From patchwork Wed Dec 7 15:35:37 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Bill Fischofer X-Patchwork-Id: 87126 Delivered-To: patch@linaro.org Received: by 10.140.20.101 with SMTP id 92csp377413qgi; Wed, 7 Dec 2016 07:36:43 -0800 (PST) X-Received: by 10.55.17.206 with SMTP id 75mr56255928qkr.10.1481125003413; Wed, 07 Dec 2016 07:36:43 -0800 (PST) Return-Path: Received: from lists.linaro.org (lists.linaro.org. [54.225.227.206]) by mx.google.com with ESMTP id r24si14722375qtb.183.2016.12.07.07.36.43; Wed, 07 Dec 2016 07:36:43 -0800 (PST) Received-SPF: pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) client-ip=54.225.227.206; Authentication-Results: mx.google.com; spf=pass (google.com: domain of lng-odp-bounces@lists.linaro.org designates 54.225.227.206 as permitted sender) smtp.mailfrom=lng-odp-bounces@lists.linaro.org; dmarc=pass (p=NONE dis=NONE) header.from=linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id F3A2460EF0; Wed, 7 Dec 2016 15:36:42 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on ip-10-142-244-252 X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL autolearn=disabled version=3.4.0 Received: from [127.0.0.1] (localhost [127.0.0.1]) by lists.linaro.org (Postfix) with ESMTP id 36D5562C80; Wed, 7 Dec 2016 15:35:51 +0000 (UTC) X-Original-To: lng-odp@lists.linaro.org Delivered-To: lng-odp@lists.linaro.org Received: by lists.linaro.org (Postfix, from userid 109) id B882B60E60; Wed, 7 Dec 2016 15:35:46 +0000 (UTC) Received: from mail-oi0-f50.google.com (mail-oi0-f50.google.com [209.85.218.50]) by lists.linaro.org (Postfix) with ESMTPS id 3A5BA60E60 for ; Wed, 7 Dec 2016 15:35:45 +0000 (UTC) Received: by mail-oi0-f50.google.com with SMTP id w63so420412459oiw.0 for ; Wed, 07 Dec 2016 07:35:45 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FpMZ//DOM0dzf6J8mwAkDZgz7hT/k4UGJ7L6sI6xhSA=; b=KDjdastXzGyM35isxSSKkGVvdjj/baM55ApoRlC+LAa0ZZgl0y5n+mSiW4l2ytGCDL Q6s2H+Kc1dn2mAW6W1/pDxz4PEqHD73C8K5LTrHrC+f3ZbELrljK+wgSenDtKubEYozH CD5oWo/R0oCD+WDebBLBb9NR3N7qFhrjuIgcgc0hIQmO6l/q2EwZnSdEWXNLovhf9Ijl ZTOTz9RD7eDwUerl2M1QKN5V4fpa5LBIHoE0QrYTpLl+VpaygTsPt8lB/l22pRodICVX OcojBum6/j60+EEuJGHsHarn+UAOElYZHemUATC4TUgVjeLJ3EO7I9+bSX3j4BpwFkGm +WRg== X-Gm-Message-State: AKaTC028CtgY/ydiLe8S1TkU8S7a3wF27SuJlV8EPdk0GHtqrbw2948fUUDQzugN+8ITzt6EZk8= X-Received: by 10.202.107.76 with SMTP id g73mr36456841oic.1.1481124944462; Wed, 07 Dec 2016 07:35:44 -0800 (PST) Received: from localhost.localdomain (cpe-70-121-83-241.austin.res.rr.com. [70.121.83.241]) by smtp.gmail.com with ESMTPSA id 31sm9326618otj.26.2016.12.07.07.35.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 07 Dec 2016 07:35:43 -0800 (PST) From: Bill Fischofer To: lng-odp@lists.linaro.org Date: Wed, 7 Dec 2016 09:35:37 -0600 Message-Id: <1481124937-8068-3-git-send-email-bill.fischofer@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1481124937-8068-1-git-send-email-bill.fischofer@linaro.org> References: <1481124937-8068-1-git-send-email-bill.fischofer@linaro.org> MIME-Version: 1.0 Subject: [lng-odp] [API-NEXT PATCHv7 3/3] doc: userguide: expand crypto documentation to cover random apis X-BeenThere: lng-odp@lists.linaro.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "The OpenDataPlane \(ODP\) List" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: lng-odp-bounces@lists.linaro.org Sender: "lng-odp" Clean up the crypto section of the User Guide and expand on the ODP random data APIs. Signed-off-by: Bill Fischofer --- doc/users-guide/users-guide-crypto.adoc | 92 +++++++++++++++++++++++++-------- 1 file changed, 71 insertions(+), 21 deletions(-) -- 2.7.4 diff --git a/doc/users-guide/users-guide-crypto.adoc b/doc/users-guide/users-guide-crypto.adoc index 04b3e87..fd117e9 100644 --- a/doc/users-guide/users-guide-crypto.adoc +++ b/doc/users-guide/users-guide-crypto.adoc @@ -1,7 +1,8 @@ == Cryptographic services ODP provides APIs to perform cryptographic operations required by various -communication protocols (e.g. IPSec). ODP cryptographic APIs are session based. +communication protocols (_e.g.,_ IPsec). ODP cryptographic APIs are session +based. ODP provides APIs for following cryptographic services: @@ -19,24 +20,26 @@ ODP supports synchronous and asynchronous crypto sessions. For asynchronous sessions, the output of crypto operation is posted in a queue defined as the completion queue in its session parameters. -ODP crypto APIs support chained operation sessions in which hashing and ciphering -both can be achieved using a single session and operation call. The order of -cipher and hashing can be controlled by the `auth_cipher_text` session parameter. +ODP crypto APIs support chained operation sessions in which hashing and +ciphering both can be achieved using a single session and operation call. The +order of cipher and hashing can be controlled by the `auth_cipher_text` +session parameter. Other Session parameters include algorithms, keys, initialization vector -(optional), encode or decode, output queue for async mode and output packet pool -for allocation of an output packet if required. +(optional), encode or decode, output queue for async mode and output packet +pool for allocation of an output packet if required. === Crypto operations After session creation, a cryptographic operation can be applied to a packet using the `odp_crypto_operation()` API. Applications may indicate a preference -for synchronous or asynchronous processing in the session's `pref_mode` parameter. -However crypto operations may complete synchronously even if an asynchronous -preference is indicated, and applications must examine the `posted` output -parameter from `odp_crypto_operation()` to determine whether the operation has -completed or if an `ODP_EVENT_CRYPTO_COMPL` notification is expected. In the case -of an async operation, the `posted` output parameter will be set to true. +for synchronous or asynchronous processing in the session's `pref_mode` +parameter. However crypto operations may complete synchronously even if an +asynchronous preference is indicated, and applications must examine the +`posted` output parameter from `odp_crypto_operation()` to determine whether +the operation has completed or if an `ODP_EVENT_CRYPTO_COMPL` notification is +expected. In the case of an async operation, the `posted` output parameter +will be set to true. The operation arguments specify for each packet the areas that are to be @@ -49,9 +52,9 @@ In case of out-of-place mode output packet is different from input packet as specified by the application, while in new buffer mode implementation allocates a new output buffer from the session’s output pool. -The application can also specify a context associated with a given operation that -will be retained during async operation and can be retrieved via the completion -event. +The application can also specify a context associated with a given operation +that will be retained during async operation and can be retrieved via the +completion event. Results of an asynchronous session will be posted as completion events to the session’s completion queue, which can be accessed directly or via the ODP @@ -60,12 +63,59 @@ result. The application has the responsibility to free the completion event. === Random number Generation -ODP provides an API `odp_random_data()` to generate random data bytes. It has -an argument to specify whether to use system entropy source for random number -generation or not. +ODP provides two APIs to generate various kinds of random data bytes. Random +data is characterized by _kind_, which specifies the "quality" of the +randomness required. ODP support three kinds of random data: + +ODP_RANDOM_BASIC:: No specific requirement other than the data appear to be +uniformly distributed. Suitable for load-balancing or other non-cryptographic +use. + +ODP_RANDOM_CRYPTO:: Data suitable for cryptographic use. This is a more +stringent requirement that the data pass tests for statistical randomness. + +ODP_RANDOM_TRUE:: Data generated from a hardware entropy source rather than +any software generated pseudo-random data. May not be available on all +platforms. + +The main API for accessing random data is: + +[source,c] +----- +int32_t odp_random_data(uint8_t buf, uint32_t len, odp_random_kind_t kind); +----- + +The expectation is that lesser-quality random is easier and faster to generate +while higher-quality random may take more time. Implementations are always free +to substitute a higher kind of random than the one requested if they are able +to do so more efficiently, however calls must return a failure indicator +(rc < 0) if a higher kind of data is requested than the implementation can +provide. This is most likely the case for ODP_RANDOM_TRUE since not all +platforms have access to a true hardware random number generator. + +The `odp_random_max_kind()` API returns the highest kind of random data +available on this implementation. + +For testing purposes it is often desirable to generate repeatable sequences +of "random" data. To address this need ODP provides the additional API: + +[source,c] +----- +int32_t odp_random_repeatable_data(uint8_t buf, uint32_t len, + odp_random_kind_t kind, uint32_t *seed); +----- + +This operates the same as `odp_random_data()` except that an additional `seed` +parameter is provide that specifies a seed value to use in generating the data. +This value is updated on each call, so repeated calls with the same variable +will generate a sequence of random data starting from the initial specified +seed. If another sequence of calls is made starting with the same initial seed +value, then `odp_random_seeded_data()` will return the same sequence of data +bytes. === Capability inquiries -ODP provides an API interface `odp_crypto_capability()` to inquire implementation’s -crypto capabilities. This interface returns a bitmask for supported algorithms -and hardware backed algorithms. +ODP provides the API `odp_crypto_capability()` to inquire the implementation’s +crypto capabilities. This interface returns a the maximum number of crypto +sessions supported as well as bitmasks for supported algorithms and hardware +backed algorithms. \ No newline at end of file