/* SPDX-License-Identifier: BSD-3-Clause
- * Copyright(c) 2016-2019 Intel Corporation
+ * Copyright(c) 2016-2020 Intel Corporation
*/
#ifndef _RTE_CRYPTO_SYM_H_
#include <rte_mempool.h>
#include <rte_common.h>
+/**
+ * Crypto IO Vector (in analogy with struct iovec)
+ * Supposed be used to pass input/output data buffers for crypto data-path
+ * functions.
+ */
+struct rte_crypto_vec {
+ /** virtual address of the data buffer */
+ void *base;
+ /** IOVA of the data buffer */
+ rte_iova_t iova;
+ /** length of the data buffer */
+ uint32_t len;
+};
+
+/**
+ * Crypto scatter-gather list descriptor. Consists of a pointer to an array
+ * of Crypto IO vectors with its size.
+ */
+struct rte_crypto_sgl {
+ /** start of an array of vectors */
+ struct rte_crypto_vec *vec;
+ /** size of an array of vectors */
+ uint32_t num;
+};
+
+/**
+ * Crypto virtual and IOVA address descriptor, used to describe cryptographic
+ * data buffer without the length information. The length information is
+ * normally predefined during session creation.
+ */
+struct rte_crypto_va_iova_ptr {
+ void *va;
+ rte_iova_t iova;
+};
+
+/**
+ * Raw data operation descriptor.
+ * Supposed to be used with synchronous CPU crypto API call or asynchronous
+ * RAW data path API call.
+ */
+struct rte_crypto_sym_vec {
+ /** number of operations to perform */
+ uint32_t num;
+ /** array of SGL vectors */
+ struct rte_crypto_sgl *sgl;
+ /** array of pointers to cipher IV */
+ struct rte_crypto_va_iova_ptr *iv;
+ /** array of pointers to digest */
+ struct rte_crypto_va_iova_ptr *digest;
+
+ __extension__
+ union {
+ /** array of pointers to auth IV, used for chain operation */
+ struct rte_crypto_va_iova_ptr *auth_iv;
+ /** array of pointers to AAD, used for AEAD operation */
+ struct rte_crypto_va_iova_ptr *aad;
+ };
+
+ /**
+ * array of statuses for each operation:
+ * - 0 on success
+ * - errno on error
+ */
+ int32_t *status;
+};
+
+/**
+ * used for cpu_crypto_process_bulk() to specify head/tail offsets
+ * for auth/cipher processing.
+ */
+union rte_crypto_sym_ofs {
+ uint64_t raw;
+ struct {
+ struct {
+ uint16_t head;
+ uint16_t tail;
+ } auth, cipher;
+ } ofs;
+};
-/** Symmetric Cipher Algorithms */
+/** Symmetric Cipher Algorithms
+ *
+ * Note, to avoid ABI breakage across releases
+ * - LIST_END should not be added to this enum
+ * - the order of enums should not be changed
+ * - new algorithms should only be added to the end
+ */
enum rte_crypto_cipher_algorithm {
RTE_CRYPTO_CIPHER_NULL = 1,
/**< NULL cipher algorithm. No mode applies to the NULL algorithm. */
* for m_src and m_dst in the rte_crypto_sym_op must be NULL.
*/
- RTE_CRYPTO_CIPHER_DES_DOCSISBPI,
+ RTE_CRYPTO_CIPHER_DES_DOCSISBPI
/**< DES algorithm using modes required by
* DOCSIS Baseline Privacy Plus Spec.
* Chained mbufs are not supported in this mode, i.e. rte_mbuf.next
* for m_src and m_dst in the rte_crypto_sym_op must be NULL.
*/
-
- RTE_CRYPTO_CIPHER_LIST_END
-
};
/** Cipher algorithm name strings */
} iv; /**< Initialisation vector parameters */
};
-/** Symmetric Authentication / Hash Algorithms */
+/** Symmetric Authentication / Hash Algorithms
+ *
+ * Note, to avoid ABI breakage across releases
+ * - LIST_END should not be added to this enum
+ * - the order of enums should not be changed
+ * - new algorithms should only be added to the end
+ */
enum rte_crypto_auth_algorithm {
RTE_CRYPTO_AUTH_NULL = 1,
/**< NULL hash algorithm. */
/**< HMAC using MD5 algorithm */
RTE_CRYPTO_AUTH_SHA1,
- /**< 128 bit SHA algorithm. */
+ /**< 160 bit SHA algorithm. */
RTE_CRYPTO_AUTH_SHA1_HMAC,
- /**< HMAC using 128 bit SHA algorithm. */
+ /**< HMAC using 160 bit SHA algorithm.
+ * HMAC-SHA-1-96 can be generated by setting
+ * digest_length to 12 bytes in auth/aead xforms.
+ */
RTE_CRYPTO_AUTH_SHA224,
/**< 224 bit SHA algorithm. */
RTE_CRYPTO_AUTH_SHA224_HMAC,
/**< HMAC using 384 bit SHA3 algorithm. */
RTE_CRYPTO_AUTH_SHA3_512,
/**< 512 bit SHA3 algorithm. */
- RTE_CRYPTO_AUTH_SHA3_512_HMAC,
+ RTE_CRYPTO_AUTH_SHA3_512_HMAC
/**< HMAC using 512 bit SHA3 algorithm. */
-
- RTE_CRYPTO_AUTH_LIST_END
};
/** Authentication algorithm name strings */
};
-/** Symmetric AEAD Algorithms */
+/** Symmetric AEAD Algorithms
+ *
+ * Note, to avoid ABI breakage across releases
+ * - LIST_END should not be added to this enum
+ * - the order of enums should not be changed
+ * - new algorithms should only be added to the end
+ */
enum rte_crypto_aead_algorithm {
RTE_CRYPTO_AEAD_AES_CCM = 1,
/**< AES algorithm in CCM mode. */
RTE_CRYPTO_AEAD_AES_GCM,
/**< AES algorithm in GCM mode. */
- RTE_CRYPTO_AEAD_CHACHA20_POLY1305,
+ RTE_CRYPTO_AEAD_CHACHA20_POLY1305
/**< Chacha20 cipher with poly1305 authenticator */
- RTE_CRYPTO_AEAD_LIST_END
};
/** AEAD algorithm name strings */
* For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9,
* this offset should be such that
* data to authenticate starts at COUNT.
+ *
+ * @note
+ * For DOCSIS security protocol, this
+ * offset is the DOCSIS header length
+ * and, therefore, also the CRC offset
+ * i.e. the number of bytes into the
+ * packet at which CRC calculation
+ * should begin.
*/
uint32_t length;
/**< The message length, in bytes, of the source
* the length should include the COUNT,
* FRESH, message, direction bit and padding
* (to be multiple of 8 bits).
+ *
+ * @note
+ * For DOCSIS security protocol, this
+ * is the CRC length i.e. the number of
+ * bytes in the packet over which the
+ * CRC should be calculated
*/
} data;
/**< Data offsets and length for authentication */
return 0;
}
+/**
+ * Converts portion of mbuf data into a vector representation.
+ * Each segment will be represented as a separate entry in *vec* array.
+ * Expects that provided *ofs* + *len* not to exceed mbuf's *pkt_len*.
+ * @param mb
+ * Pointer to the *rte_mbuf* object.
+ * @param ofs
+ * Offset within mbuf data to start with.
+ * @param len
+ * Length of data to represent.
+ * @param vec
+ * Pointer to an output array of IO vectors.
+ * @param num
+ * Size of an output array.
+ * @return
+ * - number of successfully filled entries in *vec* array.
+ * - negative number of elements in *vec* array required.
+ */
+__rte_experimental
+static inline int
+rte_crypto_mbuf_to_vec(const struct rte_mbuf *mb, uint32_t ofs, uint32_t len,
+ struct rte_crypto_vec vec[], uint32_t num)
+{
+ uint32_t i;
+ struct rte_mbuf *nseg;
+ uint32_t left;
+ uint32_t seglen;
+
+ /* assuming that requested data starts in the first segment */
+ RTE_ASSERT(mb->data_len > ofs);
+
+ if (mb->nb_segs > num)
+ return -mb->nb_segs;
+
+ vec[0].base = rte_pktmbuf_mtod_offset(mb, void *, ofs);
+ vec[0].iova = rte_pktmbuf_iova_offset(mb, ofs);
+
+ /* whole data lies in the first segment */
+ seglen = mb->data_len - ofs;
+ if (len <= seglen) {
+ vec[0].len = len;
+ return 1;
+ }
+
+ /* data spread across segments */
+ vec[0].len = seglen;
+ left = len - seglen;
+ for (i = 1, nseg = mb->next; nseg != NULL; nseg = nseg->next, i++) {
+
+ vec[i].base = rte_pktmbuf_mtod(nseg, void *);
+ vec[i].iova = rte_pktmbuf_iova(nseg);
+
+ seglen = nseg->data_len;
+ if (left <= seglen) {
+ /* whole requested data is completed */
+ vec[i].len = left;
+ left = 0;
+ break;
+ }
+
+ /* use whole segment */
+ vec[i].len = seglen;
+ left -= seglen;
+ }
+
+ RTE_ASSERT(left == 0);
+ return i + 1;
+}
+
#ifdef __cplusplus
}
git.droids-corp.org / dpdk.git / blobdiff