xref: /linux/Documentation/netlink/specs/psp.yaml (revision fbf5df34a4dbcd09d433dd4f0916bf9b2ddb16de) 
1# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
2---
3name: psp
4
5doc:
6  PSP Security Protocol Generic Netlink family.
7
8definitions:
9  -
10    type: enum
11    name: version
12    entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256,
13              hdr0-aes-gmac-128, hdr0-aes-gmac-256]
14
15attribute-sets:
16  -
17    name: dev
18    attributes:
19      -
20        name: id
21        doc: PSP device ID.
22        type: u32
23        checks:
24          min: 1
25      -
26        name: ifindex
27        doc: ifindex of the main netdevice linked to the PSP device.
28        type: u32
29      -
30        name: psp-versions-cap
31        doc: Bitmask of PSP versions supported by the device.
32        type: u32
33        enum: version
34        enum-as-flags: true
35      -
36        name: psp-versions-ena
37        doc: Bitmask of currently enabled (accepted on Rx) PSP versions.
38        type: u32
39        enum: version
40        enum-as-flags: true
41  -
42    name: assoc
43    attributes:
44      -
45        name: dev-id
46        doc: PSP device ID.
47        type: u32
48        checks:
49          min: 1
50      -
51        name: version
52        doc: |
53          PSP versions (AEAD and protocol version) used by this association,
54          dictates the size of the key.
55        type: u32
56        enum: version
57      -
58        name: rx-key
59        type: nest
60        nested-attributes: keys
61      -
62        name: tx-key
63        type: nest
64        nested-attributes: keys
65      -
66        name: sock-fd
67        doc: Sockets which should be bound to the association immediately.
68        type: u32
69  -
70    name: keys
71    attributes:
72      -
73        name: key
74        type: binary
75      -
76        name: spi
77        doc: Security Parameters Index (SPI) of the association.
78        type: u32
79  -
80    name: stats
81    attributes:
82      -
83        name: dev-id
84        doc: PSP device ID.
85        type: u32
86        checks:
87          min: 1
88      -
89        name: key-rotations
90        type: uint
91        doc: |
92          Number of key rotations during the lifetime of the device.
93          Kernel statistic.
94      -
95        name: stale-events
96        type: uint
97        doc: |
98          Number of times a socket's Rx got shut down due to using
99          a key which went stale (fully rotated out).
100          Kernel statistic.
101      -
102        name: rx-packets
103        type: uint
104        doc: |
105          Number of successfully processed and authenticated PSP packets.
106          Device statistic (from the PSP spec).
107      -
108        name: rx-bytes
109        type: uint
110        doc: |
111          Number of successfully authenticated PSP bytes received, counting from
112          the first byte after the IV through the last byte of payload.
113          The fixed initial portion of the PSP header (16 bytes)
114          and the PSP trailer/ICV (16 bytes) are not included in this count.
115          Device statistic (from the PSP spec).
116      -
117        name: rx-auth-fail
118        type: uint
119        doc: |
120          Number of received PSP packets with unsuccessful authentication.
121          Device statistic (from the PSP spec).
122      -
123        name: rx-error
124        type: uint
125        doc: |
126          Number of received PSP packets with length/framing errors.
127          Device statistic (from the PSP spec).
128      -
129        name: rx-bad
130        type: uint
131        doc: |
132          Number of received PSP packets with miscellaneous errors
133          (invalid master key indicated by SPI, unsupported version, etc.)
134          Device statistic (from the PSP spec).
135      -
136        name: tx-packets
137        type: uint
138        doc: |
139          Number of successfully processed PSP packets for transmission.
140          Device statistic (from the PSP spec).
141      -
142        name: tx-bytes
143        type: uint
144        doc: |
145          Number of successfully processed PSP bytes for transmit, counting from
146          the first byte after the IV through the last byte of payload.
147          The fixed initial portion of the PSP header (16 bytes)
148          and the PSP trailer/ICV (16 bytes) are not included in this count.
149          Device statistic (from the PSP spec).
150      -
151        name: tx-error
152        type: uint
153        doc: |
154          Number of PSP packets for transmission with errors.
155          Device statistic (from the PSP spec).
156
157operations:
158  list:
159    -
160      name: dev-get
161      doc: Get / dump information about PSP capable devices on the system.
162      attribute-set: dev
163      do:
164        request:
165          attributes:
166            - id
167        reply: &dev-all
168          attributes:
169            - id
170            - ifindex
171            - psp-versions-cap
172            - psp-versions-ena
173        pre: psp-device-get-locked
174        post: psp-device-unlock
175      dump:
176        reply: *dev-all
177    -
178      name: dev-add-ntf
179      doc: Notification about device appearing.
180      notify: dev-get
181      mcgrp: mgmt
182    -
183      name: dev-del-ntf
184      doc: Notification about device disappearing.
185      notify: dev-get
186      mcgrp: mgmt
187    -
188      name: dev-set
189      doc: Set the configuration of a PSP device.
190      attribute-set: dev
191      flags: [admin-perm]
192      do:
193        request:
194          attributes:
195            - id
196            - psp-versions-ena
197        reply:
198          attributes: []
199        pre: psp-device-get-locked
200        post: psp-device-unlock
201    -
202      name: dev-change-ntf
203      doc: Notification about device configuration being changed.
204      notify: dev-get
205      mcgrp: mgmt
206
207    -
208      name: key-rotate
209      doc: Rotate the device key.
210      attribute-set: dev
211      flags: [admin-perm]
212      do:
213        request:
214          attributes:
215            - id
216        reply:
217          attributes:
218            - id
219        pre: psp-device-get-locked
220        post: psp-device-unlock
221    -
222      name: key-rotate-ntf
223      doc: Notification about device key getting rotated.
224      notify: key-rotate
225      mcgrp: use
226
227    -
228      name: rx-assoc
229      doc: Allocate a new Rx key + SPI pair, associate it with a socket.
230      attribute-set: assoc
231      do:
232        request:
233          attributes:
234            - dev-id
235            - version
236            - sock-fd
237        reply:
238          attributes:
239            - dev-id
240            - rx-key
241        pre: psp-assoc-device-get-locked
242        post: psp-device-unlock
243    -
244      name: tx-assoc
245      doc: Add a PSP Tx association.
246      attribute-set: assoc
247      do:
248        request:
249          attributes:
250            - dev-id
251            - version
252            - tx-key
253            - sock-fd
254        reply:
255          attributes: []
256        pre: psp-assoc-device-get-locked
257        post: psp-device-unlock
258
259    -
260      name: get-stats
261      doc: Get device statistics.
262      attribute-set: stats
263      do:
264        request:
265          attributes:
266            - dev-id
267        reply: &stats-all
268          attributes:
269            - dev-id
270            - key-rotations
271            - stale-events
272            - rx-packets
273            - rx-bytes
274            - rx-auth-fail
275            - rx-error
276            - rx-bad
277            - tx-packets
278            - tx-bytes
279            - tx-error
280        pre: psp-device-get-locked
281        post: psp-device-unlock
282      dump:
283        reply: *stats-all
284
285mcast-groups:
286  list:
287    -
288      name: mgmt
289    -
290      name: use
291
292...
293