diff options
author | Matias Elo <matias.elo@nokia.com> | 2022-10-28 17:32:56 +0300 |
---|---|---|
committer | Petri Savolainen <petri.savolainen@nokia.com> | 2022-12-29 14:55:25 +0200 |
commit | 648c27bfcfdf4c19e4418aedf75e803eb914bcfd (patch) | |
tree | ecbba3ab26824a47d2ed86c25f9c89ce5be28b8d | |
parent | ccb7b35bb75366968e316bbadd6a030a976e5b21 (diff) |
api: crypto: split header files
Split crypto API into separate header files for functions and types. This
enables inline implementation of API functions.
Signed-off-by: Matias Elo <matias.elo@nokia.com>
Reviewed-by: Tuomas Taipale <tuomas.taipale@nokia.com>
19 files changed, 1263 insertions, 1101 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index 49ccf552e..7e9b8fedf 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -20,6 +20,7 @@ odpapiinclude_HEADERS = \ odp/api/cpu.h \ odp/api/cpumask.h \ odp/api/crypto.h \ + odp/api/crypto_types.h \ odp/api/debug.h \ odp/api/deprecated.h \ odp/api/dma.h \ @@ -84,6 +85,7 @@ odpapispecinclude_HEADERS = \ odp/api/spec/cpu.h \ odp/api/spec/cpumask.h \ odp/api/spec/crypto.h \ + odp/api/spec/crypto_types.h \ odp/api/spec/debug.h \ odp/api/spec/dma.h \ odp/api/spec/dma_types.h \ @@ -150,6 +152,7 @@ odpapiabidefaultinclude_HEADERS = \ odp/api/abi-default/cpu.h \ odp/api/abi-default/cpumask.h \ odp/api/abi-default/crypto.h \ + odp/api/abi-default/crypto_types.h \ odp/api/abi-default/debug.h \ odp/api/abi-default/dma_types.h \ odp/api/abi-default/errno.h \ @@ -208,6 +211,7 @@ odpapiabiarchinclude_HEADERS = \ odp/arch/arm32-linux/odp/api/abi/cpu.h \ odp/arch/arm32-linux/odp/api/abi/cpumask.h \ odp/arch/arm32-linux/odp/api/abi/crypto.h \ + odp/arch/arm32-linux/odp/api/abi/crypto_types.h \ odp/arch/arm32-linux/odp/api/abi/debug.h \ odp/arch/arm32-linux/odp/api/abi/dma_types.h \ odp/arch/arm32-linux/odp/api/abi/errno.h \ @@ -262,6 +266,7 @@ odpapiabiarchinclude_HEADERS = \ odp/arch/arm64-linux/odp/api/abi/cpu.h \ odp/arch/arm64-linux/odp/api/abi/cpumask.h \ odp/arch/arm64-linux/odp/api/abi/crypto.h \ + odp/arch/arm64-linux/odp/api/abi/crypto_types.h \ odp/arch/arm64-linux/odp/api/abi/debug.h \ odp/arch/arm64-linux/odp/api/abi/dma_types.h \ odp/arch/arm64-linux/odp/api/abi/errno.h \ @@ -316,6 +321,7 @@ odpapiabiarchinclude_HEADERS = \ odp/arch/default-linux/odp/api/abi/cpu.h \ odp/arch/default-linux/odp/api/abi/cpumask.h \ odp/arch/default-linux/odp/api/abi/crypto.h \ + odp/arch/default-linux/odp/api/abi/crypto_types.h \ odp/arch/default-linux/odp/api/abi/debug.h \ odp/arch/default-linux/odp/api/abi/dma_types.h \ odp/arch/default-linux/odp/api/abi/errno.h \ @@ -370,6 +376,7 @@ odpapiabiarchinclude_HEADERS = \ odp/arch/power64-linux/odp/api/abi/cpu.h \ odp/arch/power64-linux/odp/api/abi/cpumask.h \ odp/arch/power64-linux/odp/api/abi/crypto.h \ + odp/arch/power64-linux/odp/api/abi/crypto_types.h \ odp/arch/power64-linux/odp/api/abi/debug.h \ odp/arch/power64-linux/odp/api/abi/dma_types.h \ odp/arch/power64-linux/odp/api/abi/errno.h \ @@ -424,6 +431,7 @@ odpapiabiarchinclude_HEADERS = \ odp/arch/x86_32-linux/odp/api/abi/cpu.h \ odp/arch/x86_32-linux/odp/api/abi/cpumask.h \ odp/arch/x86_32-linux/odp/api/abi/crypto.h \ + odp/arch/x86_32-linux/odp/api/abi/crypto_types.h \ odp/arch/x86_32-linux/odp/api/abi/debug.h \ odp/arch/x86_32-linux/odp/api/abi/dma_types.h \ odp/arch/x86_32-linux/odp/api/abi/errno.h \ @@ -478,6 +486,7 @@ odpapiabiarchinclude_HEADERS = \ odp/arch/x86_64-linux/odp/api/abi/cpu.h \ odp/arch/x86_64-linux/odp/api/abi/cpumask.h \ odp/arch/x86_64-linux/odp/api/abi/crypto.h \ + odp/arch/x86_64-linux/odp/api/abi/crypto_types.h \ odp/arch/x86_64-linux/odp/api/abi/debug.h \ odp/arch/x86_64-linux/odp/api/abi/dma_types.h \ odp/arch/x86_64-linux/odp/api/abi/errno.h \ diff --git a/include/odp/api/abi-default/crypto.h b/include/odp/api/abi-default/crypto.h index e7c0a651c..0e9e8506a 100644 --- a/include/odp/api/abi-default/crypto.h +++ b/include/odp/api/abi-default/crypto.h @@ -1,4 +1,5 @@ /* Copyright (c) 2017-2018, Linaro Limited + * Copyright (c) 2022, Nokia * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -11,23 +12,7 @@ extern "C" { #endif -#include <stdint.h> - -/** @internal Dummy type for strong typing */ -typedef struct { char dummy; /**< @internal Dummy */ } _odp_abi_crypto_compl_t; - -/** @ingroup odp_crypto - * @{ - */ - -#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL) - -typedef uint64_t odp_crypto_session_t; -typedef _odp_abi_crypto_compl_t *odp_crypto_compl_t; - -/** - * @} - */ +/* Empty header required due to the inline functions */ #ifdef __cplusplus } diff --git a/include/odp/api/abi-default/crypto_types.h b/include/odp/api/abi-default/crypto_types.h new file mode 100644 index 000000000..cc9155bfa --- /dev/null +++ b/include/odp/api/abi-default/crypto_types.h @@ -0,0 +1,37 @@ +/* Copyright (c) 2017-2018, Linaro Limited + * Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef ODP_ABI_CRYPTO_TYPES_H_ +#define ODP_ABI_CRYPTO_TYPES_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <stdint.h> + +/** @internal Dummy type for strong typing */ +typedef struct { char dummy; /**< @internal Dummy */ } _odp_abi_crypto_compl_t; + +/** @ingroup odp_crypto + * @{ + */ + +#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL) + +typedef uint64_t odp_crypto_session_t; +typedef _odp_abi_crypto_compl_t *odp_crypto_compl_t; + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/odp/api/crypto.h b/include/odp/api/crypto.h index ec7c8370b..336304553 100644 --- a/include/odp/api/crypto.h +++ b/include/odp/api/crypto.h @@ -17,19 +17,7 @@ extern "C" { #endif -#include <odp/api/std_types.h> -#include <odp/api/abi/packet_types.h> #include <odp/api/abi/crypto.h> -#include <odp/api/abi/buffer.h> -#include <odp/api/abi/queue_types.h> - -/** @ingroup odp_crypto - * @{ - */ - -/** - * @} - */ #include <odp/api/spec/crypto.h> diff --git a/include/odp/api/crypto_types.h b/include/odp/api/crypto_types.h new file mode 100644 index 000000000..225ff7df0 --- /dev/null +++ b/include/odp/api/crypto_types.h @@ -0,0 +1,28 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP crypto + */ + +#ifndef ODP_API_CRYPTO_TYPES_H_ +#define ODP_API_CRYPTO_TYPES_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <odp/api/abi/crypto_types.h> + +#include <odp/api/spec/crypto_types.h> + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index a79a05ad3..2118cb589 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -15,9 +15,9 @@ #define ODP_API_SPEC_CRYPTO_H_ #include <odp/visibility_begin.h> +#include <odp/api/crypto_types.h> #include <odp/api/deprecated.h> #include <odp/api/packet_types.h> -#include <odp/api/pool_types.h> #include <odp/api/std_types.h> #ifdef __cplusplus @@ -30,1062 +30,6 @@ extern "C" { */ /** - * @def ODP_CRYPTO_SESSION_INVALID - * Invalid session handle - */ - -/** - * @typedef odp_crypto_session_t - * Crypto API opaque session handle - */ - -/** - * @typedef odp_crypto_compl_t -* @deprecated Crypto API completion event (platform dependent). -*/ - -/** - * Crypto API operation mode - */ -typedef enum { - /** Synchronous, return results immediately */ - ODP_CRYPTO_SYNC, - /** Asynchronous, return results via posted event */ - ODP_CRYPTO_ASYNC, -} odp_crypto_op_mode_t; - -/** - * Crypto API operation type - */ -typedef enum { - /** Encrypt and/or compute authentication ICV */ - ODP_CRYPTO_OP_ENCODE, - /** Decrypt and/or verify authentication ICV */ - ODP_CRYPTO_OP_DECODE, -} odp_crypto_op_t; - -/** - * Crypto API cipher algorithm - */ -typedef enum { - /** No cipher algorithm specified */ - ODP_CIPHER_ALG_NULL, - - /** DES */ - ODP_CIPHER_ALG_DES, - - /** Triple DES with cipher block chaining */ - ODP_CIPHER_ALG_3DES_CBC, - - /** Triple DES with Electronic Codebook */ - ODP_CIPHER_ALG_3DES_ECB, - - /** AES with cipher block chaining */ - ODP_CIPHER_ALG_AES_CBC, - - /** AES with counter mode */ - ODP_CIPHER_ALG_AES_CTR, - - /** AES with electronic codebook */ - ODP_CIPHER_ALG_AES_ECB, - - /** AES with 128-bit cipher feedback */ - ODP_CIPHER_ALG_AES_CFB128, - - /** AES with XEX-based tweaked-codebook mode with ciphertext stealing - * (XTS) */ - ODP_CIPHER_ALG_AES_XTS, - - /** AES-GCM - * - * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both - * authentication and ciphering of data (authenticated encryption) - * in the same operation. Hence this algorithm must be paired always - * with ODP_AUTH_ALG_AES_GCM authentication. - */ - ODP_CIPHER_ALG_AES_GCM, - - /** AES-CCM - * - * AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both - * authentication and ciphering of data (authenticated encryption) - * in the same operation. Hence this algorithm must be paired always - * with ODP_AUTH_ALG_AES_CCM authentication. - */ - ODP_CIPHER_ALG_AES_CCM, - - /** ChaCha20-Poly1305 - * - * ChaCha20 with Poly1305 provide both authentication and ciphering of - * data (authenticated encryption) in the same operation. Hence this - * algorithm must be paired always with ODP_AUTH_ALG_CHACHA20_POLY1305 - * authentication. - */ - ODP_CIPHER_ALG_CHACHA20_POLY1305, - - /** Confidentiality F8 algorithm (UEA1) - * - * KASUMI-based F8 algorithm (also known as UEA1). - * - * IV should be formatted according to the 3GPP TS 35.201: - * COUNT || BEARER || DIRECTION || 0...0 - */ - ODP_CIPHER_ALG_KASUMI_F8, - - /** Confidentiality UEA2 algorithm (128-EEA1) - * - * SNOW 3G-based UEA2 algorithm (also known as 128-EEA1). - * - * IV (128 bit) should be formatted according to the ETSI/SAGE - * UEA2 & UIA2 specification: - * COUNT || BEARER || DIRECTION || 0...0 || - * COUNT || BEARER || DIRECTION || 0...0 || - */ - ODP_CIPHER_ALG_SNOW3G_UEA2, - - /** Confidentiality 128-EEA2 algorithm - * - * AES-CTR-based 128-EEA2 algorithm. - * - * IV (128 bit) should be formatted according to the ETSI/SAGE - * 128-EA2 & 128-EIA2 specification: - * COUNT || BEARER || - * DIRECTION || 0....0 - */ - ODP_CIPHER_ALG_AES_EEA2, - - /** ZUC based confidentiality algorithm - * - * 128-EEA3/128-NEA3 algorithm when key length is 128 bits. - * - * IV (128 bit) should be formatted according to the ETSI/SAGE - * 128-EEA3 & 128-EIA3 specification: - * COUNT || BEARER || DIRECTION || 0...0 || - * COUNT || BEARER || DIRECTION || 0...0 || - * - * 256-bit key length support is experimental and subject to - * change. The following variants may be supported: - * - * - ZUC-256 with 25 byte IV (of which 184 bits are variable) - * as specified in "The ZUC-256 Stream Cipher". - * - ZUC-256 with 16 byte IV as specified in - * "An Addendum to the ZUC-256 Stream Cipher", - * https://eprint.iacr.org/2021/1439 - */ - ODP_CIPHER_ALG_ZUC_EEA3, - -} odp_cipher_alg_t; - -/** - * Crypto API authentication algorithm - */ -typedef enum { - /** No authentication algorithm specified */ - ODP_AUTH_ALG_NULL, - - /** HMAC-MD5 - * - * MD5 algorithm in HMAC mode - */ - ODP_AUTH_ALG_MD5_HMAC, - - /** HMAC-SHA-1 - * - * SHA-1 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA1_HMAC, - - /** HMAC-SHA-224 - * - * SHA-224 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA224_HMAC, - - /** HMAC-SHA-256 - * - * SHA-256 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA256_HMAC, - - /** HMAC-SHA-384 - * - * SHA-384 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA384_HMAC, - - /** HMAC-SHA-512 - * - * SHA-512 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA512_HMAC, - - /** AES-GCM - * - * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both - * authentication and ciphering of data (authenticated encryption) - * in the same operation. Hence this algorithm must be paired always - * with ODP_CIPHER_ALG_AES_GCM cipher. - */ - ODP_AUTH_ALG_AES_GCM, - - /** AES-GMAC - * - * AES Galois Message Authentication Code (GMAC) algorithm. AES-GMAC - * is based on AES-GCM operation, but provides authentication only. - * Hence this algorithm can be paired only with ODP_CIPHER_ALG_NULL - * cipher. - * - * NIST and RFC specifications of GMAC refer to all data to be - * authenticated as AAD. In ODP the data to be authenticated, i.e. - * AAD, is ODP packet data and specified using the auth_range - * parameter. The aad_length and aad_ptr parameters, which would - * require the data to be contiguous in memory, are ignored with - * AES-GMAC. - * - * GMAC needs an initialization vector, which can be passed via - * session (auth_iv) or packet (auth_iv_ptr) level parameters. - */ - ODP_AUTH_ALG_AES_GMAC, - - /** AES-CCM - * - * AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both - * authentication and ciphering of data (authenticated encryption) - * in the same operation. Hence this algorithm must be paired always - * with ODP_CIPHER_ALG_AES_CCM cipher. - */ - ODP_AUTH_ALG_AES_CCM, - - /** AES-CMAC - * - * AES Cipher-based Message Authentication Code (CMAC) algorithm. CMAC - * is a keyed hash function that is based on a symmetric key block - * cipher, such as the AES. - */ - ODP_AUTH_ALG_AES_CMAC, - - /** AES-XCBC-MAC - * - * AES CBC MAC for arbitrary-length messages (XCBC-MAC). - * - */ - ODP_AUTH_ALG_AES_XCBC_MAC, - - /** ChaCha20-Poly1305 AEAD - * - * ChaCha20 with Poly1305 provide both authentication and ciphering of - * data (authenticated encryption) in the same operation. Hence this - * algorithm must be paired always with - * ODP_CIPHER_ALG_CHACHA20_POLY1305 cipher. - */ - ODP_AUTH_ALG_CHACHA20_POLY1305, - - /** Integrity F9 algorithm (UIA1) - * - * KASUMI-based F9 algorithm (also known as UIA1). - * - * IV (9 bytes) is a concatenation of COUNT (32b), FRESH (32b) and - * DIRECTION (LSB-aligned, 1b). - * IV (8 bytes) is a concatenation of COUNT (32b) and FRESH (32b) - * DIRECTION (1b) and padding should come at the end of message. - */ - ODP_AUTH_ALG_KASUMI_F9, - - /** Integrity UIA2 algorithm (128-EIA1) - * - * SNOW 3G-based UIA2 algorithm (also known as 128-EIA1). - * IV (128 bit) should be formatted according to the ETSI/SAGE - * UEA2 & UIA2 specification: - * COUNT || FRESH || - * DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 || - * FRESH0 .. FRESH15 || FRESH16 XOR DIRECTION || FRESH17 .. FRESH31 - */ - ODP_AUTH_ALG_SNOW3G_UIA2, - - /** Integrity 128-EIA2 algorithm - * - * AES_CMAC-based 128-EIA2 algorithm. - * - * IV (128 bit) should be formatted according to the ETSI/SAGE - * 128-EA2 & 128-EIA2 specification: - * COUNT || BEARER || - * DIRECTION || 0....0 - */ - ODP_AUTH_ALG_AES_EIA2, - - /** ZUC-based integrity algorithm. - * - * 128-EIA3/128-NIA3 algorithm when key length is 128 bits. - * - * IV (128 bit) should be formatted according to the ETSI/SAGE - * 128-EA3 & 128-EIA2 specification: - * COUNT || BEARER || - * DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 || - * BEARER || 0...0 || DIRECTION || 0...0 - * - * 256-bit key length support is experimental and subject to - * change. The following variants may be supported: - * - * - ZUC-256 with 25 byte IV (of which 184 bits are variable) and - * 32/64/128 bit MAC as specified in "The ZUC-256 Stream Cipher". - * - ZUC-256 with 16 byte IV and 32/64/128 bit MAC as specified in - * "An Addendum to the ZUC-256 Stream Cipher", - * https://eprint.iacr.org/2021/1439 - */ - ODP_AUTH_ALG_ZUC_EIA3, - - /** MD5 algorithm */ - ODP_AUTH_ALG_MD5, - - /** SHA1 algorithm */ - ODP_AUTH_ALG_SHA1, - - /** 224 bit SHA2 algorithm */ - ODP_AUTH_ALG_SHA224, - - /** 256 bit SHA2 algorithm */ - ODP_AUTH_ALG_SHA256, - - /** 384 bit SHA2 algorithm */ - ODP_AUTH_ALG_SHA384, - - /** 512 bit SHA2 algorithm */ - ODP_AUTH_ALG_SHA512, - -} odp_auth_alg_t; - -/** - * Cipher algorithms in a bit field structure - */ -typedef union odp_crypto_cipher_algos_t { - /** Cipher algorithms */ - struct { - /** ODP_CIPHER_ALG_NULL */ - uint32_t null : 1; - - /** ODP_CIPHER_ALG_DES */ - uint32_t des : 1; - - /** ODP_CIPHER_ALG_3DES_CBC */ - uint32_t trides_cbc : 1; - - /** ODP_CIPHER_ALG_3DES_ECB */ - uint32_t trides_ecb : 1; - - /** ODP_CIPHER_ALG_AES_CBC */ - uint32_t aes_cbc : 1; - - /** ODP_CIPHER_ALG_AES_CTR */ - uint32_t aes_ctr : 1; - - /** ODP_CIPHER_ALG_AES_ECB */ - uint32_t aes_ecb : 1; - - /** ODP_CIPHER_ALG_AES_CFB128 */ - uint32_t aes_cfb128 : 1; - - /** ODP_CIPHER_ALG_AES_XTS */ - uint32_t aes_xts : 1; - - /** ODP_CIPHER_ALG_AES_GCM */ - uint32_t aes_gcm : 1; - - /** ODP_CIPHER_ALG_AES_CCM */ - uint32_t aes_ccm : 1; - - /** ODP_CIPHER_ALG_CHACHA20_POLY1305 */ - uint32_t chacha20_poly1305 : 1; - - /** ODP_CIPHER_ALG_KASUMI_F8 */ - uint32_t kasumi_f8 : 1; - - /** ODP_CIPHER_ALG_SNOW3G_UEA2 */ - uint32_t snow3g_uea2 : 1; - - /** ODP_CIPHER_ALG_AES_EEA2 */ - uint32_t aes_eea2 : 1; - - /** ODP_CIPHER_ALG_ZUC_EEA3 */ - uint32_t zuc_eea3 : 1; - - } bit; - - /** All bits of the bit field structure - * - * This field can be used to set/clear all flags, or bitwise - * operations over the entire structure. */ - uint32_t all_bits; -} odp_crypto_cipher_algos_t; - -/** - * Authentication algorithms in a bit field structure - */ -typedef union odp_crypto_auth_algos_t { - /** Authentication algorithms */ - struct { - /** ODP_AUTH_ALG_NULL */ - uint32_t null : 1; - - /** ODP_AUTH_ALG_MD5_HMAC */ - uint32_t md5_hmac : 1; - - /** ODP_AUTH_ALG_SHA1_HMAC */ - uint32_t sha1_hmac : 1; - - /** ODP_AUTH_ALG_SHA224_HMAC */ - uint32_t sha224_hmac : 1; - - /** ODP_AUTH_ALG_SHA256_HMAC */ - uint32_t sha256_hmac : 1; - - /** ODP_AUTH_ALG_SHA384_HMAC */ - uint32_t sha384_hmac : 1; - - /** ODP_AUTH_ALG_SHA512_HMAC */ - uint32_t sha512_hmac : 1; - - /** ODP_AUTH_ALG_AES_GCM */ - uint32_t aes_gcm : 1; - - /** ODP_AUTH_ALG_AES_GMAC*/ - uint32_t aes_gmac : 1; - - /** ODP_AUTH_ALG_AES_CCM */ - uint32_t aes_ccm : 1; - - /** ODP_AUTH_ALG_AES_CMAC*/ - uint32_t aes_cmac : 1; - - /** ODP_AUTH_ALG_AES_XCBC_MAC*/ - uint32_t aes_xcbc_mac : 1; - - /** ODP_AUTH_ALG_CHACHA20_POLY1305 */ - uint32_t chacha20_poly1305 : 1; - - /** ODP_AUTH_ALG_KASUMI_F9 */ - uint32_t kasumi_f9 : 1; - - /** ODP_AUTH_ALG_SNOW3G_UIA2 */ - uint32_t snow3g_uia2 : 1; - - /** ODP_AUTH_ALG_AES_EIA2 */ - uint32_t aes_eia2 : 1; - - /** ODP_AUTH_ALG_ZUC_EIA3 */ - uint32_t zuc_eia3 : 1; - - /** ODP_AUTH_ALG_MD5 */ - uint32_t md5 : 1; - - /** ODP_AUTH_ALG_SHA1 */ - uint32_t sha1 : 1; - - /** ODP_AUTH_ALG_SHA224 */ - uint32_t sha224 : 1; - - /** ODP_AUTH_ALG_SHA256 */ - uint32_t sha256 : 1; - - /** ODP_AUTH_ALG_SHA384 */ - uint32_t sha384 : 1; - - /** ODP_AUTH_ALG_SHA512 */ - uint32_t sha512 : 1; - - } bit; - - /** All bits of the bit field structure - * - * This field can be used to set/clear all flags, or bitwise - * operations over the entire structure. */ - uint32_t all_bits; -} odp_crypto_auth_algos_t; - -/** - * Crypto API key structure - */ -typedef struct odp_crypto_key { - /** Key data */ - uint8_t *data; - - /** Key length in bytes */ - uint32_t length; - -} odp_crypto_key_t; - -/** - * Crypto API IV structure - * - * @deprecated Use per-packet IV in crypto operation parameters - */ -typedef struct odp_crypto_iv { - /** IV data - * - * Ignored when length is zero. Null value indicates that an - * IV will be provided for each packet through the crypto - * operation parameters. In that case the per-operation - * IV parameter must always point to a valid IV. - * - * Default value is NULL. - */ - uint8_t *data; - - /** IV length in bytes. Default value is zero. */ - uint32_t length; - -} ODP_DEPRECATE(odp_crypto_iv_t); - -/** - * Crypto API session creation parameters - */ -typedef struct odp_crypto_session_param_t { - /** Encode vs. decode operation - * - * The default value is ODP_CRYPTO_OP_ENCODE. - */ - odp_crypto_op_t op; - - /** Authenticate cipher vs. plain text - * - * Controls ordering of authentication and cipher operations, - * and is relative to the operation (encode vs decode). When encoding, - * TRUE indicates the authentication operation should be performed - * after the cipher operation else before. When decoding, TRUE - * indicates the reverse order of operation. - * - * The value is ignored with authenticated encryption algorithms - * such as AES-GCM. - * - * true: Authenticate cipher text - * false: Authenticate plain text - * - * The default value is false. - */ - odp_bool_t auth_cipher_text; - - /** Hash result location may overlap authentication range - * - * This flag indicates that the hash result location may (but is - * not required to) overlap authentication range. Setting this - * flag may reduce performance. - * - * Default value is false. - */ - odp_bool_t hash_result_in_auth_range; - - /** Preferred sync vs. async for odp_crypto_operation() - * - * The default value is ODP_CRYPTO_SYNC. - * - * @deprecated Used only with deprecated odp_crypto_operation() - */ - odp_crypto_op_mode_t ODP_DEPRECATE(pref_mode); - - /** Operation mode when using packet interface: sync or async - * - * The default value is ODP_CRYPTO_SYNC. - */ - odp_crypto_op_mode_t op_mode; - - /** Cipher algorithm - * - * Select cipher algorithm to be used. ODP_CIPHER_ALG_NULL indicates - * that ciphering is disabled. Use odp_crypto_capability() for - * supported algorithms. Note that some algorithms restrict choice of - * the pairing authentication algorithm. When ciphering is enabled - * cipher key and IV need to be set. The default value is - * ODP_CIPHER_ALG_NULL. - */ - odp_cipher_alg_t cipher_alg; - - /** Cipher key - * - * Use odp_crypto_cipher_capa() for supported key and IV lengths. - */ - odp_crypto_key_t cipher_key; - - /** Cipher Initialization Vector (IV) - * - * Unless using the deprecated API, this specifies the length of - * the IV only. The actual IV must then be provided in per-packet - * parameters of crypto operations. - */ - union { -#if ODP_DEPRECATED_API - /** @deprecated Cipher IV */ - odp_crypto_iv_t ODP_DEPRECATE(cipher_iv); -#endif - /** Cipher IV length */ - struct { -#if ODP_DEPRECATED_API - /** @cond - * Unused padding field - */ - uint8_t *dummy_padding_0; - /** @endcond */ -#endif - /** Length of cipher initialization vector. - * Default value is zero. - */ - uint32_t cipher_iv_len; - }; - }; - - /** Authentication algorithm - * - * Select authentication algorithm to be used. ODP_AUTH_ALG_NULL - * indicates that authentication is disabled. Use - * odp_crypto_capability() for supported algorithms. Note that some - * algorithms restrict choice of the pairing cipher algorithm. When - * single algorithm provides both ciphering and authentication - * (i.e. Authenticated Encryption), authentication side key - * (auth_key) and IV (auth_iv) are ignored, and cipher side values are - * used instead. These algorithms ignore authentication side key - * and IV: ODP_AUTH_ALG_AES_GCM, ODP_AUTH_ALG_AES_CCM and - * ODP_AUTH_ALG_CHACHA20_POLY1305. Otherwise, all authentication side - * parameters must be set when authentication is enabled. The default - * value is ODP_AUTH_ALG_NULL. - */ - odp_auth_alg_t auth_alg; - - /** Authentication key - * - * Use odp_crypto_auth_capability() for supported key lengths. - */ - odp_crypto_key_t auth_key; - - /** Authentication Initialization Vector (IV) - * - * Unless using the deprecated API, this specifies the length of - * the IV only. The actual IV must then be provided in per-packet - * parameters of crypto operations. - */ - union { -#if ODP_DEPRECATED_API - /** @deprecated Authentication IV */ - odp_crypto_iv_t ODP_DEPRECATE(auth_iv); -#endif - /** Authentication IV length */ - struct { -#if ODP_DEPRECATED_API - /** @cond - * Unused padding field - */ - uint8_t *dummy_padding_1; - /** @endcond */ -#endif - /** Length of authentication initialization vector. - * Default value is zero. - */ - uint32_t auth_iv_len; - }; - }; - - /** Authentication digest length in bytes - * - * Use odp_crypto_auth_capability() for supported digest lengths. - */ - uint32_t auth_digest_len; - - /** Additional Authenticated Data (AAD) length in bytes - * - * AAD length is constant for all operations (packets) of the session. - * Set to zero when AAD is not used. Use odp_crypto_auth_capability() - * for supported AAD lengths. The default value is zero. - */ - uint32_t auth_aad_len; - - /** Async mode completion event queue - * - * The completion queue is used to return completions from - * odp_crypto_op_enq() (and the deprecated odp_crypto_operation()) - * to the application. - */ - odp_queue_t compl_queue; - - /** Output pool - * - * When the output packet is not specified during the call to - * crypto operation, the output packet will be allocated - * from this pool. - */ - odp_pool_t output_pool; - -} odp_crypto_session_param_t; - -/** - * Crypto API per packet operation parameters - * - * @deprecated Use odp_crypto_packet_op_param_t instead. - */ -typedef struct odp_crypto_op_param_t { - /** Session handle from creation */ - odp_crypto_session_t session; - - /** User context */ - void *ctx; - - /** Input packet - * - * Specifies the input packet for the crypto operation. When the - * 'out_pkt' variable is set to ODP_PACKET_INVALID (indicating a new - * packet should be allocated for the resulting packet). - */ - odp_packet_t pkt; - - /** Output packet - * - * Both "in place" (the original packet 'pkt' is modified) and - * "copy" (the packet is replicated to a new packet which contains - * the modified data) modes are supported. The "in place" mode of - * operation is indicated by setting 'out_pkt' equal to 'pkt'. - * For the copy mode of operation, setting 'out_pkt' to a valid packet - * value indicates the caller wishes to specify the destination packet. - * Setting 'out_pkt' to ODP_PACKET_INVALID indicates the caller wishes - * the destination packet be allocated from the output pool specified - * during session creation. - */ - odp_packet_t out_pkt; - - /** IV pointer for cipher */ - uint8_t *cipher_iv_ptr; - - /** Authentication IV pointer */ - uint8_t *auth_iv_ptr; - - /** Offset from start of packet for hash result - * - * In case of decode sessions, the expected hash will be read from - * this offset and compared with the calculated hash. After the - * operation the hash bytes will have undefined values. - * - * In case of encode sessions the calculated hash will be stored in - * this offset. - * - * If the hash_result_in_auth_range session parameter is true, - * the hash result location may overlap auth_range. In that case - * the result location will be zeroed in decode sessions before - * hash calculation. Zeroing is not done in encode sessions. - */ - uint32_t hash_result_offset; - - /** Pointer to AAD. AAD length is defined by 'auth_aad_len' - * session parameter. - */ - uint8_t *aad_ptr; - - /** Data range to be ciphered */ - odp_packet_data_range_t cipher_range; - - /** Data range to be authenticated - * - * The value is ignored with authenticated encryption algorithms, - * such as AES-GCM, which authenticate data in the cipher range - * and the AAD. - * - * As a special case AES-GMAC uses this field instead of aad_ptr - * for the data bytes to be authenticated. - */ - odp_packet_data_range_t auth_range; - -} ODP_DEPRECATE(odp_crypto_op_param_t); - -/** - * Crypto packet API per packet operation parameters - */ -typedef struct odp_crypto_packet_op_param_t { - /** Session handle from creation */ - odp_crypto_session_t session; - - /** IV pointer for cipher */ - uint8_t *cipher_iv_ptr; - - /** IV pointer for authentication */ - uint8_t *auth_iv_ptr; - - /** Offset from start of packet for hash result - * - * In case of decode sessions, the expected hash will be read from - * this offset and compared with the calculated hash. After the - * operation the hash bytes will have undefined values. - * - * In case of encode sessions the calculated hash will be stored in - * this offset. - * - * If the hash_result_in_auth_range session parameter is true, - * the hash result location may overlap auth_range. In that case the - * result location will be zeroed in decode sessions before hash - * calculation. Zeroing is not done in encode sessions. - */ - uint32_t hash_result_offset; - - /** Pointer to AAD. AAD length is defined by 'auth_aad_len' - * session parameter. - */ - uint8_t *aad_ptr; - - /** Data range to apply cipher */ - odp_packet_data_range_t cipher_range; - - /** Data range to authenticate */ - odp_packet_data_range_t auth_range; - -} odp_crypto_packet_op_param_t; - -/** - * Crypto API session creation return code - */ -typedef enum { - /** Session created */ - ODP_CRYPTO_SES_ERR_NONE, - /** Creation failed, no resources */ - ODP_CRYPTO_SES_ERR_ENOMEM, - /** Creation failed, bad cipher params */ - ODP_CRYPTO_SES_ERR_CIPHER, - /** Creation failed, bad auth params */ - ODP_CRYPTO_SES_ERR_AUTH, - - /** Unsupported combination of algorithms - * - * The combination of cipher and auth algorithms with their - * specific parameters is not supported even if the algorithms - * appear in capabilities and are supported in combination with - * other algorithms or other algorithm specific parameters. - */ - ODP_CRYPTO_SES_ERR_ALG_COMBO, - - /** Unsupported order of cipher and auth - * - * The requested mutual order of ciphering and authentication - * is not supported with the chosen individual cipher and - * authentication algorithms. - */ - ODP_CRYPTO_SES_ERR_ALG_ORDER, - - /** Unsupported combination of session creation parameters - * - * The combination of provided session creation parameters is not - * supported. This error can occur when there are limitations that - * are not expressible through crypto capabilities or other error - * status values. - */ - ODP_CRYPTO_SES_ERR_PARAMS, -} odp_crypto_ses_create_err_t; - -/** This synonym for backward compatibility will be deprecated later */ -#define ODP_CRYPTO_SES_CREATE_ERR_NONE ODP_CRYPTO_SES_ERR_NONE -/** This synonym for backward compatibility will be deprecated later */ -#define ODP_CRYPTO_SES_CREATE_ERR_ENOMEM ODP_CRYPTO_SES_ERR_ENOMEM -/** This synonym for backward compatibility will be deprecated later */ -#define ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER ODP_CRYPTO_SES_ERR_CIPHER -/** This synonym for backward compatibility will be deprecated later */ -#define ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH ODP_CRYPTO_SES_ERR_AUTH - -/** - * Crypto API algorithm return code - */ -typedef enum { - /** Algorithm successful */ - ODP_CRYPTO_ALG_ERR_NONE, - /** Invalid data block size */ - ODP_CRYPTO_ALG_ERR_DATA_SIZE, - /** Key size invalid for algorithm */ - ODP_CRYPTO_ALG_ERR_KEY_SIZE, - /** Computed ICV value mismatch */ - ODP_CRYPTO_ALG_ERR_ICV_CHECK, - /** IV value not specified */ - ODP_CRYPTO_ALG_ERR_IV_INVALID, -} odp_crypto_alg_err_t; - -/** - * Crypto API hardware centric return code - */ -typedef enum { - /** Operation completed successfully */ - ODP_CRYPTO_HW_ERR_NONE, - /** Error detected during DMA of data */ - ODP_CRYPTO_HW_ERR_DMA, - /** Operation failed due to pool depletion */ - ODP_CRYPTO_HW_ERR_BP_DEPLETED, -} odp_crypto_hw_err_t; - -/** - * Cryto API per packet operation completion status - */ -typedef struct odp_crypto_op_status { - /** Algorithm specific return code */ - odp_crypto_alg_err_t alg_err; - - /** Hardware specific return code */ - odp_crypto_hw_err_t hw_err; - -} odp_crypto_op_status_t; - -/** - * Crypto API operation result - * - * @deprecated Use odp_crypto_packet_result_t instead. - */ -typedef struct odp_crypto_op_result { - /** Request completed successfully */ - odp_bool_t ok; - - /** User context from request */ - void *ctx; - - /** Output packet */ - odp_packet_t pkt; - - /** Cipher status */ - odp_crypto_op_status_t cipher_status; - - /** Authentication status */ - odp_crypto_op_status_t auth_status; - -} ODP_DEPRECATE(odp_crypto_op_result_t); - -/** - * Crypto packet API operation result - */ -typedef struct odp_crypto_packet_result_t { - /** Request completed successfully */ - odp_bool_t ok; - - /** Cipher status */ - odp_crypto_op_status_t cipher_status; - - /** Authentication status */ - odp_crypto_op_status_t auth_status; - -} odp_crypto_packet_result_t; - -/** - * Crypto capabilities - */ -typedef struct odp_crypto_capability_t { - /** Maximum number of crypto sessions */ - uint32_t max_sessions; - - /** Supported packet operation in SYNC mode */ - odp_support_t sync_mode; - - /** Supported packet operation in ASYNC mode */ - odp_support_t async_mode; - - /** Supported cipher algorithms */ - odp_crypto_cipher_algos_t ciphers; - - /** Cipher algorithms implemented with HW offload */ - odp_crypto_cipher_algos_t hw_ciphers; - - /** Supported authentication algorithms */ - odp_crypto_auth_algos_t auths; - - /** Authentication algorithms implemented with HW offload */ - odp_crypto_auth_algos_t hw_auths; - - /** - * Scheduled crypto completion queue support - * - * This defines whether scheduled queues are supported as crypto - * compl_queue. - * 0: Scheduled queues are not supported as crypto completion queues - * 1: Scheduled queues are supported as crypto completion queues - * @see odp_crypto_session_param_t - */ - odp_bool_t queue_type_sched; - - /** - * Plain crypto completion queue support - * - * This defines whether plain queues are supported as crypto - * compl_queue. - * 0: Plain queues are not supported as crypto completion queues - * 1: Plain queues are supported as crypto completion queues - * @see odp_crypto_session_param_t - */ - odp_bool_t queue_type_plain; -} odp_crypto_capability_t; - -/** - * Cipher algorithm capabilities - */ -typedef struct odp_crypto_cipher_capability_t { - /** Key length in bytes */ - uint32_t key_len; - - /** IV length in bytes */ - uint32_t iv_len; - - /** Cipher is operating in bitwise mode - * - * This cipher works on series of bits, rather than sequences of bytes: - * cipher_range in odp_crypto_op_param_t and - * odp_crypto_packet_op_param_t will use bits, rather than bytes. - * - * Note: data buffer MUST start on the byte boundary, using offset - * which is not divisible by 8 is unsupported and will result in - * unspecified behaviour. - * - * Note2: If the data length is not a multiple of 8, the remaining - * bits of the data in the last byte of the input/output will be the - * most significant bits, i.e. the most significant bit is considered - * to be the first bit of a byte for the purpose of input and output - * data range. The output bits that fall out of the output range are - * undefined. - */ - odp_bool_t bit_mode; - -} odp_crypto_cipher_capability_t; - -/** - * Authentication algorithm capabilities - */ -typedef struct odp_crypto_auth_capability_t { - /** Digest length in bytes */ - uint32_t digest_len; - - /** Key length in bytes */ - uint32_t key_len; - - /** IV length in bytes */ - uint32_t iv_len; - - /** Additional Authenticated Data (AAD) lengths */ - struct { - /** Minimum AAD length in bytes */ - uint32_t min; - - /** Maximum AAD length in bytes */ - uint32_t max; - - /** Increment of supported lengths between min and max - * (in bytes) */ - uint32_t inc; - } aad_len; - - /** Auth is operating in bitstring mode - * - * This auth works on series of bits, rather than sequences of bytes: - * auth_range in odp_crypto_op_param_t and - * odp_crypto_packet_op_param_t will use bits, rather than bytes. - * - * Note: data buffer MUST start on the byte boundary, using offset - * which is not divisible by 8 is unsupported and will result in - * unpredictable behaviour. - * - * Note2: If the data length is not a multiple of 8, the remaining - * bits of the data in the last byte of the input/output will be the - * most significant bits, i.e. the most significant bit is considered - * to be the first bit of a byte for the purpose of input and output - * data range. The output bits that fall out of the output range are - * undefined. - */ - odp_bool_t bit_mode; - -} odp_crypto_auth_capability_t; - -/** * Query crypto capabilities * * Outputs crypto capabilities on success. @@ -1336,7 +280,7 @@ int odp_crypto_result(odp_crypto_packet_result_t *result, * from provided pool. All arrays should be of num_pkt size. * * @param pkt_in Packets to be processed - * @param[in,out] pkt_out Packet handle array specifyint resulting packets + * @param[in,out] pkt_out Packet handle array specifying resulting packets * @param param Operation parameters array * @param num_pkt Number of packets to be processed * diff --git a/include/odp/api/spec/crypto_types.h b/include/odp/api/spec/crypto_types.h new file mode 100644 index 000000000..7f2c49a7d --- /dev/null +++ b/include/odp/api/spec/crypto_types.h @@ -0,0 +1,1095 @@ +/* Copyright (c) 2014-2018, Linaro Limited + * Copyright (c) 2021-2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP crypto types */ + +#ifndef ODP_API_SPEC_CRYPTO_TYPES_H_ +#define ODP_API_SPEC_CRYPTO_TYPES_H_ +#include <odp/visibility_begin.h> + +#include <odp/api/deprecated.h> +#include <odp/api/packet_types.h> +#include <odp/api/pool_types.h> +#include <odp/api/std_types.h> + +#ifdef __cplusplus +extern "C" { +#endif + +/** @addtogroup odp_crypto + * @{ + */ + +/** + * @def ODP_CRYPTO_SESSION_INVALID + * Invalid session handle + */ + +/** + * @typedef odp_crypto_session_t + * Crypto API opaque session handle + */ + +/** + * @typedef odp_crypto_compl_t +* @deprecated Crypto API completion event (platform dependent). +*/ + +/** + * Crypto API operation mode + */ +typedef enum { + /** Synchronous, return results immediately */ + ODP_CRYPTO_SYNC, + /** Asynchronous, return results via posted event */ + ODP_CRYPTO_ASYNC, +} odp_crypto_op_mode_t; + +/** + * Crypto API operation type + */ +typedef enum { + /** Encrypt and/or compute authentication ICV */ + ODP_CRYPTO_OP_ENCODE, + /** Decrypt and/or verify authentication ICV */ + ODP_CRYPTO_OP_DECODE, +} odp_crypto_op_t; + +/** + * Crypto API cipher algorithm + */ +typedef enum { + /** No cipher algorithm specified */ + ODP_CIPHER_ALG_NULL, + + /** DES */ + ODP_CIPHER_ALG_DES, + + /** Triple DES with cipher block chaining */ + ODP_CIPHER_ALG_3DES_CBC, + + /** Triple DES with Electronic Codebook */ + ODP_CIPHER_ALG_3DES_ECB, + + /** AES with cipher block chaining */ + ODP_CIPHER_ALG_AES_CBC, + + /** AES with counter mode */ + ODP_CIPHER_ALG_AES_CTR, + + /** AES with electronic codebook */ + ODP_CIPHER_ALG_AES_ECB, + + /** AES with 128-bit cipher feedback */ + ODP_CIPHER_ALG_AES_CFB128, + + /** AES with XEX-based tweaked-codebook mode with ciphertext stealing + * (XTS) */ + ODP_CIPHER_ALG_AES_XTS, + + /** AES-GCM + * + * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_AUTH_ALG_AES_GCM authentication. + */ + ODP_CIPHER_ALG_AES_GCM, + + /** AES-CCM + * + * AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_AUTH_ALG_AES_CCM authentication. + */ + ODP_CIPHER_ALG_AES_CCM, + + /** ChaCha20-Poly1305 + * + * ChaCha20 with Poly1305 provide both authentication and ciphering of + * data (authenticated encryption) in the same operation. Hence this + * algorithm must be paired always with ODP_AUTH_ALG_CHACHA20_POLY1305 + * authentication. + */ + ODP_CIPHER_ALG_CHACHA20_POLY1305, + + /** Confidentiality F8 algorithm (UEA1) + * + * KASUMI-based F8 algorithm (also known as UEA1). + * + * IV should be formatted according to the 3GPP TS 35.201: + * COUNT || BEARER || DIRECTION || 0...0 + */ + ODP_CIPHER_ALG_KASUMI_F8, + + /** Confidentiality UEA2 algorithm (128-EEA1) + * + * SNOW 3G-based UEA2 algorithm (also known as 128-EEA1). + * + * IV (128 bit) should be formatted according to the ETSI/SAGE + * UEA2 & UIA2 specification: + * COUNT || BEARER || DIRECTION || 0...0 || + * COUNT || BEARER || DIRECTION || 0...0 || + */ + ODP_CIPHER_ALG_SNOW3G_UEA2, + + /** Confidentiality 128-EEA2 algorithm + * + * AES-CTR-based 128-EEA2 algorithm. + * + * IV (128 bit) should be formatted according to the ETSI/SAGE + * 128-EA2 & 128-EIA2 specification: + * COUNT || BEARER || + * DIRECTION || 0....0 + */ + ODP_CIPHER_ALG_AES_EEA2, + + /** ZUC based confidentiality algorithm + * + * 128-EEA3/128-NEA3 algorithm when key length is 128 bits. + * + * IV (128 bit) should be formatted according to the ETSI/SAGE + * 128-EEA3 & 128-EIA3 specification: + * COUNT || BEARER || DIRECTION || 0...0 || + * COUNT || BEARER || DIRECTION || 0...0 || + * + * 256-bit key length support is experimental and subject to + * change. The following variants may be supported: + * + * - ZUC-256 with 25 byte IV (of which 184 bits are variable) + * as specified in "The ZUC-256 Stream Cipher". + * - ZUC-256 with 16 byte IV as specified in + * "An Addendum to the ZUC-256 Stream Cipher", + * https://eprint.iacr.org/2021/1439 + */ + ODP_CIPHER_ALG_ZUC_EEA3, + +} odp_cipher_alg_t; + +/** + * Crypto API authentication algorithm + */ +typedef enum { + /** No authentication algorithm specified */ + ODP_AUTH_ALG_NULL, + + /** HMAC-MD5 + * + * MD5 algorithm in HMAC mode + */ + ODP_AUTH_ALG_MD5_HMAC, + + /** HMAC-SHA-1 + * + * SHA-1 algorithm in HMAC mode + */ + ODP_AUTH_ALG_SHA1_HMAC, + + /** HMAC-SHA-224 + * + * SHA-224 algorithm in HMAC mode + */ + ODP_AUTH_ALG_SHA224_HMAC, + + /** HMAC-SHA-256 + * + * SHA-256 algorithm in HMAC mode + */ + ODP_AUTH_ALG_SHA256_HMAC, + + /** HMAC-SHA-384 + * + * SHA-384 algorithm in HMAC mode + */ + ODP_AUTH_ALG_SHA384_HMAC, + + /** HMAC-SHA-512 + * + * SHA-512 algorithm in HMAC mode + */ + ODP_AUTH_ALG_SHA512_HMAC, + + /** AES-GCM + * + * AES in Galois/Counter Mode (GCM) algorithm. GCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_CIPHER_ALG_AES_GCM cipher. + */ + ODP_AUTH_ALG_AES_GCM, + + /** AES-GMAC + * + * AES Galois Message Authentication Code (GMAC) algorithm. AES-GMAC + * is based on AES-GCM operation, but provides authentication only. + * Hence this algorithm can be paired only with ODP_CIPHER_ALG_NULL + * cipher. + * + * NIST and RFC specifications of GMAC refer to all data to be + * authenticated as AAD. In ODP the data to be authenticated, i.e. + * AAD, is ODP packet data and specified using the auth_range + * parameter. The aad_length and aad_ptr parameters, which would + * require the data to be contiguous in memory, are ignored with + * AES-GMAC. + * + * GMAC needs an initialization vector, which can be passed via + * session (auth_iv) or packet (auth_iv_ptr) level parameters. + */ + ODP_AUTH_ALG_AES_GMAC, + + /** AES-CCM + * + * AES in Counter with CBC-MAC (CCM) mode algorithm. CCM provides both + * authentication and ciphering of data (authenticated encryption) + * in the same operation. Hence this algorithm must be paired always + * with ODP_CIPHER_ALG_AES_CCM cipher. + */ + ODP_AUTH_ALG_AES_CCM, + + /** AES-CMAC + * + * AES Cipher-based Message Authentication Code (CMAC) algorithm. CMAC + * is a keyed hash function that is based on a symmetric key block + * cipher, such as the AES. + */ + ODP_AUTH_ALG_AES_CMAC, + + /** AES-XCBC-MAC + * + * AES CBC MAC for arbitrary-length messages (XCBC-MAC). + * + */ + ODP_AUTH_ALG_AES_XCBC_MAC, + + /** ChaCha20-Poly1305 AEAD + * + * ChaCha20 with Poly1305 provide both authentication and ciphering of + * data (authenticated encryption) in the same operation. Hence this + * algorithm must be paired always with + * ODP_CIPHER_ALG_CHACHA20_POLY1305 cipher. + */ + ODP_AUTH_ALG_CHACHA20_POLY1305, + + /** Integrity F9 algorithm (UIA1) + * + * KASUMI-based F9 algorithm (also known as UIA1). + * + * IV (9 bytes) is a concatenation of COUNT (32b), FRESH (32b) and + * DIRECTION (LSB-aligned, 1b). + * IV (8 bytes) is a concatenation of COUNT (32b) and FRESH (32b) + * DIRECTION (1b) and padding should come at the end of message. + */ + ODP_AUTH_ALG_KASUMI_F9, + + /** Integrity UIA2 algorithm (128-EIA1) + * + * SNOW 3G-based UIA2 algorithm (also known as 128-EIA1). + * IV (128 bit) should be formatted according to the ETSI/SAGE + * UEA2 & UIA2 specification: + * COUNT || FRESH || + * DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 || + * FRESH0 .. FRESH15 || FRESH16 XOR DIRECTION || FRESH17 .. FRESH31 + */ + ODP_AUTH_ALG_SNOW3G_UIA2, + + /** Integrity 128-EIA2 algorithm + * + * AES_CMAC-based 128-EIA2 algorithm. + * + * IV (128 bit) should be formatted according to the ETSI/SAGE + * 128-EA2 & 128-EIA2 specification: + * COUNT || BEARER || + * DIRECTION || 0....0 + */ + ODP_AUTH_ALG_AES_EIA2, + + /** ZUC-based integrity algorithm. + * + * 128-EIA3/128-NIA3 algorithm when key length is 128 bits. + * + * IV (128 bit) should be formatted according to the ETSI/SAGE + * 128-EA3 & 128-EIA2 specification: + * COUNT || BEARER || + * DIRECTION XOR COUNT0 || COUNT1 .. COUNT31 || + * BEARER || 0...0 || DIRECTION || 0...0 + * + * 256-bit key length support is experimental and subject to + * change. The following variants may be supported: + * + * - ZUC-256 with 25 byte IV (of which 184 bits are variable) and + * 32/64/128 bit MAC as specified in "The ZUC-256 Stream Cipher". + * - ZUC-256 with 16 byte IV and 32/64/128 bit MAC as specified in + * "An Addendum to the ZUC-256 Stream Cipher", + * https://eprint.iacr.org/2021/1439 + */ + ODP_AUTH_ALG_ZUC_EIA3, + + /** MD5 algorithm */ + ODP_AUTH_ALG_MD5, + + /** SHA1 algorithm */ + ODP_AUTH_ALG_SHA1, + + /** 224 bit SHA2 algorithm */ + ODP_AUTH_ALG_SHA224, + + /** 256 bit SHA2 algorithm */ + ODP_AUTH_ALG_SHA256, + + /** 384 bit SHA2 algorithm */ + ODP_AUTH_ALG_SHA384, + + /** 512 bit SHA2 algorithm */ + ODP_AUTH_ALG_SHA512, + +} odp_auth_alg_t; + +/** + * Cipher algorithms in a bit field structure + */ +typedef union odp_crypto_cipher_algos_t { + /** Cipher algorithms */ + struct { + /** ODP_CIPHER_ALG_NULL */ + uint32_t null : 1; + + /** ODP_CIPHER_ALG_DES */ + uint32_t des : 1; + + /** ODP_CIPHER_ALG_3DES_CBC */ + uint32_t trides_cbc : 1; + + /** ODP_CIPHER_ALG_3DES_ECB */ + uint32_t trides_ecb : 1; + + /** ODP_CIPHER_ALG_AES_CBC */ + uint32_t aes_cbc : 1; + + /** ODP_CIPHER_ALG_AES_CTR */ + uint32_t aes_ctr : 1; + + /** ODP_CIPHER_ALG_AES_ECB */ + uint32_t aes_ecb : 1; + + /** ODP_CIPHER_ALG_AES_CFB128 */ + uint32_t aes_cfb128 : 1; + + /** ODP_CIPHER_ALG_AES_XTS */ + uint32_t aes_xts : 1; + + /** ODP_CIPHER_ALG_AES_GCM */ + uint32_t aes_gcm : 1; + + /** ODP_CIPHER_ALG_AES_CCM */ + uint32_t aes_ccm : 1; + + /** ODP_CIPHER_ALG_CHACHA20_POLY1305 */ + uint32_t chacha20_poly1305 : 1; + + /** ODP_CIPHER_ALG_KASUMI_F8 */ + uint32_t kasumi_f8 : 1; + + /** ODP_CIPHER_ALG_SNOW3G_UEA2 */ + uint32_t snow3g_uea2 : 1; + + /** ODP_CIPHER_ALG_AES_EEA2 */ + uint32_t aes_eea2 : 1; + + /** ODP_CIPHER_ALG_ZUC_EEA3 */ + uint32_t zuc_eea3 : 1; + + } bit; + + /** All bits of the bit field structure + * + * This field can be used to set/clear all flags, or bitwise + * operations over the entire structure. */ + uint32_t all_bits; +} odp_crypto_cipher_algos_t; + +/** + * Authentication algorithms in a bit field structure + */ +typedef union odp_crypto_auth_algos_t { + /** Authentication algorithms */ + struct { + /** ODP_AUTH_ALG_NULL */ + uint32_t null : 1; + + /** ODP_AUTH_ALG_MD5_HMAC */ + uint32_t md5_hmac : 1; + + /** ODP_AUTH_ALG_SHA1_HMAC */ + uint32_t sha1_hmac : 1; + + /** ODP_AUTH_ALG_SHA224_HMAC */ + uint32_t sha224_hmac : 1; + + /** ODP_AUTH_ALG_SHA256_HMAC */ + uint32_t sha256_hmac : 1; + + /** ODP_AUTH_ALG_SHA384_HMAC */ + uint32_t sha384_hmac : 1; + + /** ODP_AUTH_ALG_SHA512_HMAC */ + uint32_t sha512_hmac : 1; + + /** ODP_AUTH_ALG_AES_GCM */ + uint32_t aes_gcm : 1; + + /** ODP_AUTH_ALG_AES_GMAC*/ + uint32_t aes_gmac : 1; + + /** ODP_AUTH_ALG_AES_CCM */ + uint32_t aes_ccm : 1; + + /** ODP_AUTH_ALG_AES_CMAC*/ + uint32_t aes_cmac : 1; + + /** ODP_AUTH_ALG_AES_XCBC_MAC*/ + uint32_t aes_xcbc_mac : 1; + + /** ODP_AUTH_ALG_CHACHA20_POLY1305 */ + uint32_t chacha20_poly1305 : 1; + + /** ODP_AUTH_ALG_KASUMI_F9 */ + uint32_t kasumi_f9 : 1; + + /** ODP_AUTH_ALG_SNOW3G_UIA2 */ + uint32_t snow3g_uia2 : 1; + + /** ODP_AUTH_ALG_AES_EIA2 */ + uint32_t aes_eia2 : 1; + + /** ODP_AUTH_ALG_ZUC_EIA3 */ + uint32_t zuc_eia3 : 1; + + /** ODP_AUTH_ALG_MD5 */ + uint32_t md5 : 1; + + /** ODP_AUTH_ALG_SHA1 */ + uint32_t sha1 : 1; + + /** ODP_AUTH_ALG_SHA224 */ + uint32_t sha224 : 1; + + /** ODP_AUTH_ALG_SHA256 */ + uint32_t sha256 : 1; + + /** ODP_AUTH_ALG_SHA384 */ + uint32_t sha384 : 1; + + /** ODP_AUTH_ALG_SHA512 */ + uint32_t sha512 : 1; + + } bit; + + /** All bits of the bit field structure + * + * This field can be used to set/clear all flags, or bitwise + * operations over the entire structure. */ + uint32_t all_bits; +} odp_crypto_auth_algos_t; + +/** + * Crypto API key structure + */ +typedef struct odp_crypto_key { + /** Key data */ + uint8_t *data; + + /** Key length in bytes */ + uint32_t length; + +} odp_crypto_key_t; + +/** + * Crypto API IV structure + * + * @deprecated Use per-packet IV in crypto operation parameters + */ +typedef struct odp_crypto_iv { + /** IV data + * + * Ignored when length is zero. Null value indicates that an + * IV will be provided for each packet through the crypto + * operation parameters. In that case the per-operation + * IV parameter must always point to a valid IV. + * + * Default value is NULL. + */ + uint8_t *data; + + /** IV length in bytes. Default value is zero. */ + uint32_t length; + +} ODP_DEPRECATE(odp_crypto_iv_t); + +/** + * Crypto API session creation parameters + */ +typedef struct odp_crypto_session_param_t { + /** Encode vs. decode operation + * + * The default value is ODP_CRYPTO_OP_ENCODE. + */ + odp_crypto_op_t op; + + /** Authenticate cipher vs. plain text + * + * Controls ordering of authentication and cipher operations, + * and is relative to the operation (encode vs decode). When encoding, + * TRUE indicates the authentication operation should be performed + * after the cipher operation else before. When decoding, TRUE + * indicates the reverse order of operation. + * + * The value is ignored with authenticated encryption algorithms + * such as AES-GCM. + * + * true: Authenticate cipher text + * false: Authenticate plain text + * + * The default value is false. + */ + odp_bool_t auth_cipher_text; + + /** Hash result location may overlap authentication range + * + * This flag indicates that the hash result location may (but is + * not required to) overlap authentication range. Setting this + * flag may reduce performance. + * + * Default value is false. + */ + odp_bool_t hash_result_in_auth_range; + + /** Preferred sync vs. async for odp_crypto_operation() + * + * The default value is ODP_CRYPTO_SYNC. + * + * @deprecated Used only with deprecated odp_crypto_operation() + */ + odp_crypto_op_mode_t ODP_DEPRECATE(pref_mode); + + /** Operation mode when using packet interface: sync or async + * + * The default value is ODP_CRYPTO_SYNC. + */ + odp_crypto_op_mode_t op_mode; + + /** Cipher algorithm + * + * Select cipher algorithm to be used. ODP_CIPHER_ALG_NULL indicates + * that ciphering is disabled. Use odp_crypto_capability() for + * supported algorithms. Note that some algorithms restrict choice of + * the pairing authentication algorithm. When ciphering is enabled + * cipher key and IV need to be set. The default value is + * ODP_CIPHER_ALG_NULL. + */ + odp_cipher_alg_t cipher_alg; + + /** Cipher key + * + * Use odp_crypto_cipher_capa() for supported key and IV lengths. + */ + odp_crypto_key_t cipher_key; + + /** Cipher Initialization Vector (IV) + * + * Unless using the deprecated API, this specifies the length of + * the IV only. The actual IV must then be provided in per-packet + * parameters of crypto operations. + */ + union { +#if ODP_DEPRECATED_API + /** @deprecated Cipher IV */ + odp_crypto_iv_t ODP_DEPRECATE(cipher_iv); +#endif + /** Cipher IV length */ + struct { +#if ODP_DEPRECATED_API + /** @cond + * Unused padding field + */ + uint8_t *dummy_padding_0; + /** @endcond */ +#endif + /** Length of cipher initialization vector. + * Default value is zero. + */ + uint32_t cipher_iv_len; + }; + }; + + /** Authentication algorithm + * + * Select authentication algorithm to be used. ODP_AUTH_ALG_NULL + * indicates that authentication is disabled. Use + * odp_crypto_capability() for supported algorithms. Note that some + * algorithms restrict choice of the pairing cipher algorithm. When + * single algorithm provides both ciphering and authentication + * (i.e. Authenticated Encryption), authentication side key + * (auth_key) and IV (auth_iv) are ignored, and cipher side values are + * used instead. These algorithms ignore authentication side key + * and IV: ODP_AUTH_ALG_AES_GCM, ODP_AUTH_ALG_AES_CCM and + * ODP_AUTH_ALG_CHACHA20_POLY1305. Otherwise, all authentication side + * parameters must be set when authentication is enabled. The default + * value is ODP_AUTH_ALG_NULL. + */ + odp_auth_alg_t auth_alg; + + /** Authentication key + * + * Use odp_crypto_auth_capability() for supported key lengths. + */ + odp_crypto_key_t auth_key; + + /** Authentication Initialization Vector (IV) + * + * Unless using the deprecated API, this specifies the length of + * the IV only. The actual IV must then be provided in per-packet + * parameters of crypto operations. + */ + union { +#if ODP_DEPRECATED_API + /** @deprecated Authentication IV */ + odp_crypto_iv_t ODP_DEPRECATE(auth_iv); +#endif + /** Authentication IV length */ + struct { +#if ODP_DEPRECATED_API + /** @cond + * Unused padding field + */ + uint8_t *dummy_padding_1; + /** @endcond */ +#endif + /** Length of authentication initialization vector. + * Default value is zero. + */ + uint32_t auth_iv_len; + }; + }; + + /** Authentication digest length in bytes + * + * Use odp_crypto_auth_capability() for supported digest lengths. + */ + uint32_t auth_digest_len; + + /** Additional Authenticated Data (AAD) length in bytes + * + * AAD length is constant for all operations (packets) of the session. + * Set to zero when AAD is not used. Use odp_crypto_auth_capability() + * for supported AAD lengths. The default value is zero. + */ + uint32_t auth_aad_len; + + /** Async mode completion event queue + * + * The completion queue is used to return completions from + * odp_crypto_op_enq() (and the deprecated odp_crypto_operation()) + * to the application. + */ + odp_queue_t compl_queue; + + /** Output pool + * + * When the output packet is not specified during the call to + * crypto operation, the output packet will be allocated + * from this pool. + */ + odp_pool_t output_pool; + +} odp_crypto_session_param_t; + +/** + * Crypto API per packet operation parameters + * + * @deprecated Use odp_crypto_packet_op_param_t instead. + */ +typedef struct odp_crypto_op_param_t { + /** Session handle from creation */ + odp_crypto_session_t session; + + /** User context */ + void *ctx; + + /** Input packet + * + * Specifies the input packet for the crypto operation. When the + * 'out_pkt' variable is set to ODP_PACKET_INVALID (indicating a new + * packet should be allocated for the resulting packet). + */ + odp_packet_t pkt; + + /** Output packet + * + * Both "in place" (the original packet 'pkt' is modified) and + * "copy" (the packet is replicated to a new packet which contains + * the modified data) modes are supported. The "in place" mode of + * operation is indicated by setting 'out_pkt' equal to 'pkt'. + * For the copy mode of operation, setting 'out_pkt' to a valid packet + * value indicates the caller wishes to specify the destination packet. + * Setting 'out_pkt' to ODP_PACKET_INVALID indicates the caller wishes + * the destination packet be allocated from the output pool specified + * during session creation. + */ + odp_packet_t out_pkt; + + /** IV pointer for cipher */ + uint8_t *cipher_iv_ptr; + + /** Authentication IV pointer */ + uint8_t *auth_iv_ptr; + + /** Offset from start of packet for hash result + * + * In case of decode sessions, the expected hash will be read from + * this offset and compared with the calculated hash. After the + * operation the hash bytes will have undefined values. + * + * In case of encode sessions the calculated hash will be stored in + * this offset. + * + * If the hash_result_in_auth_range session parameter is true, + * the hash result location may overlap auth_range. In that case + * the result location will be zeroed in decode sessions before + * hash calculation. Zeroing is not done in encode sessions. + */ + uint32_t hash_result_offset; + + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ + uint8_t *aad_ptr; + + /** Data range to be ciphered */ + odp_packet_data_range_t cipher_range; + + /** Data range to be authenticated + * + * The value is ignored with authenticated encryption algorithms, + * such as AES-GCM, which authenticate data in the cipher range + * and the AAD. + * + * As a special case AES-GMAC uses this field instead of aad_ptr + * for the data bytes to be authenticated. + */ + odp_packet_data_range_t auth_range; + +} ODP_DEPRECATE(odp_crypto_op_param_t); + +/** + * Crypto packet API per packet operation parameters + */ +typedef struct odp_crypto_packet_op_param_t { + /** Session handle from creation */ + odp_crypto_session_t session; + + /** IV pointer for cipher */ + uint8_t *cipher_iv_ptr; + + /** IV pointer for authentication */ + uint8_t *auth_iv_ptr; + + /** Offset from start of packet for hash result + * + * In case of decode sessions, the expected hash will be read from + * this offset and compared with the calculated hash. After the + * operation the hash bytes will have undefined values. + * + * In case of encode sessions the calculated hash will be stored in + * this offset. + * + * If the hash_result_in_auth_range session parameter is true, + * the hash result location may overlap auth_range. In that case the + * result location will be zeroed in decode sessions before hash + * calculation. Zeroing is not done in encode sessions. + */ + uint32_t hash_result_offset; + + /** Pointer to AAD. AAD length is defined by 'auth_aad_len' + * session parameter. + */ + uint8_t *aad_ptr; + + /** Data range to apply cipher */ + odp_packet_data_range_t cipher_range; + + /** Data range to authenticate */ + odp_packet_data_range_t auth_range; + +} odp_crypto_packet_op_param_t; + +/** + * Crypto API session creation return code + */ +typedef enum { + /** Session created */ + ODP_CRYPTO_SES_ERR_NONE, + /** Creation failed, no resources */ + ODP_CRYPTO_SES_ERR_ENOMEM, + /** Creation failed, bad cipher params */ + ODP_CRYPTO_SES_ERR_CIPHER, + /** Creation failed, bad auth params */ + ODP_CRYPTO_SES_ERR_AUTH, + + /** Unsupported combination of algorithms + * + * The combination of cipher and auth algorithms with their + * specific parameters is not supported even if the algorithms + * appear in capabilities and are supported in combination with + * other algorithms or other algorithm specific parameters. + */ + ODP_CRYPTO_SES_ERR_ALG_COMBO, + + /** Unsupported order of cipher and auth + * + * The requested mutual order of ciphering and authentication + * is not supported with the chosen individual cipher and + * authentication algorithms. + */ + ODP_CRYPTO_SES_ERR_ALG_ORDER, + + /** Unsupported combination of session creation parameters + * + * The combination of provided session creation parameters is not + * supported. This error can occur when there are limitations that + * are not expressible through crypto capabilities or other error + * status values. + */ + ODP_CRYPTO_SES_ERR_PARAMS, +} odp_crypto_ses_create_err_t; + +/** This synonym for backward compatibility will be deprecated later */ +#define ODP_CRYPTO_SES_CREATE_ERR_NONE ODP_CRYPTO_SES_ERR_NONE +/** This synonym for backward compatibility will be deprecated later */ +#define ODP_CRYPTO_SES_CREATE_ERR_ENOMEM ODP_CRYPTO_SES_ERR_ENOMEM +/** This synonym for backward compatibility will be deprecated later */ +#define ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER ODP_CRYPTO_SES_ERR_CIPHER +/** This synonym for backward compatibility will be deprecated later */ +#define ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH ODP_CRYPTO_SES_ERR_AUTH + +/** + * Crypto API algorithm return code + */ +typedef enum { + /** Algorithm successful */ + ODP_CRYPTO_ALG_ERR_NONE, + /** Invalid data block size */ + ODP_CRYPTO_ALG_ERR_DATA_SIZE, + /** Key size invalid for algorithm */ + ODP_CRYPTO_ALG_ERR_KEY_SIZE, + /** Computed ICV value mismatch */ + ODP_CRYPTO_ALG_ERR_ICV_CHECK, + /** IV value not specified */ + ODP_CRYPTO_ALG_ERR_IV_INVALID, +} odp_crypto_alg_err_t; + +/** + * Crypto API hardware centric return code + */ +typedef enum { + /** Operation completed successfully */ + ODP_CRYPTO_HW_ERR_NONE, + /** Error detected during DMA of data */ + ODP_CRYPTO_HW_ERR_DMA, + /** Operation failed due to pool depletion */ + ODP_CRYPTO_HW_ERR_BP_DEPLETED, +} odp_crypto_hw_err_t; + +/** + * Cryto API per packet operation completion status + */ +typedef struct odp_crypto_op_status { + /** Algorithm specific return code */ + odp_crypto_alg_err_t alg_err; + + /** Hardware specific return code */ + odp_crypto_hw_err_t hw_err; + +} odp_crypto_op_status_t; + +/** + * Crypto API operation result + * + * @deprecated Use odp_crypto_packet_result_t instead. + */ +typedef struct odp_crypto_op_result { + /** Request completed successfully */ + odp_bool_t ok; + + /** User context from request */ + void *ctx; + + /** Output packet */ + odp_packet_t pkt; + + /** Cipher status */ + odp_crypto_op_status_t cipher_status; + + /** Authentication status */ + odp_crypto_op_status_t auth_status; + +} ODP_DEPRECATE(odp_crypto_op_result_t); + +/** + * Crypto packet API operation result + */ +typedef struct odp_crypto_packet_result_t { + /** Request completed successfully */ + odp_bool_t ok; + + /** Cipher status */ + odp_crypto_op_status_t cipher_status; + + /** Authentication status */ + odp_crypto_op_status_t auth_status; + +} odp_crypto_packet_result_t; + +/** + * Crypto capabilities + */ +typedef struct odp_crypto_capability_t { + /** Maximum number of crypto sessions */ + uint32_t max_sessions; + + /** Supported packet operation in SYNC mode */ + odp_support_t sync_mode; + + /** Supported packet operation in ASYNC mode */ + odp_support_t async_mode; + + /** Supported cipher algorithms */ + odp_crypto_cipher_algos_t ciphers; + + /** Cipher algorithms implemented with HW offload */ + odp_crypto_cipher_algos_t hw_ciphers; + + /** Supported authentication algorithms */ + odp_crypto_auth_algos_t auths; + + /** Authentication algorithms implemented with HW offload */ + odp_crypto_auth_algos_t hw_auths; + + /** + * Scheduled crypto completion queue support + * + * This defines whether scheduled queues are supported as crypto + * compl_queue. + * 0: Scheduled queues are not supported as crypto completion queues + * 1: Scheduled queues are supported as crypto completion queues + * @see odp_crypto_session_param_t + */ + odp_bool_t queue_type_sched; + + /** + * Plain crypto completion queue support + * + * This defines whether plain queues are supported as crypto + * compl_queue. + * 0: Plain queues are not supported as crypto completion queues + * 1: Plain queues are supported as crypto completion queues + * @see odp_crypto_session_param_t + */ + odp_bool_t queue_type_plain; +} odp_crypto_capability_t; + +/** + * Cipher algorithm capabilities + */ +typedef struct odp_crypto_cipher_capability_t { + /** Key length in bytes */ + uint32_t key_len; + + /** IV length in bytes */ + uint32_t iv_len; + + /** Cipher is operating in bitwise mode + * + * This cipher works on series of bits, rather than sequences of bytes: + * cipher_range in odp_crypto_op_param_t and + * odp_crypto_packet_op_param_t will use bits, rather than bytes. + * + * Note: data buffer MUST start on the byte boundary, using offset + * which is not divisible by 8 is unsupported and will result in + * unspecified behaviour. + * + * Note2: If the data length is not a multiple of 8, the remaining + * bits of the data in the last byte of the input/output will be the + * most significant bits, i.e. the most significant bit is considered + * to be the first bit of a byte for the purpose of input and output + * data range. The output bits that fall out of the output range are + * undefined. + */ + odp_bool_t bit_mode; + +} odp_crypto_cipher_capability_t; + +/** + * Authentication algorithm capabilities + */ +typedef struct odp_crypto_auth_capability_t { + /** Digest length in bytes */ + uint32_t digest_len; + + /** Key length in bytes */ + uint32_t key_len; + + /** IV length in bytes */ + uint32_t iv_len; + + /** Additional Authenticated Data (AAD) lengths */ + struct { + /** Minimum AAD length in bytes */ + uint32_t min; + + /** Maximum AAD length in bytes */ + uint32_t max; + + /** Increment of supported lengths between min and max + * (in bytes) */ + uint32_t inc; + } aad_len; + + /** Auth is operating in bitstring mode + * + * This auth works on series of bits, rather than sequences of bytes: + * auth_range in odp_crypto_op_param_t and + * odp_crypto_packet_op_param_t will use bits, rather than bytes. + * + * Note: data buffer MUST start on the byte boundary, using offset + * which is not divisible by 8 is unsupported and will result in + * unpredictable behaviour. + * + * Note2: If the data length is not a multiple of 8, the remaining + * bits of the data in the last byte of the input/output will be the + * most significant bits, i.e. the most significant bit is considered + * to be the first bit of a byte for the purpose of input and output + * data range. The output bits that fall out of the output range are + * undefined. + */ + odp_bool_t bit_mode; + +} odp_crypto_auth_capability_t; + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#include <odp/visibility_end.h> +#endif diff --git a/include/odp/api/spec/ipsec.h b/include/odp/api/spec/ipsec.h index b091961cc..603bf3aef 100644 --- a/include/odp/api/spec/ipsec.h +++ b/include/odp/api/spec/ipsec.h @@ -19,7 +19,7 @@ extern "C" { #endif -#include <odp/api/crypto.h> +#include <odp/api/crypto_types.h> #include <odp/api/event_types.h> #include <odp/api/ipsec_types.h> #include <odp/api/packet_types.h> diff --git a/include/odp/api/spec/ipsec_types.h b/include/odp/api/spec/ipsec_types.h index b74d26d4f..b34fb5982 100644 --- a/include/odp/api/spec/ipsec_types.h +++ b/include/odp/api/spec/ipsec_types.h @@ -20,7 +20,7 @@ extern "C" { #endif #include <odp/api/classification.h> -#include <odp/api/crypto.h> +#include <odp/api/crypto_types.h> #include <odp/api/packet_io_types.h> #include <odp/api/protocols.h> #include <odp/api/std_types.h> diff --git a/include/odp/arch/arm32-linux/odp/api/abi/crypto_types.h b/include/odp/arch/arm32-linux/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..ddadec1c1 --- /dev/null +++ b/include/odp/arch/arm32-linux/odp/api/abi/crypto_types.h @@ -0,0 +1,7 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <odp/api/abi-default/crypto_types.h> diff --git a/include/odp/arch/arm64-linux/odp/api/abi/crypto_types.h b/include/odp/arch/arm64-linux/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..ddadec1c1 --- /dev/null +++ b/include/odp/arch/arm64-linux/odp/api/abi/crypto_types.h @@ -0,0 +1,7 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <odp/api/abi-default/crypto_types.h> diff --git a/include/odp/arch/default-linux/odp/api/abi/crypto_types.h b/include/odp/arch/default-linux/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..ddadec1c1 --- /dev/null +++ b/include/odp/arch/default-linux/odp/api/abi/crypto_types.h @@ -0,0 +1,7 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <odp/api/abi-default/crypto_types.h> diff --git a/include/odp/arch/power64-linux/odp/api/abi/crypto_types.h b/include/odp/arch/power64-linux/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..ddadec1c1 --- /dev/null +++ b/include/odp/arch/power64-linux/odp/api/abi/crypto_types.h @@ -0,0 +1,7 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <odp/api/abi-default/crypto_types.h> diff --git a/include/odp/arch/x86_32-linux/odp/api/abi/crypto_types.h b/include/odp/arch/x86_32-linux/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..ddadec1c1 --- /dev/null +++ b/include/odp/arch/x86_32-linux/odp/api/abi/crypto_types.h @@ -0,0 +1,7 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <odp/api/abi-default/crypto_types.h> diff --git a/include/odp/arch/x86_64-linux/odp/api/abi/crypto_types.h b/include/odp/arch/x86_64-linux/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..ddadec1c1 --- /dev/null +++ b/include/odp/arch/x86_64-linux/odp/api/abi/crypto_types.h @@ -0,0 +1,7 @@ +/* Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include <odp/api/abi-default/crypto_types.h> diff --git a/platform/linux-generic/Makefile.am b/platform/linux-generic/Makefile.am index 3310e9603..7bc48edd6 100644 --- a/platform/linux-generic/Makefile.am +++ b/platform/linux-generic/Makefile.am @@ -75,6 +75,7 @@ odpapiabiarchinclude_HEADERS += \ include-abi/odp/api/abi/comp.h \ include-abi/odp/api/abi/cpumask.h \ include-abi/odp/api/abi/crypto.h \ + include-abi/odp/api/abi/crypto_types.h \ include-abi/odp/api/abi/debug.h \ include-abi/odp/api/abi/dma_types.h \ include-abi/odp/api/abi/errno.h \ diff --git a/platform/linux-generic/include-abi/odp/api/abi/crypto.h b/platform/linux-generic/include-abi/odp/api/abi/crypto.h index b57667e76..24019db12 100644 --- a/platform/linux-generic/include-abi/odp/api/abi/crypto.h +++ b/platform/linux-generic/include-abi/odp/api/abi/crypto.h @@ -1,4 +1,5 @@ /* Copyright (c) 2015-2018, Linaro Limited + * Copyright (c) 2022, Nokia * All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause @@ -18,18 +19,7 @@ extern "C" { #endif -/** @ingroup odp_crypto - * @{ - */ - -#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL) - -typedef uint64_t odp_crypto_session_t; -typedef ODP_HANDLE_T(odp_crypto_compl_t); - -/** - * @} - */ +/* Placeholder for inlined API functions */ #ifdef __cplusplus } diff --git a/platform/linux-generic/include-abi/odp/api/abi/crypto_types.h b/platform/linux-generic/include-abi/odp/api/abi/crypto_types.h new file mode 100644 index 000000000..a5cb43c5d --- /dev/null +++ b/platform/linux-generic/include-abi/odp/api/abi/crypto_types.h @@ -0,0 +1,42 @@ +/* Copyright (c) 2015-2018, Linaro Limited + * Copyright (c) 2022, Nokia + * All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +/** + * @file + * + * ODP crypto + */ + +#ifndef ODP_API_ABI_CRYPTO_TYPES_H_ +#define ODP_API_ABI_CRYPTO_TYPES_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <odp/api/std_types.h> + +#include <odp/api/plat/strong_types.h> + +/** @ingroup odp_crypto + * @{ + */ + +#define ODP_CRYPTO_SESSION_INVALID (0xffffffffffffffffULL) + +typedef uint64_t odp_crypto_session_t; +typedef ODP_HANDLE_T(odp_crypto_compl_t); + +/** + * @} + */ + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/platform/linux-generic/odp_ipsec_sad.c b/platform/linux-generic/odp_ipsec_sad.c index 1b3a90e6a..9bb89ad8b 100644 --- a/platform/linux-generic/odp_ipsec_sad.c +++ b/platform/linux-generic/odp_ipsec_sad.c @@ -6,6 +6,7 @@ */ #include <odp/api/atomic.h> +#include <odp/api/crypto.h> #include <odp/api/ipsec.h> #include <odp/api/random.h> #include <odp/api/shared_memory.h> |