X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_cryptodev%2Frte_crypto_sym.h;h=c78258813fafe7b6c3c74768f39b480566a435ee;hb=0c16506e5947f65f4d4ff3a4c3e428e52158e5de;hp=270510e7984b6c51f330039e0f284b09d474711c;hpb=a7f4562b093dafc24d89d630a42633a11bc63b2a;p=dpdk.git diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h index 270510e798..c78258813f 100644 --- a/lib/librte_cryptodev/rte_crypto_sym.h +++ b/lib/librte_cryptodev/rte_crypto_sym.h @@ -46,9 +46,12 @@ extern "C" { #endif +#include + #include #include #include +#include /** Symmetric Cipher Algorithms */ @@ -81,11 +84,11 @@ enum rte_crypto_cipher_algorithm { /**< AES algorithm in F8 mode */ RTE_CRYPTO_CIPHER_AES_GCM, /**< AES algorithm in GCM mode. When this cipher algorithm is used the - * *RTE_CRYPTO_AUTH_AES_GCM* element of the - * *rte_crypto_auth_algorithm* enum MUST be used to set up the related - * *rte_crypto_auth_setup_data* structure in the session context or in - * the op_params of the crypto operation structure in the case of a - * session-less crypto operation. + * *RTE_CRYPTO_AUTH_AES_GCM* or *RTE_CRYPTO_AUTH_AES_GMAC* element + * of the *rte_crypto_auth_algorithm* enum MUST be used to set up + * the related *rte_crypto_auth_setup_data* structure in the session + * context or in the op_params of the crypto operation structure + * in the case of a session-less crypto operation. */ RTE_CRYPTO_CIPHER_AES_XTS, /**< AES algorithm in XTS mode */ @@ -94,15 +97,25 @@ enum rte_crypto_cipher_algorithm { /**< (A)RC4 cipher algorithm */ RTE_CRYPTO_CIPHER_KASUMI_F8, - /**< Kasumi algorithm in F8 mode */ + /**< KASUMI algorithm in F8 mode */ RTE_CRYPTO_CIPHER_SNOW3G_UEA2, - /**< SNOW3G algorithm in UEA2 mode */ + /**< SNOW 3G algorithm in UEA2 mode */ - RTE_CRYPTO_CIPHER_ZUC_EEA3 + RTE_CRYPTO_CIPHER_ZUC_EEA3, /**< ZUC algorithm in EEA3 mode */ + + RTE_CRYPTO_CIPHER_DES_CBC, + /**< DES algorithm in CBC mode */ + + RTE_CRYPTO_CIPHER_LIST_END + }; +/** Cipher algorithm name strings */ +extern const char * +rte_crypto_cipher_algorithm_strings[]; + /** Symmetric Cipher Direction */ enum rte_crypto_cipher_operation { RTE_CRYPTO_CIPHER_OP_ENCRYPT, @@ -111,6 +124,9 @@ enum rte_crypto_cipher_operation { /**< Decrypt cipher operation */ }; +/** Cipher operation name strings */ +extern const char * +rte_crypto_cipher_operation_strings[]; /** * Symmetric Cipher Setup Data. @@ -128,8 +144,8 @@ struct rte_crypto_cipher_xform { /**< Cipher algorithm */ struct { - uint8_t *data; /**< pointer to key data */ - size_t length; /**< key length in bytes */ + uint8_t *data; /**< pointer to key data */ + size_t length; /**< key length in bytes */ } key; /**< Cipher key * @@ -200,7 +216,7 @@ enum rte_crypto_auth_algorithm { /**< AES XCBC algorithm. */ RTE_CRYPTO_AUTH_KASUMI_F9, - /**< Kasumi algorithm in F9 mode. */ + /**< KASUMI algorithm in F9 mode. */ RTE_CRYPTO_AUTH_MD5, /**< MD5 algorithm */ @@ -229,18 +245,28 @@ enum rte_crypto_auth_algorithm { /**< HMAC using 512 bit SHA algorithm. */ RTE_CRYPTO_AUTH_SNOW3G_UIA2, - /**< SNOW3G algorithm in UIA2 mode. */ + /**< SNOW 3G algorithm in UIA2 mode. */ RTE_CRYPTO_AUTH_ZUC_EIA3, /**< ZUC algorithm in EIA3 mode */ + + RTE_CRYPTO_AUTH_LIST_END }; +/** Authentication algorithm name strings */ +extern const char * +rte_crypto_auth_algorithm_strings[]; + /** Symmetric Authentication / Hash Operations */ enum rte_crypto_auth_operation { RTE_CRYPTO_AUTH_OP_VERIFY, /**< Verify authentication digest */ RTE_CRYPTO_AUTH_OP_GENERATE /**< Generate authentication digest */ }; +/** Authentication operation name strings */ +extern const char * +rte_crypto_auth_operation_strings[]; + /** * Authentication / Hash transform data. * @@ -255,8 +281,8 @@ struct rte_crypto_auth_xform { /**< Authentication algorithm selection */ struct { - uint8_t *data; /**< pointer to key data */ - size_t length; /**< key length in bytes */ + uint8_t *data; /**< pointer to key data */ + size_t length; /**< key length in bytes */ } key; /**< Authentication key data. * The authentication key length MUST be less than or equal to the @@ -285,7 +311,7 @@ struct rte_crypto_auth_xform { * This field must be specified when the hash algorithm is one of the * following: * - * - For SNOW3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the + * - For SNOW 3G (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2), this is the * length of the IV (which should be 16). * * - For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM). In this case, this is @@ -302,8 +328,8 @@ struct rte_crypto_auth_xform { * @note * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of operation * this field is not used and should be set to 0. Instead the length - * of the AAD data is specified in the message length to hash field of - * the rte_crypto_sym_op_data structure. + * of the AAD data is specified in additional authentication data + * length field of the rte_crypto_sym_op_data structure */ }; @@ -328,6 +354,7 @@ struct rte_crypto_sym_xform { /**< next xform in chain */ enum rte_crypto_sym_xform_type type ; /**< xform type */ + RTE_STD_C11 union { struct rte_crypto_auth_xform auth; /**< Authentication / hash xform */ @@ -347,22 +374,45 @@ enum rte_crypto_sym_op_sess_type { }; +struct rte_cryptodev_sym_session; + /** - * Cryptographic Operation Data. + * Symmetric Cryptographic Operation. + * + * This structure contains data relating to performing symmetric cryptographic + * processing on a referenced mbuf data buffer. * - * This structure contains data relating to performing cryptographic processing - * on a data buffer. This request is used with rte_crypto_sym_enqueue_burst() - * call for performing cipher, hash, or a combined hash and cipher operations. + * When a symmetric crypto operation is enqueued with the device for processing + * it must have a valid *rte_mbuf* structure attached, via m_src parameter, + * which contains the source data which the crypto operation is to be performed + * on. + * While the mbuf is in use by a crypto operation no part of the mbuf should be + * changed by the application as the device may read or write to any part of the + * mbuf. In the case of hardware crypto devices some or all of the mbuf + * may be DMAed in and out of the device, so writing over the original data, + * though only the part specified by the rte_crypto_sym_op for transformation + * will be changed. + * Out-of-place (OOP) operation, where the source mbuf is different to the + * destination mbuf, is a special case. Data will be copied from m_src to m_dst. + * The part copied includes all the parts of the source mbuf that will be + * operated on, based on the cipher.data.offset+cipher.data.length and + * auth.data.offset+auth.data.length values in the rte_crypto_sym_op. The part + * indicated by the cipher parameters will be transformed, any extra data around + * this indicated by the auth parameters will be copied unchanged from source to + * destination mbuf. + * Also in OOP operation the cipher.data.offset and auth.data.offset apply to + * both source and destination mbufs. As these offsets are relative to the + * data_off parameter in each mbuf this can result in the data written to the + * destination buffer being at a different alignment, relative to buffer start, + * to the data in the source buffer. */ struct rte_crypto_sym_op { - enum rte_crypto_sym_op_sess_type type; - enum rte_crypto_op_status status; + struct rte_mbuf *m_src; /**< source mbuf */ + struct rte_mbuf *m_dst; /**< destination mbuf */ - struct { - struct rte_mbuf *m; /**< Destination mbuf */ - uint8_t offset; /**< Data offset */ - } dst; + enum rte_crypto_sym_op_sess_type sess_type; + RTE_STD_C11 union { struct rte_cryptodev_sym_session *session; /**< Handle for the initialised session context */ @@ -372,15 +422,21 @@ struct rte_crypto_sym_op { struct { struct { - uint32_t offset; + uint32_t offset; /**< Starting point for cipher processing, specified * as number of bytes from start of data in the source * buffer. The result of the cipher operation will be * written back into the output buffer starting at * this location. + * + * @note + * For SNOW 3G @ RTE_CRYPTO_CIPHER_SNOW3G_UEA2, + * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8 + * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3, + * this field should be in bits. */ - uint32_t length; + uint32_t length; /**< The message length, in bytes, of the source buffer * on which the cryptographic operation will be * computed. This must be a multiple of the block size @@ -398,199 +454,248 @@ struct rte_crypto_sym_op { * @note * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC, this * field should be set to 0. + * + * @note + * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UEA2, + * KASUMI @ RTE_CRYPTO_CIPHER_KASUMI_F8 + * and ZUC @ RTE_CRYPTO_CIPHER_ZUC_EEA3, + * this field should be in bits. */ - } to_cipher; /**< Data offsets and length for ciphering */ + } data; /**< Data offsets and length for ciphering */ + + struct { + uint8_t *data; + /**< Initialisation Vector or Counter. + * + * - For block ciphers in CBC or F8 mode, or for KASUMI + * in F8 mode, or for SNOW 3G in UEA2 mode, this is the + * Initialisation Vector (IV) value. + * + * - For block ciphers in CTR mode, this is the counter. + * + * - For GCM mode, this is either the IV (if the length + * is 96 bits) or J0 (for other sizes), where J0 is as + * defined by NIST SP800-38D. Regardless of the IV + * length, a full 16 bytes needs to be allocated. + * + * - For CCM mode, the first byte is reserved, and the + * nonce should be written starting at &iv[1] (to allow + * space for the implementation to write in the flags + * in the first byte). Note that a full 16 bytes should + * be allocated, even though the length field will + * have a value less than this. + * + * - For AES-XTS, this is the 128bit tweak, i, from + * IEEE Std 1619-2007. + * + * For optimum performance, the data pointed to SHOULD + * be 8-byte aligned. + */ + phys_addr_t phys_addr; + uint16_t length; + /**< Length of valid IV data. + * + * - For block ciphers in CBC or F8 mode, or for KASUMI + * in F8 mode, or for SNOW 3G in UEA2 mode, this is the + * length of the IV (which must be the same as the + * block length of the cipher). + * + * - For block ciphers in CTR mode, this is the length + * of the counter (which must be the same as the block + * length of the cipher). + * + * - For GCM mode, this is either 12 (for 96-bit IVs) + * or 16, in which case data points to J0. + * + * - For CCM mode, this is the length of the nonce, + * which can be in the range 7 to 13 inclusive. + */ + } iv; /**< Initialisation vector parameters */ + } cipher; + struct { struct { - uint32_t offset; + uint32_t offset; /**< Starting point for hash processing, specified as * number of bytes from start of packet in source * buffer. * * @note * For CCM and GCM modes of operation, this field is - * ignored. The field @ref additional_auth field + * ignored. The field @ref aad field * should be set instead. * * @note For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) - * mode of operation, this field specifies the start - * of the AAD data in the source buffer. + * mode of operation, this field is set to 0. aad data + * pointer of rte_crypto_sym_op_data structure is + * used instead + * + * @note + * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2, + * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 + * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, + * this field should be in bits. */ - uint32_t length; + uint32_t length; /**< The message length, in bytes, of the source * buffer that the hash will be computed on. * * @note * For CCM and GCM modes of operation, this field is - * ignored. The field @ref additional_auth field - * should be set instead. + * ignored. The field @ref aad field should be set + * instead. * * @note * For AES-GMAC @ref RTE_CRYPTO_AUTH_AES_GMAC mode - * of operation, this field specifies the length of - * the AAD data in the source buffer. + * of operation, this field is set to 0. + * Auth.aad.length is used instead. + * + * @note + * For SNOW 3G @ RTE_CRYPTO_AUTH_SNOW3G_UIA2, + * KASUMI @ RTE_CRYPTO_AUTH_KASUMI_F9 + * and ZUC @ RTE_CRYPTO_AUTH_ZUC_EIA3, + * this field should be in bits. */ - } to_hash; /**< Data offsets and length for authentication */ - } data; /**< Details of data to be operated on */ + } data; /**< Data offsets and length for authentication */ - struct { - uint8_t *data; - /**< Initialisation Vector or Counter. - * - * - For block ciphers in CBC or F8 mode, or for Kasumi in F8 - * mode, or for SNOW3G in UEA2 mode, this is the Initialisation - * Vector (IV) value. - * - * - For block ciphers in CTR mode, this is the counter. - * - * - For GCM mode, this is either the IV (if the length is 96 - * bits) or J0 (for other sizes), where J0 is as defined by - * NIST SP800-38D. Regardless of the IV length, a full 16 bytes - * needs to be allocated. - * - * - For CCM mode, the first byte is reserved, and the nonce - * should be written starting at &iv[1] (to allow space for the - * implementation to write in the flags in the first byte). - * Note that a full 16 bytes should be allocated, even though - * the length field will have a value less than this. - * - * - For AES-XTS, this is the 128bit tweak, i, from IEEE Std - * 1619-2007. - * - * For optimum performance, the data pointed to SHOULD be - * 8-byte aligned. - */ - phys_addr_t phys_addr; - size_t length; - /**< Length of valid IV data. - * - * - For block ciphers in CBC or F8 mode, or for Kasumi in F8 - * mode, or for SNOW3G in UEA2 mode, this is the length of the - * IV (which must be the same as the block length of the - * cipher). - * - * - For block ciphers in CTR mode, this is the length of the - * counter (which must be the same as the block length of the - * cipher). - * - * - For GCM mode, this is either 12 (for 96-bit IVs) or 16, in - * which case data points to J0. - * - * - For CCM mode, this is the length of the nonce, which can - * be in the range 7 to 13 inclusive. - */ - } iv; /**< Initialisation vector parameters */ - - struct { - uint8_t *data; - /**< If this member of this structure is set this is a - * pointer to the location where the digest result should be - * inserted (in the case of digest generation) or where the - * purported digest exists (in the case of digest - * verification). - * - * At session creation time, the client specified the digest - * result length with the digest_length member of the @ref - * rte_crypto_auth_xform structure. For physical crypto - * devices the caller must allocate at least digest_length of - * physically contiguous memory at this location. - * - * For digest generation, the digest result will overwrite - * any data at this location. - * - * @note - * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for - * "digest result" read "authentication tag T". - * - * If this member is not set the digest result is understood - * to be in the destination buffer for digest generation, and - * in the source buffer for digest verification. The location - * of the digest result in this case is immediately following - * the region over which the digest is computed. - */ - phys_addr_t phys_addr; /**< Physical address of digest */ - uint32_t length; /**< Length of digest */ - } digest; /**< Digest parameters */ + struct { + uint8_t *data; + /**< This points to the location where the digest result + * should be inserted (in the case of digest generation) + * or where the purported digest exists (in the case of + * digest verification). + * + * At session creation time, the client specified the + * digest result length with the digest_length member + * of the @ref rte_crypto_auth_xform structure. For + * physical crypto devices the caller must allocate at + * least digest_length of physically contiguous memory + * at this location. + * + * For digest generation, the digest result will + * overwrite any data at this location. + * + * @note + * For GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), for + * "digest result" read "authentication tag T". + */ + phys_addr_t phys_addr; + /**< Physical address of digest */ + uint16_t length; + /**< Length of digest */ + } digest; /**< Digest parameters */ - struct { - uint8_t *data; - /**< Pointer to Additional Authenticated Data (AAD) needed for - * authenticated cipher mechanisms (CCM and GCM), and to the IV - * for SNOW3G authentication - * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other - * authentication mechanisms this pointer is ignored. - * - * The length of the data pointed to by this field is set up - * for the session in the @ref rte_crypto_auth_xform structure - * as part of the @ref rte_cryptodev_sym_session_create function - * call. This length must not exceed 240 bytes. - * - * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM), the - * caller should setup this field as follows: - * - * - the nonce should be written starting at an offset of one - * byte into the array, leaving room for the implementation - * to write in the flags to the first byte. - * - * - the additional authentication data itself should be - * written starting at an offset of 18 bytes into the array, - * leaving room for the length encoding in the first two - * bytes of the second block. - * - * - the array should be big enough to hold the above fields, - * plus any padding to round this up to the nearest multiple - * of the block size (16 bytes). Padding will be added by - * the implementation. - * - * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the - * caller should setup this field as follows: - * - * - the AAD is written in starting at byte 0 - * - the array must be big enough to hold the AAD, plus any - * space to round this up to the nearest multiple of the - * block size (16 bytes). - * - * @note - * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of - * operation, this field is not used and should be set to 0. - * Instead the AAD data should be placed in the source buffer. - */ - phys_addr_t phys_addr; /**< physical address */ - uint32_t length; /**< Length of digest */ - } additional_auth; - /**< Additional authentication parameters */ - - struct rte_mempool *pool; - /**< mempool used to allocate crypto op */ - - void *user_data; - /**< opaque pointer for user data */ -}; + struct { + uint8_t *data; + /**< Pointer to Additional Authenticated Data (AAD) + * needed for authenticated cipher mechanisms (CCM and + * GCM), and to the IV for SNOW 3G authentication + * (@ref RTE_CRYPTO_AUTH_SNOW3G_UIA2). For other + * authentication mechanisms this pointer is ignored. + * + * The length of the data pointed to by this field is + * set up for the session in the @ref + * rte_crypto_auth_xform structure as part of the @ref + * rte_cryptodev_sym_session_create function call. + * This length must not exceed 240 bytes. + * + * Specifically for CCM (@ref RTE_CRYPTO_AUTH_AES_CCM), + * the caller should setup this field as follows: + * + * - the nonce should be written starting at an offset + * of one byte into the array, leaving room for the + * implementation to write in the flags to the first + * byte. + * + * - the additional authentication data itself should + * be written starting at an offset of 18 bytes into + * the array, leaving room for the length encoding in + * the first two bytes of the second block. + * + * - the array should be big enough to hold the above + * fields, plus any padding to round this up to the + * nearest multiple of the block size (16 bytes). + * Padding will be added by the implementation. + * + * Finally, for GCM (@ref RTE_CRYPTO_AUTH_AES_GCM), the + * caller should setup this field as follows: + * + * - the AAD is written in starting at byte 0 + * - the array must be big enough to hold the AAD, plus + * any space to round this up to the nearest multiple + * of the block size (16 bytes). + * + * @note + * For AES-GMAC (@ref RTE_CRYPTO_AUTH_AES_GMAC) mode of + * operation, this field is used to pass plaintext. + */ + phys_addr_t phys_addr; /**< physical address */ + uint16_t length; /**< Length of digest */ + } aad; + /**< Additional authentication parameters */ + } auth; +} __rte_cache_aligned; /** - * Reset the fields of a crypto operation to their default values. + * Reset the fields of a symmetric operation to their default values. * * @param op The crypto operation to be reset. */ static inline void __rte_crypto_sym_op_reset(struct rte_crypto_sym_op *op) { - op->type = RTE_CRYPTO_SYM_OP_SESSIONLESS; - op->dst.m = NULL; - op->dst.offset = 0; + memset(op, 0, sizeof(*op)); + + op->sess_type = RTE_CRYPTO_SYM_OP_SESSIONLESS; } -/** Attach a session to a crypto operation */ -static inline void -rte_crypto_sym_op_attach_session(struct rte_crypto_sym_op *op, + +/** + * Allocate space for symmetric crypto xforms in the private data space of the + * crypto operation. This also defaults the crypto xform type to + * RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED and configures the chaining of the xforms + * in the crypto operation + * + * @return + * - On success returns pointer to first crypto xform in crypto operations chain + * - On failure returns NULL + */ +static inline struct rte_crypto_sym_xform * +__rte_crypto_sym_op_sym_xforms_alloc(struct rte_crypto_sym_op *sym_op, + void *priv_data, uint8_t nb_xforms) +{ + struct rte_crypto_sym_xform *xform; + + sym_op->xform = xform = (struct rte_crypto_sym_xform *)priv_data; + + do { + xform->type = RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED; + xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL; + } while (xform); + + return sym_op->xform; +} + + +/** + * Attach a session to a symmetric crypto operation + * + * @param sym_op crypto operation + * @param sess cryptodev session + */ +static inline int +__rte_crypto_sym_op_attach_sym_session(struct rte_crypto_sym_op *sym_op, struct rte_cryptodev_sym_session *sess) { - op->session = sess; - op->type = RTE_CRYPTO_SYM_OP_WITH_SESSION; + sym_op->session = sess; + sym_op->sess_type = RTE_CRYPTO_SYM_OP_WITH_SESSION; + + return 0; } + #ifdef __cplusplus } #endif