From: Damian Nowak <damianx.nowak@intel.com>
To: dev@dpdk.org
Cc: fiona.trahe@intel.com, arkadiuszx.kusztal@intel.com,
Damian Nowak <damianx.nowak@intel.com>
Subject: [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations
Date: Fri, 7 Jun 2019 12:05:58 +0200 [thread overview]
Message-ID: <20190607100608.16212-2-damianx.nowak@intel.com> (raw)
In-Reply-To: <20190607100608.16212-1-damianx.nowak@intel.com>
This patch explains what are the conditions
and how to use digest appended for auth-cipher
operations.
Signed-off-by: Damian Nowak <damianx.nowak@intel.com>
---
lib/librte_cryptodev/rte_crypto_sym.h | 43 +++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/lib/librte_cryptodev/rte_crypto_sym.h b/lib/librte_cryptodev/rte_crypto_sym.h
index c80e90e..b211bf5 100644
--- a/lib/librte_cryptodev/rte_crypto_sym.h
+++ b/lib/librte_cryptodev/rte_crypto_sym.h
@@ -662,6 +662,49 @@ struct rte_crypto_sym_op {
* physically contiguous memory at this
* location.
*
+ * @note
+ * Digest can be generated, appended to
+ * the end of raw data and encrypted
+ * together using chained digest
+ * generation
+ * (@ref RTE_CRYPTO_AUTH_OP_GENERATE)
+ * and encryption
+ * (@ref RTE_CRYPTO_CIPHER_OP_ENCRYPT)
+ * xforms. Similarly, authentication
+ * of the raw data against appended,
+ * decrypted digest, can be performed
+ * using decryption
+ * (@ref RTE_CRYPTO_CIPHER_OP_DECRYPT)
+ * and digest verification
+ * (@ref RTE_CRYPTO_AUTH_OP_VERIFY)
+ * chained xforms.
+ * To perform those operations, a few
+ * additional conditions must be met:
+ * - caller must allocate at least
+ * digest_length of memory at the end of
+ * source and (in case of out-of-place
+ * operations) destination buffer; those
+ * buffers can be linear or split using
+ * scatter-gather lists,
+ * - digest data pointer must point to
+ * the end of source or (in case of
+ * out-of-place operations) destination
+ * data, which is pointer to the raw
+ * data buffer + auth.data.offset +
+ * auth.data.length,
+ * - cipher.data.offset +
+ * cipher.data.length must be greater
+ * than auth.data.offset +
+ * auth.data.length and is typically
+ * equal to auth.data.offset +
+ * auth.data.length + digest_length.
+ *
+ * Note, that for security reasons, it
+ * is PMDs' responsibility to not
+ * leave an unencrypted digest in any
+ * buffer after performing auth-cipher
+ * operations.
+ *
* For digest generation, the digest result
* will overwrite any data at this location.
*
--
2.7.4
next prev parent reply other threads:[~2019-06-07 10:09 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-03 14:50 [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 1/9] crypto/qat: check buffer size for oop auth-cipher Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 2/9] test/crypto: add snow3g test cases for oop operation Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 3/9] test/crypto: add kasumi " Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 4/9] test/crypto: add sgl test cases for ip and oop Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 5/9] cryptodev: document usage of digest-appended operations Nowak
2019-06-04 9:11 ` Mcnamara, John
2019-06-03 14:50 ` [dpdk-dev] [PATCH 6/9] cryptodev: add digest encrypted feature flag Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 7/9] crypto/qat: " Nowak
2019-06-04 13:45 ` Trahe, Fiona
2019-06-03 14:50 ` [dpdk-dev] [PATCH 8/9] test/crypto: add digest encrypted feature flag check Nowak
2019-06-03 14:50 ` [dpdk-dev] [PATCH 9/9] test/crypto: return correct value if feature not supported Nowak
2019-06-04 13:16 ` [dpdk-dev] [PATCH 0/9] add QAT support for digest encrypted Trahe, Fiona
2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 00/10] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-06-07 10:05 ` Damian Nowak [this message]
2019-06-13 13:56 ` [dpdk-dev] [PATCH v2 01/10] cryptodev: document usage of digest-appended operations Trahe, Fiona
2019-06-07 10:05 ` [dpdk-dev] [PATCH v2 02/10] cryptodev: add digest encrypted feature flag Damian Nowak
2019-06-13 14:16 ` Trahe, Fiona
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 03/10] crypto/qat: handle buffer size for digest-encrypted auth-cipher Damian Nowak
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 04/10] crypto/qat: add digest encrypted feature flag Damian Nowak
2019-06-13 8:18 ` Akhil Goyal
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 05/10] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 06/10] test/crypto: add kasumi " Damian Nowak
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 07/10] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 08/10] test/crypto: return correct value if feature not supported Damian Nowak
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 09/10] doc/crypto: document digest-encrypted limitations in qat Damian Nowak
2019-06-13 8:12 ` Akhil Goyal
2019-06-07 10:06 ` [dpdk-dev] [PATCH v2 10/10] doc: update release notes for 19.08 Damian Nowak
2019-06-13 8:14 ` Akhil Goyal
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Damian Nowak
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 1/8] cryptodev: document usage of digest-appended operations Damian Nowak
2019-07-03 16:13 ` De Lara Guarch, Pablo
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 2/8] cryptodev: add digest encrypted feature flag Damian Nowak
2019-07-03 16:14 ` De Lara Guarch, Pablo
2019-07-05 7:10 ` Akhil Goyal
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 3/8] crypto/qat: extend support for digest-encrypted auth-cipher Damian Nowak
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 4/8] test/crypto: add snow3g test cases for auth-cipher Damian Nowak
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 5/8] test/crypto: add zuc " Damian Nowak
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 6/8] test/crypto: add kasumi " Damian Nowak
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 7/8] test/crypto: add sgl test cases for ip and oop Damian Nowak
2019-07-03 11:15 ` [dpdk-dev] [PATCH v3 8/8] test/crypto: return correct value if feature not supported Damian Nowak
2019-07-03 15:28 ` [dpdk-dev] [PATCH v3 0/8] cryptodev: support encrypted-digest use-cases Trahe, Fiona
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190607100608.16212-2-damianx.nowak@intel.com \
--to=damianx.nowak@intel.com \
--cc=arkadiuszx.kusztal@intel.com \
--cc=dev@dpdk.org \
--cc=fiona.trahe@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).