odp
odp copied to clipboard
OpenDataPlane
[PATCH v4] api: crypto: clarify current API and add new "operation types"
This PR has the following patches:
-
api: crypto: clarify that input packet is fully copied to output packet
- no functional changes but better description on the expected functionality
-
api: crypto: introduce a session parameter to control output packet handling
- add "operation type" session parameter with three values:
- legacy: backward compatible behaviour
- copy: output packet allocated by ODP, copied from input packet and processed
- add "operation type" session parameter with three values:
-
api: crypto: add an operation type that combines two packets
- add combine crypto op type: crypto output of input packet is written into a second packet (a copy of it), preserving other data and metadata of the second packet
-
api: crypto: do not always consume input packets
- add a per-packet flag to tell if a processed input packet should not be consumed but returned untouched.
v3: Split the second commit to two commits so that the addition of ODP_CRYPTO_OP_TYPE_COMBINE is now separate from the addition of the crypto op type. There are no actual code changes.
v4:
- Dropped the combine operation type and the input packet preservation from this PR.
- Renamed ODP_CRYPTO_OP_TYPE_COPY to ODP_CRYPTO_OP_TYPE_BASIC.
- Rebased
The combine operation type and input packet preservation patches (rebased on this PR) can be found in crypto-api-impr-2 branch for reference.
v5: Added new patch that adds an out-of-place crypto operation type that does not consume the input packet and writes output to a caller provided packet.
API changes look fine. Reviewed-by: Anoob Joseph [email protected]
@JannePeltonen Do you have plans to introduce unit tests?
v9:
- Clarify that the OOP mode works as if crypto-range and auth range were copied to the output packet and then the output packet was processed
- Clarify that output packets in the OOP mode must be separate
- Add input packet (in the OOP mode) in the result provided by odp_crypto_result() and make it clear that the input packet may not be used until the operation is complete
- Add a patch that allows post processing in odp_crypto_result() by requiring that the result function is called before packet data of the output packet can be assumed to be valid
v10: clarified the text regarding changing memory layout and removed the ambiguous "data offset" term.
v11:
This PR now depends on the commits of PR 1743 (removal of deprecated per-session IVs) and includes those commits as the first five commits. Those commits are not part of the review in this PR and will disappear as soon as they get merged to master and this PR then gets rebased.
Changes in V11:
- API changes regarding the out-of-place op type: clarify that dst_offset_shift is in bytes, specify that ignored crypto and auth ranges are not copied in the output packet, specify that the bytes in hash result location are not modified in the input packet but may be undefined in the corresponding location of the output packet if the hash result location overlaps the cipher or auth ranges.
- Added implementations: basic type is implemented by all crypto modules. OOP type only by the openssl module and in a very simple way.
v12
- fixed casting warnings on 32-bit systems
- added commits that revamp validation test code a bit and add tests for the new operation types
v14: rebased to get rid of the prerequisite commits that are now in master
Reviewed API spec changes in v14. Those are OK.
Reviewed implementation patches also. Only one comment on those.
v15: rebased, added review-tags in the API commits, made the grammar improvement in the API sentence, changed the type of the variable to signed (does not change the outcome).