-/*-
- * BSD LICENSE
- *
- * Copyright(c) 2015 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2016-2017 Intel Corporation
*/
#ifndef _RTE_CRYPTO_H_
/**
* @file rte_crypto.h
*
- * RTE Cryptographic Definitions
+ * RTE Cryptography Common Definitions
*
- * Defines symmetric cipher and authentication algorithms and modes, as well
- * as supported symmetric crypto operation combinations.
*/
#ifdef __cplusplus
extern "C" {
#endif
+
#include <rte_mbuf.h>
#include <rte_memory.h>
#include <rte_mempool.h>
+#include <rte_common.h>
-/** Symmetric Cipher Algorithms */
-enum rte_crypto_cipher_algorithm {
- RTE_CRYPTO_CIPHER_NULL = 1,
- /**< NULL cipher algorithm. No mode applies to the NULL algorithm. */
-
- RTE_CRYPTO_CIPHER_3DES_CBC,
- /**< Triple DES algorithm in CBC mode */
- RTE_CRYPTO_CIPHER_3DES_CTR,
- /**< Triple DES algorithm in CTR mode */
- RTE_CRYPTO_CIPHER_3DES_ECB,
- /**< Triple DES algorithm in ECB mode */
-
- RTE_CRYPTO_CIPHER_AES_CBC,
- /**< AES algorithm in CBC mode */
- RTE_CRYPTO_CIPHER_AES_CCM,
- /**< AES algorithm in CCM mode. When this cipher algorithm is used the
- * *RTE_CRYPTO_AUTH_AES_CCM* element of the
- * *rte_crypto_hash_algorithm* enum MUST be used to set up the related
- * *rte_crypto_auth_xform* structure in the session context or in
- * the op_params of the crypto operation structure in the case of a
- * session-less crypto operation
- */
- RTE_CRYPTO_CIPHER_AES_CTR,
- /**< AES algorithm in Counter mode */
- RTE_CRYPTO_CIPHER_AES_ECB,
- /**< AES algorithm in ECB mode */
- RTE_CRYPTO_CIPHER_AES_F8,
- /**< AES algorithm in F8 mode */
- RTE_CRYPTO_CIPHER_AES_GCM,
- /**< AES algorithm in GCM mode. When this cipher algorithm is used the
- * *RTE_CRYPTO_AUTH_AES_GCM* element of the
- * *rte_crypto_auth_algorithm* enum MUST be used to set up the related
- * *rte_crypto_auth_setup_data* structure in the session context or in
- * the op_params of the crypto operation structure in the case of a
- * session-less crypto operation.
- */
- RTE_CRYPTO_CIPHER_AES_XTS,
- /**< AES algorithm in XTS mode */
-
- RTE_CRYPTO_CIPHER_ARC4,
- /**< (A)RC4 cipher algorithm */
-
- RTE_CRYPTO_CIPHER_KASUMI_F8,
- /**< Kasumi algorithm in F8 mode */
+#include "rte_crypto_sym.h"
- RTE_CRYPTO_CIPHER_SNOW3G_UEA2,
- /**< SNOW3G algorithm in UEA2 mode */
-
- RTE_CRYPTO_CIPHER_ZUC_EEA3
- /**< ZUC algorithm in EEA3 mode */
+/** Crypto operation types */
+enum rte_crypto_op_type {
+ RTE_CRYPTO_OP_TYPE_UNDEFINED,
+ /**< Undefined operation type */
+ RTE_CRYPTO_OP_TYPE_SYMMETRIC,
+ /**< Symmetric operation */
};
-/** Symmetric Cipher Direction */
-enum rte_crypto_cipher_operation {
- RTE_CRYPTO_CIPHER_OP_ENCRYPT,
- /**< Encrypt cipher operation */
- RTE_CRYPTO_CIPHER_OP_DECRYPT
- /**< Decrypt cipher operation */
+/** Status of crypto operation */
+enum rte_crypto_op_status {
+ RTE_CRYPTO_OP_STATUS_SUCCESS,
+ /**< Operation completed successfully */
+ RTE_CRYPTO_OP_STATUS_NOT_PROCESSED,
+ /**< Operation has not yet been processed by a crypto device */
+ RTE_CRYPTO_OP_STATUS_AUTH_FAILED,
+ /**< Authentication verification failed */
+ RTE_CRYPTO_OP_STATUS_INVALID_SESSION,
+ /**<
+ * Symmetric operation failed due to invalid session arguments, or if
+ * in session-less mode, failed to allocate private operation material.
+ */
+ RTE_CRYPTO_OP_STATUS_INVALID_ARGS,
+ /**< Operation failed due to invalid arguments in request */
+ RTE_CRYPTO_OP_STATUS_ERROR,
+ /**< Error handling operation */
};
-/** Crypto key structure */
-struct rte_crypto_key {
- uint8_t *data; /**< pointer to key data */
- phys_addr_t phys_addr;
- size_t length; /**< key length in bytes */
+/**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_op_sess_type {
+ RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */
+ RTE_CRYPTO_OP_SESSIONLESS, /**< Session-less crypto operation */
+ RTE_CRYPTO_OP_SECURITY_SESSION /**< Security session crypto operation */
};
/**
- * Symmetric Cipher Setup Data.
+ * Cryptographic Operation.
*
- * This structure contains data relating to Cipher (Encryption and Decryption)
- * use to create a session.
+ * This structure contains data relating to performing cryptographic
+ * operations. This operation structure is used to contain any operation which
+ * is supported by the cryptodev API, PMDs should check the type parameter to
+ * verify that the operation is a support function of the device. Crypto
+ * operations are enqueued and dequeued in crypto PMDs using the
+ * rte_cryptodev_enqueue_burst() / rte_cryptodev_dequeue_burst() .
*/
-struct rte_crypto_cipher_xform {
- enum rte_crypto_cipher_operation op;
- /**< This parameter determines if the cipher operation is an encrypt or
- * a decrypt operation. For the RC4 algorithm and the F8/CTR modes,
- * only encrypt operations are valid.
+struct rte_crypto_op {
+ uint8_t type;
+ /**< operation type */
+ uint8_t status;
+ /**<
+ * operation status - this is reset to
+ * RTE_CRYPTO_OP_STATUS_NOT_PROCESSED on allocation from mempool and
+ * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation
+ * is successfully processed by a crypto PMD
*/
- enum rte_crypto_cipher_algorithm algo;
- /**< Cipher algorithm */
-
- struct rte_crypto_key key;
- /**< Cipher key
- *
- * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data will
- * point to a concatenation of the AES encryption key followed by a
- * keymask. As per RFC3711, the keymask should be padded with trailing
- * bytes to match the length of the encryption key used.
- *
- * For AES-XTS mode of operation, two keys must be provided and
- * key.data must point to the two keys concatenated together (Key1 ||
- * Key2). The cipher key length will contain the total size of both
- * keys.
- *
- * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
- * 192 bits (24 bytes) or 256 bits (32 bytes).
- *
- * For the CCM mode of operation, the only supported key length is 128
- * bits (16 bytes).
- *
- * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length
- * should be set to the combined length of the encryption key and the
- * keymask. Since the keymask and the encryption key are the same size,
- * key.length should be set to 2 x the AES encryption key length.
- *
- * For the AES-XTS mode of operation:
- * - Two keys must be provided and key.length refers to total length of
- * the two keys.
- * - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
- * - Both keys must have the same size.
- **/
-};
+ uint8_t sess_type;
+ /**< operation session type */
-/** Symmetric Authentication / Hash Algorithms */
-enum rte_crypto_auth_algorithm {
- RTE_CRYPTO_AUTH_NULL = 1,
- /**< NULL hash algorithm. */
-
- RTE_CRYPTO_AUTH_AES_CBC_MAC,
- /**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */
- RTE_CRYPTO_AUTH_AES_CCM,
- /**< AES algorithm in CCM mode. This is an authenticated cipher. When
- * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM*
- * element of the *rte_crypto_cipher_algorithm* enum MUST be used to
- * set up the related rte_crypto_cipher_setup_data structure in the
- * session context or the corresponding parameter in the crypto
- * operation data structures op_params parameter MUST be set for a
- * session-less crypto operation.
- */
- RTE_CRYPTO_AUTH_AES_CMAC,
- /**< AES CMAC algorithm. */
- RTE_CRYPTO_AUTH_AES_GCM,
- /**< AES algorithm in GCM mode. When this hash algorithm
- * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
- * rte_crypto_cipher_algorithm enum MUST be used to set up the related
- * rte_crypto_cipher_setup_data structure in the session context, or
- * the corresponding parameter in the crypto operation data structures
- * op_params parameter MUST be set for a session-less crypto operation.
- */
- RTE_CRYPTO_AUTH_AES_GMAC,
- /**< AES GMAC algorithm. When this hash algorithm
- * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the
- * rte_crypto_cipher_algorithm enum MUST be used to set up the related
- * rte_crypto_cipher_setup_data structure in the session context, or
- * the corresponding parameter in the crypto operation data structures
- * op_params parameter MUST be set for a session-less crypto operation.
- */
- RTE_CRYPTO_AUTH_AES_XCBC_MAC,
- /**< AES XCBC algorithm. */
-
- RTE_CRYPTO_AUTH_KASUMI_F9,
- /**< Kasumi algorithm in F9 mode. */
-
- RTE_CRYPTO_AUTH_MD5,
- /**< MD5 algorithm */
- RTE_CRYPTO_AUTH_MD5_HMAC,
- /**< HMAC using MD5 algorithm */
-
- RTE_CRYPTO_AUTH_SHA1,
- /**< 128 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA1_HMAC,
- /**< HMAC using 128 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA224,
- /**< 224 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA224_HMAC,
- /**< HMAC using 224 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA256,
- /**< 256 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA256_HMAC,
- /**< HMAC using 256 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA384,
- /**< 384 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA384_HMAC,
- /**< HMAC using 384 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA512,
- /**< 512 bit SHA algorithm. */
- RTE_CRYPTO_AUTH_SHA512_HMAC,
- /**< HMAC using 512 bit SHA algorithm. */
-
- RTE_CRYPTO_AUTH_SNOW3G_UIA2,
- /**< SNOW3G algorithm in UIA2 mode. */
-
- RTE_CRYPTO_AUTH_ZUC_EIA3,
- /**< ZUC algorithm in EIA3 mode */
+ uint8_t reserved[5];
+ /**< Reserved bytes to fill 64 bits for future additions */
+ struct rte_mempool *mempool;
+ /**< crypto operation mempool which operation is allocated from */
+
+ rte_iova_t phys_addr;
+ /**< physical address of crypto operation */
+
+ __extension__
+ union {
+ struct rte_crypto_sym_op sym[0];
+ /**< Symmetric operation parameters */
+ }; /**< operation specific parameters */
};
-/** Symmetric Authentication / Hash Operations */
-enum rte_crypto_auth_operation {
- RTE_CRYPTO_AUTH_OP_VERIFY, /**< Verify authentication digest */
- RTE_CRYPTO_AUTH_OP_GENERATE /**< Generate authentication digest */
+/**
+ * Reset the fields of a crypto operation to their default values.
+ *
+ * @param op The crypto operation to be reset.
+ * @param type The crypto operation type.
+ */
+static inline void
+__rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type)
+{
+ op->type = type;
+ op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED;
+ op->sess_type = RTE_CRYPTO_OP_SESSIONLESS;
+
+ switch (type) {
+ case RTE_CRYPTO_OP_TYPE_SYMMETRIC:
+ __rte_crypto_sym_op_reset(op->sym);
+ break;
+ case RTE_CRYPTO_OP_TYPE_UNDEFINED:
+ default:
+ break;
+ }
+}
+
+/**
+ * Private data structure belonging to a crypto symmetric operation pool.
+ */
+struct rte_crypto_op_pool_private {
+ enum rte_crypto_op_type type;
+ /**< Crypto op pool type operation. */
+ uint16_t priv_size;
+ /**< Size of private area in each crypto operation. */
};
+
/**
- * Authentication / Hash transform data.
+ * Returns the size of private data allocated with each rte_crypto_op object by
+ * the mempool
+ *
+ * @param mempool rte_crypto_op mempool
*
- * This structure contains data relating to an authentication/hash crypto
- * transforms. The fields op, algo and digest_length are common to all
- * authentication transforms and MUST be set.
+ * @return private data size
*/
-struct rte_crypto_auth_xform {
- enum rte_crypto_auth_operation op;
- /**< Authentication operation type */
- enum rte_crypto_auth_algorithm algo;
- /**< Authentication algorithm selection */
-
- struct rte_crypto_key key; /**< Authentication key data.
- * The authentication key length MUST be less than or equal to the
- * block size of the algorithm. It is the callers responsibility to
- * ensure that the key length is compliant with the standard being used
- * (for example RFC 2104, FIPS 198a).
- */
+static inline uint16_t
+__rte_crypto_op_get_priv_data_size(struct rte_mempool *mempool)
+{
+ struct rte_crypto_op_pool_private *priv =
+ (struct rte_crypto_op_pool_private *) rte_mempool_get_priv(mempool);
- uint32_t digest_length;
- /**< Length of the digest to be returned. If the verify option is set,
- * this specifies the length of the digest to be compared for the
- * session.
- *
- * If the value is less than the maximum length allowed by the hash,
- * the result shall be truncated. If the value is greater than the
- * maximum length allowed by the hash then an error will be generated
- * by *rte_cryptodev_session_create* or by the
- * *rte_cryptodev_enqueue_burst* if using session-less APIs.
- */
+ return priv->priv_size;
+}
- uint32_t add_auth_data_length;
- /**< The length of the additional authenticated data (AAD) in bytes.
- * The maximum permitted value is 240 bytes, unless otherwise specified
- * below.
- *
- * This field must be specified when the hash algorithm is one of the
- * following:
- *
- * - For SNOW3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the
- * length of the IV (which should be 16).
- *
- * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM). In this case, this is
- * the length of the Additional Authenticated Data (called A, in NIST
- * SP800-38D).
- *
- * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM). In this case, this is
- * the length of the associated data (called A, in NIST SP800-38C).
- * Note that this does NOT include the length of any padding, or the
- * 18 bytes reserved at the start of the above field to store the
- * block B0 and the encoded length. The maximum permitted value in
- * this case is 222 bytes.
- *
- * @note
- * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation
- * this field is not used and should be set to 0. Instead the length
- * of the AAD data is specified in the message length to hash field of
- * the rte_crypto_op_data structure.
- */
-};
-/** Crypto transformation types */
-enum rte_crypto_xform_type {
- RTE_CRYPTO_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */
- RTE_CRYPTO_XFORM_AUTH, /**< Authentication xform */
- RTE_CRYPTO_XFORM_CIPHER /**< Cipher xform */
-};
+/**
+ * Creates a crypto operation pool
+ *
+ * @param name pool name
+ * @param type crypto operation type, use
+ * RTE_CRYPTO_OP_TYPE_UNDEFINED for a pool which
+ * supports all operation types
+ * @param nb_elts number of elements in pool
+ * @param cache_size Number of elements to cache on lcore, see
+ * *rte_mempool_create* for further details about
+ * cache size
+ * @param priv_size Size of private data to allocate with each
+ * operation
+ * @param socket_id Socket to allocate memory on
+ *
+ * @return
+ * - On success pointer to mempool
+ * - On failure NULL
+ */
+extern struct rte_mempool *
+rte_crypto_op_pool_create(const char *name, enum rte_crypto_op_type type,
+ unsigned nb_elts, unsigned cache_size, uint16_t priv_size,
+ int socket_id);
/**
- * Crypto transform structure.
+ * Bulk allocate raw element from mempool and return as crypto operations
*
- * This is used to specify the crypto transforms required, multiple transforms
- * can be chained together to specify a chain transforms such as authentication
- * then cipher, or cipher then authentication. Each transform structure can
- * hold a single transform, the type field is used to specify which transform
- * is contained within the union
+ * @param mempool crypto operation mempool.
+ * @param type crypto operation type.
+ * @param ops Array to place allocated crypto operations
+ * @param nb_ops Number of crypto operations to allocate
+ *
+ * @returns
+ * - On success returns number of ops allocated
*/
-struct rte_crypto_xform {
- struct rte_crypto_xform *next; /**< next xform in chain */
+static inline int
+__rte_crypto_op_raw_bulk_alloc(struct rte_mempool *mempool,
+ enum rte_crypto_op_type type,
+ struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+ struct rte_crypto_op_pool_private *priv;
- enum rte_crypto_xform_type type; /**< xform type */
- union {
- struct rte_crypto_auth_xform auth;
- /**< Authentication / hash xform */
- struct rte_crypto_cipher_xform cipher;
- /**< Cipher xform */
- };
-};
+ priv = (struct rte_crypto_op_pool_private *) rte_mempool_get_priv(mempool);
+ if (unlikely(priv->type != type &&
+ priv->type != RTE_CRYPTO_OP_TYPE_UNDEFINED))
+ return -EINVAL;
+
+ if (rte_mempool_get_bulk(mempool, (void **)ops, nb_ops) == 0)
+ return nb_ops;
+
+ return 0;
+}
/**
- * Crypto operation session type. This is used to specify whether a crypto
- * operation has session structure attached for immutable parameters or if all
- * operation information is included in the operation data structure.
+ * Allocate a crypto operation from a mempool with default parameters set
+ *
+ * @param mempool crypto operation mempool
+ * @param type operation type to allocate
+ *
+ * @returns
+ * - On success returns a valid rte_crypto_op structure
+ * - On failure returns NULL
*/
-enum rte_crypto_op_sess_type {
- RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */
- RTE_CRYPTO_OP_SESSIONLESS /**< Session-less crypto operation */
-};
+static inline struct rte_crypto_op *
+rte_crypto_op_alloc(struct rte_mempool *mempool, enum rte_crypto_op_type type)
+{
+ struct rte_crypto_op *op = NULL;
+ int retval;
+
+ retval = __rte_crypto_op_raw_bulk_alloc(mempool, type, &op, 1);
+ if (unlikely(retval != 1))
+ return NULL;
+
+ __rte_crypto_op_reset(op, type);
+
+ return op;
+}
-/** Status of crypto operation */
-enum rte_crypto_op_status {
- RTE_CRYPTO_OP_STATUS_SUCCESS,
- /**< Operation completed successfully */
- RTE_CRYPTO_OP_STATUS_NO_SUBMITTED,
- /**< Operation not yet submitted to a cryptodev */
- RTE_CRYPTO_OP_STATUS_ENQUEUED,
- /**< Operation is enqueued on device */
- RTE_CRYPTO_OP_STATUS_AUTH_FAILED,
- /**< Authentication verification failed */
- RTE_CRYPTO_OP_STATUS_INVALID_ARGS,
- /**< Operation failed due to invalid arguments in request */
- RTE_CRYPTO_OP_STATUS_ERROR,
- /**< Error handling operation */
-};
/**
- * Cryptographic Operation Data.
+ * Bulk allocate crypto operations from a mempool with default parameters set
+ *
+ * @param mempool crypto operation mempool
+ * @param type operation type to allocate
+ * @param ops Array to place allocated crypto operations
+ * @param nb_ops Number of crypto operations to allocate
*
- * This structure contains data relating to performing cryptographic processing
- * on a data buffer. This request is used with rte_crypto_enqueue_burst() call
- * for performing cipher, hash, or a combined hash and cipher operations.
+ * @returns
+ * - nb_ops if the number of operations requested were allocated.
+ * - 0 if the requested number of ops are not available.
+ * None are allocated in this case.
*/
-struct rte_crypto_op {
- enum rte_crypto_op_sess_type type;
- enum rte_crypto_op_status status;
- struct {
- struct rte_mbuf *m; /**< Destination mbuf */
- uint8_t offset; /**< Data offset */
- } dst;
+static inline unsigned
+rte_crypto_op_bulk_alloc(struct rte_mempool *mempool,
+ enum rte_crypto_op_type type,
+ struct rte_crypto_op **ops, uint16_t nb_ops)
+{
+ int i;
+
+ if (unlikely(__rte_crypto_op_raw_bulk_alloc(mempool, type, ops, nb_ops)
+ != nb_ops))
+ return 0;
+
+ for (i = 0; i < nb_ops; i++)
+ __rte_crypto_op_reset(ops[i], type);
+
+ return nb_ops;
+}
- union {
- struct rte_cryptodev_session *session;
- /**< Handle for the initialised session context */
- struct rte_crypto_xform *xform;
- /**< Session-less API crypto operation parameters */
- };
-
- struct {
- struct {
- uint32_t offset;
- /**< Starting point for cipher processing, specified
- * as number of bytes from start of data in the source
- * buffer. The result of the cipher operation will be
- * written back into the output buffer starting at
- * this location.
- */
-
- uint32_t length;
- /**< The message length, in bytes, of the source buffer
- * on which the cryptographic operation will be
- * computed. This must be a multiple of the block size
- * if a block cipher is being used. This is also the
- * same as the result length.
- *
- * @note
- * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM,
- * this value should not include the length of the
- * padding or the length of the MAC; the driver will
- * compute the actual number of bytes over which the
- * encryption will occur, which will include these
- * values.
- *
- * @note
- * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this
- * field should be set to 0.
- */
- } to_cipher; /**< Data offsets and length for ciphering */
-
- struct {
- uint32_t offset;
- /**< Starting point for hash processing, specified as
- * number of bytes from start of packet in source
- * buffer.
- *
- * @note
- * For CCM and GCM modes of operation, this field is
- * ignored. The field @ref additional_auth field
- * should be set instead.
- *
- * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC)
- * mode of operation, this field specifies the start
- * of the AAD data in the source buffer.
- */
-
- uint32_t length;
- /**< The message length, in bytes, of the source
- * buffer that the hash will be computed on.
- *
- * @note
- * For CCM and GCM modes of operation, this field is
- * ignored. The field @ref additional_auth field
- * should be set instead.
- *
- * @note
- * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode
- * of operation, this field specifies the length of
- * the AAD data in the source buffer.
- */
- } to_hash; /**< Data offsets and length for authentication */
- } data; /**< Details of data to be operated on */
-
- struct {
- uint8_t *data;
- /**< Initialisation Vector or Counter.
- *
- * - For block ciphers in CBC or F8 mode, or for Kasumi in F8
- * mode, or for SNOW3G in UEA2 mode, this is the Initialisation
- * Vector (IV) value.
- *
- * - For block ciphers in CTR mode, this is the counter.
- *
- * - For GCM mode, this is either the IV (if the length is 96
- * bits) or J0 (for other sizes), where J0 is as defined by
- * NIST SP800-38D. Regardless of the IV length, a full 16 bytes
- * needs to be allocated.
- *
- * - For CCM mode, the first byte is reserved, and the nonce
- * should be written starting at &iv[1] (to allow space for the
- * implementation to write in the flags in the first byte).
- * Note that a full 16 bytes should be allocated, even though
- * the length field will have a value less than this.
- *
- * - For AES-XTS, this is the 128bit tweak, i, from IEEE Std
- * 1619-2007.
- *
- * For optimum performance, the data pointed to SHOULD be
- * 8-byte aligned.
- */
- phys_addr_t phys_addr;
- size_t length;
- /**< Length of valid IV data.
- *
- * - For block ciphers in CBC or F8 mode, or for Kasumi in F8
- * mode, or for SNOW3G in UEA2 mode, this is the length of the
- * IV (which must be the same as the block length of the
- * cipher).
- *
- * - For block ciphers in CTR mode, this is the length of the
- * counter (which must be the same as the block length of the
- * cipher).
- *
- * - For GCM mode, this is either 12 (for 96-bit IVs) or 16, in
- * which case data points to J0.
- *
- * - For CCM mode, this is the length of the nonce, which can
- * be in the range 7 to 13 inclusive.
- */
- } iv; /**< Initialisation vector parameters */
-
- struct {
- uint8_t *data;
- /**< If this member of this structure is set this is a
- * pointer to the location where the digest result should be
- * inserted (in the case of digest generation) or where the
- * purported digest exists (in the case of digest
- * verification).
- *
- * At session creation time, the client specified the digest
- * result length with the digest_length member of the @ref
- * rte_crypto_auth_xform structure. For physical crypto
- * devices the caller must allocate at least digest_length of
- * physically contiguous memory at this location.
- *
- * For digest generation, the digest result will overwrite
- * any data at this location.
- *
- * @note
- * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for
- * "digest result" read "authentication tag T".
- *
- * If this member is not set the digest result is understood
- * to be in the destination buffer for digest generation, and
- * in the source buffer for digest verification. The location
- * of the digest result in this case is immediately following
- * the region over which the digest is computed.
- */
- phys_addr_t phys_addr; /**< Physical address of digest */
- uint32_t length; /**< Length of digest */
- } digest; /**< Digest parameters */
-
- struct {
- uint8_t *data;
- /**< Pointer to Additional Authenticated Data (AAD) needed for
- * authenticated cipher mechanisms (CCM and GCM), and to the IV
- * for SNOW3G authentication
- * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other
- * authentication mechanisms this pointer is ignored.
- *
- * The length of the data pointed to by this field is set up
- * for the session in the @ref rte_crypto_auth_xform structure
- * as part of the @ref rte_cryptodev_session_create function
- * call. This length must not exceed 240 bytes.
- *
- * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM), the
- * caller should setup this field as follows:
- *
- * - the nonce should be written starting at an offset of one
- * byte into the array, leaving room for the implementation
- * to write in the flags to the first byte.
- *
- * - the additional authentication data itself should be
- * written starting at an offset of 18 bytes into the array,
- * leaving room for the length encoding in the first two
- * bytes of the second block.
- *
- * - the array should be big enough to hold the above fields,
- * plus any padding to round this up to the nearest multiple
- * of the block size (16 bytes). Padding will be added by
- * the implementation.
- *
- * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the
- * caller should setup this field as follows:
- *
- * - the AAD is written in starting at byte 0
- * - the array must be big enough to hold the AAD, plus any
- * space to round this up to the nearest multiple of the
- * block size (16 bytes).
- *
- * @note
- * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of
- * operation, this field is not used and should be set to 0.
- * Instead the AAD data should be placed in the source buffer.
- */
- phys_addr_t phys_addr; /**< physical address */
- uint32_t length; /**< Length of digest */
- } additional_auth;
- /**< Additional authentication parameters */
-
- struct rte_mempool *pool;
- /**< mempool used to allocate crypto op */
-
- void *user_data;
- /**< opaque pointer for user data */
-};
/**
- * Reset the fields of a crypto operation to their default values.
+ * Returns a pointer to the private data of a crypto operation if
+ * that operation has enough capacity for requested size.
*
- * @param op The crypto operation to be reset.
+ * @param op crypto operation.
+ * @param size size of space requested in private data.
+ *
+ * @returns
+ * - if sufficient space available returns pointer to start of private data
+ * - if insufficient space returns NULL
*/
-static inline void
-__rte_crypto_op_reset(struct rte_crypto_op *op)
+static inline void *
+__rte_crypto_op_get_priv_data(struct rte_crypto_op *op, uint32_t size)
{
- op->type = RTE_CRYPTO_OP_SESSIONLESS;
- op->dst.m = NULL;
- op->dst.offset = 0;
+ uint32_t priv_size;
+
+ if (likely(op->mempool != NULL)) {
+ priv_size = __rte_crypto_op_get_priv_data_size(op->mempool);
+
+ if (likely(priv_size >= size))
+ return (void *)((uint8_t *)(op + 1) +
+ sizeof(struct rte_crypto_sym_op));
+ }
+
+ return NULL;
}
-/** Attach a session to a crypto operation */
+/**
+ * free crypto operation structure
+ * If operation has been allocate from a rte_mempool, then the operation will
+ * be returned to the mempool.
+ *
+ * @param op symmetric crypto operation
+ */
static inline void
-rte_crypto_op_attach_session(struct rte_crypto_op *op,
- struct rte_cryptodev_session *sess)
+rte_crypto_op_free(struct rte_crypto_op *op)
+{
+ if (op != NULL && op->mempool != NULL)
+ rte_mempool_put(op->mempool, op);
+}
+
+/**
+ * Allocate a symmetric crypto operation in the private data of an mbuf.
+ *
+ * @param m mbuf which is associated with the crypto operation, the
+ * operation will be allocated in the private data of that
+ * mbuf.
+ *
+ * @returns
+ * - On success returns a pointer to the crypto operation.
+ * - On failure returns NULL.
+ */
+static inline struct rte_crypto_op *
+rte_crypto_sym_op_alloc_from_mbuf_priv_data(struct rte_mbuf *m)
{
- op->session = sess;
- op->type = RTE_CRYPTO_OP_WITH_SESSION;
+ if (unlikely(m == NULL))
+ return NULL;
+
+ /*
+ * check that the mbuf's private data size is sufficient to contain a
+ * crypto operation
+ */
+ if (unlikely(m->priv_size < (sizeof(struct rte_crypto_op) +
+ sizeof(struct rte_crypto_sym_op))))
+ return NULL;
+
+ /* private data starts immediately after the mbuf header in the mbuf. */
+ struct rte_crypto_op *op = (struct rte_crypto_op *)(m + 1);
+
+ __rte_crypto_op_reset(op, RTE_CRYPTO_OP_TYPE_SYMMETRIC);
+
+ op->mempool = NULL;
+ op->sym->m_src = m;
+
+ return op;
+}
+
+/**
+ * Allocate space for symmetric crypto xforms in the private data space of the
+ * crypto operation. This also defaults the crypto xform type and configures
+ * the chaining of the xforms in the crypto operation
+ *
+ * @return
+ * - On success returns pointer to first crypto xform in crypto operations chain
+ * - On failure returns NULL
+ */
+static inline struct rte_crypto_sym_xform *
+rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms)
+{
+ void *priv_data;
+ uint32_t size;
+
+ if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
+ return NULL;
+
+ size = sizeof(struct rte_crypto_sym_xform) * nb_xforms;
+
+ priv_data = __rte_crypto_op_get_priv_data(op, size);
+ if (priv_data == NULL)
+ return NULL;
+
+ return __rte_crypto_sym_op_sym_xforms_alloc(op->sym, priv_data,
+ nb_xforms);
+}
+
+
+/**
+ * Attach a session to a crypto operation
+ *
+ * @param op crypto operation, must be of type symmetric
+ * @param sess cryptodev session
+ */
+static inline int
+rte_crypto_op_attach_sym_session(struct rte_crypto_op *op,
+ struct rte_cryptodev_sym_session *sess)
+{
+ if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC))
+ return -1;
+
+ op->sess_type = RTE_CRYPTO_OP_WITH_SESSION;
+
+ return __rte_crypto_sym_op_attach_sym_session(op->sym, sess);
}
#ifdef __cplusplus
git.droids-corp.org / dpdk.git / blobdiff