From patchwork Thu Aug 14 15:40:12 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Robbie King X-Patchwork-Id: 35410 Return-Path: X-Original-To: linaro@patches.linaro.org Delivered-To: linaro@patches.linaro.org Received: from mail-pa0-f70.google.com (mail-pa0-f70.google.com [209.85.220.70]) by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 2C8BB203C5 for ; Thu, 14 Aug 2014 15:40:40 +0000 (UTC) Received: by mail-pa0-f70.google.com with SMTP id lf10sf9829729pab.5 for ; Thu, 14 Aug 2014 08:40:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:delivered-to:from:to:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language:mime-version :cc:subject:precedence:list-id:list-unsubscribe:list-archive :list-post:list-help:list-subscribe:errors-to:sender :x-original-sender:x-original-authentication-results:mailing-list :content-language:content-type; bh=jr4Nf6UD/awk7bNng6cXPzvnIi3EgDNgu9QNMyqqwGs=; b=jFXlxKpKhfZFDboG0X0I2ZMGjLu3uh8tbBp6ywqx7TqHb8Ddapdu65yJ6x/1Q9CMLp 5UT16lph8wQijrpFQz1USM0j+gea0Pqi+wv3emcIra6Qho7sfqmZvN6iRfH8z+xx+KPs lvfPoe0HHWq7A7ZhjecQEEn0mO4xiYdUnr934y3vjeWCg0n6LcPkQdwNtf1+zJ2YDpoi HnLgH5qZMu7wZwK/iV5GZ/2or8rdUQ1oXr5xsG9Q6hcRUpjuaNE7kMYLkvepsbRDTQgs yqCyRfl9DGfKYgR7J5e/WKnOFoIyoEW3B3QkCLPwkOHy8cEmtqtmGa/eWWPgD7zx6zmH Bsrg== X-Gm-Message-State: ALoCoQmOr8sUnCConiofsAeFS6jebmmQaMwAQ9c4HZdaAXLnURLIjpIIuVdBJ9vMLCZ3cvfUVlxi X-Received: by 10.66.141.165 with SMTP id rp5mr661321pab.47.1408030839499; Thu, 14 Aug 2014 08:40:39 -0700 (PDT) X-BeenThere: patchwork-forward@linaro.org Received: by 10.140.93.228 with SMTP id d91ls1128191qge.41.gmail; Thu, 14 Aug 2014 08:40:39 -0700 (PDT) X-Received: by 10.52.243.10 with SMTP id wu10mr2903633vdc.45.1408030839335; Thu, 14 Aug 2014 08:40:39 -0700 (PDT) Received: from mail-vc0-x232.google.com (mail-vc0-x232.google.com [2607:f8b0:400c:c03::232]) by mx.google.com with ESMTPS id o6si2949784vcr.56.2014.08.14.08.40.39 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 14 Aug 2014 08:40:39 -0700 (PDT) Received-SPF: pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 2607:f8b0:400c:c03::232 as permitted sender) client-ip=2607:f8b0:400c:c03::232; Received: by mail-vc0-f178.google.com with SMTP id la4so1623203vcb.9 for ; Thu, 14 Aug 2014 08:40:39 -0700 (PDT) X-Received: by 10.52.120.51 with SMTP id kz19mr1398011vdb.95.1408030839225; Thu, 14 Aug 2014 08:40:39 -0700 (PDT) X-Forwarded-To: patchwork-forward@linaro.org X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org Delivered-To: patch@linaro.org Received: by 10.221.37.5 with SMTP id tc5csp44382vcb; Thu, 14 Aug 2014 08:40:38 -0700 (PDT) X-Received: by 10.220.95.132 with SMTP id d4mr4914951vcn.33.1408030838506; Thu, 14 Aug 2014 08:40:38 -0700 (PDT) Received: from ip-10-141-164-156.ec2.internal (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTPS id n91si6834011qge.82.2014.08.14.08.40.37 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 14 Aug 2014 08:40:38 -0700 (PDT) Received-SPF: none (google.com: lng-odp-bounces@lists.linaro.org does not designate permitted sender hosts) client-ip=54.225.227.206; Received: from localhost ([127.0.0.1] helo=ip-10-141-164-156.ec2.internal) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1XHx8n-0006wK-IH; Thu, 14 Aug 2014 15:40:37 +0000 Received: from alln-iport-8.cisco.com ([173.37.142.95]) by ip-10-141-164-156.ec2.internal with esmtp (Exim 4.76) (envelope-from ) id 1XHx8U-0006vq-Po for lng-odp@lists.linaro.org; Thu, 14 Aug 2014 15:40:19 +0000 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AjAFAOLX7FOtJV2b/2dsb2JhbABZgkcjI1NXBIJ2yRSBWQEJh0kBGX4Wd4QDAQEBBAEBARcJCkELEAIBCBEEAQELFgEGAwICAiUBChQJCAIEDgUIiDoBDLAklUEXjnQnFhsGAYJ5NoEdBZEdhCaCOYE8hFiTJ4FjAgIZgVxsgQZCgQcBAQE X-IronPort-AV: E=Sophos; i="5.01,863,1400025600"; d="scan'208,217"; a="69275763" Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by alln-iport-8.cisco.com with ESMTP; 14 Aug 2014 15:40:12 +0000 Received: from xhc-rcd-x10.cisco.com (xhc-rcd-x10.cisco.com [173.37.183.84]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s7EFeCeU006463 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 14 Aug 2014 15:40:12 GMT Received: from xmb-aln-x01.cisco.com ([fe80::747b:83e1:9755:d453]) by xhc-rcd-x10.cisco.com ([173.37.183.84]) with mapi id 14.03.0195.001; Thu, 14 Aug 2014 10:40:12 -0500 From: "Robbie King (robking)" To: Ola Liljedahl Thread-Topic: [lng-odp] [PATCHv6 2/3] Add ODP crypto API file Thread-Index: AQHPtkCGZgRcOigz+E6R1vDlAQZFApvOaZAAgAHL+wCAAFlVAP//sHjA Date: Thu, 14 Aug 2014 15:40:12 +0000 Message-ID: References: <1407856641-6466-1-git-send-email-robking@cisco.com> <1407856641-6466-3-git-send-email-robking@cisco.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.82.254.47] MIME-Version: 1.0 X-Topics: crypto patch Cc: "lng-odp@lists.linaro.org" Subject: Re: [lng-odp] [PATCHv6 2/3] Add ODP crypto API file X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: , List-Help: , List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: lng-odp-bounces@lists.linaro.org X-Original-Sender: robking@cisco.com X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of patch+caf_=patchwork-forward=linaro.org@linaro.org designates 2607:f8b0:400c:c03::232 as permitted sender) smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org; dkim=neutral (body hash did not verify) header.i=@ Mailing-list: list patchwork-forward@linaro.org; contact patchwork-forward+owners@linaro.org X-Google-Group-Id: 836684582541 Content-Language: en-US sorry Ola, I just saw this when I went to check if the patches sent correctly. can we do this at the same time that we fix the others? (buffer invalid, etc) From: Ola Liljedahl [mailto:ola.liljedahl@linaro.org] Sent: Thursday, August 14, 2014 11:24 AM To: Robbie King (robking) Cc: Alexandru Badicioiu; lng-odp@lists.linaro.org Subject: Re: [lng-odp] [PATCHv6 2/3] Add ODP crypto API file May I suggest #define ODP_CRYPTO_SESSION_INVALID (~(odp_crypto_session_t)0U) So we don't have to bother about the size (normal, long, long long) of the odp_crypto_session_t type. On 14 August 2014 17:05, Robbie King (robking) > wrote: Hi Alex, I’m getting ready to send new patch with -1ULL replaced with 0xffffffffffffffffULL and with the init function moved to linux-generic. The error code you asked about I thought was supposed to be covered by the “invalid parameters” error return codes for authentication and cipher. From: Alexandru Badicioiu [mailto:alexandru.badicioiu@linaro.org] Sent: Wednesday, August 13, 2014 2:38 AM To: Robbie King (robking) Cc: lng-odp@lists.linaro.org Subject: Re: [lng-odp] [PATCHv6 2/3] Add ODP crypto API file On 12 August 2014 18:17, Robbie King > wrote: Signed-off-by: Robbie King > --- include/odp_crypto.h | 366 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 366 insertions(+), 0 deletions(-) create mode 100644 include/odp_crypto.h + */ +int +odp_crypto_init(uint32_t max_sessions); Currently there are no APIs defined for queue/pktio/buffer pool/timer etc initialization; these functions private to implementations , e.g.:platform/linux-generic/include/odp_internal.h. Is there a reason for making an exception for crypto? + +#ifdef __cplusplus +} +#endif + +#endif -- 1.7.7.6 _______________________________________________ lng-odp mailing list lng-odp@lists.linaro.org http://lists.linaro.org/mailman/listinfo/lng-odp _______________________________________________ lng-odp mailing list lng-odp@lists.linaro.org http://lists.linaro.org/mailman/listinfo/lng-odp diff --git a/include/odp_crypto.h b/include/odp_crypto.h new file mode 100644 index 0000000..c10f80e --- /dev/null +++ b/include/odp_crypto.h @@ -0,0 +1,366 @@ +/* Copyright (c) 2014, Linaro Limited + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + + +/** + * @file + * + * ODP crypto + */ + +#ifndef ODP_CRYPTO_H_ +#define ODP_CRYPTO_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include +#include +#include +#include + +/** Invalid session handle */ +#define ODP_CRYPTO_SESSION_INVALID (-1ULL) Is there a reason for this value? These are the current invalid values: #define ODP_QUEUE_INVALID 0 #define ODP_PKTIO_INVALID 0 #define ODP_BUFFER_POOL_INVALID (0xffffffff) #define ODP_BUFFER_INVALID (0xffffffff) #define ODP_TIMER_INVALID 0 #define ODP_TIMER_TMO_INVALID 0 + +/** + * Crypto API opaque session handle + */ +typedef uint64_t odp_crypto_session_t; + +/** + * Crypto API operation mode + */ +enum odp_crypto_op_mode { + ODP_CRYPTO_SYNC, /**< Synchronous, return results immediately */ + ODP_CRYPTO_ASYNC, /**< Aynchronous, return results via posted event */ +}; + +/** + * Crypto API operation type + */ +enum odp_crypto_op { + ODP_CRYPTO_OP_ENCODE, /**< Encrypt and/or compute authentication ICV */ + ODP_CRYPTO_OP_DECODE /**< Decrypt and/or verify authentication ICV */ +}; + +/** + * Crypto API cipher algorithm + */ +enum odp_cipher_alg { + ODP_CIPHER_ALG_NULL, /**< No cipher algorithm specified */ + ODP_CIPHER_ALG_DES, /**< DES */ + ODP_CIPHER_ALG_3DES_CBC, /**< Triple DES with cipher block chaining */ +}; + +/** + * Crypto API authentication algorithm + */ +enum odp_auth_alg { + ODP_AUTH_ALG_NULL, /**< No authentication algorithm specified */ + ODP_AUTH_ALG_MD5_96, /**< HMAC-MD5 with 96 bit key */ +}; + +/** + * Crypto API key structure + */ +typedef struct odp_crypto_key { + uint8_t *data; /**< Key data */ + uint32_t length; /**< Key length in bytes */ +} odp_crypto_key_t; + +/** + * Crypto API IV structure + */ +typedef struct odp_crypto_iv { + uint8_t *data; /**< IV data */ + uint32_t length; /**< IV length in bytes */ +} odp_crypto_iv_t; + +/** + * Crypto API data range specifier + */ +typedef struct odp_crypto_data_range { + uint32_t offset; /**< Offset from beginning of buffer (chain) */ + uint32_t length; /**< Length of data to operate on */ +} odp_crypto_data_range_t; + +/** + * Crypto API session creation paramters + * + * @todo Add "odp_session_proc_info_t" + */ +typedef struct odp_crypto_session_params { + enum odp_crypto_op op; /**< Encode versus decode */ + bool auth_cipher_text; /**< Authenticate/cipher ordering */ + enum odp_crypto_op_mode pref_mode; /**< Preferred sync vs async */ + enum odp_cipher_alg cipher_alg; /**< Cipher algorithm */ + odp_crypto_key_t cipher_key; /**< Cipher key */ + odp_crypto_iv_t iv; /**< Cipher Initialization Vector (IV) */ + enum odp_auth_alg auth_alg; /**< Authentication algorithm */ + odp_crypto_key_t auth_key; /**< Authentication key */ + odp_queue_t compl_queue; /**< Async mode completion event queue */ + odp_buffer_pool_t output_pool; /**< Output buffer pool */ +} odp_crypto_session_params_t; + +/** + * @var odp_crypto_session_params_t::auth_cipher_text + * + * Controls ordering of authentication and cipher operations, + * and is relative to the operation (encode vs decode). + * When encoding, @c TRUE indicates the authentication operation + * should be peformed @b after the cipher operation else before. + * When decoding, @c TRUE indicates the reverse order of operation. + * + * @var odp_crypto_session_params_t::compl_queue + * + * When the API operates asynchronously, the completion queue is + * used to return the completion status of the operation to the + * application. + * + * @var odp_crypto_session_params_t::output_pool + * + * When the output packet is not specified during the call to + * odp_crypto_operation, the output packet buffer will be allocated + * from this pool. + */ + +/** + * Crypto API per packet operation parameters + * + * @todo Clarify who zero's ICV and how this relates to "hash_result_offset" + */ +typedef struct odp_crypto_op_params { + odp_crypto_session_t session; /**< Session handle from creation */ + odp_packet_t pkt; /**< Input packet buffer */ + odp_packet_t out_pkt; /**< Output packet buffer */ + uint8_t *override_iv_ptr; /**< Override session IV pointer */ + uint32_t hash_result_offset; /**< Offset from start of packet buffer for hash result */ + odp_crypto_data_range_t cipher_range; /**< Data range to apply cipher */ + odp_crypto_data_range_t auth_range; /**< Data range to authenticate */ +} odp_crypto_op_params_t; + +/** + * @var odp_crypto_op_params_t::pkt + * Specifies the input packet buffer for the crypto operation. When the + * @c out_pkt variable is set to @c ODP_PACKET_INVALID (indicating a new + * buffer should be allocated for the resulting packet), the \#define TBD + * indicates whether the implementation will free the input packet buffer + * or if it becomes the responsibility of the caller. + * + * @var odp_crypto_op_params_t::out_pkt + * + * The API supports both "in place" (the original packet "pkt" is + * modified) and "copy" (the packet is replicated to a new buffer + * which contains the modified data). + * + * The "in place" mode of operation is indicated by setting @c out_pkt + * equal to @c pkt. For the copy mode of operation, setting @c out_pkt + * to a valid packet buffer value indicates the caller wishes to specify + * the destination buffer. Setting @c out_pkt to @c ODP_PACKET_INVALID + * indicates the caller wishes the destination packet buffer be allocated + * from the output pool specified during session creation. + * + * @sa odp_crypto_session_params_t::output_pool. + */ + +/** + * Crypto API session creation return code + */ +enum odp_crypto_ses_create_err { + ODP_CRYPTO_SES_CREATE_ERR_NONE, /**< Session created */ + ODP_CRYPTO_SES_CREATE_ERR_ENOMEM, /**< Creation failed, no resources */ + ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER, /**< Creation failed, bad cipher params */ + ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH, /**< Creation failed, bad auth params */ What about a NOT SUPPORTED error code? +}; + +/** + * Crypto API algorithm return code + */ +enum crypto_alg_err { + ODP_CRYPTO_ALG_ERR_NONE, /**< Algorithm successful */ + ODP_CRYPTO_ALG_ERR_DATA_SIZE, /**< Invalid data block size */ + ODP_CRYPTO_ALG_ERR_KEY_SIZE, /**< Key size invalid for algorithm */ + ODP_CRYPTO_ALG_ERR_ICV_CHECK, /**< Computed ICV value mismatch */ +}; + +/** + * Crypto API hardware centric return code + */ +enum crypto_hw_err { + ODP_CRYPTO_HW_ERR_NONE, /**< Operation completed successfully */ + ODP_CRYPTO_HW_ERR_DMA, /**< Error detected during DMA of data */ + ODP_CRYPTO_HW_ERR_BP_DEPLETED, /**< Operation failed due to buffer pool depletion */ +}; + +/** + * Cryto API per packet operation completion status + */ +typedef struct odp_crypto_compl_status { + enum crypto_alg_err alg_err; /**< Algorithm specific return code */ + enum crypto_hw_err hw_err; /**< Hardware specific return code */ +} odp_crypto_compl_status_t; + + +/** + * Crypto session creation (synchronous) + * + * @param params Session parameters + * @param session Created session else ODP_CRYPTO_SESSION_INVALID + * @param status Failure code if unsuccessful + * + * @return 0 if successful else -1 + */ +int +odp_crypto_session_create(odp_crypto_session_params_t *params, + odp_crypto_session_t *session, + enum odp_crypto_ses_create_err *status); + +/** + * Crypto session creation (asynchronous) + * + * Initiate crypto session creation. Results are delivered using + * the completion event via the completion queue. + * + * @param params Session parameters + * @param completion_event Event by which the session creation results are + * delivered. + * @param completion_queue Queue by which the completion event will be + * delivered. + * + * @return 0 if successful else -1 + * + */ +int +odp_crypto_session_create_async(odp_crypto_session_params_t *params, + odp_buffer_t completion_event, + odp_queue_t completion_queue); + + +/** + * Crypto session creation completion status + * + * Accessor function for obtaining creation status from the completion event. + * + * @param completion_event Event containing operation results + * @param status Pointer to store creation return code + */ +void +odp_crypto_get_ses_create_compl_status(odp_buffer_t completion_event, + enum odp_crypto_ses_create_err *status); + +/** + * Crypto session creation completion return value + * + * Accessor function for obtaining handle for newly created session. + * + * @param completion_event Event containing operation results + * @param session Pointer to store session handle + */ +void +odp_crypto_get_ses_create_compl_session(odp_buffer_t completion_event, + odp_crypto_session_t *session); + +/** + * Crypto per packet operation + * + * Performs the cryptographic operations specified during session creation + * on the packet. If the operation is performed synchronously, "posted" + * will return FALSE and the result of the operation is immediately available + * in the completion event. If "posted" returns TRUE the result will be + * delivered via the completion queue specified when the session was created. + * + * @todo Resolve if completion_event is necessary, can/should the output + * packet buffer always be used instead. + * + * @param params Operation parameters + * @param posted Pointer to return posted, TRUE for async operation + * @param completion_event Event by which the operation results are delivered. + * + * @return 0 if successful else -1 + */ +int +odp_crypto_operation(odp_crypto_op_params_t *params, + bool *posted, + odp_buffer_t completion_event); + +/** + * Crypto per packet operation set user context in completion event + * + * @param completion_event Event containing operation results + * @param ctx User data + */ +void +odp_crypto_set_operation_compl_ctx(odp_buffer_t completion_event, + void *ctx); + +/** + * Crypto per packet operation completion status + * + * Accessor function for obtaining operation status from the completion event. + * + * @param completion_event Event containing operation results + * @param auth Pointer to store authentication results + * @param cipher Pointer to store cipher results + */ +void +odp_crypto_get_operation_compl_status(odp_buffer_t completion_event, + odp_crypto_compl_status_t *auth, + odp_crypto_compl_status_t *cipher); + +/** + * Crypto per packet operation query completed operation packet + * + * Accessor function for obtaining current packet buffer, can be + * different from input packet buffer on some systems + * + * @param completion_event Event containing operation results + * + * @return Packet structure where data now resides + */ +odp_packet_t +odp_crypto_get_operation_compl_packet(odp_buffer_t completion_event); + +/** + * Crypto per packet operation query user context in completion event + * + * @param completion_event Event containing operation results + * + * @return User data + */ +void * +odp_crypto_get_operation_compl_ctx(odp_buffer_t completion_event); + +/** + * Generate random byte string + * + * @param buf Pointer to store result + * @param len Pointer to input length value as well as return value + * @param use_entropy Use entropy + * + * @todo Define the implication of the use_entropy parameter + * + * @return 0 if succesful + */ +int +odp_hw_random_get(uint8_t *buf, size_t *len, bool use_entropy); + +/** + * Initialize the crypto subsystem, called once from main thread + * + * @param max_sessions Maximum number of sessions to support + * + * @return 0 if succesful