X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;ds=sidebyside;f=lib%2Flibrte_cryptodev%2Frte_crypto_sym.h;h=c80e90ee83768000719d884bfb2c4a37fa208314;hb=196a46fab6eeb3ce2039e3bcaca80f8ba43ffc8d;hp=f1b2f38e3b22155695256a719e22c4254e016fb8;hpb=4428eda8bb756a487a05a3e6c86da0b2de7227ae;p=dpdk.git

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index f1b2f38e3b..c80e90ee83 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -1,33 +1,5 @@
-/*-
- *   BSD LICENSE
- *
- *   Copyright(c) 2016-2017 Intel Corporation. All rights reserved.
- *
- *   Redistribution and use in source and binary forms, with or without
- *   modification, are permitted provided that the following conditions
- *   are met:
- *
- *     * Redistributions of source code must retain the above copyright
- *       notice, this list of conditions and the following disclaimer.
- *     * Redistributions in binary form must reproduce the above copyright
- *       notice, this list of conditions and the following disclaimer in
- *       the documentation and/or other materials provided with the
- *       distribution.
- *     * Neither the name of Intel Corporation nor the names of its
- *       contributors may be used to endorse or promote products derived
- *       from this software without specific prior written permission.
- *
- *   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- *   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- *   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- *   A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- *   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- *   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- *   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- *   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- *   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- *   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(c) 2016-2019 Intel Corporation
  */
 
 #ifndef _RTE_CRYPTO_SYM_H_
@@ -143,7 +115,7 @@ struct rte_crypto_cipher_xform {
 
 	struct {
 		uint8_t *data;	/**< pointer to key data */
-		size_t length;	/**< key length in bytes */
+		uint16_t length;/**< key length in bytes */
 	} key;
 	/**< Cipher key
 	 *
@@ -152,17 +124,9 @@ struct rte_crypto_cipher_xform {
 	 * keymask. As per RFC3711, the keymask should be padded with trailing
 	 * bytes to match the length of the encryption key used.
 	 *
-	 * For AES-XTS mode of operation, two keys must be provided and
-	 * key.data must point to the two keys concatenated together (Key1 ||
-	 * Key2). The cipher key length will contain the total size of both
-	 * keys.
-	 *
 	 * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes),
 	 * 192 bits (24 bytes) or 256 bits (32 bytes).
 	 *
-	 * For the CCM mode of operation, the only supported key length is 128
-	 * bits (16 bytes).
-	 *
 	 * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length
 	 * should be set to the combined length of the encryption key and the
 	 * keymask. Since the keymask and the encryption key are the same size,
@@ -171,6 +135,8 @@ struct rte_crypto_cipher_xform {
 	 * For the AES-XTS mode of operation:
 	 *  - Two keys must be provided and key.length refers to total length of
 	 *    the two keys.
+	 *  - key.data must point to the two keys concatenated together
+	 *    (key1 || key2).
 	 *  - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes).
 	 *  - Both keys must have the same size.
 	 **/
@@ -196,7 +162,9 @@ struct rte_crypto_cipher_xform {
 		 * space for the implementation to write in the flags
 		 * in the first byte). Note that a full 16 bytes should
 		 * be allocated, even though the length field will
-		 * have a value less than this.
+		 * have a value less than this. Note that the PMDs may
+		 * modify the memory reserved (the first byte and the
+		 * final padding)
 		 *
 		 * - For AES-XTS, this is the 128bit tweak, i, from
 		 * IEEE Std 1619-2007.
@@ -274,6 +242,23 @@ enum rte_crypto_auth_algorithm {
 	RTE_CRYPTO_AUTH_ZUC_EIA3,
 	/**< ZUC algorithm in EIA3 mode */
 
+	RTE_CRYPTO_AUTH_SHA3_224,
+	/**< 224 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_224_HMAC,
+	/**< HMAC using 224 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_256,
+	/**< 256 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_256_HMAC,
+	/**< HMAC using 256 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_384,
+	/**< 384 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_384_HMAC,
+	/**< HMAC using 384 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_512,
+	/**< 512 bit SHA3 algorithm. */
+	RTE_CRYPTO_AUTH_SHA3_512_HMAC,
+	/**< HMAC using 512 bit SHA3 algorithm. */
+
 	RTE_CRYPTO_AUTH_LIST_END
 };
 
@@ -306,7 +291,7 @@ struct rte_crypto_auth_xform {
 
 	struct {
 		uint8_t *data;	/**< pointer to key data */
-		size_t length;	/**< key length in bytes */
+		uint16_t length;/**< key length in bytes */
 	} key;
 	/**< Authentication key data.
 	 * The authentication key length MUST be less than or equal to the
@@ -315,27 +300,18 @@ struct rte_crypto_auth_xform {
 	 * (for example RFC 2104, FIPS 198a).
 	 */
 
-	uint16_t digest_length;
-	/**< Length of the digest to be returned. If the verify option is set,
-	 * this specifies the length of the digest to be compared for the
-	 * session.
-	 *
-	 * It is the caller's responsibility to ensure that the
-	 * digest length is compliant with the hash algorithm being used.
-	 * If the value is less than the maximum length allowed by the hash,
-	 * the result shall be truncated.
-	 */
-
 	struct {
 		uint16_t offset;
 		/**< Starting point for Initialisation Vector or Counter,
 		 * specified as number of bytes from start of crypto
 		 * operation (rte_crypto_op).
 		 *
-		 * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode,
-		 *   for ZUC in EIA3 mode and for AES-GMAC, this is the
-		 *   authentication Initialisation Vector (IV) value.
+		 * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode and
+		 *   for AES-GMAC, this is the authentication
+		 *   Initialisation Vector (IV) value.
 		 *
+		 * - For KASUMI in F9 mode and other authentication
+		 *   algorithms, this field is not used.
 		 *
 		 * For optimum performance, the data pointed to SHOULD
 		 * be 8-byte aligned.
@@ -343,12 +319,25 @@ struct rte_crypto_auth_xform {
 		uint16_t length;
 		/**< Length of valid IV data.
 		 *
-		 * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for
-		 *   ZUC in EIA3 mode and for AES-GMAC, this is the length
-		 *   of the IV.
+		 * - For SNOW3G in UIA2 mode, for ZUC in EIA3 mode and
+		 *   for AES-GMAC, this is the length of the IV.
+		 *
+		 * - For KASUMI in F9 mode and other authentication
+		 *   algorithms, this field is not used.
 		 *
 		 */
 	} iv;	/**< Initialisation vector parameters */
+
+	uint16_t digest_length;
+	/**< Length of the digest to be returned. If the verify option is set,
+	 * this specifies the length of the digest to be compared for the
+	 * session.
+	 *
+	 * It is the caller's responsibility to ensure that the
+	 * digest length is compliant with the hash algorithm being used.
+	 * If the value is less than the maximum length allowed by the hash,
+	 * the result shall be truncated.
+	 */
 };
 
 
@@ -385,7 +374,7 @@ struct rte_crypto_aead_xform {
 
 	struct {
 		uint8_t *data;  /**< pointer to key data */
-		size_t length;   /**< key length in bytes */
+		uint16_t length;/**< key length in bytes */
 	} key;
 
 	struct {
@@ -420,10 +409,14 @@ struct rte_crypto_aead_xform {
 		 */
 	} iv;	/**< Initialisation vector parameters */
 
-	uint32_t digest_length;
+	uint16_t digest_length;
 
-	uint16_t add_auth_data_length;
-	/**< The length of the additional authenticated data (AAD) in bytes. */
+	uint16_t aad_length;
+	/**< The length of the additional authenticated data (AAD) in bytes.
+	 * For CCM mode, this is the length of the actual AAD, even though
+	 * it is required to reserve 18 bytes before the AAD and padding
+	 * at the end of it, so a multiple of 16 bytes is allocated.
+	 */
 };
 
 /** Crypto transformation types */
@@ -501,8 +494,11 @@ struct rte_crypto_sym_op {
 		/**< Handle for the initialised session context */
 		struct rte_crypto_sym_xform *xform;
 		/**< Session-less API crypto operation parameters */
+		struct rte_security_session *sec_session;
+		/**< Handle for the initialised security session context */
 	};
 
+	RTE_STD_C11
 	union {
 		struct {
 			struct {
@@ -538,7 +534,7 @@ struct rte_crypto_sym_op {
 				 * For GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), for
 				 * "digest result" read "authentication tag T".
 				 */
-				phys_addr_t phys_addr;
+				rte_iova_t phys_addr;
 				/**< Physical address of digest */
 			} digest; /**< Digest parameters */
 			struct {
@@ -550,20 +546,19 @@ struct rte_crypto_sym_op {
 				 * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM),
 				 * the caller should setup this field as follows:
 				 *
-				 * - the nonce should be written starting at an offset
-				 * of one byte into the array, leaving room for the
-				 * implementation to write in the flags to the first
-				 * byte.
-				 *
-				 * - the additional  authentication data itself should
+				 * - the additional authentication data itself should
 				 * be written starting at an offset of 18 bytes into
-				 * the array, leaving room for the length encoding in
-				 * the first two bytes of the second block.
+				 * the array, leaving room for the first block (16 bytes)
+				 * and the length encoding in the first two bytes of the
+				 * second block.
 				 *
 				 * - the array should be big enough to hold the above
-				 *  fields, plus any padding to round this up to the
-				 *  nearest multiple of the block size (16 bytes).
-				 *  Padding will be added by the implementation.
+				 * fields, plus any padding to round this up to the
+				 * nearest multiple of the block size (16 bytes).
+				 * Padding will be added by the implementation.
+				 *
+				 * - Note that PMDs may modify the memory reserved
+				 * (first 18 bytes and the final padding).
 				 *
 				 * Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the
 				 * caller should setup this field as follows:
@@ -574,7 +569,7 @@ struct rte_crypto_sym_op {
 				 * of the block size (16 bytes).
 				 *
 				 */
-				phys_addr_t phys_addr;	/**< physical address */
+				rte_iova_t phys_addr;	/**< physical address */
 			} aad;
 			/**< Additional authentication parameters */
 		} aead;
@@ -625,6 +620,11 @@ struct rte_crypto_sym_op {
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
 					  * this field should be in bits.
+					  *
+					  * @note
+					  * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9,
+					  * this offset should be such that
+					  * data to authenticate starts at COUNT.
 					  */
 					uint32_t length;
 					 /**< The message length, in bytes, of the source
@@ -635,6 +635,12 @@ struct rte_crypto_sym_op {
 					  * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9
 					  * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3,
 					  * this field should be in bits.
+					  *
+					  * @note
+					  * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9,
+					  * the length should include the COUNT,
+					  * FRESH, message, direction bit and padding
+					  * (to be multiple of 8 bits).
 					  */
 				} data;
 				/**< Data offsets and length for authentication */
@@ -660,7 +666,7 @@ struct rte_crypto_sym_op {
 					 * will overwrite any data at this location.
 					 *
 					 */
-					phys_addr_t phys_addr;
+					rte_iova_t phys_addr;
 					/**< Physical address of digest */
 				} digest; /**< Digest parameters */
 			} auth;