MACsec/ MKA config and metric support in OTG model

device/device.yaml

@@ -77,6 +77,16 @@ components:
             Configuration for OSPFv2 router.
           $ref: './ospfv2/router.yaml#/components/schemas/Device.Ospfv2Router'
           x-field-uid: 10
+        macsec:
+          description: >-
+            Configuration of MACsec device.
+          $ref: './macsec/macsec.yaml#/components/schemas/Device.Macsec'
+          x-field-uid: 11
+        mka:
+          description: >-
+            Configuration of MKA supplicant.
+          $ref: './mka/mka.yaml#/components/schemas/Device.Mka'
+          x-field-uid: 12
       required: [name]
     Protocol.Options:
       description: >-

device/macsec/cryptoengine.yaml

@@ -0,0 +1,230 @@
+components:
+  schemas:
+    Macsec.CryptoEngine:
+      description: >-
+        A container of crypto engine properties of a SecY.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Engine type based on encryption and/ or decryption capability. Supported types: 1) stateless_encryption_only - engine can only encrypt transmitted packets but such engine cannot decrypt packets upon arrival. As the packets cannot be decrypted on arrival, such packets cannot be delivered to the receiving device. Hence only stateless traffic can be sent. 2) stateful_encryption_decryption - engine can both encrypt transmitted packets and decrypt packets on arrival. Such engine can have hardware acceleration for faster encryption/ ddecryption. As both encryption and decryption are possible, stateful (e.g. TCP) traffic can be sent/ received.
+          type: string
+          default: stateless_encryption_only
+          x-field-uid: 1
+          x-enum:
+            stateless_encryption_only:
+              x-field-uid: 1
+            stateful_encryption_decryption:
+              x-field-uid: 2
+        stateless_encryption_only:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatelessEncryptionOnly'
+          x-field-uid: 2
+        stateful_encryption_decryption:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatefulEncryptionDecryption'
+          x-field-uid: 3
+    Macsec.CryptoEngine.StatelessEncryptionOnly:
+      description: >-
+        The container for stateless encryption only engine configuration.
+      type: object
+      properties:
+        tx_pn:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatelessEncryptionOnly.TxPn'
+          x-field-uid: 1
+        traffic:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatelessEncryptionOnly.Traffic'
+          x-field-uid: 3
+    Macsec.CryptoEngine.StatefulEncryptionDecryption:
+      description: >-
+        The container for stateful encryption and decryption engine configuration.
+      type: object
+      properties:
+        initial_pn:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatefulEncryptionDecryption.InitialPn'
+          x-field-uid: 1
+        hardware_acceleration:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatefulEncryptionDecryption.HardwareAcceleration'
+          x-field-uid: 2
+    Macsec.CryptoEngine.StatelessEncryptionOnly.TxPn:
+      description: >-
+        Tx packet number(PN) configuration.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Types of Tx packet number(PN) series. Supported choices: 1) fixed PN - MACsec packets will be sent out with the configured fixed PN or lower half of configured fixed XPN. 2) incrementing PN - MACsec packets will be sent out by single device with an incrementing PN or XPN.
+          type: string
+          default: fixed_pn
+          x-field-uid: 1
+          x-enum:
+            fixed_pn:
+              x-field-uid: 1
+            incrementing_pn:
+              x-field-uid: 2
+        fixed:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatelessEncryptionOnly.FixedPn'
+          x-field-uid: 2
+        incrementing:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatelessEncryptionOnly.IncrementingPn'
+          x-field-uid: 3
+    Macsec.CryptoEngine.StatelessEncryptionOnly.FixedPn:
+      description: >-
+        Fixed packet number(PN) configuration.
+      type: object
+      properties:
+        pn:
+          description: >-
+            Fixed Tx packet number(PN). 4 bytes PN with which all packets will be sent out.
+          type: integer
+          format: uint32
+          minimum: 1
+          maximum: 4294967295
+          default: 6 
+          x-field-uid: 1
+        xpn:
+          description: >-
+            Fixed Tx extended packet number(XPN). 8 bytes XPN with which all packets will be sent out.
+          type: string
+          format: hex
+          minLength: 1
+          maxLength: 8
+          minimum: 1
+          default: "0x0000000000000006"
+          x-field-uid: 2
+    Macsec.CryptoEngine.StatelessEncryptionOnly.IncrementingPn:
+      description: >-
+        Incrementing packet number(PN) configuration.
+      type: object
+      properties:
+        count:
+          description: >-
+            Count of packet numbers in series. 
+          type: integer
+          format: uint32
+          minimum: 2
+          maximum: 1000000
+          default: 100
+          x-field-uid: 1
+        first_pn:
+          description: >-
+            The first packet number(PN).
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 10000
+          x-field-uid: 2
+        first_xpn:
+          description: >-
+            The first extended packet number(XPN).
+          type: string
+          format: hex
+          minLength: 1
+          maxLength: 8
+          minimum: 1
+          default: "0x0000000000010000"
+          x-field-uid: 3
+    Macsec.CryptoEngine.StatelessEncryptionOnly.Traffic:
+      description: >-
+        Encryption only traffic configuration.
+      type: object
+      properties:
+        send_gratarp:
+          description: >-
+            Send gratuitous ARP or not.
+          type: boolean
+          default: true 
+          x-field-uid: 1
+    Macsec.CryptoEngine.StatefulEncryptionDecryption.InitialPn:
+      description: >-
+        Initial packet number(PN) configuration.
+      type: object
+      properties:
+        pn:
+          description: >-
+            Initial Tx packet number(PN).
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 1
+          x-field-uid: 1
+    Macsec.CryptoEngine.StatefulEncryptionDecryption.HardwareAcceleration:
+      description: >-
+        Hardware acceleration configuration for offloading MACsec processing to hardware.
+      type: object
+      properties:
+        choice:
+          description: >-
+            Hardware acceleration types.
+          type: string
+          default: none
+          x-field-uid: 1
+          x-enum:
+            none:
+              x-field-uid: 1
+            inline_crypto:
+              x-field-uid: 2
+        inline_crypto:
+          $ref: '#/components/schemas/Macsec.CryptoEngine.StatefulEncryptionDecryption.HardwareAcceleration.InlineCrypto'
+          x-field-uid: 2
+    Macsec.CryptoEngine.StatefulEncryptionDecryption.HardwareAcceleration.InlineCrypto:
+      description: >-
+        Inline cryto engine configuration. Encryption/ decryption are offloaded to hardware. Also dynamic fields e.g. packet number(PN) and integrity check value(ICV) are updated in MACsec header on transmit.
+      type: object
+      properties:
+        rx_sectag_offset:
+          description: >-
+            Offset of Rx secTAG from the first byte in packet.
+          type: integer
+          format: uint32
+          default: 12
+          x-field-uid: 1
+        type_of_ca:
+          description: >-
+            Type of connectivity association(CA).
+          type: string
+          x-field-uid: 2
+          x-enum:
+            pairwise_ca:
+              x-field-uid: 1
+            group_ca_single_dut:
+              x-field-uid: 2
+            group_ca_multipe_duts:
+              x-field-uid: 3
+        max_ca_count:
+          description: >-
+            The maximum number of CAs configured on the port. The maximum count supported per port is 256 for Pair-wise CA, each CA having one MACsec device.
+          type: integer
+          format: uint32
+          minimum: 1
+          maximum: 256
+          default: 256
+          x-field-uid: 3
+        max_dut_tx_sc_per_ca:
+          description: >-
+            The maximum number of DUT transmit SCs that can be supported per CA. The count should be number of Tx SCs supported by the DUT per CA, multiplied by number of DUTs in the CA in case of group CA with multiple DUTs scenario.
+          type: integer
+          format: uint32
+          minimum: 1
+          maximum: 256
+          default: 1
+          x-field-uid: 4
+        max_device_per_ca:
+          description: >-
+            The maximum number of MACsec devices at test port that can be supported on each CA. This number is calculated automatically based on the values configured for Max CA Count and Max DUT Tx SC Per CA. Number of MACsec devices at test port should be configured accordingly.
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 256
+          x-field-uid: 5
+        rx_sc_identifying_field:
+          description: >-
+            The field based on which secure channel(SC) will be identified by the receiving port. Supported fields are:- - 1) source MAC - identify SC based on source MAC field. 2) SCI system ID - identify SC bbased on SCI system ID field. 3) SCI port ID - identify based on SCI port ID field.
+          type: string
+          default: source_mac
+          x-field-uid: 6
+          x-enum:
+            source_mac:
+              x-field-uid: 1
+            sci_sytem_id:
+              x-field-uid: 2
+            sci_port_id:
+              x-field-uid: 3

device/macsec/macsec.yaml

@@ -0,0 +1,64 @@
+components:
+  schemas:
+    Device.Macsec:
+      description: >-
+        A container of properties for a MACsec capable device.
+      type: object
+      required: [ethernet_interfaces]
+      properties:
+        ethernet_interfaces:
+          description: |-
+            Ethernet Interfaces
+          type: array
+          items:
+            $ref: '#/components/schemas/Device.Macsec.EthernetInterface'
+          x-field-uid: 1
+    Device.Macsec.EthernetInterface:
+      description: >-
+        Configuration for single MACsec interface.
+      type: object
+      required: [eth_name, secy]
+      properties:
+        eth_name:
+          description: >-
+            The unique name of the Ethernet interface on which MACsec
+            is enabled.
+          type: string
+          x-constraint:
+          - '/components/schemas/Device.Ethernet/properties/name'
+          x-field-uid: 1
+        secy:
+          description: >-
+            This contains the properties of Secure Entity (SecY).
+          $ref: '#/components/schemas/Macsec'
+          x-field-uid: 2
+
+    Macsec:
+      description: >-
+        Configuration of a Secure Entity (SecY).
+      type: object
+      required: [name]
+      properties:
+        name:
+          x-include: ../../common/common.yaml#/components/schemas/Named.Object/properties/name
+          x-field-uid: 1
+        static_key:
+          description: >-
+            Static key properties properties of SecY. Static key is used in absence MKA.
+          $ref: './statickey.yaml#/components/schemas/Macsec.StaticKey'
+          x-field-uid: 2
+        tx:
+          description: >-
+            Tx properties of SecY.
+          $ref: './tx.yaml#/components/schemas/Macsec.Tx'
+          x-field-uid: 3
+        rx:
+          description: >-
+            Rx properties of SecY.
+          $ref: './rx.yaml#/components/schemas/Macsec.Rx'
+          x-field-uid: 4
+        crypto_engine:
+          description: >-
+            Crypto engine properties of SecY.
+          $ref: './cryptoengine.yaml#/components/schemas/Macsec.CryptoEngine'
+          x-field-uid: 5

device/macsec/rx.yaml

@@ -0,0 +1,38 @@
+components:
+  schemas:
+    Macsec.Rx:
+      description: >-
+        A container for Rx settings of SecY.
+      type: object
+      properties:
+        replay_protection:
+          description: |-
+            Enable replay protection on not. 
+          type: boolean
+          default: false
+          x-field-uid: 1
+        replay_window:
+          description: |-
+            Replay window size. 
+          type: integer
+          format: uint32
+          minimum: 1
+          default: 1
+          x-field-uid: 2
+        static_key:
+          description: |-
+            Rx settings for static key.
+          $ref: '#/components/schemas/Macsec.Rx.StaticKey'
+          x-field-uid: 3
+    Macsec.Rx.StaticKey:
+      description: >-
+        Container for Rx setting for static key.
+      type: object
+      properties:
+        scs:
+          description: >-
+            Rx secure channels.
+          type: array
+          items:
+            $ref: './rxsc.yaml#/components/schemas/Macsec.RxSc'
+          x-field-uid: 1

device/macsec/rxsc.yaml

@@ -0,0 +1,38 @@
+components:
+  schemas:
+    Macsec.RxSc:
+      description: |-
+        Rx SC settings.
+      type: object
+      properties:
+        dut_system_id:
+          description: |-
+            System ID in DUT SCI. 
+          type: string
+          format: mac
+          x-field-uid: 1
+        dut_port_id:
+          description: |-
+            Port ID in DUT SCI. 
+          type: integer
+          format: uint32
+          minimum: 1
+          maximum: 65535
+          default: 1
+          x-field-uid: 2
+        dut_msb_xpn:
+          description: |-
+            DUT MSB of XPN. The 32 most significant bits of the XPN that DUT will be using to construct the 64 bits XPN value when test starts.
+          type: integer
+          format: uint32
+          minimum: 0
+          maximum: 4294967295
+          default: 0x00000000
+          x-field-uid: 3
+        saks:
+          description: |-
+            Rx SAK pool.
+          type: array
+          items:
+            $ref: './statickey.yaml#/components/schemas/Macsec.StaticKey.Sak'
+          x-field-uid: 4