| # SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) |
| --- |
| name: psp |
| |
| doc: |
| PSP Security Protocol Generic Netlink family. |
| |
| definitions: |
| - |
| type: enum |
| name: version |
| entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256, |
| hdr0-aes-gmac-128, hdr0-aes-gmac-256] |
| |
| attribute-sets: |
| - |
| name: dev |
| attributes: |
| - |
| name: id |
| doc: PSP device ID. |
| type: u32 |
| checks: |
| min: 1 |
| - |
| name: ifindex |
| doc: ifindex of the main netdevice linked to the PSP device. |
| type: u32 |
| - |
| name: psp-versions-cap |
| doc: Bitmask of PSP versions supported by the device. |
| type: u32 |
| enum: version |
| enum-as-flags: true |
| - |
| name: psp-versions-ena |
| doc: Bitmask of currently enabled (accepted on Rx) PSP versions. |
| type: u32 |
| enum: version |
| enum-as-flags: true |
| - |
| name: assoc |
| attributes: |
| - |
| name: dev-id |
| doc: PSP device ID. |
| type: u32 |
| checks: |
| min: 1 |
| - |
| name: version |
| doc: | |
| PSP versions (AEAD and protocol version) used by this association, |
| dictates the size of the key. |
| type: u32 |
| enum: version |
| - |
| name: rx-key |
| type: nest |
| nested-attributes: keys |
| - |
| name: tx-key |
| type: nest |
| nested-attributes: keys |
| - |
| name: sock-fd |
| doc: Sockets which should be bound to the association immediately. |
| type: u32 |
| - |
| name: keys |
| attributes: |
| - |
| name: key |
| type: binary |
| - |
| name: spi |
| doc: Security Parameters Index (SPI) of the association. |
| type: u32 |
| - |
| name: stats |
| attributes: |
| - |
| name: dev-id |
| doc: PSP device ID. |
| type: u32 |
| checks: |
| min: 1 |
| - |
| name: key-rotations |
| type: uint |
| doc: | |
| Number of key rotations during the lifetime of the device. |
| Kernel statistic. |
| - |
| name: stale-events |
| type: uint |
| doc: | |
| Number of times a socket's Rx got shut down due to using |
| a key which went stale (fully rotated out). |
| Kernel statistic. |
| - |
| name: rx-packets |
| type: uint |
| doc: | |
| Number of successfully processed and authenticated PSP packets. |
| Device statistic (from the PSP spec). |
| - |
| name: rx-bytes |
| type: uint |
| doc: | |
| Number of successfully authenticated PSP bytes received, counting from |
| the first byte after the IV through the last byte of payload. |
| The fixed initial portion of the PSP header (16 bytes) |
| and the PSP trailer/ICV (16 bytes) are not included in this count. |
| Device statistic (from the PSP spec). |
| - |
| name: rx-auth-fail |
| type: uint |
| doc: | |
| Number of received PSP packets with unsuccessful authentication. |
| Device statistic (from the PSP spec). |
| - |
| name: rx-error |
| type: uint |
| doc: | |
| Number of received PSP packets with length/framing errors. |
| Device statistic (from the PSP spec). |
| - |
| name: rx-bad |
| type: uint |
| doc: | |
| Number of received PSP packets with miscellaneous errors |
| (invalid master key indicated by SPI, unsupported version, etc.) |
| Device statistic (from the PSP spec). |
| - |
| name: tx-packets |
| type: uint |
| doc: | |
| Number of successfully processed PSP packets for transmission. |
| Device statistic (from the PSP spec). |
| - |
| name: tx-bytes |
| type: uint |
| doc: | |
| Number of successfully processed PSP bytes for transmit, counting from |
| the first byte after the IV through the last byte of payload. |
| The fixed initial portion of the PSP header (16 bytes) |
| and the PSP trailer/ICV (16 bytes) are not included in this count. |
| Device statistic (from the PSP spec). |
| - |
| name: tx-error |
| type: uint |
| doc: | |
| Number of PSP packets for transmission with errors. |
| Device statistic (from the PSP spec). |
| |
| operations: |
| list: |
| - |
| name: dev-get |
| doc: Get / dump information about PSP capable devices on the system. |
| attribute-set: dev |
| do: |
| request: |
| attributes: |
| - id |
| reply: &dev-all |
| attributes: |
| - id |
| - ifindex |
| - psp-versions-cap |
| - psp-versions-ena |
| pre: psp-device-get-locked |
| post: psp-device-unlock |
| dump: |
| reply: *dev-all |
| - |
| name: dev-add-ntf |
| doc: Notification about device appearing. |
| notify: dev-get |
| mcgrp: mgmt |
| - |
| name: dev-del-ntf |
| doc: Notification about device disappearing. |
| notify: dev-get |
| mcgrp: mgmt |
| - |
| name: dev-set |
| doc: Set the configuration of a PSP device. |
| attribute-set: dev |
| do: |
| request: |
| attributes: |
| - id |
| - psp-versions-ena |
| reply: |
| attributes: [] |
| pre: psp-device-get-locked |
| post: psp-device-unlock |
| - |
| name: dev-change-ntf |
| doc: Notification about device configuration being changed. |
| notify: dev-get |
| mcgrp: mgmt |
| |
| - |
| name: key-rotate |
| doc: Rotate the device key. |
| attribute-set: dev |
| do: |
| request: |
| attributes: |
| - id |
| reply: |
| attributes: |
| - id |
| pre: psp-device-get-locked |
| post: psp-device-unlock |
| - |
| name: key-rotate-ntf |
| doc: Notification about device key getting rotated. |
| notify: key-rotate |
| mcgrp: use |
| |
| - |
| name: rx-assoc |
| doc: Allocate a new Rx key + SPI pair, associate it with a socket. |
| attribute-set: assoc |
| do: |
| request: |
| attributes: |
| - dev-id |
| - version |
| - sock-fd |
| reply: |
| attributes: |
| - dev-id |
| - rx-key |
| pre: psp-assoc-device-get-locked |
| post: psp-device-unlock |
| - |
| name: tx-assoc |
| doc: Add a PSP Tx association. |
| attribute-set: assoc |
| do: |
| request: |
| attributes: |
| - dev-id |
| - version |
| - tx-key |
| - sock-fd |
| reply: |
| attributes: [] |
| pre: psp-assoc-device-get-locked |
| post: psp-device-unlock |
| |
| - |
| name: get-stats |
| doc: Get device statistics. |
| attribute-set: stats |
| do: |
| request: |
| attributes: |
| - dev-id |
| reply: &stats-all |
| attributes: |
| - dev-id |
| - key-rotations |
| - stale-events |
| pre: psp-device-get-locked |
| post: psp-device-unlock |
| dump: |
| reply: *stats-all |
| |
| mcast-groups: |
| list: |
| - |
| name: mgmt |
| - |
| name: use |
| |
| ... |
