[dpdk-dev,RFC,v2,1/3] cryptodev: added asymmetric algorithms
Checks
Commit Message
Added asymmetric xform structures, operation definitions, operation
parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
libcrypto as of now).
Signed-off-by: Umesh Kartha <Umesh.Kartha@caviumnetworks.com>
---
lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
1 file changed, 1124 insertions(+)
create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
Comments
Hi Umesh,
> -----Original Message-----
> From: Umesh Kartha [mailto:Umesh.Kartha@caviumnetworks.com]
> Sent: Thursday, May 11, 2017 1:36 PM
> To: dev@dpdk.org
> Cc: Jerin Jacob <Jerin.JacobKollanukkaran@cavium.com>; Balasubramanian Manoharan
> <Balasubramanian.Manoharan@cavium.com>; Ram Kumar <Ram.Kumar@cavium.com>; Murthy
> Nidadavolu <Nidadavolu.Murthy@cavium.com>; Doherty, Declan <declan.doherty@intel.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
>
> Added asymmetric xform structures, operation definitions, operation
> parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
> MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
> libcrypto as of now).
>
> Signed-off-by: Umesh Kartha <Umesh.Kartha@caviumnetworks.com>
> ---
> lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
> 1 file changed, 1124 insertions(+)
> create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
>
> diff --git lib/librte_cryptodev/rte_crypto_asym.h lib/librte_cryptodev/rte_crypto_asym.h
> new file mode 100644
> index 0000000..36a8b4f
> --- /dev/null
> +++ lib/librte_cryptodev/rte_crypto_asym.h
> @@ -0,0 +1,1124 @@
> +/*
> + * BSD LICENSE
> + *
> + * Copyright (C) Cavium networks Ltd. 2017.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + *
> + * * Redistributions of source code must retain the above copyright
> + * notice, this list of conditions and the following disclaimer.
> + * * Redistributions in binary form must reproduce the above copyright
> + * notice, this list of conditions and the following disclaimer in
> + * the documentation and/or other materials provided with the
> + * distribution.
> + * * Neither the name of Cavium Networks nor the names of its
> + * contributors may be used to endorse or promote products derived
> + * from this software without specific prior written permission.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> + */
> +
> +#ifndef _RTE_CRYPTO_ASYM_H_
> +#define _RTE_CRYPTO_ASYM_H_
> +
> +/**
> + * @file rte_crypto_asym.h
> + *
> + * RTE Definitions for Asymmetric Cryptography
> + *
> + * Defines asymmetric algorithms and modes, as well as supported
> + * asymmetric crypto operations.
> + */
> +
> +#ifdef __cplusplus
> +extern "C" {
> +#endif
> +
> +#include <string.h>
> +#include <stdint.h>
> +#include <rte_mbuf.h>
> +#include <rte_memory.h>
> +#include <rte_mempool.h>
> +#include <rte_common.h>
> +#include "rte_crypto_sym.h"
> +
> +typedef struct rte_crypto_xform_param_t {
> + uint8_t *data;
> + size_t length;
> +} rte_crypto_xform_param;
> +
> +typedef struct rte_crypto_op_param_t {
> + uint8_t *data;
> + phys_addr_t phys_addr;
> + size_t length;
> +} rte_crypto_op_param;
[Fiona] Are both above lengths in bytes ?
> +
> +/** Asymmetric crypto transformation types */
> +enum rte_crypto_asym_xform_type {
> + RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
> + RTE_CRYPTO_ASYM_XFORM_RSA,
> + RTE_CRYPTO_ASYM_XFORM_MODEX,
> + RTE_CRYPTO_ASYM_XFORM_DH,
> + RTE_CRYPTO_ASYM_XFORM_ECDH,
> + RTE_CRYPTO_ASYM_XFORM_DSA,
> + RTE_CRYPTO_ASYM_XFORM_ECDSA,
> + RTE_CRYPTO_ASYM_XFORM_FECC,
> + RTE_CRYPTO_ASYM_XFORM_MODINV,
> + RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
> +};
> +
> +/**
> + * RSA operation type variants
> + */
> +enum rte_crypto_rsa_optype {
> + RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1,
[Fiona] Is there a reason for not starting at 0 in all these enums?
> + /**< RSA operation unspecified */
> + RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT,
> + /**< RSA public encrypt operation */
> + RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT,
> + /**< RSA private decrypt operation */
> + RTE_CRYPTO_RSA_OP_SIGN,
> + /**< RSA private key signature operation */
> + RTE_CRYPTO_RSA_OP_VERIFY,
> + /**< RSA public key verification operation */
> + RTE_CRYPTO_RSA_OP_LIST_END
> +};
> +
> +/**
> + * Padding types for RSA signature.
> + */
> +enum rte_crypto_rsa_padding_type {
> + RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1,
> + /**< RSA no padding scheme */
> + RTE_CRYPTO_RSA_PADDING_BT1,
> + /**< RSA PKCS#1 padding BT1 scheme */
> + RTE_CRYPTO_RSA_PADDING_BT2,
> + /**< RSA PKCS#1 padding BT2 scheme */
> + RTE_CRYPTO_RSA_PADDING_OAEP,
> + /**< RSA PKCS#1 OAEP padding scheme */
> + RTE_CRYPTO_RSA_PADDING_PSS,
> + /**< RSA PKCS#1 PSS padding scheme */
> + RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
> +};
> +
> +/**
> + * Modular exponentiaion operation type variants
> + */
> +enum rte_crypto_modex_optype {
> + RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1,
> + /**< ModEx operation type unspecified */
> + RTE_CRYPTO_MODEX_OP_MODEX,
> + /**< Modex operation modular exponentiation */
> + RTE_CRYPTO_MODEX_OP_LIST_END
> +};
> +
> +/**
> + * Modular Inverse operation type variants
> + */
> +enum rte_crypto_modeinv_optype {
> + RTE_CRYPTO_MODINV_OP_NOT_SPECIFIED = 1,
> + /**< ModInv operation type unspecified */
> + RTE_CRYPTO_MODINV_OP_MODINV,
> + /**< ModInv operation modular Inverse */
> + RTE_CRYPTO_MODEX_OP_LIST_END
> +};
> +
> +/**
> + * DSA operation type variants
> + */
> +enum rte_crypto_dsa_optype {
> + RTE_CRYPTO_DSA_OP_NOT_SPECIFIED = 1,
> + /**< DSA operation unspecified */
> + RTE_CRYPTO_DSA_OP_SIGN,
> + /**< DSA private key signature operation */
> + RTE_CRYPTO_DSA_OP_VERIFY,
> + /**< DSA public key verification operation */
> + RTE_CRYPTO_DSA_OP_LIST_END
> +};
> +
> +
> +/**
> + * ECDSA operation type variants
> + */
> +enum rte_crypto_ecdsa_optype {
> + RTE_CRYPTO_ECDSA_OP_NOT_SPECIFIED = 1,
> + /**< ECDSA operation unspecified */
> + RTE_CRYPTO_ECDSA_OP_SIGN,
> + /**< ECDSA private key signature operation */
> + RTE_CRYPTO_ECDSA_OP_VERIFY,
> + /**< ECDSA public key verification operation */
> + RTE_CRYPTO_ECDSA_OP_LIST_END
> +};
> +
> +/**
> + * Diffie Hellman Key operation variants
> + */
> +enum rte_crypto_dh_optype {
> + RTE_CRYPTO_DH_OP_NOT_SPECIFIED = 1,
> + /**< DH operation unspecified */
> + RTE_CRYPTO_DH_OP_KEY_GENERATION,
> + /**< DH private/public key generation operation */
> + RTE_CRYPTO_DH_OP_KEY_COMPUTATION,
> + /**< DH private key computation operation */
> + RTE_CRYPTO_DH_OP_LIST_END
> +};
> +
> +/**
> + * Elliptic Curve Diffie Hellman Key operation variants
> + */
> +enum rte_crypto_ecdh_optype {
> + RTE_CRYPTO_ECDH_OP_NOT_SPECIFIED = 1,
> + /**< ECDH operation unspecified */
> + RTE_CRYPTO_ECDH_OP_KEY_GENERATION,
> + /**< ECDH private/public key generation operation */
> + RTE_CRYPTO_ECDH_OP_KEY_CHECK,
> + /**< ECDH public key validity check operation */
> + RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION,
> + /**< ECDH private key computation operation */
> + RTE_CRYPTO_ECDH_OP_LIST_END
> +};
> +
> +/**
> + * Fundamental ECC operation type variants.
> + */
> +enum rte_crypto_fecc_optype {
> + RTE_CRYPTO_FECC_OP_NOT_SPECIFIED = 1,
> + /**< FECC operation type unspecified */
> + RTE_CRYPTO_FECC_OP_POINT_ADD,
> + /**< Fundamental ECC point addition operation */
> + RTE_CRYPTO_FECC_OP_POINT_DBL,
> + /**< Fundamental ECC point doubling operation */
> + RTE_CRYPTO_FECC_OP_POINT_MULTIPLY,
> + /**< Fundamental ECC point multiplication operation */
> + RTE_CRYPTO_FECC_OP_LIST_END
> +};
> +
> +/**
> + * ECC list of curves.
> + */
> +enum rte_crypto_ec_prime_curve {
> + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
[Fiona] Why -1 ?
> + /**< Unspecified or empty curve id */
> + RTE_CRYPTO_EC_CURVE_secp112r1,
> + /**< SECG/WTLS curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp112r2,
> + /**< SECG curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp128r1,
> + /**< SECG curve over a 128 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp128r2,
> + /**< SECG curve over a 128 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp160k1,
> + /**< SECG curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp160r1,
> + /**< SECG curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp160r2,
> + /**< SECG/WTLS curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp192k1,
> + /**< SECG curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp224k1,
> + /**< SECG curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp224r1,
> + /**< NIST/SECG curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp256k1,
> + /**< SECG curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp384r1,
> + /**< NIST/SECG curve over a 384 bit prime field */
> + RTE_CRYPTO_EC_CURVE_secp521r1,
> + /**< NIST/SECG curve over a 521 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime192v1,
> + /**< NIST/X9.62/SECG curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime192v2,
> + /**< X9.62 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime192v3,
> + /**< X9.62 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime239v1,
> + /**< X9.62 curve over a 239 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime239v2,
> + /**< X9.62 curve over a 239 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime239v3,
> + /**< X9.62 curve over a 239 bit prime field */
> + RTE_CRYPTO_EC_CURVE_prime256v1,
> + /**< X9.62/SECG curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6,
> + /**< SECG/WTLS curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7,
> + /**< SECG/WTLS curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8,
> + /**< WTLS curve over a 112 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9,
> + /**< WTLS curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12,
> + /**< WTLS curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP160r1,
> + /**< RFC 5639 curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP160t1,
> + /**< RFC 5639 curve over a 160 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP192r1,
> + /**< RFC 5639 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP192t1,
> + /**< RFC 5639 curve over a 192 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP224r1,
> + /**< RFC 5639 curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP224t1,
> + /**< RFC 5639 curve over a 224 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP256r1,
> + /**< RFC 5639 curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP256t1,
> + /**< RFC 5639 curve over a 256 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP320r1,
> + /**< RFC 5639 curve over a 320 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP320t1,
> + /**< RFC 5639 curve over a 320 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP384r1,
> + /**< RFC 5639 curve over a 384 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP384t1,
> + /**< RFC 5639 curve over a 384 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP512r1,
> + /**< RFC 5639 curve over a 512 bit prime field */
> + RTE_CRYPTO_EC_CURVE_brainpoolP512t1,
> + /**< RFC 5639 curve over a 512 bit prime field */
> + RTE_CRYPTO_EC_CURVE_x25519,
> + /**< Curve 25519 */
> + RTE_CRYPTO_EC_CURVE_LIST_END
> +};
> +
> +enum rte_crypto_ec_binary_curve {
> + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
> + /**< Unspecified or empty curve id */
> + RTE_CRYPTO_EC_CURVE_sect113r1,
> + /**< SECG curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect113r2,
> + /**< SECG curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect131r1,
> + /**< SECG/WTLS curve over a 131 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect131r2,
> + /**< SECG curve over a 131 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect163k1,
> + /**< NIST/SECG/WTLS curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect163r1,
> + /**< SECG curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect163r2,
> + /**< NIST/SECG curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect193r1,
> + /**< SECG curve over a 193 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect193r2,
> + /**< SECG curve over a 193 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect233k1,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect233r1,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect239k1,
> + /**< SECG curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect283k1,
> + /**< NIST/SECG curve over a 283 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect283r1,
> + /**< NIST/SECG curve over a 283 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect409k1,
> + /**< NIST/SECG curve over a 409 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect409r1,
> + /**< NIST/SECG curve over a 409 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect571k1,
> + /**< NIST/SECG curve over a 571 bit binary field */
> + RTE_CRYPTO_EC_CURVE_sect571r1,
> + /**< NIST/SECG curve over a 571 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb163v1,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb163v2,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb163v3,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb176v1,
> + /**< X9.62 curve over a 176 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb191v1,
> + /**< X9.62 curve over a 191 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb191v2,
> + /**< X9.62 curve over a 191 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb191v3,
> + /**< X9.62 curve over a 191 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb208w1,
> + /**< X9.62 curve over a 208 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb239v1,
> + /**< X9.62 curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb239v2,
> + /**< X9.62 curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb239v3,
> + /**< X9.62 curve over a 239 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb272w1,
> + /**< X9.62 curve over a 272 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb304w1,
> + /**< X9.62 curve over a 304 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb359v1,
> + /**< X9.62 curve over a 359 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2pnb368w1,
> + /**< X9.62 curve over a 368 bit binary field */
> + RTE_CRYPTO_EC_CURVE_c2tnb431r1,
> + /**< X9.62 curve over a 431 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1,
> + /**< WTLS curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3,
> + /**< NIST/SECG/WTLS curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4,
> + /**< SECG curve over a 113 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5,
> + /**< X9.62 curve over a 163 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11,
> + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> + RTE_CRYPTO_EC_CURVE_LIST_END
> +};
> +
> +/**
> + * Elliptic curve point format
> + */
> +struct rte_crypto_ec_point {
> + struct {
> + int length;
> + uint8_t *data;
> + phys_addr_t phys_addr;
> + /**< phys_addr is used only for points passed in the
> + * asym_op structure.
> + */
> + } x;
> + /**< X co-ordinate */
> +
> + struct {
> + int length;
> + uint8_t *data;
> + phys_addr_t phys_addr;
> + /**< phys_addr is used only for points passed in the
> + * operation structure
> + */
> + } y;
> + /**< Y co-ordinate */
> +};
> +
> +/**
> + * Elliptic curve type
> + */
> +enum rte_crypto_ec_curve_type {
> + RTE_CRYPTO_EC_CURVE_TYPE_UNDEFINED,
> + /**< Curve type undefined */
> + RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD,
> + /**< EC curve defined over a prime field */
> + RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD,
> + /**< EC curve defined over a binary field */
> + RTE_CRYPTO_EC_CURVE_LIST_END
> +};
> +
> +/**
> + * Elliptic curve id
> + */
> +struct rte_crypto_ec_curve_id {
> + RTE_STD_C11
> + union {
> + enum rte_crypto_ec_prime_curve pcurve;
> + enum rte_crypto_ec_binary_curve bcurve;
> + }
> +};
> +
> +/**
> + * Asymmetric RSA transform data
> + *
> + * This structure contains data required to perform RSA crypto
> + * transform. If all CRT components are filled, RSA private key
> + * operations @ref RTE_CRYPTO_RSA_OP_SIGN and @ref
> + * RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT uses CRT method for crypto
> + * transform.
> + */
> +struct rte_crypto_rsa_xform {
> +
> + rte_crypto_xform_param n;
> + /**< n - Prime modulus
> + * Prime modulus data of RSA operation in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param e;
> + /**< e - Public key exponent
> + * Public key exponent used for RSA public key operations in Octet-
> + * string network byte order format.
> + */
> +
> + rte_crypto_xform_param d;
> + /**< d - Private key exponent
> + * Private key exponent used for RSA private key operations in
> + * Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param p;
> + /**< p - Private key component P
> + * Private key component of RSA parameter required for CRT method
> + * of private key operations in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param q;
> + /**< q - Private key component Q
> + * Private key component of RSA parameter required for CRT method
> + * of private key operations in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param dP;
> + /**< dP - Private CRT component
> + * Private CRT component of RSA parameter required for CRT method
> + * RSA private key operations in Octet-string network byte order
> + * format.
> + * dP = d mod ( p - 1 )
> + */
> +
> + rte_crypto_xform_param dQ;
> + /**< dQ - Private CRT component
> + * Private CRT component of RSA parameter required for CRT method
> + * RSA private key operations in Octet-string network byte order
> + * format.
> + * dQ = d mod ( q - 1 )
> + */
> +
> + rte_crypto_xform_param qInv;
> + /**< qInv - Private CRT component
> + * Private CRT component of RSA parameter required for CRT method
> + * RSA private key operations in Octet-string network byte order
> + * format.
> + * qInv = inv q mod p
> + */
> +};
> +
> +/** Asymmetric Modular exponentiation transform data
> + *
> + * This structure contains data required to perform modular exponentation
> + * crypto transform. If all CRT components are valid, crypto transform
> + * operation follows CRT method.
> + */
> +struct rte_crypto_modex_xform {
> +
> + rte_crypto_xform_param modulus;
> + /**< modulus
> + * Prime modulus of the modexp transform operation in Octet-string
> + * network byte order format.
> + */
> +
> + rte_crypto_xform_param exponent;
> + /**< exponent
> + * Private exponent of the modexp transform operation in
> + * Octet-string network byte order format.
> + */
> +};
> +
> +/** Asymmetric DH transform data
> + * This structure contains data used to perform DH key
> + * computation
> + */
> +struct rte_crypto_dh_xform {
> + rte_crypto_xform_param p;
> + /**< p : Prime modulus data
> + * DH prime modulous data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param g;
> + /**< g : Generator
> + * DH group generator data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param priv_key;
> + /**< priv_key
> + * DH private key data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param pub_key;
> + /**< pub_key
> + * DH public key data in Octet-string network byte order format.
> + */
> +};
> +
> +/**Asymmetric ECDH transform data
> + * This structure contains data required to perform ECDH crypto
> + * transform
> + */
> +struct rte_crypto_ecdh_xform {
> +
> + enum rte_crypto_ec_curve_type curve_type;
> + /**< ECDH curve type: Prime vs Binary */
> +
> + struct rte_crypto_ec_curve_id curve_id;
> +
> + rte_crypto_xform_param n;
> + /**< n : order
> + * ECDH curve order data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param p;
> + /**< p:
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
> + * p holds the prime modulus data in Octet string format.
> + *
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
> + * p holds reduction polynomial co-efficients and degree.
> + */
> +
> + rte_crypto_xform_param a;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param b;
> + /**< Co-efficient 'b' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + struct rte_crypto_ec_point G;
> + /**< G: EC curve generator
> + * EC curve generator point data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param pkey;
> + /**< pkey: Private key
> + * Private key data for ECDH operation in Octet-string network byte
> + * order format.
> + */
> +
> + struct rte_crypto_ecpoint Q;
> + /**< Q: Public key point
> + * Public key point data of ECDH operation in Octet-string network
> + * byte order format.
> + */
> +
> + int h;
> + /**< Co-factor of the curve */
> +};
> +
> +/** Asymmetric Digital Signature transform operation
> + *
> + * This structure contains data required to perform asymmetric
> + * digital signature crypto transform.
> + */
> +struct rte_crypto_dsa_xform {
> +
> + rte_crypto_xform_param p;
> + /**< p - Prime modulus
> + * Prime modulus data for DSA operation in Octet-string network byte
> + * order format.
> + */
> +
> + rte_crypto_xform_param q;
> + /**< q : Order of the subgroup
> + * Order of the subgroup data in Octet-string network byte order
> + * format.
> + * q % (p-1) = 0
> + */
> +
> + rte_crypto_xform_param g;
> + /**< g: Generator of the subgroup
> + * Generator data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param x;
> + /**< x: Private key of the signer
> + * Private key data in Octet-string network byte order format.
> + * Private key is valid only for signature generation operation.
> + */
> +
> + rte_crypto_xform_param y;
> + /**< y : Public key of the signer.
> + * Public key data of the signer in Octet-string network byte order
> + * format.
> + * y = g^x mod p
> + */
> +};
> +
> +/** Asymmetric ECDSA transform data
> + *
> + * This structure contains data required to perform ECDSA crypto
> + * transform.
> + */
> +struct rte_crypto_ecdsa_xform {
> +
> + enum rte_crypto_ec_curve_type curve_type;
> + /**< ECDSA curve type: Prime vs Binary */
> +
> + struct rte_crypto_ec_curve_id curve_id;
> + /**< EC curve ID */
> +
> + rte_crypto_xform_param n;
> + /**< n : order
> + * ECDH curve order data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param p;
> + /**< p:
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
> + * p holds the prime modulus data in Octet string format.
> + *
> + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
> + * p holds reduction polynomial co-efficients and degree.
> + */
> +
> + rte_crypto_xform_param a;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param b;
> + /**< Co-efficient 'b' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + struct rte_crypto_ecpoint G;
> + /**< G: EC curve generator
> + * EC curve generator point data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param pkey;
> + /**< pkey: Private key
> + * Private key data of the signer for ECDSA signature generation
> + * operation in Octet-string network byte format. Parameter is
> + * invalid or unsed for signature verification.
> + */
> +
> + struct rte_crypto_ecpoint Q;
> + /**< Q: Public key point
> + * Public key point data of ECDSA operation in Octet-string network
> + * byte order format.
> + */
> +
> + int h;
> + /**< Co-factor of the curve */
> +};
> +
> +/** Asymmetric modular inverse transform operation
> + * This structure contains data required to perform
> + * asymmetric modular inverse crypto transform
> + */
> +struct rte_crypto_modinv_xform {
> +};
> +
> +/** Asymmetric Fundamental ECC transform operation
> + *
> + * This structure contains data required to perform asymmetric
> + * fundamental ECC crypto transform.
> + */
> +struct rte_crypto_fecc_xform {
> +
> + enum rte_crypto_ec_curve_type curve_type;
> + /**< FECC curve type: Prime vs Binary */
> +
> + struct rte_crypto_ec_curve_id curve_id;
> + /**< EC curve ID */
> +
> + rte_crypto_xform_param order;
> + /**< order : ECC curve order
> + * Curve order data in Octet-string network byte order format.
> + */
> +
> + rte_crypto_xform_param prime;
> + /**< prime : Curve prime modulus data
> + * Prime modulus data in Octet-string network byte order format.
> + */
> +
> + struct rte_crypto_ec_point G;
> + /**< G: curve generator point
> + * Curve generator point data in Octet-string network byte order
> + * format.
> + */
> +
> + rte_crypto_xform_param a;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + rte_crypto_xform_param b;
> + /**< Co-efficient 'a' of curve equation data in Octet-string network
> + * byte order format.
> + */
> +
> + int h;
> + /**< Co-factor of the curve */
> +
> +};
> +
> +/**
> + * Asymmetric crypto transform data
> + *
> + * This structure contains the data required to perform the
> + * asymmetric crypto transformation operation. The field op
> + * determines the asymmetric algorithm for transformation.
> + */
> +struct rte_crypto_asym_xform {
> + struct rte_crypto_asym_xform *next;
> + enum rte_crypto_asym_xform_type xform_type;
> + /**< Asymmetric algorithm for crypto transform */
> +
> + RTE_STD_C11
> + union {
> + struct rte_crypto_rsa_xform rsa;
> + struct rte_crypto_fecc_xform fecc;
> + struct rte_crypto_modex_xform modex;
> + struct rte_crypto_ecdsa_xform ecdsa;
> + struct rte_crypto_ecdh_xform ecdh;
> + struct rte_crypto_dsa_xform dsa;
> + };
> +};
> +
> +struct rte_cryptodev_asym_session;
> +
> +/**
> + * Crypto operation session type. This is used to specify whether a crypto
> + * operation has session structure attached for immutable parameters or if all
> + * operation information is included in the operation data structure.
> + */
> +enum rte_crypto_asym_op_sess_type {
> + RTE_CRYPTO_ASYM_OP_WITH_SESSION,
> + /**< Session based crypto operation */
> + RTE_CRYPTO_ASYM_OP_SESSIONLESS
> + /**< Session-less crypto operation */
> +};
> +
> +/**
> + * Asymmetric Cryptographic Operation.
> + *
> + * This structure contains data relating to performing asymmetric cryptographic
> + * operation.
> + *
> + */
> +struct rte_crypto_asym_op {
> +
> + enum rte_crypto_asym_op_sess_type sess_type;
> + enum rte_crypto_asym_xform_type type;
> +
> + RTE_STD_C11
> + union {
> + enum rte_crypto_rsa_optype rsa_op;
> + /**< Type of RSA operation for transform */;
> + enum rte_crypto_modex_optype modex_op;
> + /**< Type of modular exponentiation operation */
> + enum rte_crypto_ecdsa_optype ecdsa_op;
> + /**< ECDSA crypto xform operation type */
> + enum rte_crypto_fecc_optype fecc_op;
> + /**< ECDSA crypto xform operation type */
> + enum rte_crypto_dsa_optype dsa_op;
> + /**< DSA crypto xform operation type */
> + };
> +
> + RTE_STD_C11
> + union {
> + struct rte_cryptodev_asym_session *session;
> + /**< Handle for the initialised session context */
> + struct rte_crypto_asym_xform *xform;
> + /**< Session-less API crypto operation parameters */
> + };
> +
> + RTE_STD_C11
> + union {
> +
> + struct {
> + rte_crypto_op_param message;
> + /**<
> + * Pointer to data
> + * - to be encrypted for RSA public encrypt.
> + * - to be decrypted for RSA private decrypt.
> + * - to be signed for RSA sign generation.
> + * - to be authenticated for RSA sign verification.
> + */
> +
> + rte_crypto_op_param sign;
> + /**<
> + * Pointer to RSA signature data. If operation is RSA
> + * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be
> + * over-written with generated signature.
> + *
> + * Length of the signature data will be equal to the
> + * RSA prime modulus length.
> + */
> +
> + enum rte_crypto_rsa_padding_type pad;
> + /**< RSA padding scheme to be used for transform */
> +
> + enum rte_crypto_auth_algorithm md;
> + /**< Hash algorithm to be used for data hash if padding
> + * scheme is either OAEP or PSS. Valid hash algorithms
> + * are:
> + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> + */
> +
> + enum rte_crypto_auth_algorithm mgf1md;
> + /**<
> + * Hash algorithm to be used for mask generation if
> + * padding scheme is either OAEP or PSS. If padding
> + * scheme is unspecified data hash algorithm is used
> + * for mask generation. Valid hash algorithms are:
> + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> + */
> + } rsa;
> +
> + struct {
> + rte_crypto_op_param pub_key;
> + /**<
> + * If DH operation type is
> + * KEY_GENERATION:
> + * if priv_key and public key are provided, the keys
> + * are copied to DH xform structure, else key pair is
> + * generated and stored in DH xform structure.
> + * pub_key data should be in Octet-string network
> + * byte order format.
> + *
> + * KEY_COMPUTATION:
> + * pub_key holds the key shared by peer during DH
> + * key exchange. pub_key data is written as Octet-
> + * string network byte order format.
> + */
> + RTE_STD_C11
> + union {
> + rte_crypto_op_param priv_key;
> + /**<
> + * If DH operation type is KEY_GENERATION, and
> + * priv_key is provided, the key is copied to
> + * DH xform structure, else generated and stored
> + * in DH xform structure. priv_key data is in
> + * in Octet-string network byte order format.
> + */
> + rte_crypto_op_param shared_key;
> + /*
> + * If DH operation type is KEY_COMPUTATION:
> + * shared_key holds the shared secret
> + * computed. shared_key is written as
> + * Octet-string network byte order format.
> + */
> + };
> + } dh;
> +
> + struct {
> + rte_crypto_op_param base;
> + /**<
> + * Pointer to base of modular exponentiation data in
> + * Octet-string network byte order format.
> + */
> + } modex;
> +
> + struct {
> + rte_crypto_op_param priv_key;
> + /**<
> + * If ECDH operation type is KEY_GENERATION, and
> + * priv_key is provided, the key is copied to ECDH
> + * xform structure, else generated and stored in
> + * ECDH xform structure in Octet-string network byte
> + * order.
> + * If ECDH operation type is KEY_COMPUTATION:
> + * priv_key holds the 'X' co-ordinate of the shared
> + * secret EC point computed in Octet-string network
> + * byte order.
> + */
> +
> + rte_crypto_ec_point pub_key;
> + /**<
> + * If ECDH operation type is
> + * KEY_GENERATION:
> + * if priv_key and public key are provided, the keys
> + * are copied ECDH xform structure, else key pair is
> + * generated and stored in ECDH xform structure.
> + *
> + * KEY_COMPUTATION:
> + * pub_key holds peer's public key during ECDH
> + * key exchange in Octet-string network byte order.
> + */
> + } ecdh;
> +
> + struct {
> + rte_crypto_op_param message;
> + /**<
> + * Pointer to data
> + * - to be signed for ECDSA signature generation.
> + * - to be authenticated for ECDSA sign verification.
> + */
> +
> + rte_crypto_op_param sign;
> + /**<
> + * Pointer to ECDSA signature. If operation type is
> + * @ref RTE_CRYPTO_ECDSA_OP_VERIFY this buffer will be
> + * over-written with the signature.
> + *
> + * Length of ECDSA signature will be less than twice the
> + * length of prime modulus length.
> + */
> +
> + rte_crypto_op_param k;
> + /**<
> + * Pointer to random scalar to be used for generation
> + * of ECDSA signature @ref RTE_CRYPTO_ECDSA_OP_SIGN.
> + * It is invalid if operation is ECDSA verify.
> + * Scalar data is in Octet-string network byte order
> + * format.
> + *
> + * Length of scalar K should be less than the prime
> + * modulus of the curve
> + */
> + } ecdsa;
> +
> + struct {
> +
> + rte_crypto_op_param message;
> + /**<
> + * Pointer to data
> + * - to be signed for DSA signature generation.
> + * - to be authenticated for DSA sign verification.
> + *
> + * Length of data to be signed, if is more than
> + * prime modulus length, is truncated to length of
> + * prime modulus.
> + */
> +
> + rte_crypto_op_param k;
> + /**<
> + * Pointer to random scalar to be used for DSA
> + * signature generation. K should be a non-zero number
> + * less than q. k is in Octet-string network byte
> + * order format.
> + */
> +
> + } dsa;
> +
> + struct {
> + struct rte_crypto_ec_point p;
> + /**<
> + * Pointer to primary curve point for fundamental
> + * ECC operation. Data is in Octet-string network
> + * byte order format.
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve.
> + */
> +
> + struct rte_crypto_ec_point q;
> + /**<
> + *
> + * Pointer to secondary curve point for fundamental
> + * ECC operation. Data is in Octet-string network
> + * byte order format.
> + *
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve. This point is valid
> + * only for point addition optype
> + * RTE_CRYPTO_FECC_OP_POINT_ADD crypto transform.
> + */
> +
> + rte_crypto_op_param k;
> + /**<
> + * Pointer to scalar data to be used only for point
> + * multiplication @ref RTE_CRYPTO_FECC_OP_POINT_MULTIPLY
> + * crypto transform. Data is in Octet-string network
> + * byte order format.
> + *
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve.
> + */
> +
> + struct rte_crypto_ec_point r;
> + /**<
> + * Pointer to the resultant point on the curve after
> + * fundamental ECC crypto transform. Data is in
> + * Octet-string network byte order format.
> + * Length of data in bytes cannot exceed the prime
> + * modulus length of the curve.
> + */
> +
> + } fecc;
> +
> + struct {
> +
> + rte_crypto_op_param prime;
> + /**<
> + * Pointer to the prime modulus data for modular
> + * inverse operation in Octet-string network byte
> + * order format.
> + */
> +
> + rte_crypto_op_param base;
> + /**<
> + * Pointer to the base for the modular inverse
> + * operation in Octet-string network byte order
> + * format.
> + */
> + } modinv;
> + };
> +
> +} __rte_cache_aligned;
> +
> +
> +
> +/**
> + * Reset the fields of an asymmetric operation to their default values.
> + *
> + * @param op The crypto operation to be reset.
> + */
> +static inline void
> +__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op)
> +{
> + memset(op, 0, sizeof(*op));
> +
> + op->sess_type = RTE_CRYPTO_ASYM_OP_SESSIONLESS;
> +}
> +
> +
> +/**
> + * Allocate space for asymmetric crypto xforms in the private data space of the
> + * crypto operation. This also defaults the crypto xform type to
> + * RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED and configures the chaining of the xforms
> + * in the crypto operation
> + *
> + * @return
> + * - On success returns pointer to first crypto xform in crypto operations chain
> + * - On failure returns NULL
> + */
> +static inline struct rte_crypto_asym_xform *
> +__rte_crypto_asym_op_asym_xforms_alloc(struct rte_crypto_asym_op *asym_op,
> + void *priv_data, uint8_t nb_xforms)
> +{
> + struct rte_crypto_asym_xform *xform;
> +
> + asym_op->xform = xform = (struct rte_crypto_asym_xform *)priv_data;
> +
> + do {
> + xform->type = RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED;
> + xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL;
> + } while (xform);
> +
> + return asym_op->xform;
> +}
> +
> +
> +/**
> + * Attach a session to an asymmetric crypto operation
> + *
> + * @param asym_op crypto operation
> + * @param sess cryptodev session
> + */
> +static inline int
> +__rte_crypto_asym_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
> + struct rte_cryptodev_asym_session *sess)
> +{
> + asym_op->session = sess;
> + asym_op->sess_type = RTE_CRYPTO_ASYM_OP_WITH_SESSION;
> +
> + return 0;
> +}
> +
> +
> +#ifdef __cplusplus
> +}
> +#endif
> +
> +#endif /* _RTE_CRYPTO_ASYM_H_ */
> --
> 1.8.3.1
Hi Fiona,
On Thu, May 25, 2017 at 04:00:42PM +0000, Trahe, Fiona wrote:
> Hi Umesh,
>
>
> > -----Original Message-----
> > From: Umesh Kartha [mailto:Umesh.Kartha@caviumnetworks.com]
> > Sent: Thursday, May 11, 2017 1:36 PM
> > To: dev@dpdk.org
> > Cc: Jerin Jacob <Jerin.JacobKollanukkaran@cavium.com>; Balasubramanian Manoharan
> > <Balasubramanian.Manoharan@cavium.com>; Ram Kumar <Ram.Kumar@cavium.com>; Murthy
> > Nidadavolu <Nidadavolu.Murthy@cavium.com>; Doherty, Declan <declan.doherty@intel.com>; De Lara
> > Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
> >
> > Added asymmetric xform structures, operation definitions, operation
> > parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
> > MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
> > libcrypto as of now).
> >
> > Signed-off-by: Umesh Kartha <Umesh.Kartha@caviumnetworks.com>
> > ---
> > lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
> > 1 file changed, 1124 insertions(+)
> > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
> >
> > diff --git lib/librte_cryptodev/rte_crypto_asym.h lib/librte_cryptodev/rte_crypto_asym.h
> > new file mode 100644
> > index 0000000..36a8b4f
> > --- /dev/null
> > +++ lib/librte_cryptodev/rte_crypto_asym.h
> > @@ -0,0 +1,1124 @@
> > +/*
> > + * BSD LICENSE
> > + *
> > + * Copyright (C) Cavium networks Ltd. 2017.
> > + *
> > + * Redistribution and use in source and binary forms, with or without
> > + * modification, are permitted provided that the following conditions
> > + * are met:
> > + *
> > + * * Redistributions of source code must retain the above copyright
> > + * notice, this list of conditions and the following disclaimer.
> > + * * Redistributions in binary form must reproduce the above copyright
> > + * notice, this list of conditions and the following disclaimer in
> > + * the documentation and/or other materials provided with the
> > + * distribution.
> > + * * Neither the name of Cavium Networks nor the names of its
> > + * contributors may be used to endorse or promote products derived
> > + * from this software without specific prior written permission.
> > + *
> > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> > + */
> > +
> > +#ifndef _RTE_CRYPTO_ASYM_H_
> > +#define _RTE_CRYPTO_ASYM_H_
> > +
> > +/**
> > + * @file rte_crypto_asym.h
> > + *
> > + * RTE Definitions for Asymmetric Cryptography
> > + *
> > + * Defines asymmetric algorithms and modes, as well as supported
> > + * asymmetric crypto operations.
> > + */
> > +
> > +#ifdef __cplusplus
> > +extern "C" {
> > +#endif
> > +
> > +#include <string.h>
> > +#include <stdint.h>
> > +#include <rte_mbuf.h>
> > +#include <rte_memory.h>
> > +#include <rte_mempool.h>
> > +#include <rte_common.h>
> > +#include "rte_crypto_sym.h"
> > +
> > +typedef struct rte_crypto_xform_param_t {
> > + uint8_t *data;
> > + size_t length;
> > +} rte_crypto_xform_param;
> > +
> > +typedef struct rte_crypto_op_param_t {
> > + uint8_t *data;
> > + phys_addr_t phys_addr;
> > + size_t length;
> > +} rte_crypto_op_param;
> [Fiona] Are both above lengths in bytes ?
>
>
[Umesh] Yes, they are in bytes. Will add note for this to avoid any
confusion.
> > +
> > +/** Asymmetric crypto transformation types */
> > +enum rte_crypto_asym_xform_type {
> > + RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
> > + RTE_CRYPTO_ASYM_XFORM_RSA,
> > + RTE_CRYPTO_ASYM_XFORM_MODEX,
> > + RTE_CRYPTO_ASYM_XFORM_DH,
> > + RTE_CRYPTO_ASYM_XFORM_ECDH,
> > + RTE_CRYPTO_ASYM_XFORM_DSA,
> > + RTE_CRYPTO_ASYM_XFORM_ECDSA,
> > + RTE_CRYPTO_ASYM_XFORM_FECC,
> > + RTE_CRYPTO_ASYM_XFORM_MODINV,
> > + RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
> > +};
> > +
> > +/**
> > + * RSA operation type variants
> > + */
> > +enum rte_crypto_rsa_optype {
> > + RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1,
> [Fiona] Is there a reason for not starting at 0 in all these enums?
>
[Umesh] Some of the enums are being used as bit positions in capability
structures. Will try to make these consistent.
> > + /**< RSA operation unspecified */
> > + RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT,
> > + /**< RSA public encrypt operation */
> > + RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT,
> > + /**< RSA private decrypt operation */
> > + RTE_CRYPTO_RSA_OP_SIGN,
> > + /**< RSA private key signature operation */
> > + RTE_CRYPTO_RSA_OP_VERIFY,
> > + /**< RSA public key verification operation */
> > + RTE_CRYPTO_RSA_OP_LIST_END
> > +};
> > +
> > +/**
> > + * Padding types for RSA signature.
> > + */
> > +enum rte_crypto_rsa_padding_type {
> > + RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1,
> > + /**< RSA no padding scheme */
> > + RTE_CRYPTO_RSA_PADDING_BT1,
> > + /**< RSA PKCS#1 padding BT1 scheme */
> > + RTE_CRYPTO_RSA_PADDING_BT2,
> > + /**< RSA PKCS#1 padding BT2 scheme */
> > + RTE_CRYPTO_RSA_PADDING_OAEP,
> > + /**< RSA PKCS#1 OAEP padding scheme */
> > + RTE_CRYPTO_RSA_PADDING_PSS,
> > + /**< RSA PKCS#1 PSS padding scheme */
> > + RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
> > +};
> > +
> > +/**
> > + * Modular exponentiaion operation type variants
> > + */
> > +enum rte_crypto_modex_optype {
> > + RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1,
> > + /**< ModEx operation type unspecified */
> > + RTE_CRYPTO_MODEX_OP_MODEX,
> > + /**< Modex operation modular exponentiation */
> > + RTE_CRYPTO_MODEX_OP_LIST_END
> > +};
> > +
> > +/**
> > + * Modular Inverse operation type variants
> > + */
> > +enum rte_crypto_modeinv_optype {
> > + RTE_CRYPTO_MODINV_OP_NOT_SPECIFIED = 1,
> > + /**< ModInv operation type unspecified */
> > + RTE_CRYPTO_MODINV_OP_MODINV,
> > + /**< ModInv operation modular Inverse */
> > + RTE_CRYPTO_MODEX_OP_LIST_END
> > +};
> > +
> > +/**
> > + * DSA operation type variants
> > + */
> > +enum rte_crypto_dsa_optype {
> > + RTE_CRYPTO_DSA_OP_NOT_SPECIFIED = 1,
> > + /**< DSA operation unspecified */
> > + RTE_CRYPTO_DSA_OP_SIGN,
> > + /**< DSA private key signature operation */
> > + RTE_CRYPTO_DSA_OP_VERIFY,
> > + /**< DSA public key verification operation */
> > + RTE_CRYPTO_DSA_OP_LIST_END
> > +};
> > +
> > +
> > +/**
> > + * ECDSA operation type variants
> > + */
> > +enum rte_crypto_ecdsa_optype {
> > + RTE_CRYPTO_ECDSA_OP_NOT_SPECIFIED = 1,
> > + /**< ECDSA operation unspecified */
> > + RTE_CRYPTO_ECDSA_OP_SIGN,
> > + /**< ECDSA private key signature operation */
> > + RTE_CRYPTO_ECDSA_OP_VERIFY,
> > + /**< ECDSA public key verification operation */
> > + RTE_CRYPTO_ECDSA_OP_LIST_END
> > +};
> > +
> > +/**
> > + * Diffie Hellman Key operation variants
> > + */
> > +enum rte_crypto_dh_optype {
> > + RTE_CRYPTO_DH_OP_NOT_SPECIFIED = 1,
> > + /**< DH operation unspecified */
> > + RTE_CRYPTO_DH_OP_KEY_GENERATION,
> > + /**< DH private/public key generation operation */
> > + RTE_CRYPTO_DH_OP_KEY_COMPUTATION,
> > + /**< DH private key computation operation */
> > + RTE_CRYPTO_DH_OP_LIST_END
> > +};
> > +
> > +/**
> > + * Elliptic Curve Diffie Hellman Key operation variants
> > + */
> > +enum rte_crypto_ecdh_optype {
> > + RTE_CRYPTO_ECDH_OP_NOT_SPECIFIED = 1,
> > + /**< ECDH operation unspecified */
> > + RTE_CRYPTO_ECDH_OP_KEY_GENERATION,
> > + /**< ECDH private/public key generation operation */
> > + RTE_CRYPTO_ECDH_OP_KEY_CHECK,
> > + /**< ECDH public key validity check operation */
> > + RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION,
> > + /**< ECDH private key computation operation */
> > + RTE_CRYPTO_ECDH_OP_LIST_END
> > +};
> > +
> > +/**
> > + * Fundamental ECC operation type variants.
> > + */
> > +enum rte_crypto_fecc_optype {
> > + RTE_CRYPTO_FECC_OP_NOT_SPECIFIED = 1,
> > + /**< FECC operation type unspecified */
> > + RTE_CRYPTO_FECC_OP_POINT_ADD,
> > + /**< Fundamental ECC point addition operation */
> > + RTE_CRYPTO_FECC_OP_POINT_DBL,
> > + /**< Fundamental ECC point doubling operation */
> > + RTE_CRYPTO_FECC_OP_POINT_MULTIPLY,
> > + /**< Fundamental ECC point multiplication operation */
> > + RTE_CRYPTO_FECC_OP_LIST_END
> > +};
> > +
> > +/**
> > + * ECC list of curves.
> > + */
> > +enum rte_crypto_ec_prime_curve {
> > + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
> [Fiona] Why -1 ?
>
[Umesh] This is to ensure enum of a curve represents the corresponding
bit in the curve capability bitfield.
> > + /**< Unspecified or empty curve id */
> > + RTE_CRYPTO_EC_CURVE_secp112r1,
> > + /**< SECG/WTLS curve over a 112 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp112r2,
> > + /**< SECG curve over a 112 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp128r1,
> > + /**< SECG curve over a 128 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp128r2,
> > + /**< SECG curve over a 128 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp160k1,
> > + /**< SECG curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp160r1,
> > + /**< SECG curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp160r2,
> > + /**< SECG/WTLS curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp192k1,
> > + /**< SECG curve over a 192 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp224k1,
> > + /**< SECG curve over a 224 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp224r1,
> > + /**< NIST/SECG curve over a 224 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp256k1,
> > + /**< SECG curve over a 256 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp384r1,
> > + /**< NIST/SECG curve over a 384 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_secp521r1,
> > + /**< NIST/SECG curve over a 521 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime192v1,
> > + /**< NIST/X9.62/SECG curve over a 192 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime192v2,
> > + /**< X9.62 curve over a 192 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime192v3,
> > + /**< X9.62 curve over a 192 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime239v1,
> > + /**< X9.62 curve over a 239 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime239v2,
> > + /**< X9.62 curve over a 239 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime239v3,
> > + /**< X9.62 curve over a 239 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_prime256v1,
> > + /**< X9.62/SECG curve over a 256 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6,
> > + /**< SECG/WTLS curve over a 112 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7,
> > + /**< SECG/WTLS curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8,
> > + /**< WTLS curve over a 112 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9,
> > + /**< WTLS curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12,
> > + /**< WTLS curve over a 224 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP160r1,
> > + /**< RFC 5639 curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP160t1,
> > + /**< RFC 5639 curve over a 160 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP192r1,
> > + /**< RFC 5639 curve over a 192 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP192t1,
> > + /**< RFC 5639 curve over a 192 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP224r1,
> > + /**< RFC 5639 curve over a 224 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP224t1,
> > + /**< RFC 5639 curve over a 224 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP256r1,
> > + /**< RFC 5639 curve over a 256 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP256t1,
> > + /**< RFC 5639 curve over a 256 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP320r1,
> > + /**< RFC 5639 curve over a 320 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP320t1,
> > + /**< RFC 5639 curve over a 320 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP384r1,
> > + /**< RFC 5639 curve over a 384 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP384t1,
> > + /**< RFC 5639 curve over a 384 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP512r1,
> > + /**< RFC 5639 curve over a 512 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_brainpoolP512t1,
> > + /**< RFC 5639 curve over a 512 bit prime field */
> > + RTE_CRYPTO_EC_CURVE_x25519,
> > + /**< Curve 25519 */
> > + RTE_CRYPTO_EC_CURVE_LIST_END
> > +};
> > +
> > +enum rte_crypto_ec_binary_curve {
> > + RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
> > + /**< Unspecified or empty curve id */
> > + RTE_CRYPTO_EC_CURVE_sect113r1,
> > + /**< SECG curve over a 113 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect113r2,
> > + /**< SECG curve over a 113 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect131r1,
> > + /**< SECG/WTLS curve over a 131 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect131r2,
> > + /**< SECG curve over a 131 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect163k1,
> > + /**< NIST/SECG/WTLS curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect163r1,
> > + /**< SECG curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect163r2,
> > + /**< NIST/SECG curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect193r1,
> > + /**< SECG curve over a 193 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect193r2,
> > + /**< SECG curve over a 193 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect233k1,
> > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect233r1,
> > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect239k1,
> > + /**< SECG curve over a 239 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect283k1,
> > + /**< NIST/SECG curve over a 283 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect283r1,
> > + /**< NIST/SECG curve over a 283 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect409k1,
> > + /**< NIST/SECG curve over a 409 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect409r1,
> > + /**< NIST/SECG curve over a 409 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect571k1,
> > + /**< NIST/SECG curve over a 571 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_sect571r1,
> > + /**< NIST/SECG curve over a 571 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb163v1,
> > + /**< X9.62 curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb163v2,
> > + /**< X9.62 curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb163v3,
> > + /**< X9.62 curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb176v1,
> > + /**< X9.62 curve over a 176 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb191v1,
> > + /**< X9.62 curve over a 191 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb191v2,
> > + /**< X9.62 curve over a 191 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb191v3,
> > + /**< X9.62 curve over a 191 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb208w1,
> > + /**< X9.62 curve over a 208 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb239v1,
> > + /**< X9.62 curve over a 239 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb239v2,
> > + /**< X9.62 curve over a 239 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb239v3,
> > + /**< X9.62 curve over a 239 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb272w1,
> > + /**< X9.62 curve over a 272 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb304w1,
> > + /**< X9.62 curve over a 304 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb359v1,
> > + /**< X9.62 curve over a 359 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2pnb368w1,
> > + /**< X9.62 curve over a 368 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_c2tnb431r1,
> > + /**< X9.62 curve over a 431 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1,
> > + /**< WTLS curve over a 113 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3,
> > + /**< NIST/SECG/WTLS curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4,
> > + /**< SECG curve over a 113 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5,
> > + /**< X9.62 curve over a 163 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10,
> > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11,
> > + /**< NIST/SECG/WTLS curve over a 233 bit binary field */
> > + RTE_CRYPTO_EC_CURVE_LIST_END
> > +};
> > +
> > +/**
> > + * Elliptic curve point format
> > + */
> > +struct rte_crypto_ec_point {
> > + struct {
> > + int length;
> > + uint8_t *data;
> > + phys_addr_t phys_addr;
> > + /**< phys_addr is used only for points passed in the
> > + * asym_op structure.
> > + */
> > + } x;
> > + /**< X co-ordinate */
> > +
> > + struct {
> > + int length;
> > + uint8_t *data;
> > + phys_addr_t phys_addr;
> > + /**< phys_addr is used only for points passed in the
> > + * operation structure
> > + */
> > + } y;
> > + /**< Y co-ordinate */
> > +};
> > +
> > +/**
> > + * Elliptic curve type
> > + */
> > +enum rte_crypto_ec_curve_type {
> > + RTE_CRYPTO_EC_CURVE_TYPE_UNDEFINED,
> > + /**< Curve type undefined */
> > + RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD,
> > + /**< EC curve defined over a prime field */
> > + RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD,
> > + /**< EC curve defined over a binary field */
> > + RTE_CRYPTO_EC_CURVE_LIST_END
> > +};
> > +
> > +/**
> > + * Elliptic curve id
> > + */
> > +struct rte_crypto_ec_curve_id {
> > + RTE_STD_C11
> > + union {
> > + enum rte_crypto_ec_prime_curve pcurve;
> > + enum rte_crypto_ec_binary_curve bcurve;
> > + }
> > +};
> > +
> > +/**
> > + * Asymmetric RSA transform data
> > + *
> > + * This structure contains data required to perform RSA crypto
> > + * transform. If all CRT components are filled, RSA private key
> > + * operations @ref RTE_CRYPTO_RSA_OP_SIGN and @ref
> > + * RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT uses CRT method for crypto
> > + * transform.
> > + */
> > +struct rte_crypto_rsa_xform {
> > +
> > + rte_crypto_xform_param n;
> > + /**< n - Prime modulus
> > + * Prime modulus data of RSA operation in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + rte_crypto_xform_param e;
> > + /**< e - Public key exponent
> > + * Public key exponent used for RSA public key operations in Octet-
> > + * string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param d;
> > + /**< d - Private key exponent
> > + * Private key exponent used for RSA private key operations in
> > + * Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param p;
> > + /**< p - Private key component P
> > + * Private key component of RSA parameter required for CRT method
> > + * of private key operations in Octet-string network byte order
> > + * format.
> > + */
> > +
> > + rte_crypto_xform_param q;
> > + /**< q - Private key component Q
> > + * Private key component of RSA parameter required for CRT method
> > + * of private key operations in Octet-string network byte order
> > + * format.
> > + */
> > +
> > + rte_crypto_xform_param dP;
> > + /**< dP - Private CRT component
> > + * Private CRT component of RSA parameter required for CRT method
> > + * RSA private key operations in Octet-string network byte order
> > + * format.
> > + * dP = d mod ( p - 1 )
> > + */
> > +
> > + rte_crypto_xform_param dQ;
> > + /**< dQ - Private CRT component
> > + * Private CRT component of RSA parameter required for CRT method
> > + * RSA private key operations in Octet-string network byte order
> > + * format.
> > + * dQ = d mod ( q - 1 )
> > + */
> > +
> > + rte_crypto_xform_param qInv;
> > + /**< qInv - Private CRT component
> > + * Private CRT component of RSA parameter required for CRT method
> > + * RSA private key operations in Octet-string network byte order
> > + * format.
> > + * qInv = inv q mod p
> > + */
> > +};
> > +
> > +/** Asymmetric Modular exponentiation transform data
> > + *
> > + * This structure contains data required to perform modular exponentation
> > + * crypto transform. If all CRT components are valid, crypto transform
> > + * operation follows CRT method.
> > + */
> > +struct rte_crypto_modex_xform {
> > +
> > + rte_crypto_xform_param modulus;
> > + /**< modulus
> > + * Prime modulus of the modexp transform operation in Octet-string
> > + * network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param exponent;
> > + /**< exponent
> > + * Private exponent of the modexp transform operation in
> > + * Octet-string network byte order format.
> > + */
> > +};
> > +
> > +/** Asymmetric DH transform data
> > + * This structure contains data used to perform DH key
> > + * computation
> > + */
> > +struct rte_crypto_dh_xform {
> > + rte_crypto_xform_param p;
> > + /**< p : Prime modulus data
> > + * DH prime modulous data in Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param g;
> > + /**< g : Generator
> > + * DH group generator data in Octet-string network byte order
> > + * format.
> > + */
> > +
> > + rte_crypto_xform_param priv_key;
> > + /**< priv_key
> > + * DH private key data in Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param pub_key;
> > + /**< pub_key
> > + * DH public key data in Octet-string network byte order format.
> > + */
> > +};
> > +
> > +/**Asymmetric ECDH transform data
> > + * This structure contains data required to perform ECDH crypto
> > + * transform
> > + */
> > +struct rte_crypto_ecdh_xform {
> > +
> > + enum rte_crypto_ec_curve_type curve_type;
> > + /**< ECDH curve type: Prime vs Binary */
> > +
> > + struct rte_crypto_ec_curve_id curve_id;
> > +
> > + rte_crypto_xform_param n;
> > + /**< n : order
> > + * ECDH curve order data in Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param p;
> > + /**< p:
> > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
> > + * p holds the prime modulus data in Octet string format.
> > + *
> > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
> > + * p holds reduction polynomial co-efficients and degree.
> > + */
> > +
> > + rte_crypto_xform_param a;
> > + /**< Co-efficient 'a' of curve equation data in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + rte_crypto_xform_param b;
> > + /**< Co-efficient 'b' of curve equation data in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + struct rte_crypto_ec_point G;
> > + /**< G: EC curve generator
> > + * EC curve generator point data in Octet-string network byte order
> > + * format.
> > + */
> > +
> > + rte_crypto_xform_param pkey;
> > + /**< pkey: Private key
> > + * Private key data for ECDH operation in Octet-string network byte
> > + * order format.
> > + */
> > +
> > + struct rte_crypto_ecpoint Q;
> > + /**< Q: Public key point
> > + * Public key point data of ECDH operation in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + int h;
> > + /**< Co-factor of the curve */
> > +};
> > +
> > +/** Asymmetric Digital Signature transform operation
> > + *
> > + * This structure contains data required to perform asymmetric
> > + * digital signature crypto transform.
> > + */
> > +struct rte_crypto_dsa_xform {
> > +
> > + rte_crypto_xform_param p;
> > + /**< p - Prime modulus
> > + * Prime modulus data for DSA operation in Octet-string network byte
> > + * order format.
> > + */
> > +
> > + rte_crypto_xform_param q;
> > + /**< q : Order of the subgroup
> > + * Order of the subgroup data in Octet-string network byte order
> > + * format.
> > + * q % (p-1) = 0
> > + */
> > +
> > + rte_crypto_xform_param g;
> > + /**< g: Generator of the subgroup
> > + * Generator data in Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param x;
> > + /**< x: Private key of the signer
> > + * Private key data in Octet-string network byte order format.
> > + * Private key is valid only for signature generation operation.
> > + */
> > +
> > + rte_crypto_xform_param y;
> > + /**< y : Public key of the signer.
> > + * Public key data of the signer in Octet-string network byte order
> > + * format.
> > + * y = g^x mod p
> > + */
> > +};
> > +
> > +/** Asymmetric ECDSA transform data
> > + *
> > + * This structure contains data required to perform ECDSA crypto
> > + * transform.
> > + */
> > +struct rte_crypto_ecdsa_xform {
> > +
> > + enum rte_crypto_ec_curve_type curve_type;
> > + /**< ECDSA curve type: Prime vs Binary */
> > +
> > + struct rte_crypto_ec_curve_id curve_id;
> > + /**< EC curve ID */
> > +
> > + rte_crypto_xform_param n;
> > + /**< n : order
> > + * ECDH curve order data in Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param p;
> > + /**< p:
> > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
> > + * p holds the prime modulus data in Octet string format.
> > + *
> > + * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
> > + * p holds reduction polynomial co-efficients and degree.
> > + */
> > +
> > + rte_crypto_xform_param a;
> > + /**< Co-efficient 'a' of curve equation data in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + rte_crypto_xform_param b;
> > + /**< Co-efficient 'b' of curve equation data in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + struct rte_crypto_ecpoint G;
> > + /**< G: EC curve generator
> > + * EC curve generator point data in Octet-string network byte order
> > + * format.
> > + */
> > +
> > + rte_crypto_xform_param pkey;
> > + /**< pkey: Private key
> > + * Private key data of the signer for ECDSA signature generation
> > + * operation in Octet-string network byte format. Parameter is
> > + * invalid or unsed for signature verification.
> > + */
> > +
> > + struct rte_crypto_ecpoint Q;
> > + /**< Q: Public key point
> > + * Public key point data of ECDSA operation in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + int h;
> > + /**< Co-factor of the curve */
> > +};
> > +
> > +/** Asymmetric modular inverse transform operation
> > + * This structure contains data required to perform
> > + * asymmetric modular inverse crypto transform
> > + */
> > +struct rte_crypto_modinv_xform {
> > +};
> > +
> > +/** Asymmetric Fundamental ECC transform operation
> > + *
> > + * This structure contains data required to perform asymmetric
> > + * fundamental ECC crypto transform.
> > + */
> > +struct rte_crypto_fecc_xform {
> > +
> > + enum rte_crypto_ec_curve_type curve_type;
> > + /**< FECC curve type: Prime vs Binary */
> > +
> > + struct rte_crypto_ec_curve_id curve_id;
> > + /**< EC curve ID */
> > +
> > + rte_crypto_xform_param order;
> > + /**< order : ECC curve order
> > + * Curve order data in Octet-string network byte order format.
> > + */
> > +
> > + rte_crypto_xform_param prime;
> > + /**< prime : Curve prime modulus data
> > + * Prime modulus data in Octet-string network byte order format.
> > + */
> > +
> > + struct rte_crypto_ec_point G;
> > + /**< G: curve generator point
> > + * Curve generator point data in Octet-string network byte order
> > + * format.
> > + */
> > +
> > + rte_crypto_xform_param a;
> > + /**< Co-efficient 'a' of curve equation data in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + rte_crypto_xform_param b;
> > + /**< Co-efficient 'a' of curve equation data in Octet-string network
> > + * byte order format.
> > + */
> > +
> > + int h;
> > + /**< Co-factor of the curve */
> > +
> > +};
> > +
> > +/**
> > + * Asymmetric crypto transform data
> > + *
> > + * This structure contains the data required to perform the
> > + * asymmetric crypto transformation operation. The field op
> > + * determines the asymmetric algorithm for transformation.
> > + */
> > +struct rte_crypto_asym_xform {
> > + struct rte_crypto_asym_xform *next;
> > + enum rte_crypto_asym_xform_type xform_type;
> > + /**< Asymmetric algorithm for crypto transform */
> > +
> > + RTE_STD_C11
> > + union {
> > + struct rte_crypto_rsa_xform rsa;
> > + struct rte_crypto_fecc_xform fecc;
> > + struct rte_crypto_modex_xform modex;
> > + struct rte_crypto_ecdsa_xform ecdsa;
> > + struct rte_crypto_ecdh_xform ecdh;
> > + struct rte_crypto_dsa_xform dsa;
> > + };
> > +};
> > +
> > +struct rte_cryptodev_asym_session;
> > +
> > +/**
> > + * Crypto operation session type. This is used to specify whether a crypto
> > + * operation has session structure attached for immutable parameters or if all
> > + * operation information is included in the operation data structure.
> > + */
> > +enum rte_crypto_asym_op_sess_type {
> > + RTE_CRYPTO_ASYM_OP_WITH_SESSION,
> > + /**< Session based crypto operation */
> > + RTE_CRYPTO_ASYM_OP_SESSIONLESS
> > + /**< Session-less crypto operation */
> > +};
> > +
> > +/**
> > + * Asymmetric Cryptographic Operation.
> > + *
> > + * This structure contains data relating to performing asymmetric cryptographic
> > + * operation.
> > + *
> > + */
> > +struct rte_crypto_asym_op {
> > +
> > + enum rte_crypto_asym_op_sess_type sess_type;
> > + enum rte_crypto_asym_xform_type type;
> > +
> > + RTE_STD_C11
> > + union {
> > + enum rte_crypto_rsa_optype rsa_op;
> > + /**< Type of RSA operation for transform */;
> > + enum rte_crypto_modex_optype modex_op;
> > + /**< Type of modular exponentiation operation */
> > + enum rte_crypto_ecdsa_optype ecdsa_op;
> > + /**< ECDSA crypto xform operation type */
> > + enum rte_crypto_fecc_optype fecc_op;
> > + /**< ECDSA crypto xform operation type */
> > + enum rte_crypto_dsa_optype dsa_op;
> > + /**< DSA crypto xform operation type */
> > + };
> > +
> > + RTE_STD_C11
> > + union {
> > + struct rte_cryptodev_asym_session *session;
> > + /**< Handle for the initialised session context */
> > + struct rte_crypto_asym_xform *xform;
> > + /**< Session-less API crypto operation parameters */
> > + };
> > +
> > + RTE_STD_C11
> > + union {
> > +
> > + struct {
> > + rte_crypto_op_param message;
> > + /**<
> > + * Pointer to data
> > + * - to be encrypted for RSA public encrypt.
> > + * - to be decrypted for RSA private decrypt.
> > + * - to be signed for RSA sign generation.
> > + * - to be authenticated for RSA sign verification.
> > + */
> > +
> > + rte_crypto_op_param sign;
> > + /**<
> > + * Pointer to RSA signature data. If operation is RSA
> > + * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be
> > + * over-written with generated signature.
> > + *
> > + * Length of the signature data will be equal to the
> > + * RSA prime modulus length.
> > + */
> > +
> > + enum rte_crypto_rsa_padding_type pad;
> > + /**< RSA padding scheme to be used for transform */
> > +
> > + enum rte_crypto_auth_algorithm md;
> > + /**< Hash algorithm to be used for data hash if padding
> > + * scheme is either OAEP or PSS. Valid hash algorithms
> > + * are:
> > + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> > + */
> > +
> > + enum rte_crypto_auth_algorithm mgf1md;
> > + /**<
> > + * Hash algorithm to be used for mask generation if
> > + * padding scheme is either OAEP or PSS. If padding
> > + * scheme is unspecified data hash algorithm is used
> > + * for mask generation. Valid hash algorithms are:
> > + * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
> > + */
> > + } rsa;
> > +
> > + struct {
> > + rte_crypto_op_param pub_key;
> > + /**<
> > + * If DH operation type is
> > + * KEY_GENERATION:
> > + * if priv_key and public key are provided, the keys
> > + * are copied to DH xform structure, else key pair is
> > + * generated and stored in DH xform structure.
> > + * pub_key data should be in Octet-string network
> > + * byte order format.
> > + *
> > + * KEY_COMPUTATION:
> > + * pub_key holds the key shared by peer during DH
> > + * key exchange. pub_key data is written as Octet-
> > + * string network byte order format.
> > + */
> > + RTE_STD_C11
> > + union {
> > + rte_crypto_op_param priv_key;
> > + /**<
> > + * If DH operation type is KEY_GENERATION, and
> > + * priv_key is provided, the key is copied to
> > + * DH xform structure, else generated and stored
> > + * in DH xform structure. priv_key data is in
> > + * in Octet-string network byte order format.
> > + */
> > + rte_crypto_op_param shared_key;
> > + /*
> > + * If DH operation type is KEY_COMPUTATION:
> > + * shared_key holds the shared secret
> > + * computed. shared_key is written as
> > + * Octet-string network byte order format.
> > + */
> > + };
> > + } dh;
> > +
> > + struct {
> > + rte_crypto_op_param base;
> > + /**<
> > + * Pointer to base of modular exponentiation data in
> > + * Octet-string network byte order format.
> > + */
> > + } modex;
> > +
> > + struct {
> > + rte_crypto_op_param priv_key;
> > + /**<
> > + * If ECDH operation type is KEY_GENERATION, and
> > + * priv_key is provided, the key is copied to ECDH
> > + * xform structure, else generated and stored in
> > + * ECDH xform structure in Octet-string network byte
> > + * order.
> > + * If ECDH operation type is KEY_COMPUTATION:
> > + * priv_key holds the 'X' co-ordinate of the shared
> > + * secret EC point computed in Octet-string network
> > + * byte order.
> > + */
> > +
> > + rte_crypto_ec_point pub_key;
> > + /**<
> > + * If ECDH operation type is
> > + * KEY_GENERATION:
> > + * if priv_key and public key are provided, the keys
> > + * are copied ECDH xform structure, else key pair is
> > + * generated and stored in ECDH xform structure.
> > + *
> > + * KEY_COMPUTATION:
> > + * pub_key holds peer's public key during ECDH
> > + * key exchange in Octet-string network byte order.
> > + */
> > + } ecdh;
> > +
> > + struct {
> > + rte_crypto_op_param message;
> > + /**<
> > + * Pointer to data
> > + * - to be signed for ECDSA signature generation.
> > + * - to be authenticated for ECDSA sign verification.
> > + */
> > +
> > + rte_crypto_op_param sign;
> > + /**<
> > + * Pointer to ECDSA signature. If operation type is
> > + * @ref RTE_CRYPTO_ECDSA_OP_VERIFY this buffer will be
> > + * over-written with the signature.
> > + *
> > + * Length of ECDSA signature will be less than twice the
> > + * length of prime modulus length.
> > + */
> > +
> > + rte_crypto_op_param k;
> > + /**<
> > + * Pointer to random scalar to be used for generation
> > + * of ECDSA signature @ref RTE_CRYPTO_ECDSA_OP_SIGN.
> > + * It is invalid if operation is ECDSA verify.
> > + * Scalar data is in Octet-string network byte order
> > + * format.
> > + *
> > + * Length of scalar K should be less than the prime
> > + * modulus of the curve
> > + */
> > + } ecdsa;
> > +
> > + struct {
> > +
> > + rte_crypto_op_param message;
> > + /**<
> > + * Pointer to data
> > + * - to be signed for DSA signature generation.
> > + * - to be authenticated for DSA sign verification.
> > + *
> > + * Length of data to be signed, if is more than
> > + * prime modulus length, is truncated to length of
> > + * prime modulus.
> > + */
> > +
> > + rte_crypto_op_param k;
> > + /**<
> > + * Pointer to random scalar to be used for DSA
> > + * signature generation. K should be a non-zero number
> > + * less than q. k is in Octet-string network byte
> > + * order format.
> > + */
> > +
> > + } dsa;
> > +
> > + struct {
> > + struct rte_crypto_ec_point p;
> > + /**<
> > + * Pointer to primary curve point for fundamental
> > + * ECC operation. Data is in Octet-string network
> > + * byte order format.
> > + * Length of data in bytes cannot exceed the prime
> > + * modulus length of the curve.
> > + */
> > +
> > + struct rte_crypto_ec_point q;
> > + /**<
> > + *
> > + * Pointer to secondary curve point for fundamental
> > + * ECC operation. Data is in Octet-string network
> > + * byte order format.
> > + *
> > + * Length of data in bytes cannot exceed the prime
> > + * modulus length of the curve. This point is valid
> > + * only for point addition optype
> > + * RTE_CRYPTO_FECC_OP_POINT_ADD crypto transform.
> > + */
> > +
> > + rte_crypto_op_param k;
> > + /**<
> > + * Pointer to scalar data to be used only for point
> > + * multiplication @ref RTE_CRYPTO_FECC_OP_POINT_MULTIPLY
> > + * crypto transform. Data is in Octet-string network
> > + * byte order format.
> > + *
> > + * Length of data in bytes cannot exceed the prime
> > + * modulus length of the curve.
> > + */
> > +
> > + struct rte_crypto_ec_point r;
> > + /**<
> > + * Pointer to the resultant point on the curve after
> > + * fundamental ECC crypto transform. Data is in
> > + * Octet-string network byte order format.
> > + * Length of data in bytes cannot exceed the prime
> > + * modulus length of the curve.
> > + */
> > +
> > + } fecc;
> > +
> > + struct {
> > +
> > + rte_crypto_op_param prime;
> > + /**<
> > + * Pointer to the prime modulus data for modular
> > + * inverse operation in Octet-string network byte
> > + * order format.
> > + */
> > +
> > + rte_crypto_op_param base;
> > + /**<
> > + * Pointer to the base for the modular inverse
> > + * operation in Octet-string network byte order
> > + * format.
> > + */
> > + } modinv;
> > + };
> > +
> > +} __rte_cache_aligned;
> > +
> > +
> > +
> > +/**
> > + * Reset the fields of an asymmetric operation to their default values.
> > + *
> > + * @param op The crypto operation to be reset.
> > + */
> > +static inline void
> > +__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op)
> > +{
> > + memset(op, 0, sizeof(*op));
> > +
> > + op->sess_type = RTE_CRYPTO_ASYM_OP_SESSIONLESS;
> > +}
> > +
> > +
> > +/**
> > + * Allocate space for asymmetric crypto xforms in the private data space of the
> > + * crypto operation. This also defaults the crypto xform type to
> > + * RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED and configures the chaining of the xforms
> > + * in the crypto operation
> > + *
> > + * @return
> > + * - On success returns pointer to first crypto xform in crypto operations chain
> > + * - On failure returns NULL
> > + */
> > +static inline struct rte_crypto_asym_xform *
> > +__rte_crypto_asym_op_asym_xforms_alloc(struct rte_crypto_asym_op *asym_op,
> > + void *priv_data, uint8_t nb_xforms)
> > +{
> > + struct rte_crypto_asym_xform *xform;
> > +
> > + asym_op->xform = xform = (struct rte_crypto_asym_xform *)priv_data;
> > +
> > + do {
> > + xform->type = RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED;
> > + xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL;
> > + } while (xform);
> > +
> > + return asym_op->xform;
> > +}
> > +
> > +
> > +/**
> > + * Attach a session to an asymmetric crypto operation
> > + *
> > + * @param asym_op crypto operation
> > + * @param sess cryptodev session
> > + */
> > +static inline int
> > +__rte_crypto_asym_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
> > + struct rte_cryptodev_asym_session *sess)
> > +{
> > + asym_op->session = sess;
> > + asym_op->sess_type = RTE_CRYPTO_ASYM_OP_WITH_SESSION;
> > +
> > + return 0;
> > +}
> > +
> > +
> > +#ifdef __cplusplus
> > +}
> > +#endif
> > +
> > +#endif /* _RTE_CRYPTO_ASYM_H_ */
> > --
> > 1.8.3.1
>
Regards,
Umesh
Hi Umesh,
> -----Original Message-----
> From: Umesh Kartha [mailto:Umesh.Kartha@caviumnetworks.com]
> Sent: Friday, May 26, 2017 8:18 AM
> To: Trahe, Fiona <fiona.trahe@intel.com>
> Cc: dev@dpdk.org; Jerin Jacob <Jerin.JacobKollanukkaran@cavium.com>; Balasubramanian Manoharan
> <Balasubramanian.Manoharan@cavium.com>; Ram Kumar <Ram.Kumar@cavium.com>; Murthy
> Nidadavolu <Nidadavolu.Murthy@cavium.com>; Doherty, Declan <declan.doherty@intel.com>; De Lara
> Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: Re: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
>
> Hi Fiona,
>
>
> On Thu, May 25, 2017 at 04:00:42PM +0000, Trahe, Fiona wrote:
> > Hi Umesh,
> >
> >
> > > -----Original Message-----
> > > From: Umesh Kartha [mailto:Umesh.Kartha@caviumnetworks.com]
> > > Sent: Thursday, May 11, 2017 1:36 PM
> > > To: dev@dpdk.org
> > > Cc: Jerin Jacob <Jerin.JacobKollanukkaran@cavium.com>; Balasubramanian Manoharan
> > > <Balasubramanian.Manoharan@cavium.com>; Ram Kumar <Ram.Kumar@cavium.com>; Murthy
> > > Nidadavolu <Nidadavolu.Murthy@cavium.com>; Doherty, Declan <declan.doherty@intel.com>; De
> Lara
> > > Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > > Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
> > >
> > > Added asymmetric xform structures, operation definitions, operation
> > > parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
> > > MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
> > > libcrypto as of now).
> > >
> > > Signed-off-by: Umesh Kartha <Umesh.Kartha@caviumnetworks.com>
> > > ---
> > > lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
> > > 1 file changed, 1124 insertions(+)
> > > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
> > >
> > > diff --git lib/librte_cryptodev/rte_crypto_asym.h lib/librte_cryptodev/rte_crypto_asym.h
> > > new file mode 100644
> > > index 0000000..36a8b4f
> > > --- /dev/null
> > > +++ lib/librte_cryptodev/rte_crypto_asym.h
> > > @@ -0,0 +1,1124 @@
> > > +/*
> > > + * BSD LICENSE
> > > + *
> > > + * Copyright (C) Cavium networks Ltd. 2017.
> > > + *
> > > + * Redistribution and use in source and binary forms, with or without
> > > + * modification, are permitted provided that the following conditions
> > > + * are met:
> > > + *
> > > + * * Redistributions of source code must retain the above copyright
> > > + * notice, this list of conditions and the following disclaimer.
> > > + * * Redistributions in binary form must reproduce the above copyright
> > > + * notice, this list of conditions and the following disclaimer in
> > > + * the documentation and/or other materials provided with the
> > > + * distribution.
> > > + * * Neither the name of Cavium Networks nor the names of its
> > > + * contributors may be used to endorse or promote products derived
> > > + * from this software without specific prior written permission.
> > > + *
> > > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> > > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> > > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> > > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> > > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> > > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> > > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> > > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> > > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> > > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> > > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> > > + */
> > > +
> > > +#ifndef _RTE_CRYPTO_ASYM_H_
> > > +#define _RTE_CRYPTO_ASYM_H_
> > > +
> > > +/**
> > > + * @file rte_crypto_asym.h
> > > + *
> > > + * RTE Definitions for Asymmetric Cryptography
> > > + *
> > > + * Defines asymmetric algorithms and modes, as well as supported
> > > + * asymmetric crypto operations.
> > > + */
> > > +
> > > +#ifdef __cplusplus
> > > +extern "C" {
> > > +#endif
> > > +
> > > +#include <string.h>
> > > +#include <stdint.h>
> > > +#include <rte_mbuf.h>
> > > +#include <rte_memory.h>
> > > +#include <rte_mempool.h>
> > > +#include <rte_common.h>
> > > +#include "rte_crypto_sym.h"
> > > +
> > > +typedef struct rte_crypto_xform_param_t {
> > > + uint8_t *data;
> > > + size_t length;
> > > +} rte_crypto_xform_param;
> > > +
> > > +typedef struct rte_crypto_op_param_t {
> > > + uint8_t *data;
> > > + phys_addr_t phys_addr;
> > > + size_t length;
> > > +} rte_crypto_op_param;
> > [Fiona] Are both above lengths in bytes ?
> >
> >
> [Umesh] Yes, they are in bytes. Will add note for this to avoid any
> confusion.
[Fiona] Thanks.
Re your v1 question re sessionless, I don't see a strong need to support sessions
in Asymm crypto and we would probably initially just implement the SESSIONLESS case.
For that case, the rte_crypto_xform_param_t would be used to provide data to
the op. So providing a phys_addr would save an internal alloc and copy and
be necessary to optimise performance.
What do you think of adding this?
In that case the structs are identical, so can be combined.
Regards,
Fiona
Hi Fiona,
On Mon, May 29, 2017 at 02:51:11PM +0000, Trahe, Fiona wrote:
> Hi Umesh,
>
> > -----Original Message-----
> > From: Umesh Kartha [mailto:Umesh.Kartha@caviumnetworks.com]
> > Sent: Friday, May 26, 2017 8:18 AM
> > To: Trahe, Fiona <fiona.trahe@intel.com>
> > Cc: dev@dpdk.org; Jerin Jacob <Jerin.JacobKollanukkaran@cavium.com>; Balasubramanian Manoharan
> > <Balasubramanian.Manoharan@cavium.com>; Ram Kumar <Ram.Kumar@cavium.com>; Murthy
> > Nidadavolu <Nidadavolu.Murthy@cavium.com>; Doherty, Declan <declan.doherty@intel.com>; De Lara
> > Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> > Subject: Re: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
> >
> > Hi Fiona,
> >
> >
> > On Thu, May 25, 2017 at 04:00:42PM +0000, Trahe, Fiona wrote:
> > > Hi Umesh,
> > >
> > >
> > > > -----Original Message-----
> > > > From: Umesh Kartha [mailto:Umesh.Kartha@caviumnetworks.com]
> > > > Sent: Thursday, May 11, 2017 1:36 PM
> > > > To: dev@dpdk.org
> > > > Cc: Jerin Jacob <Jerin.JacobKollanukkaran@cavium.com>; Balasubramanian Manoharan
> > > > <Balasubramanian.Manoharan@cavium.com>; Ram Kumar <Ram.Kumar@cavium.com>; Murthy
> > > > Nidadavolu <Nidadavolu.Murthy@cavium.com>; Doherty, Declan <declan.doherty@intel.com>; De
> > Lara
> > > > Guarch, Pablo <pablo.de.lara.guarch@intel.com>; Trahe, Fiona <fiona.trahe@intel.com>
> > > > Subject: [RFC PATCH v2 1/3] cryptodev: added asymmetric algorithms
> > > >
> > > > Added asymmetric xform structures, operation definitions, operation
> > > > parameters. Added asymmetric algorithms RSA, DH, ECDH, DSA, ECDSA,
> > > > MODEXP, FECC, MOD-INVERSE. Added curves (all curves supported by
> > > > libcrypto as of now).
> > > >
> > > > Signed-off-by: Umesh Kartha <Umesh.Kartha@caviumnetworks.com>
> > > > ---
> > > > lib/librte_cryptodev/rte_crypto_asym.h | 1124 ++++++++++++++++++++++++++++++++
> > > > 1 file changed, 1124 insertions(+)
> > > > create mode 100644 lib/librte_cryptodev/rte_crypto_asym.h
> > > >
> > > > diff --git lib/librte_cryptodev/rte_crypto_asym.h lib/librte_cryptodev/rte_crypto_asym.h
> > > > new file mode 100644
> > > > index 0000000..36a8b4f
> > > > --- /dev/null
> > > > +++ lib/librte_cryptodev/rte_crypto_asym.h
> > > > @@ -0,0 +1,1124 @@
> > > > +/*
> > > > + * BSD LICENSE
> > > > + *
> > > > + * Copyright (C) Cavium networks Ltd. 2017.
> > > > + *
> > > > + * Redistribution and use in source and binary forms, with or without
> > > > + * modification, are permitted provided that the following conditions
> > > > + * are met:
> > > > + *
> > > > + * * Redistributions of source code must retain the above copyright
> > > > + * notice, this list of conditions and the following disclaimer.
> > > > + * * Redistributions in binary form must reproduce the above copyright
> > > > + * notice, this list of conditions and the following disclaimer in
> > > > + * the documentation and/or other materials provided with the
> > > > + * distribution.
> > > > + * * Neither the name of Cavium Networks nor the names of its
> > > > + * contributors may be used to endorse or promote products derived
> > > > + * from this software without specific prior written permission.
> > > > + *
> > > > + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> > > > + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> > > > + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> > > > + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
> > > > + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> > > > + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
> > > > + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> > > > + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> > > > + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> > > > + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
> > > > + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> > > > + */
> > > > +
> > > > +#ifndef _RTE_CRYPTO_ASYM_H_
> > > > +#define _RTE_CRYPTO_ASYM_H_
> > > > +
> > > > +/**
> > > > + * @file rte_crypto_asym.h
> > > > + *
> > > > + * RTE Definitions for Asymmetric Cryptography
> > > > + *
> > > > + * Defines asymmetric algorithms and modes, as well as supported
> > > > + * asymmetric crypto operations.
> > > > + */
> > > > +
> > > > +#ifdef __cplusplus
> > > > +extern "C" {
> > > > +#endif
> > > > +
> > > > +#include <string.h>
> > > > +#include <stdint.h>
> > > > +#include <rte_mbuf.h>
> > > > +#include <rte_memory.h>
> > > > +#include <rte_mempool.h>
> > > > +#include <rte_common.h>
> > > > +#include "rte_crypto_sym.h"
> > > > +
> > > > +typedef struct rte_crypto_xform_param_t {
> > > > + uint8_t *data;
> > > > + size_t length;
> > > > +} rte_crypto_xform_param;
> > > > +
> > > > +typedef struct rte_crypto_op_param_t {
> > > > + uint8_t *data;
> > > > + phys_addr_t phys_addr;
> > > > + size_t length;
> > > > +} rte_crypto_op_param;
> > > [Fiona] Are both above lengths in bytes ?
> > >
> > >
> > [Umesh] Yes, they are in bytes. Will add note for this to avoid any
> > confusion.
> [Fiona] Thanks.
> Re your v1 question re sessionless, I don't see a strong need to support sessions
> in Asymm crypto and we would probably initially just implement the SESSIONLESS case.
> For that case, the rte_crypto_xform_param_t would be used to provide data to
> the op. So providing a phys_addr would save an internal alloc and copy and
> be necessary to optimise performance.
> What do you think of adding this?
> In that case the structs are identical, so can be combined.
>
> Regards,
> Fiona
>
If the general conscience is that a session is not required to perform
asymmetric crypto operations, I will remove it. The only scenario in which
an asymmetric session can be used is to generate DSA/ECDSA/RSA signatures
multiple times. Alternatively, crypto_asym_xform struct can be reused in
this scenario.
And yes, as you suggested, we can combine the structs.
Regards,
Umesh
new file mode 100644
@@ -0,0 +1,1124 @@
+/*
+ * BSD LICENSE
+ *
+ * Copyright (C) Cavium networks Ltd. 2017.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Cavium Networks nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef _RTE_CRYPTO_ASYM_H_
+#define _RTE_CRYPTO_ASYM_H_
+
+/**
+ * @file rte_crypto_asym.h
+ *
+ * RTE Definitions for Asymmetric Cryptography
+ *
+ * Defines asymmetric algorithms and modes, as well as supported
+ * asymmetric crypto operations.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <string.h>
+#include <stdint.h>
+#include <rte_mbuf.h>
+#include <rte_memory.h>
+#include <rte_mempool.h>
+#include <rte_common.h>
+#include "rte_crypto_sym.h"
+
+typedef struct rte_crypto_xform_param_t {
+ uint8_t *data;
+ size_t length;
+} rte_crypto_xform_param;
+
+typedef struct rte_crypto_op_param_t {
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ size_t length;
+} rte_crypto_op_param;
+
+/** Asymmetric crypto transformation types */
+enum rte_crypto_asym_xform_type {
+ RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED = 0,
+ RTE_CRYPTO_ASYM_XFORM_RSA,
+ RTE_CRYPTO_ASYM_XFORM_MODEX,
+ RTE_CRYPTO_ASYM_XFORM_DH,
+ RTE_CRYPTO_ASYM_XFORM_ECDH,
+ RTE_CRYPTO_ASYM_XFORM_DSA,
+ RTE_CRYPTO_ASYM_XFORM_ECDSA,
+ RTE_CRYPTO_ASYM_XFORM_FECC,
+ RTE_CRYPTO_ASYM_XFORM_MODINV,
+ RTE_CRYPTO_ASYM_XFORM_TYPE_LIST_END
+};
+
+/**
+ * RSA operation type variants
+ */
+enum rte_crypto_rsa_optype {
+ RTE_CRYPTO_RSA_OP_NOT_SPECIFIED = 1,
+ /**< RSA operation unspecified */
+ RTE_CRYPTO_RSA_OP_PUBLIC_ENCRYPT,
+ /**< RSA public encrypt operation */
+ RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT,
+ /**< RSA private decrypt operation */
+ RTE_CRYPTO_RSA_OP_SIGN,
+ /**< RSA private key signature operation */
+ RTE_CRYPTO_RSA_OP_VERIFY,
+ /**< RSA public key verification operation */
+ RTE_CRYPTO_RSA_OP_LIST_END
+};
+
+/**
+ * Padding types for RSA signature.
+ */
+enum rte_crypto_rsa_padding_type {
+ RTE_CRYPTO_RSA_PADDING_NOT_SPECIFIED = 1,
+ /**< RSA no padding scheme */
+ RTE_CRYPTO_RSA_PADDING_BT1,
+ /**< RSA PKCS#1 padding BT1 scheme */
+ RTE_CRYPTO_RSA_PADDING_BT2,
+ /**< RSA PKCS#1 padding BT2 scheme */
+ RTE_CRYPTO_RSA_PADDING_OAEP,
+ /**< RSA PKCS#1 OAEP padding scheme */
+ RTE_CRYPTO_RSA_PADDING_PSS,
+ /**< RSA PKCS#1 PSS padding scheme */
+ RTE_CRYPTO_RSA_PADDING_TYPE_LIST_END
+};
+
+/**
+ * Modular exponentiaion operation type variants
+ */
+enum rte_crypto_modex_optype {
+ RTE_CRYPTO_MODEX_OP_NOT_SPECIFIED = 1,
+ /**< ModEx operation type unspecified */
+ RTE_CRYPTO_MODEX_OP_MODEX,
+ /**< Modex operation modular exponentiation */
+ RTE_CRYPTO_MODEX_OP_LIST_END
+};
+
+/**
+ * Modular Inverse operation type variants
+ */
+enum rte_crypto_modeinv_optype {
+ RTE_CRYPTO_MODINV_OP_NOT_SPECIFIED = 1,
+ /**< ModInv operation type unspecified */
+ RTE_CRYPTO_MODINV_OP_MODINV,
+ /**< ModInv operation modular Inverse */
+ RTE_CRYPTO_MODEX_OP_LIST_END
+};
+
+/**
+ * DSA operation type variants
+ */
+enum rte_crypto_dsa_optype {
+ RTE_CRYPTO_DSA_OP_NOT_SPECIFIED = 1,
+ /**< DSA operation unspecified */
+ RTE_CRYPTO_DSA_OP_SIGN,
+ /**< DSA private key signature operation */
+ RTE_CRYPTO_DSA_OP_VERIFY,
+ /**< DSA public key verification operation */
+ RTE_CRYPTO_DSA_OP_LIST_END
+};
+
+
+/**
+ * ECDSA operation type variants
+ */
+enum rte_crypto_ecdsa_optype {
+ RTE_CRYPTO_ECDSA_OP_NOT_SPECIFIED = 1,
+ /**< ECDSA operation unspecified */
+ RTE_CRYPTO_ECDSA_OP_SIGN,
+ /**< ECDSA private key signature operation */
+ RTE_CRYPTO_ECDSA_OP_VERIFY,
+ /**< ECDSA public key verification operation */
+ RTE_CRYPTO_ECDSA_OP_LIST_END
+};
+
+/**
+ * Diffie Hellman Key operation variants
+ */
+enum rte_crypto_dh_optype {
+ RTE_CRYPTO_DH_OP_NOT_SPECIFIED = 1,
+ /**< DH operation unspecified */
+ RTE_CRYPTO_DH_OP_KEY_GENERATION,
+ /**< DH private/public key generation operation */
+ RTE_CRYPTO_DH_OP_KEY_COMPUTATION,
+ /**< DH private key computation operation */
+ RTE_CRYPTO_DH_OP_LIST_END
+};
+
+/**
+ * Elliptic Curve Diffie Hellman Key operation variants
+ */
+enum rte_crypto_ecdh_optype {
+ RTE_CRYPTO_ECDH_OP_NOT_SPECIFIED = 1,
+ /**< ECDH operation unspecified */
+ RTE_CRYPTO_ECDH_OP_KEY_GENERATION,
+ /**< ECDH private/public key generation operation */
+ RTE_CRYPTO_ECDH_OP_KEY_CHECK,
+ /**< ECDH public key validity check operation */
+ RTE_CRYPTO_ECDH_OP_KEY_COMPUTATION,
+ /**< ECDH private key computation operation */
+ RTE_CRYPTO_ECDH_OP_LIST_END
+};
+
+/**
+ * Fundamental ECC operation type variants.
+ */
+enum rte_crypto_fecc_optype {
+ RTE_CRYPTO_FECC_OP_NOT_SPECIFIED = 1,
+ /**< FECC operation type unspecified */
+ RTE_CRYPTO_FECC_OP_POINT_ADD,
+ /**< Fundamental ECC point addition operation */
+ RTE_CRYPTO_FECC_OP_POINT_DBL,
+ /**< Fundamental ECC point doubling operation */
+ RTE_CRYPTO_FECC_OP_POINT_MULTIPLY,
+ /**< Fundamental ECC point multiplication operation */
+ RTE_CRYPTO_FECC_OP_LIST_END
+};
+
+/**
+ * ECC list of curves.
+ */
+enum rte_crypto_ec_prime_curve {
+ RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
+ /**< Unspecified or empty curve id */
+ RTE_CRYPTO_EC_CURVE_secp112r1,
+ /**< SECG/WTLS curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp112r2,
+ /**< SECG curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp128r1,
+ /**< SECG curve over a 128 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp128r2,
+ /**< SECG curve over a 128 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp160k1,
+ /**< SECG curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp160r1,
+ /**< SECG curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp160r2,
+ /**< SECG/WTLS curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp192k1,
+ /**< SECG curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp224k1,
+ /**< SECG curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp224r1,
+ /**< NIST/SECG curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp256k1,
+ /**< SECG curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp384r1,
+ /**< NIST/SECG curve over a 384 bit prime field */
+ RTE_CRYPTO_EC_CURVE_secp521r1,
+ /**< NIST/SECG curve over a 521 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime192v1,
+ /**< NIST/X9.62/SECG curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime192v2,
+ /**< X9.62 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime192v3,
+ /**< X9.62 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime239v1,
+ /**< X9.62 curve over a 239 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime239v2,
+ /**< X9.62 curve over a 239 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime239v3,
+ /**< X9.62 curve over a 239 bit prime field */
+ RTE_CRYPTO_EC_CURVE_prime256v1,
+ /**< X9.62/SECG curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls6,
+ /**< SECG/WTLS curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls7,
+ /**< SECG/WTLS curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls8,
+ /**< WTLS curve over a 112 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls9,
+ /**< WTLS curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls12,
+ /**< WTLS curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP160r1,
+ /**< RFC 5639 curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP160t1,
+ /**< RFC 5639 curve over a 160 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP192r1,
+ /**< RFC 5639 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP192t1,
+ /**< RFC 5639 curve over a 192 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP224r1,
+ /**< RFC 5639 curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP224t1,
+ /**< RFC 5639 curve over a 224 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP256r1,
+ /**< RFC 5639 curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP256t1,
+ /**< RFC 5639 curve over a 256 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP320r1,
+ /**< RFC 5639 curve over a 320 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP320t1,
+ /**< RFC 5639 curve over a 320 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP384r1,
+ /**< RFC 5639 curve over a 384 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP384t1,
+ /**< RFC 5639 curve over a 384 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP512r1,
+ /**< RFC 5639 curve over a 512 bit prime field */
+ RTE_CRYPTO_EC_CURVE_brainpoolP512t1,
+ /**< RFC 5639 curve over a 512 bit prime field */
+ RTE_CRYPTO_EC_CURVE_x25519,
+ /**< Curve 25519 */
+ RTE_CRYPTO_EC_CURVE_LIST_END
+};
+
+enum rte_crypto_ec_binary_curve {
+ RTE_CRYPTO_EC_CURVE_NOT_SPECIFIED = -1,
+ /**< Unspecified or empty curve id */
+ RTE_CRYPTO_EC_CURVE_sect113r1,
+ /**< SECG curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect113r2,
+ /**< SECG curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect131r1,
+ /**< SECG/WTLS curve over a 131 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect131r2,
+ /**< SECG curve over a 131 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect163k1,
+ /**< NIST/SECG/WTLS curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect163r1,
+ /**< SECG curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect163r2,
+ /**< NIST/SECG curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect193r1,
+ /**< SECG curve over a 193 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect193r2,
+ /**< SECG curve over a 193 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect233k1,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect233r1,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect239k1,
+ /**< SECG curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect283k1,
+ /**< NIST/SECG curve over a 283 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect283r1,
+ /**< NIST/SECG curve over a 283 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect409k1,
+ /**< NIST/SECG curve over a 409 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect409r1,
+ /**< NIST/SECG curve over a 409 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect571k1,
+ /**< NIST/SECG curve over a 571 bit binary field */
+ RTE_CRYPTO_EC_CURVE_sect571r1,
+ /**< NIST/SECG curve over a 571 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb163v1,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb163v2,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb163v3,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb176v1,
+ /**< X9.62 curve over a 176 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb191v1,
+ /**< X9.62 curve over a 191 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb191v2,
+ /**< X9.62 curve over a 191 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb191v3,
+ /**< X9.62 curve over a 191 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb208w1,
+ /**< X9.62 curve over a 208 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb239v1,
+ /**< X9.62 curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb239v2,
+ /**< X9.62 curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb239v3,
+ /**< X9.62 curve over a 239 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb272w1,
+ /**< X9.62 curve over a 272 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb304w1,
+ /**< X9.62 curve over a 304 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb359v1,
+ /**< X9.62 curve over a 359 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2pnb368w1,
+ /**< X9.62 curve over a 368 bit binary field */
+ RTE_CRYPTO_EC_CURVE_c2tnb431r1,
+ /**< X9.62 curve over a 431 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls1,
+ /**< WTLS curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls3,
+ /**< NIST/SECG/WTLS curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls4,
+ /**< SECG curve over a 113 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls5,
+ /**< X9.62 curve over a 163 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls10,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_wap_wsg_idm_ecid_wtls11,
+ /**< NIST/SECG/WTLS curve over a 233 bit binary field */
+ RTE_CRYPTO_EC_CURVE_LIST_END
+};
+
+/**
+ * Elliptic curve point format
+ */
+struct rte_crypto_ec_point {
+ struct {
+ int length;
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ /**< phys_addr is used only for points passed in the
+ * asym_op structure.
+ */
+ } x;
+ /**< X co-ordinate */
+
+ struct {
+ int length;
+ uint8_t *data;
+ phys_addr_t phys_addr;
+ /**< phys_addr is used only for points passed in the
+ * operation structure
+ */
+ } y;
+ /**< Y co-ordinate */
+};
+
+/**
+ * Elliptic curve type
+ */
+enum rte_crypto_ec_curve_type {
+ RTE_CRYPTO_EC_CURVE_TYPE_UNDEFINED,
+ /**< Curve type undefined */
+ RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD,
+ /**< EC curve defined over a prime field */
+ RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD,
+ /**< EC curve defined over a binary field */
+ RTE_CRYPTO_EC_CURVE_LIST_END
+};
+
+/**
+ * Elliptic curve id
+ */
+struct rte_crypto_ec_curve_id {
+ RTE_STD_C11
+ union {
+ enum rte_crypto_ec_prime_curve pcurve;
+ enum rte_crypto_ec_binary_curve bcurve;
+ }
+};
+
+/**
+ * Asymmetric RSA transform data
+ *
+ * This structure contains data required to perform RSA crypto
+ * transform. If all CRT components are filled, RSA private key
+ * operations @ref RTE_CRYPTO_RSA_OP_SIGN and @ref
+ * RTE_CRYPTO_RSA_OP_PRIVATE_DECRYPT uses CRT method for crypto
+ * transform.
+ */
+struct rte_crypto_rsa_xform {
+
+ rte_crypto_xform_param n;
+ /**< n - Prime modulus
+ * Prime modulus data of RSA operation in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param e;
+ /**< e - Public key exponent
+ * Public key exponent used for RSA public key operations in Octet-
+ * string network byte order format.
+ */
+
+ rte_crypto_xform_param d;
+ /**< d - Private key exponent
+ * Private key exponent used for RSA private key operations in
+ * Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param p;
+ /**< p - Private key component P
+ * Private key component of RSA parameter required for CRT method
+ * of private key operations in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param q;
+ /**< q - Private key component Q
+ * Private key component of RSA parameter required for CRT method
+ * of private key operations in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param dP;
+ /**< dP - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * dP = d mod ( p - 1 )
+ */
+
+ rte_crypto_xform_param dQ;
+ /**< dQ - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * dQ = d mod ( q - 1 )
+ */
+
+ rte_crypto_xform_param qInv;
+ /**< qInv - Private CRT component
+ * Private CRT component of RSA parameter required for CRT method
+ * RSA private key operations in Octet-string network byte order
+ * format.
+ * qInv = inv q mod p
+ */
+};
+
+/** Asymmetric Modular exponentiation transform data
+ *
+ * This structure contains data required to perform modular exponentation
+ * crypto transform. If all CRT components are valid, crypto transform
+ * operation follows CRT method.
+ */
+struct rte_crypto_modex_xform {
+
+ rte_crypto_xform_param modulus;
+ /**< modulus
+ * Prime modulus of the modexp transform operation in Octet-string
+ * network byte order format.
+ */
+
+ rte_crypto_xform_param exponent;
+ /**< exponent
+ * Private exponent of the modexp transform operation in
+ * Octet-string network byte order format.
+ */
+};
+
+/** Asymmetric DH transform data
+ * This structure contains data used to perform DH key
+ * computation
+ */
+struct rte_crypto_dh_xform {
+ rte_crypto_xform_param p;
+ /**< p : Prime modulus data
+ * DH prime modulous data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param g;
+ /**< g : Generator
+ * DH group generator data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param priv_key;
+ /**< priv_key
+ * DH private key data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param pub_key;
+ /**< pub_key
+ * DH public key data in Octet-string network byte order format.
+ */
+};
+
+/**Asymmetric ECDH transform data
+ * This structure contains data required to perform ECDH crypto
+ * transform
+ */
+struct rte_crypto_ecdh_xform {
+
+ enum rte_crypto_ec_curve_type curve_type;
+ /**< ECDH curve type: Prime vs Binary */
+
+ struct rte_crypto_ec_curve_id curve_id;
+
+ rte_crypto_xform_param n;
+ /**< n : order
+ * ECDH curve order data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param p;
+ /**< p:
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
+ * p holds the prime modulus data in Octet string format.
+ *
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
+ * p holds reduction polynomial co-efficients and degree.
+ */
+
+ rte_crypto_xform_param a;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param b;
+ /**< Co-efficient 'b' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ struct rte_crypto_ec_point G;
+ /**< G: EC curve generator
+ * EC curve generator point data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param pkey;
+ /**< pkey: Private key
+ * Private key data for ECDH operation in Octet-string network byte
+ * order format.
+ */
+
+ struct rte_crypto_ecpoint Q;
+ /**< Q: Public key point
+ * Public key point data of ECDH operation in Octet-string network
+ * byte order format.
+ */
+
+ int h;
+ /**< Co-factor of the curve */
+};
+
+/** Asymmetric Digital Signature transform operation
+ *
+ * This structure contains data required to perform asymmetric
+ * digital signature crypto transform.
+ */
+struct rte_crypto_dsa_xform {
+
+ rte_crypto_xform_param p;
+ /**< p - Prime modulus
+ * Prime modulus data for DSA operation in Octet-string network byte
+ * order format.
+ */
+
+ rte_crypto_xform_param q;
+ /**< q : Order of the subgroup
+ * Order of the subgroup data in Octet-string network byte order
+ * format.
+ * q % (p-1) = 0
+ */
+
+ rte_crypto_xform_param g;
+ /**< g: Generator of the subgroup
+ * Generator data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param x;
+ /**< x: Private key of the signer
+ * Private key data in Octet-string network byte order format.
+ * Private key is valid only for signature generation operation.
+ */
+
+ rte_crypto_xform_param y;
+ /**< y : Public key of the signer.
+ * Public key data of the signer in Octet-string network byte order
+ * format.
+ * y = g^x mod p
+ */
+};
+
+/** Asymmetric ECDSA transform data
+ *
+ * This structure contains data required to perform ECDSA crypto
+ * transform.
+ */
+struct rte_crypto_ecdsa_xform {
+
+ enum rte_crypto_ec_curve_type curve_type;
+ /**< ECDSA curve type: Prime vs Binary */
+
+ struct rte_crypto_ec_curve_id curve_id;
+ /**< EC curve ID */
+
+ rte_crypto_xform_param n;
+ /**< n : order
+ * ECDH curve order data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param p;
+ /**< p:
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_PRIME_FIELD:
+ * p holds the prime modulus data in Octet string format.
+ *
+ * If the curve_type is @ref RTE_CRYPTO_EC_CURVE_TYPE_BINARY_FIELD:
+ * p holds reduction polynomial co-efficients and degree.
+ */
+
+ rte_crypto_xform_param a;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param b;
+ /**< Co-efficient 'b' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ struct rte_crypto_ecpoint G;
+ /**< G: EC curve generator
+ * EC curve generator point data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param pkey;
+ /**< pkey: Private key
+ * Private key data of the signer for ECDSA signature generation
+ * operation in Octet-string network byte format. Parameter is
+ * invalid or unsed for signature verification.
+ */
+
+ struct rte_crypto_ecpoint Q;
+ /**< Q: Public key point
+ * Public key point data of ECDSA operation in Octet-string network
+ * byte order format.
+ */
+
+ int h;
+ /**< Co-factor of the curve */
+};
+
+/** Asymmetric modular inverse transform operation
+ * This structure contains data required to perform
+ * asymmetric modular inverse crypto transform
+ */
+struct rte_crypto_modinv_xform {
+};
+
+/** Asymmetric Fundamental ECC transform operation
+ *
+ * This structure contains data required to perform asymmetric
+ * fundamental ECC crypto transform.
+ */
+struct rte_crypto_fecc_xform {
+
+ enum rte_crypto_ec_curve_type curve_type;
+ /**< FECC curve type: Prime vs Binary */
+
+ struct rte_crypto_ec_curve_id curve_id;
+ /**< EC curve ID */
+
+ rte_crypto_xform_param order;
+ /**< order : ECC curve order
+ * Curve order data in Octet-string network byte order format.
+ */
+
+ rte_crypto_xform_param prime;
+ /**< prime : Curve prime modulus data
+ * Prime modulus data in Octet-string network byte order format.
+ */
+
+ struct rte_crypto_ec_point G;
+ /**< G: curve generator point
+ * Curve generator point data in Octet-string network byte order
+ * format.
+ */
+
+ rte_crypto_xform_param a;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ rte_crypto_xform_param b;
+ /**< Co-efficient 'a' of curve equation data in Octet-string network
+ * byte order format.
+ */
+
+ int h;
+ /**< Co-factor of the curve */
+
+};
+
+/**
+ * Asymmetric crypto transform data
+ *
+ * This structure contains the data required to perform the
+ * asymmetric crypto transformation operation. The field op
+ * determines the asymmetric algorithm for transformation.
+ */
+struct rte_crypto_asym_xform {
+ struct rte_crypto_asym_xform *next;
+ enum rte_crypto_asym_xform_type xform_type;
+ /**< Asymmetric algorithm for crypto transform */
+
+ RTE_STD_C11
+ union {
+ struct rte_crypto_rsa_xform rsa;
+ struct rte_crypto_fecc_xform fecc;
+ struct rte_crypto_modex_xform modex;
+ struct rte_crypto_ecdsa_xform ecdsa;
+ struct rte_crypto_ecdh_xform ecdh;
+ struct rte_crypto_dsa_xform dsa;
+ };
+};
+
+struct rte_cryptodev_asym_session;
+
+/**
+ * Crypto operation session type. This is used to specify whether a crypto
+ * operation has session structure attached for immutable parameters or if all
+ * operation information is included in the operation data structure.
+ */
+enum rte_crypto_asym_op_sess_type {
+ RTE_CRYPTO_ASYM_OP_WITH_SESSION,
+ /**< Session based crypto operation */
+ RTE_CRYPTO_ASYM_OP_SESSIONLESS
+ /**< Session-less crypto operation */
+};
+
+/**
+ * Asymmetric Cryptographic Operation.
+ *
+ * This structure contains data relating to performing asymmetric cryptographic
+ * operation.
+ *
+ */
+struct rte_crypto_asym_op {
+
+ enum rte_crypto_asym_op_sess_type sess_type;
+ enum rte_crypto_asym_xform_type type;
+
+ RTE_STD_C11
+ union {
+ enum rte_crypto_rsa_optype rsa_op;
+ /**< Type of RSA operation for transform */;
+ enum rte_crypto_modex_optype modex_op;
+ /**< Type of modular exponentiation operation */
+ enum rte_crypto_ecdsa_optype ecdsa_op;
+ /**< ECDSA crypto xform operation type */
+ enum rte_crypto_fecc_optype fecc_op;
+ /**< ECDSA crypto xform operation type */
+ enum rte_crypto_dsa_optype dsa_op;
+ /**< DSA crypto xform operation type */
+ };
+
+ RTE_STD_C11
+ union {
+ struct rte_cryptodev_asym_session *session;
+ /**< Handle for the initialised session context */
+ struct rte_crypto_asym_xform *xform;
+ /**< Session-less API crypto operation parameters */
+ };
+
+ RTE_STD_C11
+ union {
+
+ struct {
+ rte_crypto_op_param message;
+ /**<
+ * Pointer to data
+ * - to be encrypted for RSA public encrypt.
+ * - to be decrypted for RSA private decrypt.
+ * - to be signed for RSA sign generation.
+ * - to be authenticated for RSA sign verification.
+ */
+
+ rte_crypto_op_param sign;
+ /**<
+ * Pointer to RSA signature data. If operation is RSA
+ * sign @ref RTE_CRYPTO_RSA_OP_SIGN, buffer will be
+ * over-written with generated signature.
+ *
+ * Length of the signature data will be equal to the
+ * RSA prime modulus length.
+ */
+
+ enum rte_crypto_rsa_padding_type pad;
+ /**< RSA padding scheme to be used for transform */
+
+ enum rte_crypto_auth_algorithm md;
+ /**< Hash algorithm to be used for data hash if padding
+ * scheme is either OAEP or PSS. Valid hash algorithms
+ * are:
+ * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ */
+
+ enum rte_crypto_auth_algorithm mgf1md;
+ /**<
+ * Hash algorithm to be used for mask generation if
+ * padding scheme is either OAEP or PSS. If padding
+ * scheme is unspecified data hash algorithm is used
+ * for mask generation. Valid hash algorithms are:
+ * MD5, SHA1, SHA224, SHA256, SHA384, SHA512
+ */
+ } rsa;
+
+ struct {
+ rte_crypto_op_param pub_key;
+ /**<
+ * If DH operation type is
+ * KEY_GENERATION:
+ * if priv_key and public key are provided, the keys
+ * are copied to DH xform structure, else key pair is
+ * generated and stored in DH xform structure.
+ * pub_key data should be in Octet-string network
+ * byte order format.
+ *
+ * KEY_COMPUTATION:
+ * pub_key holds the key shared by peer during DH
+ * key exchange. pub_key data is written as Octet-
+ * string network byte order format.
+ */
+ RTE_STD_C11
+ union {
+ rte_crypto_op_param priv_key;
+ /**<
+ * If DH operation type is KEY_GENERATION, and
+ * priv_key is provided, the key is copied to
+ * DH xform structure, else generated and stored
+ * in DH xform structure. priv_key data is in
+ * in Octet-string network byte order format.
+ */
+ rte_crypto_op_param shared_key;
+ /*
+ * If DH operation type is KEY_COMPUTATION:
+ * shared_key holds the shared secret
+ * computed. shared_key is written as
+ * Octet-string network byte order format.
+ */
+ };
+ } dh;
+
+ struct {
+ rte_crypto_op_param base;
+ /**<
+ * Pointer to base of modular exponentiation data in
+ * Octet-string network byte order format.
+ */
+ } modex;
+
+ struct {
+ rte_crypto_op_param priv_key;
+ /**<
+ * If ECDH operation type is KEY_GENERATION, and
+ * priv_key is provided, the key is copied to ECDH
+ * xform structure, else generated and stored in
+ * ECDH xform structure in Octet-string network byte
+ * order.
+ * If ECDH operation type is KEY_COMPUTATION:
+ * priv_key holds the 'X' co-ordinate of the shared
+ * secret EC point computed in Octet-string network
+ * byte order.
+ */
+
+ rte_crypto_ec_point pub_key;
+ /**<
+ * If ECDH operation type is
+ * KEY_GENERATION:
+ * if priv_key and public key are provided, the keys
+ * are copied ECDH xform structure, else key pair is
+ * generated and stored in ECDH xform structure.
+ *
+ * KEY_COMPUTATION:
+ * pub_key holds peer's public key during ECDH
+ * key exchange in Octet-string network byte order.
+ */
+ } ecdh;
+
+ struct {
+ rte_crypto_op_param message;
+ /**<
+ * Pointer to data
+ * - to be signed for ECDSA signature generation.
+ * - to be authenticated for ECDSA sign verification.
+ */
+
+ rte_crypto_op_param sign;
+ /**<
+ * Pointer to ECDSA signature. If operation type is
+ * @ref RTE_CRYPTO_ECDSA_OP_VERIFY this buffer will be
+ * over-written with the signature.
+ *
+ * Length of ECDSA signature will be less than twice the
+ * length of prime modulus length.
+ */
+
+ rte_crypto_op_param k;
+ /**<
+ * Pointer to random scalar to be used for generation
+ * of ECDSA signature @ref RTE_CRYPTO_ECDSA_OP_SIGN.
+ * It is invalid if operation is ECDSA verify.
+ * Scalar data is in Octet-string network byte order
+ * format.
+ *
+ * Length of scalar K should be less than the prime
+ * modulus of the curve
+ */
+ } ecdsa;
+
+ struct {
+
+ rte_crypto_op_param message;
+ /**<
+ * Pointer to data
+ * - to be signed for DSA signature generation.
+ * - to be authenticated for DSA sign verification.
+ *
+ * Length of data to be signed, if is more than
+ * prime modulus length, is truncated to length of
+ * prime modulus.
+ */
+
+ rte_crypto_op_param k;
+ /**<
+ * Pointer to random scalar to be used for DSA
+ * signature generation. K should be a non-zero number
+ * less than q. k is in Octet-string network byte
+ * order format.
+ */
+
+ } dsa;
+
+ struct {
+ struct rte_crypto_ec_point p;
+ /**<
+ * Pointer to primary curve point for fundamental
+ * ECC operation. Data is in Octet-string network
+ * byte order format.
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve.
+ */
+
+ struct rte_crypto_ec_point q;
+ /**<
+ *
+ * Pointer to secondary curve point for fundamental
+ * ECC operation. Data is in Octet-string network
+ * byte order format.
+ *
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve. This point is valid
+ * only for point addition optype
+ * RTE_CRYPTO_FECC_OP_POINT_ADD crypto transform.
+ */
+
+ rte_crypto_op_param k;
+ /**<
+ * Pointer to scalar data to be used only for point
+ * multiplication @ref RTE_CRYPTO_FECC_OP_POINT_MULTIPLY
+ * crypto transform. Data is in Octet-string network
+ * byte order format.
+ *
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve.
+ */
+
+ struct rte_crypto_ec_point r;
+ /**<
+ * Pointer to the resultant point on the curve after
+ * fundamental ECC crypto transform. Data is in
+ * Octet-string network byte order format.
+ * Length of data in bytes cannot exceed the prime
+ * modulus length of the curve.
+ */
+
+ } fecc;
+
+ struct {
+
+ rte_crypto_op_param prime;
+ /**<
+ * Pointer to the prime modulus data for modular
+ * inverse operation in Octet-string network byte
+ * order format.
+ */
+
+ rte_crypto_op_param base;
+ /**<
+ * Pointer to the base for the modular inverse
+ * operation in Octet-string network byte order
+ * format.
+ */
+ } modinv;
+ };
+
+} __rte_cache_aligned;
+
+
+
+/**
+ * Reset the fields of an asymmetric operation to their default values.
+ *
+ * @param op The crypto operation to be reset.
+ */
+static inline void
+__rte_crypto_asym_op_reset(struct rte_crypto_asym_op *op)
+{
+ memset(op, 0, sizeof(*op));
+
+ op->sess_type = RTE_CRYPTO_ASYM_OP_SESSIONLESS;
+}
+
+
+/**
+ * Allocate space for asymmetric crypto xforms in the private data space of the
+ * crypto operation. This also defaults the crypto xform type to
+ * RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED and configures the chaining of the xforms
+ * in the crypto operation
+ *
+ * @return
+ * - On success returns pointer to first crypto xform in crypto operations chain
+ * - On failure returns NULL
+ */
+static inline struct rte_crypto_asym_xform *
+__rte_crypto_asym_op_asym_xforms_alloc(struct rte_crypto_asym_op *asym_op,
+ void *priv_data, uint8_t nb_xforms)
+{
+ struct rte_crypto_asym_xform *xform;
+
+ asym_op->xform = xform = (struct rte_crypto_asym_xform *)priv_data;
+
+ do {
+ xform->type = RTE_CRYPTO_ASYM_XFORM_NOT_SPECIFIED;
+ xform = xform->next = --nb_xforms > 0 ? xform + 1 : NULL;
+ } while (xform);
+
+ return asym_op->xform;
+}
+
+
+/**
+ * Attach a session to an asymmetric crypto operation
+ *
+ * @param asym_op crypto operation
+ * @param sess cryptodev session
+ */
+static inline int
+__rte_crypto_asym_op_attach_asym_session(struct rte_crypto_asym_op *asym_op,
+ struct rte_cryptodev_asym_session *sess)
+{
+ asym_op->session = sess;
+ asym_op->sess_type = RTE_CRYPTO_ASYM_OP_WITH_SESSION;
+
+ return 0;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _RTE_CRYPTO_ASYM_H_ */