1 /* SPDX-License-Identifier: GPL-2.0+ */
3 * MACsec netdev header, used for h/w accelerated implementations.
5 * Copyright (c) 2015 Sabrina Dubroca <sd@queasysnail.net>
10 #include <linux/u64_stats_sync.h>
11 #include <uapi/linux/if_link.h>
12 #include <uapi/linux/if_macsec.h>
14 typedef u64 __bitwise sci_t;
16 #define MACSEC_NUM_AN 4 /* 2 bits for the association number */
19 * struct macsec_key - SA key
20 * @id: user-provided key identifier
21 * @tfm: crypto struct, key storage
24 u8 id[MACSEC_KEYID_LEN];
25 struct crypto_aead *tfm;
28 struct macsec_rx_sc_stats {
29 __u64 InOctetsValidated;
30 __u64 InOctetsDecrypted;
31 __u64 InPktsUnchecked;
37 __u64 InPktsNotUsingSA;
41 struct macsec_rx_sa_stats {
45 __u32 InPktsNotUsingSA;
49 struct macsec_tx_sa_stats {
50 __u32 OutPktsProtected;
51 __u32 OutPktsEncrypted;
54 struct macsec_tx_sc_stats {
55 __u64 OutPktsProtected;
56 __u64 OutPktsEncrypted;
57 __u64 OutOctetsProtected;
58 __u64 OutOctetsEncrypted;
62 * struct macsec_rx_sa - receive secure association
64 * @next_pn: packet number expected for the next packet
65 * @lock: protects next_pn manipulations
67 * @stats: per-SA stats
70 struct macsec_key key;
75 struct macsec_rx_sa_stats __percpu *stats;
76 struct macsec_rx_sc *sc;
80 struct pcpu_rx_sc_stats {
81 struct macsec_rx_sc_stats stats;
82 struct u64_stats_sync syncp;
85 struct pcpu_tx_sc_stats {
86 struct macsec_tx_sc_stats stats;
87 struct u64_stats_sync syncp;
91 * struct macsec_rx_sc - receive secure channel
92 * @sci: secure channel identifier for this SC
93 * @active: channel is active
94 * @sa: array of secure associations
95 * @stats: per-SC stats
98 struct macsec_rx_sc __rcu *next;
101 struct macsec_rx_sa __rcu *sa[MACSEC_NUM_AN];
102 struct pcpu_rx_sc_stats __percpu *stats;
104 struct rcu_head rcu_head;
108 * struct macsec_tx_sa - transmit secure association
110 * @next_pn: packet number to use for the next packet
111 * @lock: protects next_pn manipulations
112 * @key: key structure
113 * @stats: per-SA stats
115 struct macsec_tx_sa {
116 struct macsec_key key;
121 struct macsec_tx_sa_stats __percpu *stats;
126 * struct macsec_tx_sc - transmit secure channel
128 * @encoding_sa: association number of the SA currently in use
129 * @encrypt: encrypt packets on transmit, or authenticate only
130 * @send_sci: always include the SCI in the SecTAG
132 * @scb: single copy broadcast flag
133 * @sa: array of secure associations
134 * @stats: stats for this TXSC
136 struct macsec_tx_sc {
143 struct macsec_tx_sa __rcu *sa[MACSEC_NUM_AN];
144 struct pcpu_tx_sc_stats __percpu *stats;
148 * struct macsec_secy - MACsec Security Entity
149 * @netdev: netdevice for this SecY
150 * @n_rx_sc: number of receive secure channels configured on this SecY
151 * @sci: secure channel identifier used for tx
152 * @key_len: length of keys used by the cipher suite
153 * @icv_len: length of ICV used by the cipher suite
154 * @validate_frames: validation mode
155 * @operational: MAC_Operational flag
156 * @protect_frames: enable protection for this SecY
157 * @replay_protect: enable packet number checks on receive
158 * @replay_window: size of the replay window
159 * @tx_sc: transmit secure channel
160 * @rx_sc: linked list of receive secure channels
163 struct net_device *netdev;
164 unsigned int n_rx_sc;
168 enum macsec_validation_type validate_frames;
173 struct macsec_tx_sc tx_sc;
174 struct macsec_rx_sc __rcu *rx_sc;
178 * struct macsec_context - MACsec context for hardware offloading
180 struct macsec_context {
181 struct phy_device *phydev;
182 enum macsec_offload offload;
184 struct macsec_secy *secy;
185 struct macsec_rx_sc *rx_sc;
187 unsigned char assoc_num;
188 u8 key[MACSEC_KEYID_LEN];
190 struct macsec_rx_sa *rx_sa;
191 struct macsec_tx_sa *tx_sa;
198 #endif /* _NET_MACSEC_H_ */