From patchwork Sun May 28 21:05:21 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "De Lara Guarch,
 Pablo" <pablo.de.lara.guarch@intel.com>
X-Patchwork-Id: 24853
X-Patchwork-Delegate: pablo.de.lara.guarch@intel.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [IPv6:::1])
	by dpdk.org (Postfix) with ESMTP id 957B97D15;
	Sun, 28 May 2017 23:05:48 +0200 (CEST)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
	by dpdk.org (Postfix) with ESMTP id AAD7A7CEB
	for <dev@dpdk.org>; Sun, 28 May 2017 23:05:29 +0200 (CEST)
Received: from orsmga001.jf.intel.com ([10.7.209.18])
	by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
	28 May 2017 14:05:28 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos; i="5.38,411,1491289200"; d="scan'208";
	a="1135678892"
Received: from silpixa00381631.ir.intel.com (HELO
	silpixa00381631.ger.corp.intel.com) ([10.237.222.122])
	by orsmga001.jf.intel.com with ESMTP; 28 May 2017 14:05:26 -0700
From: Pablo de Lara <pablo.de.lara.guarch@intel.com>
To: declan.doherty@intel.com, akhil.goyal@nxp.com, hemant.agrawal@nxp.com,
	zbigniew.bodek@caviumnetworks.com, jerin.jacob@caviumnetworks.com
Cc: dev@dpdk.org,
	Pablo de Lara <pablo.de.lara.guarch@intel.com>
Date: Sun, 28 May 2017 22:05:21 +0100
Message-Id: 
 <1496005522-134934-13-git-send-email-pablo.de.lara.guarch@intel.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: 
 <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com>
References: 
 <1496005522-134934-1-git-send-email-pablo.de.lara.guarch@intel.com>
Subject: [dpdk-dev] [PATCH 12/13] cryptodev: aad AEAD specific data
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

AEAD algorithms such as AES-GCM needed to be
used as a concatenation of a cipher transform and
an authentication transform.

Instead, a new transform and functions to handle it
are created to support these kind of algorithms,
making their use easier.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
---
 lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++-
 lib/librte_cryptodev/rte_cryptodev.c  | 61 +++++++++++++++++++++++++++++++++++
 lib/librte_cryptodev/rte_cryptodev.h  | 50 +++++++++++++++++++++++++++-
 3 files changed, 152 insertions(+), 2 deletions(-)

diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index 55e4a27..6fd6bb3 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -317,11 +317,50 @@ struct rte_crypto_auth_xform {
 	 */
 };
 
+
+/** Symmetric AEAD Algorithms */
+enum rte_crypto_aead_algorithm {
+	RTE_CRYPTO_AEAD_AES_CCM = 1,
+	RTE_CRYPTO_AEAD_AES_GCM,
+	RTE_CRYPTO_AEAD_LIST_END
+};
+
+/** AEAD algorithm name strings */
+extern const char *
+rte_crypto_aead_algorithm_strings[];
+
+/** Symmetric AEAD Operations */
+enum rte_crypto_aead_operation {
+	RTE_CRYPTO_AEAD_OP_ENCRYPT,
+	/**< Encrypt and generate digest */
+	RTE_CRYPTO_AEAD_OP_DECRYPT
+	/**< Verify digest and decrypt */
+};
+
+/** Authentication operation name strings */
+extern const char *
+rte_crypto_aead_operation_strings[];
+
+struct rte_crypto_aead_xform {
+	enum rte_crypto_aead_operation op;
+	/**< AEAD operation type */
+	enum rte_crypto_aead_algorithm algo;
+	/**< AEAD algorithm selection */
+
+	struct {
+		uint8_t *data;  /**< pointer to key data */
+		size_t length;   /**< key length in bytes */
+	} key;
+
+	uint32_t digest_length;
+};
+
 /** Crypto transformation types */
 enum rte_crypto_sym_xform_type {
 	RTE_CRYPTO_SYM_XFORM_NOT_SPECIFIED = 0,	/**< No xform specified */
 	RTE_CRYPTO_SYM_XFORM_AUTH,		/**< Authentication xform */
-	RTE_CRYPTO_SYM_XFORM_CIPHER		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_CIPHER,		/**< Cipher xform  */
+	RTE_CRYPTO_SYM_XFORM_AEAD		/**< AEAD xform  */
 };
 
 /**
@@ -344,6 +383,8 @@ struct rte_crypto_sym_xform {
 		/**< Authentication / hash xform */
 		struct rte_crypto_cipher_xform cipher;
 		/**< Cipher xform */
+		struct rte_crypto_aead_xform aead;
+		/**< AEAD xform */
 	};
 	struct {
 		uint16_t offset;
diff --git a/lib/librte_cryptodev/rte_cryptodev.c b/lib/librte_cryptodev/rte_cryptodev.c
index c9e4fa3..95883ba 100644
--- a/lib/librte_cryptodev/rte_cryptodev.c
+++ b/lib/librte_cryptodev/rte_cryptodev.c
@@ -189,6 +189,26 @@ rte_crypto_auth_algorithm_strings[] = {
 	[RTE_CRYPTO_AUTH_ZUC_EIA3]	= "zuc-eia3"
 };
 
+/**
+ * The crypto AEAD algorithm strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_algorithm_strings[] = {
+	[RTE_CRYPTO_AEAD_AES_CCM]	= "aes-ccm",
+	[RTE_CRYPTO_AEAD_AES_GCM]	= "aes-gcm",
+};
+
+/**
+ * The crypto AEAD operation strings identifiers.
+ * It could be used in application command line.
+ */
+const char *
+rte_crypto_aead_operation_strings[] = {
+	[RTE_CRYPTO_AEAD_OP_ENCRYPT]	= "encrypt",
+	[RTE_CRYPTO_AEAD_OP_DECRYPT]	= "decrypt"
+};
+
 int
 rte_cryptodev_get_cipher_algo_enum(enum rte_crypto_cipher_algorithm *algo_enum,
 		const char *algo_string)
@@ -223,6 +243,23 @@ rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 	return -1;
 }
 
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string)
+{
+	unsigned int i;
+
+	for (i = 1; i < RTE_DIM(rte_crypto_aead_algorithm_strings); i++) {
+		if (strcmp(algo_string, rte_crypto_aead_algorithm_strings[i]) == 0) {
+			*algo_enum = (enum rte_crypto_aead_algorithm) i;
+			return 0;
+		}
+	}
+
+	/* Invalid string */
+	return -1;
+}
+
 /**
  * The crypto auth operation strings identifiers.
  * It could be used in application command line.
@@ -363,6 +400,10 @@ rte_cryptodev_sym_capability_get(uint8_t dev_id,
 		if (idx->type == RTE_CRYPTO_SYM_XFORM_CIPHER &&
 			capability->sym.cipher.algo == idx->algo.cipher)
 			return &capability->sym;
+
+		if (idx->type == RTE_CRYPTO_SYM_XFORM_AEAD &&
+				capability->sym.aead.algo == idx->algo.aead)
+			return &capability->sym;
 	}
 
 	return NULL;
@@ -408,6 +449,26 @@ rte_cryptodev_sym_capability_check_auth(
 	return 0;
 }
 
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size)
+{
+	if (param_range_check(key_size, capability->aead.key_size))
+		return -1;
+
+	if (param_range_check(digest_size, capability->aead.digest_size))
+		return -1;
+
+	if (param_range_check(aad_size, capability->aead.aad_size))
+		return -1;
+
+	if (param_range_check(iv_size, capability->iv_size))
+		return -1;
+
+	return 0;
+}
 
 const char *
 rte_cryptodev_get_feature_name(uint64_t flag)
diff --git a/lib/librte_cryptodev/rte_cryptodev.h b/lib/librte_cryptodev/rte_cryptodev.h
index 82cfddd..ff01b22 100644
--- a/lib/librte_cryptodev/rte_cryptodev.h
+++ b/lib/librte_cryptodev/rte_cryptodev.h
@@ -166,7 +166,7 @@ struct rte_crypto_param_range {
  */
 struct rte_cryptodev_symmetric_capability {
 	enum rte_crypto_sym_xform_type xform_type;
-	/**< Transform type : Authentication / Cipher */
+	/**< Transform type : Authentication / Cipher / AEAD */
 	RTE_STD_C11
 	struct rte_crypto_param_range iv_size;
 	/**< Initialisation vector data size range */
@@ -193,6 +193,18 @@ struct rte_cryptodev_symmetric_capability {
 			/**< cipher key size range */
 		} cipher;
 		/**< Symmetric Cipher transform capabilities */
+		struct {
+			enum rte_crypto_aead_algorithm algo;
+			/**< AEAD algorithm */
+			uint16_t block_size;
+			/**< algorithm block size */
+			struct rte_crypto_param_range key_size;
+			/**< AEAD key size range */
+			struct rte_crypto_param_range digest_size;
+			/**< digest size range */
+			struct rte_crypto_param_range aad_size;
+			/**< Additional authentication data size range */
+		} aead;
 	};
 };
 
@@ -214,6 +226,7 @@ struct rte_cryptodev_sym_capability_idx {
 	union {
 		enum rte_crypto_cipher_algorithm cipher;
 		enum rte_crypto_auth_algorithm auth;
+		enum rte_crypto_aead_algorithm aead;
 	} algo;
 };
 
@@ -269,6 +282,26 @@ rte_cryptodev_sym_capability_check_auth(
 		uint16_t iv_size);
 
 /**
+ * Check if key, digest, AAD and initial vector sizes are supported
+ * in crypto AEAD capability
+ *
+ * @param	capability	Description of the symmetric crypto capability.
+ * @param	key_size	AEAD key size.
+ * @param	digest_size	AEAD digest size.
+ * @param	aad_size	AEAD AAD size.
+ * @param	iv_size		AEAD IV size.
+ *
+ * @return
+ *   - Return 0 if the parameters are in range of the capability.
+ *   - Return -1 if the parameters are out of range of the capability.
+ */
+int
+rte_cryptodev_sym_capability_check_aead(
+		const struct rte_cryptodev_symmetric_capability *capability,
+		uint16_t key_size, uint16_t digest_size, uint16_t aad_size,
+		uint16_t iv_size);
+
+/**
  * Provide the cipher algorithm enum, given an algorithm string
  *
  * @param	algo_enum	A pointer to the cipher algorithm
@@ -298,6 +331,21 @@ int
 rte_cryptodev_get_auth_algo_enum(enum rte_crypto_auth_algorithm *algo_enum,
 		const char *algo_string);
 
+/**
+ * Provide the AEAD algorithm enum, given an algorithm string
+ *
+ * @param	algo_enum	A pointer to the AEAD algorithm
+ *				enum to be filled
+ * @param	algo_string	AEAD algorithm string
+ *
+ * @return
+ * - Return -1 if string is not valid
+ * - Return 0 is the string is valid
+ */
+int
+rte_cryptodev_get_aead_algo_enum(enum rte_crypto_aead_algorithm *algo_enum,
+		const char *algo_string);
+
 /** Macro used at end of crypto PMD list */
 #define RTE_CRYPTODEV_END_OF_CAPABILITIES_LIST() \
 	{ RTE_CRYPTO_OP_TYPE_UNDEFINED }