmt
  271. -
  272. name: use
  273. ...