diff options
Diffstat (limited to 'include/odp/api/spec/crypto.h')
| -rw-r--r-- | include/odp/api/spec/crypto.h | 768 |
1 files changed, 196 insertions, 572 deletions
diff --git a/include/odp/api/spec/crypto.h b/include/odp/api/spec/crypto.h index 470cba050..8b7d1df54 100644 --- a/include/odp/api/spec/crypto.h +++ b/include/odp/api/spec/crypto.h @@ -1,532 +1,32 @@ -/* Copyright (c) 2014, Linaro Limited - * All rights reserved. - * - * SPDX-License-Identifier: BSD-3-Clause +/* SPDX-License-Identifier: BSD-3-Clause + * Copyright (c) 2014-2018 Linaro Limited + * Copyright (c) 2021-2023 Nokia */ - /** * @file * * ODP crypto */ -#ifndef ODP_API_CRYPTO_H_ -#define ODP_API_CRYPTO_H_ +#ifndef ODP_API_SPEC_CRYPTO_H_ +#define ODP_API_SPEC_CRYPTO_H_ #include <odp/visibility_begin.h> -#include <odp/api/deprecated.h> +#include <odp/api/crypto_types.h> +#include <odp/api/packet_types.h> +#include <odp/api/std_types.h> #ifdef __cplusplus extern "C" { #endif -#include <odp/api/packet.h> - -/** @defgroup odp_crypto ODP CRYPTO - * Macros, enums, types and operations to utilise crypto. +/** @addtogroup odp_crypto + * Data ciphering and authentication. * @{ */ /** - * @def ODP_CRYPTO_SESSION_INVALID - * Invalid session handle - */ - -/** - * @typedef odp_crypto_session_t - * Crypto API opaque session handle - */ - -/** - * @typedef odp_crypto_compl_t -* Crypto API completion event (platform dependent). -*/ - -/** - * Crypto API operation mode - */ -typedef enum { - /** Synchronous, return results immediately */ - ODP_CRYPTO_SYNC, - /** Asynchronous, return results via posted event */ - ODP_CRYPTO_ASYNC, -} odp_crypto_op_mode_t; - -/** - * Crypto API operation type - */ -typedef enum { - /** Encrypt and/or compute authentication ICV */ - ODP_CRYPTO_OP_ENCODE, - /** Decrypt and/or verify authentication ICV */ - ODP_CRYPTO_OP_DECODE, -} odp_crypto_op_t; - -/** - * Crypto API cipher algorithm - */ -typedef enum { - /** No cipher algorithm specified */ - ODP_CIPHER_ALG_NULL, - - /** DES */ - ODP_CIPHER_ALG_DES, - - /** Triple DES with cipher block chaining */ - ODP_CIPHER_ALG_3DES_CBC, - - /** AES with cipher block chaining */ - ODP_CIPHER_ALG_AES_CBC, - - /** AES in Galois/Counter Mode - * - * @note Must be paired with cipher ODP_AUTH_ALG_AES_GCM - */ - ODP_CIPHER_ALG_AES_GCM, - - /** @deprecated Use ODP_CIPHER_ALG_AES_CBC instead */ - ODP_DEPRECATE(ODP_CIPHER_ALG_AES128_CBC), - - /** @deprecated Use ODP_CIPHER_ALG_AES_GCM instead */ - ODP_DEPRECATE(ODP_CIPHER_ALG_AES128_GCM) - -} odp_cipher_alg_t; - -/** - * Crypto API authentication algorithm - */ -typedef enum { - /** No authentication algorithm specified */ - ODP_AUTH_ALG_NULL, - - /** HMAC-MD5 - * - * MD5 algorithm in HMAC mode - */ - ODP_AUTH_ALG_MD5_HMAC, - - /** HMAC-SHA-1 - * - * SHA-1 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA1_HMAC, - - /** HMAC-SHA-256 - * - * SHA-256 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA256_HMAC, - - /** HMAC-SHA-512 - * - * SHA-512 algorithm in HMAC mode - */ - ODP_AUTH_ALG_SHA512_HMAC, - - /** AES in Galois/Counter Mode - * - * @note Must be paired with cipher ODP_CIPHER_ALG_AES_GCM - */ - ODP_AUTH_ALG_AES_GCM, - - /** @deprecated Use ODP_AUTH_ALG_MD5_HMAC instead */ - ODP_DEPRECATE(ODP_AUTH_ALG_MD5_96), - - /** @deprecated Use ODP_AUTH_ALG_SHA256_HMAC instead */ - ODP_DEPRECATE(ODP_AUTH_ALG_SHA256_128), - - /** @deprecated Use ODP_AUTH_ALG_AES_GCM instead */ - ODP_DEPRECATE(ODP_AUTH_ALG_AES128_GCM) - -} odp_auth_alg_t; - -/** - * Cipher algorithms in a bit field structure - */ -typedef union odp_crypto_cipher_algos_t { - /** Cipher algorithms */ - struct { - /** ODP_CIPHER_ALG_NULL */ - uint32_t null : 1; - - /** ODP_CIPHER_ALG_DES */ - uint32_t des : 1; - - /** ODP_CIPHER_ALG_3DES_CBC */ - uint32_t trides_cbc : 1; - - /** ODP_CIPHER_ALG_AES_CBC */ - uint32_t aes_cbc : 1; - - /** ODP_CIPHER_ALG_AES_GCM */ - uint32_t aes_gcm : 1; - - /** @deprecated Use aes_cbc instead */ - uint32_t ODP_DEPRECATE(aes128_cbc) : 1; - - /** @deprecated Use aes_gcm instead */ - uint32_t ODP_DEPRECATE(aes128_gcm) : 1; - - } bit; - - /** All bits of the bit field structure - * - * This field can be used to set/clear all flags, or bitwise - * operations over the entire structure. */ - uint32_t all_bits; -} odp_crypto_cipher_algos_t; - -/** - * Authentication algorithms in a bit field structure - */ -typedef union odp_crypto_auth_algos_t { - /** Authentication algorithms */ - struct { - /** ODP_AUTH_ALG_NULL */ - uint32_t null : 1; - - /** ODP_AUTH_ALG_MD5_HMAC */ - uint32_t md5_hmac : 1; - - /** ODP_AUTH_ALG_SHA1_HMAC */ - uint32_t sha1_hmac : 1; - - /** ODP_AUTH_ALG_SHA256_HMAC */ - uint32_t sha256_hmac : 1; - - /** ODP_AUTH_ALG_SHA512_HMAC */ - uint32_t sha512_hmac : 1; - - /** ODP_AUTH_ALG_AES_GCM */ - uint32_t aes_gcm : 1; - - /** @deprecated Use md5_hmac instead */ - uint32_t ODP_DEPRECATE(md5_96) : 1; - - /** @deprecated Use sha256_hmac instead */ - uint32_t ODP_DEPRECATE(sha256_128) : 1; - - /** @deprecated Use aes_gcm instead */ - uint32_t ODP_DEPRECATE(aes128_gcm) : 1; - - } bit; - - /** All bits of the bit field structure - * - * This field can be used to set/clear all flags, or bitwise - * operations over the entire structure. */ - uint32_t all_bits; -} odp_crypto_auth_algos_t; - -/** - * Crypto API key structure - */ -typedef struct odp_crypto_key { - /** Key data */ - uint8_t *data; - - /** Key length in bytes */ - uint32_t length; - -} odp_crypto_key_t; - -/** - * Crypto API IV structure - */ -typedef struct odp_crypto_iv { - /** IV data */ - uint8_t *data; - - /** IV length in bytes */ - uint32_t length; - -} odp_crypto_iv_t; - -/** - * Crypto API data range specifier - * - * @deprecated Use odp_packet_data_range_t instead - */ -typedef odp_packet_data_range_t ODP_DEPRECATE(odp_crypto_data_range_t); - -/** - * Crypto API session creation parameters - */ -typedef struct odp_crypto_session_param_t { - /** Encode vs. decode operation */ - odp_crypto_op_t op; - - /** Authenticate cipher vs. plain text - * - * Controls ordering of authentication and cipher operations, - * and is relative to the operation (encode vs decode). When encoding, - * TRUE indicates the authentication operation should be performed - * after the cipher operation else before. When decoding, TRUE - * indicates the reverse order of operation. - * - * true: Authenticate cipher text - * false: Authenticate plain text - */ - odp_bool_t auth_cipher_text; - - /** Preferred sync vs. async */ - odp_crypto_op_mode_t pref_mode; - - /** Cipher algorithm - * - * Use odp_crypto_capability() for supported algorithms. - */ - odp_cipher_alg_t cipher_alg; - - /** Cipher key - * - * Use odp_crypto_cipher_capa() for supported key and IV lengths. - */ - odp_crypto_key_t cipher_key; - - /** Cipher Initialization Vector (IV) */ - odp_crypto_iv_t iv; - - /** Authentication algorithm - * - * Use odp_crypto_capability() for supported algorithms. - */ - odp_auth_alg_t auth_alg; - - /** Authentication key - * - * Use odp_crypto_auth_capability() for supported key lengths. - */ - odp_crypto_key_t auth_key; - - /** Authentication digest length in bytes - * - * Use odp_crypto_auth_capability() for supported digest lengths. - */ - uint32_t auth_digest_len; - - /** Async mode completion event queue - * - * When odp_crypto_operation() is asynchronous, the completion queue is - * used to return the completion status of the operation to the - * application. - */ - odp_queue_t compl_queue; - - /** Output pool - * - * When the output packet is not specified during the call to - * odp_crypto_operation(), the output packet will be allocated - * from this pool. - */ - odp_pool_t output_pool; - -} odp_crypto_session_param_t; - -/** @deprecated Use odp_crypto_session_param_t instead */ -typedef odp_crypto_session_param_t ODP_DEPRECATE(odp_crypto_session_params_t); - -/** - * Crypto API per packet operation parameters - */ -typedef struct odp_crypto_op_param_t { - /** Session handle from creation */ - odp_crypto_session_t session; - - /** User context */ - void *ctx; - - /** Input packet - * - * Specifies the input packet for the crypto operation. When the - * 'out_pkt' variable is set to ODP_PACKET_INVALID (indicating a new - * packet should be allocated for the resulting packet). - */ - odp_packet_t pkt; - - /** Output packet - * - * Both "in place" (the original packet 'pkt' is modified) and - * "copy" (the packet is replicated to a new packet which contains - * the modified data) modes are supported. The "in place" mode of - * operation is indicated by setting 'out_pkt' equal to 'pkt'. - * For the copy mode of operation, setting 'out_pkt' to a valid packet - * value indicates the caller wishes to specify the destination packet. - * Setting 'out_pkt' to ODP_PACKET_INVALID indicates the caller wishes - * the destination packet be allocated from the output pool specified - * during session creation. - */ - odp_packet_t out_pkt; - - /** Override session IV pointer */ - uint8_t *override_iv_ptr; - - /** Offset from start of packet for hash result - * - * Specifies the offset where the hash result is to be stored. In case - * of decode sessions, input hash values will be read from this offset, - * and overwritten with hash results. If this offset lies within - * specified 'auth_range', implementation will mute this field before - * calculating the hash result. - */ - uint32_t hash_result_offset; - - /** Additional Authenticated Data (AAD) */ - struct { - /** Pointer to ADD */ - uint8_t *ptr; - - /** AAD length in bytes. Use odp_crypto_auth_capability() for - * supported AAD lengths. */ - uint32_t length; - } aad; - - /** Data range to apply cipher */ - odp_packet_data_range_t cipher_range; - - /** Data range to authenticate */ - odp_packet_data_range_t auth_range; - -} odp_crypto_op_param_t; - -/** @deprecated Use odp_crypto_op_param_t instead */ -typedef odp_crypto_op_param_t ODP_DEPRECATE(odp_crypto_op_params_t); - -/** - * Crypto API session creation return code - */ -typedef enum { - /** Session created */ - ODP_CRYPTO_SES_CREATE_ERR_NONE, - /** Creation failed, no resources */ - ODP_CRYPTO_SES_CREATE_ERR_ENOMEM, - /** Creation failed, bad cipher params */ - ODP_CRYPTO_SES_CREATE_ERR_INV_CIPHER, - /** Creation failed, bad auth params */ - ODP_CRYPTO_SES_CREATE_ERR_INV_AUTH, -} odp_crypto_ses_create_err_t; - -/** - * Crypto API algorithm return code - */ -typedef enum { - /** Algorithm successful */ - ODP_CRYPTO_ALG_ERR_NONE, - /** Invalid data block size */ - ODP_CRYPTO_ALG_ERR_DATA_SIZE, - /** Key size invalid for algorithm */ - ODP_CRYPTO_ALG_ERR_KEY_SIZE, - /** Computed ICV value mismatch */ - ODP_CRYPTO_ALG_ERR_ICV_CHECK, - /** IV value not specified */ - ODP_CRYPTO_ALG_ERR_IV_INVALID, -} odp_crypto_alg_err_t; - -/** - * Crypto API hardware centric return code - */ -typedef enum { - /** Operation completed successfully */ - ODP_CRYPTO_HW_ERR_NONE, - /** Error detected during DMA of data */ - ODP_CRYPTO_HW_ERR_DMA, - /** Operation failed due to pool depletion */ - ODP_CRYPTO_HW_ERR_BP_DEPLETED, -} odp_crypto_hw_err_t; - -/** - * Cryto API per packet operation completion status - */ -typedef struct odp_crypto_compl_status { - /** Algorithm specific return code */ - odp_crypto_alg_err_t alg_err; - - /** Hardware specific return code */ - odp_crypto_hw_err_t hw_err; - -} odp_crypto_compl_status_t; - -/** - * Crypto API operation result - */ -typedef struct odp_crypto_op_result { - /** Request completed successfully */ - odp_bool_t ok; - - /** User context from request */ - void *ctx; - - /** Output packet */ - odp_packet_t pkt; - - /** Cipher status */ - odp_crypto_compl_status_t cipher_status; - - /** Authentication status */ - odp_crypto_compl_status_t auth_status; - -} odp_crypto_op_result_t; - -/** - * Crypto capabilities - */ -typedef struct odp_crypto_capability_t { - /** Maximum number of crypto sessions */ - uint32_t max_sessions; - - /** Supported cipher algorithms */ - odp_crypto_cipher_algos_t ciphers; - - /** Cipher algorithms implemented with HW offload */ - odp_crypto_cipher_algos_t hw_ciphers; - - /** Supported authentication algorithms */ - odp_crypto_auth_algos_t auths; - - /** Authentication algorithms implemented with HW offload */ - odp_crypto_auth_algos_t hw_auths; - -} odp_crypto_capability_t; - -/** - * Cipher algorithm capabilities - */ -typedef struct odp_crypto_cipher_capability_t { - /** Key length in bytes */ - uint32_t key_len; - - /** IV length in bytes */ - uint32_t iv_len; - -} odp_crypto_cipher_capability_t; - -/** - * Authentication algorithm capabilities - */ -typedef struct odp_crypto_auth_capability_t { - /** Digest length in bytes */ - uint32_t digest_len; - - /** Key length in bytes */ - uint32_t key_len; - - /** Additional Authenticated Data (AAD) lengths */ - struct { - /** Minimum AAD length in bytes */ - uint32_t min; - - /** Maximum AAD length in bytes */ - uint32_t max; - - /** Increment of supported lengths between min and max - * (in bytes) */ - uint32_t inc; - } aad_len; - -} odp_crypto_auth_capability_t; - -/** * Query crypto capabilities * * Outputs crypto capabilities on success. @@ -582,16 +82,20 @@ int odp_crypto_auth_capability(odp_auth_alg_t auth, * * Create a crypto session according to the session parameters. Use * odp_crypto_session_param_init() to initialize parameters into their - * default values. + * default values. If call ends up with an error no new session will be + * created. * - * @param param Session parameters - * @param session Created session else ODP_CRYPTO_SESSION_INVALID - * @param status Failure code if unsuccessful + * The parameter structure as well as the key and IV data pointed to by it + * can be freed after the call. + * + * @param param Session parameters + * @param[out] session Created session else ODP_CRYPTO_SESSION_INVALID + * @param[out] status Failure code if unsuccessful * * @retval 0 on success * @retval <0 on failure */ -int odp_crypto_session_create(odp_crypto_session_param_t *param, +int odp_crypto_session_create(const odp_crypto_session_param_t *param, odp_crypto_session_t *session, odp_crypto_ses_create_err_t *status); @@ -609,97 +113,217 @@ int odp_crypto_session_create(odp_crypto_session_param_t *param, int odp_crypto_session_destroy(odp_crypto_session_t session); /** - * Return crypto completion handle that is associated with event - * - * Note: any invalid parameters will cause undefined behavior and may cause - * the application to abort or crash. + * Get printable value for an odp_crypto_session_t * - * @param ev An event of type ODP_EVENT_CRYPTO_COMPL + * @param hdl odp_crypto_session_t handle to be printed + * @return uint64_t value that can be used to print/display this + * handle * - * @return crypto completion handle + * @note This routine is intended to be used for diagnostic purposes + * to enable applications to generate a printable value that represents + * an odp_crypto_session_t handle. */ -odp_crypto_compl_t odp_crypto_compl_from_event(odp_event_t ev); +uint64_t odp_crypto_session_to_u64(odp_crypto_session_t hdl); /** - * Convert crypto completion handle to event handle + * Initialize crypto session parameters * - * @param completion_event Completion event to convert to generic event + * Initialize an odp_crypto_session_param_t to its default values for + * all fields. * - * @return Event handle + * @param param Pointer to odp_crypto_session_param_t to be initialized */ -odp_event_t odp_crypto_compl_to_event(odp_crypto_compl_t completion_event); +void odp_crypto_session_param_init(odp_crypto_session_param_t *param); /** - * Release crypto completion event + * Return crypto processed packet that is associated with event * - * @param completion_event Completion event we are done accessing - */ -void odp_crypto_compl_free(odp_crypto_compl_t completion_event); - -/** - * Crypto per packet operation + * Get packet handle to an crypto processed packet event. Event subtype must be + * ODP_EVENT_PACKET_CRYPTO. Crypto operation results can be examined with + * odp_crypto_result(). * - * Performs the cryptographic operations specified during session creation - * on the packet. If the operation is performed synchronously, "posted" - * will return FALSE and the result of the operation is immediately available. - * If "posted" returns TRUE the result will be delivered via the completion - * queue specified when the session was created. + * Note: any invalid parameters will cause undefined behavior and may cause + * the application to abort or crash. * - * @param param Operation parameters - * @param posted Pointer to return posted, TRUE for async operation - * @param result Results of operation (when posted returns FALSE) + * @param ev Event handle * - * @retval 0 on success - * @retval <0 on failure + * @return Packet handle */ -int odp_crypto_operation(odp_crypto_op_param_t *param, - odp_bool_t *posted, - odp_crypto_op_result_t *result); +odp_packet_t odp_crypto_packet_from_event(odp_event_t ev); /** - * Crypto per packet operation query result from completion event + * Convert crypto packet handle to event + * + * The packet handle must be an output of an crypto operation. * - * @param completion_event Event containing operation results - * @param result Pointer to result structure + * @param pkt Packet handle from crypto operation + * + * @return Event handle */ -void odp_crypto_compl_result(odp_crypto_compl_t completion_event, - odp_crypto_op_result_t *result); +odp_event_t odp_crypto_packet_to_event(odp_packet_t pkt); /** - * Get printable value for an odp_crypto_session_t + * Get crypto operation results from a crypto processed packet * - * @param hdl odp_crypto_session_t handle to be printed - * @return uint64_t value that can be used to print/display this - * handle + * Crypto operations of all types (SYNC and ASYNC) produce packets which + * contain crypto result metadata. This function returns success status + * of the crypto operation that was applied to a packet and optionally + * writes additional information in a result structure. * - * @note This routine is intended to be used for diagnostic purposes - * to enable applications to generate a printable value that represents - * an odp_crypto_session_t handle. + * If the crypto operation succeeded, zero is returned and the values + * written in the cipher_status and auth_status fields of the result + * structure have undefined values. + * + * If the crypto operation failed, -1 is returned and the cipher_status + * and auth_status fields of the result structure indicate the reason for + * the failure. + * + * The subtype of the passed packet must be ODP_EVENT_PACKET_CRYPTO, + * otherwise the result of the call is undefined. + * + * @param packet A crypto processed packet (ODP_EVENT_PACKET_CRYPTO) + * @param[out] result Pointer to operation result for output or NULL + * + * @retval 0 Crypto operation succeeded + * @retval -1 Crypto operation failed + * @retval <-1 Failed to get crypto operation status of the packet */ -uint64_t odp_crypto_session_to_u64(odp_crypto_session_t hdl); +int odp_crypto_result(odp_crypto_packet_result_t *result, + odp_packet_t packet); /** - * Get printable value for an odp_crypto_compl_t + * Crypto packet operation * - * @param hdl odp_crypto_compl_t handle to be printed - * @return uint64_t value that can be used to print/display this - * handle + * Performs the SYNC cryptographic operations specified during session creation + * on the packets. All arrays should be of num_pkt size. * - * @note This routine is intended to be used for diagnostic purposes - * to enable applications to generate a printable value that represents - * an odp_crypto_compl_t handle. + * Result of the crypto operation can be checked using odp_crypto_result(). + * Parse flags in packet metadata are not affected by the crypto operation. + * In particular, odp_packet_has_error() can not be used for checking if the + * crypto operation succeeded. + * + * Use of the pkt_out parameter depends on the configured crypto operation + * type as described below. + * + * ODP_CRYPTO_OP_TYPE_LEGACY: + * + * Caller should initialize each element of pkt_out either with the desired + * output packet handle or with ODP_PACKET_INVALID to make ODP allocate a new + * packet from provided pool. + * + * All packet data and metadata are copied from the input packet to the output + * packet before the requested crypto operation is performed to the output + * packet. If an output packet is given to the operation, it must be at least + * as long as the input packet and, in encode operations, long enough for the + * hash result to be fully inside the packet data. Memory layout of the output + * packet may change during the crypto operation. If the output packet is + * longer than needed, it is not truncated and the extra data bytes retain + * their content. + * + * It is ok to pass the same packet handle as both the input packet and the + * output packet for the same crypto operation. In that case the input packet + * is consumed but returned as the output packet (with possibly different + * memory layout). + * + * ODP_CRYPTO_OP_TYPE_BASIC: + * + * ODP allocates the output packet from the pool from which the input + * packet was allocated. The processed input packet is consumed. All + * packet data and metadata are copied from the input packet to the output + * packet before the requested crypto operation is applied to the output + * packet. Memory layout (including packet data pointers, head and tail room, + * segmentation) of the output packet may differ from that of the input + * packet. + * + * The value of pkt_out[n] is ignored as pkt_out[n] is used purely as an + * output parameter that returns the handle of the newly allocated packet. + * + * ODP_CRYPTO_OP_TYPE_OOP: + * + * Writes the output bytes of the crypto operation in a caller provided + * output packet passed through pkt_out[n]. Input packets are not consumed + * nor modified. Memory layout (including packet data pointers, head and + * tail room, segmentation) of the output packet may change during the + * operation. + * + * Crypto output is the processed crypto_range, auth_range and + * MAC/digest (in encode sessions) of the input packet. The operation + * behaves as if crypto range and auth range were first copied from the + * input packet to the output packet and then the crypto operation + * was applied to the output packet. + * + * Auth range of (AEAD) algorithms that ignore auth range is not copied. + * + * The offset of the crypto range and auth range in the output packet is + * the same as in the input packet, adjusted by dst_offset_shift operation + * parameter. + * + * pkt_out[n] must be a valid handle to a packet that is long enough to + * contain the shifted crypto range, auth range and, in encode sessions, + * the MAC/digest result. pkt_out[n] must not be the same as any input + * packet or any other output packet. + * + * OOP_CRYPTO_OP_TYPE_BASIC_AND_OOP: + * + * Behaves as the ODP_CRYPTO_OP_TYPE_BASIC operation type if pkt_out[n] is + * ODP_PACKET_INVALID. Otherwise behaves as the ODP_CRYPTO_OP_TYPE_OOP + * operation type. + * + * @param pkt_in Packets to be processed + * @param[in,out] pkt_out Packet handle array for resulting packets + * @param param Operation parameters array + * @param num_pkt Number of packets to be processed + * + * @return Number of input packets processed (0 ... num_pkt) + * @retval <0 on failure */ -uint64_t odp_crypto_compl_to_u64(odp_crypto_compl_t hdl); +int odp_crypto_op(const odp_packet_t pkt_in[], + odp_packet_t pkt_out[], + const odp_crypto_packet_op_param_t param[], + int num_pkt); /** - * Initialize crypto session parameters + * Crypto packet operation * - * Initialize an odp_crypto_session_param_t to its default values for - * all fields. + * Performs the ASYNC cryptographic operations specified during session + * creation on the packets. Behaves otherwise like odp_crypto_op() but + * returns output packets through events. * - * @param param Pointer to odp_crypto_session_param_t to be initialized + * With operation types other than ODP_CRYPTO_OP_TYPE_LEGACY, packet + * data of processed packets may not be valid before odp_crypto_result() + * has been called. + * + * With ODP_CRYPTO_OP_TYPE_OOP, an enqueued input packet is consumed but + * returned back unmodified after the crypto operation is complete. The + * caller may not access the input packet until getting the handle back + * through odp_crypto_result(). + * + * All arrays should be of num_pkt size, except that pkt_out parameter + * is ignored when the crypto operation type is ODP_CRYPTO_OP_TYPE_BASIC. + * + * From packet ordering perspective this function behaves as if each input + * packet was enqueued to a crypto session specific ODP queue in the order + * the packets appear in the parameter array. The conceptual session input + * queue has the same order type (ODP_QUEUE_ORDER_KEEP or + * ODP_QUEUE_ORDER_IGNORE) as the completion queue of the session. + * The order of output events of a crypto session in a completion queue is + * the same as the order of the corresponding input packets in the conceptual + * session input queue. The order of output events of different crypto + * sessions is not defined even when they go through the same crypto + * completion queue. + * + * @param pkt_in Packets to be processed + * @param pkt_out Packet handle array for resulting packets + * @param param Operation parameters array + * @param num_pkt Number of packets to be processed + * + * @return Number of input packets consumed (0 ... num_pkt) + * @retval <0 on failure */ -void odp_crypto_session_param_init(odp_crypto_session_param_t *param); +int odp_crypto_op_enq(const odp_packet_t pkt_in[], + const odp_packet_t pkt_out[], + const odp_crypto_packet_op_param_t param[], + int num_pkt); /** * @} |