X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=lib%2Flibrte_cryptodev%2Frte_cryptodev.h;h=437b8a9b31dc170d15f4fd0ef1767c136ec89a71;hb=7ba166841c68053484e1a520da3fd2186be33830;hp=f4b38c104d24b339346684b122c90b2f7127dfee;hpb=1bd407fac80bf50719130f68cb3f5b00ca23e6df;p=dpdk.git diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h index f4b38c104d..437b8a9b31 100644 --- a/lib/librte_cryptodev/rte_cryptodev.h +++ b/lib/librte_cryptodev/rte_cryptodev.h @@ -1,32 +1,5 @@ -/*- - * - * Copyright(c) 2015-2016 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright(c) 2015-2020 Intel Corporation. */ #ifndef _RTE_CRYPTODEV_H_ @@ -39,70 +12,487 @@ * * Defines RTE Crypto Device APIs for the provisioning of cipher and * authentication operations. - * - * @warning - * @b EXPERIMENTAL: this API may change without prior notice */ #ifdef __cplusplus extern "C" { #endif -#include "stddef.h" - +#include "rte_kvargs.h" #include "rte_crypto.h" #include "rte_dev.h" +#include +#include -#define CRYPTODEV_NAME_NULL_PMD ("cryptodev_null_pmd") -/**< Null crypto PMD device name */ -#define CRYPTODEV_NAME_AESNI_MB_PMD ("cryptodev_aesni_mb_pmd") -/**< AES-NI Multi buffer PMD device name */ -#define CRYPTODEV_NAME_QAT_SYM_PMD ("cryptodev_qat_sym_pmd") -/**< Intel QAT Symmetric Crypto PMD device name */ - -/** Crypto device type */ -enum rte_cryptodev_type { - RTE_CRYPTODEV_NULL_PMD = 1, /**< Null crypto PMD */ - RTE_CRYPTODEV_AESNI_MB_PMD, /**< AES-NI multi buffer PMD */ - RTE_CRYPTODEV_QAT_SYM_PMD, /**< QAT PMD Symmetric Crypto */ -}; +extern const char **rte_cyptodev_names; /* Logging Macros */ -#define CDEV_LOG_ERR(fmt, args...) \ - RTE_LOG(ERR, CRYPTODEV, "%s() line %u: " fmt "\n", \ - __func__, __LINE__, ## args) +#define CDEV_LOG_ERR(...) \ + RTE_LOG(ERR, CRYPTODEV, \ + RTE_FMT("%s() line %u: " RTE_FMT_HEAD(__VA_ARGS__,) "\n", \ + __func__, __LINE__, RTE_FMT_TAIL(__VA_ARGS__,))) -#define CDEV_PMD_LOG_ERR(dev, fmt, args...) \ - RTE_LOG(ERR, CRYPTODEV, "[%s] %s() line %u: " fmt "\n", \ - dev, __func__, __LINE__, ## args) +#define CDEV_LOG_INFO(...) \ + RTE_LOG(INFO, CRYPTODEV, \ + RTE_FMT(RTE_FMT_HEAD(__VA_ARGS__,) "\n", \ + RTE_FMT_TAIL(__VA_ARGS__,))) -#ifdef RTE_LIBRTE_CRYPTODEV_DEBUG -#define CDEV_LOG_DEBUG(fmt, args...) \ - RTE_LOG(DEBUG, CRYPTODEV, "%s() line %u: " fmt "\n", \ - __func__, __LINE__, ## args) \ +#define CDEV_LOG_DEBUG(...) \ + RTE_LOG(DEBUG, CRYPTODEV, \ + RTE_FMT("%s() line %u: " RTE_FMT_HEAD(__VA_ARGS__,) "\n", \ + __func__, __LINE__, RTE_FMT_TAIL(__VA_ARGS__,))) -#define CDEV_PMD_TRACE(fmt, args...) \ - RTE_LOG(DEBUG, CRYPTODEV, "[%s] %s: " fmt "\n", \ - dev, __func__, ## args) +#define CDEV_PMD_TRACE(...) \ + RTE_LOG(DEBUG, CRYPTODEV, \ + RTE_FMT("[%s] %s: " RTE_FMT_HEAD(__VA_ARGS__,) "\n", \ + dev, __func__, RTE_FMT_TAIL(__VA_ARGS__,))) -#else -#define CDEV_LOG_DEBUG(fmt, args...) -#define CDEV_PMD_TRACE(fmt, args...) -#endif +/** + * A macro that points to an offset from the start + * of the crypto operation structure (rte_crypto_op) + * + * The returned pointer is cast to type t. + * + * @param c + * The crypto operation. + * @param o + * The offset from the start of the crypto operation. + * @param t + * The type to cast the result into. + */ +#define rte_crypto_op_ctod_offset(c, t, o) \ + ((t)((char *)(c) + (o))) + +/** + * A macro that returns the physical address that points + * to an offset from the start of the crypto operation + * (rte_crypto_op) + * + * @param c + * The crypto operation. + * @param o + * The offset from the start of the crypto operation + * to calculate address from. + */ +#define rte_crypto_op_ctophys_offset(c, o) \ + (rte_iova_t)((c)->phys_addr + (o)) + +/** + * Crypto parameters range description + */ +struct rte_crypto_param_range { + uint16_t min; /**< minimum size */ + uint16_t max; /**< maximum size */ + uint16_t increment; + /**< if a range of sizes are supported, + * this parameter is used to indicate + * increments in byte size that are supported + * between the minimum and maximum + */ +}; + +/** + * Symmetric Crypto Capability + */ +struct rte_cryptodev_symmetric_capability { + enum rte_crypto_sym_xform_type xform_type; + /**< Transform type : Authentication / Cipher / AEAD */ + RTE_STD_C11 + union { + struct { + enum rte_crypto_auth_algorithm algo; + /**< authentication algorithm */ + uint16_t block_size; + /**< algorithm block size */ + struct rte_crypto_param_range key_size; + /**< auth key size range */ + struct rte_crypto_param_range digest_size; + /**< digest size range */ + struct rte_crypto_param_range aad_size; + /**< Additional authentication data size range */ + struct rte_crypto_param_range iv_size; + /**< Initialisation vector data size range */ + } auth; + /**< Symmetric Authentication transform capabilities */ + struct { + enum rte_crypto_cipher_algorithm algo; + /**< cipher algorithm */ + uint16_t block_size; + /**< algorithm block size */ + struct rte_crypto_param_range key_size; + /**< cipher key size range */ + struct rte_crypto_param_range iv_size; + /**< Initialisation vector data size range */ + } cipher; + /**< Symmetric Cipher transform capabilities */ + struct { + enum rte_crypto_aead_algorithm algo; + /**< AEAD algorithm */ + uint16_t block_size; + /**< algorithm block size */ + struct rte_crypto_param_range key_size; + /**< AEAD key size range */ + struct rte_crypto_param_range digest_size; + /**< digest size range */ + struct rte_crypto_param_range aad_size; + /**< Additional authentication data size range */ + struct rte_crypto_param_range iv_size; + /**< Initialisation vector data size range */ + } aead; + }; +}; + +/** + * Asymmetric Xform Crypto Capability + * + */ +struct rte_cryptodev_asymmetric_xform_capability { + enum rte_crypto_asym_xform_type xform_type; + /**< Transform type: RSA/MODEXP/DH/DSA/MODINV */ + + uint32_t op_types; + /**< bitmask for supported rte_crypto_asym_op_type */ + + __extension__ + union { + struct rte_crypto_param_range modlen; + /**< Range of modulus length supported by modulus based xform. + * Value 0 mean implementation default + */ + }; +}; + +/** + * Asymmetric Crypto Capability + * + */ +struct rte_cryptodev_asymmetric_capability { + struct rte_cryptodev_asymmetric_xform_capability xform_capa; +}; + + +/** Structure used to capture a capability of a crypto device */ +struct rte_cryptodev_capabilities { + enum rte_crypto_op_type op; + /**< Operation type */ + + RTE_STD_C11 + union { + struct rte_cryptodev_symmetric_capability sym; + /**< Symmetric operation capability parameters */ + struct rte_cryptodev_asymmetric_capability asym; + /**< Asymmetric operation capability parameters */ + }; +}; + +/** Structure used to describe crypto algorithms */ +struct rte_cryptodev_sym_capability_idx { + enum rte_crypto_sym_xform_type type; + union { + enum rte_crypto_cipher_algorithm cipher; + enum rte_crypto_auth_algorithm auth; + enum rte_crypto_aead_algorithm aead; + } algo; +}; + +/** + * Structure used to describe asymmetric crypto xforms + * Each xform maps to one asym algorithm. + * + */ +struct rte_cryptodev_asym_capability_idx { + enum rte_crypto_asym_xform_type type; + /**< Asymmetric xform (algo) type */ +}; + +/** + * Provide capabilities available for defined device and algorithm + * + * @param dev_id The identifier of the device. + * @param idx Description of crypto algorithms. + * + * @return + * - Return description of the symmetric crypto capability if exist. + * - Return NULL if the capability not exist. + */ +const struct rte_cryptodev_symmetric_capability * +rte_cryptodev_sym_capability_get(uint8_t dev_id, + const struct rte_cryptodev_sym_capability_idx *idx); + +/** + * Provide capabilities available for defined device and xform + * + * @param dev_id The identifier of the device. + * @param idx Description of asym crypto xform. + * + * @return + * - Return description of the asymmetric crypto capability if exist. + * - Return NULL if the capability not exist. + */ +__rte_experimental +const struct rte_cryptodev_asymmetric_xform_capability * +rte_cryptodev_asym_capability_get(uint8_t dev_id, + const struct rte_cryptodev_asym_capability_idx *idx); + +/** + * Check if key size and initial vector are supported + * in crypto cipher capability + * + * @param capability Description of the symmetric crypto capability. + * @param key_size Cipher key size. + * @param iv_size Cipher initial vector size. + * + * @return + * - Return 0 if the parameters are in range of the capability. + * - Return -1 if the parameters are out of range of the capability. + */ +int +rte_cryptodev_sym_capability_check_cipher( + const struct rte_cryptodev_symmetric_capability *capability, + uint16_t key_size, uint16_t iv_size); + +/** + * Check if key size and initial vector are supported + * in crypto auth capability + * + * @param capability Description of the symmetric crypto capability. + * @param key_size Auth key size. + * @param digest_size Auth digest size. + * @param iv_size Auth initial vector size. + * + * @return + * - Return 0 if the parameters are in range of the capability. + * - Return -1 if the parameters are out of range of the capability. + */ +int +rte_cryptodev_sym_capability_check_auth( + const struct rte_cryptodev_symmetric_capability *capability, + uint16_t key_size, uint16_t digest_size, uint16_t iv_size); + +/** + * Check if key, digest, AAD and initial vector sizes are supported + * in crypto AEAD capability + * + * @param capability Description of the symmetric crypto capability. + * @param key_size AEAD key size. + * @param digest_size AEAD digest size. + * @param aad_size AEAD AAD size. + * @param iv_size AEAD IV size. + * + * @return + * - Return 0 if the parameters are in range of the capability. + * - Return -1 if the parameters are out of range of the capability. + */ +int +rte_cryptodev_sym_capability_check_aead( + const struct rte_cryptodev_symmetric_capability *capability, + uint16_t key_size, uint16_t digest_size, uint16_t aad_size, + uint16_t iv_size); + +/** + * Check if op type is supported + * + * @param capability Description of the asymmetric crypto capability. + * @param op_type op type + * + * @return + * - Return 1 if the op type is supported + * - Return 0 if unsupported + */ +__rte_experimental +int +rte_cryptodev_asym_xform_capability_check_optype( + const struct rte_cryptodev_asymmetric_xform_capability *capability, + enum rte_crypto_asym_op_type op_type); + +/** + * Check if modulus length is in supported range + * + * @param capability Description of the asymmetric crypto capability. + * @param modlen modulus length. + * + * @return + * - Return 0 if the parameters are in range of the capability. + * - Return -1 if the parameters are out of range of the capability. + */ +__rte_experimental +int +rte_cryptodev_asym_xform_capability_check_modlen( + const struct rte_cryptodev_asymmetric_xform_capability *capability, + uint16_t modlen); + +/** + * Provide the cipher algorithm enum, given an algorithm string + * + * @param algo_enum A pointer to the cipher algorithm + * enum to be filled + * @param algo_string Authentication algo string + * + * @return + * - Return -1 if string is not valid + * - Return 0 is the string is valid + */ +int +rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum, + const char *algo_string); + +/** + * Provide the authentication algorithm enum, given an algorithm string + * + * @param algo_enum A pointer to the authentication algorithm + * enum to be filled + * @param algo_string Authentication algo string + * + * @return + * - Return -1 if string is not valid + * - Return 0 is the string is valid + */ +int +rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum, + const char *algo_string); + +/** + * Provide the AEAD algorithm enum, given an algorithm string + * + * @param algo_enum A pointer to the AEAD algorithm + * enum to be filled + * @param algo_string AEAD algorithm string + * + * @return + * - Return -1 if string is not valid + * - Return 0 is the string is valid + */ +int +rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum, + const char *algo_string); + +/** + * Provide the Asymmetric xform enum, given an xform string + * + * @param xform_enum A pointer to the xform type + * enum to be filled + * @param xform_string xform string + * + * @return + * - Return -1 if string is not valid + * - Return 0 if the string is valid + */ +__rte_experimental +int +rte_cryptodev_asym_get_xform_enum(enum rte_crypto_asym_xform_type *xform_enum, + const char *xform_string); + + +/** Macro used at end of crypto PMD list */ +#define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \ + { RTE_CRYPTO_OP_TYPE_UNDEFINED } + + +/** + * Crypto device supported feature flags + * + * Note: + * New features flags should be added to the end of the list + * + * Keep these flags synchronised with rte_cryptodev_get_feature_name() + */ +#define RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO (1ULL << 0) +/**< Symmetric crypto operations are supported */ +#define RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO (1ULL << 1) +/**< Asymmetric crypto operations are supported */ +#define RTE_CRYPTODEV_FF_SYM_OPERATION_CHAINING (1ULL << 2) +/**< Chaining symmetric crypto operations are supported */ +#define RTE_CRYPTODEV_FF_CPU_SSE (1ULL << 3) +/**< Utilises CPU SIMD SSE instructions */ +#define RTE_CRYPTODEV_FF_CPU_AVX (1ULL << 4) +/**< Utilises CPU SIMD AVX instructions */ +#define RTE_CRYPTODEV_FF_CPU_AVX2 (1ULL << 5) +/**< Utilises CPU SIMD AVX2 instructions */ +#define RTE_CRYPTODEV_FF_CPU_AESNI (1ULL << 6) +/**< Utilises CPU AES-NI instructions */ +#define RTE_CRYPTODEV_FF_HW_ACCELERATED (1ULL << 7) +/**< Operations are off-loaded to an + * external hardware accelerator + */ +#define RTE_CRYPTODEV_FF_CPU_AVX512 (1ULL << 8) +/**< Utilises CPU SIMD AVX512 instructions */ +#define RTE_CRYPTODEV_FF_IN_PLACE_SGL (1ULL << 9) +/**< In-place Scatter-gather (SGL) buffers, with multiple segments, + * are supported + */ +#define RTE_CRYPTODEV_FF_OOP_SGL_IN_SGL_OUT (1ULL << 10) +/**< Out-of-place Scatter-gather (SGL) buffers are + * supported in input and output + */ +#define RTE_CRYPTODEV_FF_OOP_SGL_IN_LB_OUT (1ULL << 11) +/**< Out-of-place Scatter-gather (SGL) buffers are supported + * in input, combined with linear buffers (LB), with a + * single segment in output + */ +#define RTE_CRYPTODEV_FF_OOP_LB_IN_SGL_OUT (1ULL << 12) +/**< Out-of-place Scatter-gather (SGL) buffers are supported + * in output, combined with linear buffers (LB) in input + */ +#define RTE_CRYPTODEV_FF_OOP_LB_IN_LB_OUT (1ULL << 13) +/**< Out-of-place linear buffers (LB) are supported in input and output */ +#define RTE_CRYPTODEV_FF_CPU_NEON (1ULL << 14) +/**< Utilises CPU NEON instructions */ +#define RTE_CRYPTODEV_FF_CPU_ARM_CE (1ULL << 15) +/**< Utilises ARM CPU Cryptographic Extensions */ +#define RTE_CRYPTODEV_FF_SECURITY (1ULL << 16) +/**< Support Security Protocol Processing */ +#define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_EXP (1ULL << 17) +/**< Support RSA Private Key OP with exponent */ +#define RTE_CRYPTODEV_FF_RSA_PRIV_OP_KEY_QT (1ULL << 18) +/**< Support RSA Private Key OP with CRT (quintuple) Keys */ +#define RTE_CRYPTODEV_FF_DIGEST_ENCRYPTED (1ULL << 19) +/**< Support encrypted-digest operations where digest is appended to data */ +#define RTE_CRYPTODEV_FF_ASYM_SESSIONLESS (1ULL << 20) +/**< Support asymmetric session-less operations */ +#define RTE_CRYPTODEV_FF_SYM_CPU_CRYPTO (1ULL << 21) +/**< Support symmetric cpu-crypto processing */ + + +/** + * Get the name of a crypto device feature flag + * + * @param flag The mask describing the flag. + * + * @return + * The name of this flag, or NULL if it's not a valid feature flag. + */ + +extern const char * +rte_cryptodev_get_feature_name(uint64_t flag); /** Crypto device information */ struct rte_cryptodev_info { - const char *driver_name; /**< Driver name. */ - enum rte_cryptodev_type dev_type; /**< Device type */ - struct rte_pci_device *pci_dev; /**< PCI information. */ + const char *driver_name; /**< Driver name. */ + uint8_t driver_id; /**< Driver identifier */ + struct rte_device *device; /**< Generic device information. */ + + uint64_t feature_flags; + /**< Feature flags exposes HW/SW features for the given device */ + + const struct rte_cryptodev_capabilities *capabilities; + /**< Array of devices supported capabilities */ unsigned max_nb_queue_pairs; /**< Maximum number of queues pairs supported by device. */ + uint16_t min_mbuf_headroom_req; + /**< Minimum mbuf headroom required by device */ + + uint16_t min_mbuf_tailroom_req; + /**< Minimum mbuf tailroom required by device */ + struct { unsigned max_nb_sessions; - /**< Maximum number of sessions supported by device. */ + /**< Maximum number of sessions supported by device. + * If 0, the device does not have any limitation in + * number of sessions that can be used. + */ } sym; }; @@ -119,6 +509,10 @@ enum rte_cryptodev_event_type { /** Crypto device queue pair configuration structure. */ struct rte_cryptodev_qp_conf { uint32_t nb_descriptors; /**< Number of descriptors per queue pair */ + struct rte_mempool *mp_session; + /**< The mempool for creating session in sessionless mode */ + struct rte_mempool *mp_session_private; + /**< The mempool for creating sess private data in sessionless mode */ }; /** @@ -147,32 +541,33 @@ struct rte_cryptodev_stats { /**< Total error count on operations dequeued */ }; +#define RTE_CRYPTODEV_NAME_MAX_LEN (64) +/**< Max length of name of crypto PMD */ /** - * Create a virtual crypto device + * Get the device identifier for the named crypto device. * - * @param name Cryptodev PMD name of device to be created. - * @param args Options arguments for device. + * @param name device name to select the device structure. * * @return - * - On successful creation of the cryptodev the device index is returned, - * which will be between 0 and rte_cryptodev_count(). - * - In the case of a failure, returns -1. + * - Returns crypto device identifier on success. + * - Return -1 on failure to find named crypto device. */ extern int -rte_cryptodev_create_vdev(const char *name, const char *args); +rte_cryptodev_get_dev_id(const char *name); /** - * Get the device identifier for the named crypto device. + * Get the crypto device name given a device identifier. * - * @param name device name to select the device structure. + * @param dev_id + * The identifier of the device * * @return - * - Returns crypto device identifier on success. - * - Return -1 on failure to find named crypto device. + * - Returns crypto device name. + * - Returns NULL if crypto device is not present. */ -extern int -rte_cryptodev_get_dev_id(const char *name); +extern const char * +rte_cryptodev_name_get(uint8_t dev_id); /** * Get the total number of crypto devices that have been successfully @@ -184,8 +579,31 @@ rte_cryptodev_get_dev_id(const char *name); extern uint8_t rte_cryptodev_count(void); +/** + * Get number of crypto device defined type. + * + * @param driver_id driver identifier. + * + * @return + * Returns number of crypto device. + */ extern uint8_t -rte_cryptodev_count_devtype(enum rte_cryptodev_type type); +rte_cryptodev_device_count_by_driver(uint8_t driver_id); + +/** + * Get number and identifiers of attached crypto devices that + * use the same crypto driver. + * + * @param driver_name driver name. + * @param devices output devices identifiers. + * @param nb_devices maximal number of devices. + * + * @return + * Returns number of attached crypto device. + */ +uint8_t +rte_cryptodev_devices_get(const char *driver_name, uint8_t *devices, + uint8_t nb_devices); /* * Return the NUMA socket to which a device is connected * @@ -204,18 +622,18 @@ struct rte_cryptodev_config { int socket_id; /**< Socket to allocate resources on */ uint16_t nb_queue_pairs; /**< Number of queue pairs to configure on device */ - - struct { - uint32_t nb_objs; /**< Number of objects in mempool */ - uint32_t cache_size; /**< l-core object cache size */ - } session_mp; /**< Session mempool configuration */ + uint64_t ff_disable; + /**< Feature flags to be disabled. Only the following features are + * allowed to be disabled, + * - RTE_CRYPTODEV_FF_SYMMETRIC_CRYPTO + * - RTE_CRYPTODEV_FF_ASYMMETRIC_CRYPTO + * - RTE_CRYTPODEV_FF_SECURITY + */ }; /** * Configure a device. * - * EXPERIMENTAL: this API file may change without prior notice - * * This function must be invoked first before any other function in the * API. This function can also be re-invoked when a device is in the * stopped state. @@ -279,9 +697,7 @@ rte_cryptodev_close(uint8_t dev_id); * - 1] previously supplied to * rte_cryptodev_configure(). * @param qp_conf The pointer to the configuration data to be - * used for the queue pair. NULL value is - * allowed, in which case default configuration - * will be used. + * used for the queue pair. * @param socket_id The *socket_id* argument is the socket * identifier in case of NUMA. The value can be * *SOCKET_ID_ANY* if there is no NUMA constraint @@ -296,39 +712,6 @@ extern int rte_cryptodev_queue_pair_setup(uint8_t dev_id, uint16_t queue_pair_id, const struct rte_cryptodev_qp_conf *qp_conf, int socket_id); -/** - * Start a specified queue pair of a device. It is used - * when deferred_start flag of the specified queue is true. - * - * @param dev_id The identifier of the device - * @param queue_pair_id The index of the queue pair to start. The value - * must be in the range [0, nb_queue_pair - 1] - * previously supplied to - * rte_crypto_dev_configure(). - * @return - * - 0: Success, the transmit queue is correctly set up. - * - -EINVAL: The dev_id or the queue_id out of range. - * - -ENOTSUP: The function not supported in PMD driver. - */ -extern int -rte_cryptodev_queue_pair_start(uint8_t dev_id, uint16_t queue_pair_id); - -/** - * Stop specified queue pair of a device - * - * @param dev_id The identifier of the device - * @param queue_pair_id The index of the queue pair to stop. The value - * must be in the range [0, nb_queue_pair - 1] - * previously supplied to - * rte_cryptodev_configure(). - * @return - * - 0: Success, the transmit queue is correctly set up. - * - -EINVAL: The dev_id or the queue_id out of range. - * - -ENOTSUP: The function not supported in PMD driver. - */ -extern int -rte_cryptodev_queue_pair_stop(uint8_t dev_id, uint16_t queue_pair_id); - /** * Get the number of queue pairs on a specific crypto device * @@ -369,6 +752,11 @@ rte_cryptodev_stats_reset(uint8_t dev_id); * @param dev_info A pointer to a structure of type * *rte_cryptodev_info* to be filled with the * contextual information of the device. + * + * @note The capabilities field of dev_info is set to point to the first + * element of an array of struct rte_cryptodev_capabilities. The element after + * the last valid element has it's op field set to + * RTE_CRYPTO_OP_TYPE_UNDEFINED. */ extern void rte_cryptodev_info_get(uint8_t dev_id, struct rte_cryptodev_info *dev_info); @@ -411,15 +799,17 @@ rte_cryptodev_callback_unregister(uint8_t dev_id, rte_cryptodev_cb_fn cb_fn, void *cb_arg); -typedef uint16_t (*dequeue_pkt_burst_t)(void *qp, struct rte_mbuf **pkts, - uint16_t nb_pkts); +typedef uint16_t (*dequeue_pkt_burst_t)(void *qp, + struct rte_crypto_op **ops, uint16_t nb_ops); /**< Dequeue processed packets from queue pair of a device. */ -typedef uint16_t (*enqueue_pkt_burst_t)(void *qp, struct rte_mbuf **pkts, - uint16_t nb_pkts); +typedef uint16_t (*enqueue_pkt_burst_t)(void *qp, + struct rte_crypto_op **ops, uint16_t nb_ops); /**< Enqueue packets for processing on queue pair of a device. */ + + struct rte_cryptodev_callback; /** Structure to keep track of registered callbacks */ @@ -432,30 +822,31 @@ struct rte_cryptodev { enqueue_pkt_burst_t enqueue_burst; /**< Pointer to PMD transmit function. */ - const struct rte_cryptodev_driver *driver; - /**< Driver for this device */ struct rte_cryptodev_data *data; /**< Pointer to device data */ struct rte_cryptodev_ops *dev_ops; /**< Functions exported by PMD */ - struct rte_pci_device *pci_dev; - /**< PCI info. supplied by probing */ + uint64_t feature_flags; + /**< Feature flags exposes HW/SW features for the given device */ + struct rte_device *device; + /**< Backing device */ - enum rte_cryptodev_type dev_type; - /**< Crypto device type */ - enum pmd_type pmd_type; - /**< PMD type - PDEV / VDEV */ + uint8_t driver_id; + /**< Crypto driver identifier*/ struct rte_cryptodev_cb_list link_intr_cbs; /**< User application callback for interrupts if present */ + void *security_ctx; + /**< Context for security ops */ + + __extension__ uint8_t attached : 1; /**< Flag indicating the device is attached */ } __rte_cache_aligned; - -#define RTE_CRYPTODEV_NAME_MAX_LEN (64) -/**< Max length of name of crypto PMD */ +void * +rte_cryptodev_get_sec_ctx(uint8_t dev_id); /** * @@ -472,6 +863,7 @@ struct rte_cryptodev_data { char name[RTE_CRYPTODEV_NAME_MAX_LEN]; /**< Unique identifier name */ + __extension__ uint8_t dev_started : 1; /**< Device state: STARTED(1)/STOPPED(0) */ @@ -489,66 +881,65 @@ struct rte_cryptodev_data { extern struct rte_cryptodev *rte_cryptodevs; /** * - * Dequeue a burst of processed packets from a queue of the crypto device. - * The dequeued packets are stored in *rte_mbuf* structures whose pointers are - * supplied in the *pkts* array. + * Dequeue a burst of processed crypto operations from a queue on the crypto + * device. The dequeued operation are stored in *rte_crypto_op* structures + * whose pointers are supplied in the *ops* array. * - * The rte_crypto_dequeue_burst() function returns the number of packets - * actually dequeued, which is the number of *rte_mbuf* data structures - * effectively supplied into the *pkts* array. + * The rte_cryptodev_dequeue_burst() function returns the number of ops + * actually dequeued, which is the number of *rte_crypto_op* data structures + * effectively supplied into the *ops* array. * - * A return value equal to *nb_pkts* indicates that the queue contained - * at least *rx_pkts* packets, and this is likely to signify that other - * received packets remain in the input queue. Applications implementing - * a "retrieve as much received packets as possible" policy can check this - * specific case and keep invoking the rte_crypto_dequeue_burst() function - * until a value less than *nb_pkts* is returned. + * A return value equal to *nb_ops* indicates that the queue contained + * at least *nb_ops* operations, and this is likely to signify that other + * processed operations remain in the devices output queue. Applications + * implementing a "retrieve as many processed operations as possible" policy + * can check this specific case and keep invoking the + * rte_cryptodev_dequeue_burst() function until a value less than + * *nb_ops* is returned. * - * The rte_crypto_dequeue_burst() function does not provide any error + * The rte_cryptodev_dequeue_burst() function does not provide any error * notification to avoid the corresponding overhead. * - * @param dev_id The identifier of the device. + * @param dev_id The symmetric crypto device identifier * @param qp_id The index of the queue pair from which to * retrieve processed packets. The value must be * in the range [0, nb_queue_pair - 1] previously * supplied to rte_cryptodev_configure(). - * @param pkts The address of an array of pointers to - * *rte_mbuf* structures that must be large enough - * to store *nb_pkts* pointers in it. - * @param nb_pkts The maximum number of packets to dequeue. + * @param ops The address of an array of pointers to + * *rte_crypto_op* structures that must be + * large enough to store *nb_ops* pointers in it. + * @param nb_ops The maximum number of operations to dequeue. * * @return - * - The number of packets actually dequeued, which is the number - * of pointers to *rte_mbuf* structures effectively supplied to the - * *pkts* array. + * - The number of operations actually dequeued, which is the number + * of pointers to *rte_crypto_op* structures effectively supplied to the + * *ops* array. */ static inline uint16_t rte_cryptodev_dequeue_burst(uint8_t dev_id, uint16_t qp_id, - struct rte_mbuf **pkts, uint16_t nb_pkts) + struct rte_crypto_op **ops, uint16_t nb_ops) { struct rte_cryptodev *dev = &rte_cryptodevs[dev_id]; - nb_pkts = (*dev->dequeue_burst) - (dev->data->queue_pairs[qp_id], pkts, nb_pkts); + nb_ops = (*dev->dequeue_burst) + (dev->data->queue_pairs[qp_id], ops, nb_ops); - return nb_pkts; + return nb_ops; } /** - * Enqueue a burst of packets for processing on a crypto device. - * - * The rte_crypto_enqueue_burst() function is invoked to place packets - * on the queue *queue_id* of the device designated by its *dev_id*. + * Enqueue a burst of operations for processing on a crypto device. * - * The *nb_pkts* parameter is the number of packets to process which are - * supplied in the *pkts* array of *rte_mbuf* structures. + * The rte_cryptodev_enqueue_burst() function is invoked to place + * crypto operations on the queue *qp_id* of the device designated by + * its *dev_id*. * - * The rte_crypto_enqueue_burst() function returns the number of packets it - * actually sent. A return value equal to *nb_pkts* means that all packets - * have been sent. + * The *nb_ops* parameter is the number of operations to process which are + * supplied in the *ops* array of *rte_crypto_op* structures. * - * Each mbuf in the *pkts* array must have a valid *rte_mbuf_offload* structure - * attached which contains a valid crypto operation. + * The rte_cryptodev_enqueue_burst() function returns the number of + * operations it actually enqueued for processing. A return value equal to + * *nb_ops* means that all packets have been enqueued. * * @param dev_id The identifier of the device. * @param qp_id The index of the queue pair which packets are @@ -556,85 +947,352 @@ rte_cryptodev_dequeue_burst(uint8_t dev_id, uint16_t qp_id, * must be in the range [0, nb_queue_pairs - 1] * previously supplied to * *rte_cryptodev_configure*. - * @param pkts The address of an array of *nb_pkts* pointers - * to *rte_mbuf* structures which contain the - * output packets. - * @param nb_pkts The number of packets to transmit. + * @param ops The address of an array of *nb_ops* pointers + * to *rte_crypto_op* structures which contain + * the crypto operations to be processed. + * @param nb_ops The number of operations to process. * * @return - * The number of packets actually enqueued on the crypto device. The return - * value can be less than the value of the *nb_pkts* parameter when the - * crypto devices queue is full or has been filled up. - * The number of packets is 0 if the device hasn't been started. + * The number of operations actually enqueued on the crypto device. The return + * value can be less than the value of the *nb_ops* parameter when the + * crypto devices queue is full or if invalid parameters are specified in + * a *rte_crypto_op*. */ static inline uint16_t rte_cryptodev_enqueue_burst(uint8_t dev_id, uint16_t qp_id, - struct rte_mbuf **pkts, uint16_t nb_pkts) + struct rte_crypto_op **ops, uint16_t nb_ops) { struct rte_cryptodev *dev = &rte_cryptodevs[dev_id]; return (*dev->enqueue_burst)( - dev->data->queue_pairs[qp_id], pkts, nb_pkts); + dev->data->queue_pairs[qp_id], ops, nb_ops); } -/** Cryptodev symmetric crypto session */ +/** Cryptodev symmetric crypto session + * Each session is derived from a fixed xform chain. Therefore each session + * has a fixed algo, key, op-type, digest_len etc. + */ struct rte_cryptodev_sym_session { - struct { - uint8_t dev_id; - /**< Device Id */ - enum rte_cryptodev_type type; - /** Crypto Device type session created on */ - struct rte_mempool *mp; - /**< Mempool session allocated from */ - } __rte_aligned(8); - /**< Public symmetric session details */ - - char _private[0]; - /**< Private session material */ + uint64_t opaque_data; + /**< Can be used for external metadata */ + uint16_t nb_drivers; + /**< number of elements in sess_data array */ + uint16_t user_data_sz; + /**< session user data will be placed after sess_data */ + __extension__ struct { + void *data; + uint16_t refcnt; + } sess_data[0]; + /**< Driver specific session material, variable size */ }; +/** Cryptodev asymmetric crypto session */ +struct rte_cryptodev_asym_session { + __extension__ void *sess_private_data[0]; + /**< Private asymmetric session material */ +}; /** - * Initialise a session for symmetric cryptographic operations. + * Create a symmetric session mempool. * - * This function is used by the client to initialize immutable - * parameters of symmetric cryptographic operation. - * To perform the operation the rte_cryptodev_enqueue_burst function is - * used. Each mbuf should contain a reference to the session - * pointer returned from this function contained within it's crypto_op if a - * session-based operation is being provisioned. Memory to contain the session - * information is allocated from within mempool managed by the cryptodev. + * @param name + * The unique mempool name. + * @param nb_elts + * The number of elements in the mempool. + * @param elt_size + * The size of the element. This value will be ignored if it is smaller than + * the minimum session header size required for the system. For the user who + * want to use the same mempool for sym session and session private data it + * can be the maximum value of all existing devices' private data and session + * header sizes. + * @param cache_size + * The number of per-lcore cache elements + * @param priv_size + * The private data size of each session. + * @param socket_id + * The *socket_id* argument is the socket identifier in the case of + * NUMA. The value can be *SOCKET_ID_ANY* if there is no NUMA + * constraint for the reserved zone. * - * The rte_cryptodev_session_free must be called to free allocated - * memory when the session is no longer required. + * @return + * - On success return size of the session + * - On failure returns 0 + */ +__rte_experimental +struct rte_mempool * +rte_cryptodev_sym_session_pool_create(const char *name, uint32_t nb_elts, + uint32_t elt_size, uint32_t cache_size, uint16_t priv_size, + int socket_id); + +/** + * Create symmetric crypto session header (generic with no private data) * - * @param dev_id The device identifier. - * @param xform Crypto transform chain. + * @param mempool Symmetric session mempool to allocate session + * objects from + * @return + * - On success return pointer to sym-session + * - On failure returns NULL + */ +struct rte_cryptodev_sym_session * +rte_cryptodev_sym_session_create(struct rte_mempool *mempool); + +/** + * Create asymmetric crypto session header (generic with no private data) + * + * @param mempool mempool to allocate asymmetric session + * objects from + * @return + * - On success return pointer to asym-session + * - On failure returns NULL + */ +__rte_experimental +struct rte_cryptodev_asym_session * +rte_cryptodev_asym_session_create(struct rte_mempool *mempool); + +/** + * Frees symmetric crypto session header, after checking that all + * the device private data has been freed, returning it + * to its original mempool. + * + * @param sess Session header to be freed. + * + * @return + * - 0 if successful. + * - -EINVAL if session is NULL. + * - -EBUSY if not all device private data has been freed. + */ +int +rte_cryptodev_sym_session_free(struct rte_cryptodev_sym_session *sess); + +/** + * Frees asymmetric crypto session header, after checking that all + * the device private data has been freed, returning it + * to its original mempool. + * + * @param sess Session header to be freed. + * + * @return + * - 0 if successful. + * - -EINVAL if session is NULL. + * - -EBUSY if not all device private data has been freed. + */ +__rte_experimental +int +rte_cryptodev_asym_session_free(struct rte_cryptodev_asym_session *sess); + +/** + * Fill out private data for the device id, based on its device type. + * + * @param dev_id ID of device that we want the session to be used on + * @param sess Session where the private data will be attached to + * @param xforms Symmetric crypto transform operations to apply on flow + * processed with this session + * @param mempool Mempool where the private data is allocated. + * + * @return + * - On success, zero. + * - -EINVAL if input parameters are invalid. + * - -ENOTSUP if crypto device does not support the crypto transform or + * does not support symmetric operations. + * - -ENOMEM if the private session could not be allocated. + */ +int +rte_cryptodev_sym_session_init(uint8_t dev_id, + struct rte_cryptodev_sym_session *sess, + struct rte_crypto_sym_xform *xforms, + struct rte_mempool *mempool); + +/** + * Initialize asymmetric session on a device with specific asymmetric xform + * + * @param dev_id ID of device that we want the session to be used on + * @param sess Session to be set up on a device + * @param xforms Asymmetric crypto transform operations to apply on flow + * processed with this session + * @param mempool Mempool to be used for internal allocation. + * + * @return + * - On success, zero. + * - -EINVAL if input parameters are invalid. + * - -ENOTSUP if crypto device does not support the crypto transform. + * - -ENOMEM if the private session could not be allocated. + */ +__rte_experimental +int +rte_cryptodev_asym_session_init(uint8_t dev_id, + struct rte_cryptodev_asym_session *sess, + struct rte_crypto_asym_xform *xforms, + struct rte_mempool *mempool); + +/** + * Frees private data for the device id, based on its device type, + * returning it to its mempool. It is the application's responsibility + * to ensure that private session data is not cleared while there are + * still in-flight operations using it. + * + * @param dev_id ID of device that uses the session. + * @param sess Session containing the reference to the private data + * + * @return + * - 0 if successful. + * - -EINVAL if device is invalid or session is NULL. + * - -ENOTSUP if crypto device does not support symmetric operations. + */ +int +rte_cryptodev_sym_session_clear(uint8_t dev_id, + struct rte_cryptodev_sym_session *sess); + +/** + * Frees resources held by asymmetric session during rte_cryptodev_session_init + * + * @param dev_id ID of device that uses the asymmetric session. + * @param sess Asymmetric session setup on device using + * rte_cryptodev_session_init + * @return + * - 0 if successful. + * - -EINVAL if device is invalid or session is NULL. + */ +__rte_experimental +int +rte_cryptodev_asym_session_clear(uint8_t dev_id, + struct rte_cryptodev_asym_session *sess); + +/** + * Get the size of the header session, for all registered drivers excluding + * the user data size. + * + * @return + * Size of the symmetric header session. + */ +unsigned int +rte_cryptodev_sym_get_header_session_size(void); + +/** + * Get the size of the header session from created session. + * + * @param sess + * The sym cryptodev session pointer + * + * @return + * - If sess is not NULL, return the size of the header session including + * the private data size defined within sess. + * - If sess is NULL, return 0. + */ +__rte_experimental +unsigned int +rte_cryptodev_sym_get_existing_header_session_size( + struct rte_cryptodev_sym_session *sess); + +/** + * Get the size of the asymmetric session header, for all registered drivers. + * + * @return + * Size of the asymmetric header session. + */ +__rte_experimental +unsigned int +rte_cryptodev_asym_get_header_session_size(void); +/** + * Get the size of the private symmetric session data + * for a device. + * + * @param dev_id The device identifier. * * @return - * Pointer to the created session or NULL + * - Size of the private data, if successful + * - 0 if device is invalid or does not have private + * symmetric session */ -extern struct rte_cryptodev_sym_session * -rte_cryptodev_sym_session_create(uint8_t dev_id, - struct rte_crypto_sym_xform *xform); +unsigned int +rte_cryptodev_sym_get_private_session_size(uint8_t dev_id); /** - * Free the memory associated with a previously allocated session. + * Get the size of the private data for asymmetric session + * on device * * @param dev_id The device identifier. - * @param session Session pointer previously allocated by + * + * @return + * - Size of the asymmetric private data, if successful + * - 0 if device is invalid or does not have private session + */ +__rte_experimental +unsigned int +rte_cryptodev_asym_get_private_session_size(uint8_t dev_id); + +/** + * Provide driver identifier. + * + * @param name + * The pointer to a driver name. + * @return + * The driver type identifier or -1 if no driver found + */ +int rte_cryptodev_driver_id_get(const char *name); + +/** + * Provide driver name. + * + * @param driver_id + * The driver identifier. + * @return + * The driver name or null if no driver found + */ +const char *rte_cryptodev_driver_name_get(uint8_t driver_id); + +/** + * Store user data in a session. + * + * @param sess Session pointer allocated by + * *rte_cryptodev_sym_session_create*. + * @param data Pointer to the user data. + * @param size Size of the user data. + * + * @return + * - On success, zero. + * - On failure, a negative value. + */ +__rte_experimental +int +rte_cryptodev_sym_session_set_user_data( + struct rte_cryptodev_sym_session *sess, + void *data, + uint16_t size); + +/** + * Get user data stored in a session. + * + * @param sess Session pointer allocated by * *rte_cryptodev_sym_session_create*. * * @return - * NULL on successful freeing of session. - * Session pointer on failure to free session. + * - On success return pointer to user data. + * - On failure returns NULL. */ -extern struct rte_cryptodev_sym_session * -rte_cryptodev_sym_session_free(uint8_t dev_id, - struct rte_cryptodev_sym_session *session); +__rte_experimental +void * +rte_cryptodev_sym_session_get_user_data( + struct rte_cryptodev_sym_session *sess); +/** + * Perform actual crypto processing (encrypt/digest or auth/decrypt) + * on user provided data. + * + * @param dev_id The device identifier. + * @param sess Cryptodev session structure + * @param ofs Start and stop offsets for auth and cipher operations + * @param vec Vectorized operation descriptor + * + * @return + * - Returns number of successfully processed packets. + */ +__rte_experimental +uint32_t +rte_cryptodev_sym_cpu_crypto_process(uint8_t dev_id, + struct rte_cryptodev_sym_session *sess, union rte_crypto_sym_ofs ofs, + struct rte_crypto_sym_vec *vec); #ifdef __cplusplus }