operations,
The capabilities mechanism defines the individual algorithms/functions which
-the device supports, such as a specific symmetric Crypto cipher or
-authentication operation.
+the device supports, such as a specific symmetric Crypto cipher,
+authentication operation or Authenticated Encryption with Associated Data
+(AEAD) operation.
Device Features
.max = 12,
.increment = 0
},
- .aad_size = { 0 }
+ .aad_size = { 0 },
+ .iv_size = { 0 }
}
}
},
Session and Session Management
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Session are used in symmetric cryptographic processing to store the immutable
data defined in a cryptographic transform which is used in the operation
struct rte_cryptodev_sym_session * rte_cryptodev_sym_session_create(
uint8_t dev_id, struct rte_crypto_sym_xform *xform);
-**Note**: For AEAD operations the algorithm selected for authentication and
-ciphering must aligned, eg AES_GCM.
-
Transforms and Transform Chaining
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
allows transform to be chained together. Crypto devices which support chaining
must publish the chaining of symmetric Crypto operations feature flag.
-Currently there are two transforms types cipher and authentication, to specify
-an AEAD operation it is required to chain a cipher and an authentication
-transform together. Also it is important to note that the order in which the
+Currently there are three transforms types cipher, authentication and AEAD.
+Also it is important to note that the order in which the
transforms are passed indicates the order of the chaining.
.. code-block:: c
/**< Authentication / hash xform */
struct rte_crypto_cipher_xform cipher;
/**< Cipher xform */
+ struct rte_crypto_aead_xform aead;
+ /**< AEAD xform */
};
};
As a minimum the symmetric operation must have a source data buffer (``m_src``),
a valid session (or transform chain if in session-less mode) and the minimum
-authentication/ cipher parameters required depending on the type of operation
+authentication/ cipher/ AEAD parameters required depending on the type of operation
specified in the session or the transform
chain.
/**< Session-less API Crypto operation parameters */
};
- struct {
- struct {
- uint32_t offset;
- uint32_t length;
- } data; /**< Data offsets and length for ciphering */
-
- struct {
- uint16_t offset;
- uint16_t length;
- } iv; /**< Initialisation vector parameters */
- } cipher;
-
- struct {
- struct {
- uint32_t offset;
- uint32_t length;
- } data; /**< Data offsets and length for authentication */
-
+ union {
struct {
- uint8_t *data;
- phys_addr_t phys_addr;
- uint16_t length;
- } digest; /**< Digest parameters */
+ struct {
+ uint32_t offset;
+ uint32_t length;
+ } data; /**< Data offsets and length for AEAD */
+
+ struct {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ } digest; /**< Digest parameters */
+
+ struct {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ } aad;
+ /**< Additional authentication parameters */
+ } aead;
struct {
- uint8_t *data;
- phys_addr_t phys_addr;
- uint16_t length;
- } aad; /**< Additional authentication parameters */
- } auth;
- }
+ struct {
+ struct {
+ uint32_t offset;
+ uint32_t length;
+ } data; /**< Data offsets and length for ciphering */
+ } cipher;
+
+ struct {
+ struct {
+ uint32_t offset;
+ uint32_t length;
+ } data;
+ /**< Data offsets and length for authentication */
+
+ struct {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ } digest; /**< Digest parameters */
+
+ struct {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ } aad;
+ /**< Additional authentication parameters */
+ } auth;
+ };
+ };
+ };
Asymmetric Cryptography