1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
|
/* Copyright (c) 2014, Linaro Limited
* All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
/**
* @file
*
* ODP crypto
*/
#ifndef ODP_API_CRYPTO_H_
#define ODP_API_CRYPTO_H_
#ifdef __cplusplus
extern "C" {
#endif
/** @defgroup odp_crypto ODP CRYPTO
* Macros, enums, types and operations to utilise crypto.
* @{
*/
/**
* @def ODP_CRYPTO_SESSION_INVALID
* Invalid session handle
*/
/**
* @typedef odp_crypto_session_t
* Crypto API opaque session handle
*/
/**
* @typedef odp_crypto_compl_t
* Crypto API completion event (platform dependent).
*/
/**
* Crypto API operation mode
*/
typedef enum {
/** Synchronous, return results immediately */
ODP_CRYPTO_SYNC,
/** Asynchronous, return results via posted event */
ODP_CRYPTO_ASYNC,
} odp_crypto_op_mode_t;
/**
* Crypto API operation type
*/
typedef enum {
/** Encrypt and/or compute authentication ICV */
ODP_CRYPTO_OP_ENCODE,
/** Decrypt and/or verify authentication ICV */
ODP_CRYPTO_OP_DECODE,
} odp_crypto_op_t;
/**
* Crypto API cipher algorithm
*/
typedef enum {
/** No cipher algorithm specified */
ODP_CIPHER_ALG_NULL,
/** DES */
ODP_CIPHER_ALG_DES,
/** Triple DES with cipher block chaining */
ODP_CIPHER_ALG_3DES_CBC,
} odp_cipher_alg_t;
/**
* Crypto API authentication algorithm
*/
typedef enum {
/** No authentication algorithm specified */
ODP_AUTH_ALG_NULL,
/** HMAC-MD5 with 96 bit key */
ODP_AUTH_ALG_MD5_96,
/** SHA256 with 128 bit key */
ODP_AUTH_ALG_SHA256_128,
} odp_auth_alg_t;
/**
* Crypto API key structure
*/
typedef struct odp_crypto_key {
uint8_t *data; /**< Key data */
uint32_t length; /**< Key length in bytes */
} odp_crypto_key_t;
/**
* Crypto API IV structure
*/
typedef struct odp_crypto_iv {
uint8_t *data; /**< IV data */
uint32_t length; /**< IV length in bytes */
} odp_crypto_iv_t;
/**
* Crypto API data range specifier
*/
typedef struct odp_crypto_data_range {
uint32_t offset; /**< Offset from beginning of buffer (chain) */
uint32_t length; /**< Length of data to operate on */
} odp_crypto_data_range_t;
/**
* Crypto API session creation parameters
*
* @todo Add "odp_session_proc_info_t"
*/
typedef struct odp_crypto_session_params {
odp_crypto_op_t op; /**< Encode versus decode */
odp_bool_t auth_cipher_text; /**< Authenticate/cipher ordering */
odp_crypto_op_mode_t pref_mode; /**< Preferred sync vs async */
odp_cipher_alg_t cipher_alg; /**< Cipher algorithm */
odp_crypto_key_t cipher_key; /**< Cipher key */
odp_crypto_iv_t iv; /**< Cipher Initialization Vector (IV) */
odp_auth_alg_t auth_alg; /**< Authentication algorithm */
odp_crypto_key_t auth_key; /**< Authentication key */
odp_queue_t compl_queue; /**< Async mode completion event queue */
odp_pool_t output_pool; /**< Output buffer pool */
} odp_crypto_session_params_t;
/**
* @var odp_crypto_session_params_t::auth_cipher_text
*
* Controls ordering of authentication and cipher operations,
* and is relative to the operation (encode vs decode).
* When encoding, @c TRUE indicates the authentication operation
* should be performed @b after the cipher operation else before.
* When decoding, @c TRUE indicates the reverse order of operation.
*
* @var odp_crypto_session_params_t::compl_queue
*
* When the API operates asynchronously, the completion queue is
* used to return the completion status of the operation to the
* application.
*
* @var odp_crypto_session_params_t::output_pool
*
* When the output packet is not specified during the call to
* odp_crypto_operation, the output packet buffer will be allocated
* from this pool.
*/
/**
* Crypto API per packet operation parameters
*
* @todo Clarify who zero's ICV and how this relates to "hash_result_offset"
*/
typedef struct odp_crypto_op_params {
odp_crypto_session_t session; /**< Session handle from creation */
void *ctx; /**< User context */
odp_packet_t pkt; /**< Input packet buffer */
odp_packet_t out_pkt; /**< Output packet buffer */
uint8_t *override_iv_ptr; /**< Override session IV pointer */
uint32_t hash_result_offset; /**< Offset from start of packet buffer for hash result */
odp_crypto_data_range_t cipher_range; /**< Data range to apply cipher */
odp_crypto_data_range_t auth_range; /**< Data range to authenticate */
} odp_crypto_op_params_t;
/**
* @var odp_crypto_op_params_t::pkt
* Specifies the input packet buffer for the crypto operation. When the
* @c out_pkt variable is set to @c ODP_PACKET_INVALID (indicating a new
* buffer should be allocated for the resulting packet), the \#define TBD
* indicates whether the implementation will free the input packet buffer
* or if it becomes the responsibility of the caller.
*
* @var odp_crypto_op_params_t::out_pkt
*
* The API supports both "in place" (the original packet "pkt" is
* modified) and "copy" (the packet is replicated to a new buffer
* which contains the modified data).
*
* The "in place" mode of operation is indicated by setting @c out_pkt
* equal to @c pkt. For the copy mode of operation, setting @c out_pkt
* to a valid packet buffer value indicates the caller wishes to specify
* the destination buffer. Setting @c out_pkt to @c ODP_PACKET_INVALID
* indicates the caller wishes the destination packet buffer be allocated
* from the output pool specified during session creation.
*
* @sa odp_crypto_session_params_t::output_pool.
*/
/**
* Crypto API session creation return code
*/
typedef enum {
/** Session created */
ODP_CRYPTO_SES_CREATE_ERR_NONE,
/** Creation failed, no resources */
ODP_CRYPTO_SES_CREATE_ERR_ENOMEM,
/** Creation failed, bad cipher params */
ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER,
/** Creation failed, bad auth params */
ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH,
} odp_crypto_ses_create_err_t;
/**
* Crypto API algorithm return code
*/
typedef enum {
/** Algorithm successful */
ODP_CRYPTO_ALG_ERR_NONE,
/** Invalid data block size */
ODP_CRYPTO_ALG_ERR_DATA_SIZE,
/** Key size invalid for algorithm */
ODP_CRYPTO_ALG_ERR_KEY_SIZE,
/** Computed ICV value mismatch */
ODP_CRYPTO_ALG_ERR_ICV_CHECK,
/** IV value not specified */
ODP_CRYPTO_ALG_ERR_IV_INVALID,
} odp_crypto_alg_err_t;
/**
* Crypto API hardware centric return code
*/
typedef enum {
/** Operation completed successfully */
ODP_CRYPTO_HW_ERR_NONE,
/** Error detected during DMA of data */
ODP_CRYPTO_HW_ERR_DMA,
/** Operation failed due to buffer pool depletion */
ODP_CRYPTO_HW_ERR_BP_DEPLETED,
} odp_crypto_hw_err_t;
/**
* Cryto API per packet operation completion status
*/
typedef struct odp_crypto_compl_status {
odp_crypto_alg_err_t alg_err; /**< Algorithm specific return code */
odp_crypto_hw_err_t hw_err; /**< Hardware specific return code */
} odp_crypto_compl_status_t;
/**
* Crypto API operation result
*/
typedef struct odp_crypto_op_result {
odp_bool_t ok; /**< Request completed successfully */
void *ctx; /**< User context from request */
odp_packet_t pkt; /**< Output packet */
odp_crypto_compl_status_t cipher_status; /**< Cipher status */
odp_crypto_compl_status_t auth_status; /**< Authentication status */
} odp_crypto_op_result_t;
/**
* Crypto session creation (synchronous)
*
* @param params Session parameters
* @param session Created session else ODP_CRYPTO_SESSION_INVALID
* @param status Failure code if unsuccessful
*
* @retval 0 on success
* @retval <0 on failure
*/
int
odp_crypto_session_create(odp_crypto_session_params_t *params,
odp_crypto_session_t *session,
odp_crypto_ses_create_err_t *status);
/**
* Crypto session destroy
*
* Destroy an unused session. Result is undefined if session is being used
* (i.e. asynchronous operation is in progress).
*
* @param session Session handle
*
* @retval 0 on success
* @retval <0 on failure
*/
int odp_crypto_session_destroy(odp_crypto_session_t session);
/**
* Return crypto completion handle that is associated with event
*
* Note: any invalid parameters will cause undefined behavior and may cause
* the application to abort or crash.
*
* @param ev An event of type ODP_EVENT_CRYPTO_COMPL
*
* @return crypto completion handle
*/
odp_crypto_compl_t odp_crypto_compl_from_event(odp_event_t ev);
/**
* Convert crypto completion handle to event handle
*
* @param completion_event Completion event to convert to generic event
*
* @return Event handle
*/
odp_event_t odp_crypto_compl_to_event(odp_crypto_compl_t completion_event);
/**
* Release crypto completion event
*
* @param completion_event Completion event we are done accessing
*/
void
odp_crypto_compl_free(odp_crypto_compl_t completion_event);
/**
* Crypto per packet operation
*
* Performs the cryptographic operations specified during session creation
* on the packet. If the operation is performed synchronously, "posted"
* will return FALSE and the result of the operation is immediately available.
* If "posted" returns TRUE the result will be delivered via the completion
* queue specified when the session was created.
*
* @param params Operation parameters
* @param posted Pointer to return posted, TRUE for async operation
* @param result Results of operation (when posted returns FALSE)
*
* @retval 0 on success
* @retval <0 on failure
*/
int
odp_crypto_operation(odp_crypto_op_params_t *params,
odp_bool_t *posted,
odp_crypto_op_result_t *result);
/**
* Crypto per packet operation query result from completion event
*
* @param completion_event Event containing operation results
* @param result Pointer to result structure
*/
void
odp_crypto_compl_result(odp_crypto_compl_t completion_event,
odp_crypto_op_result_t *result);
/**
* Get printable value for an odp_crypto_session_t
*
* @param hdl odp_crypto_session_t handle to be printed
* @return uint64_t value that can be used to print/display this
* handle
*
* @note This routine is intended to be used for diagnostic purposes
* to enable applications to generate a printable value that represents
* an odp_crypto_session_t handle.
*/
uint64_t odp_crypto_session_to_u64(odp_crypto_session_t hdl);
/**
* Get printable value for an odp_crypto_compl_t
*
* @param hdl odp_crypto_compl_t handle to be printed
* @return uint64_t value that can be used to print/display this
* handle
*
* @note This routine is intended to be used for diagnostic purposes
* to enable applications to generate a printable value that represents
* an odp_crypto_compl_t handle.
*/
uint64_t odp_crypto_compl_to_u64(odp_crypto_compl_t hdl);
/**
* @}
*/
#ifdef __cplusplus
}
#endif
#endif
|
