4 * Copyright(c) 2015 Intel Corporation. All rights reserved.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
16 * * Neither the name of Intel Corporation nor the names of its
17 * contributors may be used to endorse or promote products derived
18 * from this software without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
23 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #ifndef _RTE_CRYPTO_H_
34 #define _RTE_CRYPTO_H_
39 * RTE Cryptographic Definitions
41 * Defines symmetric cipher and authentication algorithms and modes, as well
42 * as supported symmetric crypto operation combinations.
50 #include <rte_memory.h>
51 #include <rte_mempool.h>
53 /** Symmetric Cipher Algorithms */
54 enum rte_crypto_cipher_algorithm {
55 RTE_CRYPTO_CIPHER_NULL = 1,
56 /**< NULL cipher algorithm. No mode applies to the NULL algorithm. */
58 RTE_CRYPTO_CIPHER_3DES_CBC,
59 /**< Triple DES algorithm in CBC mode */
60 RTE_CRYPTO_CIPHER_3DES_CTR,
61 /**< Triple DES algorithm in CTR mode */
62 RTE_CRYPTO_CIPHER_3DES_ECB,
63 /**< Triple DES algorithm in ECB mode */
65 RTE_CRYPTO_CIPHER_AES_CBC,
66 /**< AES algorithm in CBC mode */
67 RTE_CRYPTO_CIPHER_AES_CCM,
68 /**< AES algorithm in CCM mode. When this cipher algorithm is used the
69 * *RTE_CRYPTO_AUTH_AES_CCM* element of the
70 * *rte_crypto_hash_algorithm* enum MUST be used to set up the related
71 * *rte_crypto_auth_xform* structure in the session context or in
72 * the op_params of the crypto operation structure in the case of a
73 * session-less crypto operation
75 RTE_CRYPTO_CIPHER_AES_CTR,
76 /**< AES algorithm in Counter mode */
77 RTE_CRYPTO_CIPHER_AES_ECB,
78 /**< AES algorithm in ECB mode */
79 RTE_CRYPTO_CIPHER_AES_F8,
80 /**< AES algorithm in F8 mode */
81 RTE_CRYPTO_CIPHER_AES_GCM,
82 /**< AES algorithm in GCM mode. When this cipher algorithm is used the
83 * *RTE_CRYPTO_AUTH_AES_GCM* element of the
84 * *rte_crypto_auth_algorithm* enum MUST be used to set up the related
85 * *rte_crypto_auth_setup_data* structure in the session context or in
86 * the op_params of the crypto operation structure in the case of a
87 * session-less crypto operation.
89 RTE_CRYPTO_CIPHER_AES_XTS,
90 /**< AES algorithm in XTS mode */
92 RTE_CRYPTO_CIPHER_ARC4,
93 /**< (A)RC4 cipher algorithm */
95 RTE_CRYPTO_CIPHER_KASUMI_F8,
96 /**< Kasumi algorithm in F8 mode */
98 RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
99 /**< SNOW3G algorithm in UEA2 mode */
101 RTE_CRYPTO_CIPHER_ZUC_EEA3
102 /**< ZUC algorithm in EEA3 mode */
105 /** Symmetric Cipher Direction */
106 enum rte_crypto_cipher_operation {
107 RTE_CRYPTO_CIPHER_OP_ENCRYPT,
108 /**< Encrypt cipher operation */
109 RTE_CRYPTO_CIPHER_OP_DECRYPT
110 /**< Decrypt cipher operation */
113 /** Crypto key structure */
114 struct rte_crypto_key {
115 uint8_t *data; /**< pointer to key data */
116 phys_addr_t phys_addr;
117 size_t length; /**< key length in bytes */
121 * Symmetric Cipher Setup Data.
123 * This structure contains data relating to Cipher (Encryption and Decryption)
124 * use to create a session.
126 struct rte_crypto_cipher_xform {
127 enum rte_crypto_cipher_operation op;
128 /**< This parameter determines if the cipher operation is an encrypt or
129 * a decrypt operation. For the RC4 algorithm and the F8/CTR modes,
130 * only encrypt operations are valid.
132 enum rte_crypto_cipher_algorithm algo;
133 /**< Cipher algorithm */
135 struct rte_crypto_key key;
138 * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data will
139 * point to a concatenation of the AES encryption key followed by a
140 * keymask. As per RFC3711, the keymask should be padded with trailing
141 * bytes to match the length of the encryption key used.
143 * For AES-XTS mode of operation, two keys must be provided and
144 * key.data must point to the two keys concatenated together (Key1 ||
145 * Key2). The cipher key length will contain the total size of both
148 * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
149 * 192 bits (24 bytes) or 256 bits (32 bytes).
151 * For the CCM mode of operation, the only supported key length is 128
154 * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length
155 * should be set to the combined length of the encryption key and the
156 * keymask. Since the keymask and the encryption key are the same size,
157 * key.length should be set to 2 x the AES encryption key length.
159 * For the AES-XTS mode of operation:
160 * - Two keys must be provided and key.length refers to total length of
162 * - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
163 * - Both keys must have the same size.
167 /** Symmetric Authentication / Hash Algorithms */
168 enum rte_crypto_auth_algorithm {
169 RTE_CRYPTO_AUTH_NULL = 1,
170 /**< NULL hash algorithm. */
172 RTE_CRYPTO_AUTH_AES_CBC_MAC,
173 /**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
174 RTE_CRYPTO_AUTH_AES_CCM,
175 /**< AES algorithm in CCM mode. This is an authenticated cipher. When
176 * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*
177 * element of the *rte_crypto_cipher_algorithm* enum MUST be used to
178 * set up the related rte_crypto_cipher_setup_data structure in the
179 * session context or the corresponding parameter in the crypto
180 * operation data structures op_params parameter MUST be set for a
181 * session-less crypto operation.
183 RTE_CRYPTO_AUTH_AES_CMAC,
184 /**< AES CMAC algorithm. */
185 RTE_CRYPTO_AUTH_AES_GCM,
186 /**< AES algorithm in GCM mode. When this hash algorithm
187 * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
188 * rte_crypto_cipher_algorithm enum MUST be used to set up the related
189 * rte_crypto_cipher_setup_data structure in the session context, or
190 * the corresponding parameter in the crypto operation data structures
191 * op_params parameter MUST be set for a session-less crypto operation.
193 RTE_CRYPTO_AUTH_AES_GMAC,
194 /**< AES GMAC algorithm. When this hash algorithm
195 * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
196 * rte_crypto_cipher_algorithm enum MUST be used to set up the related
197 * rte_crypto_cipher_setup_data structure in the session context, or
198 * the corresponding parameter in the crypto operation data structures
199 * op_params parameter MUST be set for a session-less crypto operation.
201 RTE_CRYPTO_AUTH_AES_XCBC_MAC,
202 /**< AES XCBC algorithm. */
204 RTE_CRYPTO_AUTH_KASUMI_F9,
205 /**< Kasumi algorithm in F9 mode. */
208 /**< MD5 algorithm */
209 RTE_CRYPTO_AUTH_MD5_HMAC,
210 /**< HMAC using MD5 algorithm */
212 RTE_CRYPTO_AUTH_SHA1,
213 /**< 128 bit SHA algorithm. */
214 RTE_CRYPTO_AUTH_SHA1_HMAC,
215 /**< HMAC using 128 bit SHA algorithm. */
216 RTE_CRYPTO_AUTH_SHA224,
217 /**< 224 bit SHA algorithm. */
218 RTE_CRYPTO_AUTH_SHA224_HMAC,
219 /**< HMAC using 224 bit SHA algorithm. */
220 RTE_CRYPTO_AUTH_SHA256,
221 /**< 256 bit SHA algorithm. */
222 RTE_CRYPTO_AUTH_SHA256_HMAC,
223 /**< HMAC using 256 bit SHA algorithm. */
224 RTE_CRYPTO_AUTH_SHA384,
225 /**< 384 bit SHA algorithm. */
226 RTE_CRYPTO_AUTH_SHA384_HMAC,
227 /**< HMAC using 384 bit SHA algorithm. */
228 RTE_CRYPTO_AUTH_SHA512,
229 /**< 512 bit SHA algorithm. */
230 RTE_CRYPTO_AUTH_SHA512_HMAC,
231 /**< HMAC using 512 bit SHA algorithm. */
233 RTE_CRYPTO_AUTH_SNOW3G_UIA2,
234 /**< SNOW3G algorithm in UIA2 mode. */
236 RTE_CRYPTO_AUTH_ZUC_EIA3,
237 /**< ZUC algorithm in EIA3 mode */
240 /** Symmetric Authentication / Hash Operations */
241 enum rte_crypto_auth_operation {
242 RTE_CRYPTO_AUTH_OP_VERIFY, /**< Verify authentication digest */
243 RTE_CRYPTO_AUTH_OP_GENERATE /**< Generate authentication digest */
247 * Authentication / Hash transform data.
249 * This structure contains data relating to an authentication/hash crypto
250 * transforms. The fields op, algo and digest_length are common to all
251 * authentication transforms and MUST be set.
253 struct rte_crypto_auth_xform {
254 enum rte_crypto_auth_operation op;
255 /**< Authentication operation type */
256 enum rte_crypto_auth_algorithm algo;
257 /**< Authentication algorithm selection */
259 struct rte_crypto_key key; /**< Authentication key data.
260 * The authentication key length MUST be less than or equal to the
261 * block size of the algorithm. It is the callers responsibility to
262 * ensure that the key length is compliant with the standard being used
263 * (for example RFC 2104, FIPS 198a).
266 uint32_t digest_length;
267 /**< Length of the digest to be returned. If the verify option is set,
268 * this specifies the length of the digest to be compared for the
271 * If the value is less than the maximum length allowed by the hash,
272 * the result shall be truncated. If the value is greater than the
273 * maximum length allowed by the hash then an error will be generated
274 * by *rte_cryptodev_session_create* or by the
275 * *rte_cryptodev_enqueue_burst* if using session-less APIs.
278 uint32_t add_auth_data_length;
279 /**< The length of the additional authenticated data (AAD) in bytes.
280 * The maximum permitted value is 240 bytes, unless otherwise specified
283 * This field must be specified when the hash algorithm is one of the
286 * - For SNOW3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the
287 * length of the IV (which should be 16).
289 * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM). In this case, this is
290 * the length of the Additional Authenticated Data (called A, in NIST
293 * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM). In this case, this is
294 * the length of the associated data (called A, in NIST SP800-38C).
295 * Note that this does NOT include the length of any padding, or the
296 * 18 bytes reserved at the start of the above field to store the
297 * block B0 and the encoded length. The maximum permitted value in
298 * this case is 222 bytes.
301 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation
302 * this field is not used and should be set to 0. Instead the length
303 * of the AAD data is specified in the message length to hash field of
304 * the rte_crypto_op_data structure.
308 /** Crypto transformation types */
309 enum rte_crypto_xform_type {
310 RTE_CRYPTO_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */
311 RTE_CRYPTO_XFORM_AUTH, /**< Authentication xform */
312 RTE_CRYPTO_XFORM_CIPHER /**< Cipher xform */
316 * Crypto transform structure.
318 * This is used to specify the crypto transforms required, multiple transforms
319 * can be chained together to specify a chain transforms such as authentication
320 * then cipher, or cipher then authentication. Each transform structure can
321 * hold a single transform, the type field is used to specify which transform
322 * is contained within the union
324 struct rte_crypto_xform {
325 struct rte_crypto_xform *next; /**< next xform in chain */
327 enum rte_crypto_xform_type type; /**< xform type */
329 struct rte_crypto_auth_xform auth;
330 /**< Authentication / hash xform */
331 struct rte_crypto_cipher_xform cipher;
337 * Crypto operation session type. This is used to specify whether a crypto
338 * operation has session structure attached for immutable parameters or if all
339 * operation information is included in the operation data structure.
341 enum rte_crypto_op_sess_type {
342 RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */
343 RTE_CRYPTO_OP_SESSIONLESS /**< Session-less crypto operation */
346 /** Status of crypto operation */
347 enum rte_crypto_op_status {
348 RTE_CRYPTO_OP_STATUS_SUCCESS,
349 /**< Operation completed successfully */
350 RTE_CRYPTO_OP_STATUS_NO_SUBMITTED,
351 /**< Operation not yet submitted to a cryptodev */
352 RTE_CRYPTO_OP_STATUS_ENQUEUED,
353 /**< Operation is enqueued on device */
354 RTE_CRYPTO_OP_STATUS_AUTH_FAILED,
355 /**< Authentication verification failed */
356 RTE_CRYPTO_OP_STATUS_INVALID_ARGS,
357 /**< Operation failed due to invalid arguments in request */
358 RTE_CRYPTO_OP_STATUS_ERROR,
359 /**< Error handling operation */
363 * Cryptographic Operation Data.
365 * This structure contains data relating to performing cryptographic processing
366 * on a data buffer. This request is used with rte_crypto_enqueue_burst() call
367 * for performing cipher, hash, or a combined hash and cipher operations.
369 struct rte_crypto_op {
370 enum rte_crypto_op_sess_type type;
371 enum rte_crypto_op_status status;
374 struct rte_mbuf *m; /**< Destination mbuf */
375 uint8_t offset; /**< Data offset */
379 struct rte_cryptodev_session *session;
380 /**< Handle for the initialised session context */
381 struct rte_crypto_xform *xform;
382 /**< Session-less API crypto operation parameters */
388 /**< Starting point for cipher processing, specified
389 * as number of bytes from start of data in the source
390 * buffer. The result of the cipher operation will be
391 * written back into the output buffer starting at
396 /**< The message length, in bytes, of the source buffer
397 * on which the cryptographic operation will be
398 * computed. This must be a multiple of the block size
399 * if a block cipher is being used. This is also the
400 * same as the result length.
403 * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
404 * this value should not include the length of the
405 * padding or the length of the MAC; the driver will
406 * compute the actual number of bytes over which the
407 * encryption will occur, which will include these
411 * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
412 * field should be set to 0.
414 } to_cipher; /**< Data offsets and length for ciphering */
418 /**< Starting point for hash processing, specified as
419 * number of bytes from start of packet in source
423 * For CCM and GCM modes of operation, this field is
424 * ignored. The field @ref additional_auth field
425 * should be set instead.
427 * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
428 * mode of operation, this field specifies the start
429 * of the AAD data in the source buffer.
433 /**< The message length, in bytes, of the source
434 * buffer that the hash will be computed on.
437 * For CCM and GCM modes of operation, this field is
438 * ignored. The field @ref additional_auth field
439 * should be set instead.
442 * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
443 * of operation, this field specifies the length of
444 * the AAD data in the source buffer.
446 } to_hash; /**< Data offsets and length for authentication */
447 } data; /**< Details of data to be operated on */
451 /**< Initialisation Vector or Counter.
453 * - For block ciphers in CBC or F8 mode, or for Kasumi in F8
454 * mode, or for SNOW3G in UEA2 mode, this is the Initialisation
457 * - For block ciphers in CTR mode, this is the counter.
459 * - For GCM mode, this is either the IV (if the length is 96
460 * bits) or J0 (for other sizes), where J0 is as defined by
461 * NIST SP800-38D. Regardless of the IV length, a full 16 bytes
462 * needs to be allocated.
464 * - For CCM mode, the first byte is reserved, and the nonce
465 * should be written starting at &iv[1] (to allow space for the
466 * implementation to write in the flags in the first byte).
467 * Note that a full 16 bytes should be allocated, even though
468 * the length field will have a value less than this.
470 * - For AES-XTS, this is the 128bit tweak, i, from IEEE Std
473 * For optimum performance, the data pointed to SHOULD be
476 phys_addr_t phys_addr;
478 /**< Length of valid IV data.
480 * - For block ciphers in CBC or F8 mode, or for Kasumi in F8
481 * mode, or for SNOW3G in UEA2 mode, this is the length of the
482 * IV (which must be the same as the block length of the
485 * - For block ciphers in CTR mode, this is the length of the
486 * counter (which must be the same as the block length of the
489 * - For GCM mode, this is either 12 (for 96-bit IVs) or 16, in
490 * which case data points to J0.
492 * - For CCM mode, this is the length of the nonce, which can
493 * be in the range 7 to 13 inclusive.
495 } iv; /**< Initialisation vector parameters */
499 /**< If this member of this structure is set this is a
500 * pointer to the location where the digest result should be
501 * inserted (in the case of digest generation) or where the
502 * purported digest exists (in the case of digest
505 * At session creation time, the client specified the digest
506 * result length with the digest_length member of the @ref
507 * rte_crypto_auth_xform structure. For physical crypto
508 * devices the caller must allocate at least digest_length of
509 * physically contiguous memory at this location.
511 * For digest generation, the digest result will overwrite
512 * any data at this location.
515 * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
516 * "digest result" read "authentication tag T".
518 * If this member is not set the digest result is understood
519 * to be in the destination buffer for digest generation, and
520 * in the source buffer for digest verification. The location
521 * of the digest result in this case is immediately following
522 * the region over which the digest is computed.
524 phys_addr_t phys_addr; /**< Physical address of digest */
525 uint32_t length; /**< Length of digest */
526 } digest; /**< Digest parameters */
530 /**< Pointer to Additional Authenticated Data (AAD) needed for
531 * authenticated cipher mechanisms (CCM and GCM), and to the IV
532 * for SNOW3G authentication
533 * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
534 * authentication mechanisms this pointer is ignored.
536 * The length of the data pointed to by this field is set up
537 * for the session in the @ref rte_crypto_auth_xform structure
538 * as part of the @ref rte_cryptodev_session_create function
539 * call. This length must not exceed 240 bytes.
541 * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM), the
542 * caller should setup this field as follows:
544 * - the nonce should be written starting at an offset of one
545 * byte into the array, leaving room for the implementation
546 * to write in the flags to the first byte.
548 * - the additional authentication data itself should be
549 * written starting at an offset of 18 bytes into the array,
550 * leaving room for the length encoding in the first two
551 * bytes of the second block.
553 * - the array should be big enough to hold the above fields,
554 * plus any padding to round this up to the nearest multiple
555 * of the block size (16 bytes). Padding will be added by
556 * the implementation.
558 * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
559 * caller should setup this field as follows:
561 * - the AAD is written in starting at byte 0
562 * - the array must be big enough to hold the AAD, plus any
563 * space to round this up to the nearest multiple of the
564 * block size (16 bytes).
567 * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
568 * operation, this field is not used and should be set to 0.
569 * Instead the AAD data should be placed in the source buffer.
571 phys_addr_t phys_addr; /**< physical address */
572 uint32_t length; /**< Length of digest */
574 /**< Additional authentication parameters */
576 struct rte_mempool *pool;
577 /**< mempool used to allocate crypto op */
580 /**< opaque pointer for user data */
585 * Reset the fields of a crypto operation to their default values.
587 * @param op The crypto operation to be reset.
590 __rte_crypto_op_reset(struct rte_crypto_op *op)
592 op->type = RTE_CRYPTO_OP_SESSIONLESS;
597 /** Attach a session to a crypto operation */
599 rte_crypto_op_attach_session(struct rte_crypto_op *op,
600 struct rte_cryptodev_session *sess)
603 op->type = RTE_CRYPTO_OP_WITH_SESSION;
610 #endif /* _RTE_CRYPTO_H_ */