AEAD algorithms such as AES-GCM needed to be
used as a concatenation of a cipher transform and
an authentication transform.
Instead, a new transform and functions to handle it
are created to support these kind of algorithms,
making their use easier.
Signed-off-by: Pablo de Lara <pablo.de.lara.gua...@intel.com>
---
lib/librte_cryptodev/rte_crypto_sym.h | 48 ++++++++++++++++++++++++++-
lib/librte_cryptodev/rte_cryptodev.c | 61 +++++++++++++++++++++++++++++++++++
lib/librte_cryptodev/rte_cryptodev.h | 50 +++++++++++++++++++++++++++-
3 files changed, 157 insertions(+), 2 deletions(-)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h
b/lib/librte_cryptodev/rte_crypto_sym.h
index 4366ef6..9d5ab32 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -404,11 +404,55 @@ struct rte_crypto_auth_xform {
} iv; /**< Initialisation vector parameters */
};
+
+/** Symmetric AEAD Algorithms */
+enum rte_crypto_aead_algorithm {
+ RTE_CRYPTO_AEAD_AES_CCM = 1,
+ /**< AES algorithm in CCM mode. */
+ RTE_CRYPTO_AEAD_AES_GCM,
+ /**< AES algorithm in GCM mode. */
+ RTE_CRYPTO_AEAD_LIST_END
+};
+
+/** AEAD algorithm name strings */
+extern const char *
+rte_crypto_aead_algorithm_strings[];
+
+/** Symmetric AEAD Operations */
+enum rte_crypto_aead_operation {
+ RTE_CRYPTO_AEAD_OP_ENCRYPT,
+ /**< Encrypt and generate digest */
+ RTE_CRYPTO_AEAD_OP_DECRYPT
+ /**< Verify digest and decrypt */
+};
+
+/** Authentication operation name strings */
+extern const char *
+rte_crypto_aead_operation_strings[];
+
+struct rte_crypto_aead_xform {
+ enum rte_crypto_aead_operation op;
+ /**< AEAD operation type */
+ enum rte_crypto_aead_algorithm algo;
+ /**< AEAD algorithm selection */
+
+ struct {
+ uint8_t *data; /**< pointer to key data */
+ size_t length; /**< key length in bytes */
+ } key;
+
+ uint32_t digest_length;
+
+ uint16_t add_auth_data_length;
+ /**< The length of the additional authenticated data (AAD) in bytes. */
+};
+
/** Crypto transformation types */
enum rte_crypto_sym_xform_type {
RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0, /**< No xform specified */
RTE_CRYPTO_SYM_XFORM_AUTH, /**< Authentication xform */
- RTE_CRYPTO_SYM_XFORM_CIPHER /**< Cipher xform */
+ RTE_CRYPTO_SYM_XFORM_CIPHER, /**< Cipher xform */
+ RTE_CRYPTO_SYM_XFORM_AEAD /**< AEAD xform */
};
/**
@@ -431,6 +475,8 @@ struct rte_crypto_sym_xform {
/**< Authentication / hash xform */
struct rte_crypto_cipher_xform cipher;
/**< Cipher xform */
+ struct rte_crypto_aead_xform aead;
+ /**< AEAD xform */
};
};
diff --git a/lib/librte_cryptodev/rte_cryptodev.c
b/lib/librte_cryptodev/rte_cryptodev.c
index 3d75397..acd74a1 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -189,6 +189,26 @@ rte_crypto_auth_algorithm_strings[] = {
[RTE_CRYPTO_AUTH_ZUC_EIA3] = "zuc-eia3"
};
+/**
+ * The crypto AEAD algorithm strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_algorithm_strings[] = {
+ [RTE_CRYPTO_AEAD_AES_CCM] = "aes-ccm",
+ [RTE_CRYPTO_AEAD_AES_GCM] = "aes-gcm",
+};
+
+/**
+ * The crypto AEAD operation strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_operation_strings[] = {
+ [RTE_CRYPTO_AEAD_OP_ENCRYPT] = "encrypt",
+ [RTE_CRYPTO_AEAD_OP_DECRYPT] = "decrypt"
+};
+
int
rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
const char *algo_string)
@@ -223,6 +243,23 @@ rte_cryptodev_get_auth_algo_enum(enum
rte_crypto_auth_algorithm *algo_enum,
return -1;
}
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+ const char *algo_string)
+{
+ unsigned int i;
+
+ for (i = 1; i < RTE_DIM(rte_crypto_aead_algorithm_strings); i++) {
+ if (strcmp(algo_string, rte_crypto_aead_algorithm_strings[i])
== 0) {
+ *algo_enum = (enum rte_crypto_aead_algorithm) i;
+ return 0;
+ }
+ }
+
+ /* Invalid string */
+ return -1;
+}
+
/**
* The crypto auth operation strings identifiers.
* It could be used in application command line.
@@ -363,6 +400,10 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
capability->sym.cipher.algo == idx->algo.cipher)
return &capability->sym;
+
+ if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+ capability->sym.aead.algo == idx->algo.aead)
+ return &capability->sym;
}
return NULL;
@@ -408,6 +449,26 @@ rte_cryptodev_sym_capability_check_auth(
return 0;
}
+int
+rte_cryptodev_sym_capability_check_aead(
+ const struct rte_cryptodev_symmetric_capability *capability,
+ uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+ uint16_t iv_size)
+{
+ if (param_range_check(key_size, capability->aead.key_size))
+ return -1;
+
+ if (param_range_check(digest_size, capability->aead.digest_size))
+ return -1;
+
+ if (param_range_check(aad_size, capability->aead.aad_size))
+ return -1;
+
+ if (param_range_check(iv_size, capability->iv_size))
+ return -1;
+
+ return 0;
+}
const char *
rte_cryptodev_get_feature_name(uint64_t flag)
diff --git a/lib/librte_cryptodev/rte_cryptodev.h
b/lib/librte_cryptodev/rte_cryptodev.h
index f1cd99e..4bd58fe 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -166,7 +166,7 @@ struct rte_crypto_param_range {
*/
struct rte_cryptodev_symmetric_capability {
enum rte_crypto_sym_xform_type xform_type;
- /**< Transform type : Authentication / Cipher */
+ /**< Transform type : Authentication / Cipher / AEAD */
RTE_STD_C11
union {
struct {
@@ -195,6 +195,18 @@ struct rte_cryptodev_symmetric_capability {
/**< Initialisation vector data size range */
} cipher;
/**< Symmetric Cipher transform capabilities */
+ struct {
+ enum rte_crypto_aead_algorithm algo;
+ /**< AEAD algorithm */
+ uint16_t block_size;
+ /**< algorithm block size */
+ struct rte_crypto_param_range key_size;
+ /**< AEAD key size range */
+ struct rte_crypto_param_range digest_size;
+ /**< digest size range */
+ struct rte_crypto_param_range aad_size;
+ /**< Additional authentication data size range */
+ } aead;
};
};
@@ -216,6 +228,7 @@ struct rte_cryptodev_sym_capability_idx {
union {
enum rte_crypto_cipher_algorithm cipher;
enum rte_crypto_auth_algorithm auth;
+ enum rte_crypto_aead_algorithm aead;
} algo;
};
@@ -271,6 +284,26 @@ rte_cryptodev_sym_capability_check_auth(
uint16_t iv_size);
/**
+ * Check if key, digest, AAD and initial vector sizes are supported
+ * in crypto AEAD capability
+ *
+ * @param capability Description of the symmetric crypto capability.
+ * @param key_size AEAD key size.
+ * @param digest_size AEAD digest size.
+ * @param aad_size AEAD AAD size.
+ * @param iv_size AEAD IV size.
+ *
+ * @return
+ * - Return 0 if the parameters are in range of the capability.
+ * - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_sym_capability_check_aead(
+ const struct rte_cryptodev_symmetric_capability *capability,
+ uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+ uint16_t iv_size);
+
+/**
* Provide the cipher algorithm enum, given an algorithm string
*
* @param algo_enum A pointer to the cipher algorithm
@@ -300,6 +333,21 @@ int
rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
const char *algo_string);
+/**
+ * Provide the AEAD algorithm enum, given an algorithm string
+ *
+ * @param algo_enum A pointer to the AEAD algorithm
+ * enum to be filled
+ * @param algo_string AEAD algorithm string
+ *
+ * @return
+ * - Return -1 if string is not valid
+ * - Return 0 is the string is valid
+ */
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+ const char *algo_string);
+
/** Macro used at end of crypto PMD list */
#define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
{ RTE_CRYPTO_OP_TYPE_UNDEFINED }
--
2.9.4
