Data Structures | |
| struct | doca_flow_crypto_key_cfg |
| doca flow crypto key configuration More... | |
Functions | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_master_key_rotate (struct doca_flow_port *port) |
| Rotate PSP master key. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_spi_key_bulk_alloc (struct doca_flow_port *port, enum doca_flow_crypto_key_type key_type, uint32_t nr_spi_keys, struct doca_flow_crypto_psp_spi_key_bulk **spi_key_bulk) |
| Allocate an array of spi and key pairs. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_spi_key_bulk_generate (struct doca_flow_crypto_psp_spi_key_bulk *spi_key_bulk) |
| Fill a bulk with new pairs of SPI and key. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_spi_key_bulk_get (struct doca_flow_crypto_psp_spi_key_bulk *spi_key_bulk, uint32_t spi_key_idx, uint32_t *spi, uint32_t *key) |
| Get SPI and key for specific index in the bulk. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_spi_key_wipe (struct doca_flow_crypto_psp_spi_key_bulk *spi_key_bulk, uint32_t spi_key_idx) |
| Wipe the memory of a key for specific index in the bulk. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_spi_key_bulk_clear (struct doca_flow_crypto_psp_spi_key_bulk *spi_key_bulk) |
| Clear the bulk data. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_psp_spi_key_bulk_free (struct doca_flow_crypto_psp_spi_key_bulk *spi_key_bulk) |
| Free the memory for spi key bulk. More... | |
| DOCA_EXPERIMENTAL int | doca_flow_crypto_ipsec_resource_handle (struct doca_flow_port *port, uint64_t quota, uint32_t max_processed_resources) |
| Handle ipsec resources. More... | |
| DOCA_EXPERIMENTAL doca_error_t | doca_flow_crypto_ipsec_update_sn (uint32_t shared_res_id, uint64_t sequence_number) |
| Update the sequence number state for specific resource. More... | |
Detailed Description
DOCA HW offload flow cryptonet structure define. For more details please refer to the user guide on DOCA devzone.
Enumeration Type Documentation
◆ doca_flow_crypto_action_type
doca flow crypto operation action type
| Enumerator | |
|---|---|
| DOCA_FLOW_CRYPTO_ACTION_NONE | No crypto action performed |
| DOCA_FLOW_CRYPTO_ACTION_ENCRYPT | Perform encryption |
| DOCA_FLOW_CRYPTO_ACTION_DECRYPT | Perform decryption/authentication |
Definition at line 60 of file doca_flow_crypto.h.
◆ doca_flow_crypto_encap_action_type
doca flow crypto operation reformat type
| Enumerator | |
|---|---|
| DOCA_FLOW_CRYPTO_REFORMAT_NONE | No reformat action performed |
| DOCA_FLOW_CRYPTO_REFORMAT_ENCAP | Perform encapsulation action |
| DOCA_FLOW_CRYPTO_REFORMAT_DECAP | Perform decapsulation action |
Definition at line 72 of file doca_flow_crypto.h.
◆ doca_flow_crypto_encap_net_type
doca flow crypto operation encapsulation header type
Definition at line 84 of file doca_flow_crypto.h.
◆ doca_flow_crypto_icv_len
doca flow crypto ICV length
| Enumerator | |
|---|---|
| DOCA_FLOW_CRYPTO_ICV_LENGTH_8 | size of 8 bit |
| DOCA_FLOW_CRYPTO_ICV_LENGTH_12 | size of 12 bit |
| DOCA_FLOW_CRYPTO_ICV_LENGTH_16 | size of 16 bit |
Definition at line 122 of file doca_flow_crypto.h.
◆ doca_flow_crypto_key_type
doca flow crypto key type
| Enumerator | |
|---|---|
| DOCA_FLOW_CRYPTO_KEY_128 | Key type 128 |
| DOCA_FLOW_CRYPTO_KEY_256 | Key type 256 |
Definition at line 112 of file doca_flow_crypto.h.
◆ doca_flow_crypto_replay_win_size
doca flow crypto replay window size
Definition at line 134 of file doca_flow_crypto.h.
◆ doca_flow_crypto_resource_type
doca flow crypto operation resource type
| Enumerator | |
|---|---|
| DOCA_FLOW_CRYPTO_RESOURCE_NONE | No security resource engaged |
| DOCA_FLOW_CRYPTO_RESOURCE_IPSEC_SA | IPsec resource action |
| DOCA_FLOW_CRYPTO_RESOURCE_PSP | PSP resource action |
Definition at line 48 of file doca_flow_crypto.h.
◆ doca_flow_crypto_sn_offload_type
doca flow crypto SN offload type
| Enumerator | |
|---|---|
| DOCA_FLOW_CRYPTO_SN_OFFLOAD_INC | Increment sequence number - encrypt direction |
| DOCA_FLOW_CRYPTO_SN_OFFLOAD_AR | Anti-replay - decrypt direction |
Definition at line 148 of file doca_flow_crypto.h.
Function Documentation
◆ doca_flow_crypto_ipsec_resource_handle()
| DOCA_EXPERIMENTAL int doca_flow_crypto_ipsec_resource_handle | ( | struct doca_flow_port * | port, |
| uint64_t | quota, | ||
| uint32_t | max_processed_resources | ||
| ) |
Handle ipsec resources.
Update relevant data according to HW state. This API must be called in order to keep a valid state of a sequence number.
Handling of resources can take too much time, so we split each cycle to small chunks that are limited by some time quota.
As long as the function doesn't return -1, more resources are pending processing for this cycle.
- Parameters
-
[in] port Port to handle resources [in] quota Max time quota in micro seconds, 0: no limit. [in] max_processed_resources Max resource for this function to handle, 0: no limit.
- Returns
0 no resource handled in current call. -1 full cycle done.0 the number of handled resources.
◆ doca_flow_crypto_ipsec_update_sn()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_ipsec_update_sn | ( | uint32_t | shared_res_id, |
| uint64_t | sequence_number | ||
| ) |
Update the sequence number state for specific resource.
When sn_offload is disabled, in order to keep a valid state of the SA this function need to be called on each packet with the current sequence number.
- Parameters
-
[in] shared_res_id ipsec SA shared resource ID [in] sequence_number current sequence number
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_master_key_rotate()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_master_key_rotate | ( | struct doca_flow_port * | port | ) |
Rotate PSP master key.
This API is used to rotate PSP master key. New key will be used to generate pairs of SPI and key, and old key is still valid for decryption until another key rotate will be called.
- Parameters
-
[in] port Pointer to doca flow port.
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_DRIVER - driver error.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_spi_key_bulk_alloc()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_spi_key_bulk_alloc | ( | struct doca_flow_port * | port, |
| enum doca_flow_crypto_key_type | key_type, | ||
| uint32_t | nr_spi_keys, | ||
| struct doca_flow_crypto_psp_spi_key_bulk ** | spi_key_bulk | ||
| ) |
Allocate an array of spi and key pairs.
This API is used to allocate the memory needed for the array, based on the key type and the number of spi keys.
To fill the array need to call doca_flow_crypto_psp_spi_key_bulk_generate function To free the memory need to call doca_flow_crypto_psp_spi_key_bulk_free function
- Parameters
-
[in] port Pointer to doca flow port. [in] key_type DOCA_FLOW_CRYPTO_KEY_128 or DOCA_FLOW_CRYPTO_KEY_256. [in] nr_spi_keys Array length. [in] spi_key_bulk Spi key bulk handler on success
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_NO_MEMORY - memory allocation failed.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_spi_key_bulk_clear()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_spi_key_bulk_clear | ( | struct doca_flow_crypto_psp_spi_key_bulk * | spi_key_bulk | ) |
Clear the bulk data.
Clear the allocated bulk data. After all the keys in the bulk were disposed, if the user is going to generate new bulk in the future, it is recommended to clear the bulk memory with this API.
- Parameters
-
[in] spi_key_bulk pointer to spi key bulk
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_spi_key_bulk_free()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_spi_key_bulk_free | ( | struct doca_flow_crypto_psp_spi_key_bulk * | spi_key_bulk | ) |
Free the memory for spi key bulk.
- Parameters
-
[in] spi_key_bulk pointer to spi key bulk
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_spi_key_bulk_generate()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_spi_key_bulk_generate | ( | struct doca_flow_crypto_psp_spi_key_bulk * | spi_key_bulk | ) |
Fill a bulk with new pairs of SPI and key.
Fill an allocated bulk object with new pairs, based on the key type and number of spi keys. This API can be used more than once on allocated bulk.
To get a pair based on an index need to call doca_flow_crypto_psp_spi_key_bulk_get function
- Parameters
-
[in] spi_key_bulk pointer to spi key bulk
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_DRIVER - memory allocation failed.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_spi_key_bulk_get()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_spi_key_bulk_get | ( | struct doca_flow_crypto_psp_spi_key_bulk * | spi_key_bulk, |
| uint32_t | spi_key_idx, | ||
| uint32_t * | spi, | ||
| uint32_t * | key | ||
| ) |
Get SPI and key for specific index in the bulk.
- Parameters
-
[in] spi_key_bulk pointer to spi key bulk [in] spi_key_idx Index in the bulk [in] spi pointer to the spi [in] key pointer to the key
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_UNKNOWN - otherwise.
◆ doca_flow_crypto_psp_spi_key_wipe()
| DOCA_EXPERIMENTAL doca_error_t doca_flow_crypto_psp_spi_key_wipe | ( | struct doca_flow_crypto_psp_spi_key_bulk * | spi_key_bulk, |
| uint32_t | spi_key_idx | ||
| ) |
Wipe the memory of a key for specific index in the bulk.
- Parameters
-
[in] spi_key_bulk pointer to spi key bulk [in] spi_key_idx Index in the bulk
- Returns
- DOCA_SUCCESS - in case of success. Error code - in case of failure:
- DOCA_ERROR_INVALID_VALUE - received invalid input.
- DOCA_ERROR_UNKNOWN - otherwise.
