mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-21 20:45:27 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf94dea7fd4e6708d1a784be23db65eff84d82f1
linux/Documentation/netlink/specs/psp.yaml
Jakub Kicinski 6b46ca260e net: psp: add socket security association code 
Add the ability to install PSP Rx and Tx crypto keys on TCP
connections. Netlink ops are provided for both operations.
Rx side combines allocating a new Rx key and installing it
on the socket. Theoretically these are separate actions,
but in practice they will always be used one after the
other. We can add distinct "alloc" and "install" ops later.

Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Co-developed-by: Daniel Zahka <daniel.zahka@gmail.com>
Signed-off-by: Daniel Zahka <daniel.zahka@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250917000954.859376-9-daniel.zahka@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2025-09-18 12:32:06 +02:00

188 lines
4.0 KiB
YAML
Raw Blame History

# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
---
name: psp
doc:
PSP Security Protocol Generic Netlink family.
definitions:
-
type: enum
name: version
entries: [hdr0-aes-gcm-128, hdr0-aes-gcm-256,
hdr0-aes-gmac-128, hdr0-aes-gmac-256]
attribute-sets:
-
name: dev
attributes:
-
name: id
doc: PSP device ID.
type: u32
checks:
min: 1
-
name: ifindex
doc: ifindex of the main netdevice linked to the PSP device.
type: u32
-
name: psp-versions-cap
doc: Bitmask of PSP versions supported by the device.
type: u32
enum: version
enum-as-flags: true
-
name: psp-versions-ena
doc: Bitmask of currently enabled (accepted on Rx) PSP versions.
type: u32
enum: version
enum-as-flags: true
-
name: assoc
attributes:
-
name: dev-id
doc: PSP device ID.
type: u32
checks:
min: 1
-
name: version
doc: |
PSP versions (AEAD and protocol version) used by this association,
dictates the size of the key.
type: u32
enum: version
-
name: rx-key
type: nest
nested-attributes: keys
-
name: tx-key
type: nest
nested-attributes: keys
-
name: sock-fd
doc: Sockets which should be bound to the association immediately.
type: u32
-
name: keys
attributes:
-
name: key
type: binary
-
name: spi
doc: Security Parameters Index (SPI) of the association.
type: u32
operations:
list:
-
name: dev-get
doc: Get / dump information about PSP capable devices on the system.
attribute-set: dev
do:
request:
attributes:
- id
reply: &dev-all
attributes:
- id
- ifindex
- psp-versions-cap
- psp-versions-ena
pre: psp-device-get-locked
post: psp-device-unlock
dump:
reply: *dev-all
-
name: dev-add-ntf
doc: Notification about device appearing.
notify: dev-get
mcgrp: mgmt
-
name: dev-del-ntf
doc: Notification about device disappearing.
notify: dev-get
mcgrp: mgmt
-
name: dev-set
doc: Set the configuration of a PSP device.
attribute-set: dev
do:
request:
attributes:
- id
- psp-versions-ena
reply:
attributes: []
pre: psp-device-get-locked
post: psp-device-unlock
-
name: dev-change-ntf
doc: Notification about device configuration being changed.
notify: dev-get
mcgrp: mgmt
-
name: key-rotate
doc: Rotate the device key.
attribute-set: dev
do:
request:
attributes:
- id
reply:
attributes:
- id
pre: psp-device-get-locked
post: psp-device-unlock
-
name: key-rotate-ntf
doc: Notification about device key getting rotated.
notify: key-rotate
mcgrp: use
-
name: rx-assoc
doc: Allocate a new Rx key + SPI pair, associate it with a socket.
attribute-set: assoc
do:
request:
attributes:
- dev-id
- version
- sock-fd
reply:
attributes:
- dev-id
- rx-key
pre: psp-assoc-device-get-locked
post: psp-device-unlock
-
name: tx-assoc
doc: Add a PSP Tx association.
attribute-set: assoc
do:
request:
attributes:
- dev-id
- version
- tx-key
- sock-fd
reply:
attributes: []
pre: psp-assoc-device-get-locked
post: psp-device-unlock
mcast-groups:
list:
-
name: mgmt
-
name: use
...
Reference in New Issue View Git Blame Copy Permalink