X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_cryptodev%2Frte_crypto_sym.h;h=0a0ea59de1e69090e40dbc4076686b105d6139c2;hb=50aa486c877a8d5482fde4b0dacd0fad40789864;hp=931ff2cb95634a04125c0f555f7fca6d75d8e814;hpb=b79e4c00af0e7cfb8601ab0208659d226b82bd10;p=dpdk.git diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 931ff2cb95..0a0ea59de1 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -143,7 +143,7 @@ struct rte_crypto_cipher_xform { struct { uint8_t *data; /**< pointer to key data */ - size_t length; /**< key length in bytes */ + uint16_t length;/**< key length in bytes */ } key; /**< Cipher key * @@ -160,9 +160,6 @@ struct rte_crypto_cipher_xform { * Cipher key length is in bytes. For AES it can be 128 bits (16 bytes), * 192 bits (24 bytes) or 256 bits (32 bytes). * - * For the CCM mode of operation, the only supported key length is 128 - * bits (16 bytes). - * * For the RTE_CRYPTO_CIPHER_AES_F8 mode of operation, key.length * should be set to the combined length of the encryption key and the * keymask. Since the keymask and the encryption key are the same size, @@ -196,7 +193,9 @@ struct rte_crypto_cipher_xform { * space for the implementation to write in the flags * in the first byte). Note that a full 16 bytes should * be allocated, even though the length field will - * have a value less than this. + * have a value less than this. Note that the PMDs may + * modify the memory reserved (the first byte and the + * final padding) * * - For AES-XTS, this is the 128bit tweak, i, from * IEEE Std 1619-2007. @@ -306,7 +305,7 @@ struct rte_crypto_auth_xform { struct { uint8_t *data; /**< pointer to key data */ - size_t length; /**< key length in bytes */ + uint16_t length;/**< key length in bytes */ } key; /**< Authentication key data. * The authentication key length MUST be less than or equal to the @@ -315,34 +314,18 @@ struct rte_crypto_auth_xform { * (for example RFC 2104, FIPS 198a). */ - uint16_t digest_length; - /**< Length of the digest to be returned. If the verify option is set, - * this specifies the length of the digest to be compared for the - * session. - * - * It is the caller's responsibility to ensure that the - * digest length is compliant with the hash algorithm being used. - * If the value is less than the maximum length allowed by the hash, - * the result shall be truncated. - */ - - uint16_t add_auth_data_length; - /**< The length of the additional authenticated data (AAD) in bytes. - * The maximum permitted value is 65535 (2^16 - 1) bytes, unless - * otherwise specified below. - * - */ - struct { uint16_t offset; /**< Starting point for Initialisation Vector or Counter, * specified as number of bytes from start of crypto * operation (rte_crypto_op). * - * - For KASUMI in F9 mode, SNOW 3G in UIA2 mode, - * for ZUC in EIA3 mode and for AES-GMAC, this is the - * authentication Initialisation Vector (IV) value. + * - For SNOW 3G in UIA2 mode, for ZUC in EIA3 mode and + * for AES-GMAC, this is the authentication + * Initialisation Vector (IV) value. * + * - For KASUMI in F9 mode and other authentication + * algorithms, this field is not used. * * For optimum performance, the data pointed to SHOULD * be 8-byte aligned. @@ -350,12 +333,25 @@ struct rte_crypto_auth_xform { uint16_t length; /**< Length of valid IV data. * - * - For KASUMI in F9 mode, SNOW3G in UIA2 mode, for - * ZUC in EIA3 mode and for AES-GMAC, this is the length - * of the IV. + * - For SNOW3G in UIA2 mode, for ZUC in EIA3 mode and + * for AES-GMAC, this is the length of the IV. + * + * - For KASUMI in F9 mode and other authentication + * algorithms, this field is not used. * */ } iv; /**< Initialisation vector parameters */ + + uint16_t digest_length; + /**< Length of the digest to be returned. If the verify option is set, + * this specifies the length of the digest to be compared for the + * session. + * + * It is the caller's responsibility to ensure that the + * digest length is compliant with the hash algorithm being used. + * If the value is less than the maximum length allowed by the hash, + * the result shall be truncated. + */ }; @@ -392,7 +388,7 @@ struct rte_crypto_aead_xform { struct { uint8_t *data; /**< pointer to key data */ - size_t length; /**< key length in bytes */ + uint16_t length;/**< key length in bytes */ } key; struct { @@ -427,10 +423,14 @@ struct rte_crypto_aead_xform { */ } iv; /**< Initialisation vector parameters */ - uint32_t digest_length; + uint16_t digest_length; - uint16_t add_auth_data_length; - /**< The length of the additional authenticated data (AAD) in bytes. */ + uint16_t aad_length; + /**< The length of the additional authenticated data (AAD) in bytes. + * For CCM mode, this is the length of the actual AAD, even though + * it is required to reserve 18 bytes before the AAD and padding + * at the end of it, so a multiple of 16 bytes is allocated. + */ }; /** Crypto transformation types */ @@ -510,6 +510,7 @@ struct rte_crypto_sym_op { /**< Session-less API crypto operation parameters */ }; + RTE_STD_C11 union { struct { struct { @@ -557,20 +558,19 @@ struct rte_crypto_sym_op { * Specifically for CCM (@ref RTE_CRYPTO_AEAD_AES_CCM), * the caller should setup this field as follows: * - * - the nonce should be written starting at an offset - * of one byte into the array, leaving room for the - * implementation to write in the flags to the first - * byte. - * - * - the additional authentication data itself should + * - the additional authentication data itself should * be written starting at an offset of 18 bytes into - * the array, leaving room for the length encoding in - * the first two bytes of the second block. + * the array, leaving room for the first block (16 bytes) + * and the length encoding in the first two bytes of the + * second block. * * - the array should be big enough to hold the above - * fields, plus any padding to round this up to the - * nearest multiple of the block size (16 bytes). - * Padding will be added by the implementation. + * fields, plus any padding to round this up to the + * nearest multiple of the block size (16 bytes). + * Padding will be added by the implementation. + * + * - Note that PMDs may modify the memory reserved + * (first 18 bytes and the final padding). * * Finally, for GCM (@ref RTE_CRYPTO_AEAD_AES_GCM), the * caller should setup this field as follows: @@ -632,6 +632,11 @@ struct rte_crypto_sym_op { * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, * this field should be in bits. + * + * @note + * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, + * this offset should be such that + * data to authenticate starts at COUNT. */ uint32_t length; /**< The message length, in bytes, of the source @@ -642,6 +647,12 @@ struct rte_crypto_sym_op { * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, * this field should be in bits. + * + * @note + * For KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9, + * the length should include the COUNT, + * FRESH, message, direction bit and padding + * (to be multiple of 8 bits). */ } data; /**< Data offsets and length for authentication */ @@ -670,25 +681,6 @@ struct rte_crypto_sym_op { phys_addr_t phys_addr; /**< Physical address of digest */ } digest; /**< Digest parameters */ - - struct { - uint8_t *data; - /**< Pointer to Additional Authenticated - * Data (AAD) needed for authenticated cipher - * mechanisms (CCM and GCM). - * - * The length of the data pointed to by this - * field is set up for the session in the @ref - * rte_crypto_auth_xform structure as part of - * the @ref rte_cryptodev_sym_session_create - * function call. - * This length must not exceed 65535 (2^16-1) - * bytes. - * - */ - phys_addr_t phys_addr; /**< physical address */ - } aad; - /**< Additional authentication parameters */ } auth; }; };