[v8,1/3] cryptodev: add ec points to sm2 op
Checks
Commit Message
In the case when PMD cannot support the full process of the SM2,
but elliptic curve computation only, additional fields
are needed to handle such a case.
Points C1, kP therefore were added to the SM2 crypto operation struct.
Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
---
doc/guides/rel_notes/release_24_11.rst | 3 ++
lib/cryptodev/rte_crypto_asym.h | 56 +++++++++++++++++++-------
2 files changed, 45 insertions(+), 14 deletions(-)
Comments
> In the case when PMD cannot support the full process of the SM2,
> but elliptic curve computation only, additional fields
> are needed to handle such a case.
>
> Points C1, kP therefore were added to the SM2 crypto operation struct.
>
> Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> ---
Please rebase. CI failed to apply patch.
Please be proactive to fix CI issues if reported.
> doc/guides/rel_notes/release_24_11.rst | 3 ++
> lib/cryptodev/rte_crypto_asym.h | 56 +++++++++++++++++++-------
> 2 files changed, 45 insertions(+), 14 deletions(-)
>
> diff --git a/doc/guides/rel_notes/release_24_11.rst
> b/doc/guides/rel_notes/release_24_11.rst
> index 53a5ffebe5..ee9e2cea3c 100644
> --- a/doc/guides/rel_notes/release_24_11.rst
> +++ b/doc/guides/rel_notes/release_24_11.rst
> @@ -413,6 +413,9 @@ ABI Changes
> added new structure ``rte_node_xstats`` to ``rte_node_register`` and
> added ``xstat_off`` to ``rte_node``.
>
> +* cryptodev: The ``rte_crypto_sm2_op_param`` struct member to hold
> ciphertext
> + is changed to union data type. This change is to support partial SM2 calculation.
> +
>
> Known Issues
> ------------
> diff --git a/lib/cryptodev/rte_crypto_asym.h b/lib/cryptodev/rte_crypto_asym.h
> index aeb46e688e..f095cebcd0 100644
> --- a/lib/cryptodev/rte_crypto_asym.h
> +++ b/lib/cryptodev/rte_crypto_asym.h
> @@ -646,6 +646,8 @@ enum rte_crypto_sm2_op_capa {
> /**< Random number generator supported in SM2 ops. */
> RTE_CRYPTO_SM2_PH,
> /**< Prehash message before crypto op. */
> + RTE_CRYPTO_SM2_PARTIAL,
> + /**< Calculate elliptic curve points only. */
> };
>
> /**
> @@ -673,20 +675,46 @@ struct rte_crypto_sm2_op_param {
> * will be overwritten by the PMD with the decrypted length.
> */
>
> - rte_crypto_param cipher;
> - /**<
> - * Pointer to input data
> - * - to be decrypted for SM2 private decrypt.
> - *
> - * Pointer to output data
> - * - for SM2 public encrypt.
> - * In this case the underlying array should have been allocated
> - * with enough memory to hold ciphertext output (at least X bytes
> - * for prime field curve of N bytes and for message M bytes,
> - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> - * be overwritten by the PMD with the encrypted length.
> - */
> + union {
> + rte_crypto_param cipher;
> + /**<
> + * Pointer to input data
> + * - to be decrypted for SM2 private decrypt.
> + *
> + * Pointer to output data
> + * - for SM2 public encrypt.
> + * In this case the underlying array should have been allocated
> + * with enough memory to hold ciphertext output (at least X
> bytes
> + * for prime field curve of N bytes and for message M bytes,
> + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> as
> + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> + * be overwritten by the PMD with the encrypted length.
> + */
> + struct {
> + struct rte_crypto_ec_point c1;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * In the case of encryption, it is an output - point C1 =
> (x1,y1).
> + * In the case of decryption, if is an input - point C1 =
> (x1,y1).
> + *
> + * Must be used along with the
> RTE_CRYPTO_SM2_PARTIAL flag.
> + */
> + struct rte_crypto_ec_point kp;
> + /**<
> + * This field is used only when PMD does not support the
> full
> + * process of the SM2 encryption/decryption, but the
> elliptic
> + * curve part only.
> + *
> + * It is an output in the encryption case, it is a point
> + * [k]P = (x2,y2).
> + *
> + * Must be used along with the
> RTE_CRYPTO_SM2_PARTIAL flag.
> + */
> + };
> + };
>
> rte_crypto_uint id;
> /**< The SM2 id used by signer and verifier. */
> --
> 2.34.1
Hi Akhil,
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, November 6, 2024 11:09 AM
> To: Kusztal, ArkadiuszX <arkadiuszx.kusztal@intel.com>; dev@dpdk.org
> Cc: Dooley, Brian <brian.dooley@intel.com>
> Subject: RE: [EXTERNAL] [PATCH v8 1/3] cryptodev: add ec points to sm2 op
>
> > In the case when PMD cannot support the full process of the SM2, but
> > elliptic curve computation only, additional fields are needed to
> > handle such a case.
> >
> > Points C1, kP therefore were added to the SM2 crypto operation struct.
> >
> > Signed-off-by: Arkadiusz Kusztal <arkadiuszx.kusztal@intel.com>
> > ---
>
> Please rebase. CI failed to apply patch.
> Please be proactive to fix CI issues if reported.
I have deferred the whole patchset, no further action is necessary.
>
> > doc/guides/rel_notes/release_24_11.rst | 3 ++
> > lib/cryptodev/rte_crypto_asym.h | 56 +++++++++++++++++++-------
> > 2 files changed, 45 insertions(+), 14 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_24_11.rst
> > b/doc/guides/rel_notes/release_24_11.rst
> > index 53a5ffebe5..ee9e2cea3c 100644
> > --- a/doc/guides/rel_notes/release_24_11.rst
> > +++ b/doc/guides/rel_notes/release_24_11.rst
> > @@ -413,6 +413,9 @@ ABI Changes
> > added new structure ``rte_node_xstats`` to ``rte_node_register`` and
> > added ``xstat_off`` to ``rte_node``.
> >
> > +* cryptodev: The ``rte_crypto_sm2_op_param`` struct member to hold
> > ciphertext
> > + is changed to union data type. This change is to support partial SM2
> calculation.
> > +
> >
> > Known Issues
> > ------------
> > diff --git a/lib/cryptodev/rte_crypto_asym.h
> > b/lib/cryptodev/rte_crypto_asym.h index aeb46e688e..f095cebcd0 100644
> > --- a/lib/cryptodev/rte_crypto_asym.h
> > +++ b/lib/cryptodev/rte_crypto_asym.h
> > @@ -646,6 +646,8 @@ enum rte_crypto_sm2_op_capa {
> > /**< Random number generator supported in SM2 ops. */
> > RTE_CRYPTO_SM2_PH,
> > /**< Prehash message before crypto op. */
> > + RTE_CRYPTO_SM2_PARTIAL,
> > + /**< Calculate elliptic curve points only. */
> > };
> >
> > /**
> > @@ -673,20 +675,46 @@ struct rte_crypto_sm2_op_param {
> > * will be overwritten by the PMD with the decrypted length.
> > */
> >
> > - rte_crypto_param cipher;
> > - /**<
> > - * Pointer to input data
> > - * - to be decrypted for SM2 private decrypt.
> > - *
> > - * Pointer to output data
> > - * - for SM2 public encrypt.
> > - * In this case the underlying array should have been allocated
> > - * with enough memory to hold ciphertext output (at least X bytes
> > - * for prime field curve of N bytes and for message M bytes,
> > - * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
> > - * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > - * be overwritten by the PMD with the encrypted length.
> > - */
> > + union {
> > + rte_crypto_param cipher;
> > + /**<
> > + * Pointer to input data
> > + * - to be decrypted for SM2 private decrypt.
> > + *
> > + * Pointer to output data
> > + * - for SM2 public encrypt.
> > + * In this case the underlying array should have been allocated
> > + * with enough memory to hold ciphertext output (at least X
> > bytes
> > + * for prime field curve of N bytes and for message M bytes,
> > + * where X = (C1 || C2 || C3) and computed based on SM2 RFC
> > as
> > + * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
> > + * be overwritten by the PMD with the encrypted length.
> > + */
> > + struct {
> > + struct rte_crypto_ec_point c1;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * In the case of encryption, it is an output - point C1 =
> > (x1,y1).
> > + * In the case of decryption, if is an input - point C1 =
> > (x1,y1).
> > + *
> > + * Must be used along with the
> > RTE_CRYPTO_SM2_PARTIAL flag.
> > + */
> > + struct rte_crypto_ec_point kp;
> > + /**<
> > + * This field is used only when PMD does not support
> the
> > full
> > + * process of the SM2 encryption/decryption, but the
> > elliptic
> > + * curve part only.
> > + *
> > + * It is an output in the encryption case, it is a point
> > + * [k]P = (x2,y2).
> > + *
> > + * Must be used along with the
> > RTE_CRYPTO_SM2_PARTIAL flag.
> > + */
> > + };
> > + };
> >
> > rte_crypto_uint id;
> > /**< The SM2 id used by signer and verifier. */
> > --
> > 2.34.1
@@ -413,6 +413,9 @@ ABI Changes
added new structure ``rte_node_xstats`` to ``rte_node_register`` and
added ``xstat_off`` to ``rte_node``.
+* cryptodev: The ``rte_crypto_sm2_op_param`` struct member to hold ciphertext
+ is changed to union data type. This change is to support partial SM2 calculation.
+
Known Issues
------------
@@ -646,6 +646,8 @@ enum rte_crypto_sm2_op_capa {
/**< Random number generator supported in SM2 ops. */
RTE_CRYPTO_SM2_PH,
/**< Prehash message before crypto op. */
+ RTE_CRYPTO_SM2_PARTIAL,
+ /**< Calculate elliptic curve points only. */
};
/**
@@ -673,20 +675,46 @@ struct rte_crypto_sm2_op_param {
* will be overwritten by the PMD with the decrypted length.
*/
- rte_crypto_param cipher;
- /**<
- * Pointer to input data
- * - to be decrypted for SM2 private decrypt.
- *
- * Pointer to output data
- * - for SM2 public encrypt.
- * In this case the underlying array should have been allocated
- * with enough memory to hold ciphertext output (at least X bytes
- * for prime field curve of N bytes and for message M bytes,
- * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
- * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
- * be overwritten by the PMD with the encrypted length.
- */
+ union {
+ rte_crypto_param cipher;
+ /**<
+ * Pointer to input data
+ * - to be decrypted for SM2 private decrypt.
+ *
+ * Pointer to output data
+ * - for SM2 public encrypt.
+ * In this case the underlying array should have been allocated
+ * with enough memory to hold ciphertext output (at least X bytes
+ * for prime field curve of N bytes and for message M bytes,
+ * where X = (C1 || C2 || C3) and computed based on SM2 RFC as
+ * C1 (1 + N + N), C2 = M, C3 = N. The cipher.length field will
+ * be overwritten by the PMD with the encrypted length.
+ */
+ struct {
+ struct rte_crypto_ec_point c1;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * In the case of encryption, it is an output - point C1 = (x1,y1).
+ * In the case of decryption, if is an input - point C1 = (x1,y1).
+ *
+ * Must be used along with the RTE_CRYPTO_SM2_PARTIAL flag.
+ */
+ struct rte_crypto_ec_point kp;
+ /**<
+ * This field is used only when PMD does not support the full
+ * process of the SM2 encryption/decryption, but the elliptic
+ * curve part only.
+ *
+ * It is an output in the encryption case, it is a point
+ * [k]P = (x2,y2).
+ *
+ * Must be used along with the RTE_CRYPTO_SM2_PARTIAL flag.
+ */
+ };
+ };
rte_crypto_uint id;
/**< The SM2 id used by signer and verifier. */