1 /* SPDX-License-Identifier: BSD-3-Clause
2 * Copyright(c) 2015-2020 Intel Corporation.
5 #ifndef _RTE_CRYPTODEV_H_
6 #define _RTE_CRYPTODEV_H_
9 * @file rte_cryptodev.h
11 * RTE Cryptographic Device APIs
13 * Defines RTE Crypto Device APIs for the provisioning of cipher and
14 * authentication operations.
21 #include "rte_kvargs.h"
22 #include "rte_crypto.h"
24 #include <rte_common.h>
25 #include <rte_config.h>
27 #include "rte_cryptodev_trace_fp.h"
29 extern const char **rte_cyptodev_names;
33 #define CDEV_LOG_ERR(...) \
34 RTE_LOG(ERR, CRYPTODEV, \
35 RTE_FMT("%s() line %u: " RTE_FMT_HEAD(__VA_ARGS__,) "\n", \
36 __func__, __LINE__, RTE_FMT_TAIL(__VA_ARGS__,)))
38 #define CDEV_LOG_INFO(...) \
39 RTE_LOG(INFO, CRYPTODEV, \
40 RTE_FMT(RTE_FMT_HEAD(__VA_ARGS__,) "\n", \
41 RTE_FMT_TAIL(__VA_ARGS__,)))
43 #define CDEV_LOG_DEBUG(...) \
44 RTE_LOG(DEBUG, CRYPTODEV, \
45 RTE_FMT("%s() line %u: " RTE_FMT_HEAD(__VA_ARGS__,) "\n", \
46 __func__, __LINE__, RTE_FMT_TAIL(__VA_ARGS__,)))
48 #define CDEV_PMD_TRACE(...) \
49 RTE_LOG(DEBUG, CRYPTODEV, \
50 RTE_FMT("[%s] %s: " RTE_FMT_HEAD(__VA_ARGS__,) "\n", \
51 dev, __func__, RTE_FMT_TAIL(__VA_ARGS__,)))
54 * A macro that points to an offset from the start
55 * of the crypto operation structure (rte_crypto_op)
57 * The returned pointer is cast to type t.
60 * The crypto operation.
62 * The offset from the start of the crypto operation.
64 * The type to cast the result into.
66 #define rte_crypto_op_ctod_offset(c, t, o) \
67 ((t)((char *)(c) + (o)))
70 * A macro that returns the physical address that points
71 * to an offset from the start of the crypto operation
75 * The crypto operation.
77 * The offset from the start of the crypto operation
78 * to calculate address from.
80 #define rte_crypto_op_ctophys_offset(c, o) \
81 (rte_iova_t)((c)->phys_addr + (o))
84 * Crypto parameters range description
86 struct rte_crypto_param_range {
87 uint16_t min; /**< minimum size */
88 uint16_t max; /**< maximum size */
90 /**< if a range of sizes are supported,
91 * this parameter is used to indicate
92 * increments in byte size that are supported
93 * between the minimum and maximum
98 * Symmetric Crypto Capability
100 struct rte_cryptodev_symmetric_capability {
101 enum rte_crypto_sym_xform_type xform_type;
102 /**< Transform type : Authentication / Cipher / AEAD */
106 enum rte_crypto_auth_algorithm algo;
107 /**< authentication algorithm */
109 /**< algorithm block size */
110 struct rte_crypto_param_range key_size;
111 /**< auth key size range */
112 struct rte_crypto_param_range digest_size;
113 /**< digest size range */
114 struct rte_crypto_param_range aad_size;
115 /**< Additional authentication data size range */
116 struct rte_crypto_param_range iv_size;
117 /**< Initialisation vector data size range */
119 /**< Symmetric Authentication transform capabilities */
121 enum rte_crypto_cipher_algorithm algo;
122 /**< cipher algorithm */
124 /**< algorithm block size */
125 struct rte_crypto_param_range key_size;
126 /**< cipher key size range */
127 struct rte_crypto_param_range iv_size;
128 /**< Initialisation vector data size range */
130 /**< Symmetric Cipher transform capabilities */
132 enum rte_crypto_aead_algorithm algo;
133 /**< AEAD algorithm */
135 /**< algorithm block size */
136 struct rte_crypto_param_range key_size;
137 /**< AEAD key size range */
138 struct rte_crypto_param_range digest_size;
139 /**< digest size range */
140 struct rte_crypto_param_range aad_size;
141 /**< Additional authentication data size range */
142 struct rte_crypto_param_range iv_size;
143 /**< Initialisation vector data size range */
149 * Asymmetric Xform Crypto Capability
152 struct rte_cryptodev_asymmetric_xform_capability {
153 enum rte_crypto_asym_xform_type xform_type;
154 /**< Transform type: RSA/MODEXP/DH/DSA/MODINV */
157 /**< bitmask for supported rte_crypto_asym_op_type */
161 struct rte_crypto_param_range modlen;
162 /**< Range of modulus length supported by modulus based xform.
163 * Value 0 mean implementation default
169 * Asymmetric Crypto Capability
172 struct rte_cryptodev_asymmetric_capability {
173 struct rte_cryptodev_asymmetric_xform_capability xform_capa;
177 /** Structure used to capture a capability of a crypto device */
178 struct rte_cryptodev_capabilities {
179 enum rte_crypto_op_type op;
180 /**< Operation type */
184 struct rte_cryptodev_symmetric_capability sym;
185 /**< Symmetric operation capability parameters */
186 struct rte_cryptodev_asymmetric_capability asym;
187 /**< Asymmetric operation capability parameters */
191 /** Structure used to describe crypto algorithms */
192 struct rte_cryptodev_sym_capability_idx {
193 enum rte_crypto_sym_xform_type type;
195 enum rte_crypto_cipher_algorithm cipher;
196 enum rte_crypto_auth_algorithm auth;
197 enum rte_crypto_aead_algorithm aead;
202 * Structure used to describe asymmetric crypto xforms
203 * Each xform maps to one asym algorithm.
206 struct rte_cryptodev_asym_capability_idx {
207 enum rte_crypto_asym_xform_type type;
208 /**< Asymmetric xform (algo) type */
212 * Provide capabilities available for defined device and algorithm
214 * @param dev_id The identifier of the device.
215 * @param idx Description of crypto algorithms.
218 * - Return description of the symmetric crypto capability if exist.
219 * - Return NULL if the capability not exist.
221 const struct rte_cryptodev_symmetric_capability *
222 rte_cryptodev_sym_capability_get_v20(uint8_t dev_id,
223 const struct rte_cryptodev_sym_capability_idx *idx);
225 const struct rte_cryptodev_symmetric_capability *
226 rte_cryptodev_sym_capability_get_v21(uint8_t dev_id,
227 const struct rte_cryptodev_sym_capability_idx *idx);
229 const struct rte_cryptodev_symmetric_capability *
230 rte_cryptodev_sym_capability_get(uint8_t dev_id,
231 const struct rte_cryptodev_sym_capability_idx *idx);
234 * Provide capabilities available for defined device and xform
236 * @param dev_id The identifier of the device.
237 * @param idx Description of asym crypto xform.
240 * - Return description of the asymmetric crypto capability if exist.
241 * - Return NULL if the capability not exist.
244 const struct rte_cryptodev_asymmetric_xform_capability *
245 rte_cryptodev_asym_capability_get(uint8_t dev_id,
246 const struct rte_cryptodev_asym_capability_idx *idx);
249 * Check if key size and initial vector are supported
250 * in crypto cipher capability
252 * @param capability Description of the symmetric crypto capability.
253 * @param key_size Cipher key size.
254 * @param iv_size Cipher initial vector size.
257 * - Return 0 if the parameters are in range of the capability.
258 * - Return -1 if the parameters are out of range of the capability.
261 rte_cryptodev_sym_capability_check_cipher(
262 const struct rte_cryptodev_symmetric_capability *capability,
263 uint16_t key_size, uint16_t iv_size);
266 * Check if key size and initial vector are supported
267 * in crypto auth capability
269 * @param capability Description of the symmetric crypto capability.
270 * @param key_size Auth key size.
271 * @param digest_size Auth digest size.
272 * @param iv_size Auth initial vector size.
275 * - Return 0 if the parameters are in range of the capability.
276 * - Return -1 if the parameters are out of range of the capability.
279 rte_cryptodev_sym_capability_check_auth(
280 const struct rte_cryptodev_symmetric_capability *capability,
281 uint16_t key_size, uint16_t digest_size, uint16_t iv_size);
284 * Check if key, digest, AAD and initial vector sizes are supported
285 * in crypto AEAD capability
287 * @param capability Description of the symmetric crypto capability.
288 * @param key_size AEAD key size.
289 * @param digest_size AEAD digest size.
290 * @param aad_size AEAD AAD size.
291 * @param iv_size AEAD IV size.
294 * - Return 0 if the parameters are in range of the capability.
295 * - Return -1 if the parameters are out of range of the capability.
298 rte_cryptodev_sym_capability_check_aead(
299 const struct rte_cryptodev_symmetric_capability *capability,
300 uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
304 * Check if op type is supported
306 * @param capability Description of the asymmetric crypto capability.
307 * @param op_type op type
310 * - Return 1 if the op type is supported
311 * - Return 0 if unsupported
315 rte_cryptodev_asym_xform_capability_check_optype(
316 const struct rte_cryptodev_asymmetric_xform_capability *capability,
317 enum rte_crypto_asym_op_type op_type);
320 * Check if modulus length is in supported range
322 * @param capability Description of the asymmetric crypto capability.
323 * @param modlen modulus length.
326 * - Return 0 if the parameters are in range of the capability.
327 * - Return -1 if the parameters are out of range of the capability.
331 rte_cryptodev_asym_xform_capability_check_modlen(
332 const struct rte_cryptodev_asymmetric_xform_capability *capability,
336 * Provide the cipher algorithm enum, given an algorithm string
338 * @param algo_enum A pointer to the cipher algorithm
340 * @param algo_string Authentication algo string
343 * - Return -1 if string is not valid
344 * - Return 0 is the string is valid
347 rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
348 const char *algo_string);
351 * Provide the authentication algorithm enum, given an algorithm string
353 * @param algo_enum A pointer to the authentication algorithm
355 * @param algo_string Authentication algo string
358 * - Return -1 if string is not valid
359 * - Return 0 is the string is valid
362 rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
363 const char *algo_string);
366 * Provide the AEAD algorithm enum, given an algorithm string
368 * @param algo_enum A pointer to the AEAD algorithm
370 * @param algo_string AEAD algorithm string
373 * - Return -1 if string is not valid
374 * - Return 0 is the string is valid
377 rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
378 const char *algo_string);
381 * Provide the Asymmetric xform enum, given an xform string
383 * @param xform_enum A pointer to the xform type
385 * @param xform_string xform string
388 * - Return -1 if string is not valid
389 * - Return 0 if the string is valid
393 rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum,
394 const char *xform_string);
397 /** Macro used at end of crypto PMD list */
398 #define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
399 { RTE_CRYPTO_OP_TYPE_UNDEFINED }
403 * Crypto device supported feature flags
406 * New features flags should be added to the end of the list
408 * Keep these flags synchronised with rte_cryptodev_get_feature_name()
410 #define RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO (1ULL << 0)
411 /**< Symmetric crypto operations are supported */
412 #define RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO (1ULL << 1)
413 /**< Asymmetric crypto operations are supported */
414 #define RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING (1ULL << 2)
415 /**< Chaining symmetric crypto operations are supported */
416 #define RTE_CRYPTODEV_FF_CPU_SSE (1ULL << 3)
417 /**< Utilises CPU SIMD SSE instructions */
418 #define RTE_CRYPTODEV_FF_CPU_AVX (1ULL << 4)
419 /**< Utilises CPU SIMD AVX instructions */
420 #define RTE_CRYPTODEV_FF_CPU_AVX2 (1ULL << 5)
421 /**< Utilises CPU SIMD AVX2 instructions */
422 #define RTE_CRYPTODEV_FF_CPU_AESNI (1ULL << 6)
423 /**< Utilises CPU AES-NI instructions */
424 #define RTE_CRYPTODEV_FF_HW_ACCELERATED (1ULL << 7)
425 /**< Operations are off-loaded to an
426 * external hardware accelerator
428 #define RTE_CRYPTODEV_FF_CPU_AVX512 (1ULL << 8)
429 /**< Utilises CPU SIMD AVX512 instructions */
430 #define RTE_CRYPTODEV_FF_IN_PLACE_SGL (1ULL << 9)
431 /**< In-place Scatter-gather (SGL) buffers, with multiple segments,
434 #define RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT (1ULL << 10)
435 /**< Out-of-place Scatter-gather (SGL) buffers are
436 * supported in input and output
438 #define RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT (1ULL << 11)
439 /**< Out-of-place Scatter-gather (SGL) buffers are supported
440 * in input, combined with linear buffers (LB), with a
441 * single segment in output
443 #define RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT (1ULL << 12)
444 /**< Out-of-place Scatter-gather (SGL) buffers are supported
445 * in output, combined with linear buffers (LB) in input
447 #define RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT (1ULL << 13)
448 /**< Out-of-place linear buffers (LB) are supported in input and output */
449 #define RTE_CRYPTODEV_FF_CPU_NEON (1ULL << 14)
450 /**< Utilises CPU NEON instructions */
451 #define RTE_CRYPTODEV_FF_CPU_ARM_CE (1ULL << 15)
452 /**< Utilises ARM CPU Cryptographic Extensions */
453 #define RTE_CRYPTODEV_FF_SECURITY (1ULL << 16)
454 /**< Support Security Protocol Processing */
455 #define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP (1ULL << 17)
456 /**< Support RSA Private Key OP with exponent */
457 #define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT (1ULL << 18)
458 /**< Support RSA Private Key OP with CRT (quintuple) Keys */
459 #define RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED (1ULL << 19)
460 /**< Support encrypted-digest operations where digest is appended to data */
461 #define RTE_CRYPTODEV_FF_ASYM_SESSIONLESS (1ULL << 20)
462 /**< Support asymmetric session-less operations */
463 #define RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO (1ULL << 21)
464 /**< Support symmetric cpu-crypto processing */
465 #define RTE_CRYPTODEV_FF_SYM_SESSIONLESS (1ULL << 22)
466 /**< Support symmetric session-less operations */
467 #define RTE_CRYPTODEV_FF_NON_BYTE_ALIGNED_DATA (1ULL << 23)
468 /**< Support operations on data which is not byte aligned */
472 * Get the name of a crypto device feature flag
474 * @param flag The mask describing the flag.
477 * The name of this flag, or NULL if it's not a valid feature flag.
481 rte_cryptodev_get_feature_name(uint64_t flag);
483 /** Crypto device information */
484 struct rte_cryptodev_info {
485 const char *driver_name; /**< Driver name. */
486 uint8_t driver_id; /**< Driver identifier */
487 struct rte_device *device; /**< Generic device information. */
489 uint64_t feature_flags;
490 /**< Feature flags exposes HW/SW features for the given device */
492 const struct rte_cryptodev_capabilities *capabilities;
493 /**< Array of devices supported capabilities */
495 unsigned max_nb_queue_pairs;
496 /**< Maximum number of queues pairs supported by device. */
498 uint16_t min_mbuf_headroom_req;
499 /**< Minimum mbuf headroom required by device */
501 uint16_t min_mbuf_tailroom_req;
502 /**< Minimum mbuf tailroom required by device */
505 unsigned max_nb_sessions;
506 /**< Maximum number of sessions supported by device.
507 * If 0, the device does not have any limitation in
508 * number of sessions that can be used.
513 #define RTE_CRYPTODEV_DETACHED (0)
514 #define RTE_CRYPTODEV_ATTACHED (1)
516 /** Definitions of Crypto device event types */
517 enum rte_cryptodev_event_type {
518 RTE_CRYPTODEV_EVENT_UNKNOWN, /**< unknown event type */
519 RTE_CRYPTODEV_EVENT_ERROR, /**< error interrupt event */
520 RTE_CRYPTODEV_EVENT_MAX /**< max value of this enum */
523 /** Crypto device queue pair configuration structure. */
524 struct rte_cryptodev_qp_conf {
525 uint32_t nb_descriptors; /**< Number of descriptors per queue pair */
526 struct rte_mempool *mp_session;
527 /**< The mempool for creating session in sessionless mode */
528 struct rte_mempool *mp_session_private;
529 /**< The mempool for creating sess private data in sessionless mode */
533 * Typedef for application callback function to be registered by application
534 * software for notification of device events
536 * @param dev_id Crypto device identifier
537 * @param event Crypto device event to register for notification of.
538 * @param cb_arg User specified parameter to be passed as to passed to
539 * users callback function.
541 typedef void (*rte_cryptodev_cb_fn)(uint8_t dev_id,
542 enum rte_cryptodev_event_type event, void *cb_arg);
545 /** Crypto Device statistics */
546 struct rte_cryptodev_stats {
547 uint64_t enqueued_count;
548 /**< Count of all operations enqueued */
549 uint64_t dequeued_count;
550 /**< Count of all operations dequeued */
552 uint64_t enqueue_err_count;
553 /**< Total error count on operations enqueued */
554 uint64_t dequeue_err_count;
555 /**< Total error count on operations dequeued */
558 #define RTE_CRYPTODEV_NAME_MAX_LEN (64)
559 /**< Max length of name of crypto PMD */
562 * Get the device identifier for the named crypto device.
564 * @param name device name to select the device structure.
567 * - Returns crypto device identifier on success.
568 * - Return -1 on failure to find named crypto device.
571 rte_cryptodev_get_dev_id(const char *name);
574 * Get the crypto device name given a device identifier.
577 * The identifier of the device
580 * - Returns crypto device name.
581 * - Returns NULL if crypto device is not present.
584 rte_cryptodev_name_get(uint8_t dev_id);
587 * Get the total number of crypto devices that have been successfully
591 * - The total number of usable crypto devices.
594 rte_cryptodev_count(void);
597 * Get number of crypto device defined type.
599 * @param driver_id driver identifier.
602 * Returns number of crypto device.
605 rte_cryptodev_device_count_by_driver(uint8_t driver_id);
608 * Get number and identifiers of attached crypto devices that
609 * use the same crypto driver.
611 * @param driver_name driver name.
612 * @param devices output devices identifiers.
613 * @param nb_devices maximal number of devices.
616 * Returns number of attached crypto device.
619 rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices,
622 * Return the NUMA socket to which a device is connected
625 * The identifier of the device
627 * The NUMA socket id to which the device is connected or
628 * a default of zero if the socket could not be determined.
629 * -1 if returned is the dev_id value is out of range.
632 rte_cryptodev_socket_id(uint8_t dev_id);
634 /** Crypto device configuration structure */
635 struct rte_cryptodev_config {
636 int socket_id; /**< Socket to allocate resources on */
637 uint16_t nb_queue_pairs;
638 /**< Number of queue pairs to configure on device */
640 /**< Feature flags to be disabled. Only the following features are
641 * allowed to be disabled,
642 * - RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO
643 * - RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO
644 * - RTE_CRYTPODEV_FF_SECURITY
649 * Configure a device.
651 * This function must be invoked first before any other function in the
652 * API. This function can also be re-invoked when a device is in the
655 * @param dev_id The identifier of the device to configure.
656 * @param config The crypto device configuration structure.
659 * - 0: Success, device configured.
660 * - <0: Error code returned by the driver configuration function.
663 rte_cryptodev_configure(uint8_t dev_id, struct rte_cryptodev_config *config);
668 * The device start step is the last one and consists of setting the configured
669 * offload features and in starting the transmit and the receive units of the
671 * On success, all basic functions exported by the API (link status,
672 * receive/transmit, and so on) can be invoked.
675 * The identifier of the device.
677 * - 0: Success, device started.
678 * - <0: Error code of the driver device start function.
681 rte_cryptodev_start(uint8_t dev_id);
684 * Stop an device. The device can be restarted with a call to
685 * rte_cryptodev_start()
687 * @param dev_id The identifier of the device.
690 rte_cryptodev_stop(uint8_t dev_id);
693 * Close an device. The device cannot be restarted!
695 * @param dev_id The identifier of the device.
698 * - 0 on successfully closing device
699 * - <0 on failure to close device
702 rte_cryptodev_close(uint8_t dev_id);
705 * Allocate and set up a receive queue pair for a device.
708 * @param dev_id The identifier of the device.
709 * @param queue_pair_id The index of the queue pairs to set up. The
710 * value must be in the range [0, nb_queue_pair
711 * - 1] previously supplied to
712 * rte_cryptodev_configure().
713 * @param qp_conf The pointer to the configuration data to be
714 * used for the queue pair.
715 * @param socket_id The *socket_id* argument is the socket
716 * identifier in case of NUMA. The value can be
717 * *SOCKET_ID_ANY* if there is no NUMA constraint
718 * for the DMA memory allocated for the receive
722 * - 0: Success, queue pair correctly set up.
723 * - <0: Queue pair configuration failed
726 rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id,
727 const struct rte_cryptodev_qp_conf *qp_conf, int socket_id);
730 * Get the number of queue pairs on a specific crypto device
732 * @param dev_id Crypto device identifier.
734 * - The number of configured queue pairs.
737 rte_cryptodev_queue_pair_count(uint8_t dev_id);
741 * Retrieve the general I/O statistics of a device.
743 * @param dev_id The identifier of the device.
744 * @param stats A pointer to a structure of type
745 * *rte_cryptodev_stats* to be filled with the
746 * values of device counters.
748 * - Zero if successful.
749 * - Non-zero otherwise.
752 rte_cryptodev_stats_get(uint8_t dev_id, struct rte_cryptodev_stats *stats);
755 * Reset the general I/O statistics of a device.
757 * @param dev_id The identifier of the device.
760 rte_cryptodev_stats_reset(uint8_t dev_id);
763 * Retrieve the contextual information of a device.
765 * @param dev_id The identifier of the device.
766 * @param dev_info A pointer to a structure of type
767 * *rte_cryptodev_info* to be filled with the
768 * contextual information of the device.
770 * @note The capabilities field of dev_info is set to point to the first
771 * element of an array of struct rte_cryptodev_capabilities. The element after
772 * the last valid element has it's op field set to
773 * RTE_CRYPTO_OP_TYPE_UNDEFINED.
777 rte_cryptodev_info_get(uint8_t dev_id, struct rte_cryptodev_info *dev_info);
779 /* An extra element RTE_CRYPTO_AEAD_CHACHA20_POLY1305 is added
780 * to enum rte_crypto_aead_algorithm, also changing the value of
781 * RTE_CRYPTO_AEAD_LIST_END. To maintain ABI compatibility with applications
782 * which linked against earlier versions, preventing them, for example, from
783 * picking up the new value and using it to index into an array sized too small
784 * for it, it is necessary to have two versions of rte_cryptodev_info_get()
785 * The latest version just returns directly the capabilities retrieved from
786 * the device. The compatible version inspects the capabilities retrieved
787 * from the device, but only returns them directly if the new value
788 * is not included. If the new value is included, it allocates space
789 * for a copy of the device capabilities, trims the new value from this
790 * and returns this copy. It only needs to do this once per device.
791 * For the corner case of a corner case when the alloc may fail,
792 * an empty capability list is returned, as there is no mechanism to return
793 * an error and adding such a mechanism would itself be an ABI breakage.
794 * The compatible version can be removed after the next major ABI release.
798 rte_cryptodev_info_get_v20(uint8_t dev_id, struct rte_cryptodev_info *dev_info);
801 rte_cryptodev_info_get_v21(uint8_t dev_id, struct rte_cryptodev_info *dev_info);
804 * Register a callback function for specific device id.
806 * @param dev_id Device id.
807 * @param event Event interested.
808 * @param cb_fn User supplied callback function to be called.
809 * @param cb_arg Pointer to the parameters for the registered
813 * - On success, zero.
814 * - On failure, a negative value.
817 rte_cryptodev_callback_register(uint8_t dev_id,
818 enum rte_cryptodev_event_type event,
819 rte_cryptodev_cb_fn cb_fn, void *cb_arg);
822 * Unregister a callback function for specific device id.
824 * @param dev_id The device identifier.
825 * @param event Event interested.
826 * @param cb_fn User supplied callback function to be called.
827 * @param cb_arg Pointer to the parameters for the registered
831 * - On success, zero.
832 * - On failure, a negative value.
835 rte_cryptodev_callback_unregister(uint8_t dev_id,
836 enum rte_cryptodev_event_type event,
837 rte_cryptodev_cb_fn cb_fn, void *cb_arg);
840 typedef uint16_t (*dequeue_pkt_burst_t)(void *qp,
841 struct rte_crypto_op **ops, uint16_t nb_ops);
842 /**< Dequeue processed packets from queue pair of a device. */
844 typedef uint16_t (*enqueue_pkt_burst_t)(void *qp,
845 struct rte_crypto_op **ops, uint16_t nb_ops);
846 /**< Enqueue packets for processing on queue pair of a device. */
851 struct rte_cryptodev_callback;
853 /** Structure to keep track of registered callbacks */
854 TAILQ_HEAD(rte_cryptodev_cb_list, rte_cryptodev_callback);
856 /** The data structure associated with each crypto device. */
857 struct rte_cryptodev {
858 dequeue_pkt_burst_t dequeue_burst;
859 /**< Pointer to PMD receive function. */
860 enqueue_pkt_burst_t enqueue_burst;
861 /**< Pointer to PMD transmit function. */
863 struct rte_cryptodev_data *data;
864 /**< Pointer to device data */
865 struct rte_cryptodev_ops *dev_ops;
866 /**< Functions exported by PMD */
867 uint64_t feature_flags;
868 /**< Feature flags exposes HW/SW features for the given device */
869 struct rte_device *device;
870 /**< Backing device */
873 /**< Crypto driver identifier*/
875 struct rte_cryptodev_cb_list link_intr_cbs;
876 /**< User application callback for interrupts if present */
879 /**< Context for security ops */
882 uint8_t attached : 1;
883 /**< Flag indicating the device is attached */
884 } __rte_cache_aligned;
887 rte_cryptodev_get_sec_ctx(uint8_t dev_id);
891 * The data part, with no function pointers, associated with each device.
893 * This structure is safe to place in shared memory to be common among
894 * different processes in a multi-process configuration.
896 struct rte_cryptodev_data {
898 /**< Device ID for this instance */
900 /**< Socket ID where memory is allocated */
901 char name[RTE_CRYPTODEV_NAME_MAX_LEN];
902 /**< Unique identifier name */
905 uint8_t dev_started : 1;
906 /**< Device state: STARTED(1)/STOPPED(0) */
908 struct rte_mempool *session_pool;
909 /**< Session memory pool */
911 /**< Array of pointers to queue pairs. */
912 uint16_t nb_queue_pairs;
913 /**< Number of device queue pairs. */
916 /**< PMD-specific private data */
917 } __rte_cache_aligned;
919 extern struct rte_cryptodev *rte_cryptodevs;
922 * Dequeue a burst of processed crypto operations from a queue on the crypto
923 * device. The dequeued operation are stored in *rte_crypto_op* structures
924 * whose pointers are supplied in the *ops* array.
926 * The rte_cryptodev_dequeue_burst() function returns the number of ops
927 * actually dequeued, which is the number of *rte_crypto_op* data structures
928 * effectively supplied into the *ops* array.
930 * A return value equal to *nb_ops* indicates that the queue contained
931 * at least *nb_ops* operations, and this is likely to signify that other
932 * processed operations remain in the devices output queue. Applications
933 * implementing a "retrieve as many processed operations as possible" policy
934 * can check this specific case and keep invoking the
935 * rte_cryptodev_dequeue_burst() function until a value less than
936 * *nb_ops* is returned.
938 * The rte_cryptodev_dequeue_burst() function does not provide any error
939 * notification to avoid the corresponding overhead.
941 * @param dev_id The symmetric crypto device identifier
942 * @param qp_id The index of the queue pair from which to
943 * retrieve processed packets. The value must be
944 * in the range [0, nb_queue_pair - 1] previously
945 * supplied to rte_cryptodev_configure().
946 * @param ops The address of an array of pointers to
947 * *rte_crypto_op* structures that must be
948 * large enough to store *nb_ops* pointers in it.
949 * @param nb_ops The maximum number of operations to dequeue.
952 * - The number of operations actually dequeued, which is the number
953 * of pointers to *rte_crypto_op* structures effectively supplied to the
956 static inline uint16_t
957 rte_cryptodev_dequeue_burst(uint8_t dev_id, uint16_t qp_id,
958 struct rte_crypto_op **ops, uint16_t nb_ops)
960 struct rte_cryptodev *dev = &rte_cryptodevs[dev_id];
962 nb_ops = (*dev->dequeue_burst)
963 (dev->data->queue_pairs[qp_id], ops, nb_ops);
965 rte_cryptodev_trace_dequeue_burst(dev_id, qp_id, (void **)ops, nb_ops);
970 * Enqueue a burst of operations for processing on a crypto device.
972 * The rte_cryptodev_enqueue_burst() function is invoked to place
973 * crypto operations on the queue *qp_id* of the device designated by
976 * The *nb_ops* parameter is the number of operations to process which are
977 * supplied in the *ops* array of *rte_crypto_op* structures.
979 * The rte_cryptodev_enqueue_burst() function returns the number of
980 * operations it actually enqueued for processing. A return value equal to
981 * *nb_ops* means that all packets have been enqueued.
983 * @param dev_id The identifier of the device.
984 * @param qp_id The index of the queue pair which packets are
985 * to be enqueued for processing. The value
986 * must be in the range [0, nb_queue_pairs - 1]
987 * previously supplied to
988 * *rte_cryptodev_configure*.
989 * @param ops The address of an array of *nb_ops* pointers
990 * to *rte_crypto_op* structures which contain
991 * the crypto operations to be processed.
992 * @param nb_ops The number of operations to process.
995 * The number of operations actually enqueued on the crypto device. The return
996 * value can be less than the value of the *nb_ops* parameter when the
997 * crypto devices queue is full or if invalid parameters are specified in
1000 static inline uint16_t
1001 rte_cryptodev_enqueue_burst(uint8_t dev_id, uint16_t qp_id,
1002 struct rte_crypto_op **ops, uint16_t nb_ops)
1004 struct rte_cryptodev *dev = &rte_cryptodevs[dev_id];
1006 rte_cryptodev_trace_enqueue_burst(dev_id, qp_id, (void **)ops, nb_ops);
1007 return (*dev->enqueue_burst)(
1008 dev->data->queue_pairs[qp_id], ops, nb_ops);
1012 /** Cryptodev symmetric crypto session
1013 * Each session is derived from a fixed xform chain. Therefore each session
1014 * has a fixed algo, key, op-type, digest_len etc.
1016 struct rte_cryptodev_sym_session {
1017 uint64_t opaque_data;
1018 /**< Can be used for external metadata */
1019 uint16_t nb_drivers;
1020 /**< number of elements in sess_data array */
1021 uint16_t user_data_sz;
1022 /**< session user data will be placed after sess_data */
1023 __extension__ struct {
1027 /**< Driver specific session material, variable size */
1030 /** Cryptodev asymmetric crypto session */
1031 struct rte_cryptodev_asym_session {
1032 __extension__ void *sess_private_data[0];
1033 /**< Private asymmetric session material */
1037 * Create a symmetric session mempool.
1040 * The unique mempool name.
1042 * The number of elements in the mempool.
1044 * The size of the element. This value will be ignored if it is smaller than
1045 * the minimum session header size required for the system. For the user who
1046 * want to use the same mempool for sym session and session private data it
1047 * can be the maximum value of all existing devices' private data and session
1050 * The number of per-lcore cache elements
1052 * The private data size of each session.
1054 * The *socket_id* argument is the socket identifier in the case of
1055 * NUMA. The value can be *SOCKET_ID_ANY* if there is no NUMA
1056 * constraint for the reserved zone.
1059 * - On success return size of the session
1060 * - On failure returns 0
1063 struct rte_mempool *
1064 rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts,
1065 uint32_t elt_size, uint32_t cache_size, uint16_t priv_size,
1069 * Create symmetric crypto session header (generic with no private data)
1071 * @param mempool Symmetric session mempool to allocate session
1074 * - On success return pointer to sym-session
1075 * - On failure returns NULL
1077 struct rte_cryptodev_sym_session *
1078 rte_cryptodev_sym_session_create(struct rte_mempool *mempool);
1081 * Create asymmetric crypto session header (generic with no private data)
1083 * @param mempool mempool to allocate asymmetric session
1086 * - On success return pointer to asym-session
1087 * - On failure returns NULL
1090 struct rte_cryptodev_asym_session *
1091 rte_cryptodev_asym_session_create(struct rte_mempool *mempool);
1094 * Frees symmetric crypto session header, after checking that all
1095 * the device private data has been freed, returning it
1096 * to its original mempool.
1098 * @param sess Session header to be freed.
1101 * - 0 if successful.
1102 * - -EINVAL if session is NULL.
1103 * - -EBUSY if not all device private data has been freed.
1106 rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess);
1109 * Frees asymmetric crypto session header, after checking that all
1110 * the device private data has been freed, returning it
1111 * to its original mempool.
1113 * @param sess Session header to be freed.
1116 * - 0 if successful.
1117 * - -EINVAL if session is NULL.
1118 * - -EBUSY if not all device private data has been freed.
1122 rte_cryptodev_asym_session_free(struct rte_cryptodev_asym_session *sess);
1125 * Fill out private data for the device id, based on its device type.
1127 * @param dev_id ID of device that we want the session to be used on
1128 * @param sess Session where the private data will be attached to
1129 * @param xforms Symmetric crypto transform operations to apply on flow
1130 * processed with this session
1131 * @param mempool Mempool where the private data is allocated.
1134 * - On success, zero.
1135 * - -EINVAL if input parameters are invalid.
1136 * - -ENOTSUP if crypto device does not support the crypto transform or
1137 * does not support symmetric operations.
1138 * - -ENOMEM if the private session could not be allocated.
1141 rte_cryptodev_sym_session_init(uint8_t dev_id,
1142 struct rte_cryptodev_sym_session *sess,
1143 struct rte_crypto_sym_xform *xforms,
1144 struct rte_mempool *mempool);
1147 * Initialize asymmetric session on a device with specific asymmetric xform
1149 * @param dev_id ID of device that we want the session to be used on
1150 * @param sess Session to be set up on a device
1151 * @param xforms Asymmetric crypto transform operations to apply on flow
1152 * processed with this session
1153 * @param mempool Mempool to be used for internal allocation.
1156 * - On success, zero.
1157 * - -EINVAL if input parameters are invalid.
1158 * - -ENOTSUP if crypto device does not support the crypto transform.
1159 * - -ENOMEM if the private session could not be allocated.
1163 rte_cryptodev_asym_session_init(uint8_t dev_id,
1164 struct rte_cryptodev_asym_session *sess,
1165 struct rte_crypto_asym_xform *xforms,
1166 struct rte_mempool *mempool);
1169 * Frees private data for the device id, based on its device type,
1170 * returning it to its mempool. It is the application's responsibility
1171 * to ensure that private session data is not cleared while there are
1172 * still in-flight operations using it.
1174 * @param dev_id ID of device that uses the session.
1175 * @param sess Session containing the reference to the private data
1178 * - 0 if successful.
1179 * - -EINVAL if device is invalid or session is NULL.
1180 * - -ENOTSUP if crypto device does not support symmetric operations.
1183 rte_cryptodev_sym_session_clear(uint8_t dev_id,
1184 struct rte_cryptodev_sym_session *sess);
1187 * Frees resources held by asymmetric session during rte_cryptodev_session_init
1189 * @param dev_id ID of device that uses the asymmetric session.
1190 * @param sess Asymmetric session setup on device using
1191 * rte_cryptodev_session_init
1193 * - 0 if successful.
1194 * - -EINVAL if device is invalid or session is NULL.
1198 rte_cryptodev_asym_session_clear(uint8_t dev_id,
1199 struct rte_cryptodev_asym_session *sess);
1202 * Get the size of the header session, for all registered drivers excluding
1203 * the user data size.
1206 * Size of the symmetric header session.
1209 rte_cryptodev_sym_get_header_session_size(void);
1212 * Get the size of the header session from created session.
1215 * The sym cryptodev session pointer
1218 * - If sess is not NULL, return the size of the header session including
1219 * the private data size defined within sess.
1220 * - If sess is NULL, return 0.
1224 rte_cryptodev_sym_get_existing_header_session_size(
1225 struct rte_cryptodev_sym_session *sess);
1228 * Get the size of the asymmetric session header, for all registered drivers.
1231 * Size of the asymmetric header session.
1235 rte_cryptodev_asym_get_header_session_size(void);
1238 * Get the size of the private symmetric session data
1241 * @param dev_id The device identifier.
1244 * - Size of the private data, if successful
1245 * - 0 if device is invalid or does not have private
1249 rte_cryptodev_sym_get_private_session_size(uint8_t dev_id);
1252 * Get the size of the private data for asymmetric session
1255 * @param dev_id The device identifier.
1258 * - Size of the asymmetric private data, if successful
1259 * - 0 if device is invalid or does not have private session
1263 rte_cryptodev_asym_get_private_session_size(uint8_t dev_id);
1266 * Provide driver identifier.
1269 * The pointer to a driver name.
1271 * The driver type identifier or -1 if no driver found
1273 int rte_cryptodev_driver_id_get(const char *name);
1276 * Provide driver name.
1279 * The driver identifier.
1281 * The driver name or null if no driver found
1283 const char *rte_cryptodev_driver_name_get(uint8_t driver_id);
1286 * Store user data in a session.
1288 * @param sess Session pointer allocated by
1289 * *rte_cryptodev_sym_session_create*.
1290 * @param data Pointer to the user data.
1291 * @param size Size of the user data.
1294 * - On success, zero.
1295 * - On failure, a negative value.
1299 rte_cryptodev_sym_session_set_user_data(
1300 struct rte_cryptodev_sym_session *sess,
1305 * Get user data stored in a session.
1307 * @param sess Session pointer allocated by
1308 * *rte_cryptodev_sym_session_create*.
1311 * - On success return pointer to user data.
1312 * - On failure returns NULL.
1316 rte_cryptodev_sym_session_get_user_data(
1317 struct rte_cryptodev_sym_session *sess);
1320 * Perform actual crypto processing (encrypt/digest or auth/decrypt)
1321 * on user provided data.
1323 * @param dev_id The device identifier.
1324 * @param sess Cryptodev session structure
1325 * @param ofs Start and stop offsets for auth and cipher operations
1326 * @param vec Vectorized operation descriptor
1329 * - Returns number of successfully processed packets.
1333 rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id,
1334 struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs,
1335 struct rte_crypto_sym_vec *vec);
1341 #endif /* _RTE_CRYPTODEV_H_ */