X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_cryptodev%2Frte_crypto.h;h=901951888c7ee1c9100f130c268e370a84c5a4a5;hb=6ae4abac5563de3e133f3f77778f885abcbe7701;hp=42343a831fa7737a1cc77e793c9c4255ec51a124;hpb=d11b0f30df88c1ecb12e5bdaa467ca246a14b422;p=dpdk.git diff --git a/lib/librte_cryptodev/rte_crypto.h b/lib/librte_cryptodev/rte_crypto.h index 42343a831f..901951888c 100644 --- a/lib/librte_cryptodev/rte_crypto.h +++ b/lib/librte_cryptodev/rte_crypto.h @@ -1,7 +1,7 @@ /*- * BSD LICENSE * - * Copyright(c) 2015 Intel Corporation. All rights reserved. + * Copyright(c) 2016 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -36,571 +36,378 @@ /** * @file rte_crypto.h * - * RTE Cryptographic Definitions + * RTE Cryptography Common Definitions * - * Defines symmetric cipher and authentication algorithms and modes, as well - * as supported symmetric crypto operation combinations. */ #ifdef __cplusplus extern "C" { #endif + #include #include #include +#include -/** Symmetric Cipher Algorithms */ -enum rte_crypto_cipher_algorithm { - RTE_CRYPTO_CIPHER_NULL = 1, - /**< NULL cipher algorithm. No mode applies to the NULL algorithm. */ - - RTE_CRYPTO_CIPHER_3DES_CBC, - /**< Triple DES algorithm in CBC mode */ - RTE_CRYPTO_CIPHER_3DES_CTR, - /**< Triple DES algorithm in CTR mode */ - RTE_CRYPTO_CIPHER_3DES_ECB, - /**< Triple DES algorithm in ECB mode */ - - RTE_CRYPTO_CIPHER_AES_CBC, - /**< AES algorithm in CBC mode */ - RTE_CRYPTO_CIPHER_AES_CCM, - /**< AES algorithm in CCM mode. When this cipher algorithm is used the - * *RTE_CRYPTO_AUTH_AES_CCM* element of the - * *rte_crypto_hash_algorithm* enum MUST be used to set up the related - * *rte_crypto_auth_xform* structure in the session context or in - * the op_params of the crypto operation structure in the case of a - * session-less crypto operation - */ - RTE_CRYPTO_CIPHER_AES_CTR, - /**< AES algorithm in Counter mode */ - RTE_CRYPTO_CIPHER_AES_ECB, - /**< AES algorithm in ECB mode */ - RTE_CRYPTO_CIPHER_AES_F8, - /**< AES algorithm in F8 mode */ - RTE_CRYPTO_CIPHER_AES_GCM, - /**< AES algorithm in GCM mode. When this cipher algorithm is used the - * *RTE_CRYPTO_AUTH_AES_GCM* element of the - * *rte_crypto_auth_algorithm* enum MUST be used to set up the related - * *rte_crypto_auth_setup_data* structure in the session context or in - * the op_params of the crypto operation structure in the case of a - * session-less crypto operation. - */ - RTE_CRYPTO_CIPHER_AES_XTS, - /**< AES algorithm in XTS mode */ +#include "rte_crypto_sym.h" - RTE_CRYPTO_CIPHER_ARC4, - /**< (A)RC4 cipher algorithm */ +/** Crypto operation types */ +enum rte_crypto_op_type { + RTE_CRYPTO_OP_TYPE_UNDEFINED, + /**< Undefined operation type */ + RTE_CRYPTO_OP_TYPE_SYMMETRIC, + /**< Symmetric operation */ +}; - RTE_CRYPTO_CIPHER_KASUMI_F8, - /**< Kasumi algorithm in F8 mode */ +/** Status of crypto operation */ +enum rte_crypto_op_status { + RTE_CRYPTO_OP_STATUS_SUCCESS, + /**< Operation completed successfully */ + RTE_CRYPTO_OP_STATUS_NOT_PROCESSED, + /**< Operation has not yet been processed by a crypto device */ + RTE_CRYPTO_OP_STATUS_ENQUEUED, + /**< Operation is enqueued on device */ + RTE_CRYPTO_OP_STATUS_AUTH_FAILED, + /**< Authentication verification failed */ + RTE_CRYPTO_OP_STATUS_INVALID_SESSION, + /**< + * Symmetric operation failed due to invalid session arguments, or if + * in session-less mode, failed to allocate private operation material. + */ + RTE_CRYPTO_OP_STATUS_INVALID_ARGS, + /**< Operation failed due to invalid arguments in request */ + RTE_CRYPTO_OP_STATUS_ERROR, + /**< Error handling operation */ +}; - RTE_CRYPTO_CIPHER_SNOW3G_UEA2, - /**< SNOW3G algorithm in UEA2 mode */ +/** + * Cryptographic Operation. + * + * This structure contains data relating to performing cryptographic + * operations. This operation structure is used to contain any operation which + * is supported by the cryptodev API, PMDs should check the type parameter to + * verify that the operation is a support function of the device. Crypto + * operations are enqueued and dequeued in crypto PMDs using the + * rte_cryptodev_enqueue_burst() / rte_cryptodev_dequeue_burst() . + */ +struct rte_crypto_op { + enum rte_crypto_op_type type; + /**< operation type */ - RTE_CRYPTO_CIPHER_ZUC_EEA3 - /**< ZUC algorithm in EEA3 mode */ -}; + enum rte_crypto_op_status status; + /**< + * operation status - this is reset to + * RTE_CRYPTO_OP_STATUS_NOT_PROCESSED on allocation from mempool and + * will be set to RTE_CRYPTO_OP_STATUS_SUCCESS after crypto operation + * is successfully processed by a crypto PMD + */ -/** Symmetric Cipher Direction */ -enum rte_crypto_cipher_operation { - RTE_CRYPTO_CIPHER_OP_ENCRYPT, - /**< Encrypt cipher operation */ - RTE_CRYPTO_CIPHER_OP_DECRYPT - /**< Decrypt cipher operation */ -}; + struct rte_mempool *mempool; + /**< crypto operation mempool which operation is allocated from */ -/** Crypto key structure */ -struct rte_crypto_key { - uint8_t *data; /**< pointer to key data */ phys_addr_t phys_addr; - size_t length; /**< key length in bytes */ -}; + /**< physical address of crypto operation */ + + void *opaque_data; + /**< Opaque pointer for user data */ + + RTE_STD_C11 + union { + struct rte_crypto_sym_op *sym; + /**< Symmetric operation parameters */ + }; /**< operation specific parameters */ +} __rte_cache_aligned; /** - * Symmetric Cipher Setup Data. + * Reset the fields of a crypto operation to their default values. * - * This structure contains data relating to Cipher (Encryption and Decryption) - * use to create a session. + * @param op The crypto operation to be reset. + * @param type The crypto operation type. */ -struct rte_crypto_cipher_xform { - enum rte_crypto_cipher_operation op; - /**< This parameter determines if the cipher operation is an encrypt or - * a decrypt operation. For the RC4 algorithm and the F8/CTR modes, - * only encrypt operations are valid. - */ - enum rte_crypto_cipher_algorithm algo; - /**< Cipher algorithm */ - - struct rte_crypto_key key; - /**< Cipher key - * - * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.data will - * point to a concatenation of the AES encryption key followed by a - * keymask. As per RFC3711, the keymask should be padded with trailing - * bytes to match the length of the encryption key used. - * - * For AES-XTS mode of operation, two keys must be provided and - * key.data must point to the two keys concatenated together (Key1 || - * Key2). The cipher key length will contain the total size of both - * keys. - * - * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes), - * 192 bits (24 bytes) or 256 bits (32 bytes). - * - * For the CCM mode of operation, the only supported key length is 128 - * bits (16 bytes). - * - * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length - * should be set to the combined length of the encryption key and the - * keymask. Since the keymask and the encryption key are the same size, - * key.length should be set to 2 x the AES encryption key length. - * - * For the AES-XTS mode of operation: - * - Two keys must be provided and key.length refers to total length of - * the two keys. - * - Each key can be either 128 bits (16 bytes) or 256 bits (32 bytes). - * - Both keys must have the same size. - **/ -}; +static inline void +__rte_crypto_op_reset(struct rte_crypto_op *op, enum rte_crypto_op_type type) +{ + op->type = type; + op->status = RTE_CRYPTO_OP_STATUS_NOT_PROCESSED; -/** Symmetric Authentication / Hash Algorithms */ -enum rte_crypto_auth_algorithm { - RTE_CRYPTO_AUTH_NULL = 1, - /**< NULL hash algorithm. */ - - RTE_CRYPTO_AUTH_AES_CBC_MAC, - /**< AES-CBC-MAC algorithm. Only 128-bit keys are supported. */ - RTE_CRYPTO_AUTH_AES_CCM, - /**< AES algorithm in CCM mode. This is an authenticated cipher. When - * this hash algorithm is used, the *RTE_CRYPTO_CIPHER_AES_CCM* - * element of the *rte_crypto_cipher_algorithm* enum MUST be used to - * set up the related rte_crypto_cipher_setup_data structure in the - * session context or the corresponding parameter in the crypto - * operation data structures op_params parameter MUST be set for a - * session-less crypto operation. - */ - RTE_CRYPTO_AUTH_AES_CMAC, - /**< AES CMAC algorithm. */ - RTE_CRYPTO_AUTH_AES_GCM, - /**< AES algorithm in GCM mode. When this hash algorithm - * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the - * rte_crypto_cipher_algorithm enum MUST be used to set up the related - * rte_crypto_cipher_setup_data structure in the session context, or - * the corresponding parameter in the crypto operation data structures - * op_params parameter MUST be set for a session-less crypto operation. - */ - RTE_CRYPTO_AUTH_AES_GMAC, - /**< AES GMAC algorithm. When this hash algorithm - * is used, the RTE_CRYPTO_CIPHER_AES_GCM element of the - * rte_crypto_cipher_algorithm enum MUST be used to set up the related - * rte_crypto_cipher_setup_data structure in the session context, or - * the corresponding parameter in the crypto operation data structures - * op_params parameter MUST be set for a session-less crypto operation. - */ - RTE_CRYPTO_AUTH_AES_XCBC_MAC, - /**< AES XCBC algorithm. */ - - RTE_CRYPTO_AUTH_KASUMI_F9, - /**< Kasumi algorithm in F9 mode. */ - - RTE_CRYPTO_AUTH_MD5, - /**< MD5 algorithm */ - RTE_CRYPTO_AUTH_MD5_HMAC, - /**< HMAC using MD5 algorithm */ - - RTE_CRYPTO_AUTH_SHA1, - /**< 128 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA1_HMAC, - /**< HMAC using 128 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA224, - /**< 224 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA224_HMAC, - /**< HMAC using 224 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA256, - /**< 256 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA256_HMAC, - /**< HMAC using 256 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA384, - /**< 384 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA384_HMAC, - /**< HMAC using 384 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA512, - /**< 512 bit SHA algorithm. */ - RTE_CRYPTO_AUTH_SHA512_HMAC, - /**< HMAC using 512 bit SHA algorithm. */ - - RTE_CRYPTO_AUTH_SNOW3G_UIA2, - /**< SNOW3G algorithm in UIA2 mode. */ - - RTE_CRYPTO_AUTH_ZUC_EIA3, - /**< ZUC algorithm in EIA3 mode */ -}; + switch (type) { + case RTE_CRYPTO_OP_TYPE_SYMMETRIC: + /** Symmetric operation structure starts after the end of the + * rte_crypto_op structure. + */ + op->sym = (struct rte_crypto_sym_op *)(op + 1); + op->type = type; -/** Symmetric Authentication / Hash Operations */ -enum rte_crypto_auth_operation { - RTE_CRYPTO_AUTH_OP_VERIFY, /**< Verify authentication digest */ - RTE_CRYPTO_AUTH_OP_GENERATE /**< Generate authentication digest */ + __rte_crypto_sym_op_reset(op->sym); + break; + default: + break; + } + + op->opaque_data = NULL; +} + +/** + * Private data structure belonging to a crypto symmetric operation pool. + */ +struct rte_crypto_op_pool_private { + enum rte_crypto_op_type type; + /**< Crypto op pool type operation. */ + uint16_t priv_size; + /**< Size of private area in each crypto operation. */ }; + /** - * Authentication / Hash transform data. + * Returns the size of private data allocated with each rte_crypto_op object by + * the mempool + * + * @param mempool rte_crypto_op mempool * - * This structure contains data relating to an authentication/hash crypto - * transforms. The fields op, algo and digest_length are common to all - * authentication transforms and MUST be set. + * @return private data size */ -struct rte_crypto_auth_xform { - enum rte_crypto_auth_operation op; - /**< Authentication operation type */ - enum rte_crypto_auth_algorithm algo; - /**< Authentication algorithm selection */ - - struct rte_crypto_key key; /**< Authentication key data. - * The authentication key length MUST be less than or equal to the - * block size of the algorithm. It is the callers responsibility to - * ensure that the key length is compliant with the standard being used - * (for example RFC 2104, FIPS 198a). - */ +static inline uint16_t +__rte_crypto_op_get_priv_data_size(struct rte_mempool *mempool) +{ + struct rte_crypto_op_pool_private *priv = + (struct rte_crypto_op_pool_private *) rte_mempool_get_priv(mempool); - uint32_t digest_length; - /**< Length of the digest to be returned. If the verify option is set, - * this specifies the length of the digest to be compared for the - * session. - * - * If the value is less than the maximum length allowed by the hash, - * the result shall be truncated. If the value is greater than the - * maximum length allowed by the hash then an error will be generated - * by *rte_cryptodev_session_create* or by the - * *rte_cryptodev_enqueue_burst* if using session-less APIs. - */ + return priv->priv_size; +} - uint32_t add_auth_data_length; - /**< The length of the additional authenticated data (AAD) in bytes. - * The maximum permitted value is 240 bytes, unless otherwise specified - * below. - * - * This field must be specified when the hash algorithm is one of the - * following: - * - * - For SNOW3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the - * length of the IV (which should be 16). - * - * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM). In this case, this is - * the length of the Additional Authenticated Data (called A, in NIST - * SP800-38D). - * - * - For CCM (@ref RTE_CRYPTO_AUTH_AES_CCM). In this case, this is - * the length of the associated data (called A, in NIST SP800-38C). - * Note that this does NOT include the length of any padding, or the - * 18 bytes reserved at the start of the above field to store the - * block B0 and the encoded length. The maximum permitted value in - * this case is 222 bytes. - * - * @note - * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation - * this field is not used and should be set to 0. Instead the length - * of the AAD data is specified in the message length to hash field of - * the rte_crypto_op_data structure. - */ -}; -/** Crypto transformation types */ -enum rte_crypto_xform_type { - RTE_CRYPTO_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */ - RTE_CRYPTO_XFORM_AUTH, /**< Authentication xform */ - RTE_CRYPTO_XFORM_CIPHER /**< Cipher xform */ -}; +/** + * Creates a crypto operation pool + * + * @param name pool name + * @param type crypto operation type, use + * RTE_CRYPTO_OP_TYPE_UNDEFINED for a pool which + * supports all operation types + * @param nb_elts number of elements in pool + * @param cache_size Number of elements to cache on lcore, see + * *rte_mempool_create* for further details about + * cache size + * @param priv_size Size of private data to allocate with each + * operation + * @param socket_id Socket to allocate memory on + * + * @return + * - On success pointer to mempool + * - On failure NULL + */ +extern struct rte_mempool * +rte_crypto_op_pool_create(const char *name, enum rte_crypto_op_type type, + unsigned nb_elts, unsigned cache_size, uint16_t priv_size, + int socket_id); /** - * Crypto transform structure. + * Bulk allocate raw element from mempool and return as crypto operations * - * This is used to specify the crypto transforms required, multiple transforms - * can be chained together to specify a chain transforms such as authentication - * then cipher, or cipher then authentication. Each transform structure can - * hold a single transform, the type field is used to specify which transform - * is contained within the union + * @param mempool crypto operation mempool. + * @param type crypto operation type. + * @param ops Array to place allocated crypto operations + * @param nb_ops Number of crypto operations to allocate + * + * @returns + * - On success returns number of ops allocated */ -struct rte_crypto_xform { - struct rte_crypto_xform *next; /**< next xform in chain */ +static inline int +__rte_crypto_op_raw_bulk_alloc(struct rte_mempool *mempool, + enum rte_crypto_op_type type, + struct rte_crypto_op **ops, uint16_t nb_ops) +{ + struct rte_crypto_op_pool_private *priv; - enum rte_crypto_xform_type type; /**< xform type */ - union { - struct rte_crypto_auth_xform auth; - /**< Authentication / hash xform */ - struct rte_crypto_cipher_xform cipher; - /**< Cipher xform */ - }; -}; + priv = (struct rte_crypto_op_pool_private *) rte_mempool_get_priv(mempool); + if (unlikely(priv->type != type && + priv->type != RTE_CRYPTO_OP_TYPE_UNDEFINED)) + return -EINVAL; + + if (rte_mempool_get_bulk(mempool, (void **)ops, nb_ops) == 0) + return nb_ops; + + return 0; +} /** - * Crypto operation session type. This is used to specify whether a crypto - * operation has session structure attached for immutable parameters or if all - * operation information is included in the operation data structure. + * Allocate a crypto operation from a mempool with default parameters set + * + * @param mempool crypto operation mempool + * @param type operation type to allocate + * + * @returns + * - On success returns a valid rte_crypto_op structure + * - On failure returns NULL */ -enum rte_crypto_op_sess_type { - RTE_CRYPTO_OP_WITH_SESSION, /**< Session based crypto operation */ - RTE_CRYPTO_OP_SESSIONLESS /**< Session-less crypto operation */ -}; +static inline struct rte_crypto_op * +rte_crypto_op_alloc(struct rte_mempool *mempool, enum rte_crypto_op_type type) +{ + struct rte_crypto_op *op = NULL; + int retval; + + retval = __rte_crypto_op_raw_bulk_alloc(mempool, type, &op, 1); + if (unlikely(retval != 1)) + return NULL; + + __rte_crypto_op_reset(op, type); + + return op; +} -/** Status of crypto operation */ -enum rte_crypto_op_status { - RTE_CRYPTO_OP_STATUS_SUCCESS, - /**< Operation completed successfully */ - RTE_CRYPTO_OP_STATUS_NO_SUBMITTED, - /**< Operation not yet submitted to a cryptodev */ - RTE_CRYPTO_OP_STATUS_ENQUEUED, - /**< Operation is enqueued on device */ - RTE_CRYPTO_OP_STATUS_AUTH_FAILED, - /**< Authentication verification failed */ - RTE_CRYPTO_OP_STATUS_INVALID_ARGS, - /**< Operation failed due to invalid arguments in request */ - RTE_CRYPTO_OP_STATUS_ERROR, - /**< Error handling operation */ -}; /** - * Cryptographic Operation Data. + * Bulk allocate crypto operations from a mempool with default parameters set * - * This structure contains data relating to performing cryptographic processing - * on a data buffer. This request is used with rte_crypto_enqueue_burst() call - * for performing cipher, hash, or a combined hash and cipher operations. + * @param mempool crypto operation mempool + * @param type operation type to allocate + * @param ops Array to place allocated crypto operations + * @param nb_ops Number of crypto operations to allocate + * + * @returns + * - On success returns a valid rte_crypto_op structure + * - On failure returns NULL */ -struct rte_crypto_op { - enum rte_crypto_op_sess_type type; - enum rte_crypto_op_status status; - struct { - struct rte_mbuf *m; /**< Destination mbuf */ - uint8_t offset; /**< Data offset */ - } dst; +static inline unsigned +rte_crypto_op_bulk_alloc(struct rte_mempool *mempool, + enum rte_crypto_op_type type, + struct rte_crypto_op **ops, uint16_t nb_ops) +{ + int i; - union { - struct rte_cryptodev_session *session; - /**< Handle for the initialised session context */ - struct rte_crypto_xform *xform; - /**< Session-less API crypto operation parameters */ - }; - - struct { - struct { - uint32_t offset; - /**< Starting point for cipher processing, specified - * as number of bytes from start of data in the source - * buffer. The result of the cipher operation will be - * written back into the output buffer starting at - * this location. - */ - - uint32_t length; - /**< The message length, in bytes, of the source buffer - * on which the cryptographic operation will be - * computed. This must be a multiple of the block size - * if a block cipher is being used. This is also the - * same as the result length. - * - * @note - * In the case of CCM @ref RTE_CRYPTO_AUTH_AES_CCM, - * this value should not include the length of the - * padding or the length of the MAC; the driver will - * compute the actual number of bytes over which the - * encryption will occur, which will include these - * values. - * - * @note - * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this - * field should be set to 0. - */ - } to_cipher; /**< Data offsets and length for ciphering */ - - struct { - uint32_t offset; - /**< Starting point for hash processing, specified as - * number of bytes from start of packet in source - * buffer. - * - * @note - * For CCM and GCM modes of operation, this field is - * ignored. The field @ref additional_auth field - * should be set instead. - * - * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) - * mode of operation, this field specifies the start - * of the AAD data in the source buffer. - */ - - uint32_t length; - /**< The message length, in bytes, of the source - * buffer that the hash will be computed on. - * - * @note - * For CCM and GCM modes of operation, this field is - * ignored. The field @ref additional_auth field - * should be set instead. - * - * @note - * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode - * of operation, this field specifies the length of - * the AAD data in the source buffer. - */ - } to_hash; /**< Data offsets and length for authentication */ - } data; /**< Details of data to be operated on */ - - struct { - uint8_t *data; - /**< Initialisation Vector or Counter. - * - * - For block ciphers in CBC or F8 mode, or for Kasumi in F8 - * mode, or for SNOW3G in UEA2 mode, this is the Initialisation - * Vector (IV) value. - * - * - For block ciphers in CTR mode, this is the counter. - * - * - For GCM mode, this is either the IV (if the length is 96 - * bits) or J0 (for other sizes), where J0 is as defined by - * NIST SP800-38D. Regardless of the IV length, a full 16 bytes - * needs to be allocated. - * - * - For CCM mode, the first byte is reserved, and the nonce - * should be written starting at &iv[1] (to allow space for the - * implementation to write in the flags in the first byte). - * Note that a full 16 bytes should be allocated, even though - * the length field will have a value less than this. - * - * - For AES-XTS, this is the 128bit tweak, i, from IEEE Std - * 1619-2007. - * - * For optimum performance, the data pointed to SHOULD be - * 8-byte aligned. - */ - phys_addr_t phys_addr; - size_t length; - /**< Length of valid IV data. - * - * - For block ciphers in CBC or F8 mode, or for Kasumi in F8 - * mode, or for SNOW3G in UEA2 mode, this is the length of the - * IV (which must be the same as the block length of the - * cipher). - * - * - For block ciphers in CTR mode, this is the length of the - * counter (which must be the same as the block length of the - * cipher). - * - * - For GCM mode, this is either 12 (for 96-bit IVs) or 16, in - * which case data points to J0. - * - * - For CCM mode, this is the length of the nonce, which can - * be in the range 7 to 13 inclusive. - */ - } iv; /**< Initialisation vector parameters */ - - struct { - uint8_t *data; - /**< If this member of this structure is set this is a - * pointer to the location where the digest result should be - * inserted (in the case of digest generation) or where the - * purported digest exists (in the case of digest - * verification). - * - * At session creation time, the client specified the digest - * result length with the digest_length member of the @ref - * rte_crypto_auth_xform structure. For physical crypto - * devices the caller must allocate at least digest_length of - * physically contiguous memory at this location. - * - * For digest generation, the digest result will overwrite - * any data at this location. - * - * @note - * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for - * "digest result" read "authentication tag T". - * - * If this member is not set the digest result is understood - * to be in the destination buffer for digest generation, and - * in the source buffer for digest verification. The location - * of the digest result in this case is immediately following - * the region over which the digest is computed. - */ - phys_addr_t phys_addr; /**< Physical address of digest */ - uint32_t length; /**< Length of digest */ - } digest; /**< Digest parameters */ - - struct { - uint8_t *data; - /**< Pointer to Additional Authenticated Data (AAD) needed for - * authenticated cipher mechanisms (CCM and GCM), and to the IV - * for SNOW3G authentication - * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other - * authentication mechanisms this pointer is ignored. - * - * The length of the data pointed to by this field is set up - * for the session in the @ref rte_crypto_auth_xform structure - * as part of the @ref rte_cryptodev_session_create function - * call. This length must not exceed 240 bytes. - * - * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM), the - * caller should setup this field as follows: - * - * - the nonce should be written starting at an offset of one - * byte into the array, leaving room for the implementation - * to write in the flags to the first byte. - * - * - the additional authentication data itself should be - * written starting at an offset of 18 bytes into the array, - * leaving room for the length encoding in the first two - * bytes of the second block. - * - * - the array should be big enough to hold the above fields, - * plus any padding to round this up to the nearest multiple - * of the block size (16 bytes). Padding will be added by - * the implementation. - * - * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the - * caller should setup this field as follows: - * - * - the AAD is written in starting at byte 0 - * - the array must be big enough to hold the AAD, plus any - * space to round this up to the nearest multiple of the - * block size (16 bytes). - * - * @note - * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of - * operation, this field is not used and should be set to 0. - * Instead the AAD data should be placed in the source buffer. - */ - phys_addr_t phys_addr; /**< physical address */ - uint32_t length; /**< Length of digest */ - } additional_auth; - /**< Additional authentication parameters */ + if (unlikely(__rte_crypto_op_raw_bulk_alloc(mempool, type, ops, nb_ops) + != nb_ops)) + return 0; - struct rte_mempool *pool; - /**< mempool used to allocate crypto op */ + for (i = 0; i < nb_ops; i++) + __rte_crypto_op_reset(ops[i], type); + + return nb_ops; +} - void *user_data; - /**< opaque pointer for user data */ -}; /** - * Reset the fields of a crypto operation to their default values. + * Returns a pointer to the private data of a crypto operation if + * that operation has enough capacity for requested size. * - * @param op The crypto operation to be reset. + * @param op crypto operation. + * @param size size of space requested in private data. + * + * @returns + * - if sufficient space available returns pointer to start of private data + * - if insufficient space returns NULL */ -static inline void -__rte_crypto_op_reset(struct rte_crypto_op *op) +static inline void * +__rte_crypto_op_get_priv_data(struct rte_crypto_op *op, uint32_t size) { - op->type = RTE_CRYPTO_OP_SESSIONLESS; - op->dst.m = NULL; - op->dst.offset = 0; + uint32_t priv_size; + + if (likely(op->mempool != NULL)) { + priv_size = __rte_crypto_op_get_priv_data_size(op->mempool); + + if (likely(priv_size >= size)) + return (void *)((uint8_t *)(op + 1) + + sizeof(struct rte_crypto_sym_op)); + } + + return NULL; } -/** Attach a session to a crypto operation */ +/** + * free crypto operation structure + * If operation has been allocate from a rte_mempool, then the operation will + * be returned to the mempool. + * + * @param op symmetric crypto operation + */ static inline void -rte_crypto_op_attach_session(struct rte_crypto_op *op, - struct rte_cryptodev_session *sess) +rte_crypto_op_free(struct rte_crypto_op *op) +{ + if (op != NULL && op->mempool != NULL) + rte_mempool_put(op->mempool, op); +} + +/** + * Allocate a symmetric crypto operation in the private data of an mbuf. + * + * @param m mbuf which is associated with the crypto operation, the + * operation will be allocated in the private data of that + * mbuf. + * + * @returns + * - On success returns a pointer to the crypto operation. + * - On failure returns NULL. + */ +static inline struct rte_crypto_op * +rte_crypto_sym_op_alloc_from_mbuf_priv_data(struct rte_mbuf *m) +{ + if (unlikely(m == NULL)) + return NULL; + + /* + * check that the mbuf's private data size is sufficient to contain a + * crypto operation + */ + if (unlikely(m->priv_size < (sizeof(struct rte_crypto_op) + + sizeof(struct rte_crypto_sym_op)))) + return NULL; + + /* private data starts immediately after the mbuf header in the mbuf. */ + struct rte_crypto_op *op = (struct rte_crypto_op *)(m + 1); + + __rte_crypto_op_reset(op, RTE_CRYPTO_OP_TYPE_SYMMETRIC); + + op->mempool = NULL; + op->sym->m_src = m; + + return op; +} + +/** + * Allocate space for symmetric crypto xforms in the private data space of the + * crypto operation. This also defaults the crypto xform type and configures + * the chaining of the xforms in the crypto operation + * + * @return + * - On success returns pointer to first crypto xform in crypto operations chain + * - On failure returns NULL + */ +static inline struct rte_crypto_sym_xform * +rte_crypto_op_sym_xforms_alloc(struct rte_crypto_op *op, uint8_t nb_xforms) { - op->session = sess; - op->type = RTE_CRYPTO_OP_WITH_SESSION; + void *priv_data; + uint32_t size; + + if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) + return NULL; + + size = sizeof(struct rte_crypto_sym_xform) * nb_xforms; + + priv_data = __rte_crypto_op_get_priv_data(op, size); + if (priv_data == NULL) + return NULL; + + return __rte_crypto_sym_op_sym_xforms_alloc(op->sym, priv_data, + nb_xforms); +} + + +/** + * Attach a session to a crypto operation + * + * @param op crypto operation, must be of type symmetric + * @param sess cryptodev session + */ +static inline int +rte_crypto_op_attach_sym_session(struct rte_crypto_op *op, + struct rte_cryptodev_sym_session *sess) +{ + if (unlikely(op->type != RTE_CRYPTO_OP_TYPE_SYMMETRIC)) + return -1; + + return __rte_crypto_sym_op_attach_sym_session(op->sym, sess); } #ifdef __cplusplus